This old page should be in the admin docs, along
with file hooks and similar, as it relates to self-managed
administration

Merge branch '323653-frontend-scope-a-board-to-an-iteration-cadence-and-filter-add-list-accordingly' into 'master'

Add iteration selector to board scope

See merge request gitlab-org/gitlab!69052

Changelog: changed
EE: true

Add IaC example

See merge request gitlab-org/gitlab!83076

Complete environments `GET` API docs

See merge request gitlab-org/gitlab!82980

Add 598.1 documentation for browser based DAST

See merge request gitlab-org/gitlab!83063

Update to include Project Access Token as option.

See merge request gitlab-org/gitlab!83069

Merge branch '354600-migrate-to-shared-alert-haml-partial-in-ee-app-views-shared-billings-_eoa_bronze_plan_banner' into 'master'

Migrate alert in _eoa_bronze_plan_banner to shared global alert

See merge request gitlab-org/gitlab!82867

Create feature flag for incremental repository backups

See merge request gitlab-org/gitlab!79589

ci: Default to run tests with multiple databases

See merge request gitlab-org/gitlab!82090

Remove default file pattern value

See merge request gitlab-org/gitlab!83025

Revert "Merge branch 'andysoiron/refactor-jira-connect-dev-info' into 'master'"

See merge request gitlab-org/gitlab!83149

Fix docs of available deployment actions

See merge request gitlab-org/gitlab!83153

Change verificationToken field in example

See merge request gitlab-org/gitlab!82768

Updated to match latest nav

See merge request gitlab-org/gitlab!83142

Add limited broadcast addr to local network block list in UrlBlocker

See merge request gitlab-org/gitlab!82571

This reverts merge request !82201

Revert reduce bundle size of the Content Editor

See merge request gitlab-org/gitlab!83145

`UrlBlocker` protects GitLab and its users from attacks such as
Server Side Request Forgery and DNS Rebind attacks.

Until now, setting `allow_local_network` had no effect on blocking
`255.255.255.255`, whether true or false. Now, when
`allow_local_network` is set to `false` `255.255.255.255` is
blocked through the introduction of a check named
`validate_limited_broadcast_address`.

`255.255.255.255` is the "limited broadcast address", which is used to
make requests to all hosts on a local physical network [1]. Properly
configured routers won't route it. Historically it was used to wake up
offline PCs on a LAN which, since they were asleep, didn't have IP
addresses [2].

While `UrlBlocker` defaults `allow_local_network` to `true`, in
practice it is almost always `false` because of a convention to
use the GitLab configuration option which defaults to `false`.
If a GitLab administrator still wants to  reach `255.255.255.255`,
it can be added explicitly in the Allow List [3].

There is no reason a GitLab user would want to reach this, but it
could potentially be misused if an attacker finds a component
vulnerable to DNS rebinding, for example.

This commit aims to fulfil https://gitlab.com/gitlab-org/gitlab/-/issues/337796

[1]: https://datatracker.ietf.org/doc/html/rfc919#section-7
[2]: https://superuser.com/a/1006951
[3]: https://docs.gitlab.com/ee/security/webhooks.html#allowlist-for-local-requests

Changelog: changed

Rename issuables_assigned_message method

See merge request gitlab-org/gitlab!83032

Promote stable pipeline specs to reliable bucket

See merge request gitlab-org/gitlab!83036

Render user avatar link using `GlAvatar`

See merge request gitlab-org/gitlab!82736

The new version is behind the feature flag `gl_avatar_for_all_user_avatars`

Update SSE docs to include instructions for removal

See merge request gitlab-org/gitlab!82234

Revise this set of steps to bring it closer to GitLab tone and style.

Adding Secure Files upload limit

See merge request gitlab-org/gitlab!82858

Add script to recalculate project statistics build artifacts size

See merge request gitlab-org/gitlab!81306

This adds a new service and worker that refreshes the project
statistics build artifacts size and recalculates by batches.

Remove requires_admin Tag From E2E Specs That Previously Used invite_members_group_modal Feature Flag

See merge request gitlab-org/gitlab!82747

Remove requires_admin Tag From E2E Specs That Previously Used invite_members_group_modal Feature Flag

Introduce trigger:forward for CI bridge jobs

See merge request gitlab-org/gitlab!82676

By default, only YAML-defined bridge variables are passed to downstream
pipelines. With the forward keyword, it is now available to pass
manual pipeline variables to downstream pipelines.

- forward:yaml_variables is an existing behavior, by default it's true.
When true, YAML-defined bridge variables are passed to
downstream pipelines.
- forward:pipeline_variables is a new feature, by default it's false.
When true, manual pipeline variables are passed to downstream pipelines.

This is behind a feature flag ci_trigger_forward_variables.

Fix DAG order of subsequent jobs after requeue

See merge request gitlab-org/gitlab!81087

When we requeue a job, we need to process subsequent skipped jobs,
moreover, we need to do this in a specific order.
Previously, we had an order by stage_idx but after introducing
same-stage jobs, this disappeared. We recently fixed this problem
for stage-based approach. However, the problem still exists for
the same-stage pipelines.

In this commit, we are ordering jobs by stage first,
then their DAG relationships.

These changes are behind a FF ci_fix_order_of_subsequent_jobs

This reverts commit 70f0c25a, reversing
changes made to 9f222d4c.

Refactor database testing output structure

See merge request gitlab-org/gitlab!82645