[merge-train skip]

[ci skip]

Prepare 16.11.3 release for gitlab-jh

See merge request gitlab-cn/gitlab!2476

[merge-train skip]

[ci skip]

[ci skip]

Prevent PDF.js from evaluating scripts

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4070



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Ottilia Westerlund <12746880-ottilia_westerlund@users.noreply.gitlab.com>
Co-authored-by: Lin Jen-Shin <jen-shin@gitlab.com>
Co-authored-by: Joe Woodward <j@joewoodward.me>

Merge branch 'security-5429-16-11' into '16-11-stable-ee'

See merge request gitlab-org/security/gitlab!4070

Changelog: security

Caching test_report api response to reduce calculations

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4027



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Felipe Artur <fcardozo@gitlab.com>
Co-authored-by: Max Fan <mfan@gitlab.com>

Merge branch 'security-1083-dos-test-report-api-16-11' into '16-11-stable-ee'

See merge request gitlab-org/security/gitlab!4027

Changelog: security

Restrict access to Secure artifacts to developer role

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4045



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Hunter Stewart <hustewart@gitlab.com>
Approved-by: Avielle Wolfe <awolfe@gitlab.com>
Co-authored-by: Olivier Gonzalez <52092-gonzoyumo@users.noreply.gitlab.com>
Co-authored-by: Thiago Figueiró <tfigueiro@gitlab.com>

Merge branch 'security-1090-confidential-issue-16-11' into '16-11-stable-ee'

See merge request gitlab-org/security/gitlab!4045

Changelog: security

Merge branch 'security-resolve-incorrectly-create-new-pipeline-on-mismatch-16-11' into '16-11-stable-ee'

Fail create commit status on pipeline_id / sha mismatch

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4032



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Hordur Freyr Yngvason <hfyngvason@gitlab.com>
Co-authored-by: pkanellidis <pkanellidis@gitlab.com>

Merge branch 'security-resolve-incorrectly-create-new-pipeline-on-mismatch-16-11' into '16-11-stable-ee'

See merge request gitlab-org/security/gitlab!4032

Changelog: security

Use UntrustedRegexp for gollum pattern

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4040



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Hunter Stewart <hustewart@gitlab.com>
Co-authored-by: Brett Walker <bwalker@gitlab.com>

Merge branch 'security-fix-gollum-regex-16-11' into '16-11-stable-ee'

See merge request gitlab-org/security/gitlab!4040

Changelog: security

Patch @gitlab/web-ide to fix XSS webWorkerExtensionHostIframe.html

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4056



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Greg Alfaro <galfaro@gitlab.com>
Approved-by: Enrique Alcántara <ealcantara@gitlab.com>
Co-authored-by: Paul Slaughter <pslaughter@gitlab.com>

Merge branch 'security-patch-web-ide-xss-16-11' into '16-11-stable-ee'

See merge request gitlab-org/security/gitlab!4056

Changelog: security

Add text limit to ci_runners text fields

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4036



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Dylan Griffith <dyl.griffith@gmail.com>
Co-authored-by: Pedro Pombeiro <noreply@pedro.pombei.ro>

Merge branch 'security-pedropombeiro/1088/add-text-limit-ci_runners-16-11' into '16-11-stable-ee'

See merge request gitlab-org/security/gitlab!4036

Changelog: security

Merge branch 'introduce-find-changes-variables' into 'master'

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153728



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Joe Woodward <jwoodward@gitlab.com>
Approved-by: Lin Jen-Shin <jen-shin@gitlab.com>

Introduce FIND_CHANGES_* variables

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150028



Merged-by: Peter Leitzen <pleitzen@gitlab.com>
Approved-by: Peter Leitzen <pleitzen@gitlab.com>
Reviewed-by: Peter Leitzen <pleitzen@gitlab.com>
Reviewed-by: Lin Jen-Shin <jen-shin@gitlab.com>
Co-authored-by: Lin Jen-Shin <jen-shin@gitlab.com>

(cherry picked from commit f3b1e28d)

9033c046

 Introduce FIND_CHANGES_* variables

Co-authored-by: Peter Leitzen <pleitzen@gitlab.com>

[merge-train skip]

Ensure BLPOP/BRPOP returns nil instead of raising ReadTimeoutError

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153302



Merged-by: Stan Hu <stanhu@gmail.com>
Approved-by: Sylvester Chin <schin@gitlab.com>

In https://github.com/redis/redis-rb/issues/1279, we discovered that
when using BLPOP or BRPOP `redis-rb` properly returned `nil` when
`timeout` was reached with no key present, but when connecting to
Redis Sentinels, the client raised a `ReadTimeoutTimeout` error.

This occurred because of a subtle difference in how `RedisClient`
(from `redis-rb`) and `Redis::Client` (from `redis-client`)
behaved. The former, which is used with standalone Redis, returned
`nil` because the socket read timeout was incremented to the command
timeout value (https://github.com/redis/redis-rb/pull/1175). The
latter did not have this, so the socket read timeout would get
triggered before the actual Redis timeout hit.

To make the behavior consistent, increment the configured read timeout
to the command timeout.

This commit includes the patch in
https://github.com/redis-rb/redis-client/pull/197 to fix this issue
until an official redis-client patch release can be made.

Changelog: fixed

Merge branch 'rymai-master-patch-5345' into 'master'

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153146



Merged-by: Peter Leitzen <pleitzen@gitlab.com>
Approved-by: Peter Leitzen <pleitzen@gitlab.com>
Co-authored-by: Mayra Cabrera <mcabrera@gitlab.com>

Fix the CI rules for the retag-gdk-image job

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153139



Merged-by: Peter Leitzen <pleitzen@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Peter Leitzen <pleitzen@gitlab.com>
Co-authored-by: Rémy Coutable <remy@rymai.me>

(cherry picked from commit c3810662)

6fcc9189

 Fix the CI rules for the retag-gdk-image job

Co-authored-by: Peter Leitzen <pleitzen@gitlab.com>

[16-11] Fix Sidekiq migration timeout

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/152891



Merged-by: Adam Hegyi <ahegyi@gitlab.com>
Approved-by: Adam Hegyi <ahegyi@gitlab.com>
Co-authored-by: Gregorius Marco <gmarco@gitlab.com>

Cherry pick print-out-release-environment-variables to 16.11

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/152915



Merged-by: Terri Chu <tchu@gitlab.com>
Approved-by: Terri Chu <tchu@gitlab.com>
Reviewed-by: Terri Chu <tchu@gitlab.com>
Co-authored-by: Mario Celi <mcelicalderon@gitlab.com>
Co-authored-by: Hordur Freyr Yngvason <hfyngvason@gitlab.com>

Print out release environments variables

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151543



Merged-by: Hordur Freyr Yngvason <hfyngvason@gitlab.com>
Approved-by: Graeme Gillies <ggillies@gitlab.com>
Approved-by: Hordur Freyr Yngvason <hfyngvason@gitlab.com>
Approved-by: David Dieulivol <ddieulivol@gitlab.com>
Co-authored-by: Dat Tang <dattang@gitlab.com>

For https://gitlab.com/gitlab-org/gitlab/-/issues/458743, the migration
`db/post_migrate/20240124043507_migrate_sidekiq_queued_and_future_jobs`
is timing out on Dedicated customers environment due to the migration
running in DB transaction. This migration however doesn't interact with
the DB at all, as it only migrates Sidekiq jobs to the correct queue
based on routing_rules configuration.

This fix adds `disable_ddl_transaction!` to the migration.

Changelog: fixed

Merge branch 'mw-revert-141859-remove-ff-bitbucket_server_convert_mentions_to_users-16-11' into '16-11-stable-ee' 

Revert removal of bitbucket_server_convert_mentions_to_users FF

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/152328



Merged-by: Madelein van Niekerk <mvanniekerk@gitlab.com>
Approved-by: Madelein van Niekerk <mvanniekerk@gitlab.com>
Co-authored-by: Martin Wortschack <mwortschack@gitlab.com>

[merge-train skip]

[ci skip]

Prepare 16.11.2 release for gitlab-jh

See merge request gitlab-cn/gitlab!2449