Do not allow localhost url redirection in GitHub Integration

See merge request gitlab/gitlabhq!3207

Server Side Request Forgery mitigation bypass

See merge request gitlab/gitlabhq!3214

MR pipeline permissions

See merge request gitlab/gitlabhq!3217

Drop feature to take ownership of a trigger token

See merge request gitlab/gitlabhq!3228

Merge branch 'security-2873-restrict-slash-commands-to-users-who-can-log-in-11-11' into '11-11-stable'

Restrict slash commands to users who can log in

See merge request gitlab/gitlabhq!3239

Filter params in MR build service

See merge request gitlab/gitlabhq!3255

Do not show moved issue ids for user not authorized

See merge request gitlab/gitlabhq!3264

Reusing the existing `IssuableBaseService#filter_params` which uses
the policies to determine what params a user can set, and which values
it can be set to.

This also removed the need for the seperate call to
`IssuableBaseService#ensure_milestone_available`.

The `Issues::BuildService` does not suffer from this because it limits
the params that are assignable to the `title`, `description` and
`milestone_id`.

Fix order-dependent spec failure in appearance_spec.rb

Closes #64083

See merge request gitlab-org/gitlab-ce!30323

Do not show moved issue id for users that cannot read issue

Removing API and frontend interactions that allowed
users to take ownership of a trigger token.

Removed mentions from the documentation.

MergeRequest#all_pipelines fetches Ci::Pipeline records from the source
project, so we should specifically check that project for permissions.
This was already happening for intra-project merge requests, but in the
event that the target and source projects both have private builds, we
should ensure that the project permissions are respected.

When we can't resolve the hostname or it is invalid, we shouldn't
even perform the request. This fix also fixes the problem the
SSRF rebinding attack.

We can't stub feature flags outside example blocks. Nevertheless,
there are some actions that calls the UrlBlocker, that are performed
outside example blocks, ie: `set` instruction.

That's why we have to use some signalign mechanism outside the scope
of the specs.

[ci skip]

Support object storage at FileMover class

See merge request gitlab/gitlabhq!3196

[ci skip]

Ability to write a note in a private snippet

See merge request gitlab/gitlabhq!3141

Prevent Billion Laughs attack

See merge request gitlab/gitlabhq!3144

Guests can know whether merge request template name exists or not

See merge request gitlab/gitlabhq!3149

Fix MR head pipeline leak

See merge request gitlab/gitlabhq!3155

Fix DOS when rendering issue/MR comments

See merge request gitlab/gitlabhq!3158

Persist tmp snippet uploads at users

See merge request gitlab/gitlabhq!3165

Expose merge requests count based on user access

See merge request gitlab/gitlabhq!3168

Fix type authorizations in GraphQL

See merge request gitlab/gitlabhq!3173

Fix color validation regex causing DoS

See merge request gitlab/gitlabhq!3177

Disable Rails SQL query cache when applying service templates

See merge request gitlab/gitlabhq!3180

[ci skip]

Prepare 11.11.4 release

See merge request gitlab-org/gitlab-ce!30069

Master i18n 11.11

See merge request gitlab-org/gitlab-ce!30083

[skip ci]

[skip ci]

[skip ci]

[skip ci]

[skip ci]

[skip ci]