[ci skip]

[ci skip]

Update Workhorse and Gitaly to fix a security issue

See merge request gitlab/gitlabhq!3499

Escape namespace in label references

Closes #2941

See merge request gitlab/gitlabhq!3509

Use Gitlab::HTTP for all chat notifications

See merge request gitlab/gitlabhq!3517

GitLab stores AWS, Slack, Askimet, reCaptcha tokens in plaintext

See merge request gitlab/gitlabhq!3518

Prevent guests from seeing commits for cycle analytics

See merge request gitlab/gitlabhq!3519

Fix private comment Elasticsearch leak

See merge request gitlab/gitlabhq!3521

Hide AWS secret on Admin Integration page

See merge request gitlab/gitlabhq!3525

Related Branches Visible to Guests in Issue Activity

See merge request gitlab/gitlabhq!3537

Fix invalid byte sequence

See merge request gitlab/gitlabhq!3545

Check permissions before showing a forked project's source

See merge request gitlab/gitlabhq!3554

Ensure attributes that end in `_ids` are cleaned

See merge request gitlab/gitlabhq!3561

[ci skip]

We had concerns about the cached values on Redis with the previous two
releases strategy:

First release (this commit):
  - Create new encrypted fields in the database.
  - Start populating new encrypted fields, read the encrypted fields or
    fallback to the plaintext fields.
  - Backfill the data removing the plaintext fields to the encrypted
    fields.
Second release:
  - Remove the virtual attribute (created in step 2).
  - Drop plaintext columns from the database (empty columns after
    step 3).

We end up with a better strategy only using migration scripts in one
release:
  - Pre-deployment migration: Add columns required for storing encrypted
    values.
  - Pre-deployment migration: Store the encrypted values in the new
    columns.
  - Post-deployment migration: Remove the old unencrypted columns