[ci skip]

Fix a JS race in a spec

Closes #56860

See merge request gitlab-org/gitlab-ce!24684

(cherry picked from commit b5e10cd3)

[11.7] Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs

See merge request gitlab/gitlabhq!2828

(cherry picked from commit a38c1f3567a2c89eeb82dc79ca9f0bf620acbb5a)

1c1b45da Add `sanitize_name` helper to sanitize URLs in user full name
aa974e9a Use `sanitize_name` to sanitize URL in user full name
0a09919e Add changelog entry

[11.7] Resolve "Removing a user from a private group doesn't remove them from group's project, if their project's role was changed"

See merge request gitlab/gitlabhq!2867

(cherry picked from commit 26937476710811845c7818e987cd016c43c66d1e)

0eef2f34 Add subresources removal to member destroy service

[11.7] Disable git v2 protocol temporarily

See merge request gitlab/gitlabhq!2859

(cherry picked from commit f20f2b452fe91849645249044a9b3d3e381697a2)

49ebf1a3 Allow Gitaly to be built from a custom URL
0cab1a90 Disable git v2 protocol temporarily

[11.7] Resolve "[Security] Stored XSS via KaTeX"

See merge request gitlab/gitlabhq!2820

(cherry picked from commit 53d5ce14f5b08a9733b8041b768ace2d1ec04d47)

63d8d0de 11.7 backport of fix for XSS in KaTex Links
699d42e4 Merge branch 'security-11-7' of https://dev.gitlab.org/gitlab/gitlabhq into...

[11.7] Alias GitHub and BitBucket OAuth2 callback URLs

See merge request gitlab/gitlabhq!2845

(cherry picked from commit 7d3c6d8ba58e0e9875fdd2dfbe7690ddc50fad81)

9ec0072d Alias GitHub and BitBucket OAuth2 callback URLs

[11.7] Security fix user email tag push leak

See merge request gitlab/gitlabhq!2809

(cherry picked from commit f59786036d65a881370073d55f8ab531405d3093)

cbfa6282 Prefer build() rather than create()
d34ea609 Fix private user email being visible in tag webhooks

[11.7] Fix error disclosure on Project Import

See merge request gitlab/gitlabhq!2763

(cherry picked from commit 290faddb699a81b4d6fea415d712081a021f050b)

c76d91ea Fix path disclosure on Project Import

[11.7] Contributed projects info is still visible even user enable private profile

See merge request gitlab/gitlabhq!2764

(cherry picked from commit 8bc7243251f23a9e4e12b49eb47f5c3e81ebe5eb)

912627a5 Fix contributed projects finder shown private info

[11.7] Fix Imported Project Retains Prior Visibility Setting

See merge request gitlab/gitlabhq!2854

(cherry picked from commit b1463fb9d098d8064111a0dc896d52f9217c217b)

4ff58136 Fix tree restorer visibility level

[11.7] Sent notification only to authorized users

See merge request gitlab/gitlabhq!2856

(cherry picked from commit 578b8f124aa3edc2e3d2b937b5f9e842aec6eaef)

e9f82b57 Sent notification only to authorized users

[11.7] GitLab vulnerable to IDN homograph attacks and RTLO attacks

See merge request gitlab/gitlabhq!2821

[11.7] Do not expose trigger token when user should not see it

See merge request gitlab/gitlabhq!2855

(cherry picked from commit 17ce10bc58a06e202d2194dc64ec132a1f6305bc)

74b4bb38 Do not expose trigger token when user should not see it

[11.7] Fix DoS in reference extraction regexes

See merge request gitlab/gitlabhq!2777

(cherry picked from commit f6d9535085c5d155545865e3443dd96b5d6ecc5a)

cfa6bf24 Fix slow project reference pattern regex

[11.7] Don't process MR refs for guests in the notes

See merge request gitlab/gitlabhq!2780

(cherry picked from commit f97d526d0837476eccbf6178bfebf1ed01c652eb)

e9793936 Don't process MR refs for guests in the notes

[11.7] Fix access to internal wiki when external wiki is enabled

See merge request gitlab/gitlabhq!2800

(cherry picked from commit 0779e55ae65f18aa1f60fa042f5ba38f51a58c9e)

2801e1db Fixed bug when external wiki is enabled

[11.7] Pipelines section is available to unauthorized users

See merge request gitlab/gitlabhq!2804

(cherry picked from commit 2bf899ed3a5306bb934507dc0584fd3d26f490bc)

627c00da Backport security fix
4c369519 Add CHANGELOG entry

[11.7] Use common error for not logged in users when creating issues

See merge request gitlab/gitlabhq!2811

(cherry picked from commit f51985622240a3ea84b122a01c0fdb20c4320443)

8179795d Use common error for unauthenticated users

[11.7] Group Guests are no longer able to see merge requests

See merge request gitlab/gitlabhq!2814

(cherry picked from commit 190167d542fab9bfe8d41b6f87f5be4fbeb699f7)

fe6504ed Group Guests are no longer able to see merge requests

[11.7] LFS object forgery in project import

See merge request gitlab/gitlabhq!2817

(cherry picked from commit d618b5b493d9c8d5e50a4e98f0f3f9bd590db9dc)

5aeac80a Added validations to prevent LFS object forgery

[11.7] Fix discussion replies permissions check

See merge request gitlab/gitlabhq!2824

(cherry picked from commit 9b4e7708495abe1fc3d8dc7f8ab41cc86206fff4)

d845ca7d Prevent comments by email when issue is locked

[11.7] Stop showing ci for guest users

See merge request gitlab/gitlabhq!2832

(cherry picked from commit a40c184fb36be7c61fc3ad643fa89b0097106304)

566b58d1 Stop showing ci for guest users

[11.7] Security extract pages with rubyzip

See merge request gitlab/gitlabhq!2833

(cherry picked from commit 043aa20e5c2e6bd51fea2184ed91d3aea950dc1a)

1aaec24c Extract GitLab Pages using RubyZip

[11.7] Revoke award_emoji permissions for confidential issues

See merge request gitlab/gitlabhq!2849

(cherry picked from commit 0ead6f886e437d3a99c22e0adf85f768d8293cad)

0be8c4c9 Prevent award_emoji to notes not visible to user

[11.7] Verify that LFS upload requests are genuine

See merge request gitlab/gitlabhq!2862

(cherry picked from commit 54f089a47ef1706edc809ac90cbd6ef889de4e5e)

006f5e6b Verify that LFS upload requests are genuine

[ci skip]

Such as those with IDN homographs or embedded
right-to-left (RTLO) characters.

Autolinked hrefs should be escaped

Prepare 11.7.0-rc7 release

See merge request gitlab-org/gitlab-ce!24442

Fix runner eternal loop when update job result

Closes #56518

See merge request gitlab-org/gitlab-ce!24481

(cherry picked from commit 20de391b)

91c1dc57 Fix runner eternal loop when update job result

Remove import_issues_csv feature flag

See merge request gitlab-org/gitlab-ce!24324

(cherry picked from commit f598daf2)

993cff04 Remove import_issues_csv feature flag

Add script to revoke personal access tokens

See merge request gitlab-org/gitlab-ce!24318

(cherry picked from commit 66c1141c)

88189d31 Add script to revoke personal access tokens
ffb17a3b Use qa element with wait
7643a872 Created some more qa elements

[QA] Retrieve the current user name and email

Closes gitlab-org/quality/staging#25

See merge request gitlab-org/gitlab-ce!24298

(cherry picked from commit 9b9b9b91)

f48f9460 [QA] Retrieve the current user name and email

Only send one notification for failed remote mirror

Closes #56222

See merge request gitlab-org/gitlab-ce!24381

(cherry picked from commit 9cd5c5f5)

6fbbd4ab Only send one notification for failed remote mirror

Pick "Sentry MVC" in 11.7

See merge request gitlab-org/gitlab-ce!24342

Upgrade to gitaly 1.12.1

See merge request gitlab-org/gitlab-ce!24361

Refactor the API OAuth docs

See merge request gitlab-org/gitlab-ce!24295

[ci skip]