Security auditing and response

Rationale
Insecure code sucks :-)

Review queue

 * Wikibase client LinkItem - Done
 * User Metrics API - Re-reviewing fixes in Dev Env
 * EasyRDF (for Wikidata) - Done
 * Ex:OpenID
 * Multimedia Extesions
 * Flow
 * GLAM Upload
 * Wikimania Scholarship Application
 * Hadoop / Kafka (Kraken) infrastructure (bug 60632)
 * varnishkafka
 * Camus
 * Ex:Popups (bug 61743)
 * Compact interlanguage links
 * Flow's new templating engine (https://gerrit.wikimedia.org/r/#/c/103317/)
 * Limn
 * TimedMediaHandler v2
 * Twig (for use with Fundraiser code) v1.13 (https://gerrit.wikimedia.org/r/#/admin/projects/wikimedia/fundraising/twig)
 * Ex:Math
 * Graphite

This list may not be complete (possibly due to oversight, possibly due to security reasons for not putting this out there), and may not be in priority order.