[merge-train skip]

[ci skip]

[ci skip]

Merge branch 'security-364266-user-primary-email-leakage-from-group-event-webhook-15-3' into '15-3-stable-ee'

Redact user's private email in group member event webhook

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2794



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Doug Stull <dstull@gitlab.com>
Co-authored-by: Mansoor Khan <makhan@gitlab.com>

Merge branch 'security-364266-user-primary-email-leakage-from-group-event-webhook-15-3' into '15-3-stable-ee'

See merge request gitlab-org/security/gitlab!2794

Changelog: security

Redact secrets from WebHookLogs

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2737



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Peter Leitzen <pleitzen@gitlab.com>
Approved-by: charlie ablett <cablett@gitlab.com>
Co-authored-by: bmarjanovic <bmarjanovic@gitlab.com>

Merge branch 'security-integration-web-hook-logs-leaking-secrets-15-3' into '15-3-stable-ee'

See merge request gitlab-org/security/gitlab!2737

Changelog: security

Forbid creating a tag using default branch name

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2799



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Alex Pooley <apooley@gitlab.com>
Co-authored-by: Igor Drozdov <idrozdov@gitlab.com>

Merge branch 'security-ambiguous-refs-15-3' into '15-3-stable-ee'

See merge request gitlab-org/security/gitlab!2799

Changelog: security

Sanitize Url and check for valid numerical errorId in error tracking

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2785



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Ezekiel Kigbo <3397881-ekigbo@users.noreply.gitlab.com>
Approved-by: Terri Chu <tchu@gitlab.com>
Co-authored-by: Ankit Panchal <apanchal@gitlab.com>
Co-authored-by: Peter Leitzen <pleitzen@gitlab.com>

Merge branch 'security-sanitize-url-error-tracking-stable-15-3-ee' into '15-3-stable-ee'

See merge request gitlab-org/security/gitlab!2785

Changelog: security

Add security protection for Github

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2802



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Aleksei Lipniagov <alipniagov@gitlab.com>
Co-authored-by: bmarjanovic <bmarjanovic@gitlab.com>

Merge branch 'security-protect-github-integration-secrets-15-3' into '15-3-stable-ee'

See merge request gitlab-org/security/gitlab!2802

Changelog: security

Fix leaking emails in WebHookLogs

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2807



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Albert Salim <asalim@gitlab.com>
Co-authored-by: bmarjanovic <bmarjanovic@gitlab.com>

Merge branch 'security-integrations-webhook-logs-redaction-15-3' into '15-3-stable-ee'

See merge request gitlab-org/security/gitlab!2807

Changelog: security

Restrict max duration to 1 year for trace display

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2815



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Marius Bobin <mbobin@gitlab.com>
Co-authored-by: Tian Chen <me@tian.im>

Merge branch 'security-to-fix-duration-in-build-trace-15-3' into '15-3-stable-ee'

See merge request gitlab-org/security/gitlab!2815

Changelog: security

Use UntrustedRegexp for upload rewriter

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2791



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Mark Chao <mchao@gitlab.com>
Co-authored-by: Brett Walker <bwalker@gitlab.com>

Merge branch 'security-bw-pathological-clone-15-3' into '15-3-stable-ee'

See merge request gitlab-org/security/gitlab!2791

Changelog: security

Merge branch 'security-patch-bulk_import_project-httpUrlToRepo-validation-15-3' into '15-3-stable-ee'

Validate httpUrlToRepo to be http or https only

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2760



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Shinya Maeda <shinya@gitlab.com>
Co-authored-by: charlie ablett <cablett@gitlab.com>
Co-authored-by: Thong Kuah <tkuah@gitlab.com>

Merge branch 'security-patch-bulk_import_project-httpUrlToRepo-validation-15-3' into '15-3-stable-ee'

See merge request gitlab-org/security/gitlab!2760

Changelog: security

Respect instance level rule for editing approval rules

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2782



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Kamil Trzciński <ayufan@ayufan.eu>
Co-authored-by: Patrick Bajao <ebajao@gitlab.com>

Merge branch 'security-pb-modify-approval-rules-enforcement-15-3' into '15-3-stable-ee'

See merge request gitlab-org/security/gitlab!2782

Changelog: security

Prevent users creating issues in ay project via board/issues controller

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2780



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Heinrich Lee Yu <heinrich@gitlab.com>
Co-authored-by: Mario Celi <mcelicalderon@gitlab.com>

Merge branch 'security-372149-reject-project-params-project-service-15-3' into '15-3-stable-ee'

See merge request gitlab-org/security/gitlab!2780

Changelog: security

Prevent serialization of sensible attributes from JsonCache

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2771



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Kevin Morrison <kmorrison@gitlab.com>
Co-authored-by: jbobadilla-ext <jbobadilla-ext@gitlab.com>

Merge branch 'security-354299-remove-geo-methods-json-cache-15-3' into '15-3-stable-ee'

See merge request gitlab-org/security/gitlab!2771

Changelog: security

Update TodoPolicy to handle confidential notes

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2748



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Heinrich Lee Yu <heinrich@gitlab.com>
Co-authored-by: Eugenia Grieff <egrieff@gitlab.com>

Merge branch 'security-fix-todo-policy-can-read-note-15-3' into '15-3-stable-ee'

See merge request gitlab-org/security/gitlab!2748

Changelog: security

Enforce group IP restriction on Dependency Proxy

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2764



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Rémy Coutable <remy@rymai.me>
Co-authored-by: Steve Abrams <sabrams@gitlab.com>

Merge branch 'security-ip-restricted-dependency-proxy-15-3' into '15-3-stable-ee'

See merge request gitlab-org/security/gitlab!2764

Changelog: security

Fixes XSS in widget extensions

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2759



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Kushal Pandya <kushalspandya@gmail.com>
Co-authored-by: Phil Hughes <me@iamphill.com>

Merge branch 'security-status-checks-xss-15-3' into '15-3-stable-ee'

See merge request gitlab-org/security/gitlab!2759

Changelog: security

[merge-train skip]

[ci skip]

[ci skip]

Merge branch '371397-geo-invalid-deletion-on-secondary-when-managed-object-replication-is-disabled-backport-15-3' into '15-3-stable-ee'

Geo: Do not delete object stored files when not GitLab managed

See merge request gitlab-org/gitlab!96556

Changelog: fixed
EE: true

Prepare 15.3.3-ee release

See merge request gitlab-org/gitlab!96654

See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/95974

Changelog: fixed
EE: true