GitHub Enterprise Releases

3.20.3

Tue, 26 May 2026 16:03:20 +0000

3.19.7

Tue, 26 May 2026 16:03:19 +0000

3.18.10

Tue, 26 May 2026 16:03:18 +0000

3.17.16

Tue, 26 May 2026 16:03:17 +0000

3.16.19

Tue, 26 May 2026 16:03:16 +0000

3.21.0

Tue, 12 May 2026 16:03:21 +0000

3.20.2

Thu, 07 May 2026 16:03:20 +0000

3.19.6

Thu, 07 May 2026 16:03:19 +0000

3.18.9

Thu, 07 May 2026 16:03:18 +0000

3.17.15

Thu, 07 May 2026 16:03:17 +0000

3.16.18

Thu, 07 May 2026 16:03:16 +0000

3.20.1

Tue, 21 Apr 2026 16:03:20 +0000

3.19.5

Tue, 21 Apr 2026 16:03:19 +0000

3.18.8

Tue, 21 Apr 2026 16:03:18 +0000

3.17.14

Tue, 21 Apr 2026 16:03:17 +0000

3.16.17

Tue, 21 Apr 2026 16:03:16 +0000

3.15.21

Tue, 21 Apr 2026 16:03:15 +0000

3.14.26

Tue, 21 Apr 2026 16:03:14 +0000

3.20.0

Tue, 17 Mar 2026 16:03:20 +0000

3.19.4

Fri, 13 Mar 2026 08:00:00 +0000

3.18.7

Fri, 13 Mar 2026 08:00:00 +0000

3.17.13

Fri, 13 Mar 2026 08:00:00 +0000

3.16.16

Fri, 13 Mar 2026 08:00:00 +0000

3.15.20

Fri, 13 Mar 2026 08:00:00 +0000

3.14.25

Fri, 13 Mar 2026 08:00:00 +0000

3.19.2

Tue, 10 Feb 2026 16:03:19 +0000

3.18.5

Tue, 10 Feb 2026 16:03:18 +0000

3.17.11

Tue, 10 Feb 2026 16:03:17 +0000

3.16.14

Tue, 10 Feb 2026 16:03:16 +0000

3.15.18

Tue, 10 Feb 2026 16:03:15 +0000

3.14.23

Tue, 10 Feb 2026 16:03:14 +0000

3.19.1

Tue, 06 Jan 2026 16:03:19 +0000

3.18.4

Tue, 06 Jan 2026 16:03:18 +0000

3.17.10

Tue, 06 Jan 2026 16:03:17 +0000

3.16.13

Tue, 06 Jan 2026 16:03:16 +0000

3.15.17

Tue, 06 Jan 2026 16:03:15 +0000

3.14.22

Tue, 06 Jan 2026 16:03:14 +0000

3.19.0

Tue, 09 Dec 2025 16:03:19 +0000

3.18.3

Tue, 09 Dec 2025 16:03:18 +0000

3.17.9

Tue, 09 Dec 2025 16:03:17 +0000

3.16.12

Tue, 09 Dec 2025 16:03:16 +0000

3.15.16

Tue, 09 Dec 2025 16:03:15 +0000

3.14.21

Tue, 09 Dec 2025 16:03:14 +0000

3.18.2

Tue, 02 Dec 2025 16:03:18 +0000

3.17.8

Tue, 02 Dec 2025 16:03:17 +0000

3.16.11

Tue, 02 Dec 2025 16:03:16 +0000

3.15.15

Tue, 02 Dec 2025 16:03:15 +0000

3.14.20

Tue, 02 Dec 2025 16:03:14 +0000

3.18.1

Mon, 10 Nov 2025 20:00:00 +0000

3.17.7

Mon, 10 Nov 2025 20:00:00 +0000

3.16.10

Mon, 10 Nov 2025 20:00:00 +0000

3.15.14

Mon, 10 Nov 2025 20:00:00 +0000

3.14.19

Mon, 10 Nov 2025 20:00:00 +0000

3.18.0

Tue, 14 Oct 2025 16:03:18 +0000

3.17.6

Tue, 09 Sep 2025 16:03:17 +0000

3.16.9

Tue, 09 Sep 2025 16:03:16 +0000

3.15.13

Tue, 09 Sep 2025 16:03:15 +0000

3.14.18

Tue, 09 Sep 2025 16:03:14 +0000

3.17.5

Mon, 25 Aug 2025 12:00:00 -0700

3.16.8

Mon, 25 Aug 2025 12:00:00 -0700

3.15.12

Mon, 25 Aug 2025 12:00:00 -0700

3.14.17

Mon, 25 Aug 2025 12:00:00 -0700

3.17.4

Tue, 29 Jul 2025 16:03:17 +0000

3.16.7

Tue, 29 Jul 2025 16:03:16 +0000

3.15.11

Tue, 29 Jul 2025 16:03:15 +0000

3.14.16

Tue, 29 Jul 2025 16:03:14 +0000

3.17.3

Tue, 15 Jul 2025 16:03:17 +0000

3.16.6

Tue, 15 Jul 2025 16:03:16 +0000

3.15.10

Tue, 15 Jul 2025 16:03:15 +0000

3.14.15

Tue, 15 Jul 2025 16:03:14 +0000

3.17.2

Tue, 01 Jul 2025 16:03:17 +0000

3.16.5

Tue, 01 Jul 2025 16:03:16 +0000

3.15.9

Tue, 01 Jul 2025 16:03:15 +0000

3.14.14

Tue, 01 Jul 2025 16:03:14 +0000

3.17.1

Wed, 18 Jun 2025 16:03:17 +0000

3.16.4

Wed, 18 Jun 2025 16:03:16 +0000

3.15.8

Wed, 18 Jun 2025 16:03:15 +0000

3.14.13

Wed, 18 Jun 2025 16:03:14 +0000

3.13.16

Wed, 18 Jun 2025 16:03:13 +0000

3.17.0

Tue, 03 Jun 2025 16:03:17 +0000

3.16.3

Tue, 27 May 2025 16:03:16 +0000

3.15.7

Tue, 27 May 2025 16:03:15 +0000

3.14.12

Tue, 27 May 2025 16:03:14 +0000

3.13.15

Tue, 27 May 2025 16:03:13 +0000

3.16.2

Thu, 17 Apr 2025 16:03:16 +0000

3.15.6

Thu, 17 Apr 2025 16:03:15 +0000

3.14.11

Thu, 17 Apr 2025 16:03:14 +0000

3.13.14

Thu, 17 Apr 2025 16:03:13 +0000

3.16.1

Tue, 25 Mar 2025 16:03:16 +0000

3.15.5

Tue, 25 Mar 2025 16:03:15 +0000

3.14.10

Tue, 25 Mar 2025 16:03:14 +0000

3.13.13

Tue, 25 Mar 2025 16:03:13 +0000

3.12.17

Tue, 25 Mar 2025 16:03:12 +0000

3.16.0

Tue, 11 Mar 2025 16:00:00 +0000

3.15.4

Tue, 04 Mar 2025 16:03:15 +0000

3.14.9

Tue, 04 Mar 2025 16:03:14 +0000

3.13.12

Tue, 04 Mar 2025 16:03:13 +0000

3.12.16

Tue, 04 Mar 2025 16:03:12 +0000

3.15.3

Tue, 18 Feb 2025 16:03:15 +0000

3.14.8

Tue, 18 Feb 2025 16:03:14 +0000

3.13.11

Tue, 18 Feb 2025 16:03:13 +0000

3.12.15

Tue, 18 Feb 2025 16:03:12 +0000

3.15.2

Tue, 21 Jan 2025 16:03:15 +0000

3.14.7

Tue, 21 Jan 2025 16:03:14 +0000

3.13.10

Tue, 21 Jan 2025 16:03:13 +0000

3.12.14

Tue, 21 Jan 2025 16:03:12 +0000

3.15.1

Tue, 17 Dec 2024 16:03:15 +0000

3.14.6

Tue, 17 Dec 2024 16:03:14 +0000

3.13.9

Tue, 17 Dec 2024 16:03:13 +0000

3.12.13

Tue, 17 Dec 2024 16:03:12 +0000

3.11.19

Tue, 17 Dec 2024 16:03:11 +0000

3.15.0

Tue, 03 Dec 2024 16:03:15 +0000

3.14.5

Tue, 03 Dec 2024 16:03:14 +0000

3.13.8

Tue, 03 Dec 2024 16:03:13 +0000

3.12.12

Tue, 03 Dec 2024 16:03:12 +0000

3.11.18

Tue, 03 Dec 2024 16:03:11 +0000

3.14.4

Thu, 24 Oct 2024 16:03:14 +0000

3.14.3

Thu, 24 Oct 2024 16:03:14 +0000

3.13.7

Thu, 24 Oct 2024 16:03:13 +0000

3.13.6

Thu, 24 Oct 2024 16:03:13 +0000

3.12.11

Thu, 24 Oct 2024 16:03:12 +0000

3.11.17

Thu, 24 Oct 2024 16:03:11 +0000

3.14.2

Thu, 10 Oct 2024 16:03:14 +0000

3.13.5

Thu, 10 Oct 2024 16:03:13 +0000

3.12.10

Thu, 10 Oct 2024 16:03:12 +0000

3.11.16

Thu, 10 Oct 2024 16:03:11 +0000

3.14.1

Mon, 23 Sep 2024 16:03:14 +0000

3.13.4

Mon, 23 Sep 2024 16:03:13 +0000

3.12.9

Mon, 23 Sep 2024 16:03:12 +0000

3.11.15

Mon, 23 Sep 2024 16:03:11 +0000

3.10.17

Mon, 23 Sep 2024 16:03:10 +0000

3.14.0

Tue, 27 Aug 2024 16:03:14 +0000

3.13.3

Tue, 20 Aug 2024 16:03:13 +0000

3.12.8

Tue, 20 Aug 2024 16:03:12 +0000

3.11.14

Tue, 20 Aug 2024 16:03:11 +0000

3.10.16

Tue, 20 Aug 2024 16:03:10 +0000

3.13.2

Wed, 17 Jul 2024 16:03:13 +0000

3.12.7

Wed, 17 Jul 2024 16:03:12 +0000

3.11.13

Wed, 17 Jul 2024 16:03:11 +0000

3.10.15

Wed, 17 Jul 2024 16:03:10 +0000

3.9.18

Wed, 17 Jul 2024 16:03:09 +0000

3.13.0

Tue, 18 Jun 2024 16:03:13 +0000

3.12.5

Tue, 18 Jun 2024 16:03:12 +0000

3.11.11

Tue, 18 Jun 2024 16:03:11 +0000

3.10.13

Tue, 18 Jun 2024 16:03:10 +0000

3.9.16

Tue, 18 Jun 2024 16:03:09 +0000

3.12.4

Mon, 20 May 2024 21:00:12 +0000

3.11.10

Mon, 20 May 2024 21:00:11 +0000

3.10.12

Mon, 20 May 2024 21:00:10 +0000

3.9.15

Mon, 20 May 2024 21:00:09 +0000

3.12.3

Wed, 08 May 2024 16:03:12 +0000

3.11.9

Wed, 08 May 2024 16:03:11 +0000

3.10.11

Wed, 08 May 2024 16:03:10 +0000

3.9.14

Wed, 08 May 2024 16:03:09 +0000

3.12.2

Thu, 18 Apr 2024 16:03:12 +0000

3.11.8

Thu, 18 Apr 2024 16:03:11 +0000

3.10.10

Thu, 18 Apr 2024 16:03:10 +0000

3.9.13

Thu, 18 Apr 2024 16:03:09 +0000

3.12.1

Wed, 20 Mar 2024 16:03:12 +0000

3.11.7

Wed, 20 Mar 2024 16:03:11 +0000

3.10.9

Wed, 20 Mar 2024 16:03:10 +0000

3.9.12

Wed, 20 Mar 2024 16:03:09 +0000

3.8.17

Wed, 20 Mar 2024 16:03:08 +0000

3.12.0

Tue, 05 Mar 2024 16:03:12 +0000

3.11.6

Thu, 29 Feb 2024 16:03:11 +0000

3.10.8

Thu, 29 Feb 2024 16:03:10 +0000

3.9.11

Thu, 29 Feb 2024 16:03:09 +0000

3.8.16

Thu, 29 Feb 2024 16:03:08 +0000

3.11.5

Tue, 13 Feb 2024 16:03:11 +0000

3.10.7

Tue, 13 Feb 2024 16:03:10 +0000

3.9.10

Tue, 13 Feb 2024 16:03:09 +0000

3.8.15

Tue, 13 Feb 2024 16:03:08 +0000

3.11.4

Tue, 30 Jan 2024 16:03:11 +0000

3.10.6

Tue, 30 Jan 2024 16:03:10 +0000

3.9.9

Tue, 30 Jan 2024 16:03:09 +0000

3.8.14

Tue, 30 Jan 2024 16:03:08 +0000

3.11.3

Tue, 16 Jan 2024 16:03:11 +0000

3.10.5

Tue, 16 Jan 2024 16:03:10 +0000

3.9.8

Tue, 16 Jan 2024 16:03:09 +0000

3.8.13

Tue, 16 Jan 2024 16:03:08 +0000

3.11.2

Wed, 27 Dec 2023 16:03:11 +0000

3.11.1

Thu, 21 Dec 2023 16:03:11 +0000

3.10.4

Thu, 21 Dec 2023 16:03:10 +0000

3.9.7

Thu, 21 Dec 2023 16:03:09 +0000

3.8.12

Thu, 21 Dec 2023 16:03:08 +0000

3.7.19

Thu, 21 Dec 2023 16:03:07 +0000

3.11.0

Tue, 05 Dec 2023 16:03:11 +0000

3.10.3

Thu, 12 Oct 2023 16:03:10 +0000

3.9.6

Thu, 12 Oct 2023 16:03:09 +0000

3.8.11

Thu, 12 Oct 2023 16:03:08 +0000

3.7.18

Thu, 12 Oct 2023 16:03:07 +0000

3.10.2

Fri, 22 Sep 2023 16:03:10 +0000

3.10.1

Thu, 21 Sep 2023 16:03:10 +0000

3.9.5

Thu, 21 Sep 2023 16:03:09 +0000

3.8.10

Thu, 21 Sep 2023 16:03:08 +0000

3.7.17

Thu, 21 Sep 2023 16:03:07 +0000

3.6.19

Thu, 21 Sep 2023 16:03:06 +0000

3.10.0

Tue, 29 Aug 2023 16:03:10 +0000

3.9.4

Mon, 28 Aug 2023 16:03:09 +0000

3.8.9

Mon, 28 Aug 2023 16:03:08 +0000

3.7.16

Mon, 28 Aug 2023 16:03:07 +0000

3.6.18

Mon, 28 Aug 2023 16:03:06 +0000

3.9.3

Thu, 10 Aug 2023 16:03:09 +0000

3.8.8

Thu, 10 Aug 2023 16:03:07 +0000

3.7.15

Thu, 10 Aug 2023 16:03:07 +0000

3.6.17

Thu, 10 Aug 2023 16:03:06 +0000

3.9.2

Fri, 28 Jul 2023 16:03:08 +0000

3.8.7

Fri, 28 Jul 2023 16:03:08 +0000

3.7.14

Fri, 28 Jul 2023 16:03:08 +0000

3.9.1

Tue, 18 Jul 2023 16:03:09 +0000

3.8.6

Tue, 18 Jul 2023 16:03:08 +0000

3.7.13

Tue, 18 Jul 2023 16:03:07 +0000

3.6.16

Tue, 18 Jul 2023 16:03:06 +0000

3.9.0

Thu, 29 Jun 2023 18:41:15 +0000

3.8.5

Tue, 20 Jun 2023 16:03:08 +0000

3.7.12

Tue, 20 Jun 2023 16:03:07 +0000

3.6.15

Tue, 20 Jun 2023 16:03:06 +0000

3.5.19

Tue, 20 Jun 2023 16:03:05 +0000

3.8.4

Tue, 30 May 2023 16:03:08 +0000

3.7.11

Tue, 30 May 2023 16:03:07 +0000

3.6.14

Tue, 30 May 2023 16:03:06 +0000

3.5.18

Tue, 30 May 2023 16:03:05 +0000

3.8.3

Tue, 09 May 2023 16:03:08 +0000

3.7.10

Tue, 09 May 2023 16:03:07 +0000

3.6.13

Tue, 09 May 2023 16:03:06 +0000

3.5.17

Tue, 09 May 2023 16:03:05 +0000

3.8.2

Tue, 18 Apr 2023 16:03:08 +0000

3.5.16

Tue, 18 Apr 2023 16:03:08 +0000

3.7.9

Tue, 18 Apr 2023 16:03:07 +0000

3.6.12

Tue, 18 Apr 2023 16:03:06 +0000

3.8.1

Thu, 23 Mar 2023 16:03:08 +0000

3.7.8

Thu, 23 Mar 2023 16:03:07 +0000

3.6.11

Thu, 23 Mar 2023 16:03:06 +0000

3.5.15

Thu, 23 Mar 2023 16:03:05 +0000

3.4.18

Thu, 23 Mar 2023 16:03:04 +0000

3.8.0

Tue, 07 Mar 2023 16:03:08 +0000

3.7.7

Thu, 02 Mar 2023 16:03:07 +0000

3.6.10

Thu, 02 Mar 2023 16:03:06 +0000

3.5.14

Thu, 02 Mar 2023 16:03:05 +0000

3.4.17

Thu, 02 Mar 2023 16:03:04 +0000

3.7.6

Thu, 16 Feb 2023 16:03:07 +0000

3.6.9

Thu, 16 Feb 2023 16:03:06 +0000

3.5.13

Thu, 16 Feb 2023 16:03:05 +0000

3.4.16

Thu, 16 Feb 2023 16:03:04 +0000

3.7.5

Thu, 02 Feb 2023 16:03:07 +0000

3.6.8

Thu, 02 Feb 2023 16:03:06 +0000

3.5.12

Thu, 02 Feb 2023 16:03:05 +0000

3.4.15

Thu, 02 Feb 2023 16:03:04 +0000

3.7.4

Tue, 17 Jan 2023 16:03:07 +0000

3.6.7

Tue, 17 Jan 2023 16:03:06 +0000

3.5.11

Tue, 17 Jan 2023 16:03:05 +0000

3.4.14

Tue, 17 Jan 2023 16:03:04 +0000

3.3.19

Tue, 17 Jan 2023 16:03:03 +0000

3.7.3

Thu, 12 Jan 2023 16:03:07 +0000

3.6.6

Thu, 12 Jan 2023 16:03:06 +0000

3.5.10

Thu, 12 Jan 2023 16:03:05 +0000

3.4.13

Thu, 12 Jan 2023 16:03:04 +0000

3.3.18

Thu, 12 Jan 2023 16:03:03 +0000

3.7.2

Tue, 13 Dec 2022 16:03:07 +0000

3.6.5

Tue, 13 Dec 2022 16:03:06 +0000

3.5.9

Tue, 13 Dec 2022 16:03:05 +0000

3.4.12

Tue, 13 Dec 2022 16:03:04 +0000

3.3.17

Tue, 13 Dec 2022 16:03:03 +0000

3.7.1

Tue, 22 Nov 2022 16:03:07 +0000

3.6.4

Tue, 22 Nov 2022 16:03:06 +0000

3.5.8

Tue, 22 Nov 2022 16:03:05 +0000

3.4.11

Tue, 22 Nov 2022 16:03:04 +0000

3.3.16

Tue, 22 Nov 2022 16:03:03 +0000

3.7.0

Tue, 08 Nov 2022 16:03:07 +0000

3.6.3

Tue, 25 Oct 2022 16:03:06 +0000

3.5.7

Tue, 25 Oct 2022 16:03:05 +0000

3.4.10

Tue, 25 Oct 2022 16:03:04 +0000

3.3.15

Tue, 25 Oct 2022 16:03:03 +0000

3.2.20

Tue, 25 Oct 2022 16:03:02 +0000

3.6.2

Wed, 21 Sep 2022 16:03:06 +0000

3.5.6

Wed, 21 Sep 2022 16:03:05 +0000

3.4.9

Wed, 21 Sep 2022 16:03:04 +0000

3.3.14

Wed, 21 Sep 2022 16:03:03 +0000

3.2.19

Wed, 21 Sep 2022 16:03:02 +0000

3.6.1

Tue, 30 Aug 2022 16:03:06 +0000

3.5.5

Tue, 30 Aug 2022 16:03:05 +0000

3.4.8

Tue, 30 Aug 2022 16:03:04 +0000

3.3.13

Tue, 30 Aug 2022 16:03:03 +0000

3.2.18

Tue, 30 Aug 2022 16:03:02 +0000

3.6.0

Tue, 16 Aug 2022 16:03:06 +0000

3.5.4

Thu, 11 Aug 2022 16:03:05 +0000

3.4.7

Thu, 11 Aug 2022 16:03:04 +0000

3.3.12

Thu, 11 Aug 2022 16:03:03 +0000

3.2.17

Thu, 11 Aug 2022 16:03:02 +0000

3.5.3

Thu, 21 Jul 2022 16:03:05 +0000

3.4.6

Thu, 21 Jul 2022 16:03:04 +0000

3.3.11

Thu, 21 Jul 2022 16:03:03 +0000

3.2.16

Thu, 21 Jul 2022 16:03:02 +0000

3.5.2

Tue, 28 Jun 2022 16:03:05 +0000

3.4.5

Tue, 28 Jun 2022 16:03:04 +0000

3.3.10

Tue, 28 Jun 2022 16:03:03 +0000

3.2.15

Tue, 28 Jun 2022 16:03:02 +0000

3.5.1

Thu, 09 Jun 2022 16:03:05 +0000

3.4.4

Thu, 09 Jun 2022 16:03:04 +0000

3.3.9

Thu, 09 Jun 2022 16:03:03 +0000

3.2.14

Thu, 09 Jun 2022 16:03:02 +0000

3.1.22

Thu, 09 Jun 2022 16:03:01 +0000

3.5.0

Tue, 31 May 2022 16:03:05 +0000

3.4.3

Tue, 17 May 2022 16:03:04 +0000

3.3.8

Tue, 17 May 2022 16:03:03 +0000

3.2.13

Tue, 17 May 2022 16:03:02 +0000

3.1.21

Tue, 17 May 2022 16:03:01 +0000

3.4.2

Wed, 20 Apr 2022 16:03:04 +0000

3.3.7

Wed, 20 Apr 2022 16:03:03 +0000

3.2.12

Wed, 20 Apr 2022 16:03:02 +0000

3.1.20

Wed, 20 Apr 2022 16:03:01 +0000

3.4.1

Mon, 04 Apr 2022 16:03:04 +0000

3.3.6

Mon, 04 Apr 2022 16:03:03 +0000

3.2.11

Mon, 04 Apr 2022 16:03:02 +0000

3.1.19

Mon, 04 Apr 2022 16:03:01 +0000

3.4.0

Tue, 15 Mar 2022 16:03:04 +0000

3.3.5

Tue, 01 Mar 2022 16:03:03 +0000

3.2.10

Tue, 01 Mar 2022 16:03:02 +0000

3.1.18

Tue, 01 Mar 2022 16:03:01 +0000

3.3.4

Thu, 17 Feb 2022 16:03:03 +0000

3.2.9

Thu, 17 Feb 2022 16:03:02 +0000

3.1.17

Thu, 17 Feb 2022 16:03:01 +0000

3.0.25

Thu, 17 Feb 2022 16:03:00 +0000

3.3.3

Tue, 01 Feb 2022 16:03:03 +0000

3.2.8

Tue, 01 Feb 2022 16:03:02 +0000

3.1.16

Tue, 01 Feb 2022 16:03:01 +0000

3.0.24

Tue, 01 Feb 2022 16:03:00 +0000

3.3.2

Wed, 12 Jan 2022 16:03:03 +0000

3.2.7

Wed, 12 Jan 2022 16:03:02 +0000

3.1.15

Wed, 12 Jan 2022 16:03:01 +0000

3.0.23

Wed, 12 Jan 2022 16:03:00 +0000

3.3.1

Mon, 13 Dec 2021 16:03:03 +0000

3.2.6

Mon, 13 Dec 2021 16:03:02 +0000

3.1.14

Mon, 13 Dec 2021 16:03:01 +0000

3.0.22

Mon, 13 Dec 2021 16:03:00 +0000

3.3.0

Tue, 07 Dec 2021 16:03:03 +0000

3.2.5

Tue, 07 Dec 2021 16:03:02 +0000

3.1.13

Tue, 07 Dec 2021 16:03:01 +0000

3.0.21

Tue, 07 Dec 2021 16:03:00 +0000

3.2.4

Tue, 23 Nov 2021 16:03:02 +0000

3.1.12

Tue, 23 Nov 2021 16:03:01 +0000

3.0.20

Tue, 23 Nov 2021 16:03:00 +0000

3.2.3

Tue, 09 Nov 2021 16:03:02 +0000

3.1.11

Tue, 09 Nov 2021 16:03:01 +0000

3.0.19

Tue, 09 Nov 2021 16:03:00 +0000

3.2.2

Thu, 28 Oct 2021 16:03:02 +0000

3.1.10

Thu, 28 Oct 2021 16:03:01 +0000

3.0.18

Thu, 28 Oct 2021 16:03:00 +0000

3.2.1

Tue, 12 Oct 2021 16:03:02 +0000

3.1.9

Tue, 12 Oct 2021 16:03:01 +0000

3.0.17

Tue, 12 Oct 2021 16:03:00 +0000

3.2.0

Tue, 28 Sep 2021 16:03:02 +0000

3.1.8

Thu, 23 Sep 2021 16:03:01 +0000

3.0.16

Thu, 23 Sep 2021 16:03:00 +0000

2.22.22

Thu, 23 Sep 2021 16:02:22 +0000

3.1.7

Tue, 07 Sep 2021 16:03:01 +0000

3.0.15

Tue, 07 Sep 2021 16:03:00 +0000

2.22.21

Tue, 07 Sep 2021 16:02:22 +0000

3.1.6

Tue, 24 Aug 2021 16:03:01 +0000

3.0.14

Tue, 24 Aug 2021 16:03:00 +0000

2.22.20

Tue, 24 Aug 2021 16:02:22 +0000

3.1.5

Tue, 10 Aug 2021 16:03:01 +0000

3.0.13

Tue, 10 Aug 2021 16:03:00 +0000

2.22.19

Tue, 10 Aug 2021 16:02:22 +0000

3.1.4

Tue, 27 Jul 2021 16:03:01 +0000

3.0.12

Tue, 27 Jul 2021 16:03:00 +0000

2.22.18

Tue, 27 Jul 2021 16:02:22 +0000

3.1.3

Wed, 14 Jul 2021 16:03:01 +0000

3.0.11

Wed, 14 Jul 2021 16:03:00 +0000

2.22.17

Wed, 14 Jul 2021 16:02:22 +0000

3.1.2

Thu, 24 Jun 2021 16:03:01 +0000

3.0.10

Thu, 24 Jun 2021 16:03:00 +0000

2.22.16

Thu, 24 Jun 2021 16:02:22 +0000

3.1.1

Thu, 10 Jun 2021 16:03:01 +0000

3.0.9

Thu, 10 Jun 2021 16:03:00 +0000

2.22.15

Thu, 10 Jun 2021 16:02:22 +0000

2.21.23

Thu, 10 Jun 2021 16:02:21 +0000

3.1.0

Thu, 03 Jun 2021 16:03:01 +0000

3.0.8

Tue, 25 May 2021 16:03:00 +0000

2.22.14

Tue, 25 May 2021 16:02:22 +0000

2.21.22

Tue, 25 May 2021 16:02:21 +0000

3.0.7

Thu, 13 May 2021 16:03:00 +0000

2.22.13

Thu, 13 May 2021 16:02:22 +0000

2.21.21

Thu, 13 May 2021 16:02:21 +0000

3.0.6

Wed, 28 Apr 2021 16:00:43 +0000

2.22.12

Wed, 28 Apr 2021 16:00:42 +0000

2.21.20

Wed, 28 Apr 2021 16:00:41 +0000

3.0.5

Wed, 14 Apr 2021 16:00:43 +0000

2.22.11

Wed, 14 Apr 2021 16:00:42 +0000

2.21.19

Wed, 14 Apr 2021 16:00:41 +0000

3.0.4

Thu, 01 Apr 2021 16:00:43 +0000

2.22.10

Thu, 01 Apr 2021 16:00:42 +0000

2.21.18

Thu, 01 Apr 2021 16:00:41 +0000

3.0.3

Tue, 23 Mar 2021 16:00:42 +0000

2.22.9

Tue, 23 Mar 2021 16:00:42 +0000

2.21.17

Tue, 23 Mar 2021 16:00:41 +0000

3.0.2

Tue, 16 Mar 2021 16:00:43 +0000

2.22.8

Tue, 16 Mar 2021 16:00:42 +0000

2.21.16

Tue, 16 Mar 2021 16:00:41 +0000

3.0.1

Tue, 02 Mar 2021 16:00:43 +0000

2.22.7

Tue, 02 Mar 2021 16:00:42 +0000

2.21.15

Tue, 02 Mar 2021 16:00:41 +0000

2.20.24

Tue, 02 Mar 2021 16:00:40 +0000

3.0.0

Tue, 16 Feb 2021 16:00:30 +0000

2.22.6

Thu, 17 Dec 2020 16:00:42 +0000

Security Fixes

LOW: High CPU usage could be triggered by a specially crafted request to the SVN bridge resulting in Denial of Service (DoS).
Packages have been updated to the latest security versions.

Bug Fixes

Requests for some file resources like a zip archive or raw file could enter a redirection loop.
A timeout could prevent some Issues and Pull Requests searches from providing complete search results.
Custom tabs with non-alphabetic characters in small screens did not render correctly.
An underlying behavior was causing failures when pushing content to a Git LFS-enabled repository.
In some rare cases issues could cause a 500 error when accessed via the web interface.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.21.14

Thu, 17 Dec 2020 16:00:41 +0000

Security Fixes

LOW: High CPU usage could be triggered by a specially crafted request to the SVN bridge resulting in Denial of Service (DoS).
Packages have been updated to the latest security versions.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.20.23

Thu, 17 Dec 2020 16:00:40 +0000

Security Fixes

LOW: High CPU usage could be triggered by a specially crafted request to the SVN bridge resulting in Denial of Service (DoS).
Packages have been updated to the latest security versions.

Upcoming deprecation of GitHub Enterprise Server 2.20

GitHub Enterprise Server 2.20 will be deprecated as of February 11, 2021 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.22.5

Thu, 03 Dec 2020 16:00:42 +0000

2.21.13

Thu, 03 Dec 2020 16:00:41 +0000

2.20.22

Thu, 03 Dec 2020 16:00:40 +0000

2.22.4

Tue, 17 Nov 2020 16:00:42 +0000

2.21.12

Tue, 17 Nov 2020 16:00:41 +0000

2.20.21

Tue, 17 Nov 2020 16:00:40 +0000

2.22.3

Tue, 03 Nov 2020 16:00:42 +0000

2.21.11

Tue, 03 Nov 2020 16:00:41 +0000

2.20.20

Tue, 03 Nov 2020 16:00:40 +0000

2.19.26

Tue, 03 Nov 2020 16:00:39 +0000

Security Fixes

MEDIUM: High CPU usage could be triggered by a specially crafted request to the SVN bridge resulting in Denial of Service (DoS).
LOW: Incorrect token validation resulted in a reduced entropy for matching tokens during authentication. Analysis shows that in practice there's no significant security risk here.
Packages have been updated to the latest security versions.

Bug Fixes

Suspended users were included in the list of suggested users, potentially hiding unsuspended users.

Upcoming deprecation of GitHub Enterprise Server 2.19

GitHub Enterprise Server 2.19 will be deprecated as of November 12, 2020 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.22.2

Tue, 20 Oct 2020 16:00:42 +0000

2.21.10

Tue, 20 Oct 2020 16:00:41 +0000

2.20.19

Tue, 20 Oct 2020 16:00:40 +0000

2.19.25

Tue, 20 Oct 2020 16:00:39 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The enterprise account "Confirm two-factor requirement policy" messaging was incorrect.

Upcoming deprecation of GitHub Enterprise Server 2.19

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.22.1

Fri, 09 Oct 2020 16:00:42 +0000

2.21.9

Fri, 09 Oct 2020 16:00:41 +0000

2.20.18

Fri, 09 Oct 2020 16:00:40 +0000

2.19.24

Fri, 09 Oct 2020 16:00:39 +0000

Security Fixes

A user whose LDAP directory username standardizes to an existing GHES account login could authenticate into the existing account.
Packages have been updated to the latest security versions.

Bug Fixes

The NameID Format dropdown in the Management Console would be reset to "unspecified" after setting it to "persistent".
Saving settings via the management console would append a newline to the TLS/SSL certificate and key files which triggered unnecessary reloading of some services.
System logs for Dependency Graph were not rotating, allowing unbounded storage growth.
When importing a repository with ghe-migrator, an unexpected exception could occur when inconsistent data is present.
When using ghe-migrator to import PR review requests, records associated with deleted users would result in extraneous database records.
When importing users with ghe-migrator, an error of "Emails is invalid" would occur if the system-generated email address were longer than 100 characters.
The Pull Request page could give an error if unexpected bytes were present in a data field.

Changes

Remove the requirement for SSH fingerprints in ghe-migrator archives as it can always be computed.
GitHub App Manifests now include the request_oauth_on_install field.

Upcoming deprecation of GitHub Enterprise Server 2.19

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.22.0

Wed, 23 Sep 2020 16:00:42 +0000

2.21.8

Wed, 23 Sep 2020 16:00:41 +0000

2.20.17

Wed, 23 Sep 2020 16:00:40 +0000

2.19.23

Wed, 23 Sep 2020 16:00:39 +0000

Security Fixes

MEDIUM: ImageMagick has been updated to address DSA-4715-1.
Packages have been updated to the latest security versions.

Upcoming deprecation of GitHub Enterprise Server 2.19

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.21.7

Tue, 08 Sep 2020 16:00:41 +0000

2.20.16

Tue, 08 Sep 2020 16:00:40 +0000

2.19.22

Tue, 08 Sep 2020 16:00:39 +0000

Bug Fixes

A service health check caused session growth resulting in filesystem inode exhaustion.
Upgrading using a hotpatch could fail with an error: 'libdbi1' was not found

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.21.6

Wed, 26 Aug 2020 16:00:39 +0000

2.20.15

Wed, 26 Aug 2020 16:00:39 +0000

2.19.21

Wed, 26 Aug 2020 16:00:39 +0000

Security Fixes

CRITICAL: A remote code execution vulnerability was identified in GitHub Pages that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program. We have issued CVE-2020-10518.
MEDIUM: An improper access control vulnerability was identified that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and has been assigned CVE-2020-10517. The vulnerability was reported via the GitHub Bug Bounty program.
Packages have been updated to the latest security versions.

Bug Fixes

A message was not logged when the ghe-config-apply process had finished running ghe-es-auto-expand.
Excessive logging to the syslog file could occur on high-availability replicas if the primary appliance is unavailable.
Database re-seeding on a replica could fail with an error: Got packet bigger than 'max_allowed_packet'
Syntax highlighting of some languages failed to render correctly.
In some cases duplicate user data could cause a 500 error while running the ghe-license-usage script.

Changes

Removed the license seat count information on the administrative SSH MOTD due to a performance issue impacting GitHub Enterprise Server clusters.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.21.5

Wed, 12 Aug 2020 16:00:41 +0000

2.20.14

Wed, 12 Aug 2020 16:00:40 +0000

2.19.20

Wed, 12 Aug 2020 16:00:39 +0000

Bug Fixes

Recent changes to memory allocations could lead to a degradation in system performance

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.18.25

Wed, 12 Aug 2020 16:00:38 +0000

Bug Fixes

Recent changes to memory allocations could lead to a degradation in system performance

Upcoming deprecation of GitHub Enterprise Server 2.18

GitHub Enterprise Server 2.18 will be deprecated as of August 20, 2020 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.21.4

Tue, 11 Aug 2020 16:00:41 +0000

2.20.13

Tue, 11 Aug 2020 16:00:40 +0000

2.19.19

Tue, 11 Aug 2020 16:00:39 +0000

Security Fixes

CRITICAL: A remote code execution vulnerability was identified in GitHub Pages that could allow an attacker to execute commands as part building a GitHub Pages site. This issue was due to an outdated and vulnerable dependency used in the Pages build process. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server. To mitigate this vulnerability, Kramdown has been updated to address CVE-2020-14001.
HIGH: An attacker could inject a malicious argument into a Git sub-command when executed on GitHub Enterprise Server. This could allow an attacker to overwrite arbitrary files with partially user-controlled content and potentially execute arbitrary commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to access repositories within the GitHub Enterprise Server instance. However, due to other protections in place, we could not identify a way to actively exploit this vulnerability. This vulnerability was reported through the GitHub Security Bug Bounty program.
Packages have been updated to the latest security versions.

Bug Fixes

The service memory allocation calculation could allocate an incorrect or unbounded memory allocation to a service resulting in poor system performance.
The virtualization platform for oVirt KVM systems was not properly detected, causing problems during upgrades.
GitHub Connect was using a deprecated GitHub.com API endpoint.
Issues could not be sorted by Recently updated on repositories migrated to a new instance.
The 404 page contained GitHub.com contact and status links in the footer.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.18.24

Tue, 11 Aug 2020 16:00:38 +0000

Security Fixes

CRITICAL: A remote code execution vulnerability was identified in GitHub Pages that could allow an attacker to execute commands as part building a GitHub Pages site. This issue was due to an outdated and vulnerable dependency used in the Pages build process. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server. To mitigate this vulnerability, Kramdown has been updated to address CVE-2020-14001.
HIGH: An attacker could inject a malicious argument into a Git sub-command when executed on GitHub Enterprise Server. This could allow an attacker to overwrite arbitrary files with partially user-controlled content and potentially execute arbitrary commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to access repositories within the GitHub Enterprise Server instance. However, due to other protections in place, we could not identify a way to actively exploit this vulnerability. This vulnerability was reported through the GitHub Security Bug Bounty program.
Packages have been updated to the latest security versions.

Bug Fixes

The virtualization platform for oVirt KVM systems was not properly detected, causing problems during upgrades.
The service memory allocation calculation could allocate an incorrect or unbounded memory allocation to a service resulting in poor system performance.
Issues could not be sorted by Recently updated on repositories migrated to a new instance.
GitHub Connect was using a deprecated GitHub.com API endpoint.
The 404 page contained GitHub.com contact and status links in the footer.

Upcoming deprecation of GitHub Enterprise Server 2.18

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.21.3

Tue, 21 Jul 2020 16:00:41 +0000

2.20.12

Tue, 21 Jul 2020 16:00:40 +0000

2.19.18

Tue, 21 Jul 2020 16:00:39 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

GitHub App Manifest creation flow was unusable in some scenarios when a SameSite Cookie policy was applied.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.18.23

Tue, 21 Jul 2020 16:00:38 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

GitHub App Manifest creation flow was unusable in some scenarios when a SameSite Cookie policy was applied.

Upcoming deprecation of GitHub Enterprise Server 2.18

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.21.2

Thu, 09 Jul 2020 16:00:41 +0000

2.20.11

Thu, 09 Jul 2020 16:00:40 +0000

2.19.17

Thu, 09 Jul 2020 16:00:39 +0000

Security Fixes

MEDIUM: Updated nginx to 1.16.1 and addressed CVE-2019-20372. (updated 2020-07-22)
Packages have been updated to the latest security versions.

Bug Fixes

Certain log files did not rotate every 7 days.
Rapid reuse of webhook source ports resulted in rejected connections.
Site Administrators could not unlock a repository more than once.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.18.22

Thu, 09 Jul 2020 16:00:38 +0000

Security Fixes

MEDIUM: Updated nginx to 1.16.1 and addressed CVE-2019-20372. (updated 2020-07-22)
Packages have been updated to the latest security versions.

Bug Fixes

Certain log files did not rotate every 7 days.
Rapid reuse of webhook source ports resulted in rejected connections.

Upcoming deprecation of GitHub Enterprise Server 2.18

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.21.1

Tue, 23 Jun 2020 16:00:41 +0000

2.20.10

Tue, 23 Jun 2020 16:00:40 +0000

2.19.16

Tue, 23 Jun 2020 16:00:39 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Excessively large log events could lead to log forwarding instability when UDP was used as the transport mechanism.
Automatic unsuspension of a user through SSO did not complete if the SSH keys attribute had keys already associated with the user's account.
Previewing a GitHub App description written in markdown was not properly rendered.
Webhooks could be triggered twice by a single commit via the web user interface.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.18.21

Tue, 23 Jun 2020 16:00:38 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Excessively large log events could lead to log forwarding instability when UDP was used as the transport mechanism.
Automatic unsuspension of a user through SSO did not complete if the SSH keys attribute had keys already associated with the user's account.
Previewing a GitHub App description written in markdown was not properly rendered.

Upcoming deprecation of GitHub Enterprise Server 2.18

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line.

Thanks!

The GitHub Team

2.21.0

Tue, 09 Jun 2020 16:00:41 +0000

2.20.9

Tue, 02 Jun 2020 16:00:40 +0000

2.19.15

Tue, 02 Jun 2020 16:00:39 +0000

Security Fixes

HIGH: An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21. We have issued CVE-2020-10516 in response to this issue. The vulnerability was reported via the GitHub Bug Bounty program.
Packages have been updated to the latest security versions.

Bug Fixes

Internet-facing GitHub Enterprise Server instances could be indexed by search engines.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.18.20

Tue, 02 Jun 2020 16:00:38 +0000

Security Fixes

HIGH: An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21. We have issued CVE-2020-10516 in response to this issue. The vulnerability was reported via the GitHub Bug Bounty program.
Packages have been updated to the latest security versions.

Bug Fixes

Internet-facing GitHub Enterprise Server instances could be indexed by search engines.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.20.8

Tue, 19 May 2020 16:00:40 +0000

2.19.14

Tue, 19 May 2020 16:00:39 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

After the license file was updated, services were not properly reloaded causing functionality loss.
Internal API requests updating Dependency Graph information could fail if the response body was too large.
The affiliations argument to some GraphQL repository connections was not respected.
Automatic unsuspension of a user through SSO did not complete if the SAML email attribute had different casing than the GitHub user email.
Restoring the membership of a user to an organization did not instrument the actor in webhook and audit log payloads.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.18.19

Tue, 19 May 2020 16:00:38 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

After the license file was updated, services were not properly reloaded causing functionality loss.
Internal API requests updating Dependency Graph information could fail if the response body was too large.
The affiliations argument to some GraphQL repository connections was not respected.
Automatic unsuspension of a user through SSO did not complete if the SAML email attribute had different casing than the GitHub user email.
Restoring the membership of a user to an organization did not instrument the actor in webhook and audit log payloads.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.25

Tue, 19 May 2020 16:00:37 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Restoring the membership of a user to an organization did not instrument the actor in webhook and audit log payloads.

Upcoming deprecation of GitHub Enterprise Server 2.17

GitHub Enterprise Server 2.17 will be deprecated as of May 23, 2020 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.20.7

Tue, 05 May 2020 16:00:40 +0000

2.19.13

Tue, 05 May 2020 16:00:39 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

If a repository has the "automatically delete head branches" setting enabled, the head branch wasn't automatically deleted, when a pull request was merged by a GitHub App installation.
When an organization member was reinstated, the webhook payload reported the ghost user as the sender and not the actual user performing the reinstatement.
If a repository has the "automatically delete head branches" setting enabled, the head branch wasn't automatically deleted where the head repository was different from the base repository.
The garbage collection of temporary files could lead to a license validation error.
In some situations, including when a repository is first created, the pre-receive hook would be run without a value populated for the GITHUB_REPO_PUBLIC environment variable.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.18.18

Tue, 05 May 2020 16:00:38 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

When an organization member was reinstated, the webhook payload reported the ghost user as the sender and not the actual user performing the reinstatement.
The garbage collection of temporary files could lead to a license validation error.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.24

Tue, 05 May 2020 16:00:37 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

When an organization member was reinstated, the webhook payload reported the ghost user as the sender and not the actual user performing the reinstatement.
The garbage collection of temporary files could lead to a license validation error.

Upcoming deprecation of GitHub Enterprise Server 2.17

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.20.6

Thu, 23 Apr 2020 16:00:40 +0000

2.19.12

Thu, 23 Apr 2020 16:00:39 +0000

Security Fixes

HIGH: OpenSSL has been updated to address CVE-2020-1967.
HIGH: Git has been updated to address CVE-2020-5260 and CVE-2020-11008. New restrictions prevent malicious repositories from being pushed to the server instance, protecting clients which have not yet been patched.
LOW: ImageMagick has been updated to address CVE-2019-10131.
Packages have been updated to the latest security versions.

Bug Fixes

A mismatch in MySQL configurations could cause backups to fail in large installations.
A periodic task to clean up old log files would fail and send error messages to the local root account.
When a GitHub Enterprise Server license contained non-ASCII characters, a GET request to the Management Console API /setup/api/settings endpoint would result in an Internal Server Error.
The recovery console would prompt for a root password, even if the root account was locked.
When using the GraphQL's API for filtering issues assigned to a non-existent user, the message received would not be descriptive enough.
A CODEOWNERS file with a leading UTF-8 Byte Order Mark would cause all codeowner rules to be ignored.

Changes

When an external identity provider controlled user's site administrator status, users could not be demoted via the command line utility.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.18.17

Thu, 23 Apr 2020 16:00:38 +0000

Security Fixes

HIGH: OpenSSL has been updated to address CVE-2020-1967.
HIGH: Git has been updated to address CVE-2020-5260 and CVE-2020-11008. New restrictions prevent malicious repositories from being pushed to the server instance, protecting clients which have not yet been patched.
LOW: ImageMagick has been updated to address CVE-2019-10131.
Packages have been updated to the latest security versions.

Bug Fixes

A mismatch in MySQL configurations could cause backups to fail in large installations.
A periodic task to clean up old log files would fail and send error messages to the local root account.
The recovery console would prompt for a root password, even if the root account was locked.
When a GitHub Enterprise Server license contained non-ASCII characters, a GET request to the Management Console API /setup/api/settings endpoint would result in an Internal Server Error.

Changes

When an external identity provider controlled user's site administrator status, users could not be demoted via the command line utility.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.23

Thu, 23 Apr 2020 16:00:37 +0000

Security Fixes

HIGH: OpenSSL has been updated to address CVE-2020-1967.
HIGH: Git has been updated to address CVE-2020-5260 and CVE-2020-11008. New restrictions prevent malicious repositories from being pushed to the server instance, protecting clients which have not yet been patched.
LOW: ImageMagick has been updated to address CVE-2019-10131.
Packages have been updated to the latest security versions.

Bug Fixes

A mismatch in MySQL configurations could cause backups to fail in large installations.
A periodic task to clean up old log files would fail and send error messages to the local root account.
The recovery console would prompt for a root password, even if the root account was locked.
When a GitHub Enterprise Server license contained non-ASCII characters, a GET request to the Management Console API /setup/api/settings endpoint would result in an Internal Server Error.
When using the GraphQL's API for filtering issues assigned to a non-existent user, the message received would not be descriptive enough.
A CODEOWNERS file with a leading UTF-8 Byte Order Mark would cause all codeowner rules to be ignored.

Changes

When an external identity provider controlled user's site administrator status, users could not be demoted via the command line utility.

Upcoming deprecation of GitHub Enterprise Server 2.17

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.20.5

Tue, 07 Apr 2020 16:00:40 +0000

2.19.11

Tue, 07 Apr 2020 16:00:39 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The hotpatch mechanism did not properly handle the case where extracted patch contents were no longer present on the filesystem.
A maximum Git object size of 100MB option could not be selected for a repository when the global enterprise account had a Git object size option other than 100MB set.
Results from the the Issues and Pull Requests API could have inconsistent behaviour when ordering by the updated_at field.
The SecurityVulnerability package field could not be queried via the GraphQL API.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.18.16

Tue, 07 Apr 2020 16:00:38 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The hotpatch mechanism did not properly handle the case where extracted patch contents were no longer present on the filesystem.
A maximum Git object size of 100MB option could not be selected for a repository when the global enterprise account had a Git object size option other than 100MB set.
Results from the the Issues and Pull Requests API could have inconsistent behaviour when ordering by the updated_at field.
The SecurityVulnerability package field could not be queried via the GraphQL API.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.22

Tue, 07 Apr 2020 16:00:37 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The hotpatch mechanism did not properly handle the case where extracted patch contents were no longer present on the filesystem.
A maximum Git object size of 100MB option could not be selected for a repository when the global enterprise account had a Git object size option other than 100MB set.
Results from the the Issues and Pull Requests API could have inconsistent behaviour when ordering by the updated_at field.
The SecurityVulnerability package field could not be queried via the GraphQL API.

Upcoming deprecation of GitHub Enterprise Server 2.17

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.20.4

Wed, 25 Mar 2020 16:00:40 +0000

2.19.10

Wed, 25 Mar 2020 16:00:39 +0000

Bug Fixes

SAML Authentication requests and Metadata were not strictly encoded, causing some Identity Providers to not correctly process Service Provider initiated Authentication requests.
When using GitHub Connect, the GHES license sync process sent information that was not required.
When pushing to a Gist, an exception could be triggered during the post-receive hook.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.18.15

Wed, 25 Mar 2020 16:00:38 +0000

Bug Fixes

SAML Authentication requests and Metadata were not strictly encoded, causing some Identity Providers to not correctly process Service Provider initiated Authentication requests.
When using GitHub Connect, the GHES license sync process sent information that was not required.
ghe-migrator exports did not contain milestone users, which could break import operations.
When viewing file changes in comparison views, long file paths were truncated in a way that emphasised the directory components, rather than the filename.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.21

Wed, 25 Mar 2020 16:00:37 +0000

Bug Fixes

SAML Authentication requests and Metadata were not strictly encoded, causing some Identity Providers to not correctly process Service Provider initiated Authentication requests.
When using GitHub Connect, the GHES license sync process sent information that was not required.
ghe-migrator exports did not contain milestone users, which could break import operations.

Upcoming deprecation of GitHub Enterprise Server 2.17

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.20.3

Thu, 12 Mar 2020 13:00:40 +0000

2.20.2

Tue, 10 Mar 2020 16:00:40 +0000

2.19.9

Tue, 10 Mar 2020 16:00:39 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

In some cases the forwarded log entries, mainly for audit.log were getting truncated.
The ghe-license-check command-line utility returned an "Invalid license file" error for some valid licenses, causing configuration changes to fail.
Alambic exception logs were not forwarded by syslog.
The org_block event is not unavailable but was appearing for GitHub Apps on GitHub Enterprise Server.
GraphQL query responses sometimes returned unmatched node identifiers for ProtectedBranch objects.
The GitHub App credential used by GitHub Connect failed to refresh immediately after expiry.
Leaving a comment in reply to a pull request comment was intermittently creating a pending pull request review.
Using ghe-migrator or exporting from GitHub.com, an export would silently fail to export non-image attachments.
Pre-receive hook returned 500 error on web UI when UTF-8 characters were encountered.

Changes

The ghe-license-usage command-line utility includes a new --unencrypted option to provide visibility into the exported license usage file.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.18.14

Tue, 10 Mar 2020 16:00:38 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

In some cases the forwarded log entries, mainly for audit.log were getting truncated.
The ghe-license-check command-line utility returned an "Invalid license file" error for some valid licenses, causing configuration changes to fail.
Alambic exception logs were not forwarded by syslog.
The org_block event is not unavailable but was appearing for GitHub Apps on GitHub Enterprise Server.
GraphQL query responses sometimes returned unmatched node identifiers for ProtectedBranch objects.
The GitHub App credential used by GitHub Connect failed to refresh immediately after expiry.
Leaving a comment in reply to a pull request comment was intermittently creating a pending pull request review.
Using ghe-migrator or exporting from GitHub.com, an export would silently fail to export non-image attachments.
Pre-receive hook returned 500 error on web UI when UTF-8 characters were encountered.
Signing out on Chrome was taking 30+ seconds when using a non-incognito browser.

Changes

The ghe-license-usage command-line utility includes a new --unencrypted option to provide visibility into the exported license usage file.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.20

Tue, 10 Mar 2020 16:00:37 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

In some cases the forwarded log entries, mainly for audit.log were getting truncated.
The ghe-license-check command-line utility returned an "Invalid license file" error for some valid licenses, causing configuration changes to fail.
Alambic exception logs were not forwarded by syslog.
The org_block event is not unavailable but was appearing for GitHub Apps on GitHub Enterprise Server.
GraphQL query responses sometimes returned unmatched node identifiers for ProtectedBranch objects.
The GitHub App credential used by GitHub Connect failed to refresh immediately after expiry.
Using ghe-migrator or exporting from GitHub.com, an export would silently fail to export non-image attachments.
Pre-receive hook returned 500 error on web UI when UTF-8 characters were encountered.
Signing out on Chrome was taking 30+ seconds when using a non-incognito browser.
Leaving a comment in reply to a pull request comment was intermittently creating a pending pull request review.

Changes

The ghe-license-usage command-line utility includes a new --unencrypted option to provide visibility into the exported license usage file.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.20.1

Thu, 27 Feb 2020 16:00:40 +0000

2.19.8

Thu, 27 Feb 2020 16:00:39 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Restore from backups would fail with an Invalid RDB version number error.
Upgrading an HA replica would stall indefinitely waiting for MySQL to start.
Importing teams from external sources failed when there were spaces in the team name.
PR review comments with unexpected values for "position" or "original_position" caused imports to fail.
Project hovercards were not properly displayed.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.18.13

Thu, 27 Feb 2020 16:00:38 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Upgrading an HA replica would stall indefinitely waiting for MySQL to start.
Importing teams from external sources failed when there were spaces in the team name.
PR review comments with unexpected values for "position" or "original_position" caused imports to fail.
Project hovercards were not properly displayed.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.19

Thu, 27 Feb 2020 16:00:37 +0000

Security Fixes

Packages have been updated to the latest security versions.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.20.0

Tue, 11 Feb 2020 16:00:40 +0000

2.19.7

Tue, 11 Feb 2020 16:00:39 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The Dependency Graph for Python repositories failed to update.
The GITHUB_REPO_PUBLIC environment variable passed to pre-receive hooks could be empty.

Changes

Background queues were re-prioritized to increase performance in large environments.
Improved formatting of the example output of blocked Subversion access on the Admin Center repository Subversion management page.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.18.12

Tue, 11 Feb 2020 16:00:38 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The Dependency Graph for Python repositories failed to update.
The GITHUB_REPO_PUBLIC environment variable passed to pre-receive hooks could be empty.

Changes

Improved formatting of the example output of blocked Subversion access on the Admin Center repository Subversion management page.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.18

Tue, 11 Feb 2020 16:00:37 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The Dependency Graph for Python repositories failed to update.
The GITHUB_REPO_PUBLIC environment variable passed to pre-receive hooks could be empty.

Changes

Improved formatting of the example output of blocked Subversion access on the Admin Center repository Subversion management page.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.19.6

Tue, 28 Jan 2020 16:00:39 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Obtaining a Lets Encrypt via Enterprise Manage would fail to install the certificate.
Support bundle generation wasn't possible when consul was unavailable.
Service startup wouldn't wait for MySQL database to accept connections.
GitHub Apps acting on behalf of a user could not list a repositories forks via the REST API.
GitHub Connect code search presented the user with an error instead of search results.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.18.11

Tue, 28 Jan 2020 16:00:38 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Obtaining a Lets Encrypt via Enterprise Manage would fail to install the certificate.
Support bundle generation wasn't possible when consul was unavailable.
Service startup wouldn't wait for MySQL database to accept connections.
GitHub Connect code search presented the user with an error instead of search results.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.17

Tue, 28 Jan 2020 16:00:37 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Obtaining a Lets Encrypt via Enterprise Manage would fail to install the certificate.
Support bundle generation wasn't possible when consul was unavailable.
Service startup wouldn't wait for MySQL database to accept connections.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.19.5

Wed, 15 Jan 2020 16:00:39 +0000

Security Fixes

LOW: Git has been updated to address CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, and CVE-2019-19604. These vulnerabilities could not be triggered on the GitHub Enteprise Server instance itself, but new restrictions prevent malicious repositories from being pushed to the server instance, protecting clients which have not yet been patched.
Packages have been updated to the latest security versions.

Bug Fixes

The root disk utilization graph in the Management Console was missing on AWS Nitro instance types.
The Alambic storage service could hit a file descriptor limit that could cause the kernel to hang and other services to log errors.
Importing of teams with nested teams with security visibility could fail. Nested teams will now be imported as top-level teams if they are imported as children of a team with secret visibility.
When a repository is locked users could still directly visit pull request URLs and modify the reviewers.
A team created via the API V3 would not automatically add its creator as a maintainer, which caused it to be inaccessible to that person.
A GitHub App with the proper set of permissions was not able to create teams with LDAP.
The DNS resolution for GitHub Connect could timeout.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.18.10

Wed, 15 Jan 2020 16:00:38 +0000

Security Fixes

LOW: Git has been updated to address CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, and CVE-2019-19604. These vulnerabilities could not be triggered on the GitHub Enteprise Server instance itself, but new restrictions prevent malicious repositories from being pushed to the server instance, protecting clients which have not yet been patched.
Packages have been updated to the latest security versions.

Bug Fixes

The root disk utilization graph in the Management Console was missing on AWS Nitro instance types.
The Alambic storage service could hit a file descriptor limit that could cause the kernel to hang and other services to log errors.
Importing of teams with nested teams with security visibility could fail. Nested teams will now be imported as top-level teams if they are imported as children of a team with secret visibility.
When a repository is locked users could still directly visit pull request URLs and modify the reviewers.
A team created via the API V3 would not automatically add its creator as a maintainer, which caused it to be inaccessible to that person.
A GitHub App with the proper set of permissions was not able to create teams with LDAP.
The DNS resolution for GitHub Connect could timeout.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.16

Wed, 15 Jan 2020 16:00:37 +0000

Security Fixes

LOW: Git has been updated to address CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, and CVE-2019-19604. These vulnerabilities could not be triggered on the GitHub Enteprise Server instance itself, but new restrictions prevent malicious repositories from being pushed to the server instance, protecting clients which have not yet been patched.
Packages have been updated to the latest security versions.

Bug Fixes

The root disk utilization graph in the Management Console was missing on AWS Nitro instance types.
The Alambic storage service could hit a file descriptor limit that could cause the kernel to hang and other services to log errors.
Importing of teams with nested teams with security visibility could fail. Nested teams will now be imported as top-level teams if they are imported as children of a team with secret visibility.
When a repository is locked users could still directly visit pull request URLs and modify the reviewers.
A team created via the API V3 would not automatically add its creator as a maintainer, which caused it to be inaccessible to that person.
A GitHub App with the proper set of permissions was not able to create teams with LDAP.
The DNS resolution for GitHub Connect could timeout.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.25

Wed, 15 Jan 2020 16:00:36 +0000

Security Fixes

LOW: Git has been updated to address CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, and CVE-2019-19604. These vulnerabilities could not be triggered on the GitHub Enteprise Server instance itself, but new restrictions prevent malicious repositories from being pushed to the server instance, protecting clients which have not yet been patched.
Packages have been updated to the latest security versions.

Bug Fixes

The Alambic storage service could hit a file descriptor limit that could cause the kernel to hang and other services to log errors.
Importing of teams with nested teams with security visibility could fail. Nested teams will now be imported as top-level teams if they are imported as children of a team with secret visibility.

Upcoming deprecation of GitHub Enterprise Server 2.16

GitHub Enterprise Server 2.16 will be deprecated as of January 22, 2020 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.19.4

Tue, 17 Dec 2019 16:00:39 +0000

Security Fixes

MEDIUM: An attacker could push a malicious GitHub Pages branch with overlapping submodule names, possibly leading to remote code execution within the GitHub Pages build container. To exploit this vulnerability, an attacker would need permission to create a branch within a repository on the GitHub Enterprise Server instance. CVE-2019-1387
Packages have been updated to the latest security versions.

Bug Fixes

Unknown locales were generating errors when running commands in the administrative shell.
ghe-config-check was returning validation errors for github-ssl.acme.ca-conf and syslog.cert.
The Let's Encrypt certificate registration feature consistently failed following an update to the external API.
Upgrades could fail due to a missing SQL table.
Commit objects could be lost in some cases if an update of a replica failed and then a repair operation was ran.
Commit messages containing links were not clickable or properly rendered in blame view.
When importing review comments that were created using old versions of GHES, some comments would fail to import due to corrupt diffs.
Audit log did not include some entries when changing protected branches settings.

Changes

Increase autolink reference limit to 50.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.18.9

Tue, 17 Dec 2019 16:00:38 +0000

Security Fixes

MEDIUM: An attacker could push a malicious GitHub Pages branch with overlapping submodule names, possibly leading to remote code execution within the GitHub Pages build container. To exploit this vulnerability, an attacker would need permission to create a branch within a repository on the GitHub Enterprise Server instance. CVE-2019-1387
Packages have been updated to the latest security versions.

Bug Fixes

Unknown locales were generating errors when running commands in the administrative shell.
ghe-config-check was returning validation errors for github-ssl.acme.ca-conf and syslog.cert.
The Let's Encrypt certificate registration feature consistently failed following an update to the external API.
Upgrades could fail due to a missing SQL table.
Commit objects could be lost in some cases if an update of a replica failed and then a repair operation was ran.
Commit messages containing links were not clickable or properly rendered in blame view.
When importing review comments that were created using old versions of GHES, some comments would fail to import due to corrupt diffs.
Audit log did not include some entries when changing protected branches settings.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.15

Tue, 17 Dec 2019 16:00:37 +0000

Security Fixes

MEDIUM: An attacker could push a malicious GitHub Pages branch with overlapping submodule names, possibly leading to remote code execution within the GitHub Pages build container. To exploit this vulnerability, an attacker would need permission to create a branch within a repository on the GitHub Enterprise Server instance. CVE-2019-1387
Packages have been updated to the latest security versions.

Bug Fixes

Unknown locales were generating errors when running commands in the administrative shell.
ghe-config-check was returning validation errors for github-ssl.acme.ca-conf and syslog.cert.
The Let's Encrypt certificate registration feature consistently failed following an update to the external API.
Upgrades could fail due to a missing SQL table.
Commit objects could be lost in some cases if an update of a replica failed and then a repair operation was ran.
A GraphQL query to retrieve the additions and deletions for a changed binary file returned a 500 error.
Audit log did not include some entries when changing protected branches settings.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.24

Tue, 17 Dec 2019 16:00:36 +0000

Security Fixes

MEDIUM: An attacker could push a malicious GitHub Pages branch with overlapping submodule names, possibly leading to remote code execution within the GitHub Pages build container. To exploit this vulnerability, an attacker would need permission to create a branch within a repository on the GitHub Enterprise Server instance. CVE-2019-1387
Packages have been updated to the latest security versions.

Bug Fixes

ghe-config-check was returning validation errors for github-ssl.acme.ca-conf and syslog.cert.
The Let's Encrypt certificate registration feature consistently failed following an update to the external API.

Upcoming deprecation of GitHub Enterprise Server 2.16

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.19.3

Tue, 03 Dec 2019 16:00:39 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Graphs for some metrics in the Management Console 'Monitor' page were displaying data in the opposite ordering than expected.
Site Admin users could encounter timeouts when attempting to impersonate accounts that were members of a large number of Organizations.
Backups of GitHub Enterprise Server clusters could intermittently fail due to duplicated Gist repository references.
Transient, non-fatal errors returned from external LDAP servers during team synchronization operations could cause the incorrect removal of team members.
GitHub Apps were unable to modify GitHub Team memberships via the API.
GrahpQL queries that referenced Organizations could run slowly and occasionally time out on a GitHub Enterprise Server instance that contained a large number of Organizations.
Inviting users to a team could time out if the invitees weren't already members of that team's Organization.

Changes

Background job queues have been re-ordered to reduce the chances of user-visible jobs being delayed on very busy instances.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
The Let's Encrypt certificate registration feature consistently fails following an update to the external API.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.18.8

Tue, 03 Dec 2019 16:00:38 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Graphs for some metrics in the Management Console 'Monitor' page were displaying data in the opposite ordering than expected.
Site Admin users could encounter timeouts when attempting to impersonate accounts that were members of a large number of Organizations.
Backups of GitHub Enterprise Server clusters could intermittently fail due to duplicated Gist repository references.
Transient, non-fatal errors returned from external LDAP servers during team synchronization operations could cause the incorrect removal of team members.
GrahpQL queries that referenced Organizations could run slowly and occasionally time out on a GitHub Enterprise Server instance that contained a large number of Organizations.
Inviting users to a team could time out if the invitees weren't already members of that team's Organization.

Changes

Background job queues have been re-ordered to reduce the chances of user-visible jobs being delayed on very busy instances.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
The Let's Encrypt certificate registration feature consistently fails following an update to the external API.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.14

Tue, 03 Dec 2019 16:00:37 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Graphs for some metrics in the Management Console 'Monitor' page were displaying data in the opposite ordering than expected.
Backups of GitHub Enterprise Server clusters could intermittently fail due to duplicated Gist repository references.
Transient, non-fatal errors returned from external LDAP servers during team synchronization operations could cause the incorrect removal of team members.

Changes

Background job queues have been re-ordered to reduce the chances of user-visible jobs being delayed on very busy instances.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
The Let's Encrypt certificate registration feature consistently fails following an update to the external API.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.23

Tue, 03 Dec 2019 16:00:36 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Backups of GitHub Enterprise Server clusters could intermittently fail due to duplicated Gist repository references.
Transient, non-fatal errors returned from external LDAP servers during team synchronization operations could cause the incorrect removal of team members.

Upcoming deprecation of GitHub Enterprise Server 2.16

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.
The Let's Encrypt certificate registration feature consistently fails following an update to the external API.

Thanks!

The GitHub Team

2.19.2

Wed, 20 Nov 2019 16:00:39 +0000

Security Fixes

HIGH: The legacy avatar upgrade functionality was vulnerable to a Server-Side Request Forgery (SSRF) vulnerability when fetching image content from third-party avatar services. This could allow an attacker to make GET requests to internal services reachable from the GitHub Enterprise deployment.

Bug Fixes

Storage objects were incorrectly deleted from non-voting replicas, potentially leading to data loss on replica promotion.
Unsubscribe email notification language was inconsistent with the language used in the web interface.
Team membership information could be destroyed during an upgrade from GHES 2.17.
The related issues feature was incorrectly included in the release.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
The Let's Encrypt certificate registration feature consistently fails following an update to the external API.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.18.7

Wed, 20 Nov 2019 16:00:38 +0000

Security Fixes

HIGH: The legacy avatar upgrade functionality was vulnerable to a Server-Side Request Forgery (SSRF) vulnerability when fetching image content from third-party avatar services. This could allow an attacker to make GET requests to internal services reachable from the GitHub Enterprise deployment.
LOW: The script-src: 'unsafe-inline' CSP header was applied to all paths for Enterprise Manager.
Packages have been updated to the latest security versions.

Bug Fixes

Promoting a replica in an active HA environment could fail to properly apply configuration changes and remove a pre-flight check holding page.
A race condition could occur when a replica node was rebooted, preventing the internal VPN from starting correctly.
MySQL replication lag could rise significantly on high traffic instances during times of peak user activity.

Changes

The Google Accounts Daemon and google_set_hostname DHCP hook are now disabled on Google Cloud Platform images.
GitHub Enterprise Server is now available in the eu-north-1 AWS region.
MySQL database seeding progress is reported during replication setup and recorded in the configuration log.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When using Let's Encrypt with a new installation, an error can occur when creating a new Let's Encrypt account.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.13

Wed, 20 Nov 2019 16:00:37 +0000

Security Fixes

HIGH: The legacy avatar upgrade functionality was vulnerable to a Server-Side Request Forgery (SSRF) vulnerability when fetching image content from third-party avatar services. This could allow an attacker to make GET requests to internal services reachable from the GitHub Enterprise deployment.
LOW: The script-src: 'unsafe-inline' CSP header was applied to all paths for Enterprise Manager.
Packages have been updated to the latest security versions.

Bug Fixes

Promoting a replica in an active HA environment could fail to properly apply configuration changes and remove a pre-flight check holding page.
In certain cluster configurations, background jobs are unable to communicate with local storage services.
MySQL replication lag could rise significantly on high traffic instances during times of peak user activity.

Changes

The Google Accounts Daemon and google_set_hostname DHCP hook are now disabled on Google Cloud Platform images.
GitHub Enterprise Server is now available in the eu-north-1 AWS region.
MySQL database seeding progress is reported during replication setup and recorded in the configuration log.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When using Let's Encrypt with a new installation, an error can occur when creating a new Let's Encrypt account.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.22

Wed, 20 Nov 2019 16:00:36 +0000

Security Fixes

HIGH: The legacy avatar upgrade functionality was vulnerable to a Server-Side Request Forgery (SSRF) vulnerability when fetching image content from third-party avatar services. This could allow an attacker to make GET requests to internal services reachable from the GitHub Enterprise deployment.
LOW: The script-src: 'unsafe-inline' CSP header was applied to all paths for Enterprise Manager.
Packages have been updated to the latest security versions.

Bug Fixes

Promoting a replica in an active HA environment could fail to properly apply configuration changes and remove a pre-flight check holding page.
In certain cluster configurations, background jobs are unable to communicate with local storage services.
MySQL replication lag could rise significantly on high traffic instances during times of peak user activity.

Changes

GitHub Enterprise Server is now available in the eu-north-1 AWS region.
MySQL database seeding progress is reported during replication setup and recorded in the configuration log.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.
When using Let's Encrypt with a new installation, an error can occur when creating a new Let's Encrypt account.

Thanks!

The GitHub Team

2.19.1

Fri, 15 Nov 2019 16:00:39 +0000

Due to a database migration error, we have disabled access to the 2.19.1 images. This error will be resolved in the next patch release.

Security Fixes

LOW: The script-src: 'unsafe-inline' CSP header was applied to all paths for Enterprise Manager.
Packages have been updated to the latest security versions.

Bug Fixes

Promoting a replica in an active HA environment could fail to properly apply configuration changes and remove a pre-flight check holding page.
In certain cluster configurations, background jobs are unable to communicate with local storage services.
Upgrading from 2.17 to 2.19 could fail with a database migration error.

Changes

The Google Accounts Daemon and google_set_hostname DHCP hook are now disabled on Google Cloud Platform images.
GitHub Enterprise Server is now available in the eu-north-1 AWS region.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
The Let's Encrypt certificate registration feature consistently fails following an update to the external API.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.19.0

Tue, 12 Nov 2019 16:00:39 +0000

Due to a database migration error, we have disabled access to the 2.19.0 images. This error will be resolved in the next patch release.

Features

Organization and repository administrators can assign the triage and maintain roles to users and teams.
When an issue is referenced with a closing keyword in a pull request description, the referenced issue will now surface the relevant pull request information in its header.
The dependency graph supports .vcxproj and .fsproj files that list NuGet dependencies in their PackageReference section.
The WebAuthn standard is supported for authentication.
Users can change the project board columns of issues directly from the issue sidebar.
GitHub Pages supports adding a remote theme using Jekyll.
Administrators can utilize the Audit Log GraphQL API.
The dependency graph supports scoped npm packages.
Repositories can be set to delete the head branch of a pull request once it has merged into the base branch.
Enterprise accounts can be managed using the GraphQL API.
Enterprise accounts can issue their members SSH certificates to access repositories over Git.
Administrators can enable autolink references on repositories. (updated 2019-11-13)

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Team maintainers could not add child teams to their teams if "Allow members to create teams" was disabled.
Pull requests authors with read permissions could not re-request reviews.
A label could be shown as removed from a pull request that it was never added to.

Changes

The web notification retention policy has been increased to 5 months for all notification types.
The ghe-repl-status command shows more granular status information for consul replication.
Audit log data is now stored in Elasticsearch instead of MySQL.
Users will only be able to see the Secret teams they are part of in the list of teams.
Users will be listed as owners of the organizations they own when logged in.
Pull requests are shown under Recent Activity when they've recently been reviewed.

Backups and Disaster Recovery

GitHub Enterprise Server 2.19 requires at least GitHub Enterprise Backup Utilities 2.19.0 for Backups and Disaster Recovery.

Upcoming Deprecation of GitHub Enterprise Server 2.16

GitHub Enterprise Server 2.16 will be deprecated as of January 22, 2020. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.

Upcoming Deprecation of Adding New SSH-DSS Keys

The addition of new SSH-DSS keys will be removed in GitHub Enterprise Server 2.20.0.

Upcoming Deprecation of the Legacy Gravatar Service

Support for using an external service for Avatars was deprecated in GitHub Enterprise Server 2.1.0. At the time, functionality was implemented to copy avatars from the external service to the GitHub Enterprise Server and the configuration options remained in Enterprise Manage for instances configured with an external service prior to the deprecation. This functionality and configuration will be removed from GitHub Enterprise Server 2.20.0.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
The Let's Encrypt certificate registration feature consistently fails following an update to the external API.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.18.6

Tue, 05 Nov 2019 16:00:38 +0000

Security Fixes

MEDIUM: The repository import functionality was vulnerable to a Server Side Request Forgery (SSRF) issue when importing TFS repositories.
Packages have been updated to the latest security versions.

Bug Fixes

The storage objects were incorrectly deleted from non-voting replicas.
In some cases systemd would fail to start services after a reboot.
Submitting the form to request to change a team's parent team with an empty value caused an error.
The GitHub App installation page returned a timeout error for some users and Apps.
Unsubscribe email notification language was inconsistent with the language used in the web interface.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.12

Tue, 05 Nov 2019 16:00:37 +0000

Security Fixes

MEDIUM: The repository import functionality was vulnerable to a Server Side Request Forgery (SSRF) issue when importing TFS repositories.
Packages have been updated to the latest security versions.

Bug Fixes

The storage objects were incorrectly deleted from non-voting replicas.
In some cases systemd would fail to start services after a reboot.
Submitting the form to request to change a team's parent team with an empty value caused an error.
Unsubscribe email notification language was inconsistent with the language used in the web interface.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.21

Tue, 05 Nov 2019 16:00:36 +0000

Security Fixes

MEDIUM: The repository import functionality was vulnerable to a Server Side Request Forgery (SSRF) issue when importing TFS repositories.
Packages have been updated to the latest security versions.

Bug Fixes

The storage objects were incorrectly deleted from non-voting replicas.
In some cases systemd would fail to start services after a reboot.
Submitting the form to request to change a team's parent team with an empty value caused an error.
Unsubscribe email notification language was inconsistent with the language used in the web interface.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.18.5

Wed, 23 Oct 2019 16:00:38 +0000

Security Fixes

HIGH: The repository import functionality was vulnerable to a command injection issue when importing Mercurial repositories.
Packages have been updated to the latest security versions.

Bug Fixes

In a clustering environment, trying to add files to a repository using the web interface or pushing commits from the command line interface could fail.
A 500 Internal Server Error could occur when creating a new organization.
GitHub Apps were unable to modify GitHub Team memberships via the API.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.11

Wed, 23 Oct 2019 16:00:37 +0000

Security Fixes

HIGH: The repository import functionality was vulnerable to a command injection issue when importing Mercurial repositories.
Packages have been updated to the latest security versions.

Bug Fixes

A 500 Internal Server Error could occur when creating a new organization.
GitHub Apps were unable to modify GitHub Team memberships via the API.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.20

Wed, 23 Oct 2019 16:00:36 +0000

Security Fixes

HIGH: The repository import functionality was vulnerable to a command injection issue when importing Mercurial repositories.
Packages have been updated to the latest security versions.

Bug Fixes

A 500 Internal Server Error could occur when creating a new organization.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.18.4

Tue, 08 Oct 2019 16:00:38 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Git pushes could take a long time when pushing to a fork of a repository with a lot of forks.
Webhooks could not be created or updated to point to .consul domains.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.10

Tue, 08 Oct 2019 16:00:37 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Webhooks could not be created or updated to point to .consul domains.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.19

Tue, 08 Oct 2019 16:00:36 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Webhooks could not be created or updated to point to .consul domains.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.15.24

Tue, 08 Oct 2019 16:00:35 +0000

Security Fixes

Packages have been updated to the latest security versions.

Upcoming deprecation of GitHub Enterprise Server 2.15

GitHub Enterprise Server 2.15 will be deprecated as of October 16, 2019 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.18.3

Wed, 25 Sep 2019 16:00:38 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Missing /etc/aliases.db file caused the deferred mail queue to fill with internal alert messages.
The text toolbar and the subheading were overlapping on the global enterprise account Messages pages.
It was possible for the two-factor authentication requirement on the global enterprise account to remain enabled after switching to an authentication mode that does not support built-in two-factor authentication (such as SAML).
In large repos the protected branch settings page was loading slowly and triggering a timeout error.
Attempting to unarchive a repository would fail due to schema mismatch.
Viewing blobs in a repository was slow and could cause timeout errors under certain network conditions.
Forking a private repository into an organization was erroneously blocked by an error that mentioned upgrading your plan.

Changes

Added support for r5.8xlarge and r5.16xlarge EC2 instance types
The number of pull requests that can be created from the same head SHA1 is limited to 100 by default.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.9

Wed, 25 Sep 2019 16:00:37 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

It was possible for the two-factor authentication requirement on the global enterprise account to remain enabled after switching to an authentication mode that does not support built-in two-factor authentication (such as SAML).
In large repos the protected branch settings page was loading slowly and triggering a timeout error.

Changes

The number of pull requests that can be created from the same head SHA1 is limited to 100 by default.
Added support for r5.8xlarge and r5.16xlarge EC2 instance types

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.18

Wed, 25 Sep 2019 16:00:36 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

It was possible for the two-factor authentication requirement on the global enterprise account to remain enabled after switching to an authentication mode that does not support built-in two-factor authentication (such as SAML).

Changes

The number of pull requests that can be created from the same head SHA1 is limited to 100 by default.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.15.23

Wed, 25 Sep 2019 16:00:35 +0000

Security Fixes

Packages have been updated to the latest security versions.

Changes

The number of pull requests that can be created from the same head SHA1 is limited to 100 by default.

Upcoming deprecation of GitHub Enterprise Server 2.15

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.18.2

Tue, 10 Sep 2019 16:00:38 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Live updates for pull requests and issues would fail due to an incorrect list of allowed origin domains.
A Git operation could fail to connect to the server with a SIGABRT error in certain cases.
WireGuard private keys were missing in some cases, causing a failure to connect.
Restarting replication after an upgrade using ghe-repl-start could fail to detect an existing configuration run and break the replication between HA nodes.
Promotion of an HA replica would cause a memory leak in some cases.
Site administrators could have two-factor authentication disabled via the Site Admin dashboard when two-factor authentication was enabled on the global enterprise account.
A background job that doesn't apply to GitHub Enterprise Server was enqueued but never processed.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.8

Tue, 10 Sep 2019 16:00:37 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Site administrators could have two-factor authentication disabled via the Site Admin dashboard when two-factor authentication was enabled on the global enterprise account.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.17

Tue, 10 Sep 2019 16:00:36 +0000

Security Fixes

Packages have been updated to the latest security versions.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.15.22

Tue, 10 Sep 2019 16:00:35 +0000

Security Fixes

Packages have been updated to the latest security versions.

Upcoming deprecation of GitHub Enterprise Server 2.15

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.18.1

Tue, 27 Aug 2019 16:00:38 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

On appliances that send a lot of notifications, GitHub Enterprise opened too many connections to the configured email server which delayed delivery in certain cases.
When a SAML Session expired before a form was submitted, users of Chrome would not be redirected to the SAML authentication workflow.

Changes

Adjusted the amount of logging for the Alive service to reduce noise.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Issue, pull request, and project pages may not automatically update with changes from other users. (updated 2019-08-30)
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.7

Tue, 27 Aug 2019 16:00:37 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

On appliances that send a lot of notifications, GitHub Enterprise opened too many connections to the configured email server which delayed delivery in certain cases.
GPG key warning used to appear during fresh installs.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.16

Tue, 27 Aug 2019 16:00:36 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

On appliances that send a lot of notifications, GitHub Enterprise opened too many connections to the configured email server which delayed delivery in certain cases.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.15.21

Tue, 27 Aug 2019 16:00:35 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

On appliances that send a lot of notifications, GitHub Enterprise opened too many connections to the configured email server which delayed delivery in certain cases.

Upcoming deprecation of GitHub Enterprise Server 2.15

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.18.0

Tue, 20 Aug 2019 16:00:38 +0000

Features

Issues can be assigned to read-only contributors that have commented on the issue.
Milestones are now visible on project boards.
User-owned repositories are automatically watched for updates upon creation.
Users can receive notifications for conversations occurring on Gists.
Users can limit the types of notifications they receive for any issue and pull request to be specific to merge, reopened and/or closed events.
Users can transfer issues from one repository to another that they have write access to.
Security alerts are supported for repositories using Yarn for dependency management.
Repository admins can make an existing repository a template so users can generate new repositories with the same directory structure and files.
Organization owners can choose to display their member's profile names in comments on private repositories.
The audit log can now be exported in JSON or CSV format and queried using the Audit log API.
Cards can be converted to issues on user owned projects.
Users have the option to toggle annotations in the diff view.

Security Fixes

HIGH: An attacker could inject potentially malicious options into Git sub-commands when executed on the server. This could allow an attacker to truncate existing files on the server or execute other unintended functionality of affected Git sub-commands. To exploit this vulnerability, an attacker would need permission to create a branch within a repository on the GitHub Enterprise Server instance. This vulnerability was reported through the GitHub Security Bug Bounty program.
MEDIUM: GitHub App permissions could be incorrectly set by the user.
Packages have been updated to the latest security versions.

Bug Fixes

GitHub Enterprise Server was incorrectly using support@example.com as the sender of notification emails if a URL was used for the support link instead of an email address.
GitHub app managers were able to access and manage applications for the organization after being removed from it.
Lines in gists were not selectable.

Changes

WireGuard replaces OpenVPN as the technology used to encrypt communication between nodes in High Availability configurations.
Webhook payloads include the milestone object when milestones are added or removed.
Links to all the pull requests associated with a security alert are viewable on the security alerts page.
Users are able to update their branch with the base branch when a pull request is in draft status.
Files marked as reviewed will be marked as unreviewed for all users that have previously reviewed the file after a new commit has been made.
Reduced memory utilization on GitHub Enterprise Server instances.
The longpoll service has been replaced with alive.
Replication must be stopped during a feature upgrade.

Backups and Disaster Recovery

GitHub Enterprise Server 2.18 requires at least GitHub Enterprise Backup Utilities 2.18.0 for Backups and Disaster Recovery.

Upcoming deprecation of GitHub Enterprise Server 2.15

GitHub Enterprise Server 2.15 will be deprecated as of October 16, 2019. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Issue, pull request, and project pages may not automatically update with changes from other users. (updated 2019-08-30)
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team

2.17.6

Tue, 13 Aug 2019 16:00:37 +0000

Security Fixes

HIGH: An attacker could inject potentially malicious options into Git sub-commands when executed on the server. This could allow an attacker to truncate existing files on the server or execute other unintended functionality of affected Git sub-commands. To exploit this vulnerability, an attacker would need permission to create a branch within a repository on the GitHub Enterprise Server instance. This vulnerability was reported through the GitHub Security Bug Bounty program.
MEDIUM: GitHub App permissions could be incorrectly set by the user.
Packages have been updated to the latest security versions.

Bug Fixes

The database wouldn't automatically reconnect, which caused dependency graphs not to show on repositories.
When creating an organization, name availability check wouldn't correctly display its URL.
Using ghe-migrator or exporting from GitHub.com, an export would silently fail to export issue comments when a repository was archived.
GitHub Enterprise Server was incorrectly using support@example.com as the sender of notification emails in certain circumstances.
GitHub app managers were able to access and manage applications for the organization after being removed from it.
Comparing OAuth Access Tokens returned 404 Not Found error.
Deleting a repository and its projects could delete other owned or accessible projects.
When enabling a feature for GitHub Connect resulted in an error, users were not properly notified.

Changes

Reduced memory utilization on GitHub Enterprise Server instances.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.15

Tue, 13 Aug 2019 16:00:36 +0000

Security Fixes

HIGH: An attacker could inject potentially malicious options into Git sub-commands when executed on the server. This could allow an attacker to truncate existing files on the server or execute other unintended functionality of affected Git sub-commands. To exploit this vulnerability, an attacker would need permission to create a branch within a repository on the GitHub Enterprise Server instance. This vulnerability was reported through the GitHub Security Bug Bounty program.
MEDIUM: GitHub App permissions could be incorrectly set by the user.
Packages have been updated to the latest security versions.

Bug Fixes

Using ghe-migrator or exporting from GitHub.com, an export would silently fail to export issue comments when a repository was archived.
GitHub Enterprise Server was incorrectly using support@example.com as the sender of notification emails in certain circumstances.
Comparing OAuth Access Tokens returned 404 Not Found error.
Deleting a repository and its projects could delete other owned or accessible projects.
When enabling a feature for GitHub Connect resulted in an error, users were not properly notified.

Changes

Reduced memory utilization on GitHub Enterprise Server instances.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.15.20

Tue, 13 Aug 2019 16:00:35 +0000

Security Fixes

HIGH: An attacker could inject potentially malicious options into Git sub-commands when executed on the server. This could allow an attacker to truncate existing files on the server or execute other unintended functionality of affected Git sub-commands. To exploit this vulnerability, an attacker would need permission to create a branch within a repository on the GitHub Enterprise Server instance. This vulnerability was reported through the GitHub Security Bug Bounty program.
MEDIUM: GitHub App permissions could be incorrectly set by the user.
Packages have been updated to the latest security versions.

Bug Fixes

GitHub Enterprise Server was incorrectly using support@example.com as the sender of notification emails in certain circumstances.
Comparing OAuth Access Tokens returned 404 Not Found error.
Deleting a repository and its projects could delete other owned or accessible projects.
When enabling a feature for GitHub Connect resulted in an error, users were not properly notified.

Changes

Reduced memory utilization on GitHub Enterprise Server instances.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.17.5

Tue, 23 Jul 2019 16:00:37 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Identical node identifiers on high availability replica nodes could prevent configuring or updating high availability replication.
Consul did not automatically recover when a node's identity changed unexpectedly.
An incorrect free memory total was calculated when determining the available memory required to install a hotpatch.
Hypervisor type and root volumes were incorrectly detected on AWS Nitro instance types, preventing non-hotpatch upgrades.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.14

Tue, 23 Jul 2019 16:00:36 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Identical node identifiers on high availability replica nodes could prevent configuring or updating high availability replication.
Consul did not automatically recover when a node's identity changed unexpectedly.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.15.19

Tue, 23 Jul 2019 16:00:35 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Identical node identifiers on high availability replica nodes could prevent configuring or updating high availability replication.
Consul did not automatically recover when a node's identity changed unexpectedly.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.17.4

Tue, 02 Jul 2019 16:00:37 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Resque workers may not have been cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.
Viewing the profile of a user with a username similar to a common HTML error page, for example 404-html, would display the error page and not the user's profile.
Reattaching a forked repository to its parent after changing the visibility would fail for the second and subsequent forks.
The global enterprise account members page did not list all members of the installation.
Creating a new repository could fail with a 404 error if the user is an owner of a large number of organizations.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Hypervisor type and root volumes are incorrectly detected on AWS Nitro instance types, preventing non-hotpatch upgrades. (updated: 2019-07-09)
Lines in gists are not selectable. (updated: 2019-07-19)
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.13

Tue, 02 Jul 2019 16:00:36 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Viewing the profile of a user with a username similar to a common HTML error page, for example 404-html, would display the error page and not the user's profile.
Reattaching a forked repository to its parent after changing the visibility would fail for the second and subsequent forks.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.15.18

Tue, 02 Jul 2019 16:00:35 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Viewing the profile of a user with a username similar to a common HTML error page, for example 404-html, would display the error page and not the user's profile.
Reattaching a forked repository to its parent after changing the visibility would fail for the second and subsequent forks.
LFS pushes could fail if a repository admin was suspended.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.14.25

Tue, 02 Jul 2019 16:00:34 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Viewing the profile of a user with a username similar to a common HTML error page, for example 404-html, would display the error page and not the user's profile.
Reattaching a forked repository to its parent after changing the visibility would fail for the second and subsequent forks.

Upcoming deprecation of GitHub Enterprise Server 2.14

GitHub Enterprise Server 2.14 will be deprecated as of July 12, 2019 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.

Thanks!

The GitHub Team

2.17.3

Wed, 26 Jun 2019 16:00:37 +0000

OAuth app authorization bypass

A CRITICAL vulnerability was identified that allows an attacker to authorize an OAuth application on the account of a targeted user without the approval of the targeted user. This would allow an attacker to execute actions on behalf of the targeted user via the authorized OAuth application. The attacker would need to be able to create an OAuth application on the affected GitHub Enterprise Server instance to perform this attack. Additionally, to execute the attack, the targeted user would need to visit an attacker controlled website.

The affected supported versions are:

2.14.0 - 2.14.23
2.15.0 - 2.15.16
2.16.0 - 2.16.11
2.17.0 - 2.17.2

We strongly recommend upgrading your GitHub Enterprise Server appliance to the latest patch release in your series, GitHub Enterprise Server 2.14.24, 2.15.17, 2.16.12, 2.17.3, or greater immediately. If you have any questions, please contact GitHub support at https://enterprise.github.com/support.

This vulnerability was reported through the GitHub Security Bug Bounty program.

Security Fixes

CRITICAL: A malicious OAuth application could be authorized on a targeted user's account without requiring user approval, allowing an attacker to execute actions on behalf of the user.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.
Hypervisor type and root volumes are incorrectly detected on AWS Nitro instance types, preventing non-hotpatch upgrades. (updated: 2019-07-09)
Lines in gists are not selectable. (updated: 2019-07-19)
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.12

Wed, 26 Jun 2019 16:00:36 +0000

OAuth app authorization bypass

The affected supported versions are:

2.14.0 - 2.14.23
2.15.0 - 2.15.16
2.16.0 - 2.16.11
2.17.0 - 2.17.2

This vulnerability was reported through the GitHub Security Bug Bounty program.

Security Fixes

CRITICAL: A malicious OAuth application could be authorized on a targeted user's account without requiring user approval, allowing an attacker to execute actions on behalf of the user.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.15.17

Wed, 26 Jun 2019 16:00:35 +0000

OAuth app authorization bypass

The affected supported versions are:

2.14.0 - 2.14.23
2.15.0 - 2.15.16
2.16.0 - 2.16.11
2.17.0 - 2.17.2

This vulnerability was reported through the GitHub Security Bug Bounty program.

Security Fixes

CRITICAL: A malicious OAuth application could be authorized on a targeted user's account without requiring user approval, allowing an attacker to execute actions on behalf of the user.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.14.24

Wed, 26 Jun 2019 16:00:34 +0000

OAuth app authorization bypass

The affected supported versions are:

2.14.0 - 2.14.23
2.15.0 - 2.15.16
2.16.0 - 2.16.11
2.17.0 - 2.17.2

This vulnerability was reported through the GitHub Security Bug Bounty program.

Security Fixes

CRITICAL: A malicious OAuth application could be authorized on a targeted user's account without requiring user approval, allowing an attacker to execute actions on behalf of the user.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.

Thanks!

The GitHub Team

2.17.2

Wed, 19 Jun 2019 16:00:37 +0000

Security Fixes

MEDIUM: An attacker with direct network access to the server could send a specially crafted sequence of network packets that could cause a kernel panic or slow down the system causing a Denial of Service (DoS). For more information, see the associated CVEs: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479.
Packages have been updated to the latest security versions.

Bug Fixes

Internal API data values exceeded internal buffer sizes and caused access from the Git command-line to fail unconditionally for some users or deploy keys.
In single node appliances, the ghe-export-audit-logs command did not correctly detect the instance type in some cases, causing backups to fail.
Adding a new node to a currently or previously configured high availability replication primary node that has been upgraded to GitHub Enterprise Server 2.17 could fail due to a missing /etc/openvpn/easy-rsa/openssl.cnf file.
Pre-seeding the initial replica appliance in a HA configuration would result in the failure of the existing primary appliance.
The GitHub Connect "Learn more" link beside the message "You can now connect to an enterprise account" pointed to a nonexistent help article.
The "Learn why" link beside the message "Custom sign-in messages are disabled when SAML authentication is enabled" pointed to a nonexistent help article.
The GraphQL API would only return 300 objects instead of the documented 3000.
In the GraphQL API, the suggestedReviewers field returned an error when queried in combination with some other fields (e.g., additions or deletions).
Displayed an invalid prompt when editing FUNDING.yml, which would then also fail to preview changes correctly.
The Collaboration "Funding model links" section would appear within the UI.
Pre-receive hooks that printed non UTF-8 characters would fail with an "incompatible character encodings" error message.
When attempting to search for private repositories on GitHub.com via GitHub Connect, a 500 Internal Server Error occurred.
GitHub Enterprise Server incorrectly enforced a version of Backup Utilities that was the same or newer than the precise patch version of GitHub Enterprise Server.

Changes

GitHub Enterprise is now available in the AWS GovCloud (US-East) region.
When pushing a very large number of Git LFS objects to a repository, the returning "Git LFS Integrity Check" warning message was confusing, leading users to think something went wrong.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.
Hypervisor type and root volumes are incorrectly detected on AWS Nitro instance types, preventing non-hotpatch upgrades. (updated: 2019-07-09)
Lines in gists are not selectable. (updated: 2019-07-19)
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.11

Wed, 19 Jun 2019 16:00:36 +0000

Security Fixes

MEDIUM: An attacker with direct network access to the server could send a specially crafted sequence of network packets that could cause a kernel panic or slow down the system causing a Denial of Service (DoS). For more information, see the associated CVEs: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479.
Packages have been updated to the latest security versions.

Bug Fixes

Internal API data values exceeded internal buffer sizes and caused access from the Git command-line to fail unconditionally for some users or deploy keys.
Pre-seeding the initial replica appliance in a HA configuration would result in the failure of the existing primary appliance.
The "Learn why" link beside the message "Custom sign-in messages are disabled when SAML authentication is enabled" pointed to a nonexistent help article.
In the GraphQL API, the suggestedReviewers field returned an error when queried in combination with some other fields (e.g., additions or deletions).
Pre-receive hooks that printed non UTF-8 characters would fail with an "incompatible character encodings" error message.
GitHub Enterprise Server incorrectly enforced a version of Backup Utilities that was the same or newer than the precise patch version of GitHub Enterprise Server.

Changes

When pushing a very large number of Git LFS objects to a repository, the returning "Git LFS Integrity Check" warning message was confusing, leading users to think something went wrong.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.15.16

Wed, 19 Jun 2019 16:00:35 +0000

Security Fixes

MEDIUM: An attacker with direct network access to the server could send a specially crafted sequence of network packets that could cause a kernel panic or slow down the system causing a Denial of Service (DoS). For more information, see the associated CVEs: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479.
Packages have been updated to the latest security versions.

Bug Fixes

Internal API data values exceeded internal buffer sizes and caused access from the Git command-line to fail unconditionally for some users or deploy keys.
Pre-seeding the initial replica appliance in a HA configuration would result in the failure of the existing primary appliance.
The "Learn why" link beside the message "Custom sign-in messages are disabled when SAML authentication is enabled" pointed to a nonexistent help article.
GitHub Enterprise incorrectly enforced a version of Backup Utilities that was the same or newer than the precise patch version of GitHub Enterprise.

Changes

When pushing a very large number of Git LFS objects to a repository, the returning "Git LFS Integrity Check" warning message was confusing, leading users to think something went wrong.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.14.23

Wed, 19 Jun 2019 16:00:34 +0000

Security Fixes

MEDIUM: An attacker with direct network access to the server could send a specially crafted sequence of network packets that could cause a kernel panic or slow down the system causing a Denial of Service (DoS). For more information, see the associated CVEs: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479.
Packages have been updated to the latest security versions.

Bug Fixes

GitHub Enterprise incorrectly enforced a version of Backup Utilities that was the same or newer than the precise patch version of GitHub Enterprise.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.

Thanks!

The GitHub Team

2.17.1

Tue, 04 Jun 2019 00:00:01 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Using ghe-migrator or exporting from GitHub.com, an export would silently fail to export pull request review comments when a repository was archived.
Rename conflicts were not detected while importing from some 3rd party systems using ghe-migrator.
The GitHub Blog URL was incorrect.
GitHub app permissions were not properly displayed during app creation.
The global enterprise account listed suspended outside collaborators.
Recently promoted site admins could be suspended by another site admin without revoking site admin privilege first.
A partially completed GitHub Connect permissions request would be requested on a subsequent unrelated permission request.

Changes

Adjusted the memcached graph to include the memory "used" in addition to the memory "free".
client_id and client_secret were added to the JSON payload when creating a GitHub App via manifest.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.
Adding a new node to a currently or previously configured high availability replication primary node that has been upgraded to GitHub Enterprise Server 2.17 may fail due to a missing /etc/openvpn/easy-rsa/openssl.cnf file. (updated: 2019-06-19)
GitHub Enterprise Server incorrectly enforces a version of Backup Utilities that is the same or newer than the precise patch version of GitHub Enterprise Server. (updated 2019-06-25)
Hypervisor type and root volumes are incorrectly detected on AWS Nitro instance types, preventing non-hotpatch upgrades. (updated: 2019-07-09)
Lines in gists are not selectable. (updated: 2019-07-19)
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team

2.16.10

Tue, 04 Jun 2019 00:00:00 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Using ghe-migrator or exporting from GitHub.com, an export would silently fail to export pull request review comments when a repository was archived.
Rename conflicts were not detected while importing from some 3rd party systems using ghe-migrator.

Changes

Adjusted the memcached graph to include the memory "used" in addition to the memory "free".
client_id and client_secret were added to the JSON payload when creating a GitHub App via manifest.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.
GitHub Enterprise Server incorrectly enforces a version of Backup Utilities that is the same or newer than the precise patch version of GitHub Enterprise Server. (updated 2019-06-25)

Thanks!

The GitHub Team

2.15.15

Tue, 04 Jun 2019 00:00:00 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Using ghe-migrator or exporting from GitHub.com, an export would silently fail to export pull request review comments when a repository was archived.

Changes

Adjusted the memcached graph to include the memory "used" in addition to the memory "free".

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.
GitHub Enterprise incorrectly enforces a version of Backup Utilities that is the same or newer than the precise patch version of GitHub Enterprise. (updated 2019-06-25)

Thanks!

The GitHub Team

2.14.22

Tue, 04 Jun 2019 00:00:00 +0000

Security Fixes

Packages have been updated to the latest security versions.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
GitHub Enterprise incorrectly enforces a version of Backup Utilities that is the same or newer than the precise patch version of GitHub Enterprise. (updated 2019-06-25)

Thanks!

The GitHub Team

2.17.0

Thu, 23 May 2019 16:00:37 +0000

Features

Users can create draft pull requests.
Pull request reviewers can expand and contract the diff view.
Code authors can commit a batch of suggested changes as a single commit.
Security alerts are available to customers utilizing GitHub Connect.
Organization owners can view and export a list of users that have access to a repository.
Users can create and manage their own project boards.
Users can set a status on their profile.
GitHub Enterprise Server supports more AWS EC2 instance types with the AWS Nitro System.
Organization owners can revoke personal access token via the API.
Users can view a list of all the repository releases that are being watched.
Organization owners can restrict members' ability to create teams.
Users can view all of their subscriptions to issues and pull requests.
Audit log data is now stored in MySQL instead of Elasticsearch.
Users can exclude labels from search in an issue or pull request list filter.
Organization owners can grant users the ability to manage either individual GitHub Apps or all GitHub Apps in an organization.
Users can mark previously viewed notifications as unread.
License usage can be uploaded to GitHub Enterprise Cloud for customers utilizing GitHub Connect.
Users can view information about the author of an issue or pull request by hovering over their username in sticky conversation headers.
Users can reset their profile picture to the default identicon.
~~Organization admins can restrict email notifications for activity within their organization to one or more verified domains.~~ (update: 2019-10-04)
Pull request review summary comments now support reactions, edit history, quote replies, and copying URLs.
Users can pin gists to their profile.
Organization admins can enable the dependency graph for their organization if utilizing GitHub Connect.
Users can re-request a code review to notify requested reviewers that changes have been made to a pull request.
Users can select a different repository when opening a new issue from a comment.
Users can copy comment permalinks on mobile.
GitHub Enterprise Server admins can enable Transport Layer Security (TLS) version 1.3.
Users can close or open an issue or pull request from the projects side pane.

Security Fixes

HIGH: An endpoint in the GitHub API would disclose sensitive user information in its error response. The disclosed information included authentication tokens that could be used to authenticate as unauthorized users. An authenticated user on the instance would be required to access to the affected API.
LOW: External collaborators received security vulnerability alerts after write access to a repository was revoked.
LOW: Assigned issues in another users private repository could appear in an issues search.
Packages have been updated to the latest security versions.

Bug Fixes

The /var/log/github/exceptions.log file could include a large number of QueryWarningLogger::QueryWarning errors.
Organizations imported with ghe-migrator were not added to the global enterprise account.
The diff context for diffs that included submodules would sometimes load incorrect content.

Changes

'Business Account' has been renamed to 'Enterprise Account'.
The user/organization dashboard is now full-width and responsive.
When a user opens a new issue from a comment, the new issue will include the full original comment text in its body.
Users can close the detail pane for a project board by pressing the esc key.
Organization names can now include spaces.
The blob editor page is now responsive.
The maximum number of files in API diffs is 3000.
Organization admins can view the Two-Factor Authentication (2FA) status of organization members via the API.
Deleted repositories can be restored in bulk.
Users must have at least one verified email to create a gist.
If contribution guidelines have been added to a repository, they are shown in the sidebar when a user opens their first issue in that repository.
Organization administrators can invite members of other organizations in the same business when there are no remaining seats.
The live page updates keep-alive has been reduced to 30 seconds to better accommodate load balancer related timeouts.
The minimum recommended hardware requirements for GitHub Enterprise Server have been updated. (updated 2019-05-30)

Backups and Disaster Recovery

GitHub Enterprise Server 2.17 requires at least GitHub Enterprise Backup Utilities 2.17.0 for Backups and Disaster Recovery.

Upcoming deprecation of GitHub Enterprise Server 2.14

GitHub Enterprise Server 2.14 will be deprecated as of July 12, 2019. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.

Deprecation of GitHub Services

Starting with GitHub Enterprise Server 2.17.0, support for GitHub Services is now deprecated and administrators will not be able to install or configure new GitHub Services. Existing GitHub Services from a previous version of GitHub Enterprise Server will continue to function but GitHub Enterprise Server will not be providing any security or bug fixes to the GitHub Services functionality. At this time, there will be no changes to the existing functionality, but a warning banner is displayed with the deprecation announcement blog post. Administrators can see which repositories are using GitHub Services with ghe-legacy-github-services-report.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.
Adding a new node to a currently or previously configured high availability replication primary node that has been upgraded to GitHub Enterprise Server 2.17 may fail due to a missing /etc/openvpn/easy-rsa/openssl.cnf file. (updated: 2019-06-19)
Hypervisor type and root volumes are incorrectly detected on AWS Nitro instance types, preventing non-hotpatch upgrades. (updated: 2019-07-09)
Lines in gists are not selectable. (updated: 2019-07-19)
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Errata

The ability for Organization admins to restrict email notifications for activity within their organization is not included in GitHub Enterprise Server 2.17.0.

Thanks!

The GitHub Team

2.16.9

Tue, 21 May 2019 16:00:36 +0000

Security Fixes

HIGH: An endpoint in the GitHub API would disclose sensitive user information in its error response. The disclosed information included authentication tokens that could be used to authenticate as unauthorized users. An authenticated user on the instance would be required to access to the affected API.
Packages have been updated to the latest security versions.

Bug Fixes

The /var/log/github/exceptions.log file could include a large number of QueryWarningLogger::QueryWarning errors.
Organizations imported with ghe-migrator were not added to the global enterprise account.
The diff context for diffs that included submodules would sometimes load incorrect content.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.15.14

Tue, 21 May 2019 16:00:35 +0000

Security Fixes

HIGH: An endpoint in the GitHub API would disclose sensitive user information in its error response. The disclosed information included authentication tokens that could be used to authenticate as unauthorized users. An authenticated user on the instance would be required to access to the affected API.
Packages have been updated to the latest security versions.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team

2.14.21

Tue, 21 May 2019 16:00:34 +0000

Security Fixes

HIGH: An endpoint in the GitHub API would disclose sensitive user information in its error response. The disclosed information included authentication tokens that could be used to authenticate as unauthorized users. An authenticated user on the instance would be required to access to the affected API.
Packages have been updated to the latest security versions.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.

Thanks!

The GitHub Team

2.16.8

Tue, 07 May 2019 16:00:36 +0000

Security Fixes

In certain cases, when a user would try to authorize their account through the OAuth web application flow, not all of the requested scopes would appear on the authorization page.

Bug Fixes

When using the quote reply feature ~strikethrough~ text was not preserved and suggested changes were duplicated.
Using ghe-migrator, an import would fail if an attachment file was missing from the export archive.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.15.13

Tue, 07 May 2019 16:00:35 +0000

Security Fixes

In certain cases, when a user would try to authorize their account through the OAuth web application flow, not all of the requested scopes would appear on the authorization page.

Bug Fixes

When using the quote reply feature ~strikethrough~ text was not preserved and suggested changes were duplicated.
Using ghe-migrator, an import would fail if an attachment file was missing from the export archive.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.14.20

Tue, 07 May 2019 16:00:34 +0000

Security Fixes

In certain cases, when a user would try to authorize their account through the OAuth web application flow, not all of the requested scopes would appear on the authorization page.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.

Thanks!

The GitHub Team

2.16.7

Tue, 23 Apr 2019 16:00:36 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Consul logged errors when the dependency graph service was not enabled.
GitHub Connect did not go through the proxy if the protocol/scheme wasn't part of the proxy URL configured in the management console.
GitHub App manifests were not being created on instances with private mode enabled.
GitHub Connect disconnection messages did not always reflect the enabled features.
When viewing a diff, the indentation between the diff text and the expanded diff context was not aligned.
Password change emails were incorrectly being sent for accounts created on initial LDAP login
When importing from other platforms using ghe-migrator conflicts for teams were not detected.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.15.12

Tue, 23 Apr 2019 16:00:35 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

GitHub Connect disconnection messages did not always reflect the enabled features.
Password change emails were incorrectly being sent for accounts created on initial LDAP login

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.14.19

Tue, 23 Apr 2019 16:00:34 +0000

Security Fixes

Packages have been updated to the latest security versions.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.

Thanks!

The GitHub Team

2.16.6

Tue, 09 Apr 2019 16:00:36 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Release assets uploaded via the Releases API would fail if the asset is larger than 1GB.
The package validation performed when upgrading would print the result of an internal check.
The maximum number of allowed connections to the internal HAProxy load balancer could be reached on very large instances leading to a large backlog of resqued jobs.
DNS resolution of appliance hostnames in a HA configuration could timeout or return an incorrect IP address.
Some pull requests and issues were purged completely when restoring the repository right after deleting it.
When creating a new repository, default repository visibility input could have the wrong value selected.
Links to the security alerts help documentation were incorrect.

Changes

Running ghe-repl-promote will now prompt for confirmation. To promote a replica without confirmation, use the -y flag: ghe-repl-promote -y.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.15.11

Tue, 09 Apr 2019 16:00:35 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Release assets uploaded via the Releases API would fail if the asset is larger than 1GB.
The maximum number of allowed connections to the internal HAProxy load balancer could be reached on very large instances leading to a large backlog of resqued jobs.
The package validation performed when upgrading would print the result of an internal check.
DNS resolution of appliance hostnames in a HA configuration could timeout or return an incorrect IP address.
Some pull requests and issues were purged completely when restoring the repository right after deleting it.
Links to the security alerts help documentation were incorrect.
When creating a new repository, default repository visibility input could have the wrong value selected.

Changes

Running ghe-repl-promote will now prompt for confirmation. To promote a replica without confirmation, use the -y flag: ghe-repl-promote -y.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.14.18

Tue, 09 Apr 2019 16:00:34 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Release assets uploaded via the Releases API would fail if the asset is larger than 1GB.
The package validation performed when upgrading would print the result of an internal check.
The maximum number of allowed connections to the internal HAProxy load balancer could be reached on very large instances leading to a large backlog of resqued jobs.
DNS resolution of appliance hostnames in a HA configuration could timeout or return an incorrect IP address.
Some pull requests and issues were purged completely when restoring the repository right after deleting it.

Changes

Running ghe-repl-promote will now prompt for confirmation. To promote a replica without confirmation, use the -y flag: ghe-repl-promote -y.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.

Thanks!

The GitHub Team

2.16.5

Tue, 26 Mar 2019 16:00:36 +0000

Bug Fixes

Certain high throughput conditions caused MySQL to consume a large amount of CPU time.
Certain scenarios resulted in a sign out message being displayed incorrectly.
Inefficient connection handling for an internal service created unnecessary log entries and in extreme cases could lead to a service outage.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Some pull requests and issues are purged completely when restoring the repository right after deleting it.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.15.10

Tue, 26 Mar 2019 16:00:35 +0000

Bug Fixes

Certain scenarios resulted in a sign out message being displayed incorrectly.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Some pull requests and issues are purged completely when restoring the repository right after deleting it.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.14.17

Tue, 26 Mar 2019 16:00:34 +0000

Bug Fixes

Certain scenarios resulted in a sign out message being displayed incorrectly.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Some pull requests and issues are purged completely when restoring the repository right after deleting it.

Thanks!

The GitHub Team

2.13.23

Tue, 26 Mar 2019 16:00:33 +0000

Bug Fixes

Certain scenarios resulted in a sign out message being displayed incorrectly.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.

Deprecation of GitHub Enterprise Server 2.13

GitHub Enterprise Server 2.13 will be deprecated as of March 27, 2019. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.

Thanks!

The GitHub Team

2.16.4

Wed, 13 Mar 2019 16:00:36 +0000

Arbitrary file content disclosure vulnerability in GitHub Enterprise Server

A CRITICAL issue was identified in Rails that allows an attacker to send a specially crafted request that could allow arbitrary files to be read and the file content to be disclosed.

The affected supported versions are:

2.13.0 - 2.13.21
2.14.0 - 2.14.15
2.15.0 - 2.15.8
2.16.0 - 2.16.3

All older, no longer supported versions are also affected.

We strongly urge upgrading your GitHub Enterprise Server appliance to the latest patch release in your series, GitHub Enterprise Server 2.13.22, 2.14.16, 2.15.9, 2.16.4, or greater immediately. If you have any questions, please contact GitHub support at https://enterprise.github.com/support.

Security Fixes

CRITICAL: A specially crafted request could allow arbitrary files to be read and the file content to be disclosed. For more information see the associated Rails CVE: CVE-2019-5418.
HIGH: High CPU usage could be triggered by a specially crafted request resulting in Denial of Service (DoS). For more information see the associated Rails CVE: CVE-2019-5419.
Packages have been updated to the latest security versions.

Bug Fixes

Repository pushes could fail to register in a cluster environment when a node was marked as offline.
Appliance upgrades could time out when updating significantly large databases.
In rare circumstances, a race condition could lead to repository data loss if an automated background maintenance job was triggered during a configuration update.
Files couldn't be deleted via the web editor.
LFS operations using a deploy key could fail with a HTTP 401 or 403 status if the deploy key creator was removed from the organization. (updated 2019-06-25)
With private mode disabled, the "Explore" menu shown when signed out included a "Collections" link.
A race condition during git operations sometimes caused the default branch to be assigned incorrectly.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.15.9

Wed, 13 Mar 2019 16:00:35 +0000

Arbitrary file content disclosure vulnerability in GitHub Enterprise Server

A CRITICAL issue was identified in Rails that allows an attacker to send a specially crafted request that could allow arbitrary files to be read and the file content to be disclosed.

The affected supported versions are:

2.13.0 - 2.13.21
2.14.0 - 2.14.15
2.15.0 - 2.15.8
2.16.0 - 2.16.3

All older, no longer supported versions are also affected.

Security Fixes

CRITICAL: A specially crafted request could allow arbitrary files to be read and the file content to be disclosed. For more information see the associated Rails CVE: CVE-2019-5418.
HIGH: High CPU usage could be triggered by a specially crafted request resulting in Denial of Service (DoS). For more information see the associated Rails CVE: CVE-2019-5419.
Packages have been updated to the latest security versions.

Bug Fixes

Appliance upgrades could time out when updating significantly large databases.
In rare circumstances, a race condition could lead to repository data loss if an automated background maintenance job was triggered during a configuration update.
A pull request with a status check that was created by a deleted GitHub App would fail to load and showed a 500 error.
A race condition during git operations sometimes caused the default branch to be assigned incorrectly.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.14.16

Wed, 13 Mar 2019 16:00:34 +0000

Arbitrary file content disclosure vulnerability in GitHub Enterprise Server

A CRITICAL issue was identified in Rails that allows an attacker to send a specially crafted request that could allow arbitrary files to be read and the file content to be disclosed.

The affected supported versions are:

2.13.0 - 2.13.21
2.14.0 - 2.14.15
2.15.0 - 2.15.8
2.16.0 - 2.16.3

All older, no longer supported versions are also affected.

Security Fixes

CRITICAL: A specially crafted request could allow arbitrary files to be read and the file content to be disclosed. For more information see the associated Rails CVE: CVE-2019-5418.
HIGH: High CPU usage could be triggered by a specially crafted request resulting in Denial of Service (DoS). For more information see the associated Rails CVE: CVE-2019-5419.
Packages have been updated to the latest security versions.

Bug Fixes

In rare circumstances, a race condition could lead to repository data loss if an automated background maintenance job was triggered during a configuration update.
A pull request with a status check that was created by a deleted GitHub App would fail to load and showed a 500 error.
A race condition during git operations sometimes caused the default branch to be assigned incorrectly.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.22

Wed, 13 Mar 2019 16:00:33 +0000

Arbitrary file content disclosure vulnerability in GitHub Enterprise Server

A CRITICAL issue was identified in Rails that allows an attacker to send a specially crafted request that could allow arbitrary files to be read and the file content to be disclosed.

The affected supported versions are:

2.13.0 - 2.13.21
2.14.0 - 2.14.15
2.15.0 - 2.15.8
2.16.0 - 2.16.3

All older, no longer supported versions are also affected.

Security Fixes

CRITICAL: A specially crafted request could allow arbitrary files to be read and the file content to be disclosed. For more information see the associated Rails CVE: CVE-2019-5418.
HIGH: High CPU usage could be triggered by a specially crafted request resulting in Denial of Service (DoS). For more information see the associated Rails CVE: CVE-2019-5419.
Packages have been updated to the latest security versions.

Bug Fixes

In rare circumstances, a race condition could lead to repository data loss if an automated background maintenance job was triggered during a configuration update.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.

Thanks!

The GitHub Team

2.16.3

Tue, 26 Feb 2019 16:00:36 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The "Ignore whitespace changes" option was not honoured with progressively loaded diffs.
The custom sign out message was displayed on the sign in page in certain situations.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.15.8

Tue, 26 Feb 2019 16:00:35 +0000

Security Fixes

Packages have been updated to the latest security versions.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.14.15

Tue, 26 Feb 2019 16:00:34 +0000

Security Fixes

Packages have been updated to the latest security versions.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.21

Tue, 26 Feb 2019 16:00:33 +0000

Security Fixes

Packages have been updated to the latest security versions.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.

Thanks!

The GitHub Team

2.16.2

Wed, 13 Feb 2019 16:00:36 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Uploads of some image types could fail when using Git LFS 2.5.0 or newer.
Entries for the babeld.log, gitauth.log, production.log, resqued.log and unicorn.log log files were truncated when forwarded to a central log server.
Stricter REST API validation was prematurely enabled. As a result, API requests that previously succeeded may have been rejected with a 422 Unprocessable Entity response.
Viewing the global business profile page for organizations with a lot of users could timeout.
Restoring a backup containing a very large number of deleted repositories could fail with the error "Resource temporarily unavailable".
Repositories owned by organizations could not be deleted by organization owners if the Repository deletion and transfer business setting was set to Disabled.
Repository pages with a lot of tags and branches could take a very long time to load.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.15.7

Wed, 13 Feb 2019 16:00:35 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Uploads of some image types could fail when using Git LFS 2.5.0 or newer.
The Consul service could fail to start when attaching storage devices configured on other instances.
Entries for the babeld.log, gitauth.log, production.log, resqued.log and unicorn.log log files were truncated when forwarded to a central log server.
Viewing the global business profile page for organizations with a lot of users could timeout.
Restoring a backup containing a very large number of deleted repositories could fail with the error "Resource temporarily unavailable".
Repositories owned by organizations could not be deleted by organization owners if the Repository deletion and transfer business setting was set to Disabled.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.14.14

Wed, 13 Feb 2019 16:00:34 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Uploads of some image types could fail when using Git LFS 2.5.0 or newer.
Entries for the babeld.log, gitauth.log, production.log, resqued.log and unicorn.log log files were truncated when forwarded to a central log server.
Restoring a backup containing a very large number of deleted repositories could fail with the error "Resource temporarily unavailable".

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.20

Wed, 13 Feb 2019 16:00:33 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Entries for the babeld.log, gitauth.log, production.log, resqued.log and unicorn.log log files were truncated when forwarded to a central log server.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.

Thanks!

The GitHub Team

2.16.1

Tue, 29 Jan 2019 16:00:35 +0000

Security Fixes

MEDIUM: A race condition allowed a malicious GitHub App integrator to gain escalated user privileges by quickly updating their App's permissions during the OAuth flow.
Packages have been updated to the latest security versions.

Bug Fixes

Webhooks continued to be delivered via a proxy server after removing the proxy configuration.
Background jobs for the Content Attachments API used by GitHub Apps were not processed and as a result context information was not shown.
Successful delivery logs for Webhooks sent through a proxy server were reported as a delivery error if the proxy server inserted additional headers.
The migrations that are run while upgrading to GitHub Enterprise Server 2.16.0 could report "Column cache_version_number cannot be null" errors being logged to /var/log/github/exceptions.log.

Changes

Site admins can no longer create GitHup Apps and OAuth apps that start with the reserved words github or gist.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Stricter REST API validation has been prematurely enabled. As a result, API requests that previously succeeded may be rejected with a 422 Unprocessable Entity response. (updated 2019-02-01)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.15.6

Tue, 29 Jan 2019 16:00:35 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Webhooks continued to be delivered via a proxy server after removing the proxy configuration.
Successful delivery logs for Webhooks sent through a proxy server were reported as a delivery error if the proxy server inserted additional headers.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.14.13

Tue, 29 Jan 2019 16:00:34 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Webhooks continued to be delivered via a proxy server after removing the proxy configuration.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.19

Tue, 29 Jan 2019 16:00:33 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Webhooks continued to be delivered via a proxy server after removing the proxy configuration.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.

Thanks!

The GitHub Team

2.16.0

Tue, 22 Jan 2019 16:00:36 +0000

Features

The Deployments API includes new states. ~~Deployments API integrates with GitHub Flow.~~ (updated: 2019-04-02)
Integrator links can be expanded with relevant details in the context of GitHub comments via API.
Only pull request authors or users with write access to repository can resolve conversations.
Repository administrator can delete issues.
Users can subscribe to only receive repository notifications for releases.
Organization administrators can control whether users can create public, private, or no repositories.
A timeline event is shown when users force push to a branch.
Users can filter Pull Request by file type or hide deleted files.
~~Repository administrators can transfer an issue to another repository where the administrator also has repository administration privileges.~~ (updated: 2019-04-08)
‘Allow members to invite external collaborators’ setting added to Organization Settings page.
Pull request reviews automatically update the merge button.
2-up image diffs will now also display file size alongside the width and height data.
When hovering over the status of a commit in a pull request's timeline, the full details for that status is displayed in a popover.
When searching from a user profile page users have the option to search by "this user".
Users can pre-fill values in the new Release form fields using URL query parameters.
Filtering files in a pull request by file type.
Bookmark any notification to move it into a prioritized list called Saved for Later.
When writing a comment with -1 or +1, GitHub suggests leaving a reaction.
Maintainers can add more template automation in the form of a default title, labels, and assignees.
When a user clicks the "Fork" button on a repository that has been already forked, the user's existing forks are listed.
Create and upload file to empty repos.

Bug Fixes

The native browser tooltip overlaid the GitHub custom tooltip when a commit message contained Closes #issue text.
The repository selection radio button and dropdown selection could be hidden when installing a GitHub App.

Changes

Recent changes to a project board will be highlighted since a user's last visit.
When viewing recent activity on a personal dashboard, timestamps will include a deep link to the most recent comment.
The owner dropdown is highlighted first on the "Create a new repository" page.
The keyboard shortcuts help dialog modal has been redesigned.
Comments are only outdated when the line the comment is related to changes.
New installs of Enterprise Server will use GitHub's NTP server pool by default and the upgrade package will change old default servers to the new NTP pool.

Backups and Disaster Recovery

GitHub Enterprise Server 2.16 requires at least GitHub Enterprise Backup Utilities 2.16.0 for Backups and Disaster Recovery.

Upcoming deprecation of GitHub Enterprise Server 2.13

Upcoming deprecation of GitHub Services

Starting with GitHub Enterprise Server 2.17.0, support for GitHub Services will be deprecated and administrators will not be able to install or configure new GitHub Services. Existing GitHub Services from a previous version of GitHub Enterprise Server will continue to function but GitHub Enterprise Server will not be providing any security or bug fixes to the GitHub Services functionality. At this time, there will be no changes to the existing functionality, but a warning banner will be displayed with the deprecation announcement blog post. Administrators can see which repositories are using GitHub Services with ghe-legacy-github-services-report.

Deprecation of Internet 11 Support

Starting with GitHub Enterprise Server 2.16.0, Internet Explorer 11 is no longer a supported browser. See a current list of supported browsers on this page.

Known Issues

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Stricter REST API validation has been prematurely enabled. As a result, API requests that previously succeeded may be rejected with a 422 Unprocessable Entity response. (updated 2019-02-01)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Errata

The ability for repository administrators to transfer an issue to another repository is not included in GitHub Enterprise Server 2.16.0.

Thanks!

The GitHub Team

2.15.5

Tue, 15 Jan 2019 16:00:35 +0000

Bug Fixes

Repositories migrated with ghe-migrator we not automatically re-indexed so weren't returned in the search results until manually re-indexed.
The GitHub 2FA user interface was not disabled if an external authentication provider is configured.
LFS objects were not reassociated with repositories when the repositories were unarchived.
Adding a repository to an organisation team via Add or Update team repository as a GitHub app, would fail with error "You must have administrative rights on this repository".
Users could encounter a 500 Internal Server Error when viewing a pull request on a repository imported with ghe-migrator that contains references to another pull request the user does not have access to.
Creating or modifying Issue Templates on a repository with pre-receive hooks that rejected pushes would fail with a 500 Internal Server error.
Listing all repositories of a team, via the user interface or API, that contained one or more disabled repositories would fail with a 500 Internal Server Error.

Changes

Searching GitHub.com through GitHub Connect now works with all search prefixes accepted when searching directly in GitHub.com (e.g.: repo:, org:, etc.).
Wikis for forked repositories now have the "Restrict access to collaborators" setting enabled by default.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.14.12

Tue, 15 Jan 2019 16:00:34 +0000

Bug Fixes

Repositories migrated with ghe-migrator we not automatically re-indexed so weren't returned in the search results until manually re-indexed.
Users could encounter a 500 Internal Server Error when viewing a pull request on a repository imported with ghe-migrator that contains references to another pull request the user does not have access to.

Changes

Wikis for forked repositories now have the "Restrict access to collaborators" setting enabled by default.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.18

Tue, 15 Jan 2019 16:00:33 +0000

Bug Fixes

Repositories migrated with ghe-migrator we not automatically re-indexed so weren't returned in the search results until manually re-indexed.
Users could encounter a 500 Internal Server Error when viewing a pull request on a repository imported with ghe-migrator that contains references to another pull request the user does not have access to.

Changes

Wikis for forked repositories now have the "Restrict access to collaborators" setting enabled by default.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.

Thanks!

The GitHub Team

2.15.4

Tue, 11 Dec 2018 16:00:35 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

An Elasticsearch node ID collision could happen when adding a high availability replica that has been part of a high availability replication environment before or has been restored from a backup.
A "Hook is now disabled" notice was shown instead of "Hook is now enabled" when enabling a pre-receive hook on either an organization or repository.
Some settings available on the /business page were inaccessible when the company name in the license file is comprised of multi byte strings.
404 Not Found errors were shown in the browser console for some script requests when using the code editor.
The import of project boards with ghe-migrator failed when the creator of a card on the board no longer exists on the source instance.
Migrating a repository with ghe-migrator could lead to an incorrect mapping between links to pull requests and the correct pull requests.
Listing the GUIDs of migrations that are in progress with the ghe-migrator list command failed with a "undefined method 'uniq' error.
Viewing pull requests with deployments imported with ghe-migrator would fail with a 500 Internal Server Error.
Invalid search qualifiers for a particular search type were treated as part of the search query and not ignored in GitHub.com searches.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.14.11

Tue, 11 Dec 2018 16:00:34 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

An Elasticsearch node ID collision could happen when adding a high availability replica that has been part of a high availability replication environment before or has been restored from a backup.
404 Not Found errors were shown in the browser console for some script requests when using the code editor.
The import of project boards with ghe-migrator failed when the creator of a card on the board no longer exists on the source instance.
Migrating a repository with ghe-migrator could lead to an incorrect mapping between links to pull requests and the correct pull requests.
Viewing pull requests with deployments imported with ghe-migrator would fail with a 500 Internal Server Error.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.17

Tue, 11 Dec 2018 16:00:33 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

404 Not Found errors were shown in the browser console for some script requests when using the code editor.
The import of project boards with ghe-migrator failed when the creator of a card on the board no longer exists on the source instance.
Migrating a repository with ghe-migrator could lead to an incorrect mapping between links to pull requests and the correct pull requests.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.

Thanks!

The GitHub Team

2.12.25

Tue, 11 Dec 2018 16:00:32 +0000

Security Fixes

Packages have been updated to the latest security versions.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.

Upcoming deprecation of GitHub Enterprise 2.12

GitHub Enterprise 2.12 will be deprecated as of December 12, 2018. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Thanks!

The GitHub Team

2.15.3

Tue, 27 Nov 2018 16:00:35 +0000

Security Fixes

CVE-2018-16471 was addressed by updating Rack.
Packages have been updated to the latest security versions.

Bug Fixes

A stale temporary file could prevent an object managed by the Alambic service, which handles binary data such as avatars and image attachments, from syncing to HA or cluster replica nodes.
Attempting to save settings in the Management Console incorrectly raised a validation error when an already saved TLS certificate or private key contains bag attributes.
Custom DNS resolver settings were reverted during appliance hotpatch upgrades.
/var/log/error was not automatically rotated with logrotate and could sometimes use too much disk space.
Submitting a comment after clicking the "Start a new conversation" button on a pull request diff raised an error under some circumstances.
There was a layout issue with a notice shown to new organization members on the dashboard.
Git authentication errors suggested the SSH protocol to the user even if it was disabled.
The GitHub App installation settings page always showed the viewer as the one that had installed the App.
Complicated rebases within very busy repositories could cause replicas to get out of sync, sometimes leading to transient push errors.
The POST /repos/:owner/:repo/pulls REST API endpoint could return a 502 Bad Gateway response due to using suboptimal query indexes.
The repository permissions settings for newly created organizations could get stuck in an "Update in progress" state.
Pre-receive hook failures were not communicated to the end user when attempting to merge a pull request.
The "Unsupported Browser" notice was not correctly shown when an unsupported browser was being used.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Listing the GUIDs of migrations that are in progress with the ghe-migrator list command throws an error and fails.
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance.
Some settings available on the /business page are inaccessible when the company name in the license file is comprised of multi byte strings.
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.14.10

Tue, 27 Nov 2018 16:00:34 +0000

Security Fixes

CVE-2018-16471 was addressed by updating Rack.
Packages have been updated to the latest security versions.

Bug Fixes

A stale temporary file could prevent an object managed by the Alambic service, which handles binary data such as avatars and image attachments, from syncing to HA or cluster replica nodes.
Attempting to save settings in the Management Console incorrectly raised a validation error when an already saved TLS certificate or private key contains bag attributes.
Custom DNS resolver settings were reverted during appliance hotpatch upgrades.
/var/log/error was not automatically rotated with logrotate and could sometimes use too much disk space.
A slow memory leak would result in performance degradation over time.
The POST /repos/:owner/:repo/pulls REST API endpoint could return a 502 Bad Gateway response due to using suboptimal query indexes.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance.
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.16

Tue, 27 Nov 2018 16:00:33 +0000

Security Fixes

CVE-2018-16471 was addressed by updating Rack.
Packages have been updated to the latest security versions.

Bug Fixes

A stale temporary file could prevent an object managed by the Alambic service, which handles binary data such as avatars and image attachments, from syncing to HA or cluster replica nodes.
Attempting to save settings in the Management Console incorrectly raised a validation error when an already saved TLS certificate or private key contains bag attributes.
/var/log/error was not automatically rotated with logrotate and could sometimes use too much disk space.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance.

Thanks!

The GitHub Team

2.12.24

Tue, 27 Nov 2018 16:00:32 +0000

Security Fixes

CVE-2018-16471 was addressed by updating Rack.
Packages have been updated to the latest security versions.

Bug Fixes

A stale temporary file could prevent an object managed by the Alambic service, which handles binary data such as avatars and image attachments, from syncing to HA or cluster replica nodes.
Attempting to save settings in the Management Console incorrectly raised a validation error when an already saved TLS certificate or private key contains bag attributes.
/var/log/error was not automatically rotated with logrotate and could sometimes use too much disk space.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.

Upcoming deprecation of GitHub Enterprise 2.12

Thanks!

The GitHub Team

2.15.2

Tue, 13 Nov 2018 16:00:35 +0000

Security Fixes

MEDIUM: Rack packages have been updated to address cross-site scripting (XSS) and Denial of Service (DoS) vulnerabilities CVE-2018-16470 and CVE-2018-16471 respectively.
Packages have been updated to the latest security versions.

Bug Fixes

Checking the replication status on a replica during a reboot of the primary could prevent replication for Git pre-receive hooks.
When a business had enforced a two-factor authentication policy, business admins were able to be added when they didn't have two-factor authentication enabled.
Text between a pair of double underscores, such as __init__, was removed in code blocks in MediaWiki-formatted pages.
The "Start a new conversation" button on a pull request diff did not work for threads targeting the context of a change rather than an addition or deletion.
When creating a new organization, the preview of the resulting organization URL was reset on validation.
The BackfillEnterpriseBusinessAdminsAndOrganizationsTransition data transition could fail while running migrations.
Under some circumstances, attempting to create a new organization would result in a 422 Unprocessable Entity error.
Pre-receive hook target enforcement options did not properly reflect their persisted values.
Issue and pull request pages could fail to load if they were referred to by a project the viewer of the issue does not have access to.
A user's roles in an organization were represented inconsistently at /stafftools/users/:user/organization_memberships in comparison to user-facing pages.
When an invalid admin value was provided to the REST API endpoint to create an organization, an organization without any owners was created rather than a meaningful error message being returned.
After signing in, users were sometimes shown the contents of the manifest.json file instead of being redirected to the correct location in the user interface.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Some settings available on the /business page are inaccessible when the company name in the license file is comprised of multi byte strings.
Listing the GUIDs of migrations that are in progress with the ghe-migrator list command throws an error and fails. (updated 2018-11-21)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Errata

The issue that some settings available on the /business page are inaccessible when the company name in the license file is comprised of multi byte strings was incorrectly included in the bug fixes section instead of the known issues section. (updated 2019-01-10)

Thanks!

The GitHub Team

2.14.9

Tue, 13 Nov 2018 16:00:34 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Checking the replication status on a replica during a reboot of the primary could prevent replication for Git pre-receive hooks.
Text between a pair of double underscores, such as __init__, was removed in code blocks in MediaWiki-formatted pages.
After signing in, users were sometimes shown the contents of the manifest.json file instead of being redirected to the correct location in the user interface.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
Upgrading to a later version in this series may overwrite custom DNS entries in /etc/resolvconf/resolv.conf.d/head (updated 2018-12-19)
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.15

Tue, 13 Nov 2018 16:00:33 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Checking the replication status on a replica during a reboot of the primary could prevent replication for Git pre-receive hooks.
Text between a pair of double underscores, such as __init__, was removed in code blocks in MediaWiki-formatted pages.
After signing in, users were sometimes shown the contents of the manifest.json file instead of being redirected to the correct location in the user interface.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team

2.12.23

Tue, 13 Nov 2018 16:00:32 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Checking the replication status on a replica during a reboot of the primary could prevent replication for Git pre-receive hooks.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.

Upcoming deprecation of GitHub Enterprise 2.12

Thanks!

The GitHub Team

2.15.1

Tue, 30 Oct 2018 16:00:35 +0000

Security Fixes

The version string presented when using Git over SSH was misleading, causing security scanners to incorrectly report GitHub as vulnerable.

Bug Fixes

Installing a hotpatch when replication is not setup displayed a harmless error message: grep: /etc/github/repl-state: No such file or directory.
The addition of new GitHub Services was deprecated too early.
The App request/response Grafana section did not report any metrics.
The page shown to a user when an abuse detection mechanism is triggered contained links only relevant to GitHub.com.
Rate limiting was enforced when adding members to organizations.
Changing a team member's role would not complete after prompting for authentication.
Using ghe-migrator to import a repository including a protected branch which has null in the creator entry failed.
Organizations created using the REST API were not listed on the global business profile page.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance.

Changes

GitHub Connect settings pages now show the connected GitHub.com organization or user.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
The App request/response Grafana section is not reporting any metrics.
Creating a new organization may cause a 422 Unprocessable Entity error. (updated 2018-11-03)
Some settings available on the /business page are inaccessible when the company name in the license file is comprised of multi byte strings. (updated 2018-11-7)
Listing the GUIDs of migrations that are in progress with the ghe-migrator list command throws an error and fails. (updated 2018-11-21)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team

2.14.8

Tue, 30 Oct 2018 16:00:34 +0000

Security Fixes

The version string presented when using Git over SSH was misleading, causing security scanners to incorrectly report GitHub as vulnerable.
Packages have been updated to the latest security versions.

Bug Fixes

All non-root connections to the cloud provider metadata IP address (169.254.169.254) were blocked, preventing Google Cloud load balancer health checks from working correctly.
Installing a hotpatch when replication is not setup displayed a harmless error message: grep: /etc/github/repl-state: No such file or directory.
Rate limiting was enforced when adding members to organizations.
Using ghe-migrator to import a repository including a protected branch which has null in the creator entry failed.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
Upgrading to a later version in this series may overwrite custom DNS entries in /etc/resolvconf/resolv.conf.d/head (updated 2018-12-19)
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.14

Tue, 30 Oct 2018 16:00:33 +0000

Security Fixes

The version string presented when using Git over SSH was misleading, causing security scanners to incorrectly report GitHub as vulnerable.
Packages have been updated to the latest security versions.

Bug Fixes

All non-root connections to the cloud provider metadata IP address (169.254.169.254) were blocked, preventing Google Cloud load balancer health checks from working correctly.
Installing a hotpatch when replication is not setup displayed a harmless error message: grep: /etc/github/repl-state: No such file or directory.
Rate limiting was enforced when adding members to organizations.
Using ghe-migrator to import a repository including a protected branch which has null in the creator entry failed.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team

2.12.22

Tue, 30 Oct 2018 16:00:32 +0000

Security Fixes

The version string presented when using Git over SSH was misleading, causing security scanners to incorrectly report GitHub as vulnerable.
Packages have been updated to the latest security versions.

Bug Fixes

All non-root connections to the cloud provider metadata IP address (169.254.169.254) were blocked, preventing Google Cloud load balancer health checks from working correctly.
Installing a hotpatch when replication is not setup displayed a harmless error message: grep: /etc/github/repl-state: No such file or directory.
Rate limiting was enforced when adding members to organizations.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.

Thanks!

The GitHub Team

2.15.0

Tue, 16 Oct 2018 16:00:35 +0000

Features

Business administrators can enable, disable, or no-policy repository creation, deletion, visibility change, forking, and permissions to all repositories and organizations.
Automatically protect branches with regex patterns.
Link repositories for your organization-owned projects to make searching faster and more relevant.
Show the issue and pull request details from a project board.
Resolve conversations in a pull request review.
Sign commits using X.509 certificates and S/MIME signatures.
Quote replies or copy permalinks in issue and pull request conversations.
Hide off topic, outdated, or resolved comments in issue and pull request conversations.
Pushes will be rejected if a Git LFS object hasn't been uploaded properly.
Pull request URL is included in the output of a git push.
Opt-in to the activity overview dashboard to view work across all your organizations and repositories.
~~Clustering environments support an elasticsearch-server in a separate datacenter.~~ (updated 2018-10-29)
Wiki, search, and releases pages have been updated to be responsive.
The + and - diff markers are no longer copied to your clipboard when copying content from a diff.
Remove files directly from a pull request.
Permalinked comments will be highlighted for easier discovery.
Use a keyboard shortcut (e.g., ⌘ shift enter) to leave a pull request review comment.
Collapse all diffs by using the alt shortcut and clicking the inverted caret icon in any file header.
Edit a repository's README.md directly from the repository's root page.
After pushing the changes, quickly create a pull request from the pull requests or code tab.
Add members directly from the team discussion page using the + button.

Security Fixes

HIGH: LDAP users could authenticate as another user because GitHub Enterprise was incorrectly encoding whitespaces from the relative distinguished name (RDN).
LOW: The issues API could disclose private organization membership status. The organization membership information now requires the repo or read:org scope.
The git package has been updated to detect malicious Git submodules that could be used to exploit CVE-2018-17456.
Packages have been updated to the latest security versions.

Bug Fixes

The access control list (ACL) of configuration files transferred to replica nodes could be lost when configuring High Availability replication.
ghe-config-apply contained innocuous and misleading error messages about WARNING: Setting ES auto_expand_replicas failed.
The Grafana monitor dashboard truncated background jobs in the graph's legend.
Scheduling maintenance mode could cause a 500 Internal Sever Error.
Pull request review requests weren't satisfied if a member of a subteam completed the review.
Healthcheck requests from the provider (i.e., AWS, Azure, or GCP) were blocked.
Users could get stuck choosing where to fork and be shown an indefinite spinning icon.

Changes

The osqueryi utility has been added to the GitHub Enterprise environment.
The diff lines are omitted for file deletions.
Collapsed review threads are requested and loaded when uncollapsing the view.
The agilezen, boxcar, codeportingcsharp2java, coffeedocinfo, coop, cube, distiller, hall, honbu, loggly, masterbranch, nma, notifymyandroid, pushalot, swiggle, stormpath, trajector, visualops, and yammer GitHub services have been deprecated.
New REST API resources have been added.
GraphQL API schema has been updated.
New webhook events have been added.
GitHub Apps has been updated to access more API resources and GraphQL queries.
GitHub Enterprise is now available in Azure Government. (updated 2018-10-18)

Backups and Disaster Recovery

GitHub Enterprise 2.15 requires at least GitHub Enterprise Backup Utilities 2.15.0 for Backups and Disaster Recovery.

Upcoming deprecation of GitHub Enterprise 2.12

Upcoming deprecation of GitHub Services

Starting with GitHub Enterprise 2.17.0, support for GitHub Services will be deprecated and administrators will not be able to install or configure new GitHub Services. Existing GitHub Services from a previous version of GitHub Enterprise will continue to function but GitHub Enterprise will not be providing any security or bug fixes to the GitHub Services functionality. At this time, there will be no changes to the existing functionality, but a warning banner will be displayed with the deprecation announcement blog post. Administrators can see which repositories are using GitHub Services with ghe-legacy-github-services-report.

Deprecation of Internet Explorer 11 support Upcoming deprecation of Internet Explorer 11 support

~~Support for Internet Explorer 11 has been deprecated as of GitHub Enterprise 2.15.0.~~ Internet Explorer is still supported in GitHub Enterprise 2.15.0. Support for Internet Explorer 11 will be deprecated in the next feature release, 2.16.0. (updated 2018-11-22)

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
The App request/response Grafana section is not reporting any metrics.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
Creating a new organization may cause a 422 Unprocessable Entity error. (updated 2018-11-03)
Some settings available on the /business page are inaccessible when the company name in the license file is comprised of multi byte strings. (updated 2018-11-7)
Listing the GUIDs of migrations that are in progress with the ghe-migrator list command throws an error and fails. (updated 2018-11-21)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Errata

elasticsearch-server was added as part of preliminary work needed for Elasticsearch indices replication under cluster disaster recovery. This update does not affect any instance of GitHub Enterprise at this time. (updated 2018-10-29)

Thanks!

The GitHub Team

2.14.7

Tue, 09 Oct 2018 16:00:34 +0000

Security Fixes

The git package has been updated to detect malicious Git submodules that could be used to exploit CVE-2018-17456.
Packages have been updated to the latest security versions.

Bug Fixes

The access control list (ACL) of configuration files transferred to replica nodes could be lost when configuring High Availability replication.
ghe-config-apply contained innocuous and misleading error messages about WARNING: Setting ES auto_expand_replicas failed.
The Grafana monitor dashboard truncated background jobs in the graph's legend.
Scheduling maintenance mode could cause a 500 Internal Sever Error.
Pull request review requests weren't satisfied if a member of a subteam completed the review.

Changes

The osqueryi utility has been added to the GitHub Enterprise environment.
GitHub Enterprise is now available in Azure Government. (updated 2018-10-18)

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
Upgrading to a later version in this series may overwrite custom DNS entries in /etc/resolvconf/resolv.conf.d/head (updated 2018-12-19)
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.13

Tue, 09 Oct 2018 16:00:33 +0000

Security Fixes

The git package has been updated to detect malicious Git submodules that could be used to exploit CVE-2018-17456.
Packages have been updated to the latest security versions.

Bug Fixes

The access control list (ACL) of configuration files transferred to replica nodes could be lost when configuring High Availability replication.
The Grafana monitor dashboard truncated background jobs in the graph's legend.
Organization migrations could fail to be exported if a pull request review comment could not be encoded properly.
Pull request review requests weren't satisfied if a member of a subteam completed the review.

Changes

The osqueryi utility has been added to the GitHub Enterprise environment.
GitHub Enterprise is now available in Azure Government. (updated 2018-10-18)

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team

2.12.21

Tue, 09 Oct 2018 16:00:32 +0000

Security Fixes

The git package has been updated to detect malicious Git submodules that could be used to exploit CVE-2018-17456.
Packages have been updated to the latest security versions.

Bug Fixes

The access control list (ACL) of configuration files transferred to replica nodes could be lost when configuring High Availability replication.
Pull request review requests weren't satisfied if a member of a subteam completed the review.

Changes

The osqueryi utility has been added to the GitHub Enterprise environment.
GitHub Enterprise is now available in Azure Government. (updated 2018-10-18)

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.

Thanks!

The GitHub Team

2.14.6

Tue, 25 Sep 2018 16:00:34 +0000

Security Fixes

CRITICAL: A file path traversal vulnerability in the jekyll-remote-theme gem of GitHub Pages could allow users to display the content of local files.

Bug Fixes

ghe-repl-setup allowed re-adding the same node as a replica.
GitHub Enterprise API responses would not be compressed when requested with gzip encoding.
Webhooks could fail to be delivered if the compressed payload was greater than 1 MB.
Upgrades could fail with Connection timed out if the hookshot service was unable to run migrations due to a firewall update that ran out of order.
Repository replication records may be created inconsistently, resulting in unreported replication failures. This type of replication failure is now reported in ghe-repl-status.
Replication could fail due to stale or duplicate entries to the primary in a replica's /etc/hosts.
Messages sent from the email service hook failed when the upstream SMTP server didn’t accept the plain authentication method.
Using Safari, administrators were unable to schedule a future hotpatch upgrade from the Management Console due to an incompatible date parse.
ghe-config-check would hang if run without any arguments.
hookshot logs weren't purged properly in Elasticsearch and could consume large amounts of disk space.
Migrations with ghe-migrator could fail to complete trying to add the same label to an issue.
The pull request page could fail to load with a 500 Internal Server Error if a reviewer is no longer a member of the GitHub Enterprise environment.
Users were unable to view the diff of comment edits, delete comment edit history items, dismiss the comment edit history onboarding, and reload on comment edits for gist comments.

Changes

GitHub Enterprise clustering has been updated to purge older than one hour MySQL binary logs prior to a ghe-restore.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
Upgrading to a later version in this series may overwrite custom DNS entries in /etc/resolvconf/resolv.conf.d/head (updated 2018-12-19)
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.12

Tue, 25 Sep 2018 16:00:33 +0000

Security Fixes

CRITICAL: A file path traversal vulnerability in the jekyll-remote-theme gem of GitHub Pages could allow users to display the content of local files.

Bug Fixes

GitHub Enterprise API responses would not be compressed when requested with gzip encoding.
Webhooks could fail to be delivered if the compressed payload was greater than 1 MB.
Upgrades could fail with Connection timed out if the hookshot service was unable to run migrations due to a firewall update that ran out of order.
Repository replication records may be created inconsistently, resulting in unreported replication failures. This type of replication failure is now reported in ghe-repl-status.
ghe-repl-setup allowed re-adding the same node as a replica.
Using Safari, administrators were unable to schedule a future hotpatch upgrade from the Management Console due to an incompatible date parse.
ghe-config-check would hang if run without any arguments.
hookshot logs weren't purged properly in Elasticsearch and could consume large amounts of disk space.
Migrations with ghe-migrator could fail to complete trying to add the same label to an issue.
The pull request page could fail to load with a 500 Internal Server Error if a reviewer is no longer a member of the GitHub Enterprise environment.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team

2.12.20

Tue, 25 Sep 2018 16:00:32 +0000

Security Fixes

CRITICAL: A file path traversal vulnerability in the jekyll-remote-theme gem of GitHub Pages could allow users to display the content of local files.

Bug Fixes

GitHub Enterprise API responses would not be compressed when requested with gzip encoding.
Webhooks could fail to be delivered if the compressed payload was greater than 1 MB.
Upgrades could fail with Connection timed out if the hookshot service was unable to run migrations due to a firewall update that ran out of order.
Repository replication records may be created inconsistently, resulting in unreported replication failures. This type of replication failure is now reported in ghe-repl-status.
ghe-repl-setup allowed re-adding the same node as a replica.
Using Safari, administrators were unable to schedule a future hotpatch upgrade from the Management Console due to an incompatible date parse.
ghe-config-check would hang if run without any arguments.
hookshot logs weren't purged properly in Elasticsearch and could consume large amounts of disk space.
Migrations with ghe-migrator could fail to complete trying to add the same label to an issue.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.

Thanks!

The GitHub Team

2.14.5

Tue, 11 Sep 2018 16:00:34 +0000

Security Fixes

LOW: A malicious user could execute a 'tab-nabbing' attack by exploiting window.opener when linking from GitHub Enterprise hosted Markdown content.
Packages have been updated to the latest security versions.

Bug Fixes

Promoting a replica could take an excessive amount of time in a multi-replica environment.
Incorrect legends were displayed in the LDAP Management Console graphs.
Network interface statistics were not collected or displayed due to a recent kernel upgrade.
When executed in verbose mode, ghe-repl-status will set its exit code to 0 even when replication issues are present.
The order of nameservers defined in /etc/resolve.conf was not respected when performing lookups.
When a web proxy is configured, uploads of files, diagnostics, or support bundles will silently fail.
Self-signed TLS certificates would fail to generate on Azure instances.
Local connections were not properly closed and resulted in a memory leak.
Tags created through a release contained incomplete reflog data
Organizations could be incorrectly suspended via the Suspend User REST API.
Email visibility could be incorrectly toggled via the REST API.
Fixes an issue where rate limits on raw and archive endpoints were left enabled even when configured to be disabled.
Users can no longer accidentally upload their private PGP keys.

Changes

Optimise Elasticsearch backup process by preferring local copies of indices.

Upcoming deprecation of GitHub Enterprise 2.11

GitHub Enterprise 2.11 will be deprecated as of September 13, 2018. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
Upgrading to a later version in this series may overwrite custom DNS entries in /etc/resolvconf/resolv.conf.d/head (updated 2018-12-19)
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.11

Tue, 11 Sep 2018 16:00:33 +0000

Security Fixes

LOW: A malicious user could execute a 'tab-nabbing' attack by exploiting window.opener when linking from GitHub Enterprise hosted Markdown content.
Packages have been updated to the latest security versions.

Bug Fixes

Promoting a replica could take an excessive amount of time in a multi-replica environment.
Incorrect legends were displayed in the LDAP Management Console graphs.
Self-signed TLS certificates would fail to generate on Azure instances.
Tags created through a release contained incomplete reflog data
Organizations could be incorrectly suspended via the Suspend User REST API.
Email visibility could be incorrectly toggled via the REST API.
Fixes an issue where rate limits on raw and archive endpoints were left enabled even when configured to be disabled.
Users can no longer accidentally upload their private PGP keys.

Changes

Optimise Elasticsearch backup process by preferring local copies of indices.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team

2.12.19

Tue, 11 Sep 2018 16:00:32 +0000

Security Fixes

LOW: A malicious user could execute a 'tab-nabbing' attack by exploiting window.opener when linking from GitHub Enterprise hosted Markdown content.
Packages have been updated to the latest security versions.

Bug Fixes

Promoting a replica could take an excessive amount of time in a multi-replica environment.
Self-signed TLS certificates would fail to generate on Azure instances.
Tags created through a release contained incomplete reflog data
Organizations could be incorrectly suspended via the Suspend User REST API.
Email visibility could be incorrectly toggled via the REST API.
Fixes an issue where rate limits on raw and archive endpoints were left enabled even when configured to be disabled.
Users can no longer accidentally upload revoked PGP keys.
Users can no longer accidentally upload their private PGP keys.

Changes

Optimise Elasticsearch backup process by preferring local copies of indices.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.

Thanks!

The GitHub Team

2.11.25

Tue, 11 Sep 2018 16:00:31 +0000

Security Fixes

LOW: A malicious user could execute a 'tab-nabbing' attack by exploiting window.opener when linking from GitHub Enterprise hosted Markdown content.
Packages have been updated to the latest security versions.

Bug Fixes

Promoting a replica could take an excessive amount of time in a multi-replica environment.
Self-signed TLS certificates would fail to generate on Azure instances.
Tags created through a release contained incomplete reflog data
Organizations could be incorrectly suspended via the Suspend User REST API.
Email visibility could be incorrectly toggled via the REST API.
Fixes an issue where rate limits on raw and archive endpoints were left enabled even when configured to be disabled.
Users can no longer accidentally upload revoked PGP keys.
Users can no longer accidentally upload their private PGP keys.

Changes

Optimise Elasticsearch backup process by preferring local copies of indices.

Upcoming deprecation of GitHub Enterprise 2.11

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The gpgverify service may consume large amounts of CPU time even when not processing requests.

Thanks!

The GitHub Team

2.14.4

Tue, 28 Aug 2018 16:00:34 +0000

A file path traversal vulnerability in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker with repository write access to create Pages sites that can display the content of system files. This could used to further escalate the vulnerability to execute arbitrary commands on the GitHub Enterprise appliance.

The affected supported versions are:

2.12.0 - 2.12.17
2.13.0 - 2.13.9
2.14.0 - 2.14.3

GitHub Enterprise 2.11 is not vulnerable.

We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.12.18, 2.13.10, 2.14.4, or greater.

Security Fixes

CRITICAL: A file path traversal vulnerability in GitHub Pages could allow users to display the content of local files.
MEDIUM: Access may have been inadvertently granted to internal IP addresses of GitHub Enterprise. The fix removed any access grants via an IP address.
LOW: A malicious user could execute a 'tab-nabbing' attack by exploiting window.opener when linking from GitHub Enterprise hosted Markdown content.
Packages have been updated to the latest security versions.

Bug Fixes

Corrupted Consul configuration data could prevent appliance configuration changes from completing successfully.
Deleting an SNMPv3 user via ghe-snmpv3-remove-user did not remove all account data, preventing administrators from updating the password for the SNMPv3 user.
Terminating the ghe-set-password command could result in unexpected shell behavior.
Messages sent from the email service hook failed due to a recent security update.
Viewing a GitHub App page could result in an error if the parent organization contained repositories which were user-administered.
Adding a new integration failed if the license seat limit was reached.

Upcoming deprecation of GitHub Enterprise 2.11

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.10

Tue, 28 Aug 2018 16:00:33 +0000

A file path traversal vulnerability in GitHub Enterprise

The affected supported versions are:

2.12.0 - 2.12.17
2.13.0 - 2.13.9
2.14.0 - 2.14.3

GitHub Enterprise 2.11 is not vulnerable.

We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.12.18, 2.13.10, 2.14.4, or greater.

Security Fixes

CRITICAL: A file path traversal vulnerability in GitHub Pages could allow users to display the content of local files.
MEDIUM: Access may have been inadvertently granted to internal IP addresses of GitHub Enterprise. The fix removed any access grants via an IP address.
LOW: A malicious user could execute a 'tab-nabbing' attack by exploiting window.opener when linking from GitHub Enterprise hosted Markdown content.
Packages have been updated to the latest security versions.

Bug Fixes

Corrupted Consul configuration data could prevent appliance configuration changes from completing successfully.
Deleting an SNMPv3 user via ghe-snmpv3-remove-user did not remove all account data, preventing administrators from updating the password for the SNMPv3 user.
Terminating the ghe-set-password command could result in unexpected shell behavior.
Messages sent from the email service hook failed due to a recent security update.
Adding a new integration failed if the license seat limit was reached.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team

2.12.18

Tue, 28 Aug 2018 16:00:32 +0000

A file path traversal vulnerability in GitHub Enterprise

The affected supported versions are:

2.12.0 - 2.12.17
2.13.0 - 2.13.9
2.14.0 - 2.14.3

GitHub Enterprise 2.11 is not vulnerable.

We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.12.18, 2.13.10, 2.14.4, or greater.

Security Fixes

CRITICAL: A file path traversal vulnerability in GitHub Pages could allow users to display the content of local files.
MEDIUM: Access may have been inadvertently granted to internal IP addresses of GitHub Enterprise. The fix removed any access grants via an IP address.
LOW: A malicious user could execute a 'tab-nabbing' attack by exploiting window.opener when linking from GitHub Enterprise hosted Markdown content.
Packages have been updated to the latest security versions.

Bug Fixes

Deleting an SNMPv3 user via ghe-snmpv3-remove-user did not remove all account data, preventing administrators from updating the password for the SNMPv3 user.
Terminating the ghe-set-password command could result in unexpected shell behavior.
Messages sent from the email service hook failed due to a recent security update.
Adding a new integration failed if the license seat limit was reached.

Changes

Admins can see which repositories are using GitHub Services with ghe-legacy-github-services-report.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.

Thanks!

The GitHub Team

2.11.24

Tue, 28 Aug 2018 16:00:31 +0000

Security Fixes

MEDIUM: Access may have been inadvertently granted to internal IP addresses of GitHub Enterprise. The fix removed any access grants via an IP address.
LOW: A malicious user could execute a 'tab-nabbing' attack by exploiting window.opener when linking from GitHub Enterprise hosted Markdown content.
Packages have been updated to the latest security versions.

Bug Fixes

Deleting an SNMPv3 user via ghe-snmpv3-remove-user did not remove all account data, preventing administrators from updating the password for the SNMPv3 user.
Terminating the ghe-set-password command could result in unexpected shell behavior.
Adding a new integration failed if the license seat limit was reached.

Changes

Admins can see which repositories are using GitHub Services with ghe-legacy-github-services-report.

Upcoming deprecation of GitHub Enterprise 2.11

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The gpgverify service may consume large amounts of CPU time even when not processing requests.

Thanks!

The GitHub Team

2.14.3

Tue, 21 Aug 2018 16:00:34 +0000

Remote code execution with server side request forgery in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker with repository admin or owner privileges to execute arbitrary commands on the appliance.

The affected supported versions are:

2.11.0 - 2.11.23
2.12.0 - 2.12.16
2.13.0 - 2.13.8
2.14.0 - 2.14.2

Errata: A file path traversal vulnerability in GitHub Enterprise

GitHub Enterprise 2.14.3, 2.13.9, and 2.12.17 were not patched properly and are still vulnerable to the file path traversal vulnerability. GitHub Enterprise 2.14.4, 2.13.10, and 2.12.18 will ship next week to address this vulnerability. As a manual workaround, you can disable Pages on the GitHub Enterprise environment. (updated 2018-08-23)

The affected supported versions are:

2.12.0 - ~~2.12.16~~ 2.12.17
2.13.0 - ~~2.13.8~~ 2.13.9
2.14.0 - ~~2.14.2~~ 2.14.3

GitHub Enterprise 2.11 is not vulnerable.

Next steps

We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.12.17, 2.13.9 or 2.14.3.

Due to a change in the implementation on GitHub Enterprise 2.12 and later, it is not possible to apply the same fix to GitHub Enterprise 2.11 for the remote code execution vulnerability. We strongly recommend upgrading GitHub Enterprise 2.11 to 2.12 or newer.

Security Fixes

CRITICAL: An attacker with repository admin or owner privileges could execute arbitrary commands on the appliance.
CRITICAL: A file path traversal vulnerability in GitHub Pages could allow users to display the content of local files. (updated 2018-08-23)
Packages have been updated to the latest security versions.

Bug Fixes

ghe-repl-status, used to query the status of a high availability status, failed with a parse error: Invalid numeric literal at line 1, column 3 error.
Harmless 'Cannot add dependency job for unit cloud-config.service, ignoring' messages we reported to syslog when booting non-cloud based appliances.
Signing in with SAML authentication on a newly-deployed GitHub Enterprise appliance could fail with a 500 Internal Server Error.
MySQL procedures executed when MySQL starts could fail if tables don't exist yet. This could prevent MySQL replication from starting in cluster and high availability environments.
Hotpatching on Azure would fail due to a package conflict between waagent and walinuxagent.
The public pages for GitHub Apps responded with a 500 Internal Server Error on some installations that use SAML or CAS for authentication.
The ghe-org-admin-promote command-line utility would fail when attempting to promote a user without two-factor-authentication enabled as an admin of an org where two-factor authentication is required.
New repository maintenance jobs would attempt to start whilst another maintenance job was still running on very large repositories.

Changes

Restoring cluster backups could fail if inconsistent repository data is stored in the backup. These cases are now logged and the restore allowed to continue when using backup-utils v2.14.2.
Feature upgrades in environments with a large number of labels would take longer than needed.

Upcoming deprecation of GitHub Enterprise 2.11

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Errata

GitHub Enterprise 2.14.3 was not patched properly and is still vulnerable to the file path traversal vulnerability. (updated 2018-08-23)

Thanks!

The GitHub Team

2.13.9

Tue, 21 Aug 2018 16:00:33 +0000

Remote code execution with server side request forgery in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker with repository admin or owner privileges to execute arbitrary commands on the appliance.

The affected supported versions are:

2.11.0 - 2.11.23
2.12.0 - 2.12.16
2.13.0 - 2.13.8
2.14.0 - 2.14.2

Errata: A file path traversal vulnerability in GitHub Enterprise

The affected supported versions are:

2.12.0 - ~~2.12.16~~ 2.12.17
2.13.0 - ~~2.13.8~~ 2.13.9
2.14.0 - ~~2.14.2~~ 2.14.3

GitHub Enterprise 2.11 is not vulnerable.

Next steps

We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.12.17, 2.13.9 or 2.14.3.

Security Fixes

CRITICAL: An attacker with repository admin or owner privileges could execute arbitrary commands on the appliance.
CRITICAL: A file path traversal vulnerability in GitHub Pages could allow users to display the content of local files. (updated 2018-08-23)
Packages have been updated to the latest security versions.

Bug Fixes

Harmless 'Cannot add dependency job for unit cloud-config.service, ignoring' messages we reported to syslog when booting non-cloud based appliances.
MySQL procedures executed when MySQL starts could fail if tables don't exist yet. This could prevent MySQL replication from starting in cluster and high availability environments.
Hotpatching on Azure would fail due to a package conflict between waagent and walinuxagent.
The public pages for GitHub Apps responded with a 500 Internal Server Error on some installations that use SAML or CAS for authentication.
The ghe-org-admin-promote command-line utility would fail when attempting to promote a user without two-factor-authentication enabled as an admin of an org where two-factor authentication is required.
New repository maintenance jobs would attempt to start whilst another maintenance job was still running on very large repositories.

Changes

Restoring cluster backups could fail if inconsistent repository data is stored in the backup. These cases are now logged and the restore allowed to continue when using backup-utils v2.14.2.
Feature upgrades in environments with a large number of labels would take longer than needed.
User-Agent has been added to Access-Control-Allow-Headers to support API clients which follow the Fetch specification.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Errata

GitHub Enterprise 2.13.9 was not patched properly and is still vulnerable to the file path traversal vulnerability. (updated 2018-08-23)

Thanks!

The GitHub Team

2.12.17

Tue, 21 Aug 2018 16:00:32 +0000

Remote code execution with server side request forgery in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker with repository admin or owner privileges to execute arbitrary commands on the appliance.

The affected supported versions are:

2.11.0 - 2.11.23
2.12.0 - 2.12.16
2.13.0 - 2.13.8
2.14.0 - 2.14.2

Errata: A file path traversal vulnerability in GitHub Enterprise

The affected supported versions are:

2.12.0 - ~~2.12.16~~ 2.12.17
2.13.0 - ~~2.13.8~~ 2.13.9
2.14.0 - ~~2.14.2~~ 2.14.3

GitHub Enterprise 2.11 is not vulnerable.

Next steps

We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.12.17, 2.13.9 or 2.14.3.

Security Fixes

CRITICAL: An attacker with repository admin or owner privileges could execute arbitrary commands on the appliance.
CRITICAL: A file path traversal vulnerability in GitHub Pages could allow users to display the content of local files. (updated 2018-08-23)
Packages have been updated to the latest security versions.

Bug Fixes

Harmless 'Cannot add dependency job for unit cloud-config.service, ignoring' messages we reported to syslog when booting non-cloud based appliances.
MySQL procedures executed when MySQL starts could fail if tables don't exist yet. This could prevent MySQL replication from starting in cluster and high availability environments.
Hotpatching on Azure would fail due to a package conflict between waagent and walinuxagent.
The public pages for GitHub Apps responded with a 500 Internal Server Error on some installations that use SAML or CAS for authentication.
The ghe-org-admin-promote command-line utility would fail when attempting to promote a user without two-factor-authentication enabled as an admin of an org where two-factor authentication is required.
New repository maintenance jobs would attempt to start whilst another maintenance job was still running on very large repositories.

Changes

User-Agent has been added to Access-Control-Allow-Headers to support API clients which follow the Fetch specification.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.

Errata

GitHub Enterprise 2.12.17 was not patched properly and is still vulnerable to the file path traversal vulnerability. (updated 2018-08-23)

Thanks!

The GitHub Team

2.11.23

Tue, 21 Aug 2018 16:00:31 +0000

Remote code execution with server side request forgery in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker with repository admin or owner privileges to execute arbitrary commands on the appliance.

The affected supported versions are:

2.11.0 - 2.11.23
2.12.0 - 2.12.16
2.13.0 - 2.13.8
2.14.0 - 2.14.2

Next steps

Due to a change in the implementation on GitHub Enterprise 2.12 and later, it is not possible to apply the same fix to GitHub Enterprise 2.11. We strongly recommend upgrading GitHub Enterprise 2.11 to 2.12 or newer.

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Harmless 'Cannot add dependency job for unit cloud-config.service, ignoring' messages we reported to syslog when booting non-cloud based appliances.
MySQL procedures executed when MySQL starts could fail if tables don't exist yet. This could prevent MySQL replication from starting in cluster and high availability environments.
Hotpatching on Azure would fail due to a package conflict between waagent and walinuxagent.
The public pages for GitHub Apps responded with a 500 Internal Server Error on some installations that use SAML or CAS for authentication.
The ghe-org-admin-promote command-line utility would fail when attempting to promote a user without two-factor-authentication enabled as an admin of an org where two-factor authentication is required.
New repository maintenance jobs would attempt to start whilst another maintenance job was still running on very large repositories.

Changes

User-Agent has been added to Access-Control-Allow-Headers to support API clients which follow the Fetch specification.

Upcoming deprecation of GitHub Enterprise 2.11

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The gpgverify service may consume large amounts of CPU time even when not processing requests.

Thanks!

The GitHub Team

2.14.2

Tue, 07 Aug 2018 16:00:34 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Running ghe-support-upload or ghe-cluster-support-upload with sudo would set restrictive permissions on a temporary directory preventing subsequent execution of these commands by the admin user.
The webhook Elasticsearch index replica count was not adjusted when upgrading the appliance leading to Elasticsearch attempting to over or under replicate the index.
In high availability environments, Consul would attempt to communicate with the other node using the public IP address in addition to the VPN IP address. These are correctly blocked but result in a flood of errors in the system log.
The compare page could fail to load if a user of a fork of the repository has been deleted.
Redundant routes were created for archived gists when restoring to a cluster environment. This prevented archived gists from being unarchived.
Searching for GitHub.com wiki results could fail with a 406 Not Acceptable.
Searching for GitHub.com code results could fail with a 500 Internal Server Error.

Changes

The connect timeout has been increased to allow up to four retries during a cluster restore.
Repositories which failed periodic maintenance needed manual intervention. GitHub Enterprise now retries maintenance for failed repositories once per week.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.8

Tue, 07 Aug 2018 16:00:33 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

In high availability environments, Consul would attempt to communicate with the other node using the public IP address in addition to the VPN IP address. These are correctly blocked but result in a flood of errors in the system log.
The compare page could fail to load if a user of a fork of the repository has been deleted.
Redundant routes were created for archived gists when restoring to a cluster environment. This prevented archived gists from being unarchived.

Changes

The connect timeout has been increased to allow up to four retries during a cluster restore.
Repositories which failed periodic maintenance needed manual intervention. GitHub Enterprise now retries maintenance for failed repositories once per week.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team

2.12.16

Tue, 07 Aug 2018 16:00:32 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The compare page could fail to load if a user of a fork of the repository has been deleted.
Redundant routes were created for archived gists when restoring to a cluster environment. This prevented archived gists from being unarchived.
When a commit comment is left on a file with non-ascii characters in the path, the pull request page could return 503.

Changes

The connect timeout has been increased to allow up to four retries during a cluster restore.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.

Thanks!

The GitHub Team

2.11.22

Tue, 07 Aug 2018 16:00:31 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Redundant routes were created for archived gists when restoring to a cluster environment. This prevented archived gists from being unarchived.
When a commit comment is left on a file with non-ascii characters in the path, the pull request page could return 503.

Changes

The connect timeout has been increased to allow up to four retries during a cluster restore.

Upcoming deprecation of GitHub Enterprise 2.11

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The gpgverify service may consume large amounts of CPU time even when not processing requests.

Thanks!

The GitHub Team

2.14.1

Tue, 24 Jul 2018 16:00:34 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The high availability replication status as reported by ghe-repl-status reported a harmless error, parse error: Invalid numeric literal at line 1, column 3.
Attempting to rename a repository and only changing character casing resulted in an error.
Pages was not replicated properly when tearing down and re-attaching a former replica.
The "Files Changed" view failed to display all changes when the difference contained a type change and the difference was too large.
The "Learn more" reference when configuring a "GitHub.com connection" used an incorrect help.github.com guide.
Built-in users would not have a password reset button available for administrators when external authentication was used with allowing built-in accounts.

Changes

GitHub Apps have been updated with access to the Organization Pre-receive Hooks endpoints.
GitHub Apps have been updated with access to the Repository Pre-receive Hooks endpoints.
GitHub Apps have been updated to allow archiving repositories.

Upcoming deprecation of GitHub Services

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.7

Tue, 24 Jul 2018 16:00:33 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The review requirement of a protected branch did not take into consideration a a review created by a GitHub App.
Pages was not replicated properly when tearing down and re-attaching a former replica.
The "Files Changed" view failed to display all changes when the difference contained a type change and the difference was too large.
Built-in users would not have a password reset button available for administrators when external authentication was used with allowing built-in accounts.

Changes

GitHub Apps have been updated to allow archiving repositories.
GitHub Apps have been updated to allow reviewing pull requests.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team

2.12.15

Tue, 24 Jul 2018 16:00:32 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The "Files Changed" view failed to display all changes when the difference contained a type change and the difference was too large.

Changes

GitHub Apps have been updated to allow archiving repositories.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
~~GitHub Enterprise clustering can not be configured without https.~~
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.

Errata

HTTPS is now a requirement of GitHub Enterprise clustering. (updated 2018-08-13)

Thanks!

The GitHub Team

2.11.21

Tue, 24 Jul 2018 16:00:31 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The "Files Changed" view failed to display all changes when the difference contained a type change and the difference was too large.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
~~GitHub Enterprise clustering can not be configured without https.~~
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The gpgverify service may consume large amounts of CPU time even when not processing requests.

Errata

Failing to delete associated metadata when deleting a search index was resolved in 2.11.12. (updated 2018-08-06)
HTTPS is now a requirement of GitHub Enterprise clustering. (updated 2018-08-13)

Thanks!

The GitHub Team

2.14.0

Thu, 12 Jul 2018 16:00:34 +0000

Features

Configure visibility for organization membership to allow or disallow users in your instance to see all members of their organizations.
Extend user dormancy threshold from one month up to 90 days.
Allow administrators to enable anonymous Git read access to public repositories when your instance is in private mode.
Contact GitHub Enterprise Support using the Management Console.
Provide data to GitHub Enterprise Support using command-line utilities and improve diagnostic files for providing data to GitHub Enterprise Support.
Set granular permissions for project boards owned by organizations.
Triage and prioritize bugs using an automated project board template.
Reopen a closed project board and optionally resync automation.
Require multiple approving reviews for pull requests against a protected branch.
Request to add or change a parent team for a team in an organization.
Use multiple issue templates in your repository with the issue template builder.
Keep track of issues, pull requests, repositories, and organizations using improved personal and organization dashboards.
See a comment's edit history.
Request that an organization owner install an integration, and approve or deny requests.
Search globally across your instance or scope your search to a particular organization or repository.
Ignore whitespace changes in a pull request.
Use keyboard shortcuts to autofill a saved reply, view user hovercards, and focus the search bar.
Allow administrators to override the suggested protocol for cloning.
View alerts when the configured TLS certificate will expire in the next 30 days.
Communicate richer feedback to check runs against code changes with the new Checks API.

Security Fixes

HIGH: A GitHub App could download a repository archive that it was not authorized to access during installation.
MEDIUM: Command-line injection could be triggered by uploading a specially-crafted pre-receive hook environment.
MEDIUM: Environment variables passed to pre-receive hook scripts were not properly escaped.
LOW: It was possible to start a shell from the network configuration settings screen available on a virtual console.
LOW: Filtering of parameters in log files was changed from a blacklist of fields to a whitelist. This ensures that less values are logged and in the future no values are accidentally logged.
LOW: The body of API requests containing sensitive data was written to log files on the appliance. The request body is now only logged for debugging purposes and sensitive data is scrubbed before being logged.
Packages have been updated to the latest security versions.

Bug Fixes

Parallel uploads of the same Git LFS object could fail but reported as successful.
Jupyter notebooks added to a Gist would fail to render on appliances with subdomain isolation disabled.
Including the port in the Host header when requesting a Pages site would return a 404 error.
A pull request created via the API could be assigned an ID of 0.
The LDAP users page at /stafftools/users/ldap had layout and accessibility issues.
The Fork button was enabled for repositories in cases where a repository could not be forked anywhere.

Changes

Upgrade to Elasticsearch 5.6. An upgrade to GitHub Enterprise 2.14 requires a manual migration while the appliance is running GitHub Enterprise 2.12 or 2.13.
Following users is rate limited to 35 users per minute or 300 users per hour.
/var/log/github/audit.log has been updated to output audit events only when there has been a change.
babeld.log has been updated to include the X-Forwarded-For and ts (timestamp) metadata.
Renaming an existing user is enabled for SAML configured appliances.
New REST API resources have been added.
GraphQL API schema has been updated.
New webhook events have been added.

Backups and Disaster Recovery

GitHub Enterprise 2.14 requires at least GitHub Enterprise Backup Utilities 2.14.0 for Backups and Disaster Recovery.

Upcoming deprecation of GitHub Services

Upcoming deprecation of Internet Explorer 11 support

Support for Internet Explorer 11 will be deprecated on September 13, 2018.

Known Issues

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
The high availability replication status as reported by ghe-repl-status could report a harmless error, parse error: Invalid numeric literal at line 1, column 3. (updated 2018-07-17)
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team

2.13.6

Tue, 10 Jul 2018 16:00:33 +0000

Security Fixes

MEDIUM: Environment variables passed to pre-receive hook scripts were not properly escaped.
LOW: It was possible to start a shell from the network configuration settings screen available on a virtual console.
LOW: Filtering of parameters in log files was changed from a blacklist of fields to a whitelist. This ensures that less values are logged and in the future no values are accidentally logged.
LOW: The body of API requests containing sensitive data was written to log files on the appliance. The request body is now only logged for debugging purposes and sensitive data is scrubbed before being logged.
Packages have been updated to the latest security versions.

Bug Fixes

Parallel uploads of the same Git LFS object could fail but still be reported as successful.
A hotpatch could be applied to the appliance whilst a configuration run was in progress. This could lead to inconsistencies and unexpected behaviour.
Jupyter notebooks added to a Gist would fail to render on appliances with subdomain isolation disabled.
A pull request created via the API could be assigned an ID of 0.
The LDAP users page at /stafftools/users/ldap had layout and accessibility issues.
The Fork button was enabled for repositories in cases where a repository could not be forked anywhere.
Including the port in the Host header when requesting a Pages site would return a 404 error.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Pull request review comments are missing from an import with ghe-migrator.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team

2.12.14

Tue, 10 Jul 2018 16:00:32 +0000

Security Fixes

MEDIUM: Environment variables passed to pre-receive hook scripts were not properly escaped.
LOW: It was possible to start a shell from the network configuration settings screen available on a virtual console.
LOW: Filtering of parameters in log files was changed from a blacklist of fields to a whitelist. This ensures that less values are logged and in the future no values are accidentally logged.
LOW: The body of API requests containing sensitive data was written to log files on the appliance. The request body is now only logged for debugging purposes and sensitive data is scrubbed before being logged.
Packages have been updated to the latest security versions.

Bug Fixes

Parallel uploads of the same Git LFS object could fail but still be reported as successful.
A hotpatch could be applied to the appliance whilst a configuration run was in progress. This could lead to inconsistencies and unexpected behaviour.
The LDAP users page at /stafftools/users/ldap had layout and accessibility issues.
The Fork button was enabled for repositories in cases where a repository could not be forked anywhere.
Including the port in the Host header when requesting a Pages site would return a 404 error.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
~~GitHub Enterprise clustering can not be configured without https.~~
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.

Errata

HTTPS is now a requirement of GitHub Enterprise clustering. (updated 2018-08-13)

Thanks!

The GitHub Team

2.11.20

Tue, 10 Jul 2018 16:00:31 +0000

Security Fixes

MEDIUM: Environment variables passed to pre-receive hook scripts were not properly escaped.
LOW: It was possible to start a shell from the network configuration settings screen available on a virtual console.
LOW: Filtering of parameters in log files was changed from a blacklist of fields to a whitelist. This ensures that less values are logged and in the future no values are accidentally logged.
LOW: The body of API requests containing sensitive data was written to log files on the appliance. The request body is now only logged for debugging purposes and sensitive data is scrubbed before being logged.
Packages have been updated to the latest security versions.

Bug Fixes

Parallel uploads of the same Git LFS object could fail but still be reported as successful.
A hotpatch could be applied to the appliance whilst a configuration run was in progress. This could lead to inconsistencies and unexpected behaviour.
The LDAP users page at /stafftools/users/ldap had layout and accessibility issues.
The Fork button was enabled for repositories in cases where a repository could not be forked anywhere.
Including the port in the Host header when requesting a Pages site would return a 404 error.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
~~GitHub Enterprise clustering can not be configured without https.~~
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The gpgverify service may consume large amounts of CPU time even when not processing requests.

Errata

Failing to delete associated metadata when deleting a search index was resolved in 2.11.12. (updated 2018-08-06)
HTTPS is now a requirement of GitHub Enterprise clustering. (updated 2018-08-13)

Thanks!

The GitHub Team

2.13.5

Tue, 19 Jun 2018 16:00:33 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Pre-receive hooks would fail if the pre-receive environment lacked a /etc directory.
Active git processes were not displayed on the Management Console's maintenance page
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments are missing from an import with ghe-migrator.
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team

2.12.13

Tue, 19 Jun 2018 16:00:32 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Pre-receive hooks would fail if the pre-receive environment lacked a /etc directory.
Active git processes were not displayed on the Management Console's maintenance page
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.

Thanks!

The GitHub Team

2.11.19

Tue, 19 Jun 2018 16:00:31 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Pre-receive hooks would fail if the pre-receive environment lacked a /etc directory.
Active git processes were not displayed on the Management Console's maintenance page
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The gpgverify service may consume large amounts of CPU time even when not processing requests.

Thanks!

The GitHub Team

2.13.4

Tue, 05 Jun 2018 16:00:33 +0000

Git client vulnerabilities

A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.

We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.

More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235.

Security Fixes

CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. This fix is also available in GitHub Enterprise 2.13.2 and 2.13.3.
GitHub will block pushing malicious Git submodules that could be used to exploit Git clients vulnerable to CVE-2018-11235.
User passwords could end up being logged in plain text in the audit log.

Bug Fixes

Elasticsearch metrics in the management console metrics dashboards have been fixed.
Importing a Subversion repository that was created with an older version of Subversion would fail in specific scenarios.
The GitHub Services deprecation warning contained a broken link to the deprecation announcement blog post.
Increased performance of pull request reviewer selection box.
Performance of issues and pull requests has been improved by ensuring data is properly cached.
Enable marking one search index as primary when there are multiple primary Elasticsearch indexes listed.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments are missing from an import with ghe-migrator.
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team

2.12.12

Tue, 05 Jun 2018 16:00:32 +0000

Git client vulnerabilities

A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.

We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.

More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235.

Security Fixes

CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. This fix is also available in GitHub Enterprise 2.12.10 and 2.12.11.
GitHub will block pushing malicious Git submodules that could be used to exploit Git clients vulnerable to CVE-2018-11235.

Bug Fixes

Elasticsearch metrics in the management console metrics dashboards have been fixed.
Enable marking one search index as primary when there are multiple primary Elasticsearch indexes listed.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.11.18

Tue, 05 Jun 2018 16:00:31 +0000

Git client vulnerabilities

A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.

We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.

More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235.

Security Fixes

CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. This fix is also available in GitHub Enterprise 2.11.16 and 2.11.17.
GitHub will block pushing malicious Git submodules that could be used to exploit Git clients vulnerable to CVE-2018-11235.

Bug Fixes

Elasticsearch metrics in the management console metrics dashboards have been fixed.
Enable marking one search index as primary when there are multiple primary Elasticsearch indexes listed.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The gpgverify service may consume large amounts of CPU time even when not processing requests.
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.24

Tue, 05 Jun 2018 16:00:30 +0000

Git client vulnerabilities

A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.

We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.

More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235.

Security Fixes

CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. This fix is also available in GitHub Enterprise 2.10.22 and 2.10.23.
GitHub will block pushing malicious Git submodules that could be used to exploit Git clients vulnerable to CVE-2018-11235.

Bug Fixes

Enable marking one search index as primary when there are multiple primary Elasticsearch indexes listed.

Deprecation of GitHub Enterprise 2.10

GitHub Enterprise 2.10 is now deprecated as of June 5, 2018. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.

Thanks!

The GitHub Team

2.13.3

Tue, 22 May 2018 16:00:33 +0000

Git client vulnerabilities

A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.

We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.

More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235. (updated 2018-05-30)

Security Fixes

CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. This fix is also available in GitHub Enterprise 2.13.2. (updated 2018-05-30)
Packages have been updated to the latest security versions.

Bug Fixes

The Management Console contained broken links to help documentation.
Maintenance mode could be unset while a configuration run was in progress.
Viewing a team discussion showed a "You can't perform that action at this time" error at the top of the page.
A background job that purges deleted storage objects could cause backups to fail if run whilst a backup was in progress.
Restoring a backup to an unconfigured GitHub Enterprise appliance could fail to restore Pages data with a "could not find 3 online voting fileservers" error.
Updating branch protections from the API ignored the restricted teams parameter.
Exporting a repository didn't include project boards.
Performing bulk actions, like labelling, on pull requests would silently fail if issues were disabled.

Changes

Add a notice for the upcoming GitHub services deprecation.
Admins can see which repositories are using GitHub Services with ghe-legacy-github-services-report.
Improve Git rate limit configuration to prevent over-limiting of Git operations.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments are missing from an import with ghe-migrator.
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team

2.12.11

Tue, 22 May 2018 16:00:32 +0000

Git client vulnerabilities

A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.

We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.

More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235. (updated 2018-05-30)

Security Fixes

CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. This fix is also available in GitHub Enterprise 2.12.10. (updated 2018-05-30)
Packages have been updated to the latest security versions.

Bug Fixes

Maintenance mode could be unset while a configuration run was in progress.
A background job that purges deleted storage objects could cause backups to fail if run whilst a backup was in progress.
Restoring a backup to an unconfigured GitHub Enterprise appliance could fail to restore Pages data with a "could not find 3 online voting fileservers" error.
Updating branch protections from the API ignored the restricted teams parameter.
Viewing a pull request reviewed by a member of a team that has been deleted could fail with a "500 Internal Server Error".
Exporting a repository didn't include project boards.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.11.17

Tue, 22 May 2018 16:00:31 +0000

Git client vulnerabilities

A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.

We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.

More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235. (updated 2018-05-30)

Security Fixes

CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. This fix is also available in GitHub Enterprise 2.11.16. (updated 2018-05-30)
Packages have been updated to the latest security versions.

Bug Fixes

Maintenance mode could be unset while a configuration run was in progress.
A background job that purges deleted storage objects could cause backups to fail if run whilst a backup was in progress.
Restoring a backup to an unconfigured GitHub Enterprise appliance could fail to restore Pages data with a "could not find 3 online voting fileservers" error.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The gpgverify service may consume large amounts of CPU time even when not processing requests.
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.23

Tue, 22 May 2018 16:00:30 +0000

Git client vulnerabilities

A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.

We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.

More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235. (updated 2018-05-30)

Security Fixes

CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. This fix is also available in GitHub Enterprise 2.10.22. (updated 2018-05-30)
Packages have been updated to the latest security versions.

Bug Fixes

Maintenance mode could be unset while a configuration run was in progress.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.

Thanks!

The GitHub Team

2.13.2

Tue, 08 May 2018 16:00:33 +0000

Security Fixes

CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. (updated 2018-05-30)
Packages have been updated to the latest security versions.
GitHub App user-to-server tokens generated for site-admins can access the internal GraphQL schema.

Bug Fixes

When booted into recovery mode, using ghe-set-password to reset the Management Console password would fail unless the haproxy-internal-proxy service was manually started.
collectd.log contained superfluous Elasticsearch plugin warnings.
ghe-migrator failed to import a GitHub.com migration archive when a pull request's requested reviewer was not a member of the organization.
Commits pushed to a closed pull request were not included when fetching the pull request's tracking branch.

Changes

Our unified Git proxy, babeld, now uses the BoringSSL cryptographic library to avoid lock contention issues in Git over SSH connections, which may have been encountered on large and busy appliances.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments are missing from an import with ghe-migrator.
We incorrectly show a warning message, "You can't perform this action at this time", on team discussion pages. The message can be safely ignored.
On a repository that's been locked for migration using ghe-migrator, project boards are not exported.
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team

2.12.10

Tue, 08 May 2018 16:00:32 +0000

Security Fixes

CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. (updated 2018-05-30)
Packages have been updated to the latest security versions.

Bug Fixes

When booted into recovery mode, using ghe-set-password to reset the Management Console password would fail unless the haproxy-internal-proxy service was manually started.
collectd.log contained superfluous Elasticsearch plugin warnings.
ghe-migrator failed to import a GitHub.com migration archive when a pull request's requested reviewer was not a member of the organization.
Commits pushed to a closed pull request were not included when fetching the pull request's tracking branch.
API returned an incorrect response code when adding organization team members to a repository.
The repository collaborator API ignored the permission parameter and always invited users with push permissions.

Changes

Our unified Git proxy, babeld, now uses the BoringSSL cryptographic library to avoid lock contention issues in Git over SSH connections, which may have been encountered on large and busy appliances.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.
On a repository that's been locked for migration using ghe-migrator, project boards are not exported.
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.11.16

Tue, 08 May 2018 16:00:31 +0000

Security Fixes

CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. (updated 2018-05-30)
Packages have been updated to the latest security versions.

Bug Fixes

collectd.log contained superfluous Elasticsearch plugin warnings.
ghe-migrator failed to import a GitHub.com migration archive when a pull request's requested reviewer was not a member of the organization.
Commits pushed to a closed pull request were not included when fetching the pull request's tracking branch.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The gpgverify service may consume large amounts of CPU time even when not processing requests.
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.22

Tue, 08 May 2018 16:00:30 +0000

Security Fixes

CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. (updated 2018-05-30)
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.

Thanks!

The GitHub Team

2.13.1

Tue, 10 Apr 2018 16:00:33 +0000

Security Fixes

LOW: Changed how certain types of exceptions are handled to prevent sensitive user data from being written to log files.

Bug Fixes

Resetting the self signed certificate, either manually or as a result of a hostname or IP change, would fail.
Monitoring graphs in the management console can be unavailable when a metrics node is down in a cluster configuration.
Updates the support of automatically-managed TLS certificates from Let's Encrypt to request a single-domain certificate when Subdomain Isolation is disabled, and a multi-domain (SAN) certificate when Subdomain Isolation is enabled. A GitHub Enterprise installation will no longer require a wildcard DNS record to use this feature when Subdomain Isolation is disabled.
Corrects calculation of hour and day of month for the crontab entry supporting renewals of automatically-managed ACME (Let's Encrypt) TLS certificates.
Users may be unable to sign in to GitHub Enterprise via a private GitHub Pages site if subdomain isolation is enabled.
After upgrading to 2.13.0, users could lose access to their LDAP mapped teams when LDAP sync was enabled.
The dashboard graphs at /dashboards/overview were empty.
Generated identicons for GitHub Apps and OAuth Apps responded with a 404 Not Found.
LDAP sync could suspend user accounts created with built-in authentication.
Pages builds failed when TLS is disabled.

Changes

Proportional Set Size (PSS) metric has been added to ghe-diagnostics.
Disabled redundant UDP listener in memcached.
Updated ESX image guest identifier to other26xLinux64Guest, which allows provisioning 65-128 virtual CPU cores on VMWare.
The footer has been updated to display current version of GitHub Enterprise.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments are missing from an import with ghe-migrator.
We incorrectly show a warning message, "You can't perform this action at this time", on team discussion pages. The message can be safely ignored. (updated 2018-04-11)
On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team

2.12.9

Tue, 10 Apr 2018 16:00:32 +0000

Security Fixes

LOW: Changed how certain types of exceptions are handled to prevent sensitive user data from being written to log files.

Bug Fixes

Resetting the self signed certificate, either manually or as a result of a hostname or IP change, would fail.
Duplicate object identifier (OID) entries were returned for the mounted partitions.
Updates the support of automatically-managed TLS certificates from Let's Encrypt to request a single-domain certificate when Subdomain Isolation is disabled, and a multi-domain (SAN) certificate when Subdomain Isolation is enabled. A GitHub Enterprise installation will no longer require a wildcard DNS record to use this feature when Subdomain Isolation is disabled.
Corrects calculation of hour and day of month for the crontab entry supporting renewals of automatically-managed ACME (Let's Encrypt) TLS certificates.
Users may be unable to sign in to GitHub Enterprise via a private GitHub Pages site if subdomain isolation is enabled.
ghe-migrator failed when the user was not a member of the organization at the time of export.
Pages builds failed when TLS is disabled.

Changes

Disabled redundant UDP listener in memcached.
The appliance's UUID has been added to the replication overview page.
Updated ESX image guest identifier to other26xLinux64Guest, which allows provisioning 65-128 virtual CPU cores on VMWare.
The footer has been updated to display current version of GitHub Enterprise.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.
On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.11.15

Tue, 10 Apr 2018 16:00:31 +0000

Security Fixes

LOW: Changed how certain types of exceptions are handled to prevent sensitive user data from being written to log files.

Bug Fixes

Duplicate object identifier (OID) entries were returned for the mounted partitions.
Users may be unable to sign in to GitHub Enterprise via a private GitHub Pages site if subdomain isolation is enabled.
Reviewers of a pull request were not correctly mapped when migrating repositories using ghe-migrator.
ghe-migrator failed when the user was not a member of the organization at the time of export.
Pages builds failed when TLS is disabled.

Changes

Disabled redundant UDP listener in memcached.
The appliance's UUID has been added to the replication overview page.
Updated ESX image guest identifier to other26xLinux64Guest, which allows provisioning 65-128 virtual CPU cores on VMWare.
The footer has been updated to display current version of GitHub Enterprise.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The gpgverify service may consume large amounts of CPU time even when not processing requests.
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.21

Tue, 10 Apr 2018 16:00:30 +0000

Security Fixes

LOW: Changed how certain types of exceptions are handled to prevent sensitive user data from being written to log files.

Bug Fixes

Duplicate object identifier (OID) entries were returned for the mounted partitions.
Users may be unable to sign in to GitHub Enterprise via a private GitHub Pages site if subdomain isolation is enabled.
Reviewers of a pull request were not correctly mapped when migrating repositories using ghe-migrator.
Pages builds failed when TLS is disabled.

Changes

Disabled redundant UDP listener in memcached.
Updated ESX image guest identifier to other26xLinux64Guest, which allows provisioning 65-128 virtual CPU cores on VMWare.
The footer has been updated to display current version of GitHub Enterprise.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.

Thanks!

The GitHub Team

2.13.0

Tue, 27 Mar 2018 16:00:33 +0000

Features

Use team discussions as a static space to have conversations that span across projects or repositories.
Attribute a commit to multiple authors.
Allow built-in authentication for users who aren't authenticated by your identity provider.
Use git --push_option to transmit strings based to the server on to their pre-receive hooks.
Export multiple repositories at once using the -i flag with the ghe-migrator command-line utilty.
Choose to discard emails addressed to the no-reply email address.
Upgrade a GitHub Enterprise clustering environment using a hotpatch.
Track the health of your appliance using Grafana.
Create and manage GitHub Apps.
Require commit signing in a repository so that local commits can't be pushed to the branch if they aren't signed with a verified GPG key.
Specify a publicly visible reason for locking a conversation.
Create templates to quickly set up project boards.
Track progress on project boards.
Create a reference card for another project board.
Search for a topic and view the repositories using that topic.
Add label descriptions, search labels, add emoji in label names, and preview a label when creating or editing it.
View a merge direction indicator for the base and compare branches.
Upload a team avatar.
PHP methods and functions within pull requests now appear in the table of contents.
View pending collaborators from /stafftools.
Lock an issue thread from /stafftools.
Support Go's remote import path when private mode is configured.

Security Fixes

Packages have been updated to the latest security versions.
The diffie-hellman-group1-sha1 and diffie-hellman-group14-sha1 algorithms have been deprecated and disallowed for git SSH connections. (updated 2018-04-17)

Bug Fixes

After a review request has been removed, users could be missing from the pull request reviwer's list.
The OAuth authorization page did not list the requested organization access for outside collaborators.
The milestone:*, milestone:any, and milestone:none search queries were not returning the correct issue or pull requests.
From /stafftools, administrators could incorrectly delete user accounts when they were the sole owner of a repository.
API search results with an out of bound page query returned an inaccurate prev reference.
Organization projects were redundantly imported creating duplicate projects.
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator.

Changes

Enterprise Administration API resources require the site_admin scope when authenticating with an access token.
An e-mail notification will be sent to users after an addition or removal of an e-mail address.
An e-mail notification will be sent to users during a two-factor authentication lockout.
An e-mail notification will be sent to users when a two-factor recovery code is used.
The original project creator will retain administrative access when transferring owner from /stafftools.
Emojis are supported on label names.
Label names are required to be 50 characters or fewer. Existing labels will be unchanged but must adhere to the character limit to be updated.
Saved replies character limit has been increased to 100 from 50.
ghe-org-admin-promote requires an -a flag to give admin privileges to all site administrators in all organizations.
New REST API resources have been added.
GraphQL API schema has been updated.

Backups and Disaster Recovery

GitHub Enterprise 2.13 requires at least GitHub Enterprise Backup Utilities 2.13.0 for Backups and Disaster Recovery.

Starting with Backup Utilities 2.13.0, version support is inline with that of the GitHub Enterprise upgrade requirements and as such, support is limited to three versions of GitHub Enterprise: the version that corresponds with the version of Backup Utilities, and the two releases prior to it.

For example, Backup Utilities 2.13.0 can be used to backup and restore all patch releases from 2.11.0 to the latest patch release of GitHub Enterprise 2.13. Backup utilities 2.14.0 will be released when GitHub Enterprise 2.14.0 is released and will then be used to backup all releases of GitHub Enterprise from 2.12.0 to the latest patch release of GitHub Enterprise 2.14.

Backup Utilities 2.11.4 and earlier offer support for GitHub Enterprise 2.10 and earlier releases.

Upcoming deprecation of Internet Explorer 11 support

Support for Internet Explorer 11 will be deprecated on September 13, 2018. There will be no changes in site functionality, but a warning banner will be displayed to Internet Explorer 11 users.

Upcoming deprecation of VMware ESX 5.5 support

Support for VMware ESX 5.5 will be deprecated on September 19, 2018.

Upcoming deprecation of GitHub Enterprise 2.10

GitHub Enterprise 2.10 will be deprecated as of June 5, 2018. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments are missing from an import with ghe-migrator.
After upgrading to 2.13.0, users can lose access to their LDAP mapped teams when LDAP sync is enabled. Please contact Enterprise Support to manually workaround this issue. (updated 2018-03-28)
Pages builds fail when TLS is disabled. (updated 2018-04-03)
We incorrectly show a warning message, "You can't perform this action at this time", on team discussion pages. The message can be safely ignored. (updated 2018-04-11)
On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team

2.12.8

Tue, 20 Mar 2018 17:00:32 +0000

Security Fixes

LOW: It was identified internally that the existence of private repositories could be determined due to the differing error messages of some REST API endpoints. These error messages have been updated to be consistent regardless of a user’s authorization to the repository. No information except for the existence of a private repository would have been exposed due to this issue.

Bug Fixes

Upgrades to later feature releases were blocked if the new patch release number is lower than the current one.
Wiki footer options were not shown for read-only users.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.
Pages builds fail when TLS is disabled. (updated 2018-04-03)
On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.11.14

Tue, 20 Mar 2018 17:00:31 +0000

Security Fixes

LOW: It was identified internally that the existence of private repositories could be determined due to the differing error messages of some REST API endpoints. These error messages have been updated to be consistent regardless of a user’s authorization to the repository. No information except for the existence of a private repository would have been exposed due to this issue.

Bug Fixes

Upgrades to later feature releases were blocked if the new patch release number is lower than the current one.
Wiki footer options were not shown for read-only users.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The gpgverify service may consume large amounts of CPU time even when not processing requests.
Pages builds fail when TLS is disabled. (updated 2018-04-03)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.20

Tue, 20 Mar 2018 17:00:30 +0000

Security Fixes

LOW: It was identified internally that the existence of private repositories could be determined due to the differing error messages of some REST API endpoints. These error messages have been updated to be consistent regardless of a user’s authorization to the repository. No information except for the existence of a private repository would have been exposed due to this issue.

Bug Fixes

Upgrades to later feature releases were blocked if the new patch release number is lower than the current one.
Wiki footer options were not shown for read-only users.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Pages builds fail when TLS is disabled. (updated 2018-04-03)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.12.7

Tue, 13 Mar 2018 16:00:32 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

An appliance could not be successfully deployed on Google Cloud Platform without allocating a public IP address.
Snapshots taken using the Backup Utilities from a GitHub Enterprise cluster will connect to the MySQL master node to allow transfer of SQL data via a unix domain socket instead of TCP.
When creating a custom pre-receive hook environment, the operation would fail if the specified URL requested redirection.
Upgrades with a package from an earlier release were not prevented.
Some services would fail to restart after applying a hotpatch.
The documentation_url field in some GraphQL API v4 responses referred to the REST API v3 documentation rather than the GraphQL API v4 documentation.
Adding members via the new organization page did not display added users.
Archived gists were not restored in cluster environments.
The Get repository contents API endpoint incorrectly returned a 403 Forbidden response for some Git LFS-tracked files.
Milestones retrieved using the REST API were not sorted as documented by default.
"You signed out in another tab or window. Reload to refresh your session" message was being shown to some Firefox users.
Pull Request would not merge if it touches file(s) the author owns requiring reviews from code owners.
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator.

Changes

Entries recorded in the resqued.log file weren't included when forwarding logs to an external server. Customers monitoring the github_resque tag will need to switch to github_resqued instead.
Added the ability to add multiple repositories to an export at once using a text file that lists the repository URLs.

Known Issues

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance. (updated 2018-03-19)
Pages builds fail when TLS is disabled. (updated 2018-04-03)
On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.11.13

Tue, 13 Mar 2018 16:00:31 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

An appliance could not be successfully deployed on Google Cloud Platform without allocating a public IP address.
When creating a custom pre-receive hook environment, the operation would fail if the specified URL requested redirection.
Upgrades with a package from an earlier release were not prevented.
Some services would fail to restart after applying a hotpatch.
The documentation_url field in some GraphQL API v4 responses referred to the REST API v3 documentation rather than the GraphQL API v4 documentation.
Archived gists were not restored in cluster environments.
The Get repository contents API endpoint incorrectly returned a 403 Forbidden response for some Git LFS-tracked files.
Milestones retrieved using the REST API were not sorted as documented by default.
"You signed out in another tab or window. Reload to refresh your session" message was being shown to some Firefox users.
Pull Request would not merge if it touches file(s) the author owns requiring reviews from code owners.

Changes

Entries recorded in the resqued.log file weren't included when forwarding logs to an external server. Customers monitoring the github_resque tag will need to switch to github_resqued instead.
Added the ability to add multiple repositories to an export at once using a text file that lists the repository URLs.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pages builds fail when TLS is disabled. (updated 2018-04-03)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.19

Tue, 13 Mar 2018 16:00:30 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

An appliance could not be successfully deployed on Google Cloud Platform without allocating a public IP address.
When creating a custom pre-receive hook environment, the operation would fail if the specified URL requested redirection.
Upgrades with a package from an earlier release were not prevented.
The documentation_url field in some GraphQL API v4 responses referred to the REST API v3 documentation rather than the GraphQL API v4 documentation.
The Get repository contents API endpoint incorrectly returned a 403 Forbidden response for some Git LFS-tracked files.
Milestones retrieved using the REST API were not sorted as documented by default.
"You signed out in another tab or window. Reload to refresh your session" message was being shown to some Firefox users.

Changes

Added the ability to add multiple repositories to an export at once using a text file that lists the repository URLs.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Pages builds fail when TLS is disabled. (updated 2018-04-03)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.12.6

Tue, 27 Feb 2018 16:00:32 +0000

Security Fixes

LOW: Tokens were contained in extended support bundles when they were used in GET requests as a URL parameter.
Packages were updated to their latest patch versions.

Bug Fixes

RRD files used to store metrics that are no longer collected were never deleted, wasting space on the root file system.
Webhook delivery could fail in a clustering environment when one of the web-server nodes was unavailable and not explicitly marked as offline.
SVG files referenced using a relative path in a README were not shown.
Trial CloudFormation template updated to use current version of AWS instances. As part of this update, this trial template will no longer work within the EC2 Classic network type.
Failed to upgrade a replica to the same version on a newly partitioned root disk.
Deleting a search index didn't delete all associated metadata, which were then incorrectly reused if a new search index was created. This caused search index repair jobs to be reported as finished in the site admin when they were not.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
LFS objects could fail to be cloned after a successful upload.
GitHub Apps silently fail to be created when the name contains an underscore.
Trying to delete an App's avatar in settings/apps/[app-name] caused an error and didn't delete the avatar.
Installations failed to be removed while transferring repository ownership.
Collaborators added through the API were incorrectly sent invitations.

Changes

ghe-repl-status could show an inaccurate count when Alambic replication was behind.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance. (updated 2018-03-19)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.11.12

Tue, 27 Feb 2018 16:00:31 +0000

Security Fixes

LOW: Tokens were contained in extended support bundles when they were used in GET requests as a URL parameter.
Packages were updated to their latest patch versions.

Bug Fixes

RRD files used to store metrics that are no longer collected were never deleted, wasting space on the root file system.
Failed to upgrade a replica to the same version on a newly partitioned root disk.
Deleting a search index didn't delete all associated metadata, which were then incorrectly reused if a new search index was created. This caused search index repair jobs to be reported as finished in the site admin when they were not.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
LFS objects could fail to be cloned after a successful upload.

Changes

ghe-repl-status could show an inaccurate count when Alambic replication was behind.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.18

Tue, 27 Feb 2018 16:00:30 +0000

Security Fixes

LOW: Tokens were contained in extended support bundles when they were used in GET requests as a URL parameter.
Packages were updated to their latest patch versions.

Bug Fixes

RRD files used to store metrics that are no longer collected were never deleted, wasting space on the root file system.
Failed to upgrade a replica to the same version on a newly partitioned root disk.
Deleting a search index didn't delete all associated metadata, which were then incorrectly reused if a new search index was created. This caused search index repair jobs to be reported as finished in the site admin when they were not.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
LFS objects could fail to be cloned after a successful upload.

Changes

ghe-repl-status could show an inaccurate count when Alambic replication was behind.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.23

Tue, 27 Feb 2018 16:00:29 +0000

Security Fixes

LOW: Tokens were contained in extended support bundles when they were used in GET requests as a URL parameter.
Packages were updated to their latest patch versions.

Upcoming deprecation of GitHub Enterprise 2.9

GitHub Enterprise 2.9 will be deprecated as of March 1, 2018. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Bug Fixes

Failed to upgrade a replica to the same version on a newly partitioned root disk.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.12.5

Tue, 13 Feb 2018 16:00:32 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The directory hierarchy was not retained when uploading a directory of files to a repository using drag & drop.
MySQL backups could fail with mysqldump: Error 2013: Lost connection to MySQL server during query when dumping table error.
An incorrect merge commit SHA could be returned for pull requests merged through the API.
Multiple attempts may have been required to resolve a merge conflict using the conflict resolution web interface.
The incomplete preview Community Profile API endpoint was enabled on GitHub Enterprise.
Pull request reviewers were not migrated when migrating repositories using ghe-migrator.
The pull request assignee event was duplicated on repositories migrated using ghe-migrator.
The pull request review request had users reversed, after migration with ghe-migrator.
Granting push permissions on a protected branch to a child team could fail with a 500 internal server error when submitting the form.
Archived repositories could not be forked via the REST API.
Querying the status of storage objects using in high availability and cluster environments has been optimized for improved performance.
Git references, such as tags or branch names, with a high number of transitions from letter to numbers and back again, could result in a background worker crashing causing some webhooks not to fire.
The gpgverify service could consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)

Changes

GitHub Enterprise is now available in the Paris AWS region.
Support bundles are more efficiently sanitized during generation.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
GitHub Apps silently fail to be created when the name contains an underscore.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance. (updated 2018-03-19)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.11.11

Tue, 13 Feb 2018 16:00:31 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The directory hierarchy was not retained when uploading a directory of files to a repository using drag & drop.
An incorrect merge commit SHA could be returned for pull requests merged through the API.
Multiple attempts may have been required to resolve a merge conflict using the conflict resolution web interface.
The incomplete preview Community Profile API endpoint was enabled on GitHub Enterprise.
Pull request reviewers were not migrated when migrating repositories using ghe-migrator.
The pull request assignee event was duplicated on repositories migrated using ghe-migrator.
The pull request review request had users reversed, after migration with ghe-migrator.
Granting push permissions on a protected branch to a child team could fail with a 500 internal server error when submitting the form.
Querying the status of storage objects using in high availability and cluster environments has been optimized for improved performance.
Git references, such as tags or branch names, with a high number of transitions from letter to numbers and back again, could result in a background worker crashing causing some webhooks not to fire.
The gpgverify service could consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)

Changes

GitHub Enterprise is now available in the Paris AWS region.
Support bundles are more efficiently sanitized during generation.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.17

Tue, 13 Feb 2018 16:00:30 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The directory hierarchy was not retained when uploading a directory of files to a repository using drag & drop.
Querying the status of storage objects using in high availability and cluster environments has been optimized for improved performance.
Pull request reviewers were not migrated when migrating repositories using ghe-migrator.
The pull request assignee event was duplicated on repositories migrated using ghe-migrator.
The pull request review request had users reversed, after migration with ghe-migrator.
Git references, such as tags or branch names, with a high number of transitions from letter to numbers and back again, could result in a background worker crashing causing some webhooks not to fire.

Changes

GitHub Enterprise is now available in the Paris AWS region.
Support bundles are more efficiently sanitized during generation.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.22

Tue, 13 Feb 2018 16:00:29 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The directory hierarchy was not retained when uploading a directory of files to a repository using drag & drop.
Git references, such as tags or branch names, with a high number of transitions from letter to numbers and back again, could result in a background worker crashing causing some webhooks not to fire.

Changes

GitHub Enterprise is now available in the Paris AWS region.
Support bundles are more efficiently sanitized during generation.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.

Thanks!

The GitHub Team

2.12.4

Tue, 30 Jan 2018 16:00:32 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The hostname documentation link in the Management Console linked to an invalid location.
Large Git LFS objects and release downloads were temporarily buffered to the root disk. This could lead to disk space contention.
The create team API endpoint returned a 500 error if LDAP Sync is enabled and the team already exists.
The hookshot-unicorn service could fail to start if there was a large backlog of webhook jobs.
Tearing down replication did not remove the database seed data used when configuring high availability replication.
The license expiry notification was shown if the appliance was restarted after the current has license expired.
The elasticsearch-upgrade service was not stopped during the upgrade process when upgrading via a hotpatch. This could lead to unnecessary logging to the root disk.
Applying a hotpatch that required a reboot did not warn that a reboot is required.
Postfix attempted to negotiate NTLM authentication if the relay host offered it.
Toggling each of the Branch Protection settings would produce inconsistent audit log events.
Toggling the 'Require review from Code Owners' Branch Protection setting did not generate an audit log event.
Background job logging to /var/log/github/production.log could consume large amounts of disk space. The fast growth of this log file could cause the root disk to fill up.
Comparing branches with unicode characters in their names could fail with a '500 Internal Server Error'.
Large API requests could trigger excessive logging in the exceptions log. (updated 2018-01-31)

Changes

ghe-diagnostics can now upload directly to GitHub using the -u or -t [ticket reference] options.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
GitHub Apps silently fail to be created when the name contains an underscore.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.11.10

Tue, 30 Jan 2018 16:00:31 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The hostname documentation link in the Management Console linked to an invalid location.
Large Git LFS objects and release downloads were temporarily buffered to the root disk. This could lead to disk space contention.
The create team API endpoint returned a 500 error if LDAP Sync is enabled and the team already exists.
The hookshot-unicorn service could fail to start if there was a large backlog of webhook jobs.
Tearing down replication did not remove the database seed data used when configuring high availability replication.
The license expiry notification was shown if the appliance was restarted after the current has license expired.
The elasticsearch-upgrade service was not stopped during the upgrade process when upgrading via a hotpatch. This could lead to unnecessary logging to the root disk.
Applying a hotpatch that required a reboot did not warn that a reboot is required.
Postfix attempted to negotiate NTLM authentication if the relay host offered it.
Toggling each of the Branch Protection settings would produce inconsistent audit log events.
Toggling the 'Require review from Code Owners' Branch Protection setting did not generate an audit log event.

Changes

ghe-diagnostics can now upload directly to GitHub using the -u or -t [ticket reference] options.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.16

Tue, 30 Jan 2018 16:00:30 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The hostname documentation link in the Management Console linked to an invalid location.
Large Git LFS objects and release downloads were temporarily buffered to the root disk. This could lead to disk space contention.
The create team API endpoint returned a 500 error if LDAP Sync is enabled and the team already exists.
The hookshot-unicorn service could fail to start if there was a large backlog of webhook jobs.
Tearing down replication did not remove the database seed data used when configuring high availability replication.
The license expiry notification was shown if the appliance was restarted after the current has license expired.

Changes

ghe-diagnostics can now upload directly to GitHub using the -u or -t [ticket reference] options.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.21

Tue, 30 Jan 2018 16:00:29 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The hostname documentation link in the Management Console linked to an invalid location.
Large Git LFS objects and release downloads were temporarily buffered to the root disk. This could lead to disk space contention.
The create team API endpoint returned a 500 error if LDAP Sync is enabled and the team already exists.
The hookshot-unicorn service could fail to start if there was a large backlog of webhook jobs.

Changes

ghe-diagnostics can now upload directly to GitHub using the -u or -t [ticket reference] options.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.

Thanks!

The GitHub Team

2.12.3

Tue, 16 Jan 2018 16:00:32 +0000

Meltdown

This release addresses the Meltdown (CVE-2017-5754) attack. This has been fixed in the 3.16.51-3+deb8u1 release from Debian. Please note that this patch does not address the Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerability. A fix is not available for the Spectre vulnerability yet.

Internally conducted benchmarks indicate the performance impact is limited to a 2-5% increase in CPU usage on most platforms. The impact can vary depending on your usage and platform though. If you see a significant performance difference, don't hesitate to reach out to Enterprise Support.

Note on Hotpatching

The hotpatch contains an upgrade to the kernel and requires a reboot. The Meltdown attack is not fixed until a reboot is performed.

Security Fixes

HIGH: Kernel is updated to 3.16.51-3+deb8u1 which implements Kernel Page Table Isolation (KPTI) to address Meltdown.

Bug Fixes

ghe-dbconsole, in a cluster environment, did not work on nodes without a database role.
The ghe-repl-status command-line utility incorrectly showed TypeError: no implicit conversion of Symbol into Integer when there are repositories or gists with bad replica counts.
The ghe-dpages check-replicas command could show an error with widely dispersed geo replicas.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
GitHub Apps silently fail to be created when the name contains an underscore.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.
Background job logging to /var/log/github/production.log may consume large amounts of disk space. The fast growth of this log file could cause the root disk to fill up.
Large API requests may trigger excessive logging in the exceptions log. (updated 2018-01-31)
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.11.9

Tue, 16 Jan 2018 16:00:31 +0000

Meltdown

Note on Hotpatching

The hotpatch contains an upgrade to the kernel and requires a reboot. The Meltdown attack is not fixed until a reboot is performed.

Security Fixes

HIGH: Kernel is updated to 3.16.51-3+deb8u1 which implements Kernel Page Table Isolation (KPTI) to address Meltdown.

Bug Fixes

The ghe-dpages check-replicas command could show an error incorrectly with widely dispersed geo replicas.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.15

Tue, 16 Jan 2018 16:00:30 +0000

Meltdown

Note on Hotpatching

The hotpatch contains an upgrade to the kernel and requires a reboot. The Meltdown attack is not fixed until a reboot is performed.

Security Fixes

HIGH: Kernel is updated to 3.16.51-3+deb8u1 which implements Kernel Page Table Isolation (KPTI) to address Meltdown.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.20

Tue, 16 Jan 2018 16:00:29 +0000

Meltdown

Note on Hotpatching

The hotpatch contains an upgrade to the kernel and requires a reboot. The Meltdown attack is not fixed until a reboot is performed.

Security Fixes

HIGH: Kernel is updated to 3.16.51-3+deb8u1 which implements Kernel Page Table Isolation (KPTI) to address Meltdown.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.

Thanks!

The GitHub Team

2.12.2

Tue, 09 Jan 2018 16:00:32 +0000

Meltdown & Spectre

Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to extract data which is currently processed on the same machine. This also can affect GitHub Enterprise.

The risk to GitHub Enterprise depends on the environment that it runs in. There are two main vectors of attack that need to be considered.

Virtualization platform

Given that GitHub Enterprise runs on various virtualization platforms, it's essential to update the virtualization platform where possible to mitigate any of these issues. The existing patches and fixes almost all focus on solving Meltdown. Meltdown is more straightforward to fix and most providers focus on this first.

Spectre is more complicated to exploit and also more complicated to fix. KVM for example is not vulnerable to Meltdown but is vulnerable, with a proof of concept, to Spectre which was tested by Google in the project originally (see https://googleprojectzero.blogspot.nl/2018/01/reading-privileged-memory-with-side.html). Specifically under "Reading host memory from a KVM guest". This Spectre exploit tested against a specific kernel version, but nothing implies it's impossible to adapt for other kernel versions and or other virtualization platforms.

The following Cloud and virtualization platforms have released announcements and/or fixes.

On AWS we use HVM for virtualization. According to Amazon, HVM is not vulnerable to Meltdown. Also see https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
Xen VMs using PV virtualization are vulnerable. We recommend switching to HVM virtualization as HVM is not vulnerable to Meltdown. Also see https://xenbits.xen.org/xsa/advisory-254.html under "Mitigation".
Google Cloud is not vulnerable to Meltdown as VMs there are isolated and cross VM attacks are not possible.
See their FAQ and the Google Cloud Security Bulletins page.
Microsoft Azure is updating/rebooting infrastructure where necessary to mitigate potential hypervisor level issues. See https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/.
VMWare has released patches to address this at the hypervisor level: https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html & https://lists.vmware.com/pipermail/security-announce/2018/000397.html. We strongly encourage customers install those patches.
Intel has also announced they will be releasing updates for their processors. If the host platform you run GitHub Enterprise on has these patches available in the future, we also strongly recommend installing those.

Inside GitHub Enterprise

The vulnerability can also be exploited if there is code under the control of an attacker running on the same system. GitHub Enterprise has very limited support for custom code in the form of pre-receive hooks. Pre-receive hooks are limited such that administrators are the only ones who can set them up and their runtime execution is limited to 5 seconds. Both these aspects greatly limit the risk of data exposure through pre-receive hooks. As a general rule, administrators should ensure that only known and trusted pre-receive hooks are enabled on their appliance.

GitHub Enterprise is based on Debian Jessie. A fix for Meltdown is not yet available for Debian Jessie, as can be seen in the Debian CVE tracker for Meltdown. The new kernel version will be included in a future release of GitHub Enterprise and can potentially come with a performance regression. Accordingly, we recommend testing that release before putting it into production.

Summary

The primary risk for GitHub Enterprise installations is cross-guest or host <-> guest data leakage on the virtualization platform. This may be mitigated by the support cloud hosting providers, or by the suppliers of virtualization software. There is very limited risk of externally supplied software running within the appliance obtaining data from other processes, mitigated by administrators only enabling pre-receive hooks that are reviewed and trusted.

Security Fixes

LOW: Pre-receive hooks could access internal cloud platform metadata. The metadata resources have been restricted to the root user.
Packages have been updated to the latest security versions.

Bug Fixes

Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
Changes to legal hold state of a repository did not trigger an audit log event.
After changing HTTP proxy configuration in the Management Console, webhooks did not use the settings unless hookshot-resqued was restarted manually.
NUMA enabled appliances could crash with a kernel panic. This was a known issue with linux-image-3.16.51-2.
GitHub Apps referenced an invalid profile in the notifications and comment views.
The pre-receive hook $GITHUB_PULL_REQUEST_AUTHOR_LOGIN environment variable was empty when pull requests were merged via the API.
Permission update notifications for GitHub Apps were not sent to organization administrators.

Changes

GitHub Enterprise support ticket creation via e-mail (enterprise@github.com) has been disabled. Please contact GitHub Enterprise Support using the Submitting a ticket article.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
GitHub Apps silently fail to be created when the name contains an underscore.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.
The ghe-repl-status command-line utility incorrectly shows TypeError: no implicit conversion of Symbol into Integer when there are repositories or gists with bad replica counts. (updated 2018-01-10)
Reviewers and the "Review requested" status disappear on pull requests migrated with ghe-migrator. (updated 2018-01-12)
Background job logging to /var/log/github/production.log may consume large amounts of disk space. The fast growth of this log file could cause the root disk to fill up. (updated 2018-01-16)
Large API requests may trigger excessive logging in the exceptions log. (updated 2018-01-31)
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.11.8

Tue, 09 Jan 2018 16:00:31 +0000

Meltdown & Spectre

The risk to GitHub Enterprise depends on the environment that it runs in. There are two main vectors of attack that need to be considered.

Virtualization platform

The following Cloud and virtualization platforms have released announcements and/or fixes.

On AWS we use HVM for virtualization. According to Amazon, HVM is not vulnerable to Meltdown. Also see https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
Xen VMs using PV virtualization are vulnerable. We recommend switching to HVM virtualization as HVM is not vulnerable to Meltdown. Also see https://xenbits.xen.org/xsa/advisory-254.html under "Mitigation".
Google Cloud is not vulnerable to Meltdown as VMs there are isolated and cross VM attacks are not possible.
See their FAQ and the Google Cloud Security Bulletins page.
Microsoft Azure is updating/rebooting infrastructure where necessary to mitigate potential hypervisor level issues. See https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/.
VMWare has released patches to address this at the hypervisor level: https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html & https://lists.vmware.com/pipermail/security-announce/2018/000397.html. We strongly encourage customers install those patches.
Intel has also announced they will be releasing updates for their processors. If the host platform you run GitHub Enterprise on has these patches available in the future, we also strongly recommend installing those.

Inside GitHub Enterprise

Summary

Security Fixes

LOW: Pre-receive hooks could access internal cloud platform metadata. The metadata resources have been restricted to the root user.
Packages have been updated to the latest security versions.

Bug Fixes

Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
After changing HTTP proxy configuration in the Management Console, webhooks did not use the settings unless hookshot-resqued was restarted manually.
NUMA enabled appliances could crash with a kernel panic. This was a known issue with linux-image-3.16.51-2.
The pre-receive hook $GITHUB_PULL_REQUEST_AUTHOR_LOGIN environment variable was empty when pull requests were merged via the API.

Changes

GitHub Enterprise support ticket creation via e-mail (enterprise@github.com) has been disabled. Please contact GitHub Enterprise Support using the Submitting a ticket article.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
The pull request review request has users reversed, after migration with ghe-migrator.
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.14

Tue, 09 Jan 2018 16:00:30 +0000

Meltdown & Spectre

The risk to GitHub Enterprise depends on the environment that it runs in. There are two main vectors of attack that need to be considered.

Virtualization platform

The following Cloud and virtualization platforms have released announcements and/or fixes.

On AWS we use HVM for virtualization. According to Amazon, HVM is not vulnerable to Meltdown. Also see https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
Xen VMs using PV virtualization are vulnerable. We recommend switching to HVM virtualization as HVM is not vulnerable to Meltdown. Also see https://xenbits.xen.org/xsa/advisory-254.html under "Mitigation".
Google Cloud is not vulnerable to Meltdown as VMs there are isolated and cross VM attacks are not possible.
See their FAQ and the Google Cloud Security Bulletins page.
Microsoft Azure is updating/rebooting infrastructure where necessary to mitigate potential hypervisor level issues. See https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/.
VMWare has released patches to address this at the hypervisor level: https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html & https://lists.vmware.com/pipermail/security-announce/2018/000397.html. We strongly encourage customers install those patches.
Intel has also announced they will be releasing updates for their processors. If the host platform you run GitHub Enterprise on has these patches available in the future, we also strongly recommend installing those.

Inside GitHub Enterprise

Summary

Security Fixes

LOW: Pre-receive hooks could access internal cloud platform metadata. The metadata resources have been restricted to the root user.
Packages have been updated to the latest security versions.

Bug Fixes

NUMA enabled appliances could crash with a kernel panic. This was a known issue with linux-image-3.16.51-2.
The pre-receive hook $GITHUB_PULL_REQUEST_AUTHOR_LOGIN environment variable was empty when pull requests were merged via the API.

Changes

GitHub Enterprise support ticket creation via e-mail (enterprise@github.com) has been disabled. Please contact GitHub Enterprise Support using the Submitting a ticket article.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.19

Tue, 09 Jan 2018 16:00:29 +0000

Meltdown & Spectre

The risk to GitHub Enterprise depends on the environment that it runs in. There are two main vectors of attack that need to be considered.

Virtualization platform

The following Cloud and virtualization platforms have released announcements and/or fixes.

On AWS we use HVM for virtualization. According to Amazon, HVM is not vulnerable to Meltdown. Also see https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
Xen VMs using PV virtualization are vulnerable. We recommend switching to HVM virtualization as HVM is not vulnerable to Meltdown. Also see https://xenbits.xen.org/xsa/advisory-254.html under "Mitigation".
Google Cloud is not vulnerable to Meltdown as VMs there are isolated and cross VM attacks are not possible.
See their FAQ and the Google Cloud Security Bulletins page.
Microsoft Azure is updating/rebooting infrastructure where necessary to mitigate potential hypervisor level issues. See https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/.
VMWare has released patches to address this at the hypervisor level: https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html & https://lists.vmware.com/pipermail/security-announce/2018/000397.html. We strongly encourage customers install those patches.
Intel has also announced they will be releasing updates for their processors. If the host platform you run GitHub Enterprise on has these patches available in the future, we also strongly recommend installing those.

Inside GitHub Enterprise

Summary

Security Fixes

LOW: Pre-receive hooks could access internal cloud platform metadata. The metadata resources have been restricted to the root user.
Packages have been updated to the latest security versions.

Bug Fixes

NUMA enabled appliances could crash with a kernel panic. This was a known issue with linux-image-3.16.51-2.
The pre-receive hook $GITHUB_PULL_REQUEST_AUTHOR_LOGIN environment variable was empty when pull requests were merged via the API.

Changes

GitHub Enterprise support ticket creation via e-mail (enterprise@github.com) has been disabled. Please contact GitHub Enterprise Support using the Submitting a ticket article.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.

Thanks!

The GitHub Team

2.12.1

Tue, 19 Dec 2017 16:00:32 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard.
Authentication graphs in the management console were incorrectly empty and auth.result.* metrics weren't forwarded to external collectd servers.
Orphaned resqued processes accumulated and caused out-of-memory (OOM) issues.
CODEOWNERS failed with CRLF line endings.
Nested teams could not be migrated with ghe-migrator.
Pre-receive hook's enforcement could not be updated with the API.
GitHub Apps incorrectly linked to a "Report abuse" reference.
Repository changes and creation could timeout when an organization contains many teams and members.
When restoring a deleted repository via the site admin dashboard, an error message could be shown even though the restore worked.
The compare view could display the incorrect additions or deletions status.
Updates to a pull request through the API could incorrectly modify manitainer_can_modify to false when the field was not a part of the request.

Changes

/var/log/github/production.log has been updated to include more metadata for resque.performed and resque.queued events.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
GitHub Apps silently fail to be created when the name contains an underscore.
Changes to legal hold state of a repository does not trigger an audit log event.
After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-20)
Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-27)
The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-27)
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-27)
NUMA enabled appliances can crash with a kernel panic. This is a known issue with linux-image-3.16.51-2 and the workaround is to add the numa=off parameter to the kernel command line in /boot/grub/grub.cfg. Please contact GitHub Enterprise Support if you have questions. (updated 2017-12-28)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
The ghe-repl-status command-line utility incorrectly shows TypeError: no implicit conversion of Symbol into Integer when there are repositories or gists with bad replica counts. (updated 2018-01-10)
Reviewers and the "Review requested" status disappear on pull requests migrated with ghe-migrator. (updated 2018-01-12)
Background job logging to /var/log/github/production.log may consume large amounts of disk space. The fast growth of this log file could cause the root disk to fill up. (updated 2018-01-16)
Large API requests may trigger excessive logging in the exceptions log. (updated 2018-01-31)
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.11.7

Tue, 19 Dec 2017 16:00:31 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The followers and following count incorrectly considered suspended accounts.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard.
Orphaned resqued processes accumulated and caused out-of-memory (OOM) issues.
CODEOWNERS failed with CRLF line endings.
Nested teams could not be migrated with ghe-migrator.
Pre-receive hook's enforcement could not be updated with the API.
Repository changes and creation could timeout when an organization contains many teams and members.
When restoring a deleted repository via the site admin dashboard, an error message could be shown even though the restore worked.
The compare view could display the incorrect additions or deletions status.
Updates to a pull request through the API could incorrectly modify manitainer_can_modify to false when the field was not a part of the request.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-20)
Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
NUMA enabled appliances can crash with a kernel panic. This is a known issue with linux-image-3.16.51-2 and the workaround is to add the numa=off parameter to the kernel command line in /boot/grub/grub.cfg. Please contact GitHub Enterprise Support if you have questions. (updated 2017-12-28)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.13

Tue, 19 Dec 2017 16:00:30 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The followers and following count incorrectly considered suspended accounts.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard.
Pre-receive hook's enforcement could not be updated with the API.
When restoring a deleted repository via the site admin dashboard, an error message could be shown even though the restore worked.
Updates to a pull request through the API could incorrectly modify manitainer_can_modify to false when the field was not a part of the request.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
NUMA enabled appliances can crash with a kernel panic. This is a known issue with linux-image-3.16.51-2 and the workaround is to add the numa=off parameter to the kernel command line in /boot/grub/grub.cfg. Please contact GitHub Enterprise Support if you have questions. (updated 2017-12-28)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.18

Tue, 19 Dec 2017 16:00:29 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The followers and following count incorrectly considered suspended accounts.
Pre-receive hook's enforcement could not be updated with the API.
Updates to a pull request through the API could incorrectly modify manitainer_can_modify to false when the field was not a part of the request.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
NUMA enabled appliances can crash with a kernel panic. This is a known issue with linux-image-3.16.51-2 and the workaround is to add the numa=off parameter to the kernel command line in /boot/grub/grub.cfg. Please contact GitHub Enterprise Support if you have questions. (updated 2017-12-28)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.12.0

Tue, 12 Dec 2017 16:00:32 +0000

Features

Archive repositories to indicate when a project is no longer actively maintained.
Install and renew TLS certificates from Let's Encrypt® on your appliance without any required manual maintenance.
View the modules, libraries, projects, and corresponding licenses that are used by a GitHub Enterprise appliance.
Install a hotpatch using the management console or schedule an installation to upgrade your GitHub Enterprise appliance to the latest patch release.
Attach .log files to issues and pull requests.
Configure automation for project board columns to keep cards in sync with associated issues and pull requests.
Request to nest an existing team under your team in your organization’s hierarchy.
Search repositories by license type.
Create global web hooks to monitor, respond to, or enforce rules for user and organization management on your appliance.
View a comment's edit history.
Place a legal hold on a user or organization to ensure that repositories they own cannot be permanently removed.
Faster MySQL and Redis failover for high availability and clustering environment.
View a user's public GPG key by visiting the /login.gpg endpoint.
GitHub Apps is available as an early access technical preview.

Security Fixes

Packages have been updated to the latest security versions.
Users could accept an organization invitation incorrectly sent to an unverified email address.

Bug Fixes

The ghe-es-search-repair script refused to run in a single instance environment.
The OpenVPN log was not created if it did not already exist.
The audit log rotation schedule was unintentionally set to weekly instead of daily.
Archived repositories were not restored correctly in cluster environments.
The Management Console was not correctly reloaded after a hotpatch is applied.
Chrome attempted to automatically fill the SMTP and SNMP password fields with the password for the management console.
Migration archives excluded users who created a protected branch and were subsequently removed from the organization.
Git repair jobs repeatedly tried to access unavailable objects, causing high CPU usage.
Searching for users or email addresses in the site admin tools did not return results for incomplete and fuzzy matches.
The merge button got stuck in the "Checking for ability to merge" state.
ghe-cluster-status returned invalid JSON when nodes were unavailable.
Projects were incorrectly editable when the repositories was locked for migration.
Users were unable to add collaborators to a personal project when the actor followed a large number of users.
Pages failed to publish when the publishing source was configured as a path to a submodule.
The followers and following count incorrectly considered suspended accounts.
The squash and merge option was not resizing the text area to the height of the commit message.

Changes

To restrict actions on raw content, including preventing popups, preventing the execution of plugins and scripts, and enforcing a same-origin policy, our content security policy (CSP) header for raw URLs now includes the sandbox attribute.
babeld.log includes an api_time key for internal timings on verifying authentication.
codeload.log include a api_ms attribute for internal timings.
gitauth.log has been updated to add the commit-refs, verification-tokens, pre-2fa, and git-lfs-authenticate actions and include the request_ip and path_info metadata.
The GitHubMetadata GraphQL API object has been added.
The meta RESTAPI endpoint has been updated to include installed_version for the GitHub Enterprise version.
Webhooks payloads have been updated to include two headers, X-GitHub-Enterprise-Version and X-GitHub-Enterprise-Host.
The git signing API is no longer behind a preview header.
Outside collaborators will be counted in the team member count view in the site admin dashboard.
The number of cards awaiting triage has been added to the project section of the site admin dashboard.
ghe-nwo command-line utility can identify the repository owner from a repository id.
ghe-version command-line utility returns the current GitHub Enterprise version number.
Topic descriptions will render GitHub Flavored Markdown.
Project notes character limit has been increased to 1024 from from 250.
Project, webhook APIs created_at and updated_at fields have been updated to use a consistent and standard YYYY-MM-DDTHH:MM:SSZ ISO 8601 format.
GPG verification for commits are parallelized for faster performance.

Backups and Disaster Recovery

GitHub Enterprise 2.12 requires at least GitHub Enterprise Backup Utilities 2.11.2 for Backups and Disaster Recovery.

Upcoming deprecation of Internet Explorer 11 support

Support for Internet Explorer 11 will be deprecated on September 13, 2018. There will be no changes in site functionality, but a warning banner will be displayed to Internet Explorer 11 users.

Upcoming deprecation of VMware ESX 5.5 support

Support for VMware ESX 5.5 will be deprecated on September 19, 2018.

Upcoming deprecation of GitHub Enterprise 2.9

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-12-19)
GitHub Apps silently fail to be created when the name contains an underscore.
Authentication graph is incorrectly empty because auth.result.* metrics are missing and not forwarded to external collectd servers.
Changes to legal hold state of a repository does not trigger an audit log event.
After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-27)
The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-27)
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-27)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
The ghe-repl-status command-line utility incorrectly shows TypeError: no implicit conversion of Symbol into Integer when there are repositories or gists with bad replica counts. (updated 2018-01-10)
Reviewers and the "Review requested" status disappear on pull requests migrated with ghe-migrator. (updated 2018-01-12)
Large API requests may trigger excessive logging in the exceptions log. (updated 2018-01-31)
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.11.6

Tue, 05 Dec 2017 16:00:31 +0000

Security Fixes

Packages have been updated to the latest security versions.
Users could accept an organization invitation incorrectly sent to an unverified email address.

Bug Fixes

The ghe-es-search-repair script refused to run in a single instance environment.
The OpenVPN log was not created if it did not already exist.
The audit log rotation schedule was unintentionally set to weekly instead of daily.
Archived repositories were not restored correctly in cluster environments.
The management application was not correctly reloaded after a hotpatch is applied.
Chrome attempted to automatically fill the SMTP and SNMP password fields with the password for the management console.
Migration archives excluded users who created a protected branch and were subsequently removed from the organization.
Git repair jobs repeatedly tried to access unavailable objects, causing high CPU usage.
Searching for users or email addresses in the stafftools did not return results for incomplete and fuzzy matches.
The merge button could get stuck in the "Checking for ability to merge" state.
Rebuilding a search index—including during an upgrade to this version—could cause many exceptions to be logged to /var/log/github/exceptions.log. The fast growth of this log file could cause the root disk to fill up. (updated 2017-12-20)

Changes

To restrict actions on raw content, including preventing popups, preventing the execution of plugins and scripts, and enforcing a same-origin policy, our content security policy (CSP) header for raw URLs now includes the sandbox attribute.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-12-19)
Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.12

Tue, 05 Dec 2017 16:00:30 +0000

Security Fixes

Packages have been updated to the latest security versions.
Users could accept an organization invitation incorrectly sent to an unverified email address.

Bug Fixes

Chrome attempted to automatically fill the SMTP and SNMP password fields with the password for the management console.
Git repair jobs repeatedly tried to access unavailable objects, causing high CPU usage.
Suspended users were suggested as pull request reviewers.
Migration archives excluded users who created a protected branch and were subsequently removed from the organization.

Changes

To restrict actions on raw content, including preventing popups, preventing the execution of plugins and scripts, and enforcing a same-origin policy, our content security policy (CSP) header for raw URLs now includes the sandbox attribute.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-12-19)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.17

Tue, 05 Dec 2017 16:00:29 +0000

Security Fixes

Packages have been updated to the latest security versions.
Users could accept an organization invitation incorrectly sent to an unverified email address.

Bug Fixes

Chrome attempted to automatically fill the SMTP and SNMP password fields with the password for the management console.
Git repair jobs repeatedly tried to access unavailable objects, causing high CPU usage.

Changes

To restrict actions on raw content, including preventing popups, preventing the execution of plugins and scripts, and enforcing a same-origin policy, our content security policy (CSP) header for raw URLs now includes the sandbox attribute.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.11.5

Tue, 21 Nov 2017 16:00:31 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

A configuration run could fail in high availability environments if Redis isn't ready.
The open-vm-tools package, included in ESXi VM images, has been updated to 2.10.1.5 to address stability issues when performing snapshots.
The audit log migration process could leave old indices in place which would prevent upgrading to 2.11.
LDAP team sync could cause a noticeable increase in CPU usage when synchronizing large teams.
Pull request comments were not exported with ghe-migrator if the repository is locked.

Changes

GraphQL authenticated requests rate limit has been increased from 200 to 5,000.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-12-19)
The merge button could get stuck in the "Checking for ability to merge" state. (updated 2017-12-20)
Rebuilding a search index—including during an upgrade to this version—could cause many exceptions to be logged to /var/log/github/exceptions.log. The fast growth of this log file could cause the root disk to fill up. (updated 2017-12-20)
Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.11

Tue, 21 Nov 2017 16:00:30 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The audit log migration process could leave old indices in place which would prevent upgrading to 2.11.
LDAP team sync could cause a noticeable increase in CPU usage when synchronizing large teams.
Pull request comments were not exported with ghe-migratior if the repository is locked.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-12-19)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.16

Tue, 21 Nov 2017 16:00:29 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The audit log migration process could leave old indices in place which would prevent upgrading to 2.11.
LDAP team sync could cause a noticeable increase in CPU usage when synchronizing large teams.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.11.4

Tue, 07 Nov 2017 16:00:31 +0000

Security Fixes

LOW: The TLS cipher list did not include ciphers that offer forward secrecy for legacy browsers.
Packages have been updated to the latest security versions.

Bug Fixes

The Management Console password could not be reset using ghe-set-password when the appliance is in recovery mode.
ghe-diagnostics could output Connection refused line items when Redis, Memcached, or Elasticsearch services aren't running.
A pre-receive hook audit log search returned no results.
SSH metrics were missing from the Management Console authentication graphs.
Background job errors could cause Redis to consume large amounts of memory.
The mobile view of the pull request dashboard displayed "No issues to show" instead of "No pull requests to show".
The site admin cache indicator always displayed the memcached service as being active.
For a user or organization named apps, the profile page at /apps showed an integrations landing page and repository pages at /apps/<repository> resulting in a 404 Not Found response due to a conflict with an internal URL. (updated 2017-11-08)

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
The merge button could get stuck in the "Checking for ability to merge" state. (updated 2017-12-20)
Rebuilding a search index—including during an upgrade to this version—could cause many exceptions to be logged to /var/log/github/exceptions.log. The fast growth of this log file could cause the root disk to fill up. (updated 2017-12-20)
Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.10

Tue, 07 Nov 2017 16:00:30 +0000

Security Fixes

LOW: The TLS cipher list did not include ciphers that offer forward secrecy for legacy browsers.
Packages have been updated to the latest security versions.

Bug Fixes

ghe-repl-status-pages showed a critical status if run while a sync is in progress.
The Management Console password could not be reset using ghe-set-password when the appliance is in recovery mode.
ghe-diagnostics could output Connection refused line items when Redis, Memcached, or Elasticsearch services aren't running.
Background job errors could cause Redis to consume large amounts of memory.
Viewing a pull request could fail with a 500 Internal Server Error if it contained a review request from a deleted user.
The mobile view of the pull request dashboard displayed "No issues to show" instead of "No pull requests to show".
The site admin cache indicator always displayed the memcached service as being active.
Fetching a list of reviews from the API could have returned an empty page.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.15

Tue, 07 Nov 2017 16:00:29 +0000

Security Fixes

LOW: The TLS cipher list did not include ciphers that offer forward secrecy for legacy browsers.
Packages have been updated to the latest security versions.

Bug Fixes

ghe-repl-status-pages showed a critical status if run while a sync is in progress.
The Management Console password could not be reset using ghe-set-password when the appliance is in recovery mode.
ghe-diagnostics could output Connection refused line items when Redis, Memcached, or Elasticsearch services aren't running.
Background job errors could cause Redis to consume large amounts of memory.
The mobile view of the pull request dashboard displayed "No issues to show" instead of "No pull requests to show".
The site admin cache indicator always displayed the memcached service as being active.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.23

Tue, 07 Nov 2017 16:00:28 +0000

Upcoming deprecation of GitHub Enterprise 2.8

GitHub Enterprise 2.8 will be deprecated as of November 9, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Security Fixes

LOW: The TLS cipher list did not include ciphers that offer forward secrecy for legacy browsers.
Packages have been updated to the latest security versions.

Bug Fixes

ghe-repl-status-pages showed a critical status if run while a sync is in progress.
The Management Console password could not be reset using ghe-set-password when the appliance is in recovery mode.
ghe-diagnostics could output Connection refused line items when Redis, Memcached, or Elasticsearch services aren't running.
Background job errors could cause Redis to consume large amounts of memory.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.11.3

Wed, 25 Oct 2017 16:00:31 +0000

GitHub Enterprise includes protection from vulnerable, weak SSH keys (CVE-2017-15361)

In response to CVE-2017-15361, certain SSH authentication RSA keys that were generated by some Yubikey 4 devices are vulnerable to private key factorization. Such keys are considered cryptographically weak and therefore in need of replacement. To help users avoid vulnerable keys, GitHub Enterprise has added capabilities to detect and reject them from being configured for user authentication. GitHub Enterprise now includes an administration utility, ghe-ssh-weak-fingerprints, to enable admins to list any affected keys and, optionally, perform a bulk revocation.

The affected supported versions are:

2.8.0 - 2.8.21
2.9.0 - 2.9.13
2.10.0 - 2.10.8
2.11.0 - 2.11.2

This vulnerability was found and reported internally and we have no evidence that it has been exploited in the wild.
We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.8.22, 2.9.14, 2.10.9, or 2.11.3.

Please contact GitHub Enterprise Support if you have questions.

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

On Firefox browsers, the first page of some PDF files was blank when rendered.
Hotpatching failed to retain maintenance mode after a hotpatch was applied.
The babeld service required a manual restart after a hotpatch was applied.
SMTP port was still accepting TLSv1 even after disabling the TLSv1 protocol via the Management Console.
With private mode enabled, using git lfs locks to show the current locks on files tracked by Git LFS showed a user ID instead of a username.
Activities were not shown on the dashboard for users without any repositories.
Suspending all dormant users failed due to a serialization bug.
Password reset emails included an inaccurate description of when the password reset link would expire.
Migrating specific repositories with ghe-migrator failed if an organization level Project referred to a repository that wasn't exported.
Querying the Teams API endpoint could result in a 500 HTTP error if LDAP authentication was enabled.
A "Select a user below to manage roles" team maintainers tip was shown for LDAP-mapped teams.
Attempting to reset the password of a suspended user did not redirect the user to the suspended page.
Restoring a deleted repository from the site admin dashboard did not correctly restore its wiki. (updated 2017-11-09)
Checking high availability replication status could incorrectly report "CRITICAL: git-hooks replication is behind the primary by 3600s".
The "Clear page cache" link in the site admin modal failed if the current page's URL included query string parameters.
Pre-receive hooks could succeed or fail incorrectly because the $GITHUB_VIA environment variable contained a truncated value.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
For a user or organization named apps, the profile page at /apps shows an integrations landing page and repository pages at /apps/<repository> result in a 404 Not Found response due to a conflict with an internal URL. (updated 2017-11-08)
Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions. (updated 2017-10-27)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
The merge button could get stuck in the "Checking for ability to merge" state. (updated 2017-12-20)
Rebuilding a search index—including during an upgrade to this version—could cause many exceptions to be logged to /var/log/github/exceptions.log. The fast growth of this log file could cause the root disk to fill up. (updated 2017-12-20)
Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Note on Hotpatching

The hotpatch contains an upgrade to the kernel and related packages and requires a reboot. The reboot can be performed at a later time after applying the hotpatch.

Thanks!

The GitHub Team

2.10.9

Wed, 25 Oct 2017 16:00:30 +0000

GitHub Enterprise includes protection from vulnerable, weak SSH keys (CVE-2017-15361)

The affected supported versions are:

2.8.0 - 2.8.21
2.9.0 - 2.9.13
2.10.0 - 2.10.8
2.11.0 - 2.11.2

Please contact GitHub Enterprise Support if you have questions.

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

On Firefox browsers, the first page of some PDF files was blank when rendered.
With private mode enabled, using git lfs locks to show the current locks on files tracked by Git LFS showed a user ID instead of a username.
Checking high availability replication status could incorrectly report "CRITICAL: git-hooks replication is behind the primary by 3600s".
SMTP port was still accepting TLSv1 even after disabling the TLSv1 protocol via the Management Console.
Migrating specific repositories with ghe-migrator failed if an organization level Project referred to a repository that wasn't exported.
Password reset emails included an inaccurate description of when the password reset link would expire.
The "Clear page cache" link in the site admin modal failed if the current page's URL included query string parameters.
Restoring a deleted repository from the site admin dashboard did not correctly restore its wiki. (updated 2017-11-09)

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.14

Wed, 25 Oct 2017 16:00:29 +0000

GitHub Enterprise includes protection from vulnerable, weak SSH keys (CVE-2017-15361)

The affected supported versions are:

2.8.0 - 2.8.21
2.9.0 - 2.9.13
2.10.0 - 2.10.8
2.11.0 - 2.11.2

Please contact GitHub Enterprise Support if you have questions.

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

On Firefox browsers, the first page of some PDF files was blank when rendered.
Checking high availability replication status could incorrectly report "CRITICAL: git-hooks replication is behind the primary by 3600s".
Password reset emails included an inaccurate description of when the password reset link would expire.
The "Clear page cache" link in the site admin modal failed if the current page's URL included query string parameters.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.22

Wed, 25 Oct 2017 16:00:28 +0000

GitHub Enterprise includes protection from vulnerable, weak SSH keys (CVE-2017-15361)

The affected supported versions are:

2.8.0 - 2.8.21
2.9.0 - 2.9.13
2.10.0 - 2.10.8
2.11.0 - 2.11.2

Please contact GitHub Enterprise Support if you have questions.

Upcoming deprecation of GitHub Enterprise 2.8

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

On Firefox browsers, the first page of some PDF files was blank when rendered.
Checking high availability replication status could incorrectly report "CRITICAL: git-hooks replication is behind the primary by 3600s".

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.11.2

Fri, 22 Sep 2017 16:00:31 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Memory budgets computed for services were under-allocated leading to severe performance issues.
LFS operations could fail with a slow LDAP server. The internal API timeout for LFS operations has been increased.

Fixes from 2.11.1 that was withdrawn due to a memory budget computation bug

Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
Upgrading a high availability environment from a 2.10 release to 2.11.0 failed with a Failed drop elasticsearch scan file error.
The default authenticated homepage would be blank for users that don't own or have direct collaboration permissions to any repositories.
The repository owner was not displayed when configuring a pre-receive hook.
Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Hotpatch upgrades 2.11.2 could fail reloading the babeld service. If the upgrade fails, run the following command from the affected appliance(s):
```
$ sudo systemctl restart babeld
```
For a user or organization named apps, the profile page at /apps shows an integrations landing page and repository pages at /apps/<repository> result in a 404 Not Found response due to a conflict with an internal URL. (updated 2017-10-24)
Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions. (updated 2017-10-27)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
The merge button could get stuck in the "Checking for ability to merge" state. (updated 2017-12-20)
Rebuilding a search index—including during an upgrade to this version—could cause many exceptions to be logged to /var/log/github/exceptions.log. The fast growth of this log file could cause the root disk to fill up. (updated 2017-12-20)
Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.8

Fri, 22 Sep 2017 16:00:30 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Memory budgets computed for services were under-allocated leading to severe performance issues.
LFS operations could fail with a slow LDAP server. The internal API timeout for LFS operations has been increased.

Fixes from 2.10.7 that was withdrawn due to a memory budget computation bug

Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
The repository owner was not displayed when configuring a pre-receive hook.
Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.13

Fri, 22 Sep 2017 16:00:29 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Memory budgets computed for services were under-allocated leading to severe performance issues.

Fixes from 2.9.12 that was withdrawn due to a memory budget computation bug

Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.21

Fri, 22 Sep 2017 16:00:28 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Memory budgets computed for services were under-allocated leading to severe performance issues.

Fixes from 2.8.20 that was withdrawn due to a memory budget computation bug

Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.11.1

Tue, 19 Sep 2017 16:00:31 +0000

Notice

The 2.11.1 patch release has been withdrawn due to the introduction of a major bug which caused memory budgets for services to be under-allocated. If you have already upgraded your appliance to GitHub Enterprise 2.11.1, please contact support for assistance. (updated 2017-09-21)

Security Fixes

Packages have been updated to the latest security versions.
LOW: A PDF with looping xref tables caused the PDF renderer to consume high amounts of CPU or hang a user's browser. This vulnerability was also patched in 2.11.0.

Bug Fixes

Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
Upgrading a high availability environment from a 2.10 release to 2.11.0 failed with a Failed drop elasticsearch scan file error.
Users had a missing dashboard (i.e. default authenticated homepage) if they didn't own or have direct collaboration permissions to any repositories.
The repository owner was not displayed when configuring a pre-receive hook.
Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Hotpatch upgrades from 2.11.0 to 2.11.1 and configuration updates could fail reloading the babeld service. If the upgrade or configuration update fails, run the following command from the affected appliance(s): (updated 2017-09-21)
```
$ sudo systemctl restart babeld
```
For a user or organization named apps, the profile page at /apps shows an integrations landing page and repository pages at /apps/<repository> result in a 404 Not Found response due to a conflict with an internal URL. (updated 2017-10-24)
Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions. (updated 2017-10-27)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
The merge button could get stuck in the "Checking for ability to merge" state. (updated 2017-12-20)
Rebuilding a search index—including during an upgrade to this version—could cause many exceptions to be logged to /var/log/github/exceptions.log. The fast growth of this log file could cause the root disk to fill up. (updated 2017-12-20)
Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.7

Tue, 19 Sep 2017 16:00:30 +0000

Notice

The 2.10.7 patch release has been withdrawn due to the introduction of a major bug which caused memory budgets for services to be under-allocated. If you have already upgraded your appliance to GitHub Enterprise 2.10.7, please contact support for assistance. (updated 2017-09-21)

Security Fixes

Packages have been updated to the latest security versions.
LOW: A PDF with looping xref tables caused the PDF renderer to consume high amounts of CPU or hang a user's browser.

Bug Fixes

Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
The repository owner was not displayed when configuring a pre-receive hook.
Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.12

Tue, 19 Sep 2017 16:00:29 +0000

Notice

The 2.9.12 patch release has been withdrawn due to the introduction of a major bug which caused memory budgets for services to be under-allocated. If you have already upgraded your appliance to GitHub Enterprise 2.9.12, please contact support for assistance. (updated 2017-09-21)

Security Fixes

Packages have been updated to the latest security versions.
LOW: A PDF with looping xref tables caused the PDF renderer to consume high amounts of CPU or hang a user's browser.

Bug Fixes

Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.20

Tue, 19 Sep 2017 16:00:28 +0000

Notice

The 2.8.20 patch release has been withdrawn due to the introduction of a major bug which caused memory budgets for services to be under-allocated. If you have already upgraded your appliance to GitHub Enterprise 2.8.20, please contact support for assistance. (updated 2017-09-21)

Security Fixes

Packages have been updated to the latest security versions.
LOW: A PDF with looping xref tables caused the PDF renderer to consume high amounts of CPU or hang a user's browser.

Bug Fixes

Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.11.0

Wed, 13 Sep 2017 16:00:31 +0000

Features

Upgrade to Elasticsearch 2.4, which impacts GitHub Enterprise upgrades.
Experience reduced downtime when you’re upgrading patch releases with hotpatching.
Configure Git rate limiting with Governor.
Experience performance improvements in high-availability environments for geographically-distributed teams with geo-replication.
Enable SNMP v3 for extra security, including authentication and encryption using the user-based security model (USM).
Increase the root partition size using an existing appliance.
Limit the creation of LDAP group mappings to organization or site administrators.
Enable LDAP certificate verification.
Configure a replica appliance with a new workflow.
Restrict the ability to change repository visibility to organization owners.
Display and delete image attachments from issues and pull requests using administrator tools.
Create multiple levels of nested teams within an organization to reflect your company or group’s hierarchy structure.
Ask a specific team in your organization to review a pull request.
Specify a code owner for your project's code who will be automatically added as a reviewer for code they own.
Open issues directly from code within a file or pull request.
Create a permanent link to a code snippet.
Store important files for your project, like README and CONTRIBUTING files, in a repository's docs folder.
Create a SUPPORT file for your project.
Mark and unmark issues and pull requests as duplicates.
Use a saved reply to mark an issue as a duplicate.
Navigate pull requests, including Python pull requests, using a summary list of changed methods and functions.
Use ED25519 keys for GPG.
Use emojis and @mentions in your organization description.
Clone your repository in Xcode.
Use improved project board features, like advanced card filtering and task list summaries on cards.
Search, show, and delete image attachments from /stafftools.

Security Fixes

Packages have been updated to their latest security versions.
LOW: A PDF with looping xref tables caused the PDF renderer to consume high amounts of CPU or hang a user's browser. (updated 2017-09-19)

Bug Fixes

Commit contributions for a repository were not rebuilt when the gh-pages branch is deleted.
In a clustering environment, ghe-cluster-config-node-init could fail silently.
Adding a project note containing emoji would fail with a '500 Internal Server Error'.
The Branch Merging API stripped lines starting with # from commit messages.
The user suggestion functionality could timeout when adding members to a very large team.
Adding files with a blank content type, e.g. .zip, .docx, to conversations in issues and pull requests would fail.
An empty Projects board was shown when Elasticsearch was unavailable or rebuilding indices after an upgrade.

Changes

The MIME types used by GitHub Pages match those used by the rest of the appliance.
Syslog identifiers for various services have been made more explicit to make it easier to identify the service.
The maximum number of multiplexed session for administrative SSH session has been increased to 100. This improves backup restores for clustering environments.
NTLM has been removed from the SMTP configuration as an authentication protocol option. This was not working and is insecure.
Releases are sorted first by date and then semantic version instead of lexicographically.
Support for legacy high availability replication has been removed in 2.11. The default replication mechanism changed in 2.9 and this is now the only option in 2.11. This change has no impact unless legacy high availability replication was explicitly configured.
OpenVPN, used in high availability and clustering environments, has been upgraded to 2.4 with support for ECDHE. This removes the need to generate DH parameters and speeds up initial OpenVPN setup.
Pre-receive hooks now run as an unprivileged dedicated user. This could impact running hooks if hooks write temporary data outside /tmp. Running pre-receive hooks as an unprivileged dedicated user improves security by limiting access to the rest of the system from pre-receive hooks.
GitHub Pages now uses Jekyll 3.5.1.
GitHub Pages now uses Commonmark for Markdown rendering.
Using enterprise@github.com as the support address is no longer supported. Customers who have this email address configured need to change it to a valid internal support address or URL.
samplicator, the utility that sends statistics to the metrics servers in cluster environments, now runs as an unprivileged dedicated user.
The commit button text is now shown as "Commit merge" in the conflict editor to better communicate what is happening.

Backups and Disaster Recovery

GitHub Enterprise 2.11 requires at least GitHub Enterprise Backup Utilities 2.11.0 for Backups and Disaster Recovery.

Upcoming deprecation of Internet Explorer 11 support

Support for Internet Explorer 11 will be deprecated on September 13, 2018.

Upcoming deprecation of VMware ESX 5.5 support

Support for VMware ESX 5.5 will be deprecated on September 13, 2018.

Upcoming deprecation of GitHub Enterprise 2.8

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.

Upgrading a high availability environment from a 2.10 release to 2.11.0 could fail with the following error: (updated 2017-09-14)

```bash
$ ghe-upgrade ./github-enterprise-ami-2.11.0.pkg
*** verifying upgrade package signature...
725MiB 0:00:05 [ 141MiB/s] [===========================>] 100%
gpg: Signature made Tue 12 Sep 2017 05:03:10 AM UTC using RSA key ID 0D65D57A
gpg: Good signature from "GitHub Enterprise (Upgrade Package Key) <enterprise@github.com>"
*** applying update...
Scanning for incompatible Elasticsearch mappings...
waiting for ssh for [ghe-host-replica] to be available
ssh command returned 255
Failed drop elasticsearch scan file
```

If you encounter this error, run the following command from your primary or replica appliance before running ghe-upgrade again:

```bash
$ ghe-cluster-each -- sudo touch /data/user/common/es-scan-complete
```

Users may have a missing dashboard (i.e. default authenticated homepage) if they don't own or have direct collaboration permissions to any repositories. If users are encountering this error, they can work around this issue by creating a personal repository. (updated 2017-09-14)
For a user or organization named apps, the profile page at /apps shows an integrations landing page and repository pages at /apps/<repository> result in a 404 Not Found response due to a conflict with an internal URL. (updated 2017-10-24)
Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions. (updated 2017-10-27)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
The merge button could get stuck in the "Checking for ability to merge" state. (updated 2017-12-20)
Rebuilding a search index—including during an upgrade to this version—could cause many exceptions to be logged to /var/log/github/exceptions.log. The fast growth of this log file could cause the root disk to fill up. (updated 2017-12-20)
Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

2.10.6

Tue, 05 Sep 2017 16:00:30 +0000

Security Fixes

MEDIUM: GitHub Services webhooks could be configured to use non-HTTP protocols.
Packages have been updated to the latest security versions.

Bug Fixes

Repository read priority was incorrect after promoting a high availability replica and then re-introducing the original primary node as a replica. This can have a significant performance impact.
Repository read performance could be severely impacted on very large instances under moderate load.
The admin:pre_receive_hook scope wasn't displayed when authorizing an Oauth application requesting this particular scope.
Cloning or pushing repositories with Git LFS assets could fail with a '500 Internal Server Error'.
Labels with encoded characters didn't link correctly with an issue or pull request timeline.
Manual wiki repository repairs and scheduled repair jobs would fail.

Changes

SSH keys added to a user via LDAP sync are automatically verified.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.11

Tue, 05 Sep 2017 16:00:29 +0000

Security Fixes

MEDIUM: GitHub Services webhooks could be configured to use non-HTTP protocols.
Packages have been updated to the latest security versions.

Bug Fixes

Repository read priority was incorrect after promoting a high availability replica and then re-introducing the original primary node as a replica. This can have a significant performance impact.
Repository read performance could be severely impacted on very large instances under moderate load.
The admin:pre_receive_hook scope wasn't displayed when authorizing an Oauth application requesting this particular scope.
Cloning or pushing repositories with Git LFS assets could fail with a '500 Internal Server Error'.

Changes

SSH keys added to a user via LDAP sync are automatically verified.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.19

Tue, 05 Sep 2017 16:00:28 +0000

Security Fixes

MEDIUM: GitHub Services webhooks could be configured to use non-HTTP protocols.
Packages have been updated to the latest security versions.

Bug Fixes

The admin:pre_receive_hook scope wasn't displayed when authorizing an Oauth application requesting this particular scope.
Cloning or pushing repositories with Git LFS assets could fail with a '500 Internal Server Error'.
The Alambic service, which serves avatars, release downloads, and image attachments, could crash and not recover.
Visiting a user's profile page whilst signed out failed with a '500 Internal Server Error'.
Memcached could fail to start if another process claimed its port first.

Changes

SSH keys added to a user via LDAP sync are automatically verified.

Upcoming deprecation of GitHub Enterprise 2.8

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.10.5

Tue, 22 Aug 2017 16:00:30 +0000

Security fixes

Packages have been updated to the latest security versions.

Bug Fixes

MySQL replication could fail to start if an old seed file was found.
ghe-update-check --help would fail if ghe-update-check was already running.
longpoll service connections, which provide live updates to Issues and Pull Requests pages, could flood the instance leading to TCP connection exhaustion and excessive logging.
Forking a repository on a promoted high availability replica node could take a very long time.
Suspended users were suggested as potential reviewers.
The SAML record dumping and updating utility, ghe-saml-mapping-csv, was not exposed to the admin user.
The @-mentions suggester didn't work in IE11.
Ordered lists rendered incorrectly in custom messages on the sign in page.
Using ghe-migrator, protected branch settings were always migrating with push restrictions enabled.
When two-factor authentication is required, LDAP team synchronization could fail if a member hasn't configured 2FA for their account.

Changes

The verbosity of logging for the longpoll service, which provides live updates to Issues and Pull Requests pages, has been lowered.
The conflict editor can be disabled for cross-repository pull requests.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.10

Tue, 22 Aug 2017 16:00:29 +0000

Security fixes

Packages have been updated to the latest security versions.

Bug Fixes

ghe-update-check --help would fail if ghe-update-check was already running.
The @-mentions suggester didn't work in IE11.
Ordered lists rendered incorrectly in custom messages on the sign in page.
The SAML record dumping and updating utility, ghe-saml-mapping-csv, was not exposed to the admin user.
When two-factor authentication is required, LDAP team synchronization could fail if a member hasn't configured 2FA for their account.

Changes

The verbosity of logging for the longpoll service, which provides live updates to Issues and Pull Requests pages, has been lowered.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.18

Tue, 22 Aug 2017 16:00:28 +0000

Security fixes

Packages have been updated to the latest security versions.

Bug Fixes

ghe-update-check --help would fail if ghe-update-check was already running.
Ordered lists rendered incorrectly in custom messages on the sign in page.
When two-factor authentication is required, LDAP team synchronization could fail if a member hasn't configured 2FA for their account.

Changes

The verbosity of logging for the longpoll service, which provides live updates to Issues and Pull Requests pages, has been lowered.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.10.4

Tue, 01 Aug 2017 16:00:30 +0000

Security Fixes

Packages have been updated to the latest security versions.
CRITICAL: Pages and Git have been updated to handle maliciously constructed ssh:// URLs during submodule cloning. This mitigates the vulnerability detailed in CVE-2017-100117 which could have allowed an authenticated attacker to run arbitrary commands on a GitHub Enterprise environment through Pages builds. (updated 2017-08-10)

Bug Fixes

Ping latency for High Availability replicas could be misreported in Enterprise Manage.
Creating a support bundle failed with a “File exists” error if HAProxy logs have been rotated.
Duplicate unicorn-worker related statistics were gathered by Collectd.
ghe-repl-stop did not forcibly stop replication when the primary was offline.
gpgverify could fail to start after an improper shutdown.
Pre-receive hooks with spaces in their paths failed to run.
Links to diffs in the first 50 lines of a file did not properly expand context.
Calling the update-pre-receive-hook-enforcement API could result in an application error.
Deleted repositories were not purged after three months.
Webhook requests ignored local search domains when resolving hosts, which could result in "Couldn't resolve host name" errors.

Changes

Added command-line tool to help map SAML records; ghe-saml-mapping-csv.
Repository maintenance time and status is now shown on the repository network page in the Site Admin dashboard.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Using ghe-migrator, protected branch settings are always migrating with push restrictions enabled. (updated 2017-08-01)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.9

Tue, 01 Aug 2017 16:00:29 +0000

Security Fixes

Packages have been updated to the latest security versions.
CRITICAL: Pages and Git have been updated to handle maliciously constructed ssh:// URLs during submodule cloning. This mitigates the vulnerability detailed in CVE-2017-100117 which could have allowed an authenticated attacker to run arbitrary commands on a GitHub Enterprise environment through Pages builds. (updated 2017-08-10)

Bug Fixes

ghe-repl-stop did not forcibly stop replication when the primary was offline.
Pre-receive hooks with spaces in their paths failed to run.
Calling the update-pre-receive-hook-enforcement API could result in an application error.

Changes

Added command-line tool to help map SAML records; ghe-saml-mapping-csv.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.17

Tue, 01 Aug 2017 16:00:28 +0000

Security Fixes

Packages have been updated to the latest security versions.
CRITICAL: Pages and Git have been updated to handle maliciously constructed ssh:// URLs during submodule cloning. This mitigates the vulnerability detailed in CVE-2017-100117 which could have allowed an authenticated attacker to run arbitrary commands on a GitHub Enterprise environment through Pages builds. (updated 2017-08-10)

Bug Fixes

Pre-receive hooks with spaces in their paths failed to run.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.21

Tue, 01 Aug 2017 16:00:27 +0000

Security Fixes

Packages have been updated to the latest security versions.
CRITICAL: Pages and Git have been updated to handle maliciously constructed ssh:// URLs during submodule cloning. This mitigates the vulnerability detailed in CVE-2017-100117 which could have allowed an authenticated attacker to run arbitrary commands on a GitHub Enterprise environment through Pages builds. (updated 2017-08-10)

Bug Fixes

Pre-receive hooks with spaces in their paths failed to run.

Deprecation of GitHub Enterprise 2.7

GitHub Enterprise 2.7 is now deprecated as of August 3, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.

Thanks!

The GitHub Team

2.10.3

Wed, 12 Jul 2017 16:00:30 +0000

Security Fixes

Packages have been updated to their latest security versions.
LOW: OAuth application access tokens and personal access tokens weren't sanitized from support bundles.

Bug Fixes

The authentication graphs in the management console could be inaccurate and not display a legend due to incorrectly grouped and ordered keys.
Authentication and application request/response graphs in the management console could fail to render when high availability replication was configured. The bug did not affect forwarding metrics to an external collectd server.
/setup/replication in the management console returned a '500 Internal Server Error' when replication was configured.
collectd metric paths could be truncated, which caused multiple write attempts to the same file for different metrics.
Password reset emails incorrectly displayed reset links were valid for 24 hours when they are only valid for three hours.
Pre-receive hooks were incorrectly triggered on internal reference updates.
Pre-receive hooks could not be updated after moving to a new GitHub Enterprise instance, for example after failing over to a replica.
Fetches or pushes that transferred more than 2 GB of data were incorrectly recorded as much larger in the logs for the Git proxy service, babeld.
Users could receive a temporary "bad pack header" error when fetching a very large repository if the repository was being repacked at the same time.
Suspended users could be assigned to issues.
Users could delete organizations that contained repositories even if they were not permitted to delete repositories.
Webhooks could send outdated data after editing an issue comment or changing the base branch of a pull request.
~~Webhook requests incorrectly ignored local search domains when resolving hosts, which could result in "Couldn't resolve host name" errors.~~

Changes

When authenticating via SAML the NameID will be recorded instead of the custom username attribute value when a custom username attribute is defined.
The ghe-support-bundle command now honors the http_proxy environment variable.
The value of the X-Forwarded-For header will now be recorded in the HAproxy log.
The maximum number of HTTPS and websocket connections has been increased.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Background jobs are added to the "toggle_hidden_user_in_notifications" queue, but these jobs aren't processed on GitHub Enterprise. The entries are harmless but will show in ghe-resque-info output and in management console graphs. (updated 2017-07-13)
Webhook requests incorrectly ignore local search domains when resolving hosts, which can result in "Couldn't resolve host name" errors. (updated 2017-07-14)
Creating a support bundle fails with a “File exists” error if HAProxy logs have been rotated. (updated 2017-07-24)
Using ghe-migrator, protected branch settings are always migrating with push restrictions enabled. (updated 2017-08-01)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Errata

We didn't include the fix for webhook requests incorrectly ignoring local search domains when resolving hosts in this release.

Thanks!

The GitHub Team

2.9.8

Wed, 12 Jul 2017 16:00:29 +0000

Security Fixes

Packages have been updated to their latest security versions.
LOW: OAuth application access tokens and personal access tokens weren't sanitized from support bundles.

Bug Fixes

The authentication graphs in the management console could be inaccurate and not display a legend due to incorrectly grouped and ordered keys.
collectd metric paths could be truncated, which caused multiple write attempts to the same file for different metrics.
Password reset emails incorrectly displayed reset links were valid for 24 hours when they are only valid for three hours.
Pre-receive hooks were incorrectly triggered on internal reference updates.
Fetches or pushes that transferred more than 2 GB of data were incorrectly recorded as much larger in the logs for the Git proxy service, babeld.
Suspended users could be assigned to issues.
Updates to pre-receive hooks would not work when a replica was promoted to primary.
Fetches on very large repositories could fail when a repack was running concurrently.
Webhooks could send outdated data when a comment on an issue was edited or when the base branch of a pull request was changed.
Milestones and labels could not be applied while creating an issue.

Changes

When authenticating via SAML the NameID will be recorded instead of the custom username attribute value when a custom username attribute is defined.
The ghe-support-bundle command now honors the http_proxy environment variable.
The value of the X-Forwarded-For header will now be recorded in the HAproxy log.
The maximum number of HTTPS and websocket connections has been increased.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Creating a support bundle fails with a “File exists” error if HAproxy logs have been rotated. (updated 2017-07-24)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.16

Wed, 12 Jul 2017 16:00:28 +0000

Security Fixes

Packages have been updated to their latest security versions.
LOW: OAuth application access tokens and personal access tokens weren't sanitized from support bundles.

Bug Fixes

The authentication graphs in the management console could be inaccurate and not display a legend due to incorrectly grouped and ordered keys.
collectd metric paths could be truncated, which caused multiple write attempts to the same file for different metrics.
Password reset emails incorrectly displayed reset links were valid for 24 hours when they are only valid for three hours.
Pre-receive hooks were incorrectly triggered on internal reference updates.
Fetches or pushes that transferred more than 2 GB of data were incorrectly recorded as much larger in the logs for the Git proxy service, babeld.
Users could receive a temporary "bad pack header" error when fetching a very large repository if the repository was being repacked at the same time.

Changes

The ghe-support-bundle command now honors the http_proxy environment variable.
The value of the X-Forwarded-For header will now be recorded in the HAproxy log.
The maximum number of HTTPS and websocket connections has been increased.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Creating a support bundle fails with a “File exists” error if HAproxy logs have been rotated. (updated 2017-07-24)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.20

Wed, 12 Jul 2017 16:00:27 +0000

Security Fixes

Packages have been updated to their latest security versions.
LOW: OAuth application access tokens and personal access tokens weren't sanitized from support bundles.

Bug Fixes

collectd metric paths could be truncated, which caused multiple write attempts to the same file for different metrics.
Password reset emails incorrectly displayed reset links were valid for 24 hours when they are only valid for three hours.
Pre-receive hooks could not be updated after moving to a new GitHub Enterprise instance, for example after failing over to a replica.
Fetches or pushes that transferred more than 2 GB of data were incorrectly recorded as much larger in the logs for the Git proxy service, babeld.
Users could receive a temporary "bad pack header" error when fetching a very large repository if the repository was being repacked at the same time.

Changes

The ghe-support-bundle command now honors the http_proxy environment variable.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Creating a support bundle fails with a “File exists” error if HAproxy logs have been rotated. (updated 2017-07-24)

Thanks!

The GitHub Team

2.10.2

Tue, 20 Jun 2017 16:00:30 +0000

Security Fixes

Packages have been updated to their latest security versions.
LOW: Tokens were contained in support bundles when they were used in GET requests as a URL parameter.

Bug Fixes

LDAP team sync failed when a duplicate fork was being restored.
Users in large organizations and teams were unable to filter assignees and reviewers for issues and pull requests.
Users in large organizations and teams were unable to @-mention users and teams in issue and pull request comments.
/setup/replication in the Management console returned a '500 Internal Server Error' when replication was not running.
In a clustering environment, collectd statistics weren't reported for the workers that handle RPC calls for Git.
In a clustering environment, preflight checks failed when running ghe-cluster-config-apply against an unresponsive HTTP proxy.
In a clustering environment, a new node could silently fail to be added after ghe-cluster-config-init.

Changes

memcached collectd stats have been added.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
/setup/replication in the Management console returns a '500 Internal Server Error' when replication is configured. (updated 2017-06-27)
Webhook requests incorrectly ignore local search domains when resolving hosts, which can result in "Couldn't resolve host name" errors. (updated 2017-07-10)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
Background jobs are added to the "toggle_hidden_user_in_notifications" queue, but these jobs aren't processed on GitHub Enterprise. The entries are harmless but will show in ghe-resque-info output and in management console graphs. (updated 2017-07-13)
Using ghe-migrator, protected branch settings are always migrating with push restrictions enabled. (updated 2017-08-01)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.7

Tue, 20 Jun 2017 16:00:29 +0000

Security Fixes

Packages have been updated to their latest security versions.
LOW: Tokens were contained in support bundles when they were used in GET requests as a URL parameter.

Bug Fixes

On a 404 page with an appliance configured to use public mode and SAML, the "Sign in" button was illegible.
Webhook edited events could have incorrect body values.
contributions_backfill background jobs were enqueued on every additional push to a repository, even if it contained no commits from users of the appliance.
LDAP team sync failed when a duplicate fork was being restored.
Users in large organizations and teams were unable to filter assignees and reviewers for issues and pull requests.
Users in large organizations and teams were unable to @-mention users and teams in issue and pull request comments.
In a clustering environment, collectd statistics weren't reported for the workers that handle RPC calls for Git.
In a clustering environment, preflight checks failed when running ghe-cluster-config-apply against an unresponsive HTTP proxy.
In a clustering environment, a new node could silently fail to be added after ghe-cluster-config-init.

Changes

memcached collectd stats have been added.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
It is not possible to select and apply labels or milestones when creating new issues. (updated 2017-07-04)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.15

Tue, 20 Jun 2017 16:00:28 +0000

Security Fixes

Packages have been updated to their latest security versions.
LOW: Tokens were contained in support bundles when they were used in GET requests as a URL parameter.

Bug Fixes

On a 404 page with an appliance configured to use public mode and SAML, the "Sign in" button was illegible.
contributions_backfill background jobs were enqueued on every additional push to a repository, even if it contained no commits from users of the appliance.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.19

Tue, 20 Jun 2017 16:00:27 +0000

Security Fixes

Packages have been updated to their latest security versions.
LOW: Tokens were contained in support bundles when they were used in GET requests as a URL parameter.

Bug Fixes

On a 404 page with an appliance configured to use public mode and SAML, the "Sign in" button was illegible.
contributions_backfill background jobs were enqueued on every additional push to a repository, even if it contained no commits from users of the appliance.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Thanks!

The GitHub Team

2.10.1

Tue, 13 Jun 2017 16:00:30 +0000

Security Fixes

Packages have been updated to their latest security versions.

Bug Fixes

On an appliance configured to use LDAP with SSL or StartTLS, users could have failed to authenticate from the web interface or Git client with a 500 error. The failure occurred when the LDAP host uses a certificate that isn't signed by a trusted certificate authority (CA) or is invalid.
github, hookshot, slumlord, and render service logs weren't rotated which may cause the root disk to fill up.
On a 404 page with an appliance configured to use public mode and SAML, the "Sign in" button was illegible.
Visiting /explore could have been slow due to querying each repositories language.
Requesting reviewers could have been slow when there are many users in the appliance.
Webhook edited events could have incorrect body values.
contributions_backfill background jobs were enqueued on every additional push to a repository, even if it contained no commits from users of the appliance.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Webhook requests incorrectly ignore local search domains when resolving hosts, which can result in "Couldn't resolve host name" errors. (updated 2017-07-10)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
Background jobs are added to the "toggle_hidden_user_in_notifications" queue, but these jobs aren't processed on GitHub Enterprise. The entries are harmless but will show in ghe-resque-info output and in management console graphs. (updated 2017-07-13)
Using ghe-migrator, protected branch settings are always migrating with push restrictions enabled. (updated 2017-08-01)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.10.0

Mon, 05 Jun 2017 16:00:30 +0000

Features

With the new features added in GitHub Enterprise 2.10.0, you can:

Create your own tools with GitHub GraphQL API.
Filter pull requests by review status.
Use improved blame when viewing the revision history of a file.
Use topics to explore repositories, find projects, and discover new solutions.
View activity in your project board.
Request a pull request review from suggested reviewers.
Restrict who can dismiss pull request reviews.
Search commits by the tree qualifier.
View the audit log entry when an avatar is changed.
Close project boards.
Add issues and pull requests to a project board from the sidebar.
Disable project boards in your organization.
Dismiss stale pull request reviews.
Restrict repository deletion to site administrators or the organization owners.
Disable insecure TLS protocols.
Configure rate limits for the API and protect the instance from abusive behavior.
Use the ghe-migrator tool to migrate pull request reviews, pull request review comments, protected branches, project boards, multiple assignees, and repository deploy keys.
Review which organizations have two-factor authentication enabled.
Use Git LFS 2.0.0 client features like File Locking.
Identify whether a user is a first-time contributor in the issue or pull request comment.
Mark a notification as read with keyboard shortcut I.
The edited by badge includes the actor when updated by a different author.

Early Access Program

Be a part of the Early Access Program:

Request access to hotpatching for reduced downtime when you’re upgrading patch releases.
If your team is geographically-distributed, request access to geo-replication for better performance in high availability environments.

Security Fixes

Packages have been updated to their latest security versions.

Bug Fixes

Users could fail to fork a repository if a conflicting fork was restored.
Adding a user as a collaborator via the API incorrectly sent an invitation without adding the user.
Users associated with a large number of repositories were unable to view their organization pages.
Image wiki tag failed to render images.
Migrations failed when the branch name contained an invalid unicode character.
Unauthenticated users visiting a public repository's fork were incorrectly redirected to a 404 Not Found page instead of the login page.
After the parent repository has been deleted, the Git LFS objects from the forks were inaccessible.
Deleting a repository containing files in LFS could cause the 'File storage' within the Site Admin to show a temporary 500 error.
After a user or organization renaming, search results incorrectly displayed the previous name.
The hypervisor console welcome screen may have incorrectly displayed sed: couldn't flush stdout: Broken pipe.
Repository and Gist synchronization could stall after restarting high availability replication.
Archived repositories were not restorable from /stafftools.
The /status endpoint on a high availability replica incorrectly returned 200 OK instead of 503 Service Unavailable.
Issues and pull requests were inaccessible if a high availability replica was rebooted before it was promoted.
Graphs in the Management Console displayed the sum instead of an average value. As a result, graphs had incorrectly displayed an increasing metric over time.
Pre-receive hooks may have failed with mount: can't find ... error messages.
ghe-upgrade.log contained harmless /proc/... No such file or directory messages.
Gists were not rendering Jupyter notebook files. (updated 2017-06-14)

Changes

The default root partition has increased to 200GB.
New REST API resources have been added.
New webhook events have been added.
ghe-* scripts require an Enter keydown after the [y/N] prompt.
GPG keys with duplicate subkeys will be added using the most recent subkey.
Replication will not always start after upgrading a replica, but will instead assume the pre-upgrade state (stopped or started) in order to prevent issues with multiple replicas starting concurrently when using the Early access program for geo distributed replicas. We recommend that you stop replication with ghe-repl-stop and start replication with ghe-repl-start after the replica upgrade is complete.
GitHub Enterprise clustering environments require an additional TCP port to be opened for LFS communication.
GitHub Flavored Markdown, which is now compliant with CommonMark, is used to render repository markdown (e.g. .md) files. (updated 2017-06-11)

Upcoming deprecation of GitHub Enterprise 2.7

GitHub Enterprise 2.7 will be deprecated as of August 3, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
On an appliance configured to use LDAP with SSL or StartTLS, users could fail to authenticate from the web interface or Git client with a 500 error. The failure occurs when the LDAP host uses a certificate that isn't signed by a trusted certificate authority (CA) or is invalid. (updated 2017-06-05)
github, hookshot, slumlord, and render service logs aren't rotated which may cause the root disk to fill up. (updated 2017-06-08) .
Webhook requests incorrectly ignore local search domains when resolving hosts, which can result in "Couldn't resolve host name" errors. (updated 2017-07-10)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
Background jobs are added to the "toggle_hidden_user_in_notifications" queue, but these jobs aren't processed on GitHub Enterprise. The entries are harmless but will show in ghe-resque-info output and in management console graphs. (updated 2017-07-13)
Using ghe-migrator, protected branch settings are always migrating with push restrictions enabled. (updated 2017-08-01)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

2.9.6

Tue, 30 May 2017 16:00:29 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

After the parent repository has been deleted, the Git LFS objects from the forks were inaccessible.
Deleting a repository containing files in LFS could cause the 'File storage' within the Site Admin to show a temporary 500 error.
Adding a user as a collaborator via the API incorrectly sent an invitation without adding the user.
After a user or organization renaming, search results incorrectly displayed the previous name.
The hypervisor console welcome screen may have incorrectly displayed sed: couldn't flush stdout: Broken pipe.
Repository and Gist synchronization could stall after restarting high availability replication.
Archived repositories were not restorable from /stafftools.
The /status endpoint on a high availability replica incorrectly returned 200 OK instead of 503 Service Unavailable.
Issues and pull requests were inaccessible if a high availability replica was rebooted before it was promoted.
Graphs in the Management Console displayed the sum instead of an average value. As a result, graphs had incorrectly displayed an increasing metric over time.
Pre-receive hooks may have failed with mount: can't find ... error messages.
ghe-upgrade.log contained harmless /proc/... No such file or directory messages.

Changes

GitHub Flavored Markdown, which is now compliant with CommonMark, is used to render repository markdown (e.g. .md) files. (updated 2017-06-11)

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.14

Tue, 30 May 2017 16:00:28 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

After the parent repository has been deleted, the Git LFS objects from the forks were inaccessible.
Adding a user as a collaborator via the API incorrectly sent an invitation without adding the user.
Deleting a repository containing files in LFS could cause the 'File storage' within the Site Admin to show a temporary 500 error.
The hypervisor console welcome screen may have incorrectly displayed sed: couldn't flush stdout: Broken pipe.
Graphs in the Management Console displayed the sum instead of an average value. As a result, graphs had incorrectly displayed an increasing metric over time.
Pre-receive hooks may have failed with mount: can't find ... error messages.
ghe-upgrade.log contained harmless /proc/... No such file or directory messages.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.18

Tue, 30 May 2017 16:00:27 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

After the parent repository has been deleted, the Git LFS objects from the forks were inaccessible.
Adding a user as a collaborator via the API incorrectly sent an invitation without adding the user.
Graphs in the Management Console displayed the sum instead of an average value. As a result, graphs had incorrectly displayed an increasing metric over time.
ghe-upgrade.log contained harmless /proc/... No such file or directory messages.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Thanks!

The GitHub Team

2.9.5

Tue, 16 May 2017 16:00:29 +0000

Note about Git LFS v2.1.1

A CRITICAL security fix for the Git LFS client was released on 19 May. The remote code execution vulnerability can be exploited if:

a repository contains a .lfsconfig with:

  ...
    url = ssh://-oProxyCommand=command
  ...

a user clones the malicious repository with a vulnerable Git LFS client

This vulnerability exists in the Git LFS client and not GitHub Enterprise. However, we strongly encourage all users of GitHub Enterprise to upgrade their Git LFS client to v2.1.1 (or greater) from https://git-lfs.github.com/.

Please contact GitHub Enterprise Support if you have any questions.

Note: GitHub Enterprise supports broadcasting messages directly on the application with ghe-announce and Creating a custom sign in message.

Security Fixes

This release and previous releases of GitHub Enterprise are not affected by the Git shell vulnerability announced 10 May 2017 (CVE-2017-8386).
Packages have been updated to the latest security versions.

Bug Fixes

Memcached could fail to start if another process claimed its port first.
A high availability replica could fail to connect to the primary after upgrading.
When LDAP Sync is enabled, only organization owners could search the LDAP directory for groups when creating a new team.
With SAML authentication configured, and the IdP set to assert administrator status, the user promotion/demotion button on a user's Site Admin page was shown as disabled but was still clickable and useable.
In a clustering environment, ghe-cluster-status would use the configured proxy when querying each node.
In a clustering environment, restoring a backup to a cluster not meeting the minimum recommended number of pages-server and storage-server nodes would fail.
Pagination of a webhook's 'Recent Deliveries' was not enabled, limiting access to the last ten deliveries.
High availability replication on 2.9.0-2.9.4 would not synchronize all Git data if the replica node has been offline for more than 90 minutes. Those failed synchronizations may not be reported by ghe-repl-status. We strongly recommend upgrading to 2.9.5 or later before promoting a replica. (updated 2017-05-16)
A high availability replica could report a warning that alambic replication is behind the primary because deleting objects such as release assets or avatars did not remove their corresponding database entries. (updated 2017-05-25)

Changes

The GitHub Enterprise version is shown on the hypervisor welcome console.
The SAML authentication logs no longer contain debug information by default. Debugging information can be enabled in the Admin Center.
Organizations are sorted alphabetically when selecting repository owner when creating a new repository.
In a clustering environment, a failure to retrieve a support bundle from a node is reported as an error. It was reported as a warning.
GitHub Flavored Markdown, which is now compliant with CommonMark, is used to render repository markdown (e.g. .md) files. (updated 2017-06-11)

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Deleting a repository containing files in LFS can cause the 'File storage' within the Site Admin to show a temporary 500 error.
Graphs in the Management Console are displaying the sum instead of an average value. As a result, graphs may incorrectly show an increasing metric over time. (updated 2017-05-17)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.13

Tue, 16 May 2017 16:00:28 +0000

Note about Git LFS v2.1.1

A CRITICAL security fix for the Git LFS client was released on 19 May. The remote code execution vulnerability can be exploited if:

a repository contains a .lfsconfig with:

  ...
    url = ssh://-oProxyCommand=command
  ...

a user clones the malicious repository with a vulnerable Git LFS client

Please contact GitHub Enterprise Support if you have any questions.

Note: GitHub Enterprise supports broadcasting messages directly on the application with ghe-announce and Creating a custom sign in message.

Security Fixes

This release and previous releases of GitHub Enterprise are not affected by the Git shell vulnerability announced 10 May 2017 (CVE-2017-8386).
Packages have been updated to the latest security versions.

Bug Fixes

When LDAP Sync is enabled, only organization owners could search the LDAP directory for groups when creating a new team.
Deleting a repository containing files in LFS could cause the 'File storage' within the Site Admin to show a temporary 500 error.
In a clustering environment, ghe-cluster-status would use the configured proxy when querying each node.
In a clustering environment, restoring a backup to a cluster not meeting the minimum recommended number of pages-server and storage-server nodes would fail.
Pagination of a webhook's 'Recent Deliveries' was not enabled, limiting access to the last ten deliveries.
In clustering and high availability environments, the disk usage percentage and tooltip in the admin bar were incorrect.

Changes

The GitHub Enterprise version is shown on the hypervisor welcome console.
The SAML authentication logs no longer contain debug information by default. Debugging information can be enabled in the Admin Center.
In a clustering environment, a failure to retrieve a support bundle from a node is reported as an error. It was reported as a warning.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.17

Tue, 16 May 2017 16:00:27 +0000

Note about Git LFS v2.1.1

A CRITICAL security fix for the Git LFS client was released on 19 May. The remote code execution vulnerability can be exploited if:

a repository contains a .lfsconfig with:

  ...
    url = ssh://-oProxyCommand=command
  ...

a user clones the malicious repository with a vulnerable Git LFS client

Please contact GitHub Enterprise Support if you have any questions.

Note: GitHub Enterprise supports broadcasting messages directly on the application with ghe-announce and Creating a custom sign in message.

Security Fixes

This release and previous releases of GitHub Enterprise are not affected by the Git shell vulnerability announced 10 May 2017 (CVE-2017-8386).
Packages have been updated to the latest security versions.

Bug Fixes

In a clustering environment, restoring a backup to a cluster not meeting the minimum recommended number of pages-server and storage-server nodes would fail.

Changes

The SAML authentication logs no longer contain debug information by default. Debugging information can be enabled in the Admin Center.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Thanks!

The GitHub Team

2.9.4

Tue, 02 May 2017 16:00:29 +0000

Security Fixes

MEDIUM: When using 2FA, the recovery codes could be brute forced on browsers that do not implement the X-Content-Type-Options HTTP header correctly.
Packages have been updated to the latest security versions.

Bug Fixes

Service hooks were blocked from accessing the API endpoint of the local instance.
Processes could be leaked if Collectd exited unexpectedly.
Job queues could not be paused if the workers serviced multiple queues.
Site administrators could experience a '500 Internal Server Error' after viewing the history for a file path containing Japanese characters.
Fetching a list of pull request reviews via the API could fail with '422 Unprocessable Entity' or '500 Internal Server Error' errors.
Git LFS files were not rendered when private mode is disabled.
In cluster mode, restoring backups could hang indefinitely.
Custom sysctl settings were not taking effect when saving the settings.

Changes

Support bundles are now built and stored in /data/user/tmp to preserve free space on the root filesystem.
The /status endpoint can be queried over HTTP.
GitHub Flavored Markdown, which is now compliant with CommonMark, is used to render repository markdown (e.g. .md) files. (updated 2017-06-11)

Deprecation of GitHub Enterprise 2.6

GitHub Enterprise 2.6 is now deprecated as of April 26, 2017. That means that no patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
Graphs in the Management Console are displaying the sum instead of an average value. As a result, graphs may incorrectly show an increasing metric over time. (updated 2017-05-17)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.12

Tue, 02 May 2017 16:00:28 +0000

Security Fixes

MEDIUM: When using 2FA, the recovery codes could be brute forced on browsers that do not implement the X-Content-Type-Options HTTP header correctly.
Packages have been updated to the latest security versions.

Bug Fixes

Service hooks were blocked from accessing the API endpoint of the local instance.
Processes could be leaked if Collectd exited unexpectedly.
Custom sysctl settings were not taking effect when saving the settings.

Changes

Support bundles are now built and stored in /data/user/tmp to preserve free space on the root filesystem.

Deprecation of GitHub Enterprise 2.6

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.16

Tue, 02 May 2017 16:00:27 +0000

Security Fixes

MEDIUM: When using 2FA, the recovery codes could be brute forced on browsers that do not implement the X-Content-Type-Options HTTP header correctly.
Packages have been updated to the latest security versions.

Bug Fixes

Service hooks were blocked from accessing the API endpoint of the local instance.
Processes could be leaked if Collectd exited unexpectedly.
Custom sysctl settings were not taking effect when saving the settings.

Changes

Support bundles are now built and stored in /data/user/tmp to preserve free space on the root filesystem.

Deprecation of GitHub Enterprise 2.6

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Thanks!

The GitHub Team

2.9.3

Tue, 18 Apr 2017 16:00:29 +0000

Security Fixes

MEDIUM: Local privileged MySQL credentials and Alambic HMAC/API keys were exposed in log files included in the support bundle.
None of the currently supported releases of GitHub Enterprise are affected by the Linux kernel UDP remote code execution vulnerability issued 4 April 2017 (CVE-2016-10229).
Packages have been updated to the latest security versions.

Bug Fixes

An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggered a firewall rule that caused an internal server error on several pages, including the author's profile page.
Collectd statistics were collected for the temporary pre-receive hook environment mount points.
Users could be added to a team if they don't satisfy the Organization's 2FA requirements.
Very large release or Git LFS assets failed to replicate due to a timeout in a high availability environment.
In a clustering environment, several services failed to start following a reboot.
In a clustering environment, configuring multiple nodes in parallel could lead to nodes overwriting each other's MySQL seed data.
In clustering and high availability environments, the disk usage percentage and tooltip in the admin bar were incorrect.
Attempts to authenticate via LDAP, would result in /var/log/github/auth.log log entries with via token repeated many times.
A suggested branch name of "null" was displayed when using IE11 or Microsoft Edge browsers.
Users were referred to the GitHub.com status page when a repository was offline.
Pushes to a repository in a high availability environment could fail with ! [remote rejected] master -> master (missing necessary objects).
New repositories created whilst a high availability replica was stopped were not created on disk and were marked offline.
The Management Console did not become accessible after promoting a high availability replica.
Saving custom messages containing UTF-8 characters in the Admin Center failed with a 500 error.
HTTP clone URLs which include the username did not cause Git to prompt for credentials when password authentication is disabled.
During maintenance mode for a high availability environment, the /setup/maintenance page did not list active processes.
The /status endpoint on a high availability replica incorrectly returned 200 OK instead of 503 Service Unavailable.

Changes

The jq utility has been added to the default pre-receive hook environment.
More colors are used in the monitoring graphs in a high availability environment, making them more legible.
Pinned Organization repositories can now only be modified by Organization owners.
Backups of cluster environments with a large number of archived repositories has been optimized for improved performance.
GitHub Flavored Markdown, which is now compliant with CommonMark, is used to render repository markdown (e.g. .md) files. (updated 2017-06-11)

Upcoming deprecation of GitHub Enterprise 2.6

GitHub Enterprise 2.6 will be deprecated as of April 26, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Site administrators can experience a 500 Internal Server Error after viewing the history for a file path containing Japanese characters.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.11

Tue, 18 Apr 2017 16:00:28 +0000

Security Fixes

MEDIUM: Local privileged MySQL credentials and Alambic HMAC/API keys were exposed in log files included in the support bundle.
None of the currently supported releases of GitHub Enterprise are affected by the Linux kernel UDP remote code execution vulnerability issued 4 April 2017 (CVE-2016-10229).
Packages have been updated to the latest security versions.

Bug Fixes

An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggered a firewall rule that caused an internal server error on several pages, including the author's profile page.
Collectd statistics were collected for the temporary pre-receive hook environment mount points.
Users could be added to a team if they don't satisfy the Organization's 2FA requirements.
Very large release or Git LFS assets failed to replicate due to a timeout in a high availability environment.
In a clustering environment, several services failed to start following a reboot.
In a clustering environment, configuring multiple nodes in parallel could lead to nodes overwriting each other's MySQL seed data.

Changes

The jq utility has been added to the default pre-receive hook environment.
More colors are used in the monitoring graphs in a high availability environment, making them more legible.
Backups of cluster environments with a large number of archived repositories has been optimized for improved performance.

Upcoming deprecation of GitHub Enterprise 2.6

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.15

Tue, 18 Apr 2017 16:00:27 +0000

Security Fixes

MEDIUM: Local privileged MySQL credentials and Alambic HMAC/API keys were exposed in log files included in the support bundle.
None of the currently supported releases of GitHub Enterprise are affected by the Linux kernel UDP remote code execution vulnerability issued 4 April 2017 (CVE-2016-10229).
Packages have been updated to the latest security versions.

Bug Fixes

An issue or pull request comment containing the string 'User-Agent: GitHub-Hookshot' incorrectly triggered a firewall rule that caused an internal server error on several pages, including the author's profile page.
Collectd statistics were collected for the temporary pre-receive hook environment mount points.
Users could be added to a team if they don't satisfy the Organization's 2FA requirements.
Very large release or Git LFS assets failed to replicate due to a timeout in a high availability environment.
In a clustering environment, several services failed to start following a reboot.
In a clustering environment, configuring multiple nodes in parallel could lead to nodes overwriting each other's MySQL seed data.

Changes

The jq utility has been added to the default pre-receive hook environment.
More colors are used in the monitoring graphs in a high availability environment, making them more legible.
Backups of cluster environments with a large number of archived repositories has been optimized for improved performance.

Upcoming deprecation of GitHub Enterprise 2.6

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Thanks!

The GitHub Team

2.6.20

Tue, 18 Apr 2017 16:00:26 +0000

Security Fixes

MEDIUM: Local privileged MySQL credentials and Alambic HMAC/API keys were exposed in log files included in the support bundle.
None of the currently supported releases of GitHub Enterprise are affected by the Linux kernel UDP remote code execution vulnerability issued 4 April 2017 (CVE-2016-10229).
Packages have been updated to the latest security versions.

Bug Fixes

An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggered a firewall rule that caused an internal server error on several pages, including the author's profile page.
Collectd statistics were collected for the temporary pre-receive hook environment mount points.

Changes

More colors are used in the monitoring graphs in a high availability environment, making them more legible.

Deprecation of GitHub Enterprise 2.6

GitHub Enterprise 2.6 is now deprecated as of April 26, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https.
Console text is difficult to read on OpenStack KVM.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.

Thanks!

The GitHub Team

2.9.2

Wed, 29 Mar 2017 16:00:29 +0000

Security Fixes

HIGH: Improper sanitization of user markup content, while not allowing full XSS, could have been abused to leak sensitive data or perform actions as the user viewing the content.
LOW: A file path traversal vulnerability in the Management Console API could allow authenticated users to download content of local files ending with .txt.
LOW: Improper sanitization of input allowed splitting of a response header value over multiple lines. No headers could be injected because the actual header name was included on each line.
LOW: Detect and reject any Git content that shows evidence of being part of a SHA-1 collision attack
Packages have been updated to the latest security versions.

Bug Fixes

The webhook delivery log was missing timing metrics.
The /trending page could incorrectly display a Sign up for free button.
ghe-check-disk-usage incorrectly defaulted to a --verbose run.
When migrating from GitHub.com or another GitHub Enterprise appliance, an @ could cause comments to be truncated.
Status checks on a pull request weren't properly run after using the Update branch button, so the Merge pull request button was inaccessible.
Processes responsible for Git repository replication could cause a high availability replica appliance to run out of memory and kill a dependent service.
After an upgrade, the Management Console of a high availability replica appliance could indefinitely show the Starting... page.
The total number of organizations was incorrect because the count included trusted OAuth applications.
Exceptions were logged to /var/log/github/exceptions.log when a reaction was added a comment.
It wasn't possible to give LDAP mapped access to a repository when transferring a repository to an organization.
Administrators couldn't restore deleted LFS objects.
When a SAML user whose normalized username matches an organization's name tried to authenticate, the organization's attributes such as profile email could be incorrecty altered.
The org_repos count in /enterprise/stats incorrectly counted private user-owned forks.
It was possible to queue more jobs to repair a search index through the site admin than could be processed in a reasonable time, causing low priority jobs to become backlogged.
A configuration run could revert an SSL certificate to an automatically generated self-signed certificate.
Graphs in the Management Console monitoring page were incorrectly sorted.

Changes

Site admin reports are now accessible with a site_admin scoped OAuth token.
GitHub Flavored Markdown, which is now compliant with CommonMark, is used to render repository markdown (e.g. .md) files. (updated 2017-06-11)

Upcoming deprecation of GitHub Enterprise 2.6

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
The /status endpoint on a high availability replica incorrectly returns 200 OK instead of 503 Service Unavailable.
Site administrators can experience a 500 Internal Server Error after viewing the history for a file path containing Japanese characters. (updated 2017-03-30)
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not. (updated 2017-03-30)
During maintenance mode for a high availability environment, the /setup/maintenance does not list active processes. (updated 2017-03-30)
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.10

Wed, 29 Mar 2017 16:00:28 +0000

Security Fixes

HIGH: Improper sanitization of user markup content, while not allowing full XSS, could have been abused to leak sensitive data or perform actions as the user viewing the content.
LOW: Detect and reject any Git content that shows evidence of being part of a SHA-1 collision attack.
Packages have been updated to the latest security versions.

Bug Fixes

The webhook delivery log was missing timing metrics.
The /trending page could incorrectly display a Sign up for free button.
The total number of organizations was incorrect because the count included trusted OAuth applications.
ghe-check-disk-usage incorrectly defaulted to a --verbose run.
When migrating from GitHub.com or another GitHub Enterprise appliance, an @ could cause comments to be truncated.
Administrators couldn't restore deleted LFS objects.
Pull request review comment webhooks could fail to send.
When a SAML user whose normalized username matches an organization's name tried to authenticate, the organization's attributes such as profile email could be incorrecty altered.
A configuration run could revert an SSL certificate to an automatically generated self-signed certificate.
Graphs in the Management Console monitoring page were incorrectly sorted.

Upcoming deprecation of GitHub Enterprise 2.6

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not. (updated 2017-03-30)
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-04-05)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.14

Wed, 29 Mar 2017 16:00:27 +0000

Security Fixes

LOW: Detect and reject any Git content that shows evidence of being part of a SHA-1 collision attack.
Packages have been updated to the latest security versions.

Bug Fixes

The /trending page could incorrectly display a Sign up for free button.
The total number of organizations was incorrect because the count included trusted OAuth applications.
ghe-check-disk-usage incorrectly defaulted to a --verbose run.
Administrators couldn't restore deleted LFS objects.
A configuration run could revert an SSL certificate to an automatically generated self-signed certificate.
Graphs in the Management Console monitoring page were incorrectly sorted.

Upcoming deprecation of GitHub Enterprise 2.6

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not. (updated 2017-03-30)
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Thanks!

The GitHub Team

2.6.19

Wed, 29 Mar 2017 16:00:26 +0000

Security Fixes

LOW: Detect and reject any Git content that shows evidence of being part of a SHA-1 collision attack.
Packages have been updated to the latest security versions.

Bug Fixes

The /trending page could incorrectly display a Sign up for free button.
The total number of organizations was incorrect because the count included trusted OAuth applications.
Administrators couldn't restore deleted LFS objects.

Upcoming deprecation of GitHub Enterprise 2.6

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https.
Console text is difficult to read on OpenStack KVM.
Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not. (updated 2017-03-30)
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)

Thanks!

The GitHub Team

2.9.1

Tue, 14 Mar 2017 16:00:29 +0000

Security Fixes

LOW: New, invited users received their initial passwords in clear text via e-mail. A password reset link, valid for 24 hours, is sent to the user instead.
Packages have been updated to the latest security versions.

Bug Fixes

Incorrect support bundle and diagnostics instructions were displayed for high availability environments.
The secondary NTP server was not allowed to be blank.
A search index that was not marked as the primary index, for example when a new index was being built after an upgrade, could be incorrectly deleted.
OAuth application authorization failed when the path contained more than one query parameter.
The initial import of the VMware OVA image would fail when deployed via vCenter Server 6.0 or 6.5.
Starting high availability replication would fail if the appliance was previously configured as a replica.
Git replication maintenance jobs failed to complete if there were unhealthy repositories prior to upgrading to 2.9.
An unused locations search index was incorrectly listed in the site admin indexing page.
Site administrators may have experienced 500 Internal Server Error if the license was approaching expiration or was close to the seat limit.
Accessing a GitHub Pages site would cause 500 Internal Server Error.
It was not possible to enable or disable maintenance mode through the Management Console.
Issues or pull requests with renamed labels were not properly indexed for filtering.
On Google Compute Engine, it was possible to use an ephemeral scratch disk as repository storage.

Changes

A clustering environment requires at least 2 metrics-servers.

Deprecation of GitHub Enterprise 2.5

GitHub Enterprise 2.5 is now deprecated as of March 14, 2017. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Upcoming deprecation of GitHub Enterprise 2.6

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Graphs in the Management Console monitoring page are incorrectly sorted.
It's possible to queue more jobs to repair a search index through the site admin than can be processed in a reasonable time, causing low priority jobs to become backlogged.
Deleting a search index doesn't delete all associated metadata, which is then incorrectly reused if a new search index is created. This can cause search index repair jobs to be reported as finished in the site admin when they're not.
A configuration run can incorrectly revert an SSL certificate to an automatically generated self-signed certificate.
The /status endpoint on a high availability replica incorrectly returns 200 OK instead of 503 Service Unavailable.
Site administrators can experience a 500 Internal Server Error after viewing the history for a file path containing Japanese characters. (updated 2017-03-30)
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.9

Tue, 14 Mar 2017 16:00:28 +0000

Security Fixes

LOW: New, invited users received their initial passwords in clear text via e-mail. A password reset link, valid for 24 hours, is sent to the user instead.
Packages have been updated to the latest security versions.

Bug Fixes

The secondary NTP server was not allowed to be blank.
A search index that was not marked as the primary index, for example when a new index was being built after an upgrade, could be incorrectly deleted.
OAuth application authorization failed when the path contained more than one query parameter.
The initial import of the VMware OVA image would fail when deployed via vCenter Server 6.0 or 6.5.

Changes

A clustering environment requires at least 2 metrics-servers.

Deprecation of GitHub Enterprise 2.5

Upcoming deprecation of GitHub Enterprise 2.6

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Graphs in the Management Console monitoring page are incorrectly sorted.
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.13

Tue, 14 Mar 2017 16:00:27 +0000

Security Fixes

LOW: New, invited users received their initial passwords in clear text via e-mail. A password reset link, valid for 24 hours, is sent to the user instead.
Packages have been updated to the latest security versions.

Bug Fixes

A search index that was not marked as the primary index, for example when a new index was being built after an upgrade, could be incorrectly deleted.
The initial import of the VMware OVA image would fail when deployed via vCenter Server 6.0 or 6.5.

Deprecation of GitHub Enterprise 2.5

Upcoming deprecation of GitHub Enterprise 2.6

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
Graphs in the Management Console monitoring page are incorrectly sorted.
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Thanks!

The GitHub Team

2.6.18

Tue, 14 Mar 2017 16:00:26 +0000

Security Fixes

LOW: New, invited users received their initial passwords in clear text via e-mail. A password reset link, valid for 24 hours, is sent to the user instead.
Packages have been updated to the latest security versions.

Bug Fixes

The initial import of the VMware OVA image would fail when deployed via vCenter Server 6.0 or 6.5.

Deprecation of GitHub Enterprise 2.5

Upcoming deprecation of GitHub Enterprise 2.6

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https.
Console text is difficult to read on OpenStack KVM.
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)

Thanks!

The GitHub Team

2.5.23

Tue, 14 Mar 2017 16:00:25 +0000

Security Fixes

LOW: New, invited users received their initial passwords in clear text via e-mail. A password reset link, valid for 24 hours, is sent to the user instead.
Packages have been updated to the latest security versions.

Bug Fixes

The initial import of the VMware OVA image would fail when deployed via vCenter Server 6.0 or 6.5.

Deprecation of GitHub Enterprise 2.5

Upcoming deprecation of GitHub Enterprise 2.6

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Console text is difficult to read on OpenStack KVM.
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)

Thanks!

The GitHub Team

2.9.0

Wed, 01 Mar 2017 16:00:29 +0000

Features

With the new features added in GitHub Enterprise 2.9.0, you can:

Configure the SAML username attribute name to match your organizational standard or what your identity provider uses.
Disable password-based authentication for Git operations when using LDAP authentication.
Use load balancers for a single appliance of GitHub Enterprise and in front of a High Availability environment.
Use TLS encrypted communication for secure log forwarding.
Deploy GitHub Enterprise on Google Compute Engine.
Require users to download recovery codes before they can complete the 2FA setup process.
Manage one or more users at a time with bulk management.
Remove one or more outside collaborator's access to a single repository or to all organization owned repositories at one time.
Locate users by their GPG key from /stafftools.
Purge LFS objects in a repository from /stafftools.
Search commits by fields such as message, author, and date.
- Note: Due to indexing commits, this feature may require adding more space to the data partition (depending on the number of commits and the length of each message).
View diffs beyond the previous 300 file maximum.
Resolve merge conflicts from your pull requests.
Request a pull request review from a specific person.
Dismiss a review from a pull request.
Preserve your forks even if you are removed from a team using LDAP sync.
Identify whether a user is a contributor, owner, or member from badges in the issue or pull request comment.
Allow organizations to pin repositories.
Create an organization-wide project to manage issues and pull requests from any repository that belongs to an organization.
Resume downloads of Git LFS objects, releases, and uploads with supported HTTP(S) clients.

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Directory names containing spaces failed to be created from the web interface.
Directional hotkeys weren't functional on the commit activity graph.
Searching repositories from the organization page was inconsistent with the results from the global search.
Commits were incorrectly referenced to the parent repository in the timeline after restoring a fork.
Validly signed commits were displayed as invalid if the client added metadata to the gpg signature.
Attempting to convert a user to an organization failed with an internal server error.
Git LFS objects could take up to an hour to replicate in a High Availability configuration.
In a clustering environment, reindexing failed when a pull request routes to an offline repository.
svn checkout could incorrectly fail with a 429 HTTP error code.
Copy to clipboard buttons failed for Internet Explorer 11 users.
Pre-receive hooks failed to output UTF-8 characters.
Migrations failed to preserve a label with a / character.
A previously configured replica appliance excessively logged errors during High Availability initialization.
Pre-receive hooks could fail with Device or resource busy.
LDAP synchronization incorrectly removed users after a server-side LDAP timeout.
An Encoding::Compatibility error occurred when viewing a webhook from /stafftools.
The Management Console Add new SSH key field incorrectly allowed an SSH fingerprint instead of the contents of the key.
A former primary appliance failed to create or update pre-receive hook environments.
In a clustering environment, services were incorrectly started after reboot.
Pre-receive hooks checking internal or temporary Git references failed.
In a clustering environment, releases, uploads, avatars, and LFS files could fail to be accessible after a storage-server is removed.
In a clustering environment, storage-server repair jobs took a long time when a new storage-server is added.
In a clustering environment, the enterprise-manage and resolvconf service were incorrectly stopped after ghe-cluster-config-apply.
An updated SAML Verification certificate did not take effect until the github-unicorn service was restarted.

Changes

The Reactivate suspended users configuration has changed to reflect the current configured state.
The <Destination> element is no longer optional in the SAML response.
The default Amazon Web Services EC2 root partition has increased to 80 GB.
GitHub Flavored Markdown, which is used to render issue and pull request comments, is now compliant with CommonMark.
- Note: Rendering for repository files has not changed.
New webhook events have been added.
New API resources have been added.
High Availability Git replication has been updated to use Spokes.
A ten second timeout is enforced for all LDAP authentication requests. In the event of a timeout, the user is notified, and the timeout is recorded to the log files and reflected on the LDAP Authentication Management Console monitoring graph.
Outdated diffs and review comments are now hidden by default when viewing a Pull Request. (updated 2017-05-17)

Backups and Disaster Recovery

GitHub Enterprise 2.9 requires at least GitHub Enterprise Backup Utilities 2.9.0 for Backups and Disaster Recovery.

Deprecation of GitHub Enterprise 2.4

GitHub Enterprise 2.4 is now deprecated as of February 9, 2017. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Upcoming deprecation of GitHub Enterprise 2.5

GitHub Enterprise 2.5 will be deprecated as of March 14, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Graphs in the Management Console monitoring page are incorrectly sorted.
Site administrators may experience 500 Internal Server Error if the license is approaching expiration or is close to the seat limit. (updated 2017-03-08)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host.
On Google Compute Engine, it's possible to use an ephemeral scratch disk as repository storage (updated 2017-03-10)
A search index that's not marked as the primary index, for example when a new index is being built after an upgrade, can be incorrectly deleted. (updated 2017-03-10)
It's possible to queue more jobs to repair a search index through the site admin than can be processed in a reasonable time, causing low priority jobs to become backlogged. (updated 2017-03-10)
Deleting a search index doesn't delete all associated metadata, which is then incorrectly reused if a new search index is created. This can cause search index repair jobs to be reported as finished in the site admin when they're not. (updated 2017-03-10)
An unused locations search index is incorrectly listed in the site admin indexing page. (updated 2017-03-10)
It's not possible to enable or disable maintenance mode through the Management Console. Maintenance mode can still be enabled and disabled using the ghe-maintenance command line utility. (updated 2017-03-10)
Accessing a GitHub Pages site could cause 500 Internal Server Error. (updated 2017-03-10)
A configuration run can incorrectly revert an SSL certificate to an automatically generated self-signed certificate. (updated 2017-03-10)
Starting high availability replication can fail if the appliance was previously configured as a replica. (updated 2017-03-10)
The /status endpoint on a high availability replica incorrectly returns 200 OK instead of 503 Service Unavailable.
Site administrators can experience a 500 Internal Server Error after viewing the history for a file path containing Japanese characters. (updated 2017-03-30)
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

2.8.8

Wed, 01 Mar 2017 16:00:28 +0000

Security Fixes

LOW: An internal upload policies API disclosed which users had push access to a repository.
LOW: An internal administrative API was vulnerable to cross-site request forgery (CSRF).
Packages have been updated to the latest security versions.

Bug Fixes

Attempting to convert a user to an organization failed with an internal server error.
Git LFS objects could take up to an hour to replicate in a High Availability configuration.
In a clustering environment, reindexing failed when a pull request routes to an offline repository.
svn checkout could incorrectly fail with a 429 HTTP error code.
Copy to clipboard buttons failed for Internet Explorer 11 users.
Pre-receive hooks failed to output UTF-8 characters.
Migrations failed to preserve a label with a / character.
A previously configured replica appliance excessively logged errors during High Availability initialization.
Pre-receive hooks could fail with Device or resource busy.
LDAP synchronization incorrectly removed users after a server-side LDAP timeout.
An Encoding::Compatibility error occurred when viewing a webhook from /stafftools.
The Management Console Add new SSH key field incorrectly allowed an SSH fingerprint instead of the contents of the key.
A former primary appliance failed to create or update pre-receive hook environments.
In a clustering environment, services were incorrectly started after reboot.
Pre-receive hooks checking internal or temporary Git references failed.
In a clustering environment, releases, uploads, avatars, and LFS files could fail to be accessible after a storage-server is removed.
In a clustering environment, storage-server repair jobs took a long time when a new storage-server is added.
In a clustering environment, the enterprise-manage and resolvconf service were incorrectly stopped after ghe-cluster-config-apply.
An updated SAML Verification certificate did not take effect until the github-unicorn service was restarted.

Changes

The Reactivate suspended users configuration has changed to reflect the current configured state.
The <Destination> element is no longer optional in the SAML response.

Deprecation of GitHub Enterprise 2.4

Upcoming deprecation of GitHub Enterprise 2.5

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Graphs in the Management Console monitoring page are incorrectly sorted.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host.
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.12

Wed, 01 Mar 2017 16:00:27 +0000

Security Fixes

LOW: An internal upload policies API disclosed which users had push access to a repository.
LOW: An internal administrative API was vulnerable to cross-site request forgery (CSRF).
Packages have been updated to the latest security versions.

Bug Fixes

Git LFS objects could take up to an hour to replicate in a High Availability configuration.
Pre-receive hooks failed to output UTF-8 characters.
Migrations failed to preserve a label with a / character.
A previously configured replica appliance excessively logged errors during High Availability initialization.
The Management Console Add new SSH key field incorrectly allowed an SSH fingerprint instead of the contents of the key.
A former primary appliance failed to create or update pre-receive hook environments.
An updated SAML Verification certificate did not take effect until the github-unicorn service was restarted.

Changes

The Reactivate suspended users configuration has changed to reflect the current configured state.
The <Destination> element is no longer optional in the SAML response.

Deprecation of GitHub Enterprise 2.4

Upcoming deprecation of GitHub Enterprise 2.5

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
Graphs in the Management Console monitoring page are incorrectly sorted.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host.
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Thanks!

The GitHub Team

2.6.17

Wed, 01 Mar 2017 16:00:26 +0000

Security Fixes

LOW: An internal upload policies API disclosed which users had push access to a repository.
LOW: An internal administrative API was vulnerable to cross-site request forgery (CSRF).
Packages have been updated to the latest security versions.

Bug Fixes

Git LFS objects could take up to an hour to replicate in a High Availability configuration.
Migrations failed to preserve a label with a / character.
The Management Console Add new SSH key field incorrectly allowed an SSH fingerprint instead of the contents of the key.
A former primary appliance failed to create or update pre-receive hook environments.

Changes

The <Destination> element is no longer optional in the SAML response.

Deprecation of GitHub Enterprise 2.4

Upcoming deprecation of GitHub Enterprise 2.5

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host.
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)

Thanks!

The GitHub Team

2.5.22

Wed, 01 Mar 2017 16:00:25 +0000

Security Fixes

LOW: An internal upload policies API disclosed which users had push access to a repository.
Packages have been updated to the latest security versions.

Bug Fixes

Git LFS objects could take up to an hour to replicate in a High Availability configuration.
Migrations failed to preserve a label with a / character.
The Management Console Add new SSH key field incorrectly allowed an SSH fingerprint instead of the contents of the key.

Changes

The <Destination> element is no longer optional in the SAML response.

Deprecation of GitHub Enterprise 2.4

Upcoming deprecation of GitHub Enterprise 2.5

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host.
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)

Thanks!

The GitHub Team

2.8.7

Tue, 31 Jan 2017 16:00:28 +0000

SAML authentication bypass with XML signature wrapping in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker to bypass SAML authentication. The vulnerability is applicable if the attacker has access to a validly signed SAML assertion or response against the configured Verification certificate. When applicable, an attacker can sign in as any user, including administrators.

The affected supported versions are:

2.8.0 - 2.8.6
2.7.0 - 2.7.10
2.6.0 - 2.6.15
2.5.0 - 2.5.20
2.4.0 - 2.4.22

Note: This is a different vulnerability than the one addressed in GitHub Enterprise 2.8.6, 2.7.10, 2.6.15, and 2.5.20.

Remote code execution with server side request forgery in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker to execute arbitrary commands on the GitHub Enterprise appliance. The vulnerability is applicable if the attacker has access to configure a repository's Webhooks - owner or admin privileges to a repository.

The affected supported versions are:

2.8.0 - 2.8.6
2.7.0 - 2.7.10
2.6.0 - 2.6.15
2.5.0 - 2.5.20
2.4.0 - 2.4.22

Remote code execution in GitHub Enterprise Management Console

A CRITICAL issue was identified that allows an attacker to execute arbitrary commands on the GitHub Enterprise appliance. This vulnerability exists in the Management Console which is accessible from port 8080 and 8443. This is only applicable to GitHub Enterprise 2.8.0 - 2.8.6.

Next steps

We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.8.7, 2.7.11, 2.6.16, 2.5.21, or 2.4.23.

Additionally, if SAML authentication is configured in your appliance, all existing SAML user sessions should be destroyed:

Put your GitHub Enterprise environment in Maintenance Mode.
SSH to your primary GitHub Enterprise appliance.

Destroy the existing SAML sessions.

$ echo SAML::Session.destroy_all | ghe-console -y

Upgrade to the latest patch release in your series, GitHub Enterprise 2.8.7, 2.7.11, 2.6.16, 2.5.21, or 2.4.23.

If possible, we also recommend restricting Management Console access to your site administrators.

These vulnerabilities were reported through the GitHub Security Bug Bounty program and we have no evidence that they have been exploited in the wild. To learn more about the Bug Bounty program for GitHub Enterprise, visit https://bounty.github.com/targets/github-enterprise.html and our recent blog post about the inclusion of GitHub Enterprise, Bug Bounty anniversary promotion: bigger bounties in January and February.

Please contact GitHub Enterprise Support if you have any questions.

Security Fixes

CRITICAL: An attacker could bypass SAML authentication via XML signature wrapping and log in as any other user.
CRITICAL: There was a remote code execution vulnerability via server side request forgery.
CRITICAL: There was a remote code execution vulnerability through the Management Console.
HIGH: With built-in authentication, suspended users could log in.
Packages have been updated to the latest security versions.

Bug Fixes

For Internet Explorer 11 users, the Write and Preview tabs in the comment window were switched.
In a clustering environment, services would not automatically start after reboot.
In a clustering environment, ghe-migrator failed to import when running on node with the git-server role.
The /stafftools notification could incorrectly link to a deleted user's page.
The OAuth application logo was incorrectly displayed when private mode was enabled.
Collaborators with access via the default organization permissions were not listed in /repos/:owner/:repo/collaborators.
LDAP Sync Totals graph was incorrectly counting runs instead of users and teams synced.
@mentions would not work for single character organization or team names.

Upcoming deprecation of GitHub Enterprise 2.5

GitHub Enterprise 2.5 will be deprecated as of March 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Attempting to convert a user to an organization fails with an internal server error.
Graphs in the Management Console monitoring page are incorrectly sorted.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.11

Tue, 31 Jan 2017 16:00:27 +0000

SAML authentication bypass with XML signature wrapping in GitHub Enterprise

The affected supported versions are:

2.8.0 - 2.8.6
2.7.0 - 2.7.10
2.6.0 - 2.6.15
2.5.0 - 2.5.20
2.4.0 - 2.4.22

Note: This is a different vulnerability than the one addressed in GitHub Enterprise 2.8.6, 2.7.10, 2.6.15, and 2.5.20.

Remote code execution with server side request forgery in GitHub Enterprise

The affected supported versions are:

2.8.0 - 2.8.6
2.7.0 - 2.7.10
2.6.0 - 2.6.15
2.5.0 - 2.5.20
2.4.0 - 2.4.22

Next steps

We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.8.7, 2.7.11, 2.6.16, 2.5.21, or 2.4.23.

Additionally, if SAML authentication is configured in your appliance, all existing SAML user sessions should be destroyed:

Put your GitHub Enterprise environment in Maintenance Mode.
SSH to your primary GitHub Enterprise appliance.

Destroy the existing SAML sessions.

$ echo SAML::Session.destroy_all | ghe-console -y

Upgrade to the latest patch release in your series, GitHub Enterprise 2.8.7, 2.7.11, 2.6.16, 2.5.21, or 2.4.23.

If possible, we also recommend restricting Management Console access to your site administrators.

Please contact GitHub Enterprise Support if you have any questions.

Security Fixes

CRITICAL: An attacker could bypass SAML authentication via XML signature wrapping and log in as any other user.
CRITICAL: There was a remote code execution vulnerability via server side request forgery.
HIGH: With built-in authentication, suspended users could log in.
Packages have been updated to the latest security versions.

Bug Fixes

In a clustering environment, services would not automatically start after reboot.
Thanks!

Upcoming deprecation of GitHub Enterprise 2.5

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
Graphs in the Management Console monitoring page are incorrectly sorted.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

The GitHub Team

2.6.16

Tue, 31 Jan 2017 16:00:26 +0000

SAML authentication bypass with XML signature wrapping in GitHub Enterprise

The affected supported versions are:

2.8.0 - 2.8.6
2.7.0 - 2.7.10
2.6.0 - 2.6.15
2.5.0 - 2.5.20
2.4.0 - 2.4.22

Note: This is a different vulnerability than the one addressed in GitHub Enterprise 2.8.6, 2.7.10, 2.6.15, and 2.5.20.

Remote code execution with server side request forgery in GitHub Enterprise

The affected supported versions are:

2.8.0 - 2.8.6
2.7.0 - 2.7.10
2.6.0 - 2.6.15
2.5.0 - 2.5.20
2.4.0 - 2.4.22

Next steps

We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.8.7, 2.7.11, 2.6.16, 2.5.21, or 2.4.23.

Additionally, if SAML authentication is configured in your appliance, all existing SAML user sessions should be destroyed:

Put your GitHub Enterprise environment in Maintenance Mode.
SSH to your primary GitHub Enterprise appliance.

Destroy the existing SAML sessions.

$ echo SAML::Session.destroy_all | ghe-console -y

Upgrade to the latest patch release in your series, GitHub Enterprise 2.8.7, 2.7.11, 2.6.16, 2.5.21, or 2.4.23.

If possible, we also recommend restricting Management Console access to your site administrators.

Please contact GitHub Enterprise Support if you have any questions.

Security Fixes

CRITICAL: An attacker could bypass SAML authentication via XML signature wrapping and log in as any other user.
CRITICAL: There was a remote code execution vulnerability via server side request forgery.
HIGH: With built-in authentication, suspended users could log in.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)

Thanks!

The GitHub Team

2.5.21

Tue, 31 Jan 2017 16:00:25 +0000

SAML authentication bypass with XML signature wrapping in GitHub Enterprise

The affected supported versions are:

2.8.0 - 2.8.6
2.7.0 - 2.7.10
2.6.0 - 2.6.15
2.5.0 - 2.5.20
2.4.0 - 2.4.22

Note: This is a different vulnerability than the one addressed in GitHub Enterprise 2.8.6, 2.7.10, 2.6.15, and 2.5.20.

Remote code execution with server side request forgery in GitHub Enterprise

The affected supported versions are:

2.8.0 - 2.8.6
2.7.0 - 2.7.10
2.6.0 - 2.6.15
2.5.0 - 2.5.20
2.4.0 - 2.4.22

Next steps

We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.8.7, 2.7.11, 2.6.16, 2.5.21, or 2.4.23.

Additionally, if SAML authentication is configured in your appliance, all existing SAML user sessions should be destroyed:

Put your GitHub Enterprise environment in Maintenance Mode.
SSH to your primary GitHub Enterprise appliance.

Destroy the existing SAML sessions.

$ echo SAML::Session.destroy_all | ghe-console-github

Upgrade to the latest patch release in your series, GitHub Enterprise 2.8.7, 2.7.11, 2.6.16, 2.5.21, or 2.4.23.

If possible, we also recommend restricting Management Console access to your site administrators.

Please contact GitHub Enterprise Support if you have any questions.

Security Fixes

CRITICAL: An attacker could bypass SAML authentication via XML signature wrapping and log in as any other user.
CRITICAL: There was a remote code execution vulnerability via server side request forgery.
HIGH: With built-in authentication, suspended users could log in.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)

Thanks!

The GitHub Team

2.4.23

Tue, 31 Jan 2017 16:00:24 +0000

SAML authentication bypass with XML signature wrapping in GitHub Enterprise

The affected supported versions are:

2.8.0 - 2.8.6
2.7.0 - 2.7.10
2.6.0 - 2.6.15
2.5.0 - 2.5.20
2.4.0 - 2.4.22

Note: This is a different vulnerability than the one addressed in GitHub Enterprise 2.8.6, 2.7.10, 2.6.15, and 2.5.20.

Remote code execution with server side request forgery in GitHub Enterprise

The affected supported versions are:

2.8.0 - 2.8.6
2.7.0 - 2.7.10
2.6.0 - 2.6.15
2.5.0 - 2.5.20
2.4.0 - 2.4.22

Next steps

We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.8.7, 2.7.11, 2.6.16, 2.5.21, or 2.4.23.

Additionally, if SAML authentication is configured in your appliance, all existing SAML user sessions should be destroyed:

Put your GitHub Enterprise environment in Maintenance Mode.
SSH to your primary GitHub Enterprise appliance.

Destroy the existing SAML sessions.

$ echo SAML::Session.destroy_all | ghe-console-github

Upgrade to the latest patch release in your series, GitHub Enterprise 2.8.7, 2.7.11, 2.6.16, 2.5.21, or 2.4.23.

If possible, we also recommend restricting Management Console access to your site administrators.

Please contact GitHub Enterprise Support if you have any questions.

Security Fixes

CRITICAL: An attacker could bypass SAML authentication via XML signature wrapping and log in as any other user.
CRITICAL: There was a remote code execution vulnerability via server side request forgery.
HIGH: With built-in authentication, suspended users could log in.
Packages have been updated to the latest security versions.

Upcoming deprecation of GitHub Enterprise 2.4

GitHub Enterprise 2.4 will be deprecated as of February 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)

Thanks!

The GitHub Team

2.8.6

Thu, 12 Jan 2017 16:00:28 +0000

SAML authentication bypass in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker to bypass SAML authentication by creating a fake response. This could allow the attacker to sign in as any user, including administrators.

The affected supported versions are:

2.8.0 - 2.8.5
2.7.0 - 2.7.9
2.6.0 - 2.6.14
2.5.0 - 2.5.19

If you are using SAML as your authentication method, we strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.8.6, 2.7.10, 2.6.15, or 2.5.20.

Additionally, all existing user sessions should be destroyed:

Put your GitHub Enterprise environment in Maintenance Mode.
SSH to your primary GitHub Enterprise appliance.

Destroy the existing SAML sessions.

$ echo SAML::Session.destroy_all | ghe-console -y

Upgrade to the latest patch release in your series, GitHub Enterprise 2.8.6, 2.7.10, 2.6.15, or 2.5.20.

This vulnerability was reported through the GitHub Security Bug Bounty program and we have no evidence that it has been exploited in the wild.

Please contact GitHub Enterprise Support if you have any questions.

Security Fixes

CRITICAL: An attacker could bypass SAML authentication and log in as any other user.
Packages have been updated to the latest security versions.

Bug Fixes

Files uploaded to a repository through the web interface were saved in the wrong location if the target directory contained multi-byte characters.
For teams synchronized to the same LDAP group, group members were inefficiently cached, leading to slower Team Synchronization job runs.
When configured with more than one group, there was an extra comma in the list of restricted LDAP groups in the site admin user search page.
The babeld, codeload, and ruby processes could crash.

Changes

We now only save a single core file per process, so multiple crashes of the same process use less disk space.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Attempting to convert a user to an organization fails with an internal server error.
Graphs in the Management Console monitoring page are incorrectly sorted. (updated 2017-01-18)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.10

Thu, 12 Jan 2017 16:00:27 +0000

SAML authentication bypass in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker to bypass SAML authentication by creating a fake response. This could allow the attacker to sign in as any user, including administrators.

The affected supported versions are:

2.8.0 - 2.8.5
2.7.0 - 2.7.9
2.6.0 - 2.6.14
2.5.0 - 2.5.19

Additionally, all existing user sessions should be destroyed:

Put your GitHub Enterprise environment in Maintenance Mode.
SSH to your primary GitHub Enterprise appliance.

Destroy the existing SAML sessions.

$ echo SAML::Session.destroy_all | ghe-console -y

Upgrade to the latest patch release in your series, GitHub Enterprise 2.8.6, 2.7.10, 2.6.15, or 2.5.20.

This vulnerability was reported through the GitHub Security Bug Bounty program and we have no evidence that it has been exploited in the wild.

Please contact GitHub Enterprise Support if you have any questions.

Security Fixes

CRITICAL: Users could bypass SAML authentication and log in as any other user
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
Graphs in the Management Console monitoring page are incorrectly sorted. (updated 2017-01-18)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Thanks!

The GitHub Team

2.6.15

Thu, 12 Jan 2017 16:00:26 +0000

SAML authentication bypass in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker to bypass SAML authentication by creating a fake response. This could allow the attacker to sign in as any user, including administrators.

The affected supported versions are:

2.8.0 - 2.8.5
2.7.0 - 2.7.9
2.6.0 - 2.6.14
2.5.0 - 2.5.19

Additionally, all existing user sessions should be destroyed:

Put your GitHub Enterprise environment in Maintenance Mode.
SSH to your primary GitHub Enterprise appliance.

Destroy the existing SAML sessions.

$ echo SAML::Session.destroy_all | ghe-console -y

Upgrade to the latest patch release in your series, GitHub Enterprise 2.8.6, 2.7.10, 2.6.15, or 2.5.20.

This vulnerability was reported through the GitHub Security Bug Bounty program and we have no evidence that it has been exploited in the wild.

Please contact GitHub Enterprise Support if you have any questions.

Security Fixes

CRITICAL: Users could bypass SAML authentication and log in as any other user
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.20

Thu, 12 Jan 2017 16:00:25 +0000

SAML authentication bypass in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker to bypass SAML authentication by creating a fake response. This could allow the attacker to sign in as any user, including administrators.

The affected supported versions are:

2.8.0 - 2.8.5
2.7.0 - 2.7.9
2.6.0 - 2.6.14
2.5.0 - 2.5.19

Additionally, all existing user sessions should be destroyed:

Put your GitHub Enterprise environment in Maintenance Mode.
SSH to your primary GitHub Enterprise appliance.

Destroy the existing SAML sessions.

$ echo SAML::Session.destroy_all | ghe-console-github

Upgrade to the latest patch release in your series, GitHub Enterprise 2.8.6, 2.7.10, 2.6.15, or 2.5.20.

This vulnerability was reported through the GitHub Security Bug Bounty program and we have no evidence that it has been exploited in the wild.

Please contact GitHub Enterprise Support if you have any questions.

Security Fixes

CRITICAL: Users could bypass SAML authentication and log in as any other user
Packages have been updated to the latest security versions.

Changes

ghe-migrator now scrubs access tokens from the logs.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.8.5

Wed, 04 Jan 2017 16:00:28 +0000

Security Fixes

HIGH: Fix SQL injection in pre-receive hook APIs.
Packages have been updated to the latest security versions.

Bug Fixes

Downloading a support bundle through the Management Console failed if a support bundle was created since the last reboot.
Japanese characters in PDF files were not rendered.
Pre-receive hooks were blocked and not timeout properly.
Alambic crashed resizing user avatars.
Pending review comments were not included in the count on the pull request index page.

Changes

ghe-migrator now scrubs access tokens from the logs.
Added cron job to compress core files.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Attempting to convert a user to an organization fails with an internal server error.
Graphs in the Management Console monitoring page are incorrectly sorted. (updated 2017-01-18)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.9

Wed, 04 Jan 2017 16:00:27 +0000

Security Fixes

HIGH: Fix SQL injection in pre-receive hook APIs.
Packages have been updated to the latest security versions.

Bug Fixes

Alambic crashed resizing user avatars.

Changes

ghe-migrator now scrubs access tokens from the logs.
Added cron job to compress core files.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
Graphs in the Management Console monitoring page are incorrectly sorted. (updated 2017-01-18)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Thanks!

The GitHub Team

2.6.14

Wed, 04 Jan 2017 16:00:26 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Alambic crashed resizing user avatars.

Changes

ghe-migrator now scrubs access tokens from the logs.
Added cron job to compress core files.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.19

Wed, 04 Jan 2017 16:00:25 +0000

Security Fixes

Packages have been updated to the latest security versions.

Changes

Added cron job to compress core files.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.4.22

Wed, 04 Jan 2017 16:00:24 +0000

Security Fixes

Packages have been updated to the latest security versions.

Upcoming deprecation of GitHub Enterprise 2.4

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.8.4

Wed, 21 Dec 2016 16:00:28 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Submodules with names ending in a digit weren't correctly linked in repository directory listings.
User profile pages loaded slowly when the user was a member of many organizations. We now limit the number of organization avatars displayed to the first 25 with the most members.
The sign up button was displayed on Gist pages for unauthenticated users when running GitHub Enterprise in public mode with sign ups disabled.
Access to a repository granted to teams during a transfer to an organization didn't take effect.
Viewing the site admin page for Projects with names that included non-ASCII characters failed with a 500 server error.
The initial boot of an instance could hang on networks not using DHCP.
Upgrading an instance could fail due to stale temporary files.
Upgrading an instance without any Gists could fail.
Maintenance mode was not enabled when scheduling in advance.
A race condition could cause saving settings in the Management Console to fail with internal server error.

Changes

GitHub Enterprise is now available in the EU West (London) and Canada (Central) AWS regions.
The network information displayed on the hypervisor console clearly highlights the unset network settings.
Admin Center can be used to configure automatic reactivation of suspended users when they successfully sign in.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Attempting to convert a user to an organization fails with an internal server error.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.8

Wed, 21 Dec 2016 16:00:27 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Pushing an update could cause the babeld service to segment fault under certain circumstances.
The deletion of branches and tags rejected by a pre-receive hook would have failed with the error "Something went wrong with the request. Please try again."
Attempts were prematurely made to gather redis performance statistics. This resulted in excessive logging to the collectd log files.
Appliance settings saved using the /setup/api/settings API endpoint failed to apply when applying at the same time as uploading the license for the first time.
Access to a repository granted to teams during a transfer to an organization didn't take effect.

Changes

GitHub Enterprise is now available in the EU West (London) and Canada (Central) AWS regions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Thanks!

The GitHub Team

2.6.13

Wed, 21 Dec 2016 16:00:26 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Pushing an update could cause the babeld service to segment fault under certain circumstances.
The deletion of branches and tags rejected by a pre-receive hook would have failed with the error "Something went wrong with the request. Please try again."
Appliance settings saved using the /setup/api/settings API endpoint failed to apply when applying at the same time as uploading the license for the first time.

Changes

GitHub Enterprise is now available in the EU West (London) and Canada (Central) AWS regions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.18

Wed, 21 Dec 2016 16:00:25 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Appliance settings saved using the /setup/api/settings API endpoint failed to apply when applying at the same time as uploading the license for the first time.

Changes

GitHub Enterprise is now available in the EU West (London) and Canada (Central) AWS regions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.4.21

Wed, 21 Dec 2016 16:00:24 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Appliance settings saved using the /setup/api/settings API endpoint failed to apply when applying at the same time as uploading the license for the first time.

Changes

GitHub Enterprise is now available in the EU West (London) and Canada (Central) AWS regions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.8.3

Tue, 29 Nov 2016 16:00:28 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The background job to sync assets to the high availability replica appliance could fail.
Pushing an update could cause the babeld service to segment fault under certain circumstances.
The PullRequestReviewEvent webhook events were not triggered.
The deletion of branches and tags rejected by a pre-receive hook would have failed with the error "Something went wrong with the request. Please try again."
Organization and repository e-mails incorrectly contained links to https://github.com.
Pushes to a promoted high availability replica failed.
Attempts were prematurely made to gather redis performance statistics. This resulted in excessive logging to the collectd log files.
The QR code used to configure two-factor authentication failed to generate on appliances with long hostnames and usernames.
Appliance settings saved using the /setup/api/settings API endpoint failed to apply when applying at the same time as uploading the license for the first time.

Changes

Elasticsearch logs are now forwarded when log forwarding is enabled.
GitHub Enterprise 2.5 - 2.7 inadvertently ignored the SSH username for git operations with the SSH protocol. In GitHub Enterprise 2.8, the remote URL for SSH only works for the git user. (updated 2016-12-12)

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Attempting to convert a user to an organization fails with an internal server error.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.8.2

Tue, 22 Nov 2016 16:00:28 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Unable to view webhook delivery logs when the delivery GUID collided.
404 Not Found page incorrectly referred to status.github.com.
LDAP authentication failures were missing from audit.log.
The upload-pack events were missing from audit.log.
Users were unable to update their primary e-mail address after their password was reset.
An internal server error occurred in the Management Console when a corrupt license was uploaded.
In a clustering environment, ghe-cluster-config-apply could restart services when the application configuration has not changed.
Merge button was disabled for protected branches when memcached was stopped.
Unable to set the site_admin scope for personal access tokens.
Disallow administrators from renaming system accounts.
Users were unable to update their primary e-mail address after migrating data with ghe-migrator.
LFS push failed with a 0-byte file.
Management Console was not redirecting to the previously navigated page after authentication.

Changes

The two-factor authentication organization affiliation was added to users' /stafftools page.
GitHub Enterprise 2.5 - 2.7 inadvertently ignored the SSH username for git operations with the SSH protocol. In GitHub Enterprise 2.8, the remote URL for SSH only works for the git user. (updated 2016-12-12)

Backups and Disaster Recovery

GitHub Enterprise 2.8.2 requires backup-utils-2.8.2 or greater.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Attempting to convert a user to an organization fails with an internal server error. (updated 2016-11-22)
WARNING: Pushes to a promoted high availability replica will fail. (updated 2016-11-23)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.7

Tue, 22 Nov 2016 16:00:27 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Unable to view webhook delivery logs when the delivery GUID collided.
The upload-pack events were missing from audit.log.
In a clustering environment, ghe-cluster-config-apply could restart services when the application configuration has not changed.
LFS push failed with a 0-byte file.
Merge button was disabled for protected branches when memcached was stopped.
Disallow administrators from renaming system accounts.
Users were unable to update their primary e-mail address after migrating data with ghe-migrator.
Management Console was not redirecting to the previously navigated page after authentication.
Unable to change an organization owned repository's visibility from public to private if the repository had collaborators.
The ghe-update-check utility returned an incorrect message, you must first upgrade to, when it was not necessary.
The memcached would remain stopped after a crash (e.g. via OOM kill).

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Thanks!

The GitHub Team

2.6.12

Tue, 22 Nov 2016 16:00:26 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

LFS push failed with a 0-byte file.
In a clustering environment, LFS file uploads failed due to an internal HTTP timeout.
Merge button was disabled for protected branches when memcached was stopped.
Disallow administrators from renaming system accounts.
Users were unable to update their primary e-mail address after migrating data with ghe-migrator.
The ghe-update-check utility returned an incorrect message, you must first upgrade to, when it was not necessary.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.17

Tue, 22 Nov 2016 16:00:25 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Merge button was disabled for protected branches when memcached was stopped.
Disallow administrators from renaming system accounts.
Users were unable to update their primary e-mail address after migrating data with ghe-migrator.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.4.20

Tue, 22 Nov 2016 16:00:24 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Merge button was disabled for protected branches when memcached was stopped.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.8.1

Thu, 10 Nov 2016 16:00:28 +0000

Bug Fixes

Pushing to a branch in a fork that is the head of a pull request closed the pull request.
Unable to change an organization owned repository's visibility from public to private if the repository had collaborators.
Upgrading or installing GitHub Enterprise 2.8.0 failed if your license file contained a non-ASCII character.

Changes

GitHub Enterprise 2.5 - 2.7 inadvertently ignored the SSH username for git operations with the SSH protocol. In GitHub Enterprise 2.8, the remote URL for SSH only works for the git user. (updated 2016-12-12)

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Changes announced to the Projects API during its Early Access period are not included in the 2.8 feature release series. (updated 2016-11-18)
User.failed_login events aren't recorded in the audit log when using LDAP authentication. (updated 2016-11-18)
Attempting to convert a user to an organization fails with an internal server error. (updated 2016-11-22)
WARNING: Pushes to a promoted high availability replica will fail. (updated 2016-11-23)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.8.0

Wed, 09 Nov 2016 16:00:28 +0000

Features

With the new features added in GitHub Enterprise 2.8.0, you can:

Prioritize issues and pull requests within a milestone by dragging and dropping them.
Invite anyone to become a member of your organization by email.
Use the sidebar to search wikis.
Edit the base branch after opening a pull request.
Edit pull requests created from a fork.
Use your profile to view special events in your GitHub usage history.
Create a Project to track and prioritize issues, pull requests, and notes to match your workflow.
Review the proposed changes in a pull request.
As an organization owner, require two-factor authentication to add a layer of security for your organization members, and outside collaborators.
Configure a website URL for all support links on the appliance.
Use the command-line utility to grant site admins organization admin privileges to specific organizations.
Import a repository from an external source repository.
Add Jupyter notebook files to a repository and have them render as static HTML files on GitHub Enterprise.
Set the default repository visibility to private or public for all new repositories on the appliance.
Select a publishing source for GitHub Pages and host project documentation alongside your code.
Add a Jekyll theme to your GitHub Pages site to install a different site design.
Monitor authentication traffic on GitHub Enterprise.
Reinstate a former member of an organization and restore their settings.
Add a LICENSE file to your project and have it displayed at the top of the repository page.
In a clustering environment, the Git Fileserver health dashboard was added to the Site Admin dashboard.

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Additional white spacing could sometimes be seen above the Admin center header.
A site administrator could configure SSL with invalid certificates (e.g. invalid issuer, incomplete chain).
The ghe-update-check utility returned an incorrect message, you must first upgrade to, when it was not necessary.
Replication failed after replica promotion because the OpenVPN service was not properly managed.
The memcached would remain stopped after a crash (e.g. via OOM kill).
A user could be assigned twice to an Issue.
When creating a file from the web interface, a backspace incorrectly deleted characters from the directory's path.,
When forking a private repository in an organization, repository owners were unable to configure a user to bypass branch restrictions.
In a gist, users were unable to select lines starting with a number.
In a wiki diff, users were unable to expand lines from a wiki diff.
A punctuation could disappear after prettifying an issue or pull request reference.
Fixed an incorrect description suggesting Member webhook events did not trigger for non-organization repositories.

Changes

Reject assets (e.g. avatar, issue attachments) if the file type does not match the extension or Content-Type.
The ghe-console and ghe-dbconsole utility has been updated with an interactive disclaimer.
The Management Console, memcached, snmpd, graphite-web services run as an unprivileged user.
The ghe-config does not require sudo.
Pull request review comment webhook events were added.
Adobe Flash is no longer required for clipboard operations.
The Site Admin interface has been updated.
Preview the new Projects API.
Change the base branch using the updated Pull Request API.
Removed sensitive fields from Organization API for non-owners.
GitHub Enterprise 2.5 - 2.7 inadvertently ignored the SSH username for git operations with the SSH protocol. In GitHub Enterprise 2.8, the remote URL for SSH only works for the git user. (updated 2016-12-12)

Backups and Disaster Recovery

GitHub Enterprise 2.8 requires at least GitHub Enterprise Backup Utilities 2.8.0 for Backups and Disaster Recovery.

Deprecation of GitHub Enterprise 2.3

GitHub Enterprise 2.3 was deprecated as of November 1, 2016. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Upcoming deprecation of GitHub Enterprise 2.4

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Changes announced to the Projects API during its Early Access period are not included in the 2.8 feature release series. (updated 2016-11-18)
User.failed_login events aren't recorded in the audit log when using LDAP authentication. (updated 2016-11-18)
Attempting to convert a user to an organization fails with an internal server error. (updated 2016-11-22)
WARNING: Upgrading or installing GitHub Enterprise 2.8.0 will fail if your license file contains a non-ASCII character. (updated 2016-11-09)
WARNING: Pushing to a branch in a fork that is the head of a pull request closes the pull request. (updated 2016-11-10)
WARNING: Pushes to a promoted high availability replica will fail. (updated 2016-11-23)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

2.7.6

Tue, 01 Nov 2016 16:00:27 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

In a clustering environment, LFS file uploads failed due to an internal HTTP timeout.
In a clustering environment, uploading avatars would fail if a proxy was configured.
In a clustering environment, a clustering node made unnecessary internal API calls through the load balancer.

Changes

GitHub Enterprise is now available in the US East (Ohio) AWS region.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Thanks!

The GitHub Team

2.6.11

Tue, 01 Nov 2016 16:00:26 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

In a clustering environment, a clustering node made unnecessary internal API calls through the load balancer.

Changes

GitHub Enterprise is now available in the US East (Ohio) AWS region.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.16

Tue, 01 Nov 2016 16:00:25 +0000

Security Fixes

Packages have been updated to the latest security versions.

Changes

GitHub Enterprise is now available in the US East (Ohio) AWS region.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-11-15)
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Errata

We didn't include the fix for the issue that migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-11-15)

Thanks!

The GitHub Team

2.4.19

Tue, 01 Nov 2016 16:00:24 +0000

Security Fixes

Packages have been updated to the latest security versions.

Changes

GitHub Enterprise is now available in the US East (Ohio) AWS region.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.3.23

Tue, 01 Nov 2016 16:00:23 +0000

Security Fixes

Packages have been updated to the latest security versions.

Changes

GitHub Enterprise is now available in the US East (Ohio) AWS region.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Deprecation of GitHub Enterprise 2.3

GitHub Enterprise 2.3 is now deprecated. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Thanks!

The GitHub Team

2.7.5

Tue, 18 Oct 2016 16:00:27 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Background jobs were deleted and lost when stopping replication. This happens when failing over to a high availability replica and during a cluster configuration run.
Webhook delivery logs were not accessible and logged when a proxy was configured.
It was possible to change the parent repository to itself.
SVN checkout failed if a repository has symlinks.
Running git symbolic-ref would hang when resolving references with broken symlinks.
LDAP Sync suspended users that were already suspended, causing unnecessary audit log entries.
Changing the default branch of a repository was not synchronized to a high availability replica, so the wrong branch was set as default after fail over.
Webhook delivery logs were not pruned causing unnecessary storage usage.
Webhook delivery logs may not be accessible and logged if the first webhook event for the day was a push event.
Custom messaging for suspended users was not displayed to suspended SAML users.
LDAP Sync removed and re-added users or teams when their distinguished name contained upper case characters.
Forking a repository could fail if the maintenance job for the repository's network ran at the same time.
After restarting a crashed process, writing data to the management console monitoring graphs may not have immediately restarted.
An error was thrown when trying to access audit logs containing authentication attempts using two-factor authentication.
In a clustering environment, the web application service could fail to start after cluster configuration run.
Upgrade to 2.7.4 failed on Running Migration if there were multiple OAuth applications named GitHub Desktop.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Thanks!

The GitHub Team

2.6.10

Tue, 18 Oct 2016 16:00:26 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

In a clustering environment, the web application service could fail to start after cluster configuration run.
Background jobs were deleted and lost when stopping replication. This happens when failing over to a high availability replica and during a cluster configuration run.
Forking a repository could fail if the maintenance job for the repository's network ran at the same time.
Running git symbolic-ref would hang when resolving references with broken symlinks.
LDAP Sync suspended users that were already suspended users, causing unnecessary audit log entries.
Changing the default branch of a repository was not synchronized to a high availability replica, so the wrong branch was set as default after fail over.
LDAP Sync removed and re-added users or teams when their distinguished name contained upper case characters.
After restarting a crashed process, writing data to the management console monitoring graphs may not have immediately restarted.
An error was thrown when trying to access audit logs containing authentication attempts using two-factor authentication.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.15

Tue, 18 Oct 2016 16:00:25 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Changing the default branch of a repository was not synchronized to a high availability replica, so the wrong branch was set as default after fail over.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-11-15)
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Errata

We didn't include the fix for the issue that migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-11-15)

Thanks!

The GitHub Team

2.4.18

Tue, 18 Oct 2016 16:00:24 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Changing the default branch of a repository was not synchronized to a high availability replica, so the wrong branch was set as default after fail over.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.3.22

Tue, 18 Oct 2016 16:00:23 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Changing the default branch of a repository was not synchronized to a high availability replica, so the wrong branch was set as default after fail over.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.7.4

Tue, 20 Sep 2016 10:30:46 +0000

Pre-generated SSH Host Keys in GitHub Enterprise

A CRITICAL issue was identified for all 2.x versions of GitHub Enterprise. The GitHub Enterprise images contain pre-generated SSH host keys that were not regenerated upon installation for all supported platforms:

Hyper-V (VHD)
OpenStack KVM (QCOW2)
VMware ESXi/vSphere (OVA)
Xen (VHD)
Amazon Web Services (See the ssh_host_ed25519_key in GitHub Enterprise section below)
Microsoft Azure

This means an attacker with the capability to perform a man-in-the-middle attack on SSH traffic can intercept and modify network traffic to the GitHub Enterprise appliance.

The affected supported versions are:

2.7.0 - 2.7.3
2.6.0 - 2.6.8
2.5.0 - 2.5.13
2.4.0 - 2.4.16
2.3.0 - 2.3.20

This vulnerability was found and reported internally and we have no evidence that it has been exploited in the wild.

We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, or 2.3.21. In addition, with backup-utils-2.7.1, ghe-backup and ghe-restore will check for any leaked SSH host keys in the snapshot(s).

Please contact GitHub Enterprise Support if you have questions.

Verification and Mitigation on GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater

If you've upgraded to the latest patch release, GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater,

SSH to your primary GitHub Enterprise appliance.

Check for leaked SSH host keys using the ghe-ssh-check-host-keys utility.

$ ghe-ssh-check-host-keys

The utility should output either:

One or more of your SSH host keys were found in the blacklist.
Please reset your host keys using ghe-ssh-roll-host-keys.

The SSH host keys were not found in the SSH host key blacklist.
No additional steps are needed/recommended at this time.

If one or more SSH host keys were found in the blacklist, continue to the next step. Otherwise, your GitHub Enterprise environment is not vulnerable.
Put your GitHub Enterprise environment in Maintenance Mode.
Rotate all SSH host keys using the ghe-ssh-roll-host-keys utility.
```
$ sudo ghe-ssh-roll-host-keys
```
The utility should output:
```
$ SSH host keys have successfully been rolled.
```

If you've upgraded to GitHub Enterprise 2.7.4, 2.6.9, or greater, and you are using the High Availability Configuration, there are no additional steps to take on your replica appliance.

If you've upgraded to GitHub Enterprise 2.5.14, 2.4.17, 2.3.21, or greater, and you are using the High Availability Configuration,

After completing steps 1-5, stop replication on the replica appliance.
```
$ ghe-repl-stop
```
Synchronize the SSH host keys from the primary appliance.
```
$ ghe-repl-setup
```
Resume replication on the replica appliance.
```
$ ghe-repl-start
```

If you've upgraded to GitHub Enterprise 2.7.4, 2.6.9, 2.5.14 or greater, and you are using Clustering,

After completing steps 1-5, apply the changes to all cluster nodes.
```
$ ghe-cluster-config-apply
```

Verification and Mitigation if Immediate Upgrade is not Possible

If you're unable to upgrade immediately to the latest patch release, GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater,

SSH to your primary GitHub Enterprise appliance.

Download the list of leaked SSH host keys and verify its content using any of the provided hashes.

$ curl -O https://enterprise.github.com/security/2016-09-20/ghe-ssh-leaked-host-keys-list.txt
$ sha256sum ghe-ssh-leaked-host-keys-list.txt
3bb29658784a4059a41f1a77cffba9586baab179ba07b795f80e12a9f10c5665  ghe-ssh-leaked-host-keys-list.txt
$ sha1sum ghe-ssh-leaked-host-keys-list.txt
5db799da044da9aae0bcfc523d22e7ce0fe72550  ghe-ssh-leaked-host-keys-list.txt
$ md5sum ghe-ssh-leaked-host-keys-list.txt
de75bcb0bf1d13e15620952c0af8da41  ghe-ssh-leaked-host-keys-list.txt

Print the fingerprint of your GitHub Enterprise appliance's SSH host keys.
Note: The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used in 2.7.4 or greater.

$ ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub
1024 b2:69:82:2f:25:48:bb:fc:62:c7:9a:de:41:42:13:55 /etc/ssh/ssh_host_dsa_key.pub (DSA)
$ ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub
256 c0:cb:fd:07:33:e9:62:14:6b:fb:d5:26:54:f3:c5:0d /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)
$ ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub
256 d6:92:21:4b:04:3b:22:f5:ee:85:0a:63:bf:b3:fe:9b /etc/ssh/ssh_host_ed25519_key.pub (ED25519)
$ ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
2048 0f:ee:8d:02:2d:e1:76:f3:eb:f5:af:cb:38:9a:1c:33 /etc/ssh/ssh_host_rsa_key.pub (RSA)

Check for leaked SSH host keys by comparing against the downloaded list of leaked SSH host keys.
If one or more SSH host keys were found in the blacklist, continue to the next step. Otherwise, your GitHub Enterprise environment is not vulnerable.
Put your GitHub Enterprise environment in Maintenance Mode.
Remove all SSH host keys.
```
$ sudo rm -f /etc/ssh/ssh_host_*
```
Regenerate the SSH host keys.
Note: The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used and regenerated for in 2.7.4 or greater.
```
$ sudo ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
$ sudo dpkg-reconfigure openssh-server
```

Apply the changes to the ssh and babeld service.

$ sudo cp /etc/ssh/ssh_host_{rsa,dsa,ecdsa,ed25519}_key{,.pub} /data/user/common/
$ sudo chown babeld:babeld /data/user/common/ssh_host_{rsa,dsa,ecdsa,ed25519}_key{,.pub}

If you're unable to upgrade immediately to GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater, and you are using the High Availability Configuration,

After completing steps 1-9, stop replication on the replica appliance.

$ ghe-repl-stop

Synchronize the SSH host keys from the primary appliance.

$ ghe-repl-setup

Resume replication on the replica appliance.

$ ghe-repl-start

If you're unable to upgrade immediately to GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, or greater, and you are using Clustering,

After completing steps 1-9, apply the changes to all cluster nodes.

$ ghe-cluster-config-apply

Post SSH Host Key Rotation

After rotating the SSH host keys, your GitHub Enterprise environment can exit Maintenance Mode.

Your end-users will receive an error message when attempting to use the Administrative Shell (SSH) or the SSH protocol for Git activity. The rotation does not affect users using the HTTPS protocol for Git activity.

For example, the following is an output from the command-line,

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:seFT9eIOmAZWbfcO9yU1sXiEYIqcrdi0qttbtmNm0Io.
Please contact your system administrator.
Add correct host key in /Users/monalisa/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/monalisa/.ssh/known_hosts:42
ECDSA host key for [github.example.com]:122 has changed and you have requested strict checking.
Host key verification failed.

After updating the known_hosts, end-users will be prompted to accept a new fingerprint.

$ ssh -p 122 admin@github.example.com
The authenticity of host '[github.example.com]:122 ([169.254.1.1]:122)' can't be established.
ECDSA key fingerprint is SHA256:seFT9eIOmAZWbfcO9yU1sXiEYIqcrdi0qttbtmNm0Io.
Are you sure you want to continue connecting (yes/no)?

We strongly recommend publishing your GitHub Enterprise appliance's SSH host key fingerprints in a location that is accessible to all your end-users. For example, for GitHub.com, we publish the SSH fingerprints at https://docs.github.com/articles/what-are-github-s-ssh-key-fingerprints/.

If you'd like to to give end-users notice before rotating the SSH host keys, follow the instructions in the Verification and Mitigation if Immediate Upgrade is not Possible skipping step 7 and replacing step 8 with,

Regenerate the SSH host keys.
Note: The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used and regenerated for in 2.7.4 or greater.

i. Pre-generate new SSH host keys to a temporary directory.

$ ssh-keygen -t dsa -N "" -f /var/tmp/ssh_host_dsa_key
$ ssh-keygen -t rsa -N "" -f /var/tmp/ssh_host_rsa_key
$ ssh-keygen -t ecdsa -N "" -f /var/tmp/ssh_host_ecdsa_key
$ ssh-keygen -t ed25519 -N "" -f /var/tmp/ssh_host_ed25519_key

ii. Print the fingerprint of your GitHub Enterprise appliance's SSH host keys for tentative rotation.

$ ssh-keygen -lf /var/tmp/ssh_host_dsa_key.pub
 1024 b2:69:82:2f:25:48:bb:fc:62:c7:9a:de:41:42:13:55 /var/tmp/ssh_host_dsa_key.pub (DSA)
$ ssh-keygen -lf /var/tmp/ssh_host_ecdsa_key.pub
 256 c0:cb:fd:07:33:e9:62:14:6b:fb:d5:26:54:f3:c5:0d /var/tmp/ssh_host_ecdsa_key.pub (ECDSA)
$ ssh-keygen -lf /var/tmp/ssh_host_ed25519_key.pub
 256 d6:92:21:4b:04:3b:22:f5:ee:85:0a:63:bf:b3:fe:9b /var/tmp/ssh_host_ed25519_key.pub (ED25519)
$ ssh-keygen -lf /var/tmp/ssh_host_rsa_key.pub
248 0f:ee:8d:02:2d:e1:76:f3:eb:f5:af:cb:38:9a:1c:33 /var/tmp/ssh_host_rsa_key.pub (RSA)

iii. Once you are ready to migrate to the new, rotated SSH host keys, move the host keys from the temporary directory and apply the changes to the ssh service.

$ sudo mv /var/tmp/ssh_host_{rsa,dsa,ecdsa,ed25519}_key{,.pub} /etc/ssh
$ sudo service ssh restart

iv. Continue with steps 9 in the Verification and Mitigation if Immediate Upgrade is not Possible section.

`ssh_host_ed25519_key` in GitHub Enterprise

The 2.x versions of GitHub Enterprise on all supported platforms:

Hyper-V (VHD)
OpenStack KVM (QCOW2)
VMware ESXi/vSphere (OVA)
Xen (VHD)
Amazon Web Services
Microsoft Azure

contain a pre-generated ssh_host_ed25519_key. However, only GitHub Enterprise 2.7.4 or greater use the ssh_host_ed25519_key. This can be verified by checking your GitHub Enterprise appliance's /etc/ssh/sshd_config, which added HostKey /etc/ssh/ssh_host_ed25519_key in 2.7.4 or greater.

The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used in 2.7.4 or greater.

If you've upgraded your appliance to 2.7.4 or greater on any of the supported platforms including Amazon Web Services, please follow the instructions in the Verification and Mitigation on GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater section.

Security Fixes

CRITICAL Pre-generated SSH host keys were not regenerated when installing appliances from GitHub Enterprise 2.x images.
Packages have been updated to the latest security versions.

Bug Fixes

When rejected from a pre-receive hook, API merge requests incorrectly returned Internal Server Error.
Webhooks failed to deliver when the external server could only be resolved by the configured proxy server.
The snmpd service did not automatically start on replica instances.
The ghe-system-info command line utility was not available to run because the utility was missing from the $PATH.
In a clustering environment, the redis-server role may not have dedicated memory allocated to the redis service.
In a clustering environment, storage assets that were not replicated or marked for deletion were not properly maintained.
Users were unable to add or remove deploy keys when LDAP sync is enabled.
In a clustering environment, the ghe-cluster-config-check command line utility terminated early from unsuccessful cURL checks.
Pre-receive hooks using the git-grep command may have failed using the default hook environment due to missing libraries.
The initial push of a repository with many Git refs could time out.
The root API endpoint incorrectly returned Not Found when the trailing slash was omitted.
Repository maintenance could time out for large repositories, so the timeout was increased to 120 minutes.
Upgrades could incorrectly output upgrade failed! after a successful upgrade.
After upgrading, the site admin page on replica instances could incorrectly show Verifying ElasticSearch indexes.
Elasticsearch logs could grow very large due to incorrect HTTP and HTTPS connection management.
SSH forced commands containing ${}, were not configurable from the Management Console.
The ghe-ssl-ca-certificate-install command line utility did not accept a piped certificate as input.

Changes

GitHub Enterprise is now available in the Asia Pacific (Mumbai) AWS region.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
Upgrade to 2.7.4 will fail on Running Migration if there are multiple OAuth applications named GitHub Desktop. (updated 2016-09-22)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Errata

The Pre-generated SSH Host Keys in GitHub Enterprise vulnerability disclosure added the ssh_host_ed25519_key in GitHub Enterprise for GitHub Enterprise 2.7.4 or greater appliances on the Amazon Web Services platform. (updated 2016-09-22)
Editing custom messages in the Admin center doesn't provide emoji suggestions was resolved in 2.7.0. (updated 2016-09-21)
Native emoji are lost when saving custom messages in the Admin center was resolved in 2.7.0. (updated 2016-09-21)

Thanks!

The GitHub Team

2.6.9

Tue, 20 Sep 2016 10:30:45 +0000

Pre-generated SSH Host Keys in GitHub Enterprise

Hyper-V (VHD)
OpenStack KVM (QCOW2)
VMware ESXi/vSphere (OVA)
Xen (VHD)
Amazon Web Services (See the ssh_host_ed25519_key in GitHub Enterprise section below)
Microsoft Azure

This means an attacker with the capability to perform a man-in-the-middle attack on SSH traffic can intercept and modify network traffic to the GitHub Enterprise appliance.

The affected supported versions are:

2.7.0 - 2.7.3
2.6.0 - 2.6.8
2.5.0 - 2.5.13
2.4.0 - 2.4.16
2.3.0 - 2.3.20

This vulnerability was found and reported internally and we have no evidence that it has been exploited in the wild.

Please contact GitHub Enterprise Support if you have questions.

Verification and Mitigation on GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater

If you've upgraded to the latest patch release, GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater,

SSH to your primary GitHub Enterprise appliance.

Check for leaked SSH host keys using the ghe-ssh-check-host-keys utility.

$ ghe-ssh-check-host-keys

The utility should output either:

One or more of your SSH host keys were found in the blacklist.
Please reset your host keys using ghe-ssh-roll-host-keys.

The SSH host keys were not found in the SSH host key blacklist.
No additional steps are needed/recommended at this time.

If one or more SSH host keys were found in the blacklist, continue to the next step. Otherwise, your GitHub Enterprise environment is not vulnerable.
Put your GitHub Enterprise environment in Maintenance Mode.

Rotate all SSH host keys using the ghe-ssh-roll-host-keys utility.

$ sudo ghe-ssh-roll-host-keys
$ sudo ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key

The utility should output:

$ SSH host keys have successfully been rolled.

If you've upgraded to GitHub Enterprise 2.7.4, 2.6.9, or greater, and you are using the High Availability Configuration, there are no additional steps to take on your replica appliance.

If you've upgraded to GitHub Enterprise 2.5.14, 2.4.17, 2.3.21, or greater, and you are using the High Availability Configuration,

After completing steps 1-5, stop replication on the replica appliance.
```
$ ghe-repl-stop
```
Synchronize the SSH host keys from the primary appliance.
```
$ ghe-repl-setup
```
Resume replication on the replica appliance.
```
$ ghe-repl-start
```

If you've upgraded to GitHub Enterprise 2.7.4, 2.6.9, 2.5.14 or greater, and you are using Clustering,

After completing steps 1-5, apply the changes to all cluster nodes.
```
$ ghe-cluster-config-apply
```

Verification and Mitigation if Immediate Upgrade is not Possible

If you're unable to upgrade immediately to the latest patch release, GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater,

SSH to your primary GitHub Enterprise appliance.

Download the list of leaked SSH host keys and verify its content using any of the provided hashes.

$ curl -O https://enterprise.github.com/security/2016-09-20/ghe-ssh-leaked-host-keys-list.txt
$ sha256sum ghe-ssh-leaked-host-keys-list.txt
3bb29658784a4059a41f1a77cffba9586baab179ba07b795f80e12a9f10c5665  ghe-ssh-leaked-host-keys-list.txt
$ sha1sum ghe-ssh-leaked-host-keys-list.txt
5db799da044da9aae0bcfc523d22e7ce0fe72550  ghe-ssh-leaked-host-keys-list.txt
$ md5sum ghe-ssh-leaked-host-keys-list.txt
de75bcb0bf1d13e15620952c0af8da41  ghe-ssh-leaked-host-keys-list.txt

Print the fingerprint of your GitHub Enterprise appliance's SSH host keys.
Note: The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used in 2.7.4 or greater.

$ ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub
1024 b2:69:82:2f:25:48:bb:fc:62:c7:9a:de:41:42:13:55 /etc/ssh/ssh_host_dsa_key.pub (DSA)
$ ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub
256 c0:cb:fd:07:33:e9:62:14:6b:fb:d5:26:54:f3:c5:0d /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)
$ ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub
256 d6:92:21:4b:04:3b:22:f5:ee:85:0a:63:bf:b3:fe:9b /etc/ssh/ssh_host_ed25519_key.pub (ED25519)
$ ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
2048 0f:ee:8d:02:2d:e1:76:f3:eb:f5:af:cb:38:9a:1c:33 /etc/ssh/ssh_host_rsa_key.pub (RSA)

Check for leaked SSH host keys by comparing against the downloaded list of leaked SSH host keys.
If one or more SSH host keys were found in the blacklist, continue to the next step. Otherwise, your GitHub Enterprise environment is not vulnerable.
Put your GitHub Enterprise environment in Maintenance Mode.
Remove all SSH host keys.
```
$ sudo rm -f /etc/ssh/ssh_host_*
```
Regenerate the SSH host keys.
Note: The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used and regenerated for in 2.7.4 or greater.
```
$ sudo ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
$ sudo dpkg-reconfigure openssh-server
```

Apply the changes to the ssh and babeld service.

$ sudo cp /etc/ssh/ssh_host_{rsa,dsa,ecdsa,ed25519}_key{,.pub} /data/user/common/
$ sudo chown babeld:babeld /data/user/common/ssh_host_{rsa,dsa,ecdsa,ed25519}_key{,.pub}

If you're unable to upgrade immediately to GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater, and you are using the High Availability Configuration,

After completing steps 1-9, stop replication on the replica appliance.

$ ghe-repl-stop

Synchronize the SSH host keys from the primary appliance.

$ ghe-repl-setup

Resume replication on the replica appliance.

$ ghe-repl-start

If you're unable to upgrade immediately to GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, or greater, and you are using Clustering,

After completing steps 1-9, apply the changes to all cluster nodes.

$ ghe-cluster-config-apply

Post SSH Host Key Rotation

After rotating the SSH host keys, your GitHub Enterprise environment can exit Maintenance Mode.

For example, the following is an output from the command-line,

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:seFT9eIOmAZWbfcO9yU1sXiEYIqcrdi0qttbtmNm0Io.
Please contact your system administrator.
Add correct host key in /Users/monalisa/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/monalisa/.ssh/known_hosts:42
ECDSA host key for [github.example.com]:122 has changed and you have requested strict checking.
Host key verification failed.

After updating the known_hosts, end-users will be prompted to accept a new fingerprint.

$ ssh -p 122 admin@github.example.com
The authenticity of host '[github.example.com]:122 ([169.254.1.1]:122)' can't be established.
ECDSA key fingerprint is SHA256:seFT9eIOmAZWbfcO9yU1sXiEYIqcrdi0qttbtmNm0Io.
Are you sure you want to continue connecting (yes/no)?

Regenerate the SSH host keys.
Note: The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used and regenerated for in 2.7.4 or greater.

i. Pre-generate new SSH host keys to a temporary directory.

$ ssh-keygen -t dsa -N "" -f /var/tmp/ssh_host_dsa_key
$ ssh-keygen -t rsa -N "" -f /var/tmp/ssh_host_rsa_key
$ ssh-keygen -t ecdsa -N "" -f /var/tmp/ssh_host_ecdsa_key
$ ssh-keygen -t ed25519 -N "" -f /var/tmp/ssh_host_ed25519_key

ii. Print the fingerprint of your GitHub Enterprise appliance's SSH host keys for tentative rotation.

$ ssh-keygen -lf /var/tmp/ssh_host_dsa_key.pub
 1024 b2:69:82:2f:25:48:bb:fc:62:c7:9a:de:41:42:13:55 /var/tmp/ssh_host_dsa_key.pub (DSA)
$ ssh-keygen -lf /var/tmp/ssh_host_ecdsa_key.pub
 256 c0:cb:fd:07:33:e9:62:14:6b:fb:d5:26:54:f3:c5:0d /var/tmp/ssh_host_ecdsa_key.pub (ECDSA)
$ ssh-keygen -lf /var/tmp/ssh_host_ed25519_key.pub
 256 d6:92:21:4b:04:3b:22:f5:ee:85:0a:63:bf:b3:fe:9b /var/tmp/ssh_host_ed25519_key.pub (ED25519)
$ ssh-keygen -lf /var/tmp/ssh_host_rsa_key.pub
248 0f:ee:8d:02:2d:e1:76:f3:eb:f5:af:cb:38:9a:1c:33 /var/tmp/ssh_host_rsa_key.pub (RSA)

iii. Once you are ready to migrate to the new, rotated SSH host keys, move the host keys from the temporary directory and apply the changes to the ssh service.

$ sudo mv /var/tmp/ssh_host_{rsa,dsa,ecdsa,ed25519}_key{,.pub} /etc/ssh
$ sudo service ssh restart

iv. Continue with steps 9 in the Verification and Mitigation if Immediate Upgrade is not Possible section.

`ssh_host_ed25519_key` in GitHub Enterprise

The 2.x versions of GitHub Enterprise on all supported platforms:

Hyper-V (VHD)
OpenStack KVM (QCOW2)
VMware ESXi/vSphere (OVA)
Xen (VHD)
Amazon Web Services
Microsoft Azure

contained a pre-generated ssh_host_ed25519_key. However, only GitHub Enterprise 2.7.4 or greater use the ssh_host_ed25519_key. This can be verified by checking your GitHub Enterprise appliance's /etc/ssh/sshd_config, which added HostKey /etc/ssh/ssh_host_ed25519_key in 2.7.4 or greater.

The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used in 2.7.4 or greater.

Security Fixes

CRITICAL Pre-generated SSH host keys were not regenerated when installing appliances from GitHub Enterprise 2.x images.
Packages have been updated to the latest security versions.

Bug Fixes

When rejected from a pre-receive hook, API merge requests incorrectly returned Internal Server Error.
Webhooks failed to deliver when the external server could only be resolved by the configured proxy server.
The ghe-system-info command line utility was not available to run because the utility was missing from the $PATH.
In a clustering environment, storage assets that were not replicated or marked for deletion were not properly maintained.
Users were unable to add or remove deploy keys when LDAP sync is enabled.
In a clustering environment, the ghe-cluster-config-check command line utility terminated early from unsuccessful cURL checks.
The root API endpoint incorrectly returned Not Found when the trailing slash was omitted.
The initial push of a repository with many Git refs could time out.
Elasticsearch logs could grow very large due to incorrect HTTP and HTTPS connection management.
The ghe-ssl-ca-certificate-install command line utility did not accept a piped certificate as input.

Changes

GitHub Enterprise is now available in the Asia Pacific (Mumbai) AWS region.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Errata

The Pre-generated SSH Host Keys in GitHub Enterprise vulnerability disclosure added the ssh_host_ed25519_key in GitHub Enterprise for GitHub Enterprise 2.7.4 or greater appliances on the Amazon Web Services platform. (updated 2016-09-22)

Thanks!

The GitHub Team

2.5.14

Tue, 20 Sep 2016 10:30:44 +0000

Pre-generated SSH Host Keys in GitHub Enterprise

Hyper-V (VHD)
OpenStack KVM (QCOW2)
VMware ESXi/vSphere (OVA)
Xen (VHD)
Amazon Web Services (See the ssh_host_ed25519_key in GitHub Enterprise section below)
Microsoft Azure

This means an attacker with the capability to perform a man-in-the-middle attack on SSH traffic can intercept and modify network traffic to the GitHub Enterprise appliance.

The affected supported versions are:

2.7.0 - 2.7.3
2.6.0 - 2.6.8
2.5.0 - 2.5.13
2.4.0 - 2.4.16
2.3.0 - 2.3.20

This vulnerability was found and reported internally and we have no evidence that it has been exploited in the wild.

Please contact GitHub Enterprise Support if you have questions.

Verification and Mitigation on GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater

If you've upgraded to the latest patch release, GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater,

SSH to your primary GitHub Enterprise appliance.

Check for leaked SSH host keys using the ghe-ssh-check-host-keys utility.

$ ghe-ssh-check-host-keys

The utility should output either:

One or more of your SSH host keys were found in the blacklist.
Please reset your host keys using ghe-ssh-roll-host-keys.

The SSH host keys were not found in the SSH host key blacklist.
No additional steps are needed/recommended at this time.

If one or more SSH host keys were found in the blacklist, continue to the next step. Otherwise, your GitHub Enterprise environment is not vulnerable.
Put your GitHub Enterprise environment in Maintenance Mode.

Rotate all SSH host keys using the ghe-ssh-roll-host-keys utility.

$ sudo ghe-ssh-roll-host-keys
$ sudo ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key

The utility should output:

$ SSH host keys have successfully been rolled.

If you've upgraded to GitHub Enterprise 2.7.4, 2.6.9, or greater, and you are using the High Availability Configuration, there are no additional steps to take on your replica appliance.

If you've upgraded to GitHub Enterprise 2.5.14, 2.4.17, 2.3.21, or greater, and you are using the High Availability Configuration,

After completing steps 1-5, stop replication on the replica appliance.
```
$ ghe-repl-stop
```
Synchronize the SSH host keys from the primary appliance.
```
$ ghe-repl-setup
```
Resume replication on the replica appliance.
```
$ ghe-repl-start
```

If you've upgraded to GitHub Enterprise 2.7.4, 2.6.9, 2.5.14 or greater, and you are using Clustering,

After completing steps 1-5, apply the changes to all cluster nodes.
```
$ ghe-cluster-config-apply
```

Verification and Mitigation if Immediate Upgrade is not Possible

If you're unable to upgrade immediately to the latest patch release, GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater,

SSH to your primary GitHub Enterprise appliance.

Download the list of leaked SSH host keys and verify its content using any of the provided hashes.

$ curl -O https://enterprise.github.com/security/2016-09-20/ghe-ssh-leaked-host-keys-list.txt
$ sha256sum ghe-ssh-leaked-host-keys-list.txt
3bb29658784a4059a41f1a77cffba9586baab179ba07b795f80e12a9f10c5665  ghe-ssh-leaked-host-keys-list.txt
$ sha1sum ghe-ssh-leaked-host-keys-list.txt
5db799da044da9aae0bcfc523d22e7ce0fe72550  ghe-ssh-leaked-host-keys-list.txt
$ md5sum ghe-ssh-leaked-host-keys-list.txt
de75bcb0bf1d13e15620952c0af8da41  ghe-ssh-leaked-host-keys-list.txt

Print the fingerprint of your GitHub Enterprise appliance's SSH host keys.
Note: The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used in 2.7.4 or greater.

$ ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub
1024 b2:69:82:2f:25:48:bb:fc:62:c7:9a:de:41:42:13:55 /etc/ssh/ssh_host_dsa_key.pub (DSA)
$ ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub
256 c0:cb:fd:07:33:e9:62:14:6b:fb:d5:26:54:f3:c5:0d /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)
$ ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub
256 d6:92:21:4b:04:3b:22:f5:ee:85:0a:63:bf:b3:fe:9b /etc/ssh/ssh_host_ed25519_key.pub (ED25519)
$ ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
2048 0f:ee:8d:02:2d:e1:76:f3:eb:f5:af:cb:38:9a:1c:33 /etc/ssh/ssh_host_rsa_key.pub (RSA)

Check for leaked SSH host keys by comparing against the downloaded list of leaked SSH host keys.
If one or more SSH host keys were found in the blacklist, continue to the next step. Otherwise, your GitHub Enterprise environment is not vulnerable.
Put your GitHub Enterprise environment in Maintenance Mode.
Remove all SSH host keys.
```
$ sudo rm -f /etc/ssh/ssh_host_*
```
Regenerate the SSH host keys.
Note: The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used and regenerated for in 2.7.4 or greater.
```
$ sudo ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
$ sudo dpkg-reconfigure openssh-server
```

Apply the changes to the ssh and babeld service.

$ sudo cp /etc/ssh/ssh_host_{rsa,dsa,ecdsa,ed25519}_key{,.pub} /data/user/common/
$ sudo chown babeld:babeld /data/user/common/ssh_host_{rsa,dsa,ecdsa,ed25519}_key{,.pub}

If you're unable to upgrade immediately to GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater, and you are using the High Availability Configuration,

After completing steps 1-9, stop replication on the replica appliance.

$ ghe-repl-stop

Synchronize the SSH host keys from the primary appliance.

$ ghe-repl-setup

Resume replication on the replica appliance.

$ ghe-repl-start

If you're unable to upgrade immediately to GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, or greater, and you are using Clustering,

After completing steps 1-9, apply the changes to all cluster nodes.

$ ghe-cluster-config-apply

Post SSH Host Key Rotation

After rotating the SSH host keys, your GitHub Enterprise environment can exit Maintenance Mode.

For example, the following is an output from the command-line,

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:seFT9eIOmAZWbfcO9yU1sXiEYIqcrdi0qttbtmNm0Io.
Please contact your system administrator.
Add correct host key in /Users/monalisa/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/monalisa/.ssh/known_hosts:42
ECDSA host key for [github.example.com]:122 has changed and you have requested strict checking.
Host key verification failed.

After updating the known_hosts, end-users will be prompted to accept a new fingerprint.

$ ssh -p 122 admin@github.example.com
The authenticity of host '[github.example.com]:122 ([169.254.1.1]:122)' can't be established.
ECDSA key fingerprint is SHA256:seFT9eIOmAZWbfcO9yU1sXiEYIqcrdi0qttbtmNm0Io.
Are you sure you want to continue connecting (yes/no)?

Regenerate the SSH host keys.
Note: The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used and regenerated for in 2.7.4 or greater.

i. Pre-generate new SSH host keys to a temporary directory.

$ ssh-keygen -t dsa -N "" -f /var/tmp/ssh_host_dsa_key
$ ssh-keygen -t rsa -N "" -f /var/tmp/ssh_host_rsa_key
$ ssh-keygen -t ecdsa -N "" -f /var/tmp/ssh_host_ecdsa_key
$ ssh-keygen -t ed25519 -N "" -f /var/tmp/ssh_host_ed25519_key

ii. Print the fingerprint of your GitHub Enterprise appliance's SSH host keys for tentative rotation.

$ ssh-keygen -lf /var/tmp/ssh_host_dsa_key.pub
 1024 b2:69:82:2f:25:48:bb:fc:62:c7:9a:de:41:42:13:55 /var/tmp/ssh_host_dsa_key.pub (DSA)
$ ssh-keygen -lf /var/tmp/ssh_host_ecdsa_key.pub
 256 c0:cb:fd:07:33:e9:62:14:6b:fb:d5:26:54:f3:c5:0d /var/tmp/ssh_host_ecdsa_key.pub (ECDSA)
$ ssh-keygen -lf /var/tmp/ssh_host_ed25519_key.pub
 256 d6:92:21:4b:04:3b:22:f5:ee:85:0a:63:bf:b3:fe:9b /var/tmp/ssh_host_ed25519_key.pub (ED25519)
$ ssh-keygen -lf /var/tmp/ssh_host_rsa_key.pub
248 0f:ee:8d:02:2d:e1:76:f3:eb:f5:af:cb:38:9a:1c:33 /var/tmp/ssh_host_rsa_key.pub (RSA)

iii. Once you are ready to migrate to the new, rotated SSH host keys, move the host keys from the temporary directory and apply the changes to the ssh service.

$ sudo mv /var/tmp/ssh_host_{rsa,dsa,ecdsa,ed25519}_key{,.pub} /etc/ssh
$ sudo service ssh restart

iv. Continue with steps 9 in the Verification and Mitigation if Immediate Upgrade is not Possible section.

`ssh_host_ed25519_key` in GitHub Enterprise

The 2.x versions of GitHub Enterprise on all supported platforms:

Hyper-V (VHD)
OpenStack KVM (QCOW2)
VMware ESXi/vSphere (OVA)
Xen (VHD)
Amazon Web Services
Microsoft Azure

The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used in 2.7.4 or greater.

Security Fixes

CRITICAL Pre-generated SSH host keys were not regenerated when installing appliances from GitHub Enterprise 2.x images.
Packages have been updated to the latest security versions.

Bug Fixes

In a clustering environment, storage assets that were not replicated or marked for deletion were not properly maintained.
Users were unable to add or remove deploy keys when LDAP sync is enabled.

Changes

GitHub Enterprise is now available in the Asia Pacific (Mumbai) AWS region.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-11-15)
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Errata

The Pre-generated SSH Host Keys in GitHub Enterprise vulnerability disclosure added the ssh_host_ed25519_key in GitHub Enterprise for GitHub Enterprise 2.7.4 or greater appliances on the Amazon Web Services platform. (updated 2016-09-22)
We didn't include the fix for the issue that migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-11-15)

Thanks!

The GitHub Team

2.4.17

Tue, 20 Sep 2016 10:30:43 +0000

Pre-generated SSH Host Keys in GitHub Enterprise

Hyper-V (VHD)
OpenStack KVM (QCOW2)
VMware ESXi/vSphere (OVA)
Xen (VHD)
Amazon Web Services (See the ssh_host_ed25519_key in GitHub Enterprise section below)
Microsoft Azure

This means an attacker with the capability to perform a man-in-the-middle attack on SSH traffic can intercept and modify network traffic to the GitHub Enterprise appliance.

The affected supported versions are:

2.7.0 - 2.7.3
2.6.0 - 2.6.8
2.5.0 - 2.5.13
2.4.0 - 2.4.16
2.3.0 - 2.3.20

This vulnerability was found and reported internally and we have no evidence that it has been exploited in the wild.

Please contact GitHub Enterprise Support if you have questions.

Verification and Mitigation on GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater

If you've upgraded to the latest patch release, GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater,

SSH to your primary GitHub Enterprise appliance.

Check for leaked SSH host keys using the ghe-ssh-check-host-keys utility.

$ ghe-ssh-check-host-keys

The utility should output either:

One or more of your SSH host keys were found in the blacklist.
Please reset your host keys using ghe-ssh-roll-host-keys.

The SSH host keys were not found in the SSH host key blacklist.
No additional steps are needed/recommended at this time.

If one or more SSH host keys were found in the blacklist, continue to the next step. Otherwise, your GitHub Enterprise environment is not vulnerable.
Put your GitHub Enterprise environment in Maintenance Mode.

Rotate all SSH host keys using the ghe-ssh-roll-host-keys utility.

$ sudo ghe-ssh-roll-host-keys
$ sudo ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key

The utility should output:

$ SSH host keys have successfully been rolled.

If you've upgraded to GitHub Enterprise 2.7.4, 2.6.9, or greater, and you are using the High Availability Configuration, there are no additional steps to take on your replica appliance.

If you've upgraded to GitHub Enterprise 2.5.14, 2.4.17, 2.3.21, or greater, and you are using the High Availability Configuration,

After completing steps 1-5, stop replication on the replica appliance.
```
$ ghe-repl-stop
```
Synchronize the SSH host keys from the primary appliance.
```
$ ghe-repl-setup
```
Resume replication on the replica appliance.
```
$ ghe-repl-start
```

Verification and Mitigation if Immediate Upgrade is not Possible

If you're unable to upgrade immediately to the latest patch release, GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater,

SSH to your primary GitHub Enterprise appliance.

Download the list of leaked SSH host keys and verify its content using any of the provided hashes.

$ curl -O https://enterprise.github.com/security/2016-09-20/ghe-ssh-leaked-host-keys-list.txt
$ sha256sum ghe-ssh-leaked-host-keys-list.txt
3bb29658784a4059a41f1a77cffba9586baab179ba07b795f80e12a9f10c5665  ghe-ssh-leaked-host-keys-list.txt
$ sha1sum ghe-ssh-leaked-host-keys-list.txt
5db799da044da9aae0bcfc523d22e7ce0fe72550  ghe-ssh-leaked-host-keys-list.txt
$ md5sum ghe-ssh-leaked-host-keys-list.txt
de75bcb0bf1d13e15620952c0af8da41  ghe-ssh-leaked-host-keys-list.txt

Print the fingerprint of your GitHub Enterprise appliance's SSH host keys.
Note: The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used in 2.7.4 or greater.

$ ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub
1024 b2:69:82:2f:25:48:bb:fc:62:c7:9a:de:41:42:13:55 /etc/ssh/ssh_host_dsa_key.pub (DSA)
$ ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub
256 c0:cb:fd:07:33:e9:62:14:6b:fb:d5:26:54:f3:c5:0d /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)
$ ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub
256 d6:92:21:4b:04:3b:22:f5:ee:85:0a:63:bf:b3:fe:9b /etc/ssh/ssh_host_ed25519_key.pub (ED25519)
$ ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
2048 0f:ee:8d:02:2d:e1:76:f3:eb:f5:af:cb:38:9a:1c:33 /etc/ssh/ssh_host_rsa_key.pub (RSA)

Check for leaked SSH host keys by comparing against the downloaded list of leaked SSH host keys.
If one or more SSH host keys were found in the blacklist, continue to the next step. Otherwise, your GitHub Enterprise environment is not vulnerable.
Put your GitHub Enterprise environment in Maintenance Mode.
Remove all SSH host keys.
```
$ sudo rm -f /etc/ssh/ssh_host_*
```
Regenerate the SSH host keys.
Note: The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used and regenerated for in 2.7.4 or greater.
```
$ sudo ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
$ sudo dpkg-reconfigure openssh-server
```

Apply the changes to the ssh and babeld service.

$ sudo cp /etc/ssh/ssh_host_{rsa,dsa,ecdsa,ed25519}_key{,.pub} /data/user/common/
$ sudo chown babeld:babeld /data/user/common/ssh_host_{rsa,dsa,ecdsa,ed25519}_key{,.pub}

If you're unable to upgrade immediately to GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater, and you are using the High Availability Configuration,

After completing steps 1-9, stop replication on the replica appliance.

$ ghe-repl-stop

Synchronize the SSH host keys from the primary appliance.

$ ghe-repl-setup

Resume replication on the replica appliance.

$ ghe-repl-start

Post SSH Host Key Rotation

After rotating the SSH host keys, your GitHub Enterprise environment can exit Maintenance Mode.

For example, the following is an output from the command-line,

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:seFT9eIOmAZWbfcO9yU1sXiEYIqcrdi0qttbtmNm0Io.
Please contact your system administrator.
Add correct host key in /Users/monalisa/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/monalisa/.ssh/known_hosts:42
ECDSA host key for [github.example.com]:122 has changed and you have requested strict checking.
Host key verification failed.

After updating the known_hosts, end-users will be prompted to accept a new fingerprint.

$ ssh -p 122 admin@github.example.com
The authenticity of host '[github.example.com]:122 ([169.254.1.1]:122)' can't be established.
ECDSA key fingerprint is SHA256:seFT9eIOmAZWbfcO9yU1sXiEYIqcrdi0qttbtmNm0Io.
Are you sure you want to continue connecting (yes/no)?

Regenerate the SSH host keys.
Note: The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used and regenerated for in 2.7.4 or greater.

i. Pre-generate new SSH host keys to a temporary directory.

$ ssh-keygen -t dsa -N "" -f /var/tmp/ssh_host_dsa_key
$ ssh-keygen -t rsa -N "" -f /var/tmp/ssh_host_rsa_key
$ ssh-keygen -t ecdsa -N "" -f /var/tmp/ssh_host_ecdsa_key
$ ssh-keygen -t ed25519 -N "" -f /var/tmp/ssh_host_ed25519_key

ii. Print the fingerprint of your GitHub Enterprise appliance's SSH host keys for tentative rotation.

$ ssh-keygen -lf /var/tmp/ssh_host_dsa_key.pub 1024 b2:69:82:2f:25:48:bb:fc:62:c7:9a:de:41:42:13:55 /var/tmp/ssh_host_dsa_key.pub (DSA)
$ ssh-keygen -lf /var/tmp/ssh_host_ecdsa_key.pub
 256 c0:cb:fd:07:33:e9:62:14:6b:fb:d5:26:54:f3:c5:0d /var/tmp/ssh_host_ecdsa_key.pub (ECDSA)
$ ssh-keygen -lf /var/tmp/ssh_host_ed25519_key.pub
 256 d6:92:21:4b:04:3b:22:f5:ee:85:0a:63:bf:b3:fe:9b /var/tmp/ssh_host_ed25519_key.pub (ED25519)
$ ssh-keygen -lf /var/tmp/ssh_host_rsa_key.pub
248 0f:ee:8d:02:2d:e1:76:f3:eb:f5:af:cb:38:9a:1c:33 /var/tmp/ssh_host_rsa_key.pub (RSA)

iii. Once you are ready to migrate to the new, rotated SSH host keys, move the host keys from the temporary directory and apply the changes to the ssh service.

$ sudo mv /var/tmp/ssh_host_{rsa,dsa,ecdsa,ed25519}_key{,.pub} /etc/ssh
$ sudo service ssh restart

iv. Continue with steps 9 in the Verification and Mitigation if Immediate Upgrade is not Possible section.

`ssh_host_ed25519_key` in GitHub Enterprise

The 2.x versions of GitHub Enterprise on all supported platforms:

Hyper-V (VHD)
OpenStack KVM (QCOW2)
VMware ESXi/vSphere (OVA)
Xen (VHD)
Amazon Web Services
Microsoft Azure

The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used in 2.7.4 or greater.

Security Fixes

CRITICAL Pre-generated SSH host keys were not regenerated when installing appliances from GitHub Enterprise 2.x images.
Packages have been updated to the latest security versions.

Bug Fixes

Users were unable to add or remove deploy keys when LDAP sync is enabled.

Changes

GitHub Enterprise is now available in the Asia Pacific (Mumbai) AWS region.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Errata

The Pre-generated SSH Host Keys in GitHub Enterprise vulnerability disclosure added the ssh_host_ed25519_key in GitHub Enterprise for GitHub Enterprise 2.7.4 or greater appliances on the Amazon Web Services platform. (updated 2016-09-22)

Thanks!

The GitHub Team

2.3.21

Tue, 20 Sep 2016 10:30:42 +0000

Pre-generated SSH Host Keys in GitHub Enterprise

Hyper-V (VHD)
OpenStack KVM (QCOW2)
VMware ESXi/vSphere (OVA)
Xen (VHD)
Amazon Web Services (See the ssh_host_ed25519_key in GitHub Enterprise section below)
Microsoft Azure

This means an attacker with the capability to perform a man-in-the-middle attack on SSH traffic can intercept and modify network traffic to the GitHub Enterprise appliance.

The affected supported versions are:

2.7.0 - 2.7.3
2.6.0 - 2.6.8
2.5.0 - 2.5.13
2.4.0 - 2.4.16
2.3.0 - 2.3.20

This vulnerability was found and reported internally and we have no evidence that it has been exploited in the wild.

Please contact GitHub Enterprise Support if you have questions.

Verification and Mitigation on GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater

If you've upgraded to the latest patch release, GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater,

SSH to your primary GitHub Enterprise appliance.

Check for leaked SSH host keys using the ghe-ssh-check-host-keys utility.

$ ghe-ssh-check-host-keys

The utility should output either:

One or more of your SSH host keys were found in the blacklist.
Please reset your host keys using ghe-ssh-roll-host-keys.

The SSH host keys were not found in the SSH host key blacklist.
No additional steps are needed/recommended at this time.

If one or more SSH host keys were found in the blacklist, continue to the next step. Otherwise, your GitHub Enterprise environment is not vulnerable.
Put your GitHub Enterprise environment in Maintenance Mode.

Rotate all SSH host keys using the ghe-ssh-roll-host-keys utility.

$ sudo ghe-ssh-roll-host-keys
$ sudo ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key

The utility should output:

$ SSH host keys have successfully been rolled.

If you've upgraded to GitHub Enterprise 2.7.4, 2.6.9, or greater, and you are using the High Availability Configuration, there are no additional steps to take on your replica appliance.

If you've upgraded to GitHub Enterprise 2.5.14, 2.4.17, 2.3.21, or greater, and you are using the High Availability Configuration,

After completing steps 1-5, stop replication on the replica appliance.
```
$ ghe-repl-stop
```
Synchronize the SSH host keys from the primary appliance.
```
$ ghe-repl-setup
```
Resume replication on the replica appliance.
```
$ ghe-repl-start
```

Verification and Mitigation if Immediate Upgrade is not Possible

If you're unable to upgrade immediately to the latest patch release, GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater,

SSH to your primary GitHub Enterprise appliance.

Download the list of leaked SSH host keys and verify its content using any of the provided hashes.

$ curl -O https://enterprise.github.com/security/2016-09-20/ghe-ssh-leaked-host-keys-list.txt
$ sha256sum ghe-ssh-leaked-host-keys-list.txt
3bb29658784a4059a41f1a77cffba9586baab179ba07b795f80e12a9f10c5665  ghe-ssh-leaked-host-keys-list.txt
$ sha1sum ghe-ssh-leaked-host-keys-list.txt
5db799da044da9aae0bcfc523d22e7ce0fe72550  ghe-ssh-leaked-host-keys-list.txt
$ md5sum ghe-ssh-leaked-host-keys-list.txt
de75bcb0bf1d13e15620952c0af8da41  ghe-ssh-leaked-host-keys-list.txt

Print the fingerprint of your GitHub Enterprise appliance's SSH host keys.
Note: The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used in 2.7.4 or greater.

$ ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub
1024 b2:69:82:2f:25:48:bb:fc:62:c7:9a:de:41:42:13:55 /etc/ssh/ssh_host_dsa_key.pub (DSA)
$ ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub
256 c0:cb:fd:07:33:e9:62:14:6b:fb:d5:26:54:f3:c5:0d /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)
$ ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub
256 d6:92:21:4b:04:3b:22:f5:ee:85:0a:63:bf:b3:fe:9b /etc/ssh/ssh_host_ed25519_key.pub (ED25519)
$ ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
2048 0f:ee:8d:02:2d:e1:76:f3:eb:f5:af:cb:38:9a:1c:33 /etc/ssh/ssh_host_rsa_key.pub (RSA)

Check for leaked SSH host keys by comparing against the downloaded list of leaked SSH host keys.
If one or more SSH host keys were found in the blacklist, continue to the next step. Otherwise, your GitHub Enterprise environment is not vulnerable.
Put your GitHub Enterprise environment in Maintenance Mode.
Remove all SSH host keys.
```
$ sudo rm -f /etc/ssh/ssh_host_*
```
Regenerate the SSH host keys.
Note: The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used and regenerated for in 2.7.4 or greater.
```
$ sudo ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
$ sudo dpkg-reconfigure openssh-server
```

Apply the changes to the ssh and babeld service.

$ sudo cp /etc/ssh/ssh_host_{rsa,dsa,ecdsa,ed25519}_key{,.pub} /data/user/common/
$ sudo chown babeld:babeld /data/user/common/ssh_host_{rsa,dsa,ecdsa,ed25519}_key{,.pub}

If you're unable to upgrade immediately to GitHub Enterprise 2.7.4, 2.6.9, 2.5.14, 2.4.17, 2.3.21, or greater, and you are using the High Availability Configuration,

After completing steps 1-9, stop replication on the replica appliance.

$ ghe-repl-stop

Synchronize the SSH host keys from the primary appliance.

$ ghe-repl-setup

Resume replication on the replica appliance.

$ ghe-repl-start

Post SSH Host Key Rotation

After rotating the SSH host keys, your GitHub Enterprise environment can exit Maintenance Mode.

For example, the following is an output from the command-line,

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:seFT9eIOmAZWbfcO9yU1sXiEYIqcrdi0qttbtmNm0Io.
Please contact your system administrator.
Add correct host key in /Users/monalisa/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/monalisa/.ssh/known_hosts:42
ECDSA host key for [github.example.com]:122 has changed and you have requested strict checking.
Host key verification failed.

After updating the known_hosts, end-users will be prompted to accept a new fingerprint.

$ ssh -p 122 admin@github.example.com
The authenticity of host '[github.example.com]:122 ([169.254.1.1]:122)' can't be established.
ECDSA key fingerprint is SHA256:seFT9eIOmAZWbfcO9yU1sXiEYIqcrdi0qttbtmNm0Io.
Are you sure you want to continue connecting (yes/no)?

Regenerate the SSH host keys.
Note: The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used and regenerated for in 2.7.4 or greater.

i. Pre-generate new SSH host keys to a temporary directory.

$ ssh-keygen -t dsa -N "" -f /var/tmp/ssh_host_dsa_key
$ ssh-keygen -t rsa -N "" -f /var/tmp/ssh_host_rsa_key
$ ssh-keygen -t ecdsa -N "" -f /var/tmp/ssh_host_ecdsa_key
$ ssh-keygen -t ed25519 -N "" -f /var/tmp/ssh_host_ed25519_key

ii. Print the fingerprint of your GitHub Enterprise appliance's SSH host keys for tentative rotation.

$ ssh-keygen -lf /var/tmp/ssh_host_dsa_key.pub
 1024 b2:69:82:2f:25:48:bb:fc:62:c7:9a:de:41:42:13:55 /var/tmp/ssh_host_dsa_key.pub (DSA)
$ ssh-keygen -lf /var/tmp/ssh_host_ecdsa_key.pub
 256 c0:cb:fd:07:33:e9:62:14:6b:fb:d5:26:54:f3:c5:0d /var/tmp/ssh_host_ecdsa_key.pub (ECDSA)
$ ssh-keygen -lf /var/tmp/ssh_host_ed25519_key.pub
 256 d6:92:21:4b:04:3b:22:f5:ee:85:0a:63:bf:b3:fe:9b /var/tmp/ssh_host_ed25519_key.pub (ED25519)
$ ssh-keygen -lf /var/tmp/ssh_host_rsa_key.pub
248 0f:ee:8d:02:2d:e1:76:f3:eb:f5:af:cb:38:9a:1c:33 /var/tmp/ssh_host_rsa_key.pub (RSA)

iii. Once you are ready to migrate to the new, rotated SSH host keys, move the host keys from the temporary directory and apply the changes to the ssh service.

$ sudo mv /var/tmp/ssh_host_{rsa,dsa,ecdsa,ed25519}_key{,.pub} /etc/ssh
$ sudo service ssh restart

iv. Continue with steps 9 in the Verification and Mitigation if Immediate Upgrade is not Possible section.

`ssh_host_ed25519_key` in GitHub Enterprise

The 2.x versions of GitHub Enterprise on all supported platforms:

Hyper-V (VHD)
OpenStack KVM (QCOW2)
VMware ESXi/vSphere (OVA)
Xen (VHD)
Amazon Web Services
Microsoft Azure

The ssh_host_ed25519_key may exist on your GitHub Enterprise appliance but is only used in 2.7.4 or greater.

Security Fixes

CRITICAL Pre-generated SSH host keys were not regenerated when installing appliances from GitHub Enterprise 2.x images.
Packages have been updated to the latest security versions.

Bug Fixes

Users were unable to add or remove deploy keys when LDAP sync is enabled.

Changes

GitHub Enterprise is now available in the Asia Pacific (Mumbai) AWS region.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Errata

The Pre-generated SSH Host Keys in GitHub Enterprise vulnerability disclosure added the ssh_host_ed25519_key in GitHub Enterprise for GitHub Enterprise 2.7.4 or greater appliances on the Amazon Web Services platform. (updated 2016-09-22)

Thanks!

The GitHub Team

2.7.3

Tue, 30 Aug 2016 16:00:27 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

In a clustering environment, Gists were not being replicated to new nodes.
In a clustering environment, Git pushes could time out while waiting for the server to replicate data.
LFS files with spaces in the file path were not rendered properly.
git-lfs pull could cause high MySQL CPU usage.
Unsuspending users did not check for available license seats.
Gist IDs could incorrectly collide when MySQL restarted.
The Git proxy service, babeld, did not scale the number of workers when memory was added.
Pre-receive hooks failed when using an environment with incorrect /tmp permissions.
Issue assignees assigned in GitHub Enterprise 2.6 or earlier weren't visible.
Dynamic worker optimizations could exhaust the maximum number of allowed MySQL connections. MySQL's max_connections was increased to 2000.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Errata

Editing custom messages in the Admin center doesn't provide emoji suggestions was resolved in 2.7.0. (updated 2016-09-21)
Native emoji are lost when saving custom messages in the Admin center was resolved in 2.7.0. (updated 2016-09-21)

Thanks!

The GitHub Team

2.6.8

Tue, 30 Aug 2016 16:00:26 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

In a clustering environment, Git pushes could time out while waiting for the server to replicate data.
In a clustering environment, Gist were not being replicated to new nodes.
LFS files with spaces in the file path were not rendered properly.
git-lfs pull could cause high MySQL CPU usage.
Unsuspending users did not check for available license seats.
Purging an archived repository could fail.
Gist IDs could incorrectly collide when MySQL restarted.
The Git proxy service, babeld, did not scale the number of workers when memory was added.
Pre-receive hooks failed when using an environment with incorrect /tmp permissions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.13

Tue, 30 Aug 2016 16:00:25 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

In a clustering environment, Gists were not being replicated to new nodes.
git-lfs pull could cause high MySQL CPU usage.
Gist IDs could incorrectly collide when MySQL restarted.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-11-15)
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Errata

We didn't include the fix for the issue that migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-11-15)

Thanks!

The GitHub Team

2.4.16

Tue, 30 Aug 2016 16:00:24 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Gist IDs could incorrectly collide when MySQL restarted.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.3.20

Tue, 30 Aug 2016 16:00:23 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Gist IDs could incorrectly collide when MySQL restarted.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.7.2

Tue, 16 Aug 2016 16:00:27 +0000

Security Fixes

CRITICAL: Fixed a buffer overflow vulnerability in a network accessible service. Exploitation could result in remote code execution or denial of service. This vulnerability was identified internally and currently no known exploits exist.
HIGH: Worked around Microsoft Internet Explorer bug causing redirects to the incorrect hostname during OAuth negotiation.
MEDIUM: Users were able to delete SSH and/or GPG keys when LDAP sync is enabled.
Packages have been updated to the latest security versions.

Bug Fixes

An appliance would enter maintenance mode earlier than expected if scheduled more than a week in advance.
ghe-diagnostics printed a benign unrecognised disk label error message.
Pre-receive hooks using the curl and/or gpg command may have failed using the default hook environment due to missing libraries.
Git pushes were denied if the pre-receive hook timed out on repositories with a non-enforced exit-status.
Public Pages could not be configured when Private Mode is enabled.
The Pages preview API showed incorrect values for html_url and erroneously used cname when subdomain isolation is enabled.
sudo and commands that call sudo, like the ghe-repl-* commands, would print a harmless sudo: unable to resolve host message when run on AWS-hosted high availability replicas.
Avatars may have failed to render in a clustering environment.
Large file uploads may have timed out in a clustering environment.
git operations may have blocked indefinitely if the data volume had less than 10% free disk space.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
Issue assignees assigned in GitHub Enterprise 2.6 or earlier aren't visible. (updated 2016-08-27)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Errata

Editing custom messages in the Admin center doesn't provide emoji suggestions was resolved in 2.7.0. (updated 2016-09-21)
Native emoji are lost when saving custom messages in the Admin center was resolved in 2.7.0. (updated 2016-09-21)

Thanks!

The GitHub Team

2.6.7

Tue, 16 Aug 2016 16:00:26 +0000

Security Fixes

HIGH: Worked around Microsoft Internet Explorer bug causing redirects to the incorrect hostname during OAuth negotiation.
MEDIUM: Users were able to delete SSH and/or GPG keys when LDAP sync is enabled.
Packages have been updated to the latest security versions.

Bug Fixes

An appliance would enter maintenance mode earlier than expected if scheduled more than a week in advance.
Pre-receive hooks using the curl and/or gpg command may have failed using the default hook environment due to missing libraries.
Git pushes were denied if the pre-receive hook timed out on repositories with a non-enforced exit-status.
Avatars may have failed to render in a clustering environment.
Large file uploads may have timed out in a clustering environment.
Unable to delete, transfer, or change the visibility of a repository from incorrect input validation.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.12

Tue, 16 Aug 2016 16:00:25 +0000

Security Fixes

HIGH: Worked around Microsoft Internet Explorer bug causing redirects to the incorrect hostname during OAuth negotiation.
MEDIUM: Users were able to delete SSH and/or GPG keys when LDAP sync is enabled.
Packages have been updated to the latest security versions.

Bug Fixes

An appliance would enter maintenance mode earlier than expected if scheduled more than a week in advance.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-11-15)
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Errata

We didn't include the fix for the issue that migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-11-15)

Thanks!

The GitHub Team

2.4.15

Tue, 16 Aug 2016 16:00:24 +0000

Security Fixes

HIGH: Worked around Microsoft Internet Explorer bug causing redirects to the incorrect hostname during OAuth negotiation.
MEDIUM: Users were able to delete SSH and/or GPG keys when LDAP sync is enabled.
Packages have been updated to the latest security versions.

Bug Fixes

An appliance would enter maintenance mode earlier than expected if scheduled more than a week in advance.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.3.19

Tue, 16 Aug 2016 16:00:23 +0000

Security Fixes

HIGH: Worked around Microsoft Internet Explorer bug causing redirects to the incorrect hostname during OAuth negotiation.
MEDIUM: Users were able to delete SSH and/or GPG keys when LDAP sync is enabled.
Packages have been updated to the latest security versions.

Bug Fixes

An appliance would enter maintenance mode earlier than expected if scheduled more than a week in advance.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.7.1

Tue, 09 Aug 2016 16:00:27 +0000

Bug Fixes

Pre-receive hooks using the awk command in the default hook environment would fail with a cannot open shared object file message.
The network information displayed on the hypervisor console didn't display correctly if the instance did not have an IP address.
Updated glibc to fix an assertion error during DNS lookups which occured in very specific network setups. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825699 for more details.
The task_list_instrumentation queue in the output from ghe-resque-info would show harmless unprocessed jobs. These are now being correctly processed.
When LDAP sync is enabled for SSH and/or GPG keys, users were still able to add new keys via the web UI.
New and upgraded AWS-hosted instances would default to using 8.8.8.8 for the DNS server. This could cause issues if that DNS server is not reachable.
Language breakdown for an empty repository would fail with a HTTP 500 error.
Administrators could not view a user's GPG keys via the Site Admin dashboard.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Additional white spacing can sometimes be seen above the Admin center header.
git operations may block indefinitely if the data volume has less than 10% free disk space. (updated 2016-08-16)
Issue assignees assigned in GitHub Enterprise 2.6 or earlier aren't visible. (updated 2016-08-27)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Backups and Disaster Recovery

GitHub Enterprise 2.7 requires at least GitHub Enterprise Backup Utilities 2.7.0 for Backups and Disaster Recovery. (updated 2016-08-15)

Errata

Editing custom messages in the Admin center doesn't provide emoji suggestions was resolved in 2.7.0. (updated 2016-09-21)
Native emoji are lost when saving custom messages in the Admin center was resolved in 2.7.0. (updated 2016-09-21)

Thanks!

The GitHub Team

2.7.0

Wed, 03 Aug 2016 16:00:27 +0000

Features

With the new features added in GitHub Enterprise 2.7.0, you can:

Sign commits and tags using verified GPG keys.
Keep track of comment edits with edit badges, a label indicating a post was edited.
Add up to 10 people to an issue or pull request with multiple assignees.
Move checklist items around by dragging and dropping them.
Display up to five public repositories in the "Pinned repositories" section on your profile.
Squash a pull request in the Pull Request Merge API during the preview period.
Use the endpoints for Reactions to react and unreact via the API.
Lock an issue's conversation via the API.
Receive email notifications about your GitHub activity.
Use the branches API to specify which members and teams can push to a protected branch.
Publicize or hide your private contributions on your profile.
Add a bio to your profile to share information about yourself with other GitHub users.
Integrate Pre-receive hooks into your workflow using the Pre-receive environments and Pre-receive hooks API.
Use more webhook event actions to notify when changes are made to issues and pull requests and if a repository's public visibility changes.

Security Fixes

CRITICAL: In current (less than 2.7) versions of GitHub Enterprise, a SAML or CAS authenticated user may log in as another user if they have full control of the login value registered with the external authentication provider. While this issue only affects specific installations, we have released this as a CRITICAL issue given its impact when external authentication configurations allow user control of registered logins.
LOW: The permissions on rbenv, used by many components of GitHub Enterprise, have been tightened.
Packages have been updated to the latest security versions.

Bug Fixes

Webhook responses that were not encoded as UTF-8 would not be viewable in the delivery log.
Organizations could be suspended using the ghe-user-suspend command.
Transparent avatars were rendered with an opaque white background.
Clicking the rocket icon led to the current repository administration page instead of the intended Site admin page.
The first part of the fully qualified hostname was used in the system logs instead of the normalized hostname.
Uploading PNG images with drag and drop could fail with the error 'Something went really wrong, and we can't process that file.'.
The mobile view of a repository didn't show the total number of commits.
Repository push logs didn't record whether a push was forced.
Avatars may not have been displayed on preview.
Console text was difficult to read on OpenStack KVM.
The "Revert" button was missing when a pull request was squash merged. (updated 2016-09-21)

Changes

Upgrading of Elasticsearch indices is now a background process. Searching will continue to operate normally during this time.
The speed of some SVN to Git operations has been improved.
The ghe-webhook-logs command line utility, a command-line viewer for webhook logs has been introduced.
Unsubscribe links now require authentication. The logged in user must match the user the link was originally sent to in order for the unsubscribe to occur.
RequestDenied SAML responses are better handled and a descriptive message is returned to the user.
Webhooks can now be migrated along with repository and user data using gh-migrator.
GitHub Pages uses Jekyll 3.1.

Backups and Disaster Recovery

GitHub Enterprise 2.7 requires at least GitHub Enterprise Backup Utilities 2.7.0 for Backups and Disaster Recovery. (updated 2016-08-15)

Deprecation of GitHub Enterprise 2.2

GitHub Enterprise 2.2 is now deprecated. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Upcoming deprecation of GitHub Enterprise 2.3

GitHub Enterprise 2.3 will be deprecated as of October 2016. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Upcoming deprecation of Markdown engines

GitHub Pages on GitHub Enterprise 2.8 and later will only support kramdown, Jekyll's default Markdown engine. If you are currently using Rdiscount or Redcarpet we've enabled kramdown's GitHub-flavored Markdown support by default, meaning kramdown should have all the features of the two deprecated Markdown engines, so the transition should be as simple as updating the Markdown setting to kramdown in your site's configuration (or removing it entirely).

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Administrators cannot view a user's GPG keys via the Site Admin dashboard.
Additional white spacing can sometimes be seen above the Admin center header.
When LDAP sync is enabled for SSH and/or GPG keys, users are still able to add new keys via the web UI.
New and upgraded AWS-hosted instances will default to using 8.8.8.8 for the DNS server. This can cause issues if that DNS server is not reachable. Run: sudo rm /etc/resolv.conf && sudo ln -s /etc/resolvconf/run/resolv.conf /etc/resolv.conf and then reboot to workaround this issue. (updated 2016-08-04)
Pre-receive hooks using the awk command in the default hook environment will fail with a cannot open shared object file message. (updated 2016-08-08)
git operations may block indefinitely if the data volume has less than 10% free disk space. (updated 2016-08-16)
Issue assignees assigned in GitHub Enterprise 2.6 or earlier aren't visible. (updated 2016-08-27)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)

Errata

Editing custom messages in the Admin center doesn't provide emoji suggestions was resolved in 2.7.0. (updated 2016-09-21)
Native emoji are lost when saving custom messages in the Admin center was resolved in 2.7.0. (updated 2016-09-21)

Thanks!

The GitHub Team

2.6.6

Wed, 03 Aug 2016 16:00:26 +0000

Security Fixes

CRITICAL In versions 2.6.0 through 2.6.5 of GitHub Enterprise, a CAS authenticated user may log in as another user if they have full control of the login value registered with the external authentication provider. While this issue only affects specific installations, we have released this as a CRITICAL issue given its impact when external authentication configurations allow user control of registered logins.
LOW The permissions on rbenv, used by many components of GitHub Enterprise, have been tightened.
Packages have been updated to the latest security versions.

Bug Fixes

Built Pages sites on a cluster node became inaccessible if the database master role was migrated to the node.
The schema for requests to and responses from the LFS API has been relaxed to allow additional properties. This will allow the API to be extended in the future.
Organizations could be suspended using the ghe-user-suspend command.
Adding a new node to a cluster would fail if another node was unavailable.
Updates to user avatars may not have been visible for up to five minutes on clustered installations.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https.
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.11

Wed, 03 Aug 2016 16:00:25 +0000

Security Fixes

LOW The permissions on rbenv, used by many components of GitHub Enterprise, have been tightened.
Packages have been updated to the latest security versions.

Bug Fixes

The schema for requests to and responses from the LFS API has been relaxed to allow additional properties. This will allow the API to be extended in the future.
Organizations could be suspended using the ghe-user-suspend command.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-11-15)
Console text is difficult to read on OpenStack KVM.
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Errata

We didn't include the fix for the issue that migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-11-15)

Thanks!

The GitHub Team

2.4.14

Wed, 03 Aug 2016 16:00:24 +0000

Security Fixes

LOW The permissions on rbenv, used by many components of GitHub Enterprise, have been tightened.
Packages have been updated to the latest security versions.

Bug Fixes

The schema for requests to and responses from the LFS API has been relaxed to allow additional properties. This will allow the API to be extended in the future.
Organizations could be suspended using the ghe-user-suspend command.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.3.18

Wed, 03 Aug 2016 16:00:23 +0000

Security Fixes

LOW The permissions on rbenv, used by many components of GitHub Enterprise, have been tightened.
Packages have been updated to the latest security versions.

Bug Fixes

Organizations could be suspended using the ghe-user-suspend command.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.2.24

Wed, 03 Aug 2016 16:00:22 +0000

Security Fixes

LOW The permissions on rbenv, used by many components of GitHub Enterprise, have been tightened.
Packages have been updated to the latest security versions.

Deprecation of GitHub Enterprise 2.2

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.6.5

Tue, 12 Jul 2016 17:00:06 +0000

Security Fixes

HIGH Due to the way that email addresses with Unicode in the 'local part' are handled, it was possible to generate a password reset token for an email address and have it delivered to a separate email address with Unicode homoglyphs that normalized to the original email address.
LOW Admin users could still access user reports after being suspended.
Packages have been updated to the latest security versions.

Bug Fixes

Migration data exported from GitHub Enterprise with ghe-migrator did not include issue file attachments, which could cause imports to another server to fail.
SAML reauthentication could fail if the SAML identity provider returned large headers in the authentication response.
LDAP sync could fail on suspended users if restricted groups are not configured.
Pushing Git LFS objects to a fork of a repository the user only has read access to would fail.
PSD files stored in LFS failed to render.
The settings would fail to be copied to the high availability replica if NTP has not been configured.
SSH keys added or removed via the management console after high availability replication has started could fail to be copied to the replica.
Hostnames that contain hyphens could not be used in the proxy exclusion list in the management console settings.
Alambic services would not run on job-server cluster nodes.
ElasticSearch on cluster nodes could enter a split-brain state in the event of a network partition or failure.
Pre-receive hook environment variables were not all set on repository initialization. This could lead to pre-receive hooks running incorrectly on the first commit that takes place when creating a repository via a web browser. (updated 2016-07-13)
Downloading identical user or repository reports in quick succession could lead to a build up in duplicate jobs that could affect the performance of the appliance.

Changes

The automatic update check will only download the latest release that the appliance can upgrade directly to.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Uploading PNG images with through the web interface can fail with the error 'Something went really wrong, and we can't process that file.'
GitHub Enterprise clustering can not be configured without https. (updated 2016-08-01)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.10

Tue, 12 Jul 2016 17:00:05 +0000

Security Fixes

HIGH Due to the way that email addresses with Unicode in the 'local part' are handled, it was possible to generate a password reset token for an email address and have it delivered to a separate email address with Unicode homoglyphs that normalized to the original email address.
LOW Admin users could still access user reports after being suspended.
Packages have been updated to the latest security versions.

Bug Fixes

LDAP sync failed on suspended users if restricted groups are not configured.
Pushing Git LFS objects to a fork of a repository the user only has read access to would fail.
PSD files stored in LFS failed to render.
Alambic services would not run on job-server cluster nodes.
Downloading identical user or repository reports in quick succession could lead to a build up in duplicate jobs that could affect the performance of the appliance.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-11-15)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Errata

We didn't include the fix for the issue that migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-11-15)

Thanks!

The GitHub Team

2.4.13

Tue, 12 Jul 2016 17:00:04 +0000

Security Fixes

HIGH Due to the way that email addresses with Unicode in the 'local part' are handled, it was possible to generate a password reset token for an email address and have it delivered to a separate email address with Unicode homoglyphs that normalized to the original email address.
LOW Admin users could still access user reports after being suspended.
Packages have been updated to the latest security versions.

Bug Fixes

LDAP sync failed on suspended users if restricted groups are not configured.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.3.17

Tue, 12 Jul 2016 17:00:03 +0000

Security Fixes

HIGH Due to the way that email addresses with Unicode in the 'local part' are handled, it was possible to generate a password reset token for an email address and have it delivered to a separate email address with Unicode homoglyphs that normalized to the original email address.
LOW Admin users could still access user reports after being suspended.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.2.23

Tue, 12 Jul 2016 17:00:02 +0000

Security Fixes

HIGH Due to the way that email addresses with Unicode in the 'local part' are handled, it was possible to generate a password reset token for an email address and have it delivered to a separate email address with Unicode homoglyphs that normalized to the original email address.
LOW Admin users could still access user reports after being suspended.
Packages have been updated to the latest security versions.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.6.4

Tue, 21 Jun 2016 14:30:26 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The proxy configuration was not picked up by the update check initiated from the the management console.
The merge pull request button could remain disabled for an extended period of time following a force-push on a repository with protected branches and required statuses enabled.
It was not possible to ignore whitespace in diffs by appending ?w=1 to the URL.
Authenticating using SAML could fail if the authentication process took too long, for example when a user is performing two-factor authentication with the SAML server.
Importing or restoring a Redis database using ghe-import-redis or setting up a cluster, could fail if reading in the data takes longer than 30 seconds to complete.
Repository file uploads would fail if SSL is not enabled on the appliance.
Redownloading and extracting an existing pre-receive hook environment could fail due to incorrect file permissions.
Migration data exported from GitHub Enterprise with ghe-migrator did not include issue file attachments, which could cause imports to another server to fail.
Custom environments for pre-receive hooks failed to install correctly on a cluster.

Changes

Prompt-less upgrades can now be performed by passing the -y argument to ghe-upgrade.
Restoring repositories from backups of cluster nodes has been sped up.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https. (updated 2016-08-01)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.9

Tue, 21 Jun 2016 14:30:25 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Authenticating using SAML could fail if the authentication process took too long, for example when a user is performing two-factor authentication with the SAML server.
Importing or restoring a Redis database using ghe-import-redis or setting up a cluster, could fail if reading in the data takes longer than 30 seconds to complete.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail.
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.4.12

Tue, 21 Jun 2016 14:30:24 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Authenticating using SAML could fail if the authentication process took too long, for example when a user is performing two-factor authentication with the SAML server.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.3.16

Tue, 21 Jun 2016 14:30:23 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

Authenticating using SAML could fail if the authentication process took too long, for example when a user is performing two-factor authentication with the SAML server.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.2.22

Tue, 21 Jun 2016 14:30:22 +0000

Security Fixes

Packages have been updated to the latest security versions.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.6.3

Tue, 31 May 2016 16:00:26 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The Redis database was not properly cleared when restoring with the backup utilities more than once to GitHub Enterprise Cluster configuration. This could cause the Redis database to become very large, slowing down restores.
The $GITHUB_REPO_PUBLIC variable wasn't available to pre-receive hook scripts when edits were made via the web UI.
ghe-migrator failed to import users without an email address, which could cause the whole import to fail.
Deleting Git LFS files from the site admin dashboard failed with a 500 error.
Uploading a support bundle with a ticket reference using ghe-cluster-support-bundle -t [ticket reference] failed on a GitHub Enterprise Cluster.
Increasing the size of the data volume using ghe-storage-extend could fail.
OAuth application callback hostnames were limited to no longer than 63 characters, which caused some OAuth applications to stop working.
A missing Git repository on a high availability replica could block Git replication.
Pre-receive hooks in the default environment failed after upgrading.

Changes

Pre-receive hook scripts in the default environment now execute as Bash if no shebang program is specified.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-06-09)
GitHub Enterprise clustering can not be configured without https. (updated 2016-08-01)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.8

Tue, 31 May 2016 16:00:25 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

The Redis database was not properly cleared when restoring with the backup utilities more than once to GitHub Enterprise in a Cluster configuration. This could waste disk space and cause restores to be slow.
Deleting Git LFS files from the site admin dashboard failed with a 500 error.
Uploading a support bundle with a ticket reference using ghe-cluster-support-bundle -t [ticket reference] failed on a GitHub Enterprise Cluster.
OAuth application callback hostnames were limited to no longer than 63 characters, which caused some OAuth applications to stop working.
A missing Git repository on a high availability replica could block Git replication.

Known issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-06-09)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.4.11

Tue, 31 May 2016 16:00:24 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

OAuth application callback hostnames were limited to no longer than 63 characters, which caused some OAuth applications to stop working.
A missing Git repository on a high availability replica could block Git replication.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.3.15

Tue, 31 May 2016 16:00:23 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

OAuth application callback hostnames were limited to no longer than 63 characters, which caused some OAuth applications to stop working.
A missing Git repository on a high availability replica could block Git replication.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.2.21

Tue, 31 May 2016 16:00:22 +0000

Security Fixes

Packages have been updated to the latest security versions.

Bug Fixes

OAuth application callback hostnames were limited to no longer than 63 characters, which caused some OAuth applications to stop working.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.6.2

Tue, 17 May 2016 16:00:26 +0000

Security Fixes

HIGH Release assets from a public repository could be accessed by unauthenticated users in private mode. (updated 2016-05-27)
Packages have been updated to the latest security versions.

Bug Fixes

The custom messages Markdown editor in the Admin Center included buttons for non-applicable functionality.
Custom messages within the Admin Center were not disabled when SAML authentication was used, even though they had no effect since the SAML server is responsible for displaying the relevant messages to users.
CAS logout failed when the CAS server URL includes a path.
Using a deploy key to fetch Git LFS assets prompted for password authentication.
The "explore" and "trending" pages included a "Sign in" button when you're already signed in.
We didn't display errors when updating a pre-receive hook failed.
Admins couldn't manage Gist comments in the site admin.
The pre-receive hook permissions text described the wrong scope.
The GitHub Enterprise version wasn't displayed when hovering over the Octocat icon in the footer.
Background jobs in the languages queue weren't run. This caused repository language statistics to be inaccurate.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Repository push logs don't record whether a push was forced.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed. (updated 2016-05-24)
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository. (updated 2016-05-24)
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-06-09)
GitHub Enterprise clustering can not be configured without https. (updated 2016-08-01)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.7

Tue, 17 May 2016 16:00:25 +0000

Security Fixes

CRITICAL Final policies that were pending for the ImageMagick vulnerability (first applied in GitHub Enterprise 2.5.6) have now been applied, to address
CVE-2016-3714. Note that GitHub Enterprise only uses ImageMagick for PSD files to which the vulnerability did not apply. (updated 2016-07-13)
HIGH Release assets from a public repository could be accessed by unauthenticated users in private mode. (updated 2016-05-27)
Packages have been updated to the latest security versions.

Bug Fixes

CAS logout failed when the CAS server URL includes a path.

Known issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed. (updated 2016-05-24)
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-06-09)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.4.10

Tue, 17 May 2016 16:00:24 +0000

Security Fixes

MEDIUM Release assets could be accessed by unauthenticated users in private mode.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.3.14

Tue, 17 May 2016 16:00:23 +0000

Security Fixes

MEDIUM Release assets could be accessed by unauthenticated users in private mode.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.2.20

Tue, 17 May 2016 16:00:22 +0000

Security Fixes

Packages have been updated to the latest security versions.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.6.1

Wed, 04 May 2016 08:00:25 +0000

Security Fixes

CRITICAL ImageMagick policies have been updated to address CVE-2016-3714.
HIGH OpenSSL packages have been updated to address multiple vulnerabilities, including CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, and CVE-2016-2109.

Remote Code Execution in ImageMagick

Several vulnerabilities in ImageMagick, a package commonly used by web services to process images, have been discovered and disclosed by members of the Mail.ru Security team. One of the vulnerabilities is critical and can lead to remote code execution when processing user submitted images.

Final patches for all the disclosed vulnerabilities within ImageMagick are still pending. This release mitigates the remote code execution vulnerability by implementing the recommended policy to disable the vulnerable ImageMagick coders.

This vulnerability exists in ImageMagick but there is no evidence that it has been exploited on GitHub Enterprise.

We strongly recommend that all GitHub Enterprise customers upgrade their instances as soon as possible.

Mitigation
If you can't immediately upgrade, the issue can be mitigated by implementing the policy changes as follows:

SSH to your GitHub Enterprise appliance.
Edit the /etc/ImageMagick/policy.xml file:
```
sudo vi /etc/ImageMagick/policy.xml
```

Disable the vulnerable coders by replacing the <policymap> section with:

<policymap>
  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
  <policy domain="coder" rights="none" pattern="URL" />
  <policy domain="coder" rights="none" pattern="HTTPS" />
  <policy domain="coder" rights="none" pattern="MVG" />
  <policy domain="coder" rights="none" pattern="MSL" />
</policymap>

There is no need to reboot or restart any services; the changes will take effect immediately.

Please contact GitHub Enterprise Support if you have any questions.

Bug Fixes

Memcached didn't log warnings or errors.
Harmless empty lines were added to the admin user's authorized_keys file every time the configuration was saved.
The find command was missing in the default pre-receive hook environment.

Known Issues

HIGH Release assets from a public repository can be accessed by unauthenticated users in private mode. (updated 2016-05-27)
We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
Custom messages within the Admin Center are not disabled when SAML authentication is used, even though they have no effect since the SAML server is responsible for displaying the relevant messages to users.
The custom messages Markdown editor in the Admin Center includes buttons for non-applicable functionality.
Background jobs in the languages queue aren't run. This causes repository language statistics to be inaccurate.
Repository push logs don't record whether a push was forced. (updated 2016-05-13)
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed. (updated 2016-05-24)
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository. (updated 2016-05-24)
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-06-09)
GitHub Enterprise clustering can not be configured without https. (updated 2016-08-01)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.6

Wed, 04 May 2016 08:00:25 +0000

Security Fixes

CRITICAL ImageMagick policies have been updated to address CVE-2016-3714.
HIGH OpenSSL packages have been updated to address multiple vulnerabilities, including CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, and CVE-2016-2109.

Remote Code Execution in ImageMagick

This vulnerability exists in ImageMagick but there is no evidence that it has been exploited on GitHub Enterprise.

We strongly recommend that all GitHub Enterprise customers upgrade their instances as soon as possible.

Mitigation
If you can't immediately upgrade, the issue can be mitigated by implementing the policy changes as follows:

SSH to your GitHub Enterprise appliance.
Edit the /etc/ImageMagick/policy.xml file:
```
sudo vi /etc/ImageMagick/policy.xml
```

Disable the vulnerable coders by replacing the <policymap> section with:

<policymap>
  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
  <policy domain="coder" rights="none" pattern="URL" />
  <policy domain="coder" rights="none" pattern="HTTPS" />
  <policy domain="coder" rights="none" pattern="MVG" />
  <policy domain="coder" rights="none" pattern="MSL" />
</policymap>

There is no need to reboot or restart any services; the changes will take effect immediately.

Please contact GitHub Enterprise Support if you have any questions.

Bug Fixes

Memcached didn't log warnings or errors.
Harmless empty lines were added to the admin user's authorized_keys file every time the configuration was saved.

Known issues

HIGH Release assets from a public repository can be accessed by unauthenticated users in private mode. (updated 2016-05-27)
We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed. (updated 2016-05-24)
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-06-09)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.4.9

Wed, 04 May 2016 08:00:25 +0000

Security Fixes

CRITICAL ImageMagick policies have been updated to address CVE-2016-3714.
HIGH OpenSSL packages have been updated to address multiple vulnerabilities, including CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, and CVE-2016-2109.

Remote Code Execution in ImageMagick

This vulnerability exists in ImageMagick but there is no evidence that it has been exploited on GitHub Enterprise.

We strongly recommend that all GitHub Enterprise customers upgrade their instances as soon as possible.

Mitigation
If you can't immediately upgrade, the issue can be mitigated by implementing the policy changes as follows:

SSH to your GitHub Enterprise appliance.
Edit the /etc/ImageMagick/policy.xml file:
```
sudo vi /etc/ImageMagick/policy.xml
```

Disable the vulnerable coders by replacing the <policymap> section with:

<policymap>
  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
  <policy domain="coder" rights="none" pattern="URL" />
  <policy domain="coder" rights="none" pattern="HTTPS" />
  <policy domain="coder" rights="none" pattern="MVG" />
  <policy domain="coder" rights="none" pattern="MSL" />
</policymap>

There is no need to reboot or restart any services; the changes will take effect immediately.

Please contact GitHub Enterprise Support if you have any questions.

Bug Fixes

Memcached didn't log warnings or errors.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.3.13

Wed, 04 May 2016 08:00:25 +0000

Security Fixes

CRITICAL ImageMagick policies have been updated to address CVE-2016-3714.
HIGH OpenSSL packages have been updated to address multiple vulnerabilities, including CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, and CVE-2016-2109.

Remote Code Execution in ImageMagick

This vulnerability exists in ImageMagick but there is no evidence that it has been exploited on GitHub Enterprise.

We strongly recommend that all GitHub Enterprise customers upgrade their instances as soon as possible.

Mitigation
If you can't immediately upgrade, the issue can be mitigated by implementing the policy changes as follows:

SSH to your GitHub Enterprise appliance.
Edit the /etc/ImageMagick/policy.xml file:
```
sudo vi /etc/ImageMagick/policy.xml
```

Disable the vulnerable coders by replacing the <policymap> section with:

<policymap>
  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
  <policy domain="coder" rights="none" pattern="URL" />
  <policy domain="coder" rights="none" pattern="HTTPS" />
  <policy domain="coder" rights="none" pattern="MVG" />
  <policy domain="coder" rights="none" pattern="MSL" />
</policymap>

There is no need to reboot or restart any services; the changes will take effect immediately.

Please contact GitHub Enterprise Support if you have any questions.

Bug Fixes

Memcached didn't log warnings or errors.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.2.19

Wed, 04 May 2016 08:00:25 +0000

Security Fixes

CRITICAL ImageMagick policies have been updated to address CVE-2016-3714.
HIGH OpenSSL packages have been updated to address multiple vulnerabilities, including CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, and CVE-2016-2109.

Remote Code Execution in ImageMagick

This vulnerability exists in ImageMagick but there is no evidence that it has been exploited on GitHub Enterprise.

We strongly recommend that all GitHub Enterprise customers upgrade their instances as soon as possible.

Mitigation
If you can't immediately upgrade, the issue can be mitigated by implementing the policy changes as follows:

SSH to your GitHub Enterprise appliance.
Edit the /etc/ImageMagick/policy.xml file:
```
sudo vi /etc/ImageMagick/policy.xml
```

Disable the vulnerable coders by replacing the <policymap> section with:

<policymap>
  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
  <policy domain="coder" rights="none" pattern="URL" />
  <policy domain="coder" rights="none" pattern="HTTPS" />
  <policy domain="coder" rights="none" pattern="MVG" />
  <policy domain="coder" rights="none" pattern="MSL" />
</policymap>

There is no need to reboot or restart any services; the changes will take effect immediately.

Please contact GitHub Enterprise Support if you have any questions.

Bug Fixes

Memcached didn't log warnings or errors.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.6.0

Tue, 26 Apr 2016 08:00:26 +0000

New Features

With the new features added in GitHub Enterprise 2.6.0, you can:

Enforce push policies and optimize workflows with pre-receive hooks.
Create Issue and pull request templates.
Take advantage of more flexibility with protected branches.
Add custom messages to the sign in and suspended user pages.
Flexibly review pull requests.
Merge pull requests with squash commits.
Add reactions to Pull Requests, Issues, and Comments.
Save time writing frequently used responses with saved replies.
Use a markdown toolbar to style text in comments and issues without learning Markdown.
Upload files into repositories using GitHub's interface.
Serve GitHub Pages faster and simpler with Jekyll 3.0.
Configure an Advanced Setting to automatically reactivate suspended LDAP users on their next successful authentication.

Changes

The cross-origin resource sharing (CORS) policy has been updated to bring it inline with W3C recommendations.
Auto-complete is disabled on the password configuration fields in the management console.
It is no longer possible to filter members of an organization using the is:inactive filter.
Admin Tools now has a 'Disabled repositories' page.
The number of simultaneous connections tracked by the appliance firewall has been increased to 524288.
When the protected branch policy is not fulfilled, we report different states depending on the protected branch required status checks policy.
Unused scripts have been removed and internal-only scripts have been moved out of the default path.
All customer-facing scripts print usage information when called with -h or --help.
SAML requests can now be configured to use SHA-256 and other common hashing algorithms for the signature and digest methods. The default is now SHA-256. You may need to update your configuration and select SHA-1 if your identity provider does not support SHA-256.
The management console now contains inline links to the configuration documentation for each section.
A proxy exclusion (no_proxy) list can now be configured in the management console.
Logs can be forwarded to multiple locations.
ghe-repl-start will report if high availability replication is still starting following a reboot.
ghe-repl-status displays which host is the high availability replica when run on the primary node.
The license, SSH keys and settings are copied to the high availability replica as and when they're modified on the primary.
Custom certificate authority certificates added to the appliance using ghe-ssl-ca-certificate-install are automatically replicated to the high availability replica.
All certificates included in the certificate file uploaded via the management console are automatically imported.
Custom certificate authority certificates are saved with descriptive names for easier identification when running ghe-ssl-ca-certificate-install -l.
The self-signed certificate generated by the appliance when first configured now includes a wildcard subject alternate name (SAN) entry for the appliance hostname for use with sub-domain isolation.
Previously built Pages sites are no longer displayed if Pages is subsequently disabled.
GitHub Pages has been updated to Jekyll 3.0.
A reason for an email notification is now included in the footer of the email.
The search index definitions have changed. Some searches may return partial results while the search indices are rebuilt. (updated 2016-04-27)
GitHub Pages now verifies the SSL connection when cloning sites, so builds will fail if your SSL certificate is invalid. (updated 2016-05-10)

Upgrading

Upgrading to the 2.6 release series is supported from GitHub Enterprise 2.4.0 and above.

Backup & Restore

In order to backup and restore GitHub Enterprise 2.6, you will need to upgrade backup-utils to version 2.6.0.

Bug Fixes

Changing a repository's parent allowed you to reparent onto a folk of the repository being reparented. This would lead to a loop that would fail and leave the repository network in an inconsistent state.
A migration archive with @mentions in issues or comments that contain dashes were not correctly rewritten when imported using ghe-migrator on the destination appliance.
Migrating a repository with issue attachments using ghe-migrator could fail to import on the destination appliance.
User sessions were not properly revoked when they reached the expiry limit set by the SAML identity provider (IdP).
User web browser sessions were revoked after 14 days of inactivity instead of 30 days.
ghe-support-bundle displayed harmless messages.

Security Fixes

MEDIUM Resolved a cross-site scripting (XSS) vulnerability in task lists.
MEDIUM Implemented mitigation for a URI decoding vulnerability that affects modern versions of Microsoft Internet Explorer.
User sessions were not properly revoked when they reached the expiry limit set by the SAML identity provider (IdP).
Packages have been updated to the latest security versions.

Deprecation of GitHub Enterprise 2.1

GitHub Enterprise 2.1 is now deprecated. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Upcoming deprecation of GitHub Enterprise 2.2

GitHub Enterprise 2.2 will be deprecated as of August 2016. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Deprecation of Support for Internet Explorer 9 and 10

Support for Internet Explorer 9 and 10 will be deprecated in a future release. There will be no changes in site functionality, but a warning banner will be displayed to Internet Explorer 9 and 10 users.

Upcoming deprecation of Markdown engines

GitHub Pages on GitHub Enterprise 2.7 and later will only support kramdown, Jekyll's default Markdown engine. If you are currently using Rdiscount or Redcarpet we've enabled kramdown's GitHub-flavored Markdown support by default, meaning kramdown should have all the features of the two deprecated Markdown engines, so the transition should be as simple as updating the Markdown setting to kramdown in your site's configuration (or removing it entirely).

Known Issues

HIGH Release assets from a public repository can be accessed by unauthenticated users in private mode. (updated 2016-05-27)
We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring a protected branch archived whilst running 2.3, will not restore all the settings correctly. This does not affect new instances or protected branches archived on later releases.
Duplicate uploads are stored in more than three hosts in a cluster with more than three replica file servers.
Editing custom messages in the Admin Center doesn't provide emoji suggestions.
Native emoji are lost when saving custom messages in the Admin Center.
The custom messages setting within the Admin Center is not disabled when SAML authentication is used. The setting has no effect when using SAML as the SAML server is responsible for displaying the relevant pages to users.
The custom messages Markdown editor in the Admin Center includes buttons for non-applicable functionality.
Background jobs in the languages queue aren't run. This causes repository language statistics to be inaccurate. (updated 2015-04-28)
The find command isn't available in the default pre-receive hook environment. (updated 2015-04-28)
Repository push logs don't record whether a push was forced. (updated 2016-05-13)
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed. (updated 2016-05-24)
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository. (updated 2016-05-24)
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-06-09)
GitHub Enterprise clustering can not be configured without https. (updated 2016-08-01)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.5

Tue, 26 Apr 2016 08:00:25 +0000

Bug Fixes

A migration archive with @mentions in issues or comments that contain dashes were not correctly rewritten when imported on the destination appliance.
User sessions were not properly revoked when they reached the expiry limit set by the SAML identity provider (IdP).
User web browser sessions were revoked after 14 days of inactivity instead of 30 days.
Initial checkouts using SVN could be slow.

Changes

The number of simultaneous connections tracked by the appliance firewall has been increased to 524288.
Cluster mode now runs with more workers based on the amount of memory assigned to the node.

Security Fixes

MEDIUM Resolved a cross-site scripting (XSS) vulnerability in task lists.
MEDIUM Implemented mitigation for a URI decoding vulnerability that affects modern versions of Microsoft Internet Explorer.
Packages have been updated to the latest security versions.

Known issues

HIGH Release assets from a public repository can be accessed by unauthenticated users in private mode. (updated 2016-05-27)
We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
Duplicate uploads are stored in more than three hosts in a cluster with more than three replica file servers.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed. (updated 2016-05-24)
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-06-09)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.4.8

Tue, 26 Apr 2016 08:00:24 +0000

Bug Fixes

User sessions were not properly revoked when they reached the expiry limit set by the SAML identity provider (IdP).

Changes

Shell history is written after each command.

Security Fixes

MEDIUM Resolved a cross-site scripting (XSS) vulnerability in task lists.
MEDIUM Implemented mitigation for a URI decoding vulnerability that affects modern versions of Microsoft Internet Explorer.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.3.12

Tue, 26 Apr 2016 08:00:23 +0000

Bug Fixes

User sessions were not properly revoked when they reached the expiry limit set by the SAML identity provider (IdP).

Changes

Shell history is written after each command.

Security Fixes

MEDIUM Resolved a cross-site scripting (XSS) vulnerability in task lists.
MEDIUM Implemented mitigation for a URI decoding vulnerability that affects modern versions of Microsoft Internet Explorer.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.2.18

Tue, 26 Apr 2016 08:00:22 +0000

Changes

Shell history is written after each command.

Security Fixes

MEDIUM Resolved a cross-site scripting (XSS) vulnerability in task lists.
MEDIUM Implemented mitigation for a URI decoding vulnerability that affects modern versions of Microsoft Internet Explorer.
Packages have been updated to the latest security versions.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.1.23

Tue, 26 Apr 2016 08:00:21 +0000

Bug Fixes

OpenVM tools was not properly installed.

Changes

Shell history is written after each command.

Security Fixes

MEDIUM Resolved a cross-site scripting (XSS) vulnerability in task lists.
MEDIUM Implemented mitigation for a URI decoding vulnerability that affects modern versions of Microsoft Internet Explorer.
Packages have been updated to the latest security versions.

Known Issues

Management console sessions can expire too quickly for Safari users.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.

Deprecation of GitHub Enterprise 2.1

Thanks!

The GitHub Team

2.5.4

Thu, 31 Mar 2016 18:00:25 +0000

Remote Code Execution in GitHub Enterprise Management Console

An issue was identified that could allow an attacker to execute arbitrary commands on the GitHub Enterprise appliance. This vulnerability exists in the Management Console which is accessible from port 8080 and 8443. This is only applicable to GitHub Enterprise 2.5.0, 2.5.1, 2.5.2, and 2.5.3.

We strongly recommend you upgrade your GitHub Enterprise appliance to GitHub Enterprise 2.5.4 immediately.

This vulnerability was reported to our GitHub Security Bug Bounty program and we have no evidence that it has been exploited in the wild.

If you're unable to upgrade immediately, the issue can be mitigated by blocking traffic to port 8080 and 8443 from any untrusted IP addresses. If your GitHub Enterprise appliance is behind a firewall device, you can block inbound requests to port 8443 and 8080 and allow trusted IP addresses. Alternatively, you can do this directly in the appliance,

SSH to your GitHub Enterprise appliancee

Block all traffic to ports 8080 and 8443

$ sudo ufw insert 1 deny proto tcp from any to any port 8080,8443

Allow a trusted IP address to access the Management Console by replacing <IPADDRESS>
```
$ sudo ufw insert 1 allow proto tcp from <IPADDRESS> to any port 8080,8443
```

To remove the mitigation on your appliance,

SSH to your GitHub Enterprise appliance

Identify the numbered firewall rule to remove

$ sudo ufw status numbered | grep '8080,8443/tcp' | grep DENY | head -n1

Remove the firewall rule by replacing <NUMBER>
```
$ sudo ufw delete <NUMBER>
```
Run steps 2 and 3 until the firewall rules from step 2 are removed.

Please contact GitHub Enterprise Support if you have any questions.

Security Fixes

CRITICAL There was a remote code execution vulnerability through the Management Console.

Bug Fixes

The Management Console email test could fail due to certificate validation errors. Emails sent from the GitHub application would still be successfully delivered.

Changes

Shell history is written after each command.

Known issues

HIGH Release assets from a public repository can be accessed by unauthenticated users in private mode. (updated 2016-05-27)
We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
Duplicate uploads are stored in more than three hosts in a cluster with more than three replica file servers.
User sessions are not properly revoked when they reach the expiry limit set by the SAML IdP.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed. (updated 2016-05-24)
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-06-09)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.5.3

Tue, 29 Mar 2016 18:00:25 +0000

Bug Fixes

Migrating wikis to the new repository layout could fail if the original migration was interrupted before completion.
Custom certificate authority (CA) certificates were not maintained across upgrades with SSL disabled.
Protected branches could be updated when making a Git force push against multiple identical branches.
Forking a Gist failed with a 500 error.
ghe-support-bundle could report harmless warning messages.
GitHub Importer API endpoints were enabled but GitHub Enterprise doesn't support the Importer.
A quota limit warning email could be incorrectly triggered when transferring repositories with Git LFS objects.

Changes

Automatic Update Checking and downloading now checks for feature releases.

Security Fixes

MEDIUM Resolved a cross-site scripting (XSS) vulnerability.
LOW The secure flag was not set for the _gh_render cookie, potentially allowing the render cookie to be sent in plaintext HTTP requests. However, Enterprise sets the Strict-Transport-Security header for modern browsers when SSL is enabled, which largely mitigates the issue.
Packages have been updated to the latest security versions.

Known issues

CRITICAL There is a remote code execution vulnerability through the Management Console, patched in GitHub Enterprise 2.5.4. (updated 2016-03-31)
HIGH Release assets from a public repository can be accessed by unauthenticated users in private mode. (updated 2016-05-27)
We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
Duplicate uploads are stored in more than three hosts in a cluster with more than three replica file servers.
User sessions are not properly revoked when they reach the expiry limit set by the SAML IdP.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed. (updated 2016-05-24)
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-06-09)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.4.7

Tue, 29 Mar 2016 18:00:24 +0000

Bug Fixes

Migrating wikis to the new repository layout could fail if the original migration was interrupted before completion.
Custom certificate authority (CA) certificates were not maintained across upgrades with SSL disabled.
Protected branches could be updated when making a Git force push against multiple identical branches.

Changes

Automatic Update Checking and downloading now checks for feature releases.

Security Fixes

MEDIUM Resolved a cross-site scripting (XSS) vulnerability.
LOW The secure flag was not set for the _gh_render cookie, potentially allowing the render cookie to be sent in plaintext HTTP requests. However, Enterprise sets the Strict-Transport-Security header for modern browsers when SSL is enabled, which largely mitigates the issue.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
Automatic update checks fail to download the latest ESX package.

Thanks!

The GitHub Team

2.3.11

Tue, 29 Mar 2016 18:00:23 +0000

Bug Fixes

Migrating wikis to the new repository layout could fail if the original migration was interrupted before completion.
Custom certificate authority (CA) certificates were not maintained across upgrades with SSL disabled.

Security Fixes

MEDIUM Resolved a cross-site scripting (XSS) vulnerability.
LOW The secure flag was not set for the _gh_render cookie, potentially allowing the render cookie to be sent in plaintext HTTP requests. However, Enterprise sets the Strict-Transport-Security header for modern browsers when SSL is enabled, which largely mitigates the issue.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.2.17

Tue, 29 Mar 2016 18:00:22 +0000

Bug Fixes

Migrating wikis to the new repository layout could fail if the original migration was interrupted before completion.
Custom certificate authority (CA) certificates were not maintained across upgrades with SSL disabled.

Security Fixes

MEDIUM Resolved a cross-site scripting (XSS) vulnerability.
LOW The secure flag was not set for the _gh_render cookie, potentially allowing the render cookie to be sent in plaintext HTTP requests. However, Enterprise sets the Strict-Transport-Security header for modern browsers when SSL is enabled, which largely mitigates the issue.
Packages have been updated to the latest security versions.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.1.22

Tue, 29 Mar 2016 18:00:21 +0000

Security Fixes

MEDIUM Resolved a cross-site scripting (XSS) vulnerability.
LOW The secure flag was not set for the _gh_render cookie, potentially allowing the render cookie to be sent in plaintext HTTP requests. However, Enterprise sets the Strict-Transport-Security header for modern browsers when SSL is enabled, which largely mitigates the issue.
Packages have been updated to the latest security versions.

Known Issues

Management console sessions can expire too quickly for Safari users.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.

Thanks!

The GitHub Team

2.5.2

Tue, 15 Mar 2016 01:00:25 +0000

Bug Fixes

Changing a public repository to private would cause Git operations to stop replicating to the high availability replica.
Downloading a release asset from a private repository with the Releases API failed with an internal server error.
Automatic update checks failed to locate an upgrade package.
Upgrading to 2.5 could take a very long time on instances with a large number of assets, such as release downloads, Git LFS objects, Avatars, and image attachments to wikis and issues.
In cluster mode, restoring backups to the nodes of a cluster required storage-server and git-server roles to be on the same machine.
Upgrading to 2.5 could fail during the transition of recently deleted Gists.
Images in Issue comment emails would not be displayed if private mode is enabled.
Replication conflicts could occur if cluster nodes are initialized in the wrong order.
Cluster support bundles could fail to generate.
Restoring Redis data from a backup could report a "LOADING: integer expression expected" error.
Importing a migration archive using gh-migrator with unresolved conflicts could fail with an "undefined method" error.
The Issues Events API returned the incorrect actor for an issue assignment event.

Changes

High availability replication now runs with four workers. This will lead to quicker synchronization when initially starting replication and ongoing replication on very busy instances.
The global Maximum Object Size advanced setting can now be set in the Admin Center.

Security Fixes

MEDIUM OpenSSL packages have been updated to address multiple vulnerabilities, including CVE-2016-0800, known as DROWN, which did not affect GitHub Enterprise.
MEDIUM Ruby on Rails packages have been updated to address multiple vulnerabilities.
MEDIUM Implemented mitigation for a cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 (CVE-2015-0072).
MEDIUM Implemented mitigation for a cross-site scripting (XSS) vulnerability where plain text or other content types could be parsed as HTML.
Packages have been updated to the latest security versions.
The ca-certificates package has been updated to remove outdated certificate authority (CA) certificates. This update refreshes the included certificates and removes the SPI CA and CA certificates with 1024-bit RSA keys.

Known issues

CRITICAL There is a remote code execution vulnerability through the Management Console, patched in GitHub Enterprise 2.5.4. (updated 2016-03-31)
HIGH Release assets from a public repository can be accessed by unauthenticated users in private mode. (updated 2016-05-27)
We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
Duplicate uploads are stored in more than three hosts in a cluster with more than three replica file servers.
A quota limit warning email can be incorrectly triggered when transferring repositories with Git LFS objects.
User sessions are not properly revoked when they reach the expiry limit set by the SAML IdP.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed. (updated 2016-05-24)
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-06-09)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.4.6

Tue, 15 Mar 2016 01:00:24 +0000

Bug Fixes

Changing a public repository to private would cause Git operations to stop replicating to the high availability replica.

Changes

High availability replication now runs with four workers. This will lead to quicker synchronization when initially starting replication and ongoing replication on very busy instances.

Security Fixes

MEDIUM OpenSSL packages have been updated to address multiple vulnerabilities, including CVE-2016-0800, known as DROWN, which did not affect GitHub Enterprise.
MEDIUM Ruby on Rails packages have been updated to address multiple vulnerabilities.
MEDIUM Implemented mitigation for a cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 (CVE-2015-0072).
MEDIUM Implemented mitigation for a cross-site scripting (XSS) vulnerability where plain text or other content types could be parsed as HTML.
Packages have been updated to the latest security versions.
The ca-certificates package has been updated to remove outdated certificate authority (CA) certificates. This update refreshes the included certificates and removes the SPI CA and CA certificates with 1024-bit RSA keys.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.3.10

Tue, 15 Mar 2016 01:00:23 +0000

Bug Fixes

Changing a public repository to private would cause Git operations to stop replicating to the high availability replica.

Security Fixes

MEDIUM OpenSSL packages have been updated to address multiple vulnerabilities, including CVE-2016-0800, known as DROWN, which did not affect GitHub Enterprise.
MEDIUM Ruby on Rails packages have been updated to address multiple vulnerabilities.
MEDIUM Implemented mitigation for a cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 (CVE-2015-0072).
MEDIUM Implemented mitigation for a cross-site scripting (XSS) vulnerability where plain text or other content types could be parsed as HTML.
Packages have been updated to the latest security versions.
The ca-certificates package has been updated to remove outdated certificate authority (CA) certificates. This update refreshes the included certificates and removes the SPI CA and CA certificates with 1024-bit RSA keys.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.2.16

Tue, 15 Mar 2016 01:00:22 +0000

Bug Fixes

Changing a public repository to private would cause Git operations to stop replicating to the high availability replica.

Security Fixes

MEDIUM OpenSSL packages have been updated to address multiple vulnerabilities, including CVE-2016-0800, known as known as DROWN, which did not affect GitHub Enterprise.
MEDIUM Ruby on Rails packages have been updated to address multiple vulnerabilities.
MEDIUM Implemented mitigation for a cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 (CVE-2015-0072).
MEDIUM Implemented mitigation for a cross-site scripting (XSS) vulnerability where plain text or other content types could be parsed as HTML.
Packages have been updated to the latest security versions.
The ca-certificates package has been updated to remove outdated certificate authority (CA) certificates. This update refreshes the included certificates and removes the SPI CA and CA certificates with 1024-bit RSA keys.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.1.21

Tue, 15 Mar 2016 01:00:21 +0000

Security Fixes

MEDIUM OpenSSL packages have been updated to address multiple vulnerabilities, including CVE-2016-0800, known as known as DROWN, which did not affect GitHub Enterprise.
MEDIUM Ruby on Rails packages have been updated to address multiple vulnerabilities.
MEDIUM Implemented mitigation for a cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 (CVE-2015-0072).
MEDIUM Implemented mitigation for a cross-site scripting (XSS) vulnerability where plain text or other content types could be parsed as HTML.
Packages have been updated to the latest security versions.
The ca-certificates package has been updated to remove outdated certificate authority (CA) certificates. This update refreshes the included certificates and removes the SPI CA and CA certificates with 1024-bit RSA keys.

Known Issues

Management console sessions can expire too quickly for Safari users.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.

Thanks!

The GitHub Team

2.5.1

Tue, 23 Feb 2016 12:00:25 +0000

Bug Fixes

The Collectd log file was not rotated and could grow quite large.
Duplicate Pages sites in /data/user/pages differing only by case could cause an upgrade to fail. This may occur if a background job for a rename or deletion had failed on a previous Enterprise release.
The Audit Log map could fail to render correctly.
The Audit Log dashboard could fail to load.
Periodic LDAP user and group memberships synchronization jobs did not run automatically.
LDAP Sync didn't remove a user that was no longer a member of an LDAP group.
LDAP authentication attempted bind multiple times using the same credentials. If these credentials are incorrect, this could cause accounts to be locked on the LDAP server.
Incorrect permissions on /data/repositories/info/svn-v4-upgraded could cause restores to fail.
Saving settings in the management console could overwrite the SAML Issuer with the value of the SAML certificate issuer, causing authentication to fail.
Upgrading directly from any 2.3 release to 2.5.0 could result in the removal of all personal access tokens.
Repository disk usage could be incorrectly calculated in the site admin.
If Git LFS was globally disabled prior to upgrading, manual configuration was required to re-enabled it.
ghe-check-disk-usage could fail to display filesystem information.
ghe-cluster-status could exit early without printing the status of all nodes in the cluster.

Security Fixes

HIGH glibc packages have been updated to address CVE-2015-7547, a getaddrinfo stack-based buffer overflow.
HIGH libssh packages have been updated to address CVE-2016-0739, a weakness in diffie-hellman secret key generation.
MEDIUM nss packages have been updated to address CVE-2016-1938.
Packages have been updated to the latest security versions.

Known issues

CRITICAL There is a remote code execution vulnerability through the Management Console, patched in GitHub Enterprise 2.5.4. (updated 2016-03-31)
HIGH Release assets from a public repository can be accessed by unauthenticated users in private mode. (updated 2016-05-27)
We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
Duplicate uploads are stored in more than three hosts in a cluster with more than three replica file servers.
In cluster mode, restoring backups to the nodes of a cluster require storage-server and git-server roles to be on the same machine.
Downloading a release asset from a private repository with the Releases API fails with an internal server error. (updated 2016-02-23)
Automatic update checks fail to locate an upgrade package.
User sessions are not properly revoked when they reach the expiry limit set by the SAML IdP.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed. (updated 2016-05-24)
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-06-09)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Thanks!

The GitHub Team

2.4.5

Tue, 23 Feb 2016 12:00:20 +0000

Bug Fixes

The Collectd log file was not rotated and could grow quite large.
Duplicate Pages sites in /data/user/pages differing only by case could cause an upgrade to fail. This may occur if a background job for a rename or deletion had failed on a previous Enterprise release.

Security Fixes

HIGH glibc packages have been updated to address CVE-2015-7547, a getaddrinfo stack-based buffer overflow.
HIGH libssh packages have been updated to address CVE-2016-0739, a weakness in diffie-hellman secret key generation.
MEDIUM nss packages have been updated to address CVE-2016-1938.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

Thanks!

The GitHub Team

2.3.9

Tue, 23 Feb 2016 12:00:15 +0000

Security Fixes

HIGH glibc packages have been updated to address CVE-2015-7547, a getaddrinfo stack-based buffer overflow.
HIGH libssh packages have been updated to address CVE-2016-0739, a weakness in diffie-hellman secret key generation.
MEDIUM nss packages have been updated to address CVE-2016-1938.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.2.15

Tue, 23 Feb 2016 12:00:10 +0000

Security Fixes

HIGH glibc packages have been updated to address CVE-2015-7547, a getaddrinfo stack-based buffer overflow.
HIGH libssh packages have been updated to address CVE-2016-0739, a weakness in diffie-hellman secret key generation.
MEDIUM nss packages have been updated to address CVE-2016-1938.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

2.1.20

Tue, 23 Feb 2016 12:00:05 +0000

Security Fixes

HIGH glibc packages have been updated to address CVE-2015-7547, a getaddrinfo stack-based buffer overflow.
HIGH libssh packages have been updated to address CVE-2016-0739, a weakness in diffie-hellman secret key generation.
MEDIUM nss packages have been updated to address CVE-2016-1938.

Known Issues

Management console sessions can expire too quickly for Safari users.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.

Thanks!

The GitHub Team

2.5.0

Tue, 09 Feb 2016 18:00:25 +0000

New Features

With the new features added in GitHub Enterprise 2.5.0, you can:

Increase scalability with GitHub Clustering.
Configure Advanced Settings in the new Admin Center.
Configure Protected Branches using the preview API.
Enjoy a new look for repositories and a simplified sign-up and sign-in flow.
Take full advantage of SVN 1.8 and 1.9.
Be more resilient to the specific problem of a lot of clients fetching the same data at almost the same time.

Changes

Wikis are only editable by collaborators by default.
Markdown can now be used in the announcement banner.
Pushes that attempt to delete a repository's default branch are rejected.
LDAP Sync now gracefully handles user DN changes.
Git LFS is enabled on all repositories by default.
The search index definitions have changed. Some searches will return partial results while the search indices are rebuilt. (updated 2016-02-18)
The SAML authentication flow has been tightened to better conform to the SAML specification. This means all responses from your SAML server for SP-initiated authentication must include the RelayState parameter as sent from the appliance. For IdP-initiated authentication you must ensure the "IdP initiated SSO (disables AuthnRequest)" setting is checked within the management console. You may experience a redirect loop between your appliance and your SAML server if either of these conditions are not met. (updated 2016-02-29)

Upgrading

Upgrading to the 2.5 release series is supported from GitHub Enterprise 2.3.0 and above.

Backup & Restore

In order to backup and restore GitHub Enterprise 2.5, you will need to upgrade backup-utils to version 2.5.0.

Bug Fixes

Repository maintenance was not run on the high availability replica. This could lead to high load while repositories were repacked when first promoting the replica.
Accessing the raw URL for a file named 'policies' would fail with a 404 error.
Downloading the diagnostics via the Management Console could time out on instances with many release or Git LFS assets.
We tried to log timing statistics to an inaccessible statsd server when downloading release assets.
Repository milestones weren't updated on repositories migrated from GitHub.com.
Viewing the Pages section in admin tools would cause a 500 error if no Pages site existed.
Incorrect permissions could be set on certificate authority certificates installed with ghe-ssl-ca-certificate-install. This could cause webhooks to fail as the certificates could not be read.
Backups could fail to restore if a previous Pages migration had failed on the destination appliance.
The incorrect Pages domain was shown in Pages section of a repository in Admin Tools.
Two-factor authentication screens and emails would refer to using SMS fallback recovery.
The management console settings interface didn't clearly show if you have previously uploaded certificate files or a private key. (updated 2016-02-10)

Security Fixes

HIGH OpenSSH packages have been updated to address multiple vulnerabilities.
HIGH An integer overflow in Git could result in incorrect memory allocation values (CVE-2016-2315, CVE-2016-2324). (updated 2016-03-17)
MED libxml2 and related packages have been updated to address multiple vulnerabilities.
MED rsync has been updated to address a recently identified vulnerability.
LOW Passwords and two-factor authentication one-time passwords could be written to the exceptions log.

Git LFS Client Vulnerability

An issue was identified that could allow an attacker to execute arbitrary commands on a user’s computer if they had Git LFS installed and cloned a malicious repository. Git LFS supports a per-repository configuration file to customize how certain aspects of Git LFS function. However, this file also allowed arbitrary Git configuration options to be modified. We have addressed the vulnerability by whitelisting the set of per-repository Git LFS configuration options that can be used to a safe subset.

GitHub Enterprise is not directly affected as this is a client-side vulnerability but as Git LFS is now enabled by default, we recommend you upgrade your clients to Git LFS 1.0.1 or later to address this vulnerability.

Asset storage changes (updated 2016-02-24)

To prepare for GitHub Clustering, this release changes the way GitHub Enterprise stores assets, such as release downloads, Git LFS objects, Avatars, and image attachments to wikis and issues. On instalations with many large assets, moving assets to their new location can take a long time. As always, we encourage you to test the upgrade in a staging environment before upgrading your production instance.

Deprecation of GitHub Enterprise 2.0

GitHub Enterprise 2.0 is now deprecated. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Upcoming deprecation of GitHub Enterprise 2.1

GitHub Enterprise 2.1 will be deprecated as of April 4, 2016. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Deprecation of Support for Internet Explorer 9 and 10

Known Issues

CRITICAL There is a remote code execution vulnerability through the Management Console, patched in GitHub Enterprise 2.5.4. (updated 2016-03-31)
HIGH Release assets from a public repository can be accessed by unauthenticated users in private mode. (updated 2016-05-27)
Saving settings in the management console can overwrite the SAML Issuer with the value of the SAML certificate issuer, causing authentication to fail. The SAML Issuer must be set manually each time any settings are saved if a certificate has been uploaded. (updated 2016-02-12)
We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
~~The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.~~ (updated 2016-02-10)
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
If Git LFS was globally disabled prior to upgrading, manual configuration may be required to re-enabled it.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.
Upgrading directly from any 2.3 release to 2.5.0 can result in the removal of all personal access tokens. This can be prevented by upgrading to any 2.4 release first. (updated 2016-02-15)

HIGH (CVE-2015-7547) 2.5.0 is vulnerable to glibc getaddrinfo stack-based buffer overflow. To manually patch your appliance, apply the hotfix by connecting to your appliance via SSH and running these commands: (updated 2016-02-17)

$ curl -O https://github-enterprise.s3.amazonaws.com/patches/github-enterprise-libc-trusty.hpkg
$ md5sum github-enterprise-libc-trusty.hpkg # 9deaf87e3313e9239e42179b78cd024a
$ chmod +x github-enterprise-libc-trusty.hpkg
$ ./github-enterprise-libc-trusty.hpkg

Periodic LDAP user and group memberships synchronization jobs do not run automatically. Synchronization can still be triggered manually. (updated 2016-02-18)
Downloading a release asset from a private repository with the Releases API fails with an internal server error. (updated 2016-02-23)
Automatic update checks fail to locate an upgrade package.
User sessions are not properly revoked when they reach the expiry limit set by the SAML IdP.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed. (updated 2016-05-24)
Migration data exported from GitHub Enterprise with ghe-migrator does not include issue file attachments, which may cause imports to another server to fail. (updated 2016-06-09)
Console text is difficult to read on OpenStack KVM. (updated 2016-08-03)
The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)

Errata

The management console displays a summary of any previously uploaded certificate and private key files as of 2.5.0. (updated 2016-02-10)

Thanks!

The GitHub Team

2.4.4

Tue, 09 Feb 2016 18:00:20 +0000

Bug Fixes

Repository maintenance was not run on the high availability replica. This could lead to high load while repositories were repacked when first promoting the replica.
Accessing the raw URL for a file named 'policies' would fail with a 404 error.
Downloading the diagnostics via the Management Console could time out on instances with many release or Git LFS assets.
We tried to log timing statistics to an inaccessible statsd server when downloading release assets.
Repository milestones weren't updated on repositories migrated from GitHub.com.
Viewing the Pages section in admin tools would cause a 500 error if no Pages site existed.
Incorrect permissions could be set on certificate authority certificates installed with ghe-ssl-ca-certificate-install. This could cause webhooks to fail as the certificates could not be read.
Backups could fail to restore if a previous Pages migration had failed on the destination appliance.

Security Fixes

HIGH OpenSSH packages have been updated to address multiple vulnerabilities.
MED libxml2 and related packages have been updated to address multiple vulnerabilities.
MED rsync has been updated to address a recently identified vulnerability.
LOW Passwords and two-factor authentication one-time passwords could be written to the exceptions log.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.
On instances upgraded from 2.3 and earlier, restoring an archived protected branch will not restore all the settings correctly. This does not affect new instances.

HIGH (CVE-2015-7547) 2.4 is vulnerable to glibc getaddrinfo stack-based buffer overflow. To manually patch your appliance, apply the hotfix by connecting to your appliance via SSH and running these commands: (updated 2016-02-17)

$ curl -O https://github-enterprise.s3.amazonaws.com/patches/github-enterprise-libc-precise.hpkg
$ md5sum github-enterprise-libc-precise.hpkg # c068256696f2775579e2cd8223f82306
$ chmod +x github-enterprise-libc-precise.hpkg
$ ./github-enterprise-libc-precise.hpkg

Thanks!

The GitHub Team

2.3.8

Tue, 09 Feb 2016 18:00:15 +0000

Bug Fixes

Repository maintenance was not run on the high availability replica. This could lead to high load while repositories were repacked when first promoting the replica.
Accessing the raw URL for a file named 'policies' would fail with a 404 error.
Downloading the diagnostics via the Management Console could time out on instances with many release or Git LFS assets.

Security Fixes

HIGH OpenSSH packages have been updated to address multiple vulnerabilities.
MED libxml2 and related packages have been updated to address multiple vulnerabilities.
MED rsync has been updated to address a recently identified vulnerability.
LOW Passwords and two-factor authentication one-time passwords could be written to the exceptions log.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)

HIGH (CVE-2015-7547) 2.3 is vulnerable to glibc getaddrinfo stack-based buffer overflow. To manually patch your appliance, apply the hotfix by connecting to your appliance via SSH and running these commands: (updated 2016-02-17)

$ curl -O https://github-enterprise.s3.amazonaws.com/patches/github-enterprise-libc-precise.hpkg
$ md5sum github-enterprise-libc-precise.hpkg # c068256696f2775579e2cd8223f82306
$ chmod +x github-enterprise-libc-precise.hpkg
$ ./github-enterprise-libc-precise.hpkg

Thanks!

The GitHub Team

2.2.14

Tue, 09 Feb 2016 18:00:10 +0000

Bug Fixes

Repository maintenance was not run on the high availability replica. This could lead to high load while repositories were repacked when first promoting the replica.
Accessing the raw URL for a file named 'policies' would fail with a 404 error.
Downloading the diagnostics via the Management Console could time out on instances with many release or Git LFS assets.

Security Fixes

HIGH OpenSSH packages have been updated to address multiple vulnerabilities.
MED libxml2 and related packages have been updated to address multiple vulnerabilities.
MED rsync has been updated to address a recently identified vulnerability.
Packages have been updated to the latest security versions.
LOW Passwords and two-factor one-time passwords could be written to the exceptions log.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)

HIGH (CVE-2015-7547) 2.2 is vulnerable to glibc getaddrinfo stack-based buffer overflow. To manually patch your appliance, apply the hotfix by connecting to your appliance via SSH and running these commands: (updated 2016-02-17)

$ curl -O https://github-enterprise.s3.amazonaws.com/patches/github-enterprise-libc-precise.hpkg
$ md5sum github-enterprise-libc-precise.hpkg # c068256696f2775579e2cd8223f82306
$ chmod +x github-enterprise-libc-precise.hpkg
$ ./github-enterprise-libc-precise.hpkg

Thanks!

The GitHub Team

2.1.19

Tue, 09 Feb 2016 18:00:05 +0000

Security Fixes

HIGH OpenSSH packages have been updated to address multiple vulnerabilities.
MED libxml2 and related packages have been updated to address multiple vulnerabilities.
MED rsync has been updated to address a recently identified vulnerability.
LOW Passwords and two-factor one-time passwords could be written to the exceptions log.
Packages have been updated to the latest security versions.

Known Issues

Management console sessions can expire too quickly for Safari users.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

HIGH (CVE-2015-7547) 2.1 is vulnerable to glibc getaddrinfo stack-based buffer overflow. To manually patch your appliance, apply the hotfix by connecting to your appliance via SSH and running these commands: (updated 2016-02-17)

$ curl -O https://github-enterprise.s3.amazonaws.com/patches/github-enterprise-libc-precise.hpkg
$ md5sum github-enterprise-libc-precise.hpkg # c068256696f2775579e2cd8223f82306
$ chmod +x github-enterprise-libc-precise.hpkg
$ ./github-enterprise-libc-precise.hpkg

Upcoming deprecation of GitHub Enterprise 2.1

Thanks!

The GitHub Team

2.0.23

Tue, 09 Feb 2016 18:00:00 +0000

Security Fixes

HIGH OpenSSH packages have been updated to address multiple vulnerabilities.
MED libxml2 and related packages have been updated to address multiple vulnerabilities.
MED rsync has been updated to address a recently identified vulnerability.
Packages have been updated to the latest security versions.
LOW Passwords and two-factor one-time passwords could be written to the exceptions log.

Known Issues

In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Events in the github_audit log stream are logged twice.
Jobs stuck on code indexing can delay other jobs from running.
SNMP can't be run on high availability replicas.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Gists can't be created when using Safari 8.x in Private Mode.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Deprecation of GitHub Enterprise 2.0

Thanks!

The GitHub Team

2.4.3

Tue, 15 Dec 2015 00:00:24 +0000

Bug Fixes

High availability replication could fail to automatically start after a reboot.
Viewing raw files in repositories owned by a user or organization named "github" failed with a 400 error.
A high availability replica that's been promoted to primary and then set up as a replica again showed the 'Starting...'' page instead of the replica status page following a reboot.
Starting high availability replication printed verbose MySQL status information.
The connection limit for the longpoll service (used for providing live updates to Issues and Pull Requests) could be exhausted on very busy appliances.
A team membership invitation email was incorrectly sent to the user when they were added to an Organization's team using the Add team membership API.
Git LFS server maintenance jobs could fail to run and throw an exception error.

Changes

X11Forwarding for administrative SSH connections is now disabled.
The management console now displays a warning when the appliance time is significantly different from the time reported by the browser. This large time different can lead to management console sessions expiring too quickly.
The LDAP authorization state is now included in the user suspension reason within the LDAP logs. This will help administrators determine why a LDAP user has been suspended.
Legacy organization admin teams, those teams with 'admin' permissions before GitHub Enterprise 2.4.0, are now clearly shown in the organization teams page.
Management console sessions could expire too quickly for Safari users.

Security Fixes

HIGH An integer overflow in Git could result in incorrect memory allocation values (CVE-2016-2315, CVE-2016-2324). (updated 2016-03-17)
MED libxml2 and related packages have been updated to address multiple vulnerabilities.
MED OpenSSL packages have been updated to address multiple vulnerabilities.
LOW Auto-completion within several fields of the management console settings could cause SNMP and LDAP secrets to be logged in plaintext.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Git LFS Client Vulnerability

An issue has been identified that could allow an attacker to execute arbitrary commands on a user’s computer if they had Git LFS installed and cloned a malicious repository. Git LFS supports a per-repository configuration file to customize how certain aspects of Git LFS function. However, this file also allowed arbitrary Git configuration options to be modified. We have addressed the vulnerability by whitelisting the set of per-repository Git LFS configuration options that can be used to a safe subset.

GitHub Enterprise is not directly affected as this is a client-side vulnerability and Git LFS is disabled on GitHub Enterprise by default. If you have enabled Git LFS on your appliance, we recommend you upgrade your clients to Git LFS 1.0.1 or later to address this vulnerability.

Thanks!

The GitHub Team

2.3.7

Tue, 15 Dec 2015 00:00:23 +0000

Bug Fixes

High availability replication could fail to automatically start after a reboot.

Security Fixes

HIGH An integer overflow in Git could result in incorrect memory allocation values (CVE-2016-2315, CVE-2016-2324). (updated 2016-03-17)
MED libxml2 and related packages have been updated to address multiple vulnerabilities.
MED OpenSSL packages have been updated to address multiple vulnerabilities.
LOW Auto-completion within several fields of the management console settings could cause SNMP and LDAP secrets to be logged in plaintext.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Git LFS Client Vulnerability

Thanks!

The GitHub Team

2.2.13

Tue, 15 Dec 2015 00:00:22 +0000

Security Fixes

HIGH An integer overflow in Git could result in incorrect memory allocation values (CVE-2016-2315, CVE-2016-2324). (updated 2016-03-17)
MED libxml2 and related packages have been updated to address multiple vulnerabilities.
MED OpenSSL packages have been updated to address multiple vulnerabilities.
LOW Auto-completion within several fields of the management console settings could cause SNMP and LDAP secrets to be logged in plaintext.
Packages have been updated to the latest security versions.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Git LFS Client Vulnerability

Thanks!

The GitHub Team

2.1.18

Tue, 15 Dec 2015 00:00:21 +0000

Security Fixes

HIGH An integer overflow in Git could result in incorrect memory allocation values (CVE-2016-2315, CVE-2016-2324). (updated 2016-03-17)
MED libxml2 and related packages have been updated to address multiple vulnerabilities.
MED OpenSSL packages have been updated to address multiple vulnerabilities.
LOW Auto-completion within several fields of the management console settings could cause SNMP and LDAP secrets to be logged in plaintext.
Packages have been updated to the latest security versions.

Known Issues

Management console sessions can expire too quickly for Safari users.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.0.22

Tue, 15 Dec 2015 00:00:20 +0000

Security Fixes

HIGH An integer overflow in Git could result in incorrect memory allocation values (CVE-2016-2315, CVE-2016-2324). (updated 2016-03-17)
MED OpenSSL packages have been updated to address multiple vulnerabilities.
LOW Auto-completion within several fields of the management console settings could cause SNMP and LDAP secrets to be logged in plaintext.
Packages have been updated to the latest security versions.

Known Issues

In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Events in the github_audit log stream are logged twice.
Jobs stuck on code indexing can delay other jobs from running.
SNMP can't be run on high availability replicas.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Gists can't be created when using Safari 8.x in Private Mode.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Upcoming deprecation of GitHub Enterprise 2.0

GitHub Enterprise 2.0 will be deprecated as of January 1, 2016. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Thanks!

The GitHub Team

2.4.2

Tue, 01 Dec 2015 12:00:24 +0000

Bug Fixes

Running the ghe-diagnostics command line utility would report a harmless permission denied error.
The 'Enable sign-up' option was displayed in the Management Console when external authentication was configured. Account creation is controlled by your external authentication, so the setting had no effect.
Old builds of GitHub Pages sites weren't garbage collected, so they could build up and waste disk space.
An administrative SSH key was accidentally created and added to the Management Console.
Alambic and Pages high availability replication reported 'UNKNOWN' status for delays less than 30 seconds.
High availability replication sometimes failed to set the correct master identifier during an upgrade. This prevented MySQL replication from starting.
Restoring backups taken from previous versions to GitHub Enterprise 2.4 would fail.
Deleting an impersonation OAuth token via the API would fail.

Changes

An Organization's event log now reports changes to the default permissions and who made the changes.

Security Fixes

Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.3.6

Tue, 01 Dec 2015 12:00:23 +0000

Bug Fixes

Deleting an impersonation OAuth token via the API would fail.

Security Fixes

Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.2.12

Tue, 01 Dec 2015 12:00:22 +0000

Security Fixes

Packages have been updated to the latest security versions.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.1.17

Tue, 01 Dec 2015 12:00:21 +0000

Security Fixes

Packages have been updated to the latest security versions.

Known Issues

Management console sessions can expire too quickly for Safari users.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.0.21

Tue, 01 Dec 2015 12:00:20 +0000

Security Fixes

Packages have been updated to the latest security versions.

Known Issues

In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Events in the github_audit log stream are logged twice.
Jobs stuck on code indexing can delay other jobs from running.
SNMP can't be run on high availability replicas.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Gists can't be created when using Safari 8.x in Private Mode.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Upcoming deprecation of GitHub Enterprise 2.0

Thanks!

The GitHub Team

2.4.1

Tue, 03 Nov 2015 10:00:50 -0800

Bug Fixes

The high availability replication status as reported by ghe-repl-status would not report a failure if ElasticSearch was not running.
The temporary support bundle archive wasn't removed after a successful upload.
ghe-upgrade would fail with a GPG signature error if run as the root user.
High availability replication sometimes failed to set the MySQL password correctly which prevented MySQL replication from starting.
Non-push events for Organization webhooks failed to be recorded in the 'Recent Deliveries' list.
A configuration option in the /etc/ssh/sshd_config file contained an equals sign which caused cloud-init user data scripts to fail.
Migrating user, organization, and repository data using ghe-migrator could fail to import a migration archive if it contained empty records.
Migrating user, organization, and repository data using ghe-migrator could fail to set the team maintainer role on the destination team during the import.
Log forwarding did not include the GitHub application's Nginx log.
The tokens added to gist raw links in private mode expired in 30 seconds. These now expire after a week.
The merge button could remain disabled on pull requests with protected branches and required statuses when all Travis-initiated status checks had passed.
Pages URLs without a trailing slash redirected incorrectly.
The default branch selector within the repository settings didn't correctly search for branches.
Adding a second unnamed file to a gist would overwrite the first unnamed file added to that gist.

Changes

ghe-support-bundle can now be used to upload arbitrary files directly to GitHub using a new -f path option.
Admin Tools now shows whether protected branch status checks are enforced for admin users or not.

Security Fixes

MED OpenJDK has been updated to address multiple vulnerabilities related to information disclosure, data integrity and availability.
MED NTP packages have been updated to address multiple vulnerabilities.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Custom firewall rules aren't maintained during an upgrade.
~~Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.~~
Enqueued background jobs are sometimes not purged when a repository is deleted.
Restoring backups from previous versions fail. As a workaround, create an instance matching the version the backup was taken from, restore the backup, then upgrade. (updated 2015-11-05)
High availability replication sometimes fails to set the correct master identifier during an upgrade. This prevents MySQL replication from starting. (updated 2015-11-11)
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

The failure to migrate repositories in an incomplete state to the new repository disk layout was resolved in 2.4.0. (updated 2015-12-01)

Thanks!

The GitHub Team

2.3.5

Tue, 03 Nov 2015 10:00:40 -0800

Bug Fixes

The high availability replication status as reported by ghe-repl-status would not report a failure if ElasticSearch was not running.
The temporary support bundle archive wasn't removed after a successful upload.
ghe-upgrade would fail with a GPG signature error if run as the root user.
The slider handle would not show when viewing an SVG diff.

Security Fixes

MED OpenJDK has been updated to address multiple vulnerabilities related to information disclosure, data integrity and availability.
MED NTP packages have been updated to address multiple vulnerabilities.
Packages have been updated to the latest security versions.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.2.11

Tue, 03 Nov 2015 10:00:30 -0800

Bug Fixes

ghe-upgrade would fail with a GPG signature error if run as the root user.
The Gist resqued.log file was not regularly rotated.

Security Fixes

MED OpenJDK has been updated to address multiple vulnerabilities related to information disclosure, data integrity and availability.
MED NTP packages have been updated to address multiple vulnerabilities.
Packages have been updated to the latest security versions.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.1.16

Tue, 03 Nov 2015 10:00:20 -0800

Bug Fixes

The Gist resqued.log file was not regularly rotated.

Security Fixes

MED Oracle Java 7.0 is no longer supported by Oracle. We have switched to OpenJDK 7 and updated to the latest version to address multiple vulnerabilities related to information disclosure, data integrity and availability.
MED NTP packages have been updated to address multiple vulnerabilities.

Known Issues

Management console sessions can expire too quickly for Safari users.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.0.20

Tue, 03 Nov 2015 10:00:10 -0800

Security Fixes

MED Oracle Java 7.0 is no longer supported by Oracle. We have switched to OpenJDK 7 and updated to the latest version to address multiple vulnerabilities related to information disclosure, data integrity and availability.
MED NTP packages have been updated to address multiple vulnerabilities.

Known Issues

In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Events in the github_audit log stream are logged twice.
Jobs stuck on code indexing can delay other jobs from running.
SNMP can't be run on high availability replicas.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Gists can't be created when using Safari 8.x in Private Mode.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Upcoming deprecation of GitHub Enterprise 2.0

Thanks!

The GitHub Team

2.4.0

Tue, 13 Oct 2015 18:00:00 +0000

New Features

With the new features added in GitHub Enterprise 2.4.0, you can:

Protect branches and require status checks to pass on pull requests before they can be merged. We've also made changes to the merge button so you can clearly see how your build is progressing.
Powerfully collaborate with improved organization permissions.
Version large files in production with all of the new Git Large File Storage v1.0 features and enhancements, including batch mode. Git LFS is now production ready.
Render, browse and interact with maps annotated with your geographic data in GeoJSON files.
View Pages sites hosted on your appliance even if private mode is enabled, and use the Jekyll-feed plugin to automatically create an Atom feed of your most recent posts.
Configure your appliance to automatically check for updates and download them ready for you to upgrade when you're ready to do so.
Use the API to delete users.
Secure your user accounts using FIDO Universal 2nd Factor (U2F)—a rapidly growing open authentication standard.

Changes

In private mode, deploy keys now only give access to the repository they are assigned to. The behavior of deploy keys was previously vague and allowed access to every public repository on the appliance in private mode. This behavior wasn't documented, and is considered unexpected behavior.
Fullscreen (Zen mode) editing has been removed.

Upgrading

Upgrading to the 2.4 release series is supported from GitHub Enterprise 2.2.0 and above.

Bug Fixes

Email couldn't be sent over TLS when SSL was disabled.
Viewing a repository's push log in a web browser displayed the warning 'Reflog Sync disabled on this repository. Results maybe out of date.' This was cosmetic only and did not indicate an issue with the push log or repository storage.
Improved the efficiency of Git LFS operations.
When a fork was detached from its repository network by an administrator or by changing visibility, its filesystem path wasn't updated on a high availability replica until at least one commit had been pushed.
DNS responses are cached to speed up lookups and to reduce the load on DNS servers.
Gist repositories were not garbage collected by the maintenance scheduler.

Security Fixes

Packages have been updated to the latest security versions.
LOW: Organization user lookup could reveal private members of other organizations.
LOW: DES-based SSH ciphers are disabled for Git operations over SSH.

Upcoming deprecation of authentication using GitHub OAuth

User authentication via GitHub OAuth is being deprecated and will be removed in a future feature release. It will be removed no sooner than November 2015.

GitHub Enterprise includes support for authenticating users via OAuth to accounts on GitHub.com because it provides a simple way to set up external authentication. However, after speaking with many customers, we've found that organizations commonly have other sources they want to use to automate identity and access management.

We want to focus on features that best meet the needs of our users, so we're planning to remove support for GitHub OAuth in a future feature release and focus on making ongoing improvements to other authentication methods like SAML and LDAP.

Note that this change will only affect user authentication via GitHub.com and not personal access tokens or OAuth applications added to your GitHub Enterprise instance.

Upcoming deprecation of GitHub Enterprise 2.0

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Custom firewall rules aren't maintained during an upgrade.
~~Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.~~
Enqueued background jobs are sometimes not purged when a repository is deleted.
Restoring backups from previous versions fail. As a workaround, create an instance matching the version the backup was taken from, restore the backup, then upgrade. (updated 2015-11-05)
High availability replication sometimes fails to set the MySQL password correctly which prevents MySQL replication from starting. (updated 2015-11-11)
High availability replication sometimes fails to set the correct master identifier during an upgrade. This prevents MySQL replication from starting. (updated 2015-11-11)
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

The failure to migrate repositories in an incomplete state to the new repository disk layout was resolved in 2.4.0. (updated 2015-12-01)

Thanks!

The GitHub Team

2.3.4

Tue, 06 Oct 2015 00:00:23 +0000

Bug Fixes

We didn't accept OAuth application credentials using Basic Authentication when exchanging the code for a token. This meant developers couldn't use the standard Go OAuth2 library with GitHub Enterprise forcing developers to maintain their own fork of the library.
When a member of a team with admin access tried to add a new team member, it failed without an error. Only the Owners team could add new team members.
SNMP did not start on the high availability replica.
It was not possible to upload files larger than 1GB with Git LFS.
GitHub Pages reported a vague error message when page builds failed due to the use of an unsupported syntax highlighter.
Some repositories could have temporary merge-trees directories left from git operations that timed out but weren't automatically cleaned up.

Security Fixes

MED Unvalidated parameters passed to the GitHub Enterprise metrics could be used to generate a denial of service attack against the appliance.
LOW Large Git updates could trigger an overflow in Git xdiff.
Packages have been updated to the latest security versions.

Changes

We now retain more of the MySQL binlog files. This helps ensure MySQL replication can be automatically setup following an extended period without any replication.
Setting up high availability replication can sometimes fail when establishing the VPN connection. We've made the output more verbose to help with determining the cause of these failures.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
~~Deleting a user doesn't delete their gists, which can cause problems with replication.~~
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

Not deleting a user's gists when deleting the user was fixed in 2.3.0. (updated 2015-10-12)

Thanks!

The GitHub Team

2.2.10

Tue, 06 Oct 2015 00:00:22 +0000

Bug Fixes

Some repositories could have temporary merge-trees directories left from git operations that timed out but weren't automatically cleaned up.

Security Fixes

MED Unvalidated parameters passed to the GitHub Enterprise metrics could be used to generate a denial of service attack against the appliance.
LOW Large Git updates could trigger an overflow in Git xdiff.
Packages have been updated to the latest security versions.

Changes

Setting up high availability replication can sometimes fail when establishing the VPN connection. We've made the output more verbose to help with determining the cause of these failures.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.1.15

Tue, 06 Oct 2015 00:00:21 +0000

Security Fixes

MED Unvalidated parameters passed to the GitHub Enterprise metrics could be used to generate a denial of service attack against the appliance.
LOW Large Git updates could trigger an overflow in Git xdiff.
Packages have been updated to the latest security versions.

Known Issues

Management console sessions can expire too quickly for Safari users.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.0.19

Tue, 06 Oct 2015 00:00:20 +0000

Security Fixes

MED Unvalidated parameters passed to the GitHub Enterprise metrics could be used to generate a denial of service attack against the appliance.
LOW Large Git updates could trigger an overflow in Git xdiff.
Packages have been updated to the latest security versions.

Known Issues

In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Events in the github_audit log stream are logged twice.
Jobs stuck on code indexing can delay other jobs from running.
SNMP can't be run on high availability replicas.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Gists can't be created when using Safari 8.x in Private Mode.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Thanks!

The GitHub Team

2.3.3

Tue, 15 Sep 2015 00:00:23 +0000

Bug Fixes

The instance could reboot before MySQL had completely stopped. This could lead to database inconsistencies that may have only come to light during an upgrade.
The warning message shown when making a public repository on instances with private mode enabled was a little vague and could lead to uncertainly about how public the repository would really be.
The Elasticsearch logs could contain socket exception errors caused by a health check exiting prematurely.
Pull request .patch and .diff URLs would fail on instances with subdomain isolation disabled.
In our instructions to merge a pull request on the command line, we showed the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps would always fail. We also didn't show the steps to merge using SSH.
The installation preflight check didn't make it clear that two block devices are required.
The maintenance page on the high availability replica instance used the incorrect information from the primary instance in the link to the primary instance. This led to a confusing experience for users following this link.
Updates to Wiki pages by users without a primary email address set would throw errors – the updates are now refused.
The audit log was missing useful Git activity information.
Postfix allowed local user and address verification using the RCPT and VRFY commands potentially exposing operating system-level user information.
Semicolons were allowed to be used in the LDAP Base name settings within the management console leading to problems authenticating users via LDAP.
The core.package-version variable in the appliance configuration file was not updated to reflect the new appliance version during an upgrade.
Viewing a repository's push log in a web browser displayed the warning "Reflog Sync disabled on this repository. Results maybe out of date." This was cosmetic only and did not indicate an issue with the push log or repository storage.

Security Fixes

HIGH Read access to public API endpoints of private-mode instances and to specific reporting endpoints can be authenticated by connecting via local trusted ports. This authentication could be bypassed by manipulating specific HTTP headers and lead to information disclosure.
HIGH The Markdown syntax highlighter allowed malicious users to inject unsanitized HTML into comments and Markdown documents.
Kernel and packages have been updated to the latest security versions.
Mediawiki Math markup within Gists and repository files with the .mediawiki suffix could leak information to the Google Chart API when they were displayed.
Raw Gist URLs didn't include an expiring token when private mode is enabled. This meant raw Gists were always accessible without authentication if you knew the full URL.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
~~Deleting a user doesn't delete their gists, which can cause problems with replication.~~
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a member of a team with admin access tries to add a new team member, it fails without an error. Only the Owners team can add new team members.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

Not deleting a user's gists when deleting the user was fixed in 2.3.0. (updated 2015-10-12)

Thanks!

The GitHub Team

2.2.9

Tue, 15 Sep 2015 00:00:22 +0000

Security Fixes

HIGH Read access to public API endpoints of private-mode instances and to specific reporting endpoints can be authenticated by connecting via local trusted ports. This authentication could be bypassed by manipulating specific HTTP headers and lead to information disclosure.
Kernel and packages have been updated to the latest security versions.
Mediawiki Math markup within Gists and repository files with the .mediawiki suffix could leak information to the Google Chart API when they were displayed.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.1.14

Tue, 15 Sep 2015 00:00:21 +0000

Security Fixes

HIGH Read access to public API endpoints of private-mode instances and to specific reporting endpoints can be authenticated by connecting via local trusted ports. This authentication could be bypassed by manipulating specific HTTP headers and lead to information disclosure.
Kernel and packages have been updated to the latest security versions.
Mediawiki Math markup within Gists and repository files with the .mediawiki suffix could leak information to the Google Chart API when they were displayed.

Known Issues

Management console sessions can expire too quickly for Safari users.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.0.18

Tue, 15 Sep 2015 00:00:20 +0000

Security Fixes

HIGH Read access to public API endpoints of private-mode instances and to specific reporting endpoints can be authenticated by connecting via local trusted ports. This authentication could be bypassed by manipulating specific HTTP headers and lead to information disclosure.
Kernel and packages have been updated to the latest security versions.
Mediawiki Math markup within Gists and repository files with the .mediawiki suffix could leak information to the Google Chart API when they were displayed.

Known Issues

In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Events in the github_audit log stream are logged twice.
Jobs stuck on code indexing can delay other jobs from running.
SNMP can't be run on high availability replicas.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Gists can't be created when using Safari 8.x in Private Mode.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Thanks!

The GitHub Team

2.3.2

Tue, 25 Aug 2015 00:00:23 +0000

Bug Fixes

We showed a warning in the site admin that an email address wasn't verified, but email verification is disabled in GitHub Enterprise.
User profile names containing certain Unicode characters wouldn't display when synced from an LDAP directory.
The longpoll service, which provides live updates to Issues and Pull Requests pages, didn't restart properly if it was terminated.
Logs for some background jobs were not forwarded.
Double quotes were being stripped from admin SSH keys added via the management console.
Deploy keys could not be deleted when LDAP Sync was enabled.
The ghe-storage-extend command, which resizes the storage volume, could fail with a Volume group name ghe_storage_* has invalid characters error under some circumstances.
Several actions of the admin API related to LDAP were not working as documented.

Security Fixes

Kernel and packages have been updated to the latest security versions.

Known Issues

When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
~~Deleting a user doesn't delete their gists, which can cause problems with replication.~~
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
In our instructions to merge a pull request on the command line, we don't show the steps to merge using SSH.
Updates to Wiki pages by users without a primary email address set throw errors.
Viewing a repository's push log in a web browser displays the warning "Reflog Sync disabled on this repository. Results maybe out of date." This is cosmetic only and does not indicate an issue with the push log or repository storage. (updated 2015-08-28)
When a member of a team with admin access tries to add a new team member, it fails without an error. Only the Owners team can add new team members. (updated 2015-09-08)
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

Not deleting a user's gists when deleting the user was fixed in 2.3.0. (updated 2015-10-12)

Thanks!

The GitHub Team

2.2.8

Tue, 25 Aug 2015 00:00:22 +0000

Bug Fixes

The longpoll service, which provides live updates to Issues and Pull Requests pages, didn't restart properly if it was terminated.
Logs for some background jobs were not forwarded.
The ghe-storage-extend command, which resizes the storage volume, could fail with a Volume group name ghe_storage_* has invalid characters error under some circumstances.

Security Fixes

Kernel and packages have been updated to the latest security versions.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Updates to Wiki pages by users without a primary email address set throw errors.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.1.13

Tue, 25 Aug 2015 00:00:21 +0000

Security Fixes

Kernel and packages have been updated to the latest security versions.

Known Issues

Management console sessions can expire too quickly for Safari users.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
Updates to Wiki pages by users without a primary email address set throw errors.
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.0.17

Tue, 25 Aug 2015 00:00:20 +0000

Security Fixes

Kernel and packages have been updated to the latest security versions.

Known Issues

In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Events in the github_audit log stream are logged twice.
Jobs stuck on code indexing can delay other jobs from running.
SNMP can't be run on high availability replicas.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Gists can't be created when using Safari 8.x in Private Mode.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Thanks!

The GitHub Team

2.3.1

Tue, 11 Aug 2015 00:00:23 +0000

Bug Fixes

Packages have been updated to the latest bugfix versions.
Administrators couldn't promote or demote SAML users from the command line.
Settings downloaded using the management console API couldn't be applied using the management console API.
An error in the VMware tools configuration caused excessive logging.
Organization owners could be prompted to sign up for an early access feature that is not part of GitHub Enterprise.
During an upgrade, checking the validity of the SSL certificate and key could output an error message. There is nothing wrong, but the error message can look scary.
Suspended user accounts could be created when unauthorized LDAP users attempted to sign in to GitHub Enterprise.
A failed login attempt caused multiple LDAP authentication failures, which could cause accounts to be locked on the LDAP server side.
Gist-specific keyboard shortcuts were not shown when you pressed the ? key on Gist pages.
Clicking on line numbers in the second file of a multi-file Gist would highlight a code line in the first file, if that code line number exists in the first file.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
~~Deleting a user doesn't delete their gists, which can cause problems with replication.~~
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
It is not possible to modify the LDAP DN mapping for a user using the administrator LDAP API.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Viewing a repository's push log in a web browser displays the warning "Reflog Sync disabled on this repository. Results maybe out of date." This is cosmetic only and does not indicate an issue with the push log or repository storage. (updated 2015-08-28)
When a member of a team with admin access tries to add a new team member, it fails without an error. Only the Owners team can add new team members. (updated 2015-09-08)
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

Not deleting a user's gists when deleting the user was fixed in 2.3.0. (updated 2015-10-12)

Thanks!

The GitHub Team

2.2.7

Tue, 11 Aug 2015 00:00:22 +0000

Bug Fixes

A failed login attempt caused multiple LDAP authentication failures, which could cause accounts to be locked on the LDAP server side.
Using uppercase characters in the hostname caused a redirect loop.
When displaying a commit made with an email address that doesn't belong to an existing GitHub Enterprise user, we loaded a default avatar from a GitHub.com subdomain.
An error in the VMware tools configuration caused excessive logging.
During an upgrade, checking the validity of the SSL certificate and key could output an error message. There is nothing wrong, but the error message can look scary.

Security Fixes

Kernel and packages have been updated to the latest security versions.
MEDIUM: Cached form objects could cause CSRF tokens to be shared across users.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.1.12

Tue, 11 Aug 2015 00:00:21 +0000

Bug Fixes

An error in the VMware tools configuration caused excessive logging.

Security Fixes

Kernel and packages have been updated to the latest security versions.
MEDIUM: Cached form objects could cause CSRF tokens to be shared across users.

Known Issues

Management console sessions can expire too quickly for Safari users.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.0.16

Tue, 11 Aug 2015 00:00:20 +0000

Security Fixes

Kernel and packages have been updated to the latest security versions.
MEDIUM; Cached form objects could cause CSRF tokens to be shared across users.

Known Issues

In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Events in the github_audit log stream are logged twice.
SNMP can't be run on high availability replicas.
Jobs stuck on code indexing can delay other jobs from running.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Gists can't be created when using Safari 8.x in Private Mode.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Thanks!

The GitHub Team

2.3.0

Tue, 04 Aug 2015 00:00:23 +0000

New Features

With the new features added in GitHub Enterprise 2.3.0, you can:

Use the API to create new users and organizations.
Impersonate a user when making API calls, just as you can through the web interface.
Have finer control over permissions with read-only deploy keys.
Migrate complete repositories from one GitHub instance to another with ghe-migrator.
Configure an HTTP proxy for outbound traffic, such as webhooks.

Changes

Updates to the Authorizations API include breaking changes. If you use the Authorizations API, you should review the changes and update your usage before upgrading. (updated 2015-08-06)
We no longer send email invitations when adding a user to an organization.
The queues for background jobs can now be paused and resumed using the ghe-resque-info command line utility.
Browsers no longer send a Referer header on requests originating from the GitHub Enterprise to prevent leaking the location of your Enterprise instance.
The search index definitions have changed. Some searches will return partial results while the search indices are rebuilt. (updated 2015-10-07)

Upgrading

Upgrading to the 2.3 release series is supported from GitHub Enterprise 2.1.0 and above.

Bug Fixes

Ubuntu packages have been updated to the latest bugfix versions.
When displaying a commit made with an email address that doesn't belong to an existing GitHub Enterprise user, we loaded a default avatar from a GitHub.com subdomain.
~~During an upgrade, checking the validity of the SSL certificate and key could output an error message. There is nothing wrong, but the error message can look scary.~~
Using uppercase characters in the hostname caused a redirect loop.
CSV files on Pages sites were transferred uncompressed.
We didn't show an error if you uploaded an invalid license when the current license was expired.
The page displayed when GitHub Enterprise is in maintenance mode could show an out of date support email address.
Gist profile pages didn't have proper styling when subdomain isolation was disabled.
Global notices weren't displayed on mobile devices.
We didn't properly show user details in the search section of a user's profile in the site admin.
Dashboard activity feed links pointed to the wrong hostname after restoring from backup if the hostname had changed.
We displayed the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Replication setup failed for IPv6 hosts.
Gists couldn't be created when using Safari 8.x in Private Mode.
Users with LDAP DNs longer than 255 characters were suspended if LDAP Sync was enabled. (updated 2015-08-20)
Deleting a user didn't delete their gists, which could cause problems with replication. (updated 2015-10-12)

Security Fixes

Ubuntu kernel and packages have been updated to the latest security versions.
MEDIUM: Cached form objects could cause CSRF tokens to be shared across users.

Upcoming deprecation of authentication using GitHub OAuth

User authentication via GitHub OAuth is being deprecated and will be removed in a future feature release. It will be removed no sooner than November 2015.

Note that this change will only affect user authentication via GitHub.com and not personal access tokens or OAuth applications added to your GitHub Enterprise instance.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
~~Deleting a user doesn't delete their gists, which can cause problems with replication.~~
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
During an upgrade, checking the validity of the SSL certificate and key could output an error message. There is nothing wrong, but the error message can look scary.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Viewing a repository's push log in a web browser displays the warning "Reflog Sync disabled on this repository. Results maybe out of date." This is cosmetic only and does not indicate an issue with the push log or repository storage. (updated 2015-08-28)
When a member of a team with admin access tries to add a new team member, it fails without an error. Only the Owners team can add new team members. (updated 2015-09-08)
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

Under some circumstances, it is still possible to trigger a harmless error message when checking the validity of the SSL certificate and key during an upgrade.
Not deleting a user's gists when deleting the user was fixed in 2.3.0. (updated 2015-10-12)

Thanks!

The GitHub Team

2.2.6

Tue, 28 Jul 2015 15:07:30 +0000

Bug Fixes

Services failed to start properly after upgrading if SSL was disabled.
When trying to merge a pull request through the API where the author didn't have a primary email address, a server error was returned instead of a useful error message.
When running GitHub Enterprise on Xen, upgrades could fail due to incorrectly detecting that the hypervisor was HyperV.
On boot, we automatically fix corruption in the Redis appendonly file but user input was needed, so it appeared to hang.

Security Fixes

Ubuntu packages have been updated to the latest bugfix versions.

Changes

We've added resource usage graphs for processes to the monitoring dashboard.
We added the longpoll process, which handles live updates to issues, to the ghe-service-list output.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Using uppercase characters in the hostname causes a redirect loop.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.1.11

Tue, 28 Jul 2015 15:07:20 +0000

Security Fixes

Ubuntu packages have been updated to the latest security versions.

Known Issues

Management console sessions can expire too quickly for Safari users.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.0.15

Tue, 28 Jul 2015 15:07:10 +0000

Security Fixes

Ubuntu packages have been updated to the latest security versions.

Known Issues

In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Events in the github_audit log stream are logged twice.
SNMP can't be run on high availability replicas.
Jobs stuck on code indexing can delay other jobs from running.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Gists can't be created when using Safari 8.x in Private Mode.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Thanks!

The GitHub Team

2.2.5

Tue, 07 Jul 2015 00:00:22 +0000

Security Fixes

Ubuntu kernel and packages have been updated to the latest security versions.
HIGH: Update HAProxy to address CVE-2015-3281, which could allow an attacker to use a specially crafted request to read memory contents that might contain data from a past request or session.
MEDIUM: Scopeless access tokens could list private Gists.
LOW: Service hooks could log passwords used for HTTP Basic authentication to disk. (updated 2015-07-28)
This release and previous releases of GitHub Enterprise are not affected by the OpenSSL Advisory issued 9 July 2015 (CVE-2015-1793)

Bug Fixes

Ubuntu kernel and packages have been updated to the latest bugfix versions.
A repository could be incorrectly deleted from disk after migration to the new repository layout. If a repository was deleted and no other repositories were created before a reboot, we reused the ID of the deleted repository. This happens because when MySQL starts, the auto increment ID system is inititialized with the last ID in the table. This means the first new repository created would have the same ID as the deleted repository, and the repository cleanup job would incorrectly see the new repository as deleted.
The Redis appendonly file could become corrupt when performing a hard reboot of the appliance, which caused Redis to not start.
A race condition in the pull request synchronize event could result in incorrect SHAs and timestamps in the webhook payload.
Collectd could cause lots of tiny writes to the root volume, which could affect the performance of the appliance.
Old webhook delivery logs were deleted inefficiently. We've changed the directory structure so we can delete them more efficiently.
Viewing compare pages and pull requests could result in a 500 error due to a race condition.
LDAP restricted groups couldn't be removed.
The site admin showed Gravatar icons for users' additional email addresses.
SNMP couldn't be run on high availability replicas.
A high availability replica that's been promoted to primary and then set up as a replica again didn't properly show the replica status page, but showed 'Starting...' instead.
Searching Gists could fail after upgrading to GitHub Enterprise 2.2.
It was not possible to view user profiles or repositories for users with usernames that started with "raw".
Events in the github_audit and haproxy log streams were being logged twice.
Setting up high availability replication could fail due to a large entry in one of the MySQL tables.
Promoting a high availability replica could fail if Elasticsearch took too long to restart.

Changes

We've added a graph for disk utilization to the monitoring dashboard.
Direct root SSH access was not possible in the past, but as an additional measure we've also added PermitRootLogin to no within the SSH configuration.
We've added support for the C4 and M4 AWS instance types.
You are now prompted to confirm that you wish high availability replication to continue when we detect you are attempting to setup replication on an instance that is currently, or has been, an active configured instance. This reduces the chances of accidental replication over an active primary instance.
The diagnostics output gathered on high availability replicas now only gathers information relevant to replica instances.
NTP is now configured on the high availability replica when replication is setup.
Old compressed rotated log files are no longer retained during an upgrade.

Known Issues

Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
~~The site admin shows errors in the 'repo reflogs' section, which isn't fully implemented on GitHub Enterprise.~~
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Services fail to start properly after upgrading to this release if SSL is disabled. (updated 2015-07-20)
Using uppercase characters in the hostname causes a redirect loop. (updated 2015-07-28)
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

The 'repo reflogs' section of the site admin was removed in 2.2.4.

Thanks!

The GitHub Team

2.1.10

Tue, 07 Jul 2015 00:00:21 +0000

Security Fixes

Ubuntu kernel and packages have been updated to the latest security versions.
HIGH: Update HAProxy to address CVE-2015-3281, which could allow an attacker to use a specially crafted request to read memory contents that might contain data from a past request or session.
MEDIUM: Scopeless access tokens could list private Gists.
This release and previous releases of GitHub Enterprise are not affected by the OpenSSL Advisory issued 9 July 2015 (CVE-2015-1793)

Bug Fixes

Ubuntu kernel and packages have been updated to the latest bugfix versions.
We could fail to properly create the key for the secure connection between a high availability replica and the primary, which caused replication setup to fail.

Changes

Direct root SSH access was not possible in the past, but as an additional measure we've also added PermitRootLogin to no within the SSH configuration.
We now gather VMware memory statistics in the diagnostics output.

Known Issues

Management console sessions can expire too quickly for Safari users.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.0.14

Tue, 07 Jul 2015 00:00:20 +0000

Security Fixes

Ubuntu kernel and packages have been updated to the latest security versions.
HIGH: Update HAProxy to address CVE-2015-3281, which could allow an attacker to use a specially crafted request to read memory contents that might contain data from a past request or session.
MEDIUM: Scopeless access tokens could list private Gists.
This release and previous releases of GitHub Enterprise are not affected by the OpenSSL Advisory issued 9 July 2015 (CVE-2015-1793)

Bug Fixes

Ubuntu kernel and packages have been updated to the latest bugfix versions.

Changes

We now gather VMware memory statistics in the diagnostics output.
Direct root SSH access was not possible in the past, but as an additional measure we've also added PermitRootLogin to no within the SSH configuration.

Known Issues

In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Events in the github_audit log stream are being logged twice.
SNMP can't be run on high availability replicas.
Jobs stuck on code indexing can delay other jobs from running.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Gists can't be created when using Safari 8.x in Private Mode.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Thanks!

The GitHub Team

2.2.4

Tue, 16 Jun 2015 00:00:22 +0000

Bug Fixes

Ubuntu kernel and packages have been updated to the latest bugfix versions.
Our Collectd checks for enqueued background jobs could cause elevated CPU usage.
On a Team settings page, the contextual rocket link that site administrators see didn't properly link to the site admin for the team.
With private mode enabled, a Pages site with no default page served a generic error rather than an informative message.
The ghe-resque-info script incorrectly showed all background job queues as empty.
In some versions of Internet Explorer 11, creating a repository with a dash in its name crashed the browser. This is a browser bug but we worked around it to avoid the crash.
Editing a Gist could cause a 500 error. This is an authentication problem between Gist and GitHub Enterprise, so logging out and back in again should fix the problem.
Expensive Git processes could keep running after the parent Ruby process had died.
The site admin showed errors in the 'repo reflogs' section, which isn't fully implemented on GitHub Enterprise. We've now removed the section. (updated 2015-07-28)

Known Issues

Service hooks may log passwords used for HTTP Basic authentication to disk. (updated 2015-07-28)
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
LDAP restricted groups can't be removed.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
~~Mail delivery to localhost fails.~~ (updated 2015-07-14)
Gist repositories are not garbage collected by the maintenance scheduler.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Custom firewall rules aren't maintained during an upgrade.
SNMP can't be run on high availability replicas.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Jobs stuck on code indexing can delay other jobs from running.
Replication setup fails for IPv6 hosts.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
~~The site admin shows errors in the 'repo reflogs' section, which isn't fully implemented on GitHub Enterprise.~~
Gists can't be created when using Safari 8.x in Private Mode.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
Using uppercase characters in the hostname causes a redirect loop. (updated 2015-07-28)
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

Failure to deliver mail to localhost was fixed in 2.2.0. (updated 2015-07-14)
The 'repo reflogs' section of the site admin was removed in this release.

Thanks!

The GitHub Team

2.1.9

Tue, 16 Jun 2015 00:00:21 +0000

Bug Fixes

Ubuntu kernel and packages have been updated to the latest bugfix versions.
Avatars, release downloads, and image attachments to wikis and issues were not copied correctly by high availability replication.

Security Fixes

Ubuntu kernel and packages have been updated to the latest security versions.

Known Issues

We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Management console sessions can expire too quickly for Safari users.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.0.13

Tue, 16 Jun 2015 00:00:20 +0000

Security Fixes

Ubuntu kernel and packages have been updated to the latest security versions.

Known Issues

In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Events in the github_audit log stream are being logged twice.
SNMP can't be run on high availability replicas.
Jobs stuck on code indexing can delay other jobs from running.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Gists can't be created when using Safari 8.x in Private Mode.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Thanks!

The GitHub Team

2.2.3

Tue, 02 Jun 2015 08:00:03 -0700

Changes

We've added more graphs to the monitoring dashboard.
The Linux Out-Of-Memory killer is configured to deprioritize killing MySQL in cases of memory shortage.

Bug Fixes

Setting up replication now ensures that the replica passes the preflight checks.
Upgrading to GitHub Enterprise 2.2 with a lot of repositories could be slow due to unnecessary permission changes.
In some circumstances, after an upgrade we prompted you to upload a license, even though there was already a valid license.
Creating diagnostics could time out due to large numbers of webhook delivery logs.
The number of diffs for non-text file types displayed in pull requests was often too small. It's been increased from 25 to 100.
Management console monitoring graphs were refreshed too often, and the application server could fail to keep up.
Checking the high availability Git replication status could throw an error when working out what repositories need to be replicated.
Upgrading caused private mode to become enabled.
SAML authentication always provided the optional KeyInfo element with no signing certificate in the AuthnRequest response, which caused errors for some identity providers. We don't include the optional KeyInfo element at all now.
Events in the github_audit log stream were being logged twice.
Empty Git LFS objects caused errors.
The Subversion bridge would skip revisions or number them incorrectly.
Background jobs running during a backup would never be processed if the backup was restored.
Suspended LDAP users were unsuspended if no LDAP restricted groups were configured.
We didn't recognize email addresses with trailing whitespace as valid when inviting users, and showed a confusing error message.
Enabling Hyper-V Dynamic Memory caused kernel panics.
A high availability replica set up multiple times could show an out of sync repository as up to date.
The merge button could break when a high availability replica was promoted to primary.
Session cookies could become very large and fill the HAProxy buffer when CAS authentication is enabled, causing server errors.
PubSubHubbub requests could be slow.
Browsing to the HTTP or HTTPS clone URL didn't redirect to the repository, which wasn't consistent with previous versions or GitHub.com.
On very busy instances, the worker processes delivering webhooks in the background could fall behind. Now there are more worker processes, if you have provisioned enough memory.
On instances with thousands of users, requests to the discover Gists page could time out.
The endpoint for marking notifications as read was behind authentication, which caused unneeded traffic and meant that read notifications weren't correctly archived.
GitHub Enterprise could become briefly unstable if a Pages site build timed out, for example for very large Pages sites.
On busy instances, the GitHub application server's backlog could fill up, causing the web server to time out.
Git LFS objects were limited to 1 GB. We've bumped the limit to 2 GB

Security Fixes

Ubuntu kernel has been updated to include security fixes.

Known Issues

Service hooks may log passwords used for HTTP Basic authentication to disk. (updated 2015-07-28)
The site admin shows errors in the "repo reflogs" section, which isn't fully implemented on GitHub Enterprise.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
Gists can't be created when using Safari 8.x in Private Mode.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
Jobs stuck on code indexing can delay other jobs from running.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
Replication setup fails for IPv6 hosts.
SNMP can't be run on high availability replicas.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Management console sessions can expire too quickly for Safari users.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
Custom firewall rules aren't maintained during an upgrade.
~~Mail delivery to localhost fails.~~ (updated 2015-07-14)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
Enqueued background jobs are sometimes not purged when a repository is deleted.
Gist repositories are not garbage collected by the maintenance scheduler.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
The ghe-resque-info script incorrectly shows all background job queues as empty. (updated 2015-06-16)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
Editing a Gist can cause a 500 error. This is an authentication problem between Gist and GitHub Enterprise, so logging out and back in again should fix the problem. (updated 2015-07-15)
Using uppercase characters in the hostname causes a redirect loop. (updated 2015-07-28)
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

Failure to deliver mail to localhost was fixed in 2.2.0. (updated 2015-07-14)

Thanks!

The GitHub Team

2.1.8

Tue, 02 Jun 2015 08:00:02 -0700

Bug Fixes

The endpoint for marking notifications as read was behind authentication, which caused unneeded traffic and meant that read notifications weren't correctly archived.

Security Fixes

Ubuntu kernel has been updated to include security fixes.

Known Issues

Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Management console sessions can expire too quickly for Safari users.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
Gist profile pages don't have proper styling when subdomain isolation disabled.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
Individual application logs are not reliably forwarded. (updated 2015-04-20)
Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-06-13)
We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.0.12

Tue, 02 Jun 2015 08:00:01 -0700

Security Fixes

Ubuntu kernel has been updated to include security fixes.

Known Issues

Gists can't be created when using Safari 8.x in Private Mode.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
Jobs stuck on code indexing can delay other jobs from running.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
SNMP can't be run on high availability replicas.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Events in the github_audit log stream are being logged twice.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Thanks!

The GitHub Team

2.2.2

Tue, 19 May 2015 10:30:03 -0700

Bug Fixes

Ubuntu packages have been updated to the latest bug fix versions.
Upgrading to GitHub Enterprise 2.2 with a lot of repositories could take a very long time.
Transition to the new repository layout could fail if a repository was missing an owner. We've made the transition more resilient to bad data.
With LDAP authentication enabled, users who renamed their accounts and then had their DN changed couldn't log in.
Logging of notification deliveries was extremely verbose, which could put I/O pressure on busy instances.
Site-wide audit logs didn't appear in the site admin interface.
Setting the admin management console password with ghe-set-password failed.
When maintenance mode was enabled, we ignored the configured support email address and always showed the default.
It was not possible to forward logs over IPv6.
We showed the wrong clone URL when displaying a Gist when subdomain isolation was enabled.
Elasticsearch wasn't properly tuned based on available memory.
Notification, event, and session database entries weren't properly archived, which could cause those tables to grow very large on busy instances.
Some valid SSL certificates were incorrectly rejected in the management console.
Promoting a high availability replica that had previously been a primary could show out of date pages due to a stale cache.
Pushing large repositories over HTTPS could timeout.
Some upgrade messages were not shown.
Replication status did not show queued repositories.
The activity dashboard graph could dip to zero periodically, creating misleading sawtooth patterns.
Checking file size limits for Git pushes could be expensive and time consuming.

Changes

Unlock repository administrator dialog contained information not relevant to GitHub Enterprise.
Elasticsearch, Memcached, MySQL, Redis, Nginx, tcpconns and netlink Collectd plugins are now enabled.
More performance statistics are shown in the administrators' toolbar.
User sessions are updated less frequently, reducing load on the database.

Security Fixes

Ubuntu kernel and packages have been updated to the latest security versions.
LOW: OpenSSL 1.0.1-4ubuntu5.27.
LOW: Update libssh to address denial of service vulnerabilities CVE-2014-8132 and CVE-2015-3145.

Repository storage changes

Changing the repository storage layout has been improved significantly in this release, cutting down the migration time from hours to minutes. If your instance contains more than 20,000 repositories (including gists and wikis) you can now upgrade to 2.2.2.

Please refer to the "Repository storage changes" section of the 2.2.0 release notes for further advice on upgrading.

SAML response requirement changes

We've improved the validation of the SAML responses we receive. A response message must now contain a Recipient set to the Assertion Consumer Service URL, http(s)://[hostname]/saml/consume.

In addition to the Recipient attribute, GitHub Enterprise will now also verify the Destination and Audience attributes, if they are supplied in the response message.

Most SAML implementations already provide this information in their responses.

Known Issues

Service hooks may log passwords used for HTTP Basic authentication to disk. (updated 2015-07-28)
Organization invitation emails are sent from the configured support email address rather than the no-reply address.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Events in the github_audit log stream are being logged twice.
Gists can't be created when using Safari 8.x in Private Mode.
Gist repositories are not garbage collected by the maintenance scheduler.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
~~Mail delivery to localhost fails.~~ (updated 2015-07-14)
Replication setup fails for IPv6 hosts.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
Management console sessions can expire too quickly for Safari users.
Enabling Hyper-V Dynamic Memory causes kernel panics. (updated 2015-05-30)
Suspended LDAP users are unsuspended if no LDAP restricted groups are configured. (updated 2015-05-30)
We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
Editing a Gist can cause a 500 error. This is an authentication problem between Gist and GitHub Enterprise, so logging out and back in again should fix the problem. (updated 2015-07-15)
Using uppercase characters in the hostname causes a redirect loop. (updated 2015-07-28)
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

Failure to deliver mail to localhost was fixed in 2.2.0. (updated 2015-07-14)

Thanks!

The GitHub Team

2.1.7

Tue, 19 May 2015 10:30:02 -0700

Bug Fixes

Ubuntu packages have been updated to the latest bug fix versions.
With LDAP authentication enabled, users who renamed their accounts and then had their DN changed couldn't log in.
LDAP user search in the site admin was limited to 1000 results. This performed poorly when searching some directories, and people are more likely to refine the search than to page through so many results, so it's now limited to 150 results.
Setting up static networking could fail when trying to stop the DHCP client.
Configuring high availability replication incorrectly wrote a key fingerprint to the git user's authorized_keys file, which caused warning messages to be logged on the primary.
Logging of notification deliveries was extremely verbose, which could put I/O pressure on busy instances.
When maintenance mode was enabled, we ignored the configured support email address and always showed the default.
We showed the wrong clone URL when displaying a Gist when subdomain isolation was enabled.
Elasticsearch wasn't properly tuned based on available memory.
Notification, event, and session database entries weren't properly archived, which could cause those tables to grow very large on busy instances.
The activity dashboard graph could dip to zero periodically, creating misleading sawtooth patterns.
Checking file size limits for Git pushes could be expensive and time consuming.
With LDAP authentication enabled, entering the wrong password could cause a timeout for some users. (updated 2015-09-02)

Security Fixes

Ubuntu kernel and packages have been updated to the latest security versions.
LOW: OpenSSL 1.0.1-4ubuntu5.27.
LOW: Update libssh to address denial of service vulnerabilities CVE-2014-8132 and CVE-2015-3145.
LOW: Disable SSLv2 and SSLv3 in Postfix.

SAML response validation changes

We've improved the validation of the SAML responses we receive. A response message must now contain a Recipient set to the Assertion Consumer Service URL, http(s)://[hostname]/saml/consume.

In addition to the Recipient attribute, GitHub Enterprise will now also verify the Destination and Audience attributes, if they are supplied in the response message.

Most SAML implementations already provide this information in their responses.

Known Issues

Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Events in the github_audit log stream are being logged twice.
Gists can't be created when using Safari 8.x in Private Mode.
LDAP Sync fails for groups that have a period in their CN.
Replication setup fails for IPv6 hosts.
It's not possible to convert a user account to an organization.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
Gist profile pages don't have proper styling when subdomain isolation disabled.
SNMP can't be run on high availability replicas.
Custom firewall rules aren't maintained during an upgrade.
Management console sessions can expire too quickly for Safari users.
Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
Deleting a user doesn't delete their gists, which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
Individual application logs are not reliably forwarded. (updated 2015-04-20)
Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.0.11

Tue, 19 May 2015 10:30:01 -0700

Security Fixes

Ubuntu kernel and packages have been updated to the latest security versions.
LOW: OpenSSL 1.0.1-4ubuntu5.27.
LOW: Update libssh to address denial of service vulnerabilities CVE-2014-8132 and CVE-2015-3145.

Known Issues

Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Events in the github_audit log stream are being logged twice.
Gists can't be created when using Safari 8.x in Private Mode.
SNMP can't be run on high availability replicas.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Thanks!

The GitHub Team

2.2.1

Tue, 05 May 2015 12:00:00 -0700

Bug Fixes

Ubuntu packages have been updated to the latest bugfix versions.
Multibyte characters in management console configuration options caused an error when saving settings.
SSH public keys with the = character would not allow administrative SSH access to the instance.
Upgrading a replica showed harmless syntax errors.

Known Issues

Service hooks may log passwords used for HTTP Basic authentication to disk. (updated 2015-07-28)
Upgrading to GitHub Enterprise 2.2 with a lot of repositories can take a very long time.
We show the wrong clone URL when displaying a Gist when subdomain isolation is disabled.
Gist repositories are not garbage collected by the maintenance scheduler.
~~Mail delivery to localhost fails.~~ (updated 2015-07-14)
Deleting a user doesn't delete their gists which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Organization invitation emails are sent from the support email address rather than the noreply email address.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Gists can't be created when using Safari 8.x in Private Mode.
SNMP can't be run on high availability replicas.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Management console sessions can expire too quickly for Safari users.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Custom firewall rules aren't maintained during an upgrade.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
Replication setup fails for IPv6 hosts.
It is not possible to forward logs over IPv6. (updated 2015-05-07)
Site-wide audit logs do not appear in the site admin interface. (updated 2015-05-14)
Setting the admin SSH password with ghe-set-password fails. (updated 2015-05-19)
Enabling Hyper-V Dynamic Memory causes kernel panics. (updated 2015-05-30)
Suspended LDAP users are unsuspended if no LDAP restricted groups are configured. (updated 2015-05-30)
We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
Editing a Gist can cause a 500 error. This is an authentication problem between Gist and GitHub Enterprise, so logging out and back in again should fix the problem. (updated 2015-07-15)
Using uppercase characters in the hostname causes a redirect loop. (updated 2015-07-28)
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

Failure to deliver mail to localhost was fixed in 2.2.0. (updated 2015-07-14)

Thanks!

The GitHub Team

2.2.0

Wed, 29 Apr 2015 11:00:00 -0700

New Features

With the new features added in GitHub Enterprise 2.2.0, you can:

Connect to your GitHub repositories in Visual Studio 2015.
Deploy GitHub Enterprise on Azure, Hyper-V and XenServer.
Version large files with Git LFS. This is an early access technical preview, and is not recommended for production use. (updated 2015-07-29)
Commit and propose changes faster with quick pull requests.
View PDFs in your repositories.
View notifications on your mobile device.
Navigate branches from your mobile device.
Communicate with your users using a site-wide banner.
Determine repository licenses using the Repository licensing API.
Roll back a failed or interrupted upgrade.

Changes

We recommend a minimum of 16 GB RAM be provisioned for the GitHub Enterprise virtual machine. We now enforce a minimum amount of RAM. (updated 2015-05-04)
The way we store repositories has been changed to improve disk usage.
The undocumented site/stats API endpoint has been removed.
We've moved to using syslog-ng for the system logger, which drops support for RELP. Log forwarding will be disabled if you used RELP prior to upgrading.
We didn't add files larger than 384 KB to the search index. We've now bumped this limit to 10 MB.
When using LDAP authentication, user account suspension is managed by using restricted group membership. Users will be suspended or unsuspended based on their membership at login. If LDAP Sync is enabled, this process will happen automatically during a synchronization run. (updated 2015-05-21)
LDAP Sync shows a team error indicator when an LDAP Group isn't found.
New users will be added to their LDAP Sync-enabled teams when they log in for the first time. (updated 2015-05-08)

Bug Fixes

Ubuntu packages have been updated to the latest bugfix versions.
We didn't give much feedback during an upgrade, so it was hard to know if it was still progressing as expected. We include the current upgrade status on the starting page now.
Setting up static networking could fail in some circumstances.
LDAP user search in the site admin was limited to 1000 results. This performed poorly when searching some directories, and people are more likely to refine the search than to page through so many results, so it's now limited to 150 results.
With SAML authentication configured, signing out and signing in again could redirect you to a page saying you were still signed out.
When a new organization was created with LDAP sync enabled, we showed an incorrect hint about importing teams.
LDAP users could not be suspended or renamed when LDAP sync was off.
The Owners team was not automatically removed from LDAP sync.
LDAP sync didn't sync members of a group where the LDAP group name contained a dot (.).
Wiki files larger than 500 KB were cut off when they were served, which could result in large images not loading completely.
The ghe-btop command line utility incorrectly dropped --help and --usage flags.
WOFF 2.0 font files did not have their content-type header set correctly in Pages.
The top OAuth applications list in the site admin didn't load.
Replication needed to be be set up again after upgrading a high availability replica. We restart replication automatically now.
Under some circumstances, application services didn't restart properly. This could happen when restoring a backup to a new instance, which could cause a redirect to the old host if it had a different hostname, or when uploading a new license, which caused the old license to be used on some requests.
CoffeeScript in GitHub Pages sites caused build failures.
Converting a user to an organization failed with a billing plan error, which shouldn't have been in effect on GitHub Enterprise.
Some API endpoints could leak the existence of a private repository.
A complex series of actions could cause a user's profile page to load in place of their contributions graph on their profile page; profile page inception.
MySQL could recycle unique IDs after rebooting GitHub Enterprise. This could lead to strange behavior if you delete the most recently created repository, reboot, then create a new repository.
Removing admin SSH keys with invisible characters via the Management Console failed silently.
Git replication could be slow and CPU intense during initial push of large or complex repositories.
Events in the github_audit log stream were logged twice.
Management Console sessions would timeout when accessing GitHub Enterprise in another tab.
Bad SSL certificates could slip by validation.
Creating the OpenVPN connection could fail, causing replication set up with ghe-repl-setup to hang.
Git clients could display intermittent "fatal: protocol error: bad pack header" messages when garbage collection ran while fetching a pack file that was bigger than a configured memory limit. (updated 2015-05-06)
Avatars, release downloads, and image attachments to wikis and issues were not copied correctly by high availability replication. (updated 2015-05-20)
Repositories with a leading dot in their name failed to replicate if they were created before replication was set up. (updated 2015-06-16)
Mail delivery to localhost failed. (updated 2015-07-14)

Security Fixes

Ubuntu packages have been updated to the latest security fix versions.
LOW: Disable SSLv2 and SSLv3 in Postfix.

Repository storage changes

This release changes the way GitHub Enterprise stores repositories, which reduces disk usage by sharing Git objects between forks and improves caching performance when reading repository data. This is a major change, and has some implications you need to be aware of.

Changing the repository storage layout can take several hours if your instance contains many repositories. We're working on making this faster so if your instance contains more than 20,000 repositories (including gists and wikis) we do not recommend upgrading to GitHub Enterprise 2.2 until further notice. Everyone should now upgrade to GitHub Enterprise 2.2.2 or later, as the migration process has been made significantly faster.

You can check how many repositories you have using the Admin Stats API. For example, you can SSH into the VM and run the following command, then add together "total_repos", "total_wikis", and "total_gists":

curl -s http://127.0.0.1:1337/api/v3/enterprise/stats/all

Before upgrading

As a precaution, before your upgrade you should take a backup-utils snapshot after putting the instance in maintenance mode. We also recommend taking a disk snapshot of the user data volume.

Upgrading

The upgrade process takes care of moving repository data from the existing storage layout to the new storage layout. If you have a large amount of repository data moving the data can take some time, so we recommend that you test the upgrade on a staging instance first. You can use the test upgrade to make an estimate of how long of a maintenance window you'll need for your production instance.

After upgrading, you may notice a large number of background jobs being processed. Each job is optimizing a repository for the new storage layout, but uses a high nice value, so should have minimal impact on performance. The jobs will be enqueued in the maint_localhost jobs queue, which may have a large backlog, but it's a dedicated queue and won't block other jobs from completing.

Repository backups

For compatibility with the new repository layout, you need to upgrade backup-utils to version 2.2.

The first update taken after you upgrade will be a full backup rather than an incremental backup. This means it will take more disk space and more time to complete. Subsequent backups will be incremental again.

Other implications of the change

Some customers routinely ran Git garbage collection on their repositories. The existing repository layout maps nicely to what you can see in the user interface, so you could easily find a repository on disk at /data/repositories/[owner]/[repository].git. This is no longer the case with the new repository layout, but it does let us be smarter about running garbage collection, so running it manually shouldn't be necessary.

So that they could be restored if necessary, deleted repositories were previously moved to the /data/repositories/__purgatory__ directory. This special area for archived repositories is no longer needed or used. Repositories are kept in their normal location until purged three months after being archived.

Please contact Enterprise Support if you have any questions about this change.

Snapshot and rollback recommendations

Due to the invasive changes in the repository disk layout in GitHub Enterprise 2.2, we strongly recommend reading the upgrade guide prior to upgrading your virtual machine. This provides information about using snapshots and rolling back to a pre-upgrade state in the event an upgrade fails or is interrupted.

Upcoming deprecation of authentication using GitHub OAuth

User authentication via GitHub OAuth is being deprecated and will be removed in a future feature release. It will be removed no sooner than November 2015.

Note that this change will only affect user authentication via GitHub.com and not personal access tokens or OAuth applications added to your GitHub Enterprise instance.

Known Issues

Service hooks may log passwords used for HTTP Basic authentication to disk. (updated 2015-07-28)
The management console incorrectly strips the = character from new and current administrative SSH keys when adding or removing keys. This will cause administrative SSH access to the instance to fail for those keys.
Upgrading to GitHub Enterprise 2.2 with a lot of repositories can take a very long time.
We show the wrong clone URL when displaying a Gist when subdomain isolation is disabled.
Gist repositories are not garbage collected by the maintenance scheduler.
~~Mail delivery to localhost fails.~~ (updated 2015-07-14)
Deleting a user doesn't delete their gists which can cause problems with replication.
In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Organization invitation emails are sent from the support email address rather than the noreply email address.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Gists can't be created when using Safari 8.x in Private Mode.
SNMP can't be run on high availability replicas.
Gist profile pages don't have proper styling when subdomain isolation is disabled.
Management console sessions can expire too quickly for Safari users.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Custom firewall rules aren't maintained during an upgrade.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
Replication setup fails for IPv6 hosts.
It is not possible to forward logs over IPv6. (updated 2015-05-07)
Site-wide audit logs do not appear in the site admin interface. (updated 2015-05-14)
Setting the admin SSH password with ghe-set-password fails. (updated 2015-05-19)
Enabling Hyper-V Dynamic Memory causes kernel panics. (updated 2015-05-30)
Suspended LDAP users are unsuspended if no LDAP restricted groups are configured. (updated 2015-05-30)
We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
Editing a Gist can cause a 500 error. This is an authentication problem between Gist and GitHub Enterprise, so logging out and back in again should fix the problem. (updated 2015-07-15)
Using uppercase characters in the hostname causes a redirect loop. (updated 2015-07-28)
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

Failure to deliver mail to localhost was fixed in 2.2.0. (updated 2015-07-14)

Thanks!

The GitHub Team

2.1.6

Tue, 21 Apr 2015 10:15:00 -0700

Bug Fixes

The organisation creation page gave incorrect details about when LDAP groups could be synced as teams.
LDAP users could not be suspended or renamed when LDAP sync was off.
ghe-btop's --usage and --help flags were not being passed correctly.
WOFF 2.0 font files did not have their content-type set correctly in Pages.
The top third party OAuth applications were not displayed.
The Owners team was not automatically removed from LDAP sync.
Replication was not restarted automatically after an upgrade.
Unicorn masters were not always restarted correctly which left behind stale processes.
LDAP sync wasn't syncing members of a group where the LDAP group name contained a ..
ghe-repl-setup did not warn if the master had an existing replica.
The system did not always shut down cleanly due to using kexec rather than reboot.
ghe-service-list did not list github-svn-proxy or github-timerd.
resqued, svn-proxy and timerd held on to a deleted log file rather than rotating correctly.

Security Fixes

Ubuntu packages have been updated to the latest security versions.
LOW: Ruby 2.1.6
LOW: Branch names were not escaped correctly so could allow a XSS vulnerability.
LOW: A bug in URL parsing in Safari could allow the bypass of the same origin checks in JavaScript.

Known Issues

Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Events in the github_audit log stream are being logged twice.
Gists can't be created when using Safari 8.x in Private Mode.
SNMP can't be run on high availability replicas.
Gist profile pages don't have proper styling when subdomain isolation disabled.
Management console sessions can expire too quickly for Safari users.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Custom firewall rules aren't maintained during an upgrade.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
Replication setup fails for IPv6 hosts.
It's not possible to convert a user account to an organization.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
Individual application logs are not reliably forwarded. (updated 2015-04-20)
Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

2.0.10

Tue, 21 Apr 2015 10:15:00 -0700

Security Fixes

Ubuntu packages have been updated to the latest security versions.
LOW: Ruby 2.1.6

Note the 2.0.x releases are not susceptible to the XSS vulnerability mentioned in the 2.1.6 release notes.

Known Issues

Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Events in the github_audit log stream are being logged twice.
Gists can't be created when using Safari 8.x in Private Mode.
SNMP can't be run on high availability replicas.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Thanks!

The GitHub Team

11.10.354

Tue, 24 Mar 2015 10:22:13 -0700

Security Fixes

LOW: OpenSSL 1.0.1-4ubuntu5.25

Release series end of life

The 11.10.354 release is part of the 11.10.340 release series. No more security patches will be released in this series after 7 July 2015, even for critical security issues. All customers are encouraged to upgrade to the latest release.

Thanks!

The GitHub Team

2.0.9

Tue, 24 Mar 2015 10:22:12 -0700

Bug Fixes

One of the Percona database tools we ship with the VM was phoning home to check for updates.

Security Fixes

Ubuntu packages have been updated to the latest security versions.
LOW: Using an access token with public_repo scope, requests for lists of issues would return issues from private repositories.
LOW: OpenSSL 1.0.1-4ubuntu5.25

Integration with GitHub for Mac

For reasons outside our control, the implementation behind the "Clone in desktop" button for GitHub for Mac doesn't work any more. We now use the same method for both desktop applications and check you have an application configured. This means we'll only show the button when you're logged in.

Known Issues

Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Events in the github_audit log stream are being logged twice.
Gists can't be created when using Safari 8.x in Private Mode.
SNMP can't be run on high availability replicas.
Individual application logs are not reliably forwarded. (updated 2015-04-20)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Thanks!

The GitHub Team

2.1.5

Tue, 24 Mar 2015 10:22:10 -0700

Bug Fixes

Pull requests didn't properly trigger repository replication.
In rare circumstances, Git clients displayed a misleading repository corruption message when garbage collection ran while fetching a pack file that was bigger than a configured memory limit. We've bumped up the configured memory limit to make that situation even less likely.
If the credentials of the LDAP bind user became incorrect—for example, if a password expired—LDAP sync incorrectly removed users from teams. If those users had forks of private repositories, the forks were deleted.
We incorrectly performed some LDAP searches as the authenticating user instead of the LDAP bind user. This user might have less access than the bind user, which could cause errors.
The user API only returned a user's LDAP mapping if LDAP sync was enabled.
We added support for the "SSH" and "SSHKey" prefixes for ActiveDirectory's altSecurityIdentities attributes.
With LDAP Sync enabled, it was possible to set the special Owners team to sync with an LDAP group, but the sync couldn't complete. We disable syncing the Owners team now.
When LDAP Sync was set to sync emails, we showed a banner message suggesting users add an email address even though they couldn't.
Inviting a user to join an organization could return a "Not found" error when all the teams in an organization were mapped to LDAP groups and the invited user wasn't already a member of another team.
After configuring a fresh instance to use static networking, we could still request a DHCP lease. Restarting the VM stopped the DHCP requests, but we fixed the problem and don't ask for a lease now.
When saving settings, the "Restarting system services" spinner could keep spinning even after the services had restarted properly.
The HAProxy logs were rotated weekly, so on busy instances they could get very large. We rotate them daily now.
We kept too many logs for webhooks, which slowed stuff down. We purge older logs now.
Some network setups made browsers send headers too big for us to handle, causing a "Request header or cookie too large" error. We've made our header buffers bigger.
We added some flags to the ghe-support-bundle command line utility to make it possible to upload a support bundle directly to GitHub from the VM.
Email hooks were incorrectly sent from "noreply@github.com" if "Send from author" wasn't selected. Some email services would reject those emails, making it seem like the hook was failing.
One of the Percona database tools we ship with the VM was phoning home to check for updates.
When the Status API was used to set a pending status on a pull request, we incorrectly said some checks had failed.
There was a race condition in our assets server, which delivers resources like profile pictures and downloads, that could cause file handle leakage. If that happened, performance could be degraded. (updated 2015-03-25)
Chrome 42 users weren't able to edit wiki pages or upload images via drag and drop, and autocomplete menus and repository graphs didn't display. (updated 2015-05-06)

Security Fixes

Ubuntu packages have been updated to the latest security versions.
LOW: Using an access token with public_repo scope, requests for lists of issues would return issues from private repositories.
LOW: OpenSSL 1.0.1-4ubuntu5.25

Integration with GitHub for Mac

For reasons outside our control, the implementation behind the "Clone in desktop" button for GitHub for Mac doesn't work any more. We now use the same method for both desktop applications and check you have an application configured. This means we'll only show the button when you're logged in.

Known Issues

Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Events in the github_audit log stream are being logged twice.
Gists can't be created when using Safari 8.x in Private Mode.
SNMP can't be run on high availability replicas.
Gist profile pages don't have proper styling when subdomain isolation disabled.
Management console sessions can expire too quickly for Safari users.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Custom firewall rules aren't maintained during an upgrade.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
LDAP Sync fails for groups that have a period in their CN.
Replication setup fails for IPv6 hosts.
It's not possible to convert a user account to an organization.
Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
Can't suspend or rename users when LDAP Sync is off. (updated 2015-04-20)
Individual application logs are not reliably forwarded. (updated 2015-04-20)
Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

The GitHub Team

11.10.353

Tue, 10 Mar 2015 02:30:28 -0700

GitHub Enterprise 11.10.353 Update Released

The 11.10.353 release for GitHub Enterprise is now available for download from https://enterprise.github.com/download. The full release notes for 11.10.353 follow:

Security Fixes

HIGH: OpenSSL 1.0.1-4ubuntu5.21 (https://freakattack.com)

FREAK attack

Researchers from INRIA, Microsoft Research and IMDEA have discovered a vulnerability that can cause affected servers to use weakened encryption on SSL connections, making it easier for an attacker with access to the connection to decrypt the communication.

GitHub Enterprise versions 2.0.7, 2.1.0 and newer are not vulnerable to this attack as they were already updated to OpenSSL 1.0.1-4ubuntu5.21 before this attack was published.

Release series end of life

The 11.10.353 release is part of the 11.10.340 release series. No more security patches will be released in this series after 7 July 2015, even for critical security issues. All customers are encouraged to upgrade to the latest release.

2.0.8

Tue, 03 Mar 2015 09:41:19 -0800

Security Fixes

Ubuntu packages have been updated to the latest security versions.
MEDIUM: There was an XSS vulnerability in wikis.
LOW: We didn't require SAML responses to be signed. We enforce that now.

Known Issues

Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Events in the github_audit log stream are being logged twice.
Gists can't be created when using Safari 8.x in Private Mode.
SNMP can't be run on high availability replicas.
Individual application logs are not reliably forwarded. (updated 2015-04-20)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

2.1.4

Tue, 03 Mar 2015 09:41:13 -0800

Bug Fixes

Ubuntu packages have been updated to the latest bugfix/security versions.
Enabling LDAP Sync for emails could cause background jobs to be continuously queued, which in turn could affect performance.
Viewing a PSD or STL file with more than one revision results in an error being thrown.
The GitHub application server could fail to start, because under some circumstances there could be a stale zero-downtime restart flag file.
Scheduled maintenance mode didn't activate, so GitHub Enterprise was still available when it shouldn't have been.
Saving settings in the management console with invalid LDAP connection settings caused an error. We fail with an appropriate message now.
Promoting a high availability replica failed if the primary wasn't accessible.
MySQL replication could fail on really, really busy instances.
With SSL disabled, regenerating the self-signed certificate enabled SSL. This would happen if you use the IP address as the hostname and change the IP address of the VM.
The admin SSH user didn't have proper access to man pages.
There was an unused Redis stats bubble in the site admin toolbar, which looked like a warning. We've taken out the bubble.
Chrome Canary didn't show the number of open pull requests when you viewed a repository.
The ghe-upgrade command produced the following harmless error: line 205: /dev/null/: Is a directory.

Security Fixes

MEDIUM: There was an XSS vulnerability in wikis.

Known Issues

Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Git replication can be slow and CPU intense during initial push of large or complex repositories.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Events in the github_audit log stream are being logged twice.
Gists can't be created when using Safari 8.x in Private Mode.
SNMP can't be run on high availability replicas.
Gist profile pages don't have proper styling when subdomain isolation disabled.
After initial set up, an instance with static networking configured that has not been rebooted can try to get a DHCP lease.
Management console sessions can expire too quickly for Safari users.
We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
Custom firewall rules aren't maintained during an upgrade.
A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
Individual application logs are not reliably forwarded. (updated 2015-04-20)
When using Chrome 42 or newer, wiki pages can't be edited, images can't be uploaded via drag and drop, and autocomplete menus and repository graphs may not display. (updated 2015-05-06)
Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

2.1.3

Tue, 17 Feb 2015 04:46:27 -0800

Bug Fixes

Ubuntu packages have been updated to the latest bugfix/security versions.
Downloading code archives failed when private mode was enabled.
The assets server didn't always properly close file handles, which could cause performance issues if the file handle limit was reached.
Custom CA certificates installed with ghe-ssl-ca-certificate-install were lost after upgrading.
Maintenance mode wasn't maintained after upgrading, so applications were unexpectedly accessible to users.
Updating a license in the management console was not reflected in the GitHub application under some circumstances.
Diagnostics always said avatars are disabled, regardless of reality.
Some organization names were incorrectly blacklisted.
We didn't require SAML responses to be signed. We enforce that now.
We didn't properly support SAML single sign on URLs with query parameters.
Our validation when adding restricted LDAP groups in the management console was overly strict, and stopped you adding groups whose name was a substring of existing groups.
We weren't properly suspending users when they were suspended in ActiveDirectory.
We failed to properly sync LDAP users' email addresses in some cases.
LDAP Sync unsuspended users who'd been suspended if the userAccountControl attribute wasn't present. That's usually the case when the directory isn't ActiveDirectory unless the attribute was added with a custom schema.
The ghe-org-owner-promote command line utility was broken.
Wildcard SSL certificates in the management console could be incorrectly marked invalid under some circumstances.
We only copied admin SSH keys when initially setting up replication, so the keys on the high availability replica could be out of sync. We regularly update them now.
The management console settings and GitHub Enterprise license were only copied the first time replication was set up, so the high availability replica could be out of sync. Now we update the settings and license each time replication is set up.
The monitoring graphs were set to PST timezone. We always use UTC now.
We ignored region settings in the AWS CodeDeploy service hook, causing it to fail.
Switching to a different authentication method didn't expire existing sessions.
Profile pictures migrated from an avatar service could revert to identicons under some circumstances.

Known Issues

The ghe-upgrade command will output the following harmless error: line 205: /dev/null/: Is a directory
Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
~~Replica promotion can hang when running ghe-repl-promote.~~
Git replication can be slow and CPU intense during initial push of large or complex repositories.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Events in the github_audit log stream are being logged twice.
Gists can't be created when using Safari 8.x in Private Mode.
SNMP can't be run on high availability replicas.
Enabling LDAP Sync for emails can cause background jobs to be continuously queued, which in turn can affect performance. We recommend disabling email sync in this version. (updated 2015-02-25)
Viewing a PSD or STL file with more than one revision results in an error being thrown. (updated 2015-02-27)
Individual application logs are not reliably forwarded. (updated 2015-04-20)
When using Chrome 42 or newer, wiki pages can't be edited, images can't be uploaded via drag and drop, and autocomplete menus and repository graphs may not display. (updated 2015-05-06)
Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Security Fixes

LOW: SAML authentication responses weren't signed.

Errata

Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.

2.0.7

Tue, 17 Feb 2015 04:46:26 -0800

Bug Fixes

Ubuntu packages have been updated to the latest bugfix/security versions.
Updating a license in the management console was not reflected in the GitHub application under some circumstances.
~~We didn't require SAML responses to be signed. We enforce that now.~~

Known Issues

Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
~~Replica promotion can hang when running ghe-repl-promote.~~
Git replication can be slow and CPU intense during initial push of large or complex repositories.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
The ghe-org-owner-promote command line utility is currently broken.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Switching to a different authentication method doesn't expire existing sessions.
Events in the github_audit log stream are being logged twice.
Gists can't be created when using Safari 8.x in Private Mode.
SNMP can't be run on high availability replicas.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Security Fixes

LOW: SAML authentication responses weren't signed.
~~LOW~~ HIGH: OpenSSL 1.0.1-4ubuntu5.21.

Errata

We didn't include the fix to sign SAML authentication responses in this release.
Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.
The OpenSSL 1.0.1-4ubuntu5.21 update was upgraded to a HIGH security fix due to the publication of Freak Attack.

2.1.2

Sat, 31 Jan 2015 11:42:05 -0800

Bug Fixes

Static network configuration had to be reapplied after upgrading from 2.1.0 to 2.1.1. We now properly maintain these settings during an upgrade.

Known Issues

Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
~~Replica promotion can hang when running ghe-repl-promote.~~
Git replication can be slow and CPU intense during initial push of large or complex repositories.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
The ghe-org-owner-promote command line utility is currently broken.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Switching to a different authentication method doesn't expire existing sessions.
Events in the github_audit log stream are being logged twice.
Replication needs to be reconfigured after upgrading a replica with ghe-upgrade.
Gists can't be created when using Safari 8.x in Private Mode.
SNMP can't be run on high availability replicas.
Updating a license in the management console is not reflected in the GitHub application under some circumstances. (updated 2015-02-02)
Enabling LDAP Sync for emails can cause background jobs to be continuously queued, which in turn can affect performance. We recommend disabling email sync in this version. (updated 2015-02-25)
Viewing a PSD or STL file with more than one revision results in an error being thrown. (updated 2015-02-27)
Individual application logs are not reliably forwarded. (updated 2015-04-20)
When using Chrome 42 or newer, wiki pages can't be edited, images can't be uploaded via drag and drop, and autocomplete menus and repository graphs may not display. (updated 2015-05-06)
Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.

Thanks!

The GitHub Team

2.1.1

Fri, 30 Jan 2015 16:19:14 -0800

Bug Fixes

Ubuntu packages have been updated to the latest bugfix/security versions.
With more than seven tabs open, dynamic content could fail to load due to browser connection limits. We've returned to using polling instead.
When a SAML response incorrectly had an email as the NameID, but didn't include email as a released attribute, users could sign in the first time but couldn't sign in again after signing out.
If an SSH key contained extra whitespace or a comment, LDAP Sync sent emails warning that an SSH key was added to your account each time sync ran.
When synchronizing an LDAP Group mapped to multiple GitHub Teams, we queried the LDAP directory for each Team. We now query once for the Group and update all the Teams at the same time. We also improved the performance of searching for group members.
Creating LDAP users through the site admin caused an error if their LDAP username included characters that would be normalized in their GitHub username, like $, _, ..
Members of the LDAP admin group were given admin privileges on account creation or LDAP Sync, but not when they signed in.
We incorrectly hid avatar options in the management console if a service URL was set but avatars were disabled.
If your management console session timed out, connectivity tests failed without any error message. Now you're redirected to log in again.
The From: address was wrong in notification emails if the "no-reply" email address was configued, using the SMTP HELO domain instead.
SASL was enabled even if SMTP authentication wasn't turned on, which could cause email delivery failures.
Doing an initial installation using the management console API failed if you didn't include the port, because we dropped data when redirecting.
If Pages on a replica fell too far behind the primary, the alert shown by ghe-repl-status was missing how far behind replication was.
Diagnostics always said Log Forwarding was disabled, regardless of reality.
The Git gateway tried to log timing statistics to an inaccessible statsd server.
Hovering over the timing statistics graph in the site admin showed undefined instead of the hostname and Ruby version.
Compressing a support bundle could be slow, so we sped it up using more than one core (but with a high nice so it won't affect anything else).

Known Issues

Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
~~Replica promotion can hang when running ghe-repl-promote.~~
Git replication can be slow and CPU intense during initial push of large or complex repositories.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
The ghe-org-owner-promote command line utility is currently broken.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Switching to a different authentication method doesn't expire existing sessions.
Events in the github_audit log stream are being logged twice.
Replication needs to be reconfigured after upgrading a replica with ghe-upgrade.
Gists can't be created when using Safari 8.x in Private Mode.
SNMP can't be run on high availability replicas.
Updating a license in the management console is not reflected in the GitHub application under some circumstances. (updated 2015-02-02)
Enabling LDAP Sync for emails can cause background jobs to be continuously queued, which in turn can affect performance. We recommend disabling email sync in this version. (updated 2015-02-25)
Viewing a PSD or STL file with more than one revision results in an error being thrown. (updated 2015-02-27)
Individual application logs are not reliably forwarded. (updated 2015-04-20)
When using Chrome 42 or newer, wiki pages can't be edited, images can't be uploaded via drag and drop, and autocomplete menus and repository graphs may not display. (updated 2015-05-06)
Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Security Fixes

MEDIUM: Buffer overflow in gethostbyname. Also known as the GHOST vulnerability.

GHOST vulnerability

Qualys researchers have found a buffer overflow vulnerability in the gethostbyname function in the C standard library that could allow remote code execution under some circumstances. There is currently no known way to exploit GitHub Enterprise remotely using this vulnerability, as many services don't use gethostbyname in a way that is exploitable. However, as a precaution we recommend upgrading to this latest patch release or to a later version.

Errata

Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.

Thanks!

The GitHub Team

https://enterprise.github.com/releases

https://enterprise.github.com/releases/2.1.1

Security Notification

Important Security Vulnerabilities Fixed in GitHub Enterprise 2.1.1

The following important security vulnerabilities have been fixed in the 2.1.1 release:

MEDIUM: Buffer overflow in gethostbyname. Also known as the GHOST vulnerability.

GHOST vulnerability

If you have any questions, please contact support at enterprise@github.com

Thanks!

The GitHub Team

2.0.6

Fri, 30 Jan 2015 16:19:07 -0800

Bug Fixes

Ubuntu packages have been updated to the latest bugfix/security versions.
With private mode enabled, redirects could leak the Nginx version we use.
Changes to authentication settings in the management console were lost if any settings failed to validate.
Adding an SSH key that contained non-ASCII characters like smart quotes would break the management console.
If your management console session timed out, connectivity tests failed without any error message. Now you're redirected to log in again.
We stopped you from adding a duplicate or broken SSH key to the management console, but the error didn't show up properly.
The HAProxy connection limits were incorrectly configured, making them a little bit lower than they should have been.
When a SAML response incorrectly had an email as the NameID, but didn't include email as a released attribute, users could sign in the first time but couldn't sign in again after signing out.
Checking replica status with ghe-repl-status was really slow. We made it faster.
If Pages on a replica fell too far behind the primary, the alert shown by ghe-repl-status was missing how far behind replication was.
Replication didn't restart properly after rebooting a high availability replica.
Replication didn't replicate custom DNS settings.
The SSH key used for replication didn't survive upgrades and had to be regenerated.
The Git gateway tried to log timing statistics to an inaccessible statsd server.
The Git gateway included the repository twice in SSH log entries.
The Git gateway logs were messed up when we tried to rotate them.
The Git gateway was being restarted every day, but we didn't need to do that.
The hypervisor console script timed out every five seconds and respawned, spamming the logs.
Git clone events weren't being forwarded as part of the github_audit log stream.
Hovering over the timing statistics graph in the site admin showed undefined instead of the hostname and Ruby version.
Compressing a support bundle could be slow, so we sped it up using more than one core (but with a high nice so it won't affect anything else).
Diagnostics always said Log Forwarding was disabled, regardless of reality.
Creating the diagnostics file for support could timeout if there were lots of webhook delivery logs.
In Pages sites, JSON files were served with the wrong MIME type.
We sometimes didn't show the gateway address in the hypervisor console.
Accessing GitHub Enterprise in Firefox with the default certificate still enabled displayed the SSL warning twice.
The 'Revert' button didn't work properly when trying to revert a pull request from a fork.
Git authentication could fail after changing the hostname.

Known Issues

Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
~~Replica promotion can hang when running ghe-repl-promote.~~
Git replication can be slow and CPU intense during initial push of large or complex repositories.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
The ghe-org-owner-promote command line utility is currently broken.
In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Switching to a different authentication method doesn't expire existing sessions.
Events in the github_audit log stream are being logged twice.
Replication needs to be reconfigured after upgrading a replica with ghe-upgrade.
Gists can't be created when using Safari 8.x in Private Mode.
SNMP can't be run on high availability replicas.
Individual application logs are not reliably forwarded. (updated 2015-04-20)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Security Fixes

MEDIUM: Buffer overflow in gethostbyname. Also known as the GHOST vulnerability.
LOW: Desktop applications were granted API tokens with more access scope than was necessary.

GHOST vulnerability

Errata

Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.

Thanks!

The GitHub Team

https://enterprise.github.com/releases

https://enterprise.github.com/releases/2.0.6

https://enterprise.github.com/staff/releases/2.0.6/edit

https://enterprise.github.com/staff/notifications/206-update-released/

Security Notification

Important Security Vulnerabilities Fixed in GitHub Enterprise 2.0.6

The following important security vulnerabilities have been fixed in the 2.0.6 release:

MEDIUM: Buffer overflow in gethostbyname. Also known as the GHOST vulnerability.

GHOST vulnerability

If you have any questions, please contact support at enterprise@github.com

Thanks!

The GitHub Team

11.10.352

Fri, 30 Jan 2015 16:18:55 -0800

Important Security Vulnerability Fixed in 11.10.352

The following important security vulnerability has been fixed in the 11.10.352 release:

MEDIUM: Buffer overflow in gethostbyname. Also known as the GHOST vulnerability.

GHOST vulnerability

If you have any questions, please contact support at enterprise@github.com

Thanks!

The GitHub Team

2.1.0

Tue, 20 Jan 2015 09:04:22 -0800

GitHub Enterprise 2.1.0 Update Released

The 2.1.0 release for GitHub Enterprise is now available for download from https://enterprise.github.com/download. We've listed out all the included features, bug fixes, and known issues below, and have also drafted up a set of upgrade instructions to help make your migration as smooth as possible.

New Features

With the new features added in GitHub Enterprise 2.1.0, you can:

Automate user and team management with LDAP Sync.
Deploy GitHub Enterprise on OpenStack KVM.
Audit all user actions across your instance with the Instance Audit Log.
Monitor the performance of GitHub Enterprise with the Instance Monitoring Dashboard.
Configure webhooks at the organization level.
Set your GitHub Enterprise profile picture.
See the results from multiple pull requests status checks.
View and diff SVG files.
Manage todos with the /pulls and /issues dashboard pages.
More easily review changes to code with syntax highlighted diffs.
Automate deployments from GitHub Enterprise repositories with the Deployments API.
Run GitHub Enterprise within your IPv6 network.
Find what you're looking for on the go with mobile search.
See what Git operations are running on GitHub Enterprise with the ghe-btop command line utility.
Use Ed25519 SSH client keys for Git operations.

Changes

To stop users committing large files that can harm server performance, files larger than 100MB are now rejected by default. The file size limit can be changed or removed. (updated 2015-02-02)
With the release of the profile pictures feature, support for external avatar services has been deprecated. (updated 2015-02-02)

Bug Fixes

Ubuntu packages have been updated to the latest bugfix/security versions.
When installing, you had to upload the license and then set the password. Now we do it in one step, so someone nasty can't set a password after you've uploaded the license and gone for coffee.
With private mode enabled, redirects could leak the Nginx version we use.
When talking to an LDAP server multiple times in a request, we'd start a new connection each time. Now we reuse connections where possible, so it's much faster.
Checking replica status with ghe-repl-status was really slow. We made it faster.
We sometimes didn't show the gateway address in the hypervisor console.
We stopped you from adding a duplicate or broken SSH key to the management console, but the error didn't show up properly.
Accessing GitHub Enterprise in Firefox with the default certificate still enabled displayed the SSL warning twice.
It was easy to accidentally change network settings in the VMware console. Now you have to hit 's' instead of any key.
In the security section of the settings page, we incorrectly showed requests coming from 127.0.0.1 if they came from a private network.
Replication didn't restart properly after rebooting a high availability replica.
Replication didn't replicate custom DNS settings.
If a high availability replica was offline for a while, restarting it could fail if MySQL had moved on too far.
The SSH key used for replication didn't survive upgrades and had to be regenerated.
Memcached didn't restart after a crash, which broke Gist and other pages.
In Pages sites, JSON files were served with the wrong MIME type.
People expected to be able to invite users to an organization by their full name. Now you can.
Wiki links to other wiki pages were rendered as images when a repository contained a directory with the same name.
Adding an SSH key that contained non-ASCII characters like smart quotes would break the management console.
The 'Revert' button didn't work properly when trying to revert a pull request from a fork.
The hypervisor console script timed out every five seconds and respawned, spamming the logs.
Git clone events weren't being forwarded as part of the github_audit log stream.
The Git gateway logs were messed up when we tried to rotate them.
Creating the diagnostics file for support could timeout if there were lots of webhook delivery logs.
The page that users see when maintenance mode is enabled linked to enterprise@github.com instead of your configured support email address.
The "Open in desktop" button only worked if you already had the desktop application installed.
PSD files didn't render with the default self-signed certificate.
Git authentication could fail after changing the hostname. (updated 2015-02-02)

Security Fixes

LOW: Desktop applications were granted API tokens with more access scope than was necessary.
~~LOW~~ HIGH: OpenSSL 1.0.1-4ubuntu5.21.

Removal of RC4 SSL cipher

To keep GitHub Enterprise as secure as possible, we have removed support for the cryptographically weak RC4 cipher in our SSL configuration. With the removal of RC4, Internet Explorer on Windows XP will no longer be able to access GitHub Enterprise. You can read more about this change in our announcement on GitHub.com.

Known Issues

Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
~~Replica promotion can hang when running ghe-repl-promote.~~
Git replication can be slow and CPU intense during initial push of large/complex repositories.
The management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to the wrong hostname after restore if the hostname has changed.
The ghe-org-owner-promote command line utility is currently broken.
In some circumstances after an upgrade, we prompt you to upload a license even though there's already a valid license.
If your management console session has timed out, connectivity tests can fail without any error message.
On a freshly set up GitHub Enterprise instance without any users, an attacker could create the first admin user.
Switching to a different authentication method doesn't expire existing sessions.
Events in the github_audit log stream are being logged twice.
Replication needs to be reconfigured after upgrading a replica with ghe-upgrade.
Gists can't be created when using Safari 8.x in Private Mode. (updated 2015-01-27)
SNMP can't be run on high availability replicas. Our previous fix was incomplete. (updated 2015-02-02)
Updating a license in the management console is not reflected in the GitHub application under some circumstances. (updated 2015-02-02)
Enabling LDAP Sync for emails can cause background jobs to be continuously queued, which in turn can affect performance. We recommend disabling email sync in this version. (updated 2015-02-25)
Viewing a PSD or STL file with more than one revision results in an error being thrown. (updated 2015-02-27)
Individual application logs are not reliably forwarded. (updated 2015-04-20)
When using Chrome 42 or newer, wiki pages can't be edited, images can't be uploaded via drag and drop, and autocomplete menus and repository graphs may not display. (updated 2015-05-06)
Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.
The OpenSSL 1.0.1-4ubuntu5.21 update was upgraded to a HIGH security fix due to the publication of Freak Attack.

2.0.5

Mon, 22 Dec 2014 03:26:08 -0800

Security Fixes

CRITICAL: Remote code execution possible via ntpd.
MEDIUM: Specially crafted Gist updates could bypass the Git client protection introduced in 2.0.4.
MEDIUM: The web editor could be used to bypass the Git client protection introduced in 2.0.4.

NTP vulnerability

Critical vulnerabilities in the Network Time Protocol (NTP) have been discovered and disclosed by members of the Google Security Team. These vulnerabilities make it possible for a remote attacker to send a carefully crafted packet with malicious arbitrary code that will execute at the privilege level of the ntpd process.

This release includes patches to NTP from upstream to make sure it is not exploitable. As an additional measure, we've also updated the firewall rules to be more strict. We strongly recommend that all GitHub Enterprise customers upgrade their instances as soon as possible.

More details on the vulnerabilities can be found in the ICSA-14-353-01 advisory.

Mitigation
If you can't immediately upgrade, the attack can be mitigated by removing the firewall rule that accepts traffic to port 123. To temporarily remove the rule, SSH into the appliance and run:

sudo ufw delete allow ghe-123

If you have any questions, please contact support at enterprise@github.com

Known Issues

Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Replica promotion can hang when running ghe-repl-promote.
Replicas need to be restarted after upgrading with ghe-upgrade.
Git replication slow and CPU intense during initial push of large/complex repositories.
First run in Firefox displays the SSL warning twice.
Admin is prompted to reapply the license after ghe-upgrade runs even though the license file is present.
The management console doesn't handle non-ASCII characters in authorized_keys.
Management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
Downloading diagnostics from the web can time out if there are a lot of hook deliveries.
Memcache doesn't restart properly after a crash and must be manually restarted.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restore if the hostname has changed.
A user cannot be invited to an organization by their full name.
Wiki links to other wiki pages are rendered as images when a repository contains a directory with the same name.
Individual application logs are not reliably forwarded. (updated 2015-04-20)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

11.10.351

Mon, 22 Dec 2014 03:07:34 -0800

Security Fixes

CRITICAL: Remote code execution possible via ntpd.
MEDIUM: Specially crafted Gist updates could bypass the Git client protection introduced in 11.10.349.
MEDIUM: The web editor could be used to bypass the Git client protection introduced in 11.10.349.

NTP vulnerability

More details on the vulnerabilities can be found in the ICSA-14-353-01 advisory.

sudo ufw delete allow ghe-123

The rule will be re-enabled if settings are saved or a configuration run is performed. To prevent the rule from being restored, SSH into the appliance and run:

sudo rm /data/enterprise/cookbooks/ufw/files/default/ufw_apps/ghe-123
sudo rm /etc/ufw/applications.d/ghe-123

If you have any questions, please contact support at enterprise@github.com

11.10.349

Fri, 19 Dec 2014 14:09:38 -0800

Git client vulnerability

Yesterday a critical Git security vulnerability was announced that affects all versions of the official Git client and all related software that interacts with Git repositories.

While GitHub Enterprise itself is not directly affected, it may be used as a distribution point for an attacker to reach unpatched clients. This release detects and blocks malicious trees from being pushed to an Enterprise instance, eliminating it as an attack vector.

Important details

It it critical to note that this release only provides mitigation against low-levels attacks where a user with write access could attempt to push malicious files to a GitHub Enterprise instance. It does not prevent interactions with malicious external Git servers that can open up command-line level attack vectors, as those must be dealt with at the Git client level.

For full protection, we strongly recommend you ensure that all developers update their Git clients, in addition to upgrading to this release. Installing this update alone does not mean your organization is fully safe against this vulnerability. The only way to make sure none of your developers are vulnerable is to have everyone upgrade their Git client.

More details on the vulnerability can be found in the official Git mailing list announcement, on the git-blame blog, and on the GitHub blog.

If you have any questions, please contact support at enterprise@github.com

2.0.4

Fri, 19 Dec 2014 14:09:36 -0800

Git client vulnerability

Yesterday a critical Git security vulnerability was announced that affects all versions of the official Git client and all related software that interacts with Git repositories.

Important details

More details on the vulnerability can be found in the official Git mailing list announcement, on the git-blame blog, and on the GitHub blog.

If you have any questions, please contact support at enterprise@github.com

Bug Fixes and Updates

Maintenance pages now display the configured support email rather than the enterprise@github.com default.
The version number is displayed correctly on AWS installations.
The index entries in Index Management correctly change the cursor to indicate they are clickable links.
The welcome screen will no longer blank and requires s rather than any key to start network setup.
There is now a /usr/local/bin/ghe-btop utility to query the status of babeld.

Known Issues

Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
Replica promotion can hang when running ghe-repl-promote.
Replicas need to be restarted after upgrading with ghe-upgrade.
Git replication slow and CPU intense during initial push of large/complex repositories.
First run in Firefox displays the SSL warning twice.
Admin is prompted to reapply the license after ghe-upgrade runs even though the license file is present.
The management console doesn't handle non-ASCII characters in authorized_keys.
Management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
Downloading diagnostics from the web can time out if there are a lot of hook deliveries.
Memcache doesn't restart properly after a crash and must be manually restarted.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restore if the hostname has changed.
A user cannot be invited to an organization by their full name.
Wiki links to other wiki pages are rendered as images when a repository contains a directory with the same name.
Individual application logs are not reliably forwarded. (updated 2015-04-20)
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

2.0.3

Tue, 16 Dec 2014 13:59:31 -0800

Bug Fixes and Updates

Fixes a regression in 2.0.2 that prevented new AWS installations when the second block device was attached before the instance was first started.

Known Issues

The version number is incorrectly shown on AWS installations as 2.0.2.
Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
~~Replica promotion can hang when running ghe-repl-promote.~~
Replicas need to be restarted after upgrading with ghe-upgrade.
Git replication slow and CPU intense during initial push of large/complex repositories.
First run in Firefox displays the SSL warning twice.
Admin is prompted to reapply the license after ghe-upgrade runs even though the license file is present.
The management console doesn't handle non-ASCII characters in authorized_keys.
Management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
Downloading diagnostics from the web can time out if there are a lot of hook deliveries.
Memcache doesn't restart properly after a crash and must be manually restarted.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restore if the hostname has changed.
A user cannot be invited to an organization by their full name.
Wiki links to other wiki pages are rendered as images when a repository contains a directory with the same name.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Errata

Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.

2.0.2

Tue, 16 Dec 2014 00:25:11 -0800

Bug Fixes and Updates

Updated installed packages and Ubuntu kernel to latest released versions.
Services would not start properly in some circumstances, so the appliance would get stuck in a "Starting..." state.
SSH keys were deleted during sign in when SAML authentication was used.
It was possible to upload an invalid SAML idP certificate, which caused an error when trying to log in.
Updating a license didn't take effect until settings had been saved.
A 404 Not Found error was returned when visiting the user page of a suspended user.
The ghe-user-csv command line utility didn't include email addresses in some circumstances.
After upgrading, the appliance could briefly revert to using the default self-signed SSL certificate.
Changing network settings could break the HAProxy SSL certificate, making services on the appliance unreachable.
Our handling of deleted refs could cause high availability Git replication to fail for affected repositories.
The management console could report the pre-upgrade version number after an upgrade.
Events that trigger notification emails could cause 500 errors if the configured SMTP server timed out.
Testing domain settings in the management console failed if the uploaded SSL certificate didn't have 'Subject Alternative Name' extensions.
Testing domain settings in the management console failed when the DNS server wasn't reachable or valid.
Testing LDAP group membership in the management console returned incorrect results when only an admin group was set.
Searching for a repository in the site admin could miss exact matches.
User creation could time out if the LDAP administrator group wasn't set.
Gist log level was set too high, so the Gist logs could grow very big.
Some management console styles and functionality were broken for supported versions of IE.
When restoring to a backup with ghe-restore, maintenance mode was automatically enabled, which could be confusing. Maintenance mode now has to be enabled manually through the management console, using the management console API, or using the ghe-maintenance command line utility.
Resizing the root partition caused upgrades to fail.
The web user interface and API could be slow to update after Git pushes.
During initial installation, the self-signed certificate warning screen suggested verifying the certificate over SSH when no SSH keys were installed. The certificate fingerprint is now shown in the hypervisor console.
SSH password authentication was incorrectly enabled for admin access, even though no password was set.
The support email couldn't be set without enabling outgoing email.
Slow response times from NetApp storage could cause the root partition to be remounted as read only.
Some metadata was missing when importing the OVA.
It wasn't possible to add more than 8 vCPUs under ESXi without upgrading the virtual hardware version.
The raw Gist main page returned an error.
Inconsistent 404 Not Found error pages were displayed in some cases.
Sending malformed JSON to the management console API caused an error rather than being handled gracefully.
Links to help articles didn't link to the Enterprise-specific articles.
The color used to highlight search term results in code was too similar to the fold highlighting color.

Known Issues

ghe-upgrade expects the upgrade filename to be github-enterprise-esx-2.0.2.pkg on VMWare or github-enterprise-ami-2.0.2.pkg on AWS.
Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
~~Replica promotion can hang when running ghe-repl-promote.~~
Replicas need to be restarted after upgrading with ghe-upgrade.
Git replication slow and CPU intense during initial push of large/complex repositories.
First run in Firefox displays the SSL warning twice.
Admin is prompted to reapply the license after ghe-upgrade runs even though the license file is present.
The management console doesn't handle non-ASCII characters in authorized_keys.
Management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
Downloading diagnostics from the web can time out if there are a lot of hook deliveries.
Memcache doesn't restart properly after a crash and must be manually restarted.
Jobs stuck on code indexing can delay other jobs from running.
Dashboard activity feed links point to wrong hostname after restore if the hostname has changed.
A user cannot be invited to an organization by their full name.
Wiki links to other wiki pages are rendered as images when a repository contains a directory with the same name.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Errata

Replica promotion hanging when running ghe-repl-promote was fixed in this release.

2.0.1

Thu, 20 Nov 2014 04:13:11 -0800

Bug Fixes and Changes

Ubuntu packages have been updated to the latest bugfix/security versions.
Data migration failed if there were organizations without administrators.
Services could fail to start correctly if configuration was applied without storage being prepared.
A race condition could cause a configuration failure to be incorrectly reported.
When saving Management Console settings, redirecting to the progress page could fail.
Saving Management Console settings with an inaccessible LDAP server caused an error.
Static network settings would be lost across upgrades.
Gist Git repositories could not be pushed to directly.
The number of Rails worker processes was static, and now depends on the provisioned memory.
GitHub OAuth did not redirect to the requested page when login was required.
Diagnostic output did not include the EC2 instance type.
MySQL replication was shown as a running query in the Management Console maintenance page.
A SAML single logout URL was incorrectly published. GitHub Enterprise does not currently support single logout.
Excessive log entries were generated because the MySQL slow transaction threshold was set too low.
The default memory for the OVA was incorrectly set to 8GB, instead of the recommended 16GB.
Lowercase hostnames were not enforced in the Management Console settings.
collectd and log data are were not preserved through upgrades.
Support bundles did not include configuration logs.
SAML times did not append Z for compliance with the SAML Core 1.3.3 standard.
Incorrect license information was shown in diagnostic output.
The Git HTTPS daemon contained a file descriptor leak.
Added ghe-mysql-checksum script to checksum InnoDB tables.
Management Console restore messaging was imprecise.
Subdomain isolation caused a redirect loop when accessing the Pages root URL.
The crash kernel was unnecessarily enabled, causing 128M of memory to be used.
Webhook logs did not include timestamps.
Excessive log entries were generated if Gitmon could not open its data store.
Non-DST time changes caused ambiguous Russian timezones.

DNS Servers

Major change: DNS settings are no longer configured via the the Management Console, and any custom nameservers specified via the console will be lost after upgrading to 2.0.1.

When configured to use DHCP, GitHub Enterprise now relies on the DNS nameservers provided by the DHCP server. This is the default configuration for GitHub on AWS, and no changes are required when upgrading an EC2 instance.

If you are using DHCP on VMWare and your server does not provide nameservers, or if you need custom nameservers that are different from your DHCP lease, please add them to /etc/resolvconf/resolv.conf.d/head after upgrading.

If you are using a static IP configuration, please reconfigure static network configuration after upgrading to 2.0.1, either via tty1 or sudo ghe-setup-network -v.

Note: You may also choose to add custom nameservers to /etc/resolvconf/resolv.conf.d/head before running ghe-upgrade. These settings will be retained across the upgrade to 2.0.1 and future releases.

Known Issues

The 2.0.1 release ships with some known issues that we were unable to fix before release. If any of these will cause major problems for your organization, we recommending waiting for 2.1.0 or 2.0.2 before upgrading.

News feed activity links point to the hostname and protocol used when they were generated (affects renamed hosts).
"Test domain settings" will fail when a DNS server is invalid or not reachable.
ghe-restore should require that maintenance mode is enabled before restoring.
ghe-repl-status-git is CPU intensive and may be slow on the primary node.
The Site Admin dashboard has an autofocus issue in Firefox.
Accessing the Gist raw subdomain can cause an error.
Git replication is slow and CPU intense during initial push of large or complex repositories.
Webhook deliveries may be delayed when search indexing jobs are running.
The lock issue dialog does not link to the versioned Enterprise Help URL: https://docs.github.com/enterprise/2.0/user/articles/what-are-the-different-access-permissions
Search on Pages 404 pages does not work.
404 pages are not consistent across Assets, Gist and GitHub URLs.
ghe-user-csv script doesn't return valid email addresses.
SMTP over SSL/SMTPS on port 465 is not supported.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

2.0.0

Tue, 11 Nov 2014 03:29:35 -0800

Features and Changes

Runs on Amazon Web Services EC2 with officially supported Amazon Machine Images.
Now running on Ubuntu 12.04 LTS.
High availability support with replication and failover: https://docs.github.com/enterprise/2.0/admin-guide/ha-cluster/.
SAML 2.0 authentication with support for OneLogin, PingIdentity, Okta, and Shibboleth.
Inbound email - replies to pull request/issue/commit emails show up as comments: https://github.com/blog/811-reply-to-comments-from-email
Diffs have a split view: https://github.com/blog/1884-introducing-split-diffs.
GitHub Issues has improved search, status, and notifications: https://github.com/blog/1866-the-new-github-issues.
Gist design update: https://github.com/blog/1850-gist-design-update.
Users receive notifications when issues are assigned to them.
Users added to organizations receive email invites: https://github.com/blog/1868-inviting-people-to-your-organization.
New mobile views with design improvements.
Search code by filename, e.g., servolux filename:Gemfile.
Folder paths expand to allow quick access to deeply nested hierarchies: https://github.com/blog/1877-folder-jumping.
Organizations have improved audit logs: https://github.com/blog/1872-improved-audit-log.
Markdown task lists can now be nested.
PSD files can be viewed inline and compared: https://github.com/blog/1845-psd-viewing-diffing.
Lock conversations, so only collaborators can post further comments: https://github.com/blog/1847-locking-conversations.
Branches pages have improved UI and filters: https://github.com/blog/1852-a-better-branches-page.
Pull requests can be reverted with a button that creates a reversed, revert pull request: https://github.com/blog/1857-introducing-the-revert-button.
Emoji and team autocompletion are smarter.
Users can set up 2FA with a TOTP application, and they'll get more reminders to download their recovery codes in case of a lock out.
Pages uses Jekyll 2.2.0: https://github.com/blog/1867-github-pages-now-runs-jekyll-2-2-0
Webhook services have added for VisualOps.io, Bugzilla 4.4.3, Snap-CI, tinyPM, CodeReviewHub, Heroku deployments, GoCD, and AWS OpsWorks deployments support.
SSH appliance administration is now on port 122.
Configuration runs no longer use Chef and are much faster and more reliable.
New Git daemon for all protocols provides increased reliability, performance, and maximum number of parallel connections.
Future upgrades can be done with the ghe-upgrade command-line tool over SSH.
The admin SSH user has full sudo access to perform regular administrative tasks and troubleshooting.

Bug Fixes

Pull requests could include the wrong commits.
Webhooks would only keep the most recent 150 deliveries per hook.
LDAP authentication failed when using Oracle Unified Directory LDAP.
Git clone could fail for large repositories.
MySQL could not be restarted without rebooting the VM.
Experimental: Active Directory users could not be found when the user was in a nested group (ask Enterprise Support for access to this bug fix).
GitHub Pages URLs were case insensitive, which defied W3C guidelines. (updated 2015-04-17)

Security Fixes

HIGH: Subdomain Isolation (strongly recommended but disabled by default) hosts Archives, Gist, Assets, Pages, content rendering, user uploads, and raw files on separate subdomains. This feature isolates these potentially insecure resources from user sessions and mitigates cross-site scripting attacks by moving them to different origins.
HIGH: Multiple cross-site scripting vulnerabilities and configuration file injection issues fixed in management console. Exploitation required authentication.
MED: Management console now runs on port 8443 (or 8080 when SSL is disabled) to separate user and administrative interfaces.
MED: SSL is enabled by default and uses self-signed certificates on initial setup.
MED: Management console now uses password-based authentication instead of authentication using license files.

LDAP Support

Supported LDAP servers are now Active Directory, FreeIPA, Oracle Directory Server Enterprise Edition, OpenLDAP, Open Directory and 389 Directory Server. These are the servers that we will test before shipping a GitHub Enterprise release. If you need support for another LDAP server please contact GitHub Enterprise Support.

VirtualBox Unsupported

Enterprise 2.0 OVAs will no longer run with VirtualBox. VirtualBox has previously offered a poor customer experience for GitHub Enterprise. The supported hypervisors are VMware ESX and Amazon Web Service's EC2. VMware desktop products (e.g. VMware Workstation, VMware Fusion, VMware Player) are supported for trial purposes but should not be used in production.

Known Issues

The 2.0.0 release ships with some known issues that we were unable to fix before release. If any of these will cause major problems for your organization, we recommending waiting for 2.1.0 or 2.0.1 before upgrading.

Dashboard activity feed links point to the hostname and protocol used when they were generated.
"Test domain settings" will fail when a DNS server is not reachable or invalid.
Gist Git repositories cannot be pushed to.
GitHub OAuth does not redirect to the requested page when login is required.
ghe-restore should require that maintenance mode is enabled before restoring.
ghe-repl-status-git is CPU intense and may be slow on the primary node.
Saving settings with an inaccessible LDAP server results in an error.
The Site Admin dashboard has an autofocus issue in Firefox.
collectd data is not preserved through upgrades.
Accessing the Gist raw subdomain can cause an error.
Git replication is slow and CPU intense during initial push of large or complex repositories.
Webhook deliveries may be delayed when search indexing jobs are running.
The lock issue dialog does not link to the versioned Enterprise Help URL: https://docs.github.com/enterprise/2.0/user/articles/what-are-the-different-access-permissions
Search on Pages 404 pages does not work.
Inconsistent 404 behaviour for Assets, Gist and GitHub URLs.
ghe-user-csv script doesn't return valid email addresses.
Uppercase hostnames cause redirect loops and are not rejected by the management console.
SMTP over SSL/SMTPS on port 465 is not supported.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

11.10.348

Thu, 16 Oct 2014 08:05:52 -0700

Bug Fixes

Quickly recreating a repository after deletion could result in the new repository being deleted.
A GitHub.com billing plan could be incorrectly assigned to a user, causing upgrades to fail.
MOTD was incorrectly enabled for non-interactive SSH sessions.
The Subversion bridge could fail to restart.
Repositories with missing discussion metadata were not properly deleted.
Gists from previous versions were not shown in searches after upgrade.
Duplicate repository records could cause upgrades to fail.
Git garbage collection could run while a backup was in progress.
Internal hooks could cause poor Git performance.
Active Directory LDAP subgroups were not searched recursively.
Diffs of STL files did not work in private mode.
Clicking links in Gists in Firefox redirected incorrectly to an error page.

Google Chrome

A bug in Chrome caused our security middleware to incorrectly forbid file uploads, causing an empty response. This could cause initial installation, upgrades, or unlocking with a license file to fail for all instances using the 11.10.320 OVA. The bug is fixed in the 11.10.320.1 OVA included with this release.

Security Fixes

HIGH: OpenSSL SSLv3 POODLE Vulnerability (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566)
MED: OpenSSL 1.0.1-4ubuntu5.20 (https://www.openssl.org/news/secadv_20141015.txt)
MED: Bash 4.2-2ubuntu2.6 (http://www.ubuntu.com/usn/usn-2380-1/)

SSLv3 disabled

Google researchers have found a critical vulnerability in the SSLv3 protocol. This protocol is very old and has been replaced with TLS 1.0, 1.1 and 1.2. Due to the vulnerability we have disabled SSLv3 support by default in 11.10.348.

We strongly recommend against reenabling SSLv3 but if it is needed after upgrading to 11.10.348 by legacy software the following steps will reenable it:

ghe-unlock

WARNING: This command opens root access to the admin user via sudo. It is
provided as a troubleshooting facility and should be used only under the
guidance of GitHub Enterprise support.

While unlocked, any user with admin SSH access will have full root access to
the VM. Please use with caution and run the ghe-lock command when finished to
prevent accidental modification of system files.

Do you understand? [Y/n] Y
Okay. Full sudo access via the admin user is now enabled.

Replace the line ssl_protocols TLSv1 TLSv1.1 TLSv1.2; in /etc/nginx/sites-enabled/github.conf with ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;:

sudo sed 's/ssl_protocols TLSv1 TLSv1.1 TLSv1.2/ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2/' -i /etc/nginx/sites-enabled/github.conf
sudo service nginx reload

You can verify if the change was successful by running the following command from outside the instance:

openssl s_client -connect my-enterprise-instance:443 -ssl3

This should show a message similar to the following:

CONNECTED(00000003)
..
Server certificate
-----BEGIN CERTIFICATE-----

11.10.337

Sun, 28 Sep 2014 10:25:50 -0700

Security fixes

HIGH: A fix for CVE-2014-7186 and CVE-2014-7187

11.10.347

Sun, 28 Sep 2014 10:25:49 -0700

Security fixes

HIGH: A fix for CVE-2014-7186 and CVE-2014-7187

Bugfixes

Forking regression which resulted in substantially more disk space and resource utilization.

11.10.346

Thu, 25 Sep 2014 16:02:23 -0700

Security fixes

CRIT: A fix for CVE-2014-7169: remote code execution through bash has been applied to GitHub Enterprise.

11.10.336

Thu, 25 Sep 2014 16:02:08 -0700

Security fixes

CRIT: A fix for CVE-2014-7169: remote code execution through bash has been applied to GitHub Enterprise.

11.10.345

Wed, 24 Sep 2014 16:19:03 -0700

Security fixes

CRIT: A fix for CVE-2014-6271: remote code execution through bash has been applied to GitHub Enterprise.

11.10.335

Wed, 24 Sep 2014 16:09:47 -0700

Security fixes

CRIT: A fix for CVE-2014-6271: remote code execution through bash has been applied to GitHub Enterprise.

11.10.344

Tue, 02 Sep 2014 06:04:30 -0700

Bugfixes

Site admin rocket icon did not show in Internet Explorer 11.
Proxy services for Git, Git HTTP and SVN did not log correctly.
Recent webhook delivery metadata were not displayed in repository settings under some circumstances.
Pull request synchronization in the site admin could cause a Not Found error.
Compiled GitHub Pages sites could be improperly removed.
Support bundles could be extremely large. Rotated logs are now excluded by default.
Visiting the user page of a suspended user incorrectly caused a Not Found error.
LDAP user listing in the site admin could time out.
LDAP posixGroup membership checks failed improperly.
Testing connection settings caused an error when the LDAP server was unreachable.

Security fixes

CRIT: Public repository archives were not protected by private mode.
LOW: OpenSSL 1.0.1-4ubuntu5.17.

11.10.343

Wed, 30 Jul 2014 06:22:57 -0700

Bugfixes

Incorrect rendering of repository pages when following a link from a Gist.
Pages generation could fail with SSL enabled.
reStructuredText files failed to render.
To prevent broken avatars, set GitHub.com as the default fallback for serving identicons.
Filtered SNMP community string from the support bundles.
LDAP authentication timeouts could cause sign in and HTTP clones to fail.
Upgrades could fail if VMware tools had been installed.
Collectd was sending duplicate packets when forwarding messages.
Changed authentication settings could fail to take effect.
To prevent system authentication logs from becoming too large, we now rotate the auth.log daily and discard them after one week.
Administrators did not have permission to update firewall rules with UFW.
Git incorrectly detected commits as unreachable on fetch.
Elasticsearch status was inconsistent after upgrade.
When creating a repository with the same name as a deleted repository, the deleted code was restored.
Upgrade could fail with a large user sessions table.
Improved styling of search results sort order button.
Better handling errors when renaming users from stafftools.
Seat count was misreported.
Gists with legacy ID URLs cound not be cloned.
Commit build statuses were not shown after upgrade.
Removed site_admin API scope from metadata calls.
Unlocking repositories failed after a sudo timeout with LDAP authentication enabled.
Webhooks status icons remained grey on delivery.
Image diffs did not load consistently.

Security fixes

MED: Pages repository submodule could access other repositories on the VM.

Upgrade path

Please upgrade your instance to GitHub Enterprise 11.10.317 or later before upgrading to 11.10.343.

11.10.342

Thu, 10 Jul 2014 14:49:16 -0700

Bugfixes

Upgrade could fail due to incorrect process ordering
Upgrade could timeout during database migration
Upgrade could fail when repository data cannot be found
Incorrectly allowed duplicate SSH keys in the Management Console
Gist log files were not rotated
API rate limiting incorrectly enabled

Upgrade path

Please upgrade your instance to GitHub Enterprise 11.10.317 or later before upgrading to 11.10.342.

11.10.341

Mon, 07 Jul 2014 14:23:43 -0700

Bugfixes

Upgrades could fail when using LDAP.

11.10.340 Improvements

This release also includes all features and bug fixes from 11.10.340, including:

New Features

Enterprise Activity Dashboard.
Git bitmap performance improvements.
Better organization and team management.
Mobile line notes and mobile pull request merging.
Two-factor authentication status added to user reports.
Webhooks configuration and customization improvements.
Updated Services UI.
Releases API.
Enhanced OAuth security for SSH keys.
Recent activity audit for authentication credentials.
Auditing for active browser sessions.
Forward secrecy and authenticated encryption ciphers.
Advanced settings for blocking force pushes.
Soft-wrapping and rendered views for prose diffs.
Embedded YAML metadata rendering in prose documents.
Expanded task lists support and nesting in prose documents.
Expanding context in diffs.
Redesigned conversations.
Wikis UI improvements.
Metadata, sitemaps, build feedback, and pagebuild events in Pages.
3D file rendering and diffing.
Added support for go-import meta tag.
Ubuntu's UFW firewall enabled by default.

LDAP improvements

Bugfixes

Improperly displayed information about Git alternate networks on the repository admin page.
Blacklist "network" for user/organization names.
Improperly displayed Mirrors filter on repositories listing.
Inconsistent interface elements displayed when interacting with internal links on custom tabs.
Improperly excluded some system log files from log forwarding.
Error during sign in when LDAP passwords contain accented characters.
Error when creating an LDAP user through the site admin if the login was normalized.
Failed to load LDAP users page when the directory server's size limit was exceeded.

Security fixes

MED: Timing attack vulnerability in Management Console.

11.10.334

Mon, 07 Jul 2014 10:14:48 -0700

Security fixes

CRIT: Improperly standardized user logins could allow users to log in to other user accounts when using GitHub OAuth. Enterprise installations using other authentication methods are not affected.

11.10.333

Tue, 10 Jun 2014 06:40:53 -0700

CCS Injection Vulnerability (CVE-2014-0224)

The ChangeCipherSpec vulnerability in the OpenSSL library allows third parties to perform man-in-the-middle attacks. In other words, if attackers can intercept encrypted network traffic they can decrypt it without their victims knowing.

This attack only works on servers that use OpenSSL version 1.0.1 or later. The version at the client doesn't matter. GitHub Enterprise itself is not vulnerable because it ships with OpenSSL 1.0.0.

However, webhooks might be vulnerable to this attack. If the server that is the target of the webhook is running a vulnerable version of OpenSSL and an attacker can intercept network traffic, they would be able to decrypt the communication.

We care about the security of our customers and therefore decided that even though the risk is minimal the best solution is to issue an update.

Security

MED: Updated OpenSSL to the latest version due to some recently identified security vulnerabilities (OpenSSL Security Advisory (05 Jun 2014)).

Bugfixes

Fixed an upgrade issue that would cause failures when upgrading from versions prior to 11.10.260.

11.10.332

Wed, 23 Apr 2014 07:47:40 -0700

Heartbleed Vulnerability Information

GitHub Enterprise is not (and was not) affected by the Heartbleed vulnerability. The version of OpenSSL included with the appliance is not vulnerable to the attack. Please contact us at enterprise@github.com if we can help elaborate on this in any way.

Security

CRIT: An authorized user could perform remote command execution with specially crafted Git requests.
HIGH: Remote content could be loaded in faceboxes by injecting rel=facebox in user-editable content.
HIGH: Java applications were potentially remotely exploitable (Oracle's April 2014 Critical Patch Update).
MED: A potential regex DoS attack vector existed in the API.
MED: A public repository could be compared to a private fork by an unauthorized user using the API.
MED: YAML URI parsing could allow arbitrary code execution through a heap overflow (CVE-2014-2525).

Bugfixes

A race condition during configuration could prevent some processes from restarting.
Repository size on disk was miscalculated in some circumstances.
Paths were not always properly UTF-8 encoded when using Subversion.
File size limits were too restrictive when using Subversion.
Merging a pull request could introduce repository corruption in some cases.
Web requests to repository pages were not properly redirected when .git was appended.
Users could create repositories via the API that they subsequently couldn't access under some conditions.
The API incorrectly returned a 404 Not Found status in some cases when an incorrect LDAP password was used.

11.10.331

Thu, 20 Feb 2014 15:46:01 -0800

Last month GitHub launched a Security Bug Bounty program, which has been wildly successful in identifying a number of security vulnerabilities ranging from low to critical risk on GitHub.com. To get these fixes to you more quickly, we've pushed the 11.10.330 Feature Release back to 11.10.340. Between now and then, we'll be using the 11.10.33x series for further security/bugfix releases.

This release addresses the following issues:

Security

CRIT: Root exploit vulnerability.
CRIT: Authentication bypass vulnerability for LDAP under certain conditions.
HIGH: Gist vulnerability that could grant access to private repos under a targeted chain attack.
HIGH: Content Security Policy (CSP) bypass vulnerability.
HIGH: Flash Cross Site Scripting (XSS) vulnerability for raw blobs.
HIGH: DOM-based XSS + CSP bypass vulnerability.
MED: JSONP callback vulnerability that could result in arbitrary Flash execution.
MED: OAuth URL parsing open redirect vulnerability.
MED: Vulnerability where raw gist content could be viewed without authentication for public gists when Private Mode was enabled.
LOW: Issue where the dotcom_user session cookie wasn't being removed on logout.
LOW: Open redirect vulnerability.
LOW: SSH key audit verification CSRF vulnerability.
LOW: Contributor Graph XSS vulnerability.
LOW: OAuth URL parsing path traversal vulnerability.
LOW: Login open redirect vulnerability.
LOW: OAuth subdomain bypass vulnerability.
LOW: Java updated to pull in a variety of security and bug fixes.

General

ghe-user-demote was demoting admins improperly (they still lost admin privileges).
The audit.log file was unreadable by the admin SSH user.

GitHub

Pull request mergeability checks were failing under some conditions when opening new pull requests.
System emails being sent to a user with no primary email set would cause an error.
Exceptions weren't being reported properly in some cases.
Audit log data wasn't being printed as valid JSON.

Authentication

The first LDAP user who logged in wasn't being auto-promoted to Site Admin if no Admin Group was specified.
Not all errors were displayed if any were encountered when a user first signed in under LDAP.
GitHub for Mac would fail to authenticate properly if Private Mode was enabled.
GitHub for Mac would fail to authenticate properly with user logins that had to be normalized (e.g., had a period or underscore in them).

Git

Git push performance regression affecting repositories with large numbers of refs (branches/tags).

API

API scope validation issue producing false positives.

11.10.329

Thu, 09 Jan 2014 14:29:33 -0800

Security

HIGH: Fixed a vulnerability affecting Pages that would allow arbitrary file reads and writes on the installation.

General

Fixed a bug where Pull Request merge status checks were failing in some cases when opening a new Pull Request.

Authentication

Fixed a bug where invalid data in LDAP mail attributes would prevent new user accounts from being created.

11.10.328

Wed, 18 Dec 2013 10:26:29 -0800

General

Fixed a bug where editing files in the web editor using Safari under Mavericks resulted in the cursor being displayed incorrectly.
Fixed a bug where migrating from older releases would trigger errors during the configuration process.
Fixed a bug where viewing a user's comments in the Admin Tools dashboard would throw a 500 if a Gist comment was included.
Fixed a bug that could cause race conditions when attempting to merge pull requests that would result in a 500 error.
Removed rate limiting options from the OAuth application settings as rate limiting is globally disabled on Enterprise.
Fixed a bug where gravatars continued being displayed on repository network graphs even when they were disabled.
Fixed a bug where pull requests that were far behind their head ref would be incorrectly closed automatically.
Fixed a bug where a branch could be deleted from a merged pull request when another open pull request was using it as its base.
Suspended users now get see the email address of the GitHub Enterprise administrator, if they've added it in the settings.
Fixed a bug where the support bundle was attempting to include a non-existent directory.
Fixed a bug where the configured support email wasn't being used on the maintenance page.
Fixed a bug where ProTips for GitHub.com where being shown instead of the ones specific to GitHub Enterprise.
Added support for large cookies (up to 32 kb) to better support highly proxied environments.

Authentication

Fixed a bug where the All LDAP users section of the Admin Tools dashboard would yield a 500 error under some conditions.
Fixed a bug where login errors due to not being in an allowed LDAP group were not distinguished from incorrect credentials at login time.
Fixed a bug where multiple attempts at creating LDAP user emails were being made on initial login resulting in an error.
Fixed a bug where a 500 error could occur if none of the restricted LDAP groups were found.
Fixed a bug where the LDAP configuration test wasn't limiting its user search to the specified groups.

Gist

Fixed a bug where navigation links weren't respecting the custom appliance hostname.
Fixed a bug where embedded gists weren't rendering properly.
Fixed a bug where viewing gists in IE11 would result in a 422 Unprocessable Entity browser error.
Fixed a bug where previewing comments in gists would fail.
Fixed a bug where the Google Analytics code for GitHub.com was being included in gist pages.

11.10.327

Wed, 04 Dec 2013 15:17:14 -0800

Security

CRIT: Updated Java and other system packages to address critical vulnerabilities.
CRIT: Updated Ruby to protect against a buffer overflow vulnerability.
CRIT: Fixed a bug where a user could craft a special request that would allow arbitrary command execution on the appliance.
HIGH: Updated git for 32-bit and 64-bit installs to prevent a buffer overflow under some conditions.
HIGH: Kernel updated to prevent an exploit where an SSH user on the appliance could potentially gain elevated root permissions.
HIGH: Fixed a bug in the API that would allow for brute force password guessing.
HIGH: Updated Gist to address new Rails security vulnerabilities.
LOW: Fixed a bug that allowed users to inject LDAP filters into the username field on the login page.
LOW: Fixed an issue where a Gist's content wasn't filtered correctly and therefore appeared in the log files.

11.10.326

Mon, 28 Oct 2013 11:05:29 -0700

Bugfixes

Fixed an issue that occurred under specific conditions that caused erroneous LDAP validation errors which prevented settings from being changed in the Management Console.
Fixed an issue that caused Gists to display error messages when browsed to if they had been commented on.
Fixed an issue where the email service hook wasn't respecting the TLS SMTP option configured for the installation.
Fixed a bug where moving a block device that had previously been used on another installation and attaching it to a new installation would result in any data it contained being deleted.
Fixed a bug where Reports being generated would include partial datasets under some conditions.
Fixed a bug where Gist indexing was occurring in-line during upgrades rather than in the background, which caused some upgrades to fail due to a timeout.
Re-enabled "Detach from network" option for repositories in the Admin Tools dashboard.

11.10.325

Thu, 17 Oct 2013 15:23:50 -0700

Security

LOW: Fixed a bug where service hook delivery lists were accessible to unauthenticated users on publicly accessible installations. No customer data would have been accessible from this page.

Bugfixes

Fixed a bug where email service hooks weren't delivering mail properly for installations with SMTP Authentication set to "none".
Fixed LDAP issues related to bases and groups not validating properly in some cases when attempting to save settings or test.
Fixed a bug where teams added as collaborators on repositories were showing up twice. To fix cases where this is already present, remove and re-add the team.
Re-enabled the public push option for repositories.
Fixed a bug where the ghe-es-reindex utility wasn't applying to all search indexes.
Removed the ghe-es-reset utility since its functionality has been superseded by ghe-es-reindex.
Fixed a bug where archives weren't building properly for private repositories.
Fixed a bug where the Gist API was providing an incorrect URL for raw files.
Fixed a bug where re-authorization prompts were happening when adding users to teams under CAS authentication (where re-authorization prompts don't work).
Fixed a bug where use of non-https image URLs in Gist was resulting in broken images.
Fixed a bug where two-factor authentication wouldn't work properly with GitHub for Mac when using the GitHub OAuth authentication option.
Fixed a bug where users with disallowed characters in their LDAP username (which are converted to dashes ordinarily) couldn't log in using GitHub native clients.
Fixed a bug where Pages sites weren't being properly renamed after a user or organization was renamed.
Fixed a bug where a variety of errors were showing up due to users not having a primary email set.
Fixed a bug where HTML tables weren't being rendered properly in inline comments.
Fixed a bug where services weren't always being restarted as they should after configuration runs. This resolves an issue with hostname updates when viewing service hook deliveries and viewing gists when private mode is disabled.
Fixed a bug where the "All Gists" link was no longer being displayed in Gist.
Fixed CSS rendering issue on the Explore page.

11.10.324

Mon, 23 Sep 2013 18:08:36 -0700

Security

CRIT: Fixed a vulnerability that would allow an individual to login as any user under LDAP authentication. Other methods of authentication and releases prior to 11.10.320 are unaffected.

11.10.323

Fri, 20 Sep 2013 11:29:57 -0700

Enhancements

Added a banner to remind users to add an email address if they don't have one.

Bugfixes

Fixed a bug where disk usage units in the admin stats bar are wrong.
ElasticSearch cluster status was incorrectly displayed as 'yellow'.
Fixed a bug where email service hooks weren't delivering emails properly.
Fixed a bug where saving settings in the Management Console doesn't work if SSL is enabled.
Fixed a bug where GitHub OAuth authentication caused a redirect loop at login.
Fixed a bug where previewing a wiki page would throw a 500 error.
Fixed a bug where public repos were showing up with private repo styling.
Fixed a bug where the signout confirmation page wasn't mobile friendly.
Fixed a bug with database migrations that affected really old installations upgrading to the latest version.
Fixed a bug where pushing to a gist using git over http(s) would throw an exception in the post-receive hook.
Fixed a bug where wiki spam check jobs were queueing mistakenly and never processed.

11.10.322

Mon, 16 Sep 2013 00:12:51 -0700

Security

MOD: Fixed a bug where passwords weren't being filtered properly when an exception occurred while logging in.

Bugfixes

Fixed a bug involving the two-factor authentication configuration. Note that this will invalidate 2FA for accounts where it's enabled. Use Forgot Password workflow to re-enable affected accounts.
Fixed a bug where Gist would throw a 500 error under some conditions when an SSL certificate was installed.
Fixed a bug where old style Gist URLs weren't redirecting properly.
Fixed a bug where LDAP logins were breaking when using SSL encryption.
Fixed a bug where LDAP groups weren't behaving as expected with some LDAP server variants.
Fixed a bug where LDAP searches weren't filtering as expected with some LDAP server variants.

11.10.321

Fri, 13 Sep 2013 10:20:20 -0700

Bugfixes

Fixed a bug that was preventing notifications from sending properly.
Fixed a bug that was causing upgrades to fail if you were using GitHub OAuth authentication.
Made some adjustments to the LDAP Users view to help it work better under some LDAP implementations.

11.10.320

Fri, 13 Sep 2013 06:56:18 -0700

New

LDAP Group Authentication
Collectd Monitoring
Two-factor Authentication
Mobile Views
New Gist
Releases
Repository Next UI Refresh
Identicons
New Explore & Trending Views
Code Search API
Checking out Pull Requests
OAuth Improvements
Explore Everyone's Stars
Deleting files on GitHub
Task Lists in Gist
Repository redirects
File Size Limits (note: no pushes are rejected currently)
Improved Service Hook Backend

Enhancements

Upgraded git to v1.8.4. This should fix some repository corruption issues caused by git race conditions.
Removed solr (all searching is now uses ElasticSearch).
Admin CSV reports are now only cached for an hour (down from 24 hours).

Additional information is available here.

11.10.317

Wed, 21 Aug 2013 14:09:51 -0700

Enhancements

Updated server-side gitconfig to remove the packSizeLimit. This should result in better performance for very large repositories.
Added stale .keep file check to ghe-cleanup-repos.

Bugfixes

Fixed an issue where service hooks sending payloads to external services using self-signed SSL certificates would fail silently.
Fixed an issue where attempting to upgrade an expired license resulted in a 403 error.
Fixed an issue where uploading new license files would sometimes result in 401 unauthorized errors.
Fixed an issue preventing email addresses with apostrophes in them from working properly.
Fixed an issue where the URLs provided by the root API URL were incorrect.
Fixed an issue that caused the /applications API endpoint to fail when Private Mode was enabled.
Fixed a bug where the admin SSH .profile wasn't being managed which could lead to a broken PATH.
Fixed a bug where an organization's ATOM feed was inaccessible when running the appliance in Private Mode.
Fixed a bug affecting image asset uploads in issues and pull request comments that were made by pasting an image from the clipboard.
Fixed an issue where some MySQL imports using ghe-import-mysql would fail with max_allowed_packet errors.
Fixed an issue that would cause networking issues for some OVAs after being cloned.
Fixed a bug where admin SSH public key fingerprints weren't matching ssh-keygen -lf output.
Fixed a bug where nodeload archives were being exported with repositories when using ghe-export-repositories.
Fixed a bug in the Management Console API that prevented settings updates from working in some cases.
Fixed a bug where UTF-8 encoding errors would prevent license installation under some conditions.

11.10.316

Mon, 08 Jul 2013 10:19:52 -0700

Bugfixes

Fixed a bug where changes to SMTP settings weren't being properly applied to all processes.
Fixed a bug where user and organization Pages sites weren't being built properly.
Fixed a bug where reports would time out on large installations.
Fixed a bug where Language rankings weren't being calculated or displayed properly.
Removed GitHub.com-specific error message for git protocol operations when the maintenance page was up.
Removed ghe-import and ghe-export meta utilities that were broken and shouldn't be used over the more specific ghe-{import,export}-* utilities.
Indexing of /setup/* by search indexing robots is now prevented.
Fixed a bug where a race condition could occur when uploading a GHP via the Management Console API that would cause the GHP to be deleted before it was unpacked.
Fixed a bug where an unnecessary post-receive hook would cause --mirror git push operations for repositories with large numbers of refs to take extremely long.
Disallowed http clones for CAS authentication and hid http cloning URLs in the UI (http authentication doesn't work under CAS authentication).
Updated ghe-cleanup-repos utility to detect zero byte ref files and fix them when possible.
Fixed a bug where the owner email address would always show up as nil in webhook API payloads if the owner was an organization.
Fixed a bug where the embed URL of a gist was shown html escaped.
Fixed a bug where password reset notification emails were referring to GitHub.com.
Fixed a bug where the Enterprise Stats API wasn't returning the correct count of suspended users.
Fixed a bug that caused migrations from GitHub:FI to fail during the database migration.
Log forwarding now includes auth.log and production.log files in the stream.
Removed "Email" wording from the Pages generation notification.

11.10.315

Wed, 05 Jun 2013 12:33:24 -0700

Enhancements

Added the ability for users to add notes to OAuth tokens created via the web UI.
Added the ability to cleanup zip/tarball archives and repositories in purgatory via ghe-cleanup-caches.

Bugfixes

Fixed some bugs involving switching repository storage from using the root filesystem to a block device.
Fixed an issue where LDAP authentication using SSL could break when updating settings.
The "search" username is now reserved.
Fixed a bug where service hook payloads could be truncated if they contained multibyte characters.
Fixed a bug where the ghe-cleanup-repos utility threw errors when trying to cleanup repositories that were in the database, but not on disk.
Re-added the solr-related utilities for gist.
Fixed a bug where GitHub OAuth settings were being left out of diagnostics output.
Fixed a bug where ghe-export-pages wouldn't provide any feedback when no pages data existed.
Fixed a bug where dormant users weren't showing up properly in Reports and Dormant Users listing.

11.10.314

Thu, 16 May 2013 15:50:51 -0700

Enhancements

Users can now generate OAuth tokens via the web UI in the Account Settings > Applications area.

Bugfixes

Fixed a bug that prevented Pages from being generated properly.
Fixed a bug where issue and pull request notification status information disappeared for past notifications in the web UI.
Fixed a problem that prevented the configuration run from completing on a new VM when adding a new repository block device.
Fixed a problem where the last configuration step would show as completed before the run was actually done.
Fixed a bug where users weren't being considered dormant if they had private repositories.
Fixed a bug where changing certain settings could break images and formatting under some conditions.
Removed "Open Source" wording from Contributions graph.

11.10.313

Fri, 10 May 2013 14:11:26 -0700

Bugfixes

Fixed a bug preventing service hooks from firing properly.
Resolved some problems in 11.10.312 related to internal build issues.

11.10.312

Thu, 09 May 2013 17:14:13 -0700

Enhancements

Added checks to fail early if a GHP is uploaded for the wrong architecture.

Bugfixes

Increased unicorn failed timeout for Management Console to avoid some timeout errors.
Fixed a bug where SSH pushes were failing with 0x06 errors under some conditions due to timeouts.
Fixed a load order issue that caused upgrades to fail with certain sets of configuration settings.
Fixed a bug involving javascript error handling on the Management Console upgrade page.
Fixed a bug where the "Sync Pull Request" link in the Admin Tools repository facebox would 404.
Fixed a bug where the Suspended users view would throw 500 errors.
Fixed a bug where some post-receive hooks would throw encoder errors.
Fixed a bug where downloading a repository report would lead to a 500 error under certain conditions.

11.10.311

Wed, 08 May 2013 02:23:52 -0700

Bugfixes

Fixed bug causing a LoadError during git clone and push operations.

11.10.310

Wed, 08 May 2013 02:23:46 -0700

Security

CRIT: Fixed potential authentication bypass in the Management Console.
MOD: Fixed privilege escalation vulnerability due to world writable executable.
LOW: Session cookie expiration time lowered to 1 week.

New

Enhancements

Upgraded git to v1.8.1.6.
Added ElasticSearch disk usage information to diagnostics.
Removed git-daemon max connections limit.
Increased MySQL innodb_buffer_pool_size from 8MB to 128MB.
Added better sysctl defaults and the ability to customize them (see /etc/sysctl.conf for details).
Added access to some limited sudo capabilities (netstat, kill, lsof, tcpdump, strace, tail, grep, shutdown).
Added timeout cache clearing to "Clear Page Cache" functionality in Admin Tools facebox (hit backslash while viewing a repo).
Added new Reports section in the Admin Tools dashboard to download CSV reports of users, organizations, and repositories.
Added the ability to bulk suspend dormant users.

Bugfixes

Site Admins can now create wikis without disabling admin mode.
In-repo source code searches for public repositories would throw 404 errors.
Importing from MySQL backups taken prior to 11.10.300 could prevent logins from working if a configuration run wasn't performed.
ElasticSearch indexes weren't being properly created under some conditions. This release will perform a full reindex.
Ignore whitespace in diffs wasn't working as expected.
Customer license information wasn't being displayed in diagnostics output.
Logging out under CAS authentication wasn't working.
Display issues on the license expiration page.
An interrupted upgrade could put the install in a bad state.
Upgrading would sometimes throw a 500 error while uploading the new GHP.
Exporting/importing ssh authorized keys raised an error.
Caching wasn't being properly cleared when gravatars were enabled, the hostname was changed or SSL was enabled.
Gravatars stopped showing up properly even when email addresses were present.
Some process monitoring-related issues would sometimes prevent git-daemon from starting properly after upgrades.
Submodules living on GitHub.com would be linked to as if they were local.
Some cookies were not being set to HttpOnly.
Deleting an organization was failing.
Downloading support bundles would sometimes throw 500 errors preventing them from being downloaded via the web UI.
Pull requests from forks defaulted the target branch to master rather than the corresponding upstream branch.
Timeouts when opening pull requests resulted in a 500 rather than a more user-friendly error message.
User to Organization conversions were throwing a 500 error, making it impossible to convert a user to an organization.
Unlocking private repositories as a site admin now works as expected.

Additional information is available here.

11.10.302

Mon, 11 Feb 2013 18:17:00 -0800

Security

Fixed Rack::Session::Cookie timing attack vulnerability (CVE-2013-0263)
Fixed unsafe object creation vulnerability in JSON (CVE-2013-0269 | more info)
Fixed unsafe YAML attribute serialization vulnerability (CVE-2013-0277 | more info)

Bugfixes / Enhancements

Upgraded git to our latest custom build, fixing some issues with refs going missing under certain conditions.

11.10.301

Thu, 07 Feb 2013 19:41:14 -0800

New

Additional CLI utility:
- ghe-ssl-ca-certificate to install custom root CA certificates.
Added ability to authenticate against Management Console API via Basic Auth.
Added new complete parameter to the configure Management Console API call to force a full configuration.

Bugfixes / Enhancements

Fixed a bug where hitting back while viewing files in the file browser didn't work.
Site Admin users will no longer show up as GitHub Staff.
Enabling and disabling Gravatars will now flush memcached to ensure no cached avatars remain.
Fixed an ohai error that showed up when generating a Support Bundle via ghe-support-bundle.
Fixed a bug where switching Repository Storage from using the root filesystem to a block device failed to migrate repositories that were already on disk.
Fixed a bug where unrecognized or invalid SSH authorized keys for the admin user could cause the Management Console settings page to throw 500 errors.
Fixed a bug where uploading new GHL licenses through the web UI wasn't properly updating the license information on the appliance.
Fixed a display bug where the tease commit above the repository file tree displayed the author as "Unknown" if the author email wasn't associated with an existing user.
Fixed a configuration issue where image assets wouldn't load properly if the hostname was changed.
Fixed an LDAP bug where the underlying LDAP library would sometimes emit a packet with a zero-length control sequence, which would result in an LDAP Protocol Error. This only affected some LDAP servers (ActiveDirectory was not affected).

11.10.300

Thu, 31 Jan 2013 09:27:47 -0800

New

Viewing Past Contributions
Zen Writing Mode
Closing Issues via Commit Comments
Improvements to Code Search
View Long-running Pull Requests
Task Lists
Create and delete branches
Restore deleted branches from Pull Requests
Contributions
More Transparent Clipboard Buttons
Issue Autocompletion
Issue Attachments
Create files on GitHub
Delete merged branches from Pull Requests
Removed Impact Graphs
Command bar autocompletes stars
Repository Archives
Improved speed of configuration runs significantly
Management Console API
Repository restore capability
Support for multiple admin SSH keys
Search Indexing API
System preflight checks before upgrades
Additional export/import utilities for a more complete backup

Bugfixes / Enhancements

Major overhaul of Admin Tools dashboard.
Dropped support for IE 7/8.
Fixed longstanding hostname verification bug.
Fixed many pull request creation timeout issues.
Improved performance of file listing on repos.
Updated ghe-export-mysql so it no longer locks tables.
New CLI Utilies:
- ghe-es-status for detecting and fixing common ElasticSearch issues.
- ghe-es-reindex for reindexing all items in ElasticSearch.
- ghe-check-disk-usage for finding large files consuming space on the root volume.
Added better error checking to ghe-user-{promote,demote} and ghe-user-{suspend,unsuspend} utilities.
Git pull/clone operations will now be logged to the audit.log file.
Anonymous git pull/clone operations will now log the real ip performing the operation.
Added a more informative error when the root volume runs out of space while upgrading.
Renamed the repository admin area to "Settings".
Updated the process monitoring configuration to help make it more reliable.
Fixed a bug where a 405 http status code was received if someone was POSTing while maintenance mode was enabled.
Fixed a bug where installations could get stuck in a bad state if an upgrade failed partway through.
Added audit logging for site admin and suspension changes for users.
Added the ability to delete users who are members of orgs (so long as they aren't the sole owner).
Updated to latest linux-generic-pae kernel. [requires VM reboot to take advantage of upgrade]
Removed "Page build successful!" notifications for Pages.
Fixed bug where the incorrect hostname was being used in Test Emails.
Fixed bug where hitting escape in a commit comment would cause anything written to be lost.

Security

Fixed a JSON related vulnerability (CVE-2013-0333)

Additional information is available here.

11.10.293

Wed, 09 Jan 2013 17:46:32 -0800

Security

Fixed an issue where SSL aNULL ciphers were still being allowed in some cases.
Fixed a potential XSS security vulnerability where search results were being evaluated in-line for repository source code searches.
Disabled asciidoc rendering due to a potential security vulnerability.
Disabled XML response parsing to handle a potential Rails YAML unmarshaling exploit.
Fixed an ActiveRecord dynamic finder vulnerability.
Hardened sshd_config permissions.

11.10.292

Wed, 28 Nov 2012 10:11:05 -0800

Security

Code search previews will no longer be evaluated inline.

Bugfixes / Enhancements

Audit log entries will now be made via background job.
The Email Test will now use the new notification headers.
Added validation for No-Reply and Support Email addresses.
Added the ability to specify the broadcast address for static IP configurations to prevent 0.0.0.0 default. (VM restart required)
The header will no longer be displayed twice when renaming a repository.
'help' will now work as expected in the command bar.
Image files will no longer cause a 500 error when checking out via SVN with some clients.
Fixed a bug where the last digit of some static IP configurations wasn't being displayed.
DHCP will no longer override manually assigned DNS nameservers.
Elastic Search index checks will no longer take 10 minutes to timeout.
Email Test errors will now be displayed properly.

11.10.291

Thu, 01 Nov 2012 16:51:02 -0700

Bugfixes / Enhancements

Fixed an issue that prevented some installations from upgrading successfully due to a rsyslog dependency issue.
Fixed an issue causing some installations to fail while attempting to install the elasticsearch package.
Fixed some non-critical module load errors that surfaced when rebooting after having upgraded to 11.10.290.
Fixed an issue where elasticsearch wasn't binding to all ports as expected under some conditions.

11.10.290

Wed, 31 Oct 2012 11:38:50 -0700

New

Maintenance Mode
Audit Logging
Searching & Filtering Stars
Contributing Guidelines
Command Bar
Launch Page
New User Profile Page
OAuth Cloning (built-in authentication only)
Emoji Autocomplete
Last Commit Per Directory
Notifications API
Close and Merge Notifications

Bugfixes / Enhancements

Improved code, user, and repository search backend.
Disabling gravatars now properly affects the contributors graph as well.
The VM hostname will no longer return to the default of "github-enterprise-11-10" after reboots.
The ghe-cleanup-repos utility will no longer incorrectly identify gists and wikis as deleted repositories.
Fixed some truncation issues with really long repository names.
LDAP connection testing is now available in the Management Console.

Additional information is available here.

11.10.284

Wed, 17 Oct 2012 15:00:54 -0700

Bugfixes / Enhancements

Email confirmations are no longer sent when a user deletes their own user account.
Content Security Violation errors will no longer occur when browsing to the site as an admin user when using Firefox.
Rsyslog will now reload settings properly when log forwarding options are changed.
The admin stats API will now report accurate numbers for repo counts.
Fixed a bug where license expiration warnings were not showing up as expected in all cases.
Fixed a bug in the JIRA service hook that prevented it from working as intended.
Fixed a variety of SVN-related errors encountered when using the SVN bridge.
Fixed a bug where the API would return https URLs regardless of the SSL settings of the installation.
Fixed a bug in the ghe-cleanup-repos utility that was causing it to identify all gists as bad repositories.

11.10.283

Wed, 03 Oct 2012 08:55:44 -0700

Bugfixes / Enhancements

Fixed a bug that prevented the SVN bridge from starting properly.
Fixed a long-standing issue that would cause successful configuration runs to incorrectly display as failed under certain conditions.

11.10.282

Mon, 01 Oct 2012 19:42:21 -0700

New

No-reply and support email addresses are now configurable.

Bugfixes / Enhancements

Performance improvements
- Resque worker counts are now scaled based on CPU rather than memory.
- Memcached max cache size is now greatly increased for installations with 12GB or more of memory.
- Future upgrades will now consume much less memory.
- Number of web processes serving the Management Console has been reduced.
- Repository network graphs are no longer built after every git push.
SVN commits will now work as expected.
Fixed an issue where GitHub would sometimes become unresponsive after upgrading or saving settings.
The email notification beacon will now properly mark notifications as read when Private Mode is enabled.
Atom feed URLs will now work in Private Mode.
Fixed an issue where failed upgrades would cause the Management Console to redirect to /setup/start.
Fixed an issue where ghe-reindex was failing to execute properly.
The Management Console will create a session as expected now (i.e., it won't require an unlock every time it's browsed to).
404s occurring during a fresh installation will now properly show up as a 500 error.
Requests to api.[hostname] and gist.[hostname] will no longer be automatically redirected to [hostname].
Fixed a bug where ghe-dbconsole utility wasn't working as expected.
/setup/diagnostics and ghe-diagnostics utility will take less time to execute.
User-to-user repo transfers will happen as expected now.
Email service hook will now use the appropriate domain name.
Fixed a bug where organization creation was being prevented when at the license seat limit.
Fixed a bug where gist comment previews weren't working properly.
The default gravatar image used for users who don't have a gravatar will work as expected now.
Upgraded git to 1.7.10 (the same version used on GitHub.com).
Updated the ghe-cleanup-repos script to handle empty repo directories.
Fixed an upgrade issue that would cause failures while attempting to install the god gem.

11.10.281

Tue, 11 Sep 2012 17:54:13 -0700

Bugfixes / Enhancements

Fixed an issue that caused some valid GHL licenses to fail to unlock the Management Console for an installation, displaying a "license mismatch" error.
Fixed a timeout issue while uploading GHPs – after installing this release there should be fewer errors immediately following upload of a new GHP package.

11.10.280

Mon, 10 Sep 2012 09:25:38 -0700

New

SVN Bridge
Log Forwarding
Notifications & Stars
HTML Notification Emails
Friendlier Edit & Delete Actions
New Enterprise Header Design
Sticky Protocol Selection
New CLI Utilities
- ghe-vm-reboot – reboot the appliance from the CLI if you don't have hypervisor access
- ghe-repos-repair – find repositories that need permission changes and fix them
- ghe-install-virtualbox-tools – install VirtualBox Guest Additions

Bugfixes / Enhancements

All requests to installations that don't use the hostname specified in the Management Console will automatically get redirected to the configured hostname.
Fixed a bug where the ghe-export-redis utility was generated corrupt backups.
Fixed a bug where disk usage for the repositories block device wasn't being exported by SNMP.
Fixed problem where search indexing background jobs could pile up causing degraded performance for installations.
User-to-user repository transfers should now work as expected.
Fixed a bug where long issue labels were getting truncated prematurely.
Adjustments were made that should help decrease load when there are large numbers of active SSH connections.
NTP will no longer hang indefinitely during configuration runs if the NTP servers are unreachable.
Renaming a repository will now properly rename its associated wiki.
OpenSearch now references the specified hostname rather than github.com.
Filenames with multiple periods in their name will no longer cause errors.
All user agents are now allowed in the robots.txt file.

Additional information is available here.

11.10.273

Tue, 24 Jul 2012 21:57:14 -0700

Bugfixes / Enhancements

Fixed an issue that caused HTTP clones to fail under some conditions.
Fixed a problem that was causing upgrades from older releases to fail.
Fixed a bug in the ghe-cleanup-repos utility where affected repos weren't being deleted from the database.

11.10.272

Thu, 05 Jul 2012 13:07:05 -0700

Bugfixes / Enhancements

Fixed a bug that caused errors during the upgrade process under some conditions. If you've successfully upgraded to 11.10.271 already, then this bug does not affect you.

11.10.271

Thu, 28 Jun 2012 10:48:34 -0700

New

Added ghe-time-sync utility to force a one-time large time correction.
Added ghe-cleanup-repos utility to cleanup failed repo forks, empty wiki repos, and repos that failed to delete for customers affected by the background job bug mentioned below.

Bugfixes / Enhancements

Fixed a bug that caused background jobs to fail after upgrading under some conditions (introduced in 11.10.270).
Fixed an issue that caused errors at the end of configuration runs (this did not impact the outcome of the configuration run).
The ghe-user-csv utility will now always output all fields. Added repository count, ssh key count, and organization membership count columns. Use -h flag to view new options.
Changes to prevent failed configuration runs due to certain processes failing to restart immediately.
Corrected a number of places where GitHub.com-specific email addresses and URLs were hardcoded.
Fixed a bug that caused an error when deleting organizations from the Admin Tools dashboard.

11.10.270

Wed, 06 Jun 2012 11:45:42 -0700

New

Octicons
Team Mentions
README Section Links
Configurable Time Zone & NTP Settings
Ability to Disable Gravatars
Improved Configuration Page
Additional CLI Utilities
- ghe-user-suspend / ghe-user-unsuspend
- ghe-logs-tail
- ghe-diskusage (passes arguments to du command as root)
- ghe-repo-reindex

Bugfixes / Enhancements

SSL certificate validation improved.
User-to-organization conversions now work as expected.
Improvements to the ghe-user-csv and ghe-grow-root utilities.
Renaming a user will now rename corresponding directories on the filesystem as well.
Better error messaging in the Management Console.
Fixed an infinite redirect loop during configuration that would occur under some conditions.
Long-running network graph generation should no longer block other background jobs.
Fixed an issue that would cause search indexing to fail when issues contained no body.

Additional information is available here.

11.10.262

Fri, 11 May 2012 12:16:10 -0700

Bugfixes / Enhancements

Fixed a bug that caused errors when forking repos or adding collaborators.
Rally service hook has been added.
Refinements to the ghe-grow-root script (new syntax -- use -h flag for more info).

11.10.261

Wed, 02 May 2012 15:11:16 -0700

Bugfixes / Enhancements

Fixed a bug where admin SSH access wasn't enabling properly under some conditions.
Fixed a bug with the ghe-user-csv utility that prevented printing only non-admin users.
Fixed a bug in the ghe-solr-recreate utility that prevented it from reindexing properly.
Fixed a service hook bug that caused hooks with custom names to break. This fixes the Jenkins service hooks.

11.10.260

Tue, 01 May 2012 10:10:03 -0700

Security

aNULL SSL ciphers are no longer allowed.
Added CSRF protection to Gists (this will break creating gists by POSTing directly to /gist -- please use the API).

New

Bugfixes / Enhancements

CAS authentication fixes and enhancements.
Custom DNS nameservers are now always enabled. This fixes a bug where custom DNS nameservers entered at the console prompt could get disabled unintentionally on first setup. By default, it will try to use Google Public DNS nameservers.
Fixed an issue that would sometimes cause 404s when uploading new GHPs.
Fixed a bug that would result in an infinite redirect loop during initial setup under certain conditions.

11.10.259

Wed, 04 Apr 2012 09:13:35 -0700

Bugfixes / Enhancements

Fixed an issue where the Orgs tab in the Admin Tools dashboard wasn't loading properly.
Fixed a caching issue related to the header buttons and using the Fake Login feature.
Improvements to help prevent the git-daemon from causing configuration runs to fail in some cases.
The Fork Queue has been removed (details here).

11.10.257

Fri, 30 Mar 2012 11:33:06 -0700

Bugfixes / Enhancements

SSH key add password confirmation will now also prompt for username when using LDAP authentication.
Admins who test other accounts using the Fake Login feature can now resume their admin session by logging out.

11.10.254

Tue, 20 Mar 2012 16:49:49 -0700

Bugfixes / Enhancements

Fixed a bug that prevented trial installations from inviting users.
Fixed a bug that resulted in an "unrecognized command" error when push/pulling (only existed on 11.10.253 release).

11.10.252

Sat, 17 Mar 2012 14:37:59 -0700

Bugfixes / Enhancements

Fixed a bug where the Invite User form wasn't working properly for Built-in Authentication.

11.10.251

Thu, 15 Mar 2012 23:50:26 -0700

Bugfixes / Enhancements

SSH key password confirmation will now work with LDAP and CAS authentication.

11.10.250

Thu, 15 Mar 2012 13:51:57 -0700

Security

Nginx security vulnerability fixed. Details here.
SSH Key Audit feature added. Details here.
Adding new SSH keys will now prompt for a password and send an email notification.

New

OAuth Application Enhancements

Bugfixes / Enhancements

Organization links in Account Settings now use the correct domain.
Transferring a repository will no longer cause its wiki to disappear.
Fixed bug that prevented GitHub:FI migrations from completing under some conditions.

11.10.240

Wed, 07 Mar 2012 00:45:52 -0800

Security

Vulnerability in the SSH public key update form fixed. Details here.

New

Bugfixes / Enhancements

Logs are now being rotated. Please click here for more details including how to retain all existing logs.
Significant performance increases for VMs with more than 4GB of memory (NOTE: reboot required to take advantage of this).
Suggested minimum memory requirements are being increased to 8GB as of this release.
Email service hook now works with more SMTP server configurations.
User profiles will now save properly under LDAP and CAS authentication.
Growing the filesystem of the attached repository storage is now possible. Instructions are available here.
Admin interface improvements
- On initial setup the first LDAP or CAS user that logs in will automatically be promoted to Admin status now.
- Admin Tools dashboard now has separate tabs for Users and Organizations.
- Invite User tab now hidden in Admin Tools for LDAP and CAS authentication.
- Admin Tools link now shows up properly for users who are promoted to Admin status.
Reset password and change username options are now hidden under LDAP and CAS authentication.
SSH connection limit has been increased significantly.
Configuration runs now give feedback when they fail and link to logs.
Various UI and performance enhancements.

11.10.205

Thu, 09 Feb 2012 19:03:45 -0800

Bugfixes / Enhancements

Fixed a bug where some background jobs were not being processed under certain conditions.
Another fix related to configuration runs without internet access.

11.10.195

Wed, 08 Feb 2012 22:18:26 -0800

Bugfixes / Enhancements

Fixed an additional bug related to configuration runs without internet access.

11.10.179

Tue, 07 Feb 2012 21:24:28 -0800

New

Admin stats API is now available.
The root disk for Enterprise installs created with the new OVA will now default to 75GB when using VMware ESXi.

Bugfixes / Enhancements

Installations without internet access will now complete the configuration process after Management Console saves.
Fixed a bug causing the search service (Solr) to crash on new installs.
Signup link is no longer available in the header when using LDAP authentication.
Clippy flash widget will no longer burn CPU cycles with many commit pages open.
Milestones and assignees added to Pull Requests.
Admin stats bar now displays breakdown of page load time and root disk usage information.
Various UI and performance enhancements.

11.10.143

Tue, 17 Jan 2012 11:44:32 -0800

New

GitHub Pages feature now available. CNAME files and user subdomains are not supported.

Bugfixes / Enhancements

Problem with console prompt and configuration fixed (this is why 11.10.135 was yanked).
Network graph will now show a much larger range of commits for repos with long histories.
SSL certificates with passphrases or in unsupported formats will no longer be accepted.
PivotalTracker service hook now supports on-premise Tracker installs.
UI enhancements for user dashboard and repository/README views.
Reparent Admin Tool feature for repositories is now enabled.

Security / Maintenance

Additional log filtering was added.

11.10.112

Wed, 28 Dec 2011 15:35:06 -0800

API authentication now works properly under LDAP.
LDAP connections will no longer stop working after short periods of time.
Fixed a slow connection problem for SSH git operations caused by a configuration issue.
Fixed a bug with network graphs that prevented hover information from showing over a commit.
Fixed an issue with SMTP email tests that kept successful tests from logging debug output.

11.10.104

Wed, 21 Dec 2011 23:36:57 -0800

New skinny header integrated.
Fixed a bug with moving repositories from users to organizations. If you experienced this issue, contact support to find out how to get your repository back in a good state so you can take advantage of this fix.
Fixed a bug where some pull requests or commit views were generating 500 errors.
Fixed a code indexing issue with search. Code results should now show up in searches. Keep in mind that code, users, and repos are indexed periodically rather than immediately after they're created. If it doesn't show up immediately, wait for 20-30 minutes or so and it should show up.
A checksum is now performed on GHP files after they've been uploaded to the Management Console to detect in-transit corruption.
Added additional SMTP debug logging when sending test emails in the Management Console. Note that this logging only shows up if the message was not sent successfully.

11.10.87

Mon, 12 Dec 2011 16:35:04 -0800

Block storage devices now mount properly after reboot.
Fixed a bug with switching from Root Filesystem to Block Device storage
that caused the root filesystem backup to attempt to run on every
configuration.
Fixed a variety of SMTP configuration issues.
Added support for explicitly disabling TLS for SMTP.

11.10.75

Thu, 08 Dec 2011 11:56:01 -0800

There are no release notes for this release.

11.10.65

Mon, 05 Dec 2011 18:38:33 -0800

There are no release notes for this release.

11.10.64

Fri, 02 Dec 2011 16:39:02 -0800

There are no release notes for this release.

11.10.60

Fri, 02 Dec 2011 00:14:22 -0800

There are no release notes for this release.

11.10.55

Wed, 30 Nov 2011 18:58:14 -0800

There are no release notes for this release.

11.10.51

Wed, 30 Nov 2011 11:51:11 -0800

There are no release notes for this release.

11.10.38

Fri, 18 Nov 2011 19:25:22 -0800

There are no release notes for this release.

11.10.37

Wed, 16 Nov 2011 18:05:06 -0800

There are no release notes for this release.

11.10.36

Tue, 15 Nov 2011 18:40:27 -0800

There are no release notes for this release.

11.10.32

Thu, 10 Nov 2011 15:07:56 -0800

There are no release notes for this release.

11.10.31

Tue, 08 Nov 2011 15:25:48 -0800

There are no release notes for this release.

11.10.29

Sat, 05 Nov 2011 16:09:23 -0700

There are no release notes for this release.

11.10.27

Fri, 04 Nov 2011 00:45:26 -0700

Enterprise Changes

Bug fixes related to LDAP integration.
Fix the default .ovf path to be compatible with windows paths.
Display the default network adapters MAC address on the console welcome screen.

GitHub Changes

Fix the LDAP uid lookup which caused usernames to include DC information.
Fixed bug in unicorn reloading related to environment variables.

11.10.22

Tue, 01 Nov 2011 00:56:44 -0700

There are no release notes for this release.

11.10.20

Mon, 31 Oct 2011 18:54:41 -0700

There are no release notes for this release.

11.11.18

Sun, 30 Oct 2011 08:56:50 -0700

There are no release notes for this release.

11.10.16

Sat, 29 Oct 2011 04:33:06 -0700

There are no release notes for this release.

11.10.12

Sat, 15 Oct 2011 00:24:54 -0700

Initial release.