* Escape provider name in oauth2 provider redirect (#12648) (#12650)
  * Escape Email on password reset page (#12610) (#12612)
  * When reading expired sessions - expire them (#12686) (#12690)
* ENHANCEMENTS
  * StaticRootPath configurable at compile time (#12371) (#12652)
* BUGFIXES
  * Fix to show an issue that is related to a deleted issue (#12651) (#12692)
  * Expire time acknowledged for cache (#12605) (#12611)
  * Fix diff path unquoting (#12554) (#12575)
  * Improve HTML escaping helper (#12562)
  * models: break out of loop (#12386) (#12561)
  * Default empty merger list to those with write permissions (#12535) (#12560)
  * Skip SSPI authentication attempts for /api/internal (#12556) (#12559)
  * Prevent NPE on commenting on lines with invalidated comments (#12549) (#12550)
  * Remove hardcoded ES indexername (#12521) (#12526)
  * Fix bug preventing transfer to private organization (#12497) (#12501)
  * Keys should not verify revoked email addresses (#12486) (#12495)
  * Do not add prefix on http/https submodule links (#12477) (#12479)
  * Fix ignored login on compare (#12476) (#12478)
  * Fix incorrect error logging in Stats indexer and OAuth2 (#12387) (#12422)
  * Upgrade google/go-github to v32.1.0 (#12361) (#12390)
  * Render emoji's of Commit message on feed-page (#12373)
  * Fix handling of diff on unrelated branches when Git 2.28 used (#12370)