captcha 6.x-2.3-rc1

Why is this release a RC (release candidate)?

This release includes the fix for an important bug (#810534: Fix CAPTCHA session reuse), which made it possible to reuse CAPTCHA sessions and lowered the barrier to entry for spam bots. The fix is a rather big change, including a database change, so do not forget to run the update.php script.
Because the change is rather big, I wanted to be sure the fix didn't break a lot of other things. In the first place, I provided simpletest coverage for the bug, albeit limited to the CAPTCHA protection of some Drupal core forms (login form, comment form and node form). However, I wanted also some manual testing on real world sites and use cases, but I got only one (positive) response in #810534: Fix CAPTCHA session reuse.
To avoid that the lack of manual testing would block the commit of the fix, I decided to commit it and release the fixed version as a release candidate for 6-x.2.3. This way there is more real world testing, while still making it clear that the release could still have some issues. If you want stability and don't trust release candidate: stay at CAPTCHA 6.x-2.2. On the other hand, in terms of simple test coverage, CAPTCHA 6.x-2.3-RC1 could be considered more stable than CAPTCHA 6.x-2.2 as the coverage has increased.

Important changes since DRUPAL-6--2-2:

• #810534: fixed CAPTCHA session reuse hack
• #773124: added a new persistence level to always add a challenge, even on multi-step/preview form workflows

Minor bug fixes and tweaks

• More simpletest coverage
• #704110: (follow up) patch by behnas, DamienMcKenna and soxofaan: image_captcha install requirements check did not work when used from installation profile
• #800846 patch by marty: moved captcha_requirements() from captcha.module to captcha.install