fixes #4457 - Session fixation, new session IDs are not generated on login (CVE-2014-0090)

(cherry picked from commit cfa4b52638173b9cf77ee1a5fd0c3a273f875209)

Conflicts:
test/functional/users_controller_test.rb

fixes #4314 - ignore default scope ordering on host search by puppet class

(cherry picked from commit a44dd0943b5ccc2c2e9a0ce264e4b2f38b5edd4d)

Conflicts:
app/models/concerns/hostext/search.rb

fixes #4268 - don't search for host with nil IP on hostname spoofing

(cherry picked from commit 1e0fd283180dc6bda30c880898cdea69cb579194)

Conflicts:
test/fixtures/hosts.yml

fixes #3519 - taxonomies include authorization module

(cherry picked from commit 14fdd9046dd3b85979bf95b4d0019e00051e35c2)

fixes #3960 - wrap APIv2 errors in an "error" node

(cherry picked from commit 0f7d219a4a65cd795eecd05117b08511d9025de2)

fixes #3920 - prevent 500 ScopedSearch errors on the API, raise UI errors correctly

(cherry picked from commit f9bc5a8e5934aac9bd8d5488f84717d33e359501)

fixes #3760 - API v2 define metadata @total for each controller

(cherry picked from commit 6f9438866488180e196ff18e1372cf0773afe7b9)

Conflicts:
foreman.spec

fixes #2231 - hostgroup deletion is restricted to hostgroups without children

(cherry picked from commit 8c68024ac619121312680ee8afc467857155e71d)

Fixes #4022: Make api puppetrun a PUT for REST standards

(cherry picked from commit bc11c17bcc66fbec3a71be920efa4de32d508ecb)

fixes #3515 - API handles not found objects with 404

(cherry picked from commit 46338cd73c542ecc3aa045b45e831434792c710e)