diff --git a/docker/prod/Dockerfile b/docker/prod/Dockerfile
index c73cc95c0aa8..a9355275590f 100644
--- a/docker/prod/Dockerfile
+++ b/docker/prod/Dockerfile
@@ -169,13 +169,22 @@ COPY vendor ./vendor
 # some gemspec files of plugins require files in there, notably OpenProject::Version
 COPY lib ./lib
 
-RUN bundle install --quiet --deployment --path vendor/bundle --no-cache \
-  --with="$RAILS_GROUPS" --without="test development" --jobs=8 --retry=3 && \
-  rm -rf vendor/bundle/ruby/*/cache && rm -rf vendor/bundle/ruby/*/gems/*/spec && rm -rf vendor/bundle/ruby/*/gems/*/test
+RUN \
+  bundle config set --local path 'vendor/bundle' && \
+  bundle config set --local without 'test development' && \
+  bundle install --quiet --no-cache --jobs=8 --retry=3 && \
+  bundle config set deployment 'true' && \
+  cp Gemfile.lock Gemfile.lock.bak && \
+  rm -rf vendor/bundle/ruby/*/cache && \
+  rm -rf vendor/bundle/ruby/*/gems/*/spec && \
+  rm -rf vendor/bundle/ruby/*/gems/*/test
 
 # Finally, copy over the whole thing
 COPY . .
 
+# Copy lock file again as the updated version was overriden by COPY just now
+RUN cp Gemfile.lock.bak Gemfile.lock && rm Gemfile.lock.bak
+
 RUN ./docker/prod/setup/postinstall.sh
 
 # Expose ports for apache and postgres
diff --git a/docs/development/product-development-handbook/README.md b/docs/development/product-development-handbook/README.md
index 94d59c64895c..ba62a6a6d99a 100644
--- a/docs/development/product-development-handbook/README.md
+++ b/docs/development/product-development-handbook/README.md
@@ -23,6 +23,7 @@ The product development process involves various roles during the different phas
 * Designer
 * QA/Tester
 * Developer
+* Security & Privacy engineers
 * DevOps
 * Customer
 * Marketing
@@ -210,9 +211,12 @@ Ideally the preparation of both QA and development happen at the same time so th
 2. Developer starting on a topic put their "Implementation" work package into the status "In development" and work on implementing the feature. Automated tests are added as well.
 3. Developer creates a pull request on GitHub where all automated tests are run.
 4. Developer hands over "Implementation" work package upon completion to another developer for review (status: “In review”).
-5. Developer (different from the one implementing the code) merges the pull request and closes the "Implementation" work package.
-6. The feature lead developer updates the status of the feature to "merged" once the feature is fully implemented. This can be done even with bugs still open that QA has already identified.
-7. Developer highlights features that require change in documentation if necessary (custom field “Requires doc change”).
+5. Developer (different from the one implementing the code) performs a review and, if changes are accepted according to the points mentioned below merges the pull request and closes the "Implementation" work package.
+   1. [Secure coding guidelines](https://www.openproject.org/docs/development/concepts/secure-coding/) have been evaluated for the proposed changes.
+   2. [Code review guidelines](https://www.openproject.org/docs/development/code-review-guidelines/) are followed by the submitter and reviewer
+   3. [Pull request targets the correct version](https://www.openproject.org/docs/development/git-workflow/#create-a-pull-request), and has a related work package that will form the changelog.
+7. The feature lead developer updates the status of the feature to "merged" once the feature is fully implemented. This can be done even with bugs still open that QA has already identified.
+8. Developer highlights features that require change in documentation if necessary (custom field “Requires doc change”).
 
 In case the requirements are identified to be unclear or incomplete during the implementation, the developer together with PM/Designer clarifies the requirements. The specification and other artifacts are updated accordingly.
 
diff --git a/modules/costs/lib/api/v3/time_entries/time_entries_api.rb b/modules/costs/lib/api/v3/time_entries/time_entries_api.rb
index fd00be14d2d7..a437253e5c90 100644
--- a/modules/costs/lib/api/v3/time_entries/time_entries_api.rb
+++ b/modules/costs/lib/api/v3/time_entries/time_entries_api.rb
@@ -33,7 +33,9 @@ class TimeEntriesAPI < ::API::OpenProjectAPI
         helpers ::API::Utilities::UrlPropsParsingHelper
 
         resources :time_entries do
-          get &::API::V3::Utilities::Endpoints::Index.new(model: TimeEntry).mount
+          get &::API::V3::Utilities::Endpoints::Index.new(model: TimeEntry,
+                                                          scope: -> { TimeEntry.includes(TimeEntryRepresenter.to_eager_load) })
+                                                     .mount
           post &::API::V3::Utilities::Endpoints::Create.new(model: TimeEntry).mount
 
           mount ::API::V3::TimeEntries::CreateFormAPI
diff --git a/modules/costs/lib/api/v3/time_entries/time_entry_representer.rb b/modules/costs/lib/api/v3/time_entries/time_entry_representer.rb
index 37dd5d63ea9a..cc3e64369b52 100644
--- a/modules/costs/lib/api/v3/time_entries/time_entry_representer.rb
+++ b/modules/costs/lib/api/v3/time_entries/time_entry_representer.rb
@@ -132,6 +132,11 @@ def hours=(value)
                                                                          'hours',
                                                                          allow_nil: true)
         end
+
+        self.to_eager_load = [:work_package,
+                              :user,
+                              :activity,
+                              { project: :enabled_modules }]
       end
     end
   end