* SECURITY * Hide mirror passwords on repo settings page (#16022) (#16355) * Update bluemonday to v1.0.15 (#16379) (#16380) * BUGFIXES * Retry rename on lock induced failures (#16435) (#16439) * Validate issue index before querying DB (#16406) (#16410) * Fix crash following ldap authentication update (#16447) (#16449) * ENHANCEMENTS * Redirect on bad CSRF instead of presenting bad page (#14937) (#16378)