Log Message:
Update to 5.13

This release fixes security vulnerabilities. Sites are urged to upgrade \ 
immediately after reading the security announcement:

* SA-2008-073 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed \ 
since the 5.12 release:

* #318102 by Damien Tournoud and Dave Reid: hook_exit() not invoked for some \ 
cached requests.
* #278821 by teezee. More isset() checking.
* #293612 by egfrith, Bart Jansens: let user_authenticate() be called without \ 
cookies previously set; allows web service modules to start a session with the \ 
authentication.
* #123556 by maartenvg and dvdweide. Do not show empty user info categories.
* #294450 by blakehall. Match up DB and form max length.
* More code style removing trivial differences with 6.x.
* #195161 by mcarbone with some modifications: only show 'login to post \ 
comments' if logging in actually lets you post comments. Backport by salvis.
* - Patch #342988 by ultimateboy: fixed order of attributes in PHPdoc.
* #280934 follow up by pwolanin: harden the cookie handling in sess_regenerate() \ 
by setting our session cookie to be an HTTP only cookie, thus reducing the risk \ 
of session stealing via XSS
* #324875 by pwolanin: improve HTTP_HOST checking, ensuring that the host is \ 
lowercased and only valid characters are allowed.
* #28776 by Uwe Hermann, Morbus Iff, jvandyk: Protect *.test files and SVN \ 
metafiles from being exposed under Drupal
* #299582 by hass: Remove outdated items from robots.txt and fix ordering of \ 
items to make stuff easier to find.

http://drupal.org/node/345467