SPECTRE mitigations have been added to SM Jit code. These are essentially useless for us, as SPECTRE isn't an attack pattern we are susceptible to (plausible exception: config stuff ? I really doubt it's possible to use spectre to get private data from 0 A.D.).
Turning these off is an absurd speedup, on the order of 50% faster JS code in some parts of Combat-Demo-Huge. This is essentially a free 10-20% speedup overall. The main cause is that all jit->C++ calls are 'fenced', which was very slow, and we do a lot of these through QueryInterface (this is particularly true on that map, but i ngeneral as well).
(haven't checked if those APIs are in SM92, so this might fail).