diff --git a/.rubocop_todo/gitlab/bounded_contexts.yml b/.rubocop_todo/gitlab/bounded_contexts.yml
index 2f9c5639e25..ee59dbe2ff4 100644
--- a/.rubocop_todo/gitlab/bounded_contexts.yml
+++ b/.rubocop_todo/gitlab/bounded_contexts.yml
@@ -2906,7 +2906,6 @@ Gitlab/BoundedContexts:
     - 'ee/app/models/elastic/group_index_status.rb'
     - 'ee/app/models/elastic/index_setting.rb'
     - 'ee/app/models/elastic/migration_record.rb'
-    - 'ee/app/models/elastic/reindexing_slice.rb'
     - 'ee/app/models/elasticsearch_indexed_namespace.rb'
     - 'ee/app/models/elasticsearch_indexed_project.rb'
     - 'ee/app/models/embedding/application_record.rb'
diff --git a/.rubocop_todo/layout/line_length.yml b/.rubocop_todo/layout/line_length.yml
index 70c84e99c20..cfcb9eea2fa 100644
--- a/.rubocop_todo/layout/line_length.yml
+++ b/.rubocop_todo/layout/line_length.yml
@@ -741,7 +741,6 @@ Layout/LineLength:
     - 'ee/app/models/ee/upload.rb'
     - 'ee/app/models/ee/user.rb'
     - 'ee/app/models/ee/vulnerability.rb'
-    - 'ee/app/models/elastic/reindexing_slice.rb'
     - 'ee/app/models/epic_issue.rb'
     - 'ee/app/models/geo/secondary_usage_data.rb'
     - 'ee/app/models/geo_node.rb'
diff --git a/.rubocop_todo/rspec/feature_category.yml b/.rubocop_todo/rspec/feature_category.yml
index fdfb8de8a91..8987e088cc4 100644
--- a/.rubocop_todo/rspec/feature_category.yml
+++ b/.rubocop_todo/rspec/feature_category.yml
@@ -815,7 +815,6 @@ RSpec/FeatureCategory:
     - 'ee/spec/models/ee/users/merge_request_interaction_spec.rb'
     - 'ee/spec/models/ee/users_statistics_spec.rb'
     - 'ee/spec/models/elastic/index_setting_spec.rb'
-    - 'ee/spec/models/elastic/reindexing_slice_spec.rb'
     - 'ee/spec/models/epic_user_mention_spec.rb'
     - 'ee/spec/models/gitlab/seat_link_data_spec.rb'
     - 'ee/spec/models/gitlab_subscriptions/upcoming_reconciliation_spec.rb'
diff --git a/.rubocop_todo/search/namespaced_class.yml b/.rubocop_todo/search/namespaced_class.yml
index 6816e90a09d..c0fdcd2f323 100644
--- a/.rubocop_todo/search/namespaced_class.yml
+++ b/.rubocop_todo/search/namespaced_class.yml
@@ -30,7 +30,6 @@ Search/NamespacedClass:
     - 'ee/app/models/elastic/group_index_status.rb'
     - 'ee/app/models/elastic/index_setting.rb'
     - 'ee/app/models/elastic/migration_record.rb'
-    - 'ee/app/models/elastic/reindexing_slice.rb'
     - 'ee/app/models/elasticsearch_indexed_namespace.rb'
     - 'ee/app/models/elasticsearch_indexed_project.rb'
     - 'ee/app/presenters/ee/search_service_presenter.rb'
diff --git a/.rubocop_todo/style/class_and_module_children.yml b/.rubocop_todo/style/class_and_module_children.yml
index 33a5cd6ac14..f09ef80ff7e 100644
--- a/.rubocop_todo/style/class_and_module_children.yml
+++ b/.rubocop_todo/style/class_and_module_children.yml
@@ -420,7 +420,6 @@ Style/ClassAndModuleChildren:
     - 'ee/app/models/concerns/geo/selective_sync.rb'
     - 'ee/app/models/dast/profile_schedule.rb'
     - 'ee/app/models/ee/ci/job_artifact.rb'
-    - 'ee/app/models/elastic/reindexing_slice.rb'
     - 'ee/app/models/epic/metrics.rb'
     - 'ee/app/models/epic/related_epic_link.rb'
     - 'ee/app/models/geo/base_registry.rb'
diff --git a/app/finders/groups_finder.rb b/app/finders/groups_finder.rb
index e98b5d5400e..63b3a1a9180 100644
--- a/app/finders/groups_finder.rb
+++ b/app/finders/groups_finder.rb
@@ -74,10 +74,19 @@ class GroupsFinder < UnionFinder
 
   # rubocop: disable CodeReuse/ActiveRecord
   def groups_with_min_access_level
-    current_user
-      .groups
-      .where('members.access_level >= ?', params[:min_access_level])
-      .self_and_descendants
+    if Feature.enabled?(:cte_for_group_search_access_level, Feature.current_request)
+      inner_query = current_user
+        .groups
+        .where('members.access_level >= ?', params[:min_access_level])
+        .self_and_descendants
+      cte = Gitlab::SQL::CTE.new(:groups_with_min_access_level_cte, inner_query)
+      cte.apply_to(Group.where({}))
+    else
+      current_user
+        .groups
+        .where('members.access_level >= ?', params[:min_access_level])
+        .self_and_descendants
+    end
   end
   # rubocop: enable CodeReuse/ActiveRecord
 
diff --git a/config/feature_flags/gitlab_com_derisk/cte_for_group_search_access_level.yml b/config/feature_flags/gitlab_com_derisk/cte_for_group_search_access_level.yml
new file mode 100644
index 00000000000..4736fde24f7
--- /dev/null
+++ b/config/feature_flags/gitlab_com_derisk/cte_for_group_search_access_level.yml
@@ -0,0 +1,9 @@
+---
+name: cte_for_group_search_access_level
+feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/502465
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/171735
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/502657
+milestone: '17.6'
+group: group::tenant scale
+type: gitlab_com_derisk
+default_enabled: false
diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml
index bfa267b3ea5..52f903cfd23 100644
--- a/config/sidekiq_queues.yml
+++ b/config/sidekiq_queues.yml
@@ -591,8 +591,6 @@
   - 1
 - - onboarding_create_iterable_trigger
   - 1
-- - onboarding_create_iterable_triggers
-  - 1
 - - onboarding_progress_tracking
   - 1
 - - package_cleanup
diff --git a/data/deprecations/17-6-package-registry-permissions-breaking-change.yml b/data/deprecations/17-6-package-registry-permissions-breaking-change.yml
new file mode 100644
index 00000000000..b7f72e955ec
--- /dev/null
+++ b/data/deprecations/17-6-package-registry-permissions-breaking-change.yml
@@ -0,0 +1,18 @@
+- title: "Guest users can pull packages from private projects on GitLab.com"
+  announcement_milestone: "17.6"
+  removal_milestone: "18.0"
+  breaking_change: true
+  reporter: trizzi
+  stage: Package
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/336622
+  impact: high
+  scope: project
+  resolution_role: maintainer
+  manual_task: true
+  window: "3"
+  body: |
+    Starting in 18.0, Guest users on GitLab.com will be able to pull packages from private projects. This is the same ability that Guest users already have on self-managed GitLab.
+
+    This change streamlines package sharing capabilities within organizations and simplifies access management for package consumers by providing consistent behavior across all GitLab deployments.
+
+    Project Owners and Maintainers should review their private projects' lists of members. Users with the Guest role who should not have package pulling capabilities should be removed. If more restrictive package access is required, consider using project access tokens instead of guest access.
diff --git a/db/docs/elastic_reindexing_slices.yml b/db/docs/elastic_reindexing_slices.yml
index 35e49761d5c..2450850c4de 100644
--- a/db/docs/elastic_reindexing_slices.yml
+++ b/db/docs/elastic_reindexing_slices.yml
@@ -1,7 +1,7 @@
 ---
 table_name: elastic_reindexing_slices
 classes:
-- Elastic::ReindexingSlice
+- Search::Elastic::ReindexingSlice
 feature_categories:
 - global_search
 description: Used to track status of Zero downtime reindexing tasks in Elasticsearch or OpenSearch
diff --git a/db/migrate/20241104135544_remove_create_iterable_triggers_worker_job_instances.rb b/db/migrate/20241104135544_remove_create_iterable_triggers_worker_job_instances.rb
new file mode 100644
index 00000000000..e04af148782
--- /dev/null
+++ b/db/migrate/20241104135544_remove_create_iterable_triggers_worker_job_instances.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class RemoveCreateIterableTriggersWorkerJobInstances < Gitlab::Database::Migration[2.2]
+  milestone '17.6'
+
+  DEPRECATED_JOB_CLASSES = %w[Onboarding::CreateIterableTriggersWorker]
+  # Always use `disable_ddl_transaction!` while using the `sidekiq_remove_jobs` method,
+  # as we had multiple production incidents due to `idle-in-transaction` timeout.
+  disable_ddl_transaction!
+
+  def up
+    # Removes scheduled instances from Sidekiq queues
+    sidekiq_remove_jobs(job_klasses: DEPRECATED_JOB_CLASSES)
+  end
+
+  def down
+    # This migration removes any instances of deprecated workers and cannot be undone.
+  end
+end
diff --git a/db/schema_migrations/20241104135544 b/db/schema_migrations/20241104135544
new file mode 100644
index 00000000000..2cb4e8f54c5
--- /dev/null
+++ b/db/schema_migrations/20241104135544
@@ -0,0 +1 @@
+a3b1d3b6a2042eb0e139a01a2a948b54679edfcd9f917e67c3c626c03b010d4e
\ No newline at end of file
diff --git a/doc/development/labels/index.md b/doc/development/labels/index.md
index 0f43aa3ffa8..323ce76668a 100644
--- a/doc/development/labels/index.md
+++ b/doc/development/labels/index.md
@@ -39,7 +39,7 @@ labels, you can _always_ add the type, stage, group, and often the category/feat
 Type labels are very important. They define what kind of issue this is. Every
 issue should have one and only one.
 
-The SSOT for type and subtype labels is [available in the handbook](https://handbook.gitlab.com/handbook/engineering/metrics/#work-type-classification).
+The SSOT for type and subtype labels is [available in the handbook](https://handbook.gitlab.com/handbook/product/groups/product-analysis/engineering/metrics/#work-type-classification).
 
 A number of type labels have a priority assigned to them, which automatically
 makes them float to the top, depending on their importance.
diff --git a/doc/topics/git/advanced.md b/doc/topics/git/advanced.md
index 3cd01d899c1..2f7167dac9f 100644
--- a/doc/topics/git/advanced.md
+++ b/doc/topics/git/advanced.md
@@ -47,6 +47,17 @@ you can rebase to fix it.
 
 For more information, see [Rebase to address merge conflicts](git_rebase.md).
 
+## Cherry-pick changes
+
+The `git cherry-pick` command applies specific commits from one branch to another.
+Use it to:
+
+- Backport bug fixes from the default branch to previous release branches.
+- Copy changes from a fork to the upstream repository.
+- Apply specific changes without merging entire branches.
+
+For more information, see [Cherry-pick changes with Git](cherry_pick.md).
+
 ## Revert and undo changes
 
 The following Git commands help you to revert and undo changes:
@@ -58,6 +69,28 @@ The following Git commands help you to revert and undo changes:
 
 For more information, see [Revert changes](undo.md).
 
+## Reduce repository size
+
+The size of a Git repository can impact performance and storage costs.
+It can differ slightly from one instance to another due to compression, housekeeping, and other factors.
+For more information about repository size, see [Repository size](../../user/project/repository/repository_size.md)
+
+You can use Git to purge files from your repository's history and reduce its size. For more information, see [Reduce repository size](repository.md).
+
+## File management
+
+You can use Git to manage files in your repository. It helps you track changes, collaborate with others, and manage large files. The following options are available:
+
+- `git log`: View changes to files in your repository.
+- `git blame`: Identify who last modified a line of code in a file.
+- `git lfs`: Manages, track, and lock files in your repository.
+
+<!-- Include when the relevant MR is merged.
+
+For more information, see [File management](file_management.md).
+
+-->
+
 ## Update Git remote URLs
 
 The `git remote set-url` command updates the URL of the remote repository.
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index 9de4a40fb2c..4172960628a 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -457,6 +457,26 @@ Along with this change we are also deprecating and removing the 2017 GraphQL API
 
 <div class="deprecation breaking-change" data-milestone="18.0">
 
+### Guest users can pull packages from private projects on GitLab.com
+
+<div class="deprecation-notes">
+
+- Announced in GitLab <span class="milestone">17.6</span>
+- Removal in GitLab <span class="milestone">18.0</span> ([breaking change](https://docs.gitlab.com/ee/update/terminology.html#breaking-change))
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/336622).
+
+</div>
+
+Starting in 18.0, Guest users on GitLab.com will be able to pull packages from private projects. This is the same ability that Guest users already have on self-managed GitLab.
+
+This change streamlines package sharing capabilities within organizations and simplifies access management for package consumers by providing consistent behavior across all GitLab deployments.
+
+Project Owners and Maintainers should review their private projects' lists of members. Users with the Guest role who should not have package pulling capabilities should be removed. If more restrictive package access is required, consider using project access tokens instead of guest access.
+
+</div>
+
+<div class="deprecation breaking-change" data-milestone="18.0">
+
 ### Limited `scan` actions in a scan execution policy
 
 <div class="deprecation-notes">
diff --git a/qa/qa/page/component/access_tokens.rb b/qa/qa/page/component/access_tokens.rb
index ef920e6f536..ed70147ece8 100644
--- a/qa/qa/page/component/access_tokens.rb
+++ b/qa/qa/page/component/access_tokens.rb
@@ -58,6 +58,8 @@ module QA
         end
 
         def click_add_new_token_button
+          dismiss_duo_chat_popup if respond_to?(:dismiss_duo_chat_popup)
+
           click_element('add-new-token-button')
         end
 
diff --git a/spec/scripts/internal_events/server_spec.rb b/spec/scripts/internal_events/server_spec.rb
index 87c63f5da03..e6462026616 100644
--- a/spec/scripts/internal_events/server_spec.rb
+++ b/spec/scripts/internal_events/server_spec.rb
@@ -171,7 +171,7 @@ RSpec.describe Server, feature_category: :service_ping do
     context 'with a non-structured event or an internal event' do
       let(:body) { internal_event_fixture('snowplow_events/non_internal_event_structured.json') }
 
-      it 'ignores the event' do
+      it 'ignores the event', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/498774' do
         expect(response.code).to eq('200')
         expect(events).to be_empty
       end