HTML Purifier 4.6.0 is a major security release, fixing numerous bad quadratic asymptotics in HTML Purifier's core algorithms. Most users will see a decent speedup on large inputs, although small inputs may take longer. Additionally, the secure URI munging algorithm has changed to do a proper HMAC. There are some other miscellaneous bugfixes as well.
See NEWS for a complete changelog. If you were using the secure URI munge hashing, you will need to update your redirector scripts. Additionally, %Core.EscapeInvalidChildren no longer does anything.