[merge-train skip]

[ci skip]

[ci skip]

Fix CI component input Regexp

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3856



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Avielle Wolfe <awolfe@gitlab.com>
Co-authored-by: Furkan Ayhan <furkanayhn@gmail.com>

Merge branch 'security-1039-433147-inputs-regexp-dos-16-6' into '16-6-stable-ee'

See merge request gitlab-org/security/gitlab!3856

Changelog: security

Merge branch 'security-435500-project-maintainers-can-bypass-block-branch-modification-policies-16-6' into '16-6-stable-ee'

Make scan result policies block renaming branches

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3840



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Sashi Kumar Kumaresan <skumar@gitlab.com>
Co-authored-by: Dominic Bauer <dbauer@gitlab.com>

Merge branch 'security-435500-project-maintainers-can-bypass-block-branch-modification-policies-16-6' into '16-6-stable-ee'

See merge request gitlab-org/security/gitlab!3840

Changelog: security

Merge branch 'security-fix-resource-exhaustion-in-vulnerability-count-by-day-16-6' into '16-6-stable-ee'

Limit vulnerabilitiesCountByDay date range to 1 year

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3831



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Tetiana Chupryna <tchupryna@gitlab.com>
Co-authored-by: Brian Williams <bwilliams@gitlab.com>

Merge branch 'security-fix-resource-exhaustion-in-vulnerability-count-by-day-16-6' into '16-6-stable-ee'

See merge request gitlab-org/security/gitlab!3831

Changelog: security

Backport: Update GDK base build image

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/143579



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Rémy Coutable <remy@rymai.me>

[merge-train skip]

[ci skip]

[ci skip]

Devfile parser arbitrary file write

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3801



Merged-by: Vladimir Glafirov <vglafirov@gitlab.com>
Approved-by: Alper Akgun <aakgun@gitlab.com>
Co-authored-by: Vishal Tak <vtak@gitlab.com>

Merge branch 'security-devfile-parser-16-6' into '16-6-stable-ee'

See merge request gitlab-org/security/gitlab!3801

Changelog: security

Use public email in tags atom feed

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3804



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Patrick Cyiza <jpcyiza@gitlab.com>
Co-authored-by: Robert May <rmay@gitlab.com>

Merge branch 'security-428441-16-6' into '16-6-stable-ee'

See merge request gitlab-org/security/gitlab!3804

Changelog: security

Fix improper username sanitization

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3786



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Imre Farkas <ifarkas@gitlab.com>
Co-authored-by: agius <andrew@atevans.com>

Merge branch 'security-430236-username-html-injection-16-6' into '16-6-stable-ee'

See merge request gitlab-org/security/gitlab!3786

Changelog: security

Escape user input before building regex for linker

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3789



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Rutger Wessels <rwessels@gitlab.com>
Co-authored-by: j.seto <jseto@gitlab.com>

Merge branch 'security-1019-redos-cargo-toml-16-6' into '16-6-stable-ee'

See merge request gitlab-org/security/gitlab!3789

Changelog: security

Do not allow non-team member to set MR assignees/reviewers

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3793



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Suraj Tripathi <stripathi@gitlab.com>
Co-authored-by: Patrick Bajao <ebajao@gitlab.com>

Merge branch 'security-non-member-mr-assignees-reviewers-16-6' into '16-6-stable-ee'

See merge request gitlab-org/security/gitlab!3793

Changelog: security

Backport - Bring legacy verification behavior back for repositories

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/141412



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Michael Kozono <mkozono@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Douglas Barbosa Alexandre <dbalexandre@gmail.com>

Backport: Move release-environments pipeline to be sourced from master

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/141821



Merged-by: Graeme Gillies <ggillies@gitlab.com>
Approved-by: Jenny Kim <yjeankim@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>

Part of https://gitlab.com/gitlab-com/gl-infra/delivery/-/issues/19905

In order to make development of release-environments easier by reducing
backports and skew of code across stable branches, we want to make it
so regardless of GitLab version being deployed to a release-environment,
we are always using the child-pipeline setup from master.

This means we can can make changes to the pipeline setup on `master`,
and it will take effect across all stable branches.

[merge-train skip]

[ci skip]

[ci skip]

Make chat_names table migration idempotent

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/141705



Merged-by: Stan Hu <stanhu@gmail.com>
Approved-by: Brian Williams <bwilliams@gitlab.com>

GitLab 16.5.6, 16.6.4, and 16.7.2 added a migration that added columns
`chat_names.encrypted_token` and
`chat_names.encrypted_token_iv`. Unfortunately, the migration was
added as different filenames. As a result, if users upgrade to 16.5.6
or 16.6.4 first, they'll already have those columns, and the next
upgrade to 16.7.2 will fail.

To prevent an upgrade failure, we need to make the migration
idempotent so that it can be applied again without issues.

For reference, these are the filenames that are used in different
versions:

* 16.8 - db/migrate/20231123160255_add_token_to_chat_names.rb
* 16.7 - db/migrate/20231219120134_add_token_to_chat_names.rb
* 16.6 - db/migrate/20231215135014_add_token_to_chat_names.rb
* 16.5 - db/migrate/20231215145632_add_token_to_chat_names.rb

Relates to https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8371

[merge-train skip]

[ci skip]

[ci skip]

Consider older commits when resetting codeowner approvals

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3765



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Ash McKenzie <amckenzie@gitlab.com>
Approved-by: Kerri Miller <kerrizor@kerrizor.com>
Co-authored-by: j.seto <jseto@gitlab.com>

Merge branch 'security-424398-reset-codeowner-approval-16-6' into '16-6-stable-ee'

See merge request gitlab-org/security/gitlab!3765

Changelog: security