Security auditing and response
We released the MediaWiki 1.19.5 and 1.20.4 security releases on April 15th.
Insecure code sucks :-)
Review queue 
Wikibase client LinkItem- Done
- User Metrics API - Re-reviewing fixes in Dev Env
EasyRDF (for Wikidata)- Done
- Twig (for use with Fundraiser code) v1.13 (https://gerrit.wikimedia.org/r/#/admin/projects/wikimedia/fundraising/twig)
- GLAM Upload
This list may not be complete (possibly due to oversight, possibly due to security reasons for not putting this out there), and may not be in priority order.