[merge-train skip]

[ci skip]

Prepare 16.10.5 release for gitlab-jh

See merge request gitlab-cn/gitlab!2451

[merge-train skip]

[ci skip]

[ci skip]

Update GITHUB_MEDIA_CDN to avoid SSRF when importing from Github

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4012



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Aaron Huntsman <ahuntsman@gitlab.com>
Co-authored-by: Ivane Gkomarteli <igkomarteli@gitlab.com>

Merge branch 'security-github-media-cdn-ssrf-16-10' into '16-10-stable-ee'

See merge request gitlab-org/security/gitlab!4012

Changelog: security

Merge branch 'security-fix-namespace-banned-user-sees-proj-confidential-issue-updates-16-10' into '16-10-stable-ee'

Prevent namespace banned users from reading project todos

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3940



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Mario Celi <mcelicalderon@gitlab.com>
Co-authored-by: Eugie Limpin <elimpin@gitlab.com>

Merge branch 'security-fix-namespace-banned-user-sees-proj-confidential-issue-updates-16-10' into '16-10-stable-ee'

See merge request gitlab-org/security/gitlab!3940

Changelog: security

Merge branch 'security-unauthenticated-redos-in-gitrefsfinder-when-using-wildcards-in-branch-search-16-10' into '16-10-stable-ee'

ReDoS in GitRefsFinder when using wildcards in branch search

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3996



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Sashi Kumar Kumaresan <skumar@gitlab.com>
Co-authored-by: Javiera Tapia <jtapia@gitlab.com>

Merge branch 'security-unauthenticated-redos-in-gitrefsfinder-when-using-wildcards-in-branch-search-16-10' into '16-10-stable-ee'

See merge request gitlab-org/security/gitlab!3996

Changelog: security

ReDos in escape and commit reference filters

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3973



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Allison Browne <abrowne@gitlab.com>
Co-authored-by: Brett Walker <bwalker@gitlab.com>

Merge branch 'security-fix-escape-filters-16-10' into '16-10-stable-ee'

See merge request gitlab-org/security/gitlab!3973

Changelog: security

Validate request origin before MR approval

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4008



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Drew Blessing <drew@gitlab.com>
Co-authored-by: Sam Figueroa <sfigueroa@gitlab.com>

Merge branch 'security-sec-1060-gitlab-438686_16-10-ee-backport' into '16-10-stable-ee'

See merge request gitlab-org/security/gitlab!4008

Changelog: security

Check request size before updating user pins

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4015



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Mario Celi <mcelicalderon@gitlab.com>
Co-authored-by: Thomas Hutterer <thutterer@gitlab.com>

Merge branch 'security-pins-max-size-16-10' into '16-10-stable-ee'

See merge request gitlab-org/security/gitlab!4015

Changelog: security

Enforce per_page validation for Branches/TagsFinders

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3999



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Hunter Stewart <hustewart@gitlab.com>
Co-authored-by: Vasilii Iakliushin <viakliushin@gitlab.com>

Merge branch 'security-enforce-max_page-validation-16-10' into '16-10-stable-ee'

See merge request gitlab-org/security/gitlab!3999

Changelog: security

Update Integrations::Discord::ATTACHMENT_REGEX regex

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3987



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Luke Duncalfe <lduncalfe@gitlab.com>
Co-authored-by: George Koltsov <gkoltsov@gitlab.com>

Merge branch 'security-discord-integration-regex-16-10' into '16-10-stable-ee'

See merge request gitlab-org/security/gitlab!3987

Changelog: security

Update BaseMessage::RELATIVE_LINK_REGEX regex

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3993



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Robert May <rmay@gitlab.com>
Co-authored-by: George Koltsov <gkoltsov@gitlab.com>

Merge branch 'security-google-chat-integration-regex-16-10' into '16-10-stable-ee'

See merge request gitlab-org/security/gitlab!3993

Changelog: security

Require confirmation before linking JWT identity

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3991



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Bogdan Denkovych <bdenkovych@gitlab.com>
Co-authored-by: Drew Blessing <drew@gitlab.com>

Merge branch 'security-dblessing_jwt_confirm_id_link-16-10' into '16-10-stable-ee'

See merge request gitlab-org/security/gitlab!3991

Changelog: security

Fix confidentiality check optimization

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4003



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Stan Hu <stanhu@gmail.com>
Co-authored-by: Heinrich Lee Yu <heinrich@gitlab.com>

Merge branch 'security-1079-fix-confidentiality-check-optimization-16-10' into '16-10-stable-ee'

See merge request gitlab-org/security/gitlab!4003

Changelog: security

Cherry-pick MR 151750 into '16-10-stable-ee'

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151904



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: David Dieulivol <ddieulivol@gitlab.com>
Co-authored-by: Dat Tang <dattang@gitlab.com>

Fix passing down variables to release_environments pipeline

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151750



Merged-by: Dat Tang <dattang@gitlab.com>
Approved-by: Rémy Coutable <remy@rymai.me>


(cherry picked from commit cc2a6cbf)

ec48511c

 Fix passing down variables to release_environments pipeline

Co-authored-by: Dat Tang <dattang@gitlab.com>

Changed the email validation for only encoded chars

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151529



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Bogdan Denkovych <bdenkovych@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: smriti <sgarg@gitlab.com>

Merge branch 'release-environment-notification' into '16-10-stable-ee'

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151535



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Dat Tang <dattang@gitlab.com>

Add release environment notification

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/149268



Merged-by: Dat Tang <dattang@gitlab.com>
Approved-by: David Dieulivol <ddieulivol@gitlab.com>
Reviewed-by: Mayra Cabrera <mcabrera@gitlab.com>
Reviewed-by: David Dieulivol <ddieulivol@gitlab.com>


(cherry picked from commit b0cf85c4

)

a44f6097 Add release environment notification
0f664361 Change stage names to be start and finish to be more extendable
00055bdf Improve release environment pipeline
fd76aeec Write spec for release environment notification
1b3e181d Add delivery as feature_category to the spec
c8ed2307 Update from feedback
4c1d75c8 Update from feedback
94086cbe Fix rspec after removing checking CI_PIPELINE_ID
5ad5ad9f Add notification when QA fails
5fee001a Rename environment variables
a47f7799 Remove feature branch when calling pipeline
aa3c4ccf Update rspec for release_environment
15b63838 Fix code coverage
c427c30c Small refactors from MR review feedback
2c67b70d Fix passing VERSION variable to jobs correctly
c3d89451 Speed up downloading gitlab repo in CI jobs
8c7ddfe1 Add rspec for initialize method
43774757 Update GIT_DEPTH to 20

Co-authored-by: Dat Tang <dattang@gitlab.com>

Email validation was added earlier to stop user from entering
encoded email format. Regexp introduced earlier caused existing
email ids in system to throw errors while logging in. With this
change we are limiting the regex to only check for ecoded emails.

Changelog: fixed
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151484/

Return or display Gitlab version if GITLAB_KAS_VERSION is a SHA

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150602



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Anna Vovchenko <avovchenko@gitlab.com>
Approved-by: Hunter Stewart <hustewart@gitlab.com>
Co-authored-by: Pam Artiaga <partiaga@gitlab.com>

[merge-train skip]

[ci skip]