* SECURITY * Escape provider name in oauth2 provider redirect (#12648) (#12650) * Escape Email on password reset page (#12610) (#12612) * When reading expired sessions - expire them (#12686) (#12690) * ENHANCEMENTS * StaticRootPath configurable at compile time (#12371) (#12652) * BUGFIXES * Fix to show an issue that is related to a deleted issue (#12651) (#12692) * Expire time acknowledged for cache (#12605) (#12611) * Fix diff path unquoting (#12554) (#12575) * Improve HTML escaping helper (#12562) * models: break out of loop (#12386) (#12561) * Default empty merger list to those with write permissions (#12535) (#12560) * Skip SSPI authentication attempts for /api/internal (#12556) (#12559) * Prevent NPE on commenting on lines with invalidated comments (#12549) (#12550) * Remove hardcoded ES indexername (#12521) (#12526) * Fix bug preventing transfer to private organization (#12497) (#12501) * Keys should not verify revoked email addresses (#12486) (#12495) * Do not add prefix on http/https submodule links (#12477) (#12479) * Fix ignored login on compare (#12476) (#12478) * Fix incorrect error logging in Stats indexer and OAuth2 (#12387) (#12422) * Upgrade google/go-github to v32.1.0 (#12361) (#12390) * Render emoji's of Commit message on feed-page (#12373) * Fix handling of diff on unrelated branches when Git 2.28 used (#12370)