Security auditing and response

Rationale
Insecure code sucks :-)

Review queue
This list may not be complete (possibly due to missing one out, or security reasons for not putting this out there), and may not be in priority order.
 * Hadoop / Kafka (Kraken) infrastructure (bug 60632)
 * Camus
 * Varnishkafka
 * Limn
 * TimedMediaHandler v2
 * Ex:Math
 * Graphite
 * ExtraLanguageLink
 * TwitterCards (bug 64967)

Reviewed queue

 * Wikibase client LinkItem
 * User Metrics API - Re-reviewing fixes in Dev Env
 * EasyRDF (for Wikidata)
 * Ex:OpenID
 * Multimedia Extesions
 * Flow
 * GLAM Upload
 * Wikimania Scholarship Application
 * Ex:Popups (bug 61743)
 * Compact interlanguage links
 * Flow's new templating engine (https://gerrit.wikimedia.org/r/#/c/103317/)
 * Twig (for use with Fundraiser code) v1.13 (https://gerrit.wikimedia.org/r/#/admin/projects/wikimedia/fundraising/twig)