[ci skip]

[ci skip]

Fix failing specs

See merge request gitlab/gitlab-ee!854

Display only information visible to current user on Milestone detail

See merge request gitlab/gitlabhq!2917

Display only labels and assignees of issues
visible by the currently logged user
Display only issues visible to user in the burndown chart

Display the correct number of MRs a user has access to

See merge request gitlab/gitlabhq!2929

Filter impersonated sessions from active sessions and remove ability to revoke session

See merge request gitlab/gitlabhq!2981

Respect group membership lock when importing a member from another group

See merge request gitlab/gitlab-ee!830

Display only information visible to current user on Milestone detail

See merge request gitlab/gitlab-ee!834

[11.8] Ignore out of range epic IDs

See merge request gitlab/gitlab-ee!842

Merge branch 'security-add-public-internal-groups-as-members-to-your-project-idor-11-8-ee' into '11-8-stable-ee'

Add public/internal groups as members to your Project(IDOR)

See merge request gitlab/gitlab-ee!848

Obey GitLab.com group SAML enabled? setting

See merge request gitlab/gitlab-ee!852

Ensure request to link GroupSAML acount was GitLab initiated

See merge request gitlab/gitlab-ee!853

Forbid creating discussions for users with restricted access

See merge request gitlab/gitlabhq!2890

Check issue milestone availability

See merge request gitlab/gitlabhq!2904

Prevent Releases links API to leak tag existence

See merge request gitlab/gitlabhq!2908

Disable issue board policies when issues are disabled

See merge request gitlab/gitlabhq!2910

Show only MRs visible to user on milestone detail

See merge request gitlab/gitlabhq!2923

Don't allow non-members to see private related MRs

See merge request gitlab/gitlabhq!2930

Validate session key when authorizing with GCP to create a cluster

See merge request gitlab/gitlabhq!2934

Fix git clone revealing private repo's presence

See merge request gitlab/gitlabhq!2938

Check snippet attached file to be moved is within designated directory

See merge request gitlab/gitlabhq!2941

Fix blind SSRF in Prometheus Integration

See merge request gitlab/gitlabhq!2944

Check validity before querying so that if the dns entry for the api_url
has been changed to something invalid after the model was saved and
checked for validity, it will not query. This is to solve a toctou
(time of check to time of use) issue.

Fix leaking private repository information in API

See merge request gitlab/gitlabhq!2948

Arbitrary file read via MergeRequestDiff

See merge request gitlab/gitlabhq!2951

Remove link after issue move when no permissions

See merge request gitlab/gitlabhq!2955

Block local URLs for Kubernetes integration

See merge request gitlab/gitlabhq!2959

Merge branch 'security-add-public-internal-groups-as-members-to-your-project-idor-11-8' into '11-8-stable'

Add public/internal groups as members to your Project(IDOR)

See merge request gitlab/gitlabhq!2962

Stop linking to unrecognized package sources

See merge request gitlab/gitlabhq!2969

[11.8] Prevent disclosing project milestone titles

See merge request gitlab/gitlabhq!2973

Limit number of characters allowed in mermaidjs

See merge request gitlab/gitlabhq!2978

Session ID is used as a parameter for the revoke session endpoint but it
should never be included in the HTML as an attacker could obtain it via
XSS.