2.1.3 February 17, 2015

Bug Fixes

  • Ubuntu packages have been updated to the latest bugfix/security versions.
  • Downloading code archives failed when private mode was enabled.
  • The assets server didn't always properly close file handles, which could cause performance issues if the file handle limit was reached.
  • Custom CA certificates installed with ghe-ssl-ca-certificate-install were lost after upgrading.
  • Maintenance mode wasn't maintained after upgrading, so applications were unexpectedly accessible to users.
  • Updating a license in the management console was not reflected in the GitHub application under some circumstances.
  • Diagnostics always said avatars are disabled, regardless of reality.
  • Some organization names were incorrectly blacklisted.
  • We didn't require SAML responses to be signed. We enforce that now.
  • We didn't properly support SAML single sign on URLs with query parameters.
  • Our validation when adding restricted LDAP groups in the management console was overly strict, and stopped you adding groups whose name was a substring of existing groups.
  • We weren't properly suspending users when they were suspended in ActiveDirectory.
  • We failed to properly sync LDAP users' email addresses in some cases.
  • LDAP Sync unsuspended users who'd been suspended if the userAccountControl attribute wasn't present. That's usually the case when the directory isn't ActiveDirectory unless the attribute was added with a custom schema.
  • The ghe-org-owner-promote command line utility was broken.
  • Wildcard SSL certificates in the management console could be incorrectly marked invalid under some circumstances.
  • We only copied admin SSH keys when initially setting up replication, so the keys on the high availability replica could be out of sync. We regularly update them now.
  • The management console settings and GitHub Enterprise license were only copied the first time replication was set up, so the high availability replica could be out of sync. Now we update the settings and license each time replication is set up.
  • The monitoring graphs were set to PST timezone. We always use UTC now.
  • We ignored region settings in the AWS CodeDeploy service hook, causing it to fail.
  • Switching to a different authentication method didn't expire existing sessions.
  • Profile pictures migrated from an avatar service could revert to identicons under some circumstances.

Known Issues

  • The ghe-upgrade command will output the following harmless error: line 205: /dev/null/: Is a directory
  • Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
  • Replica promotion can hang when running ghe-repl-promote.
  • Git replication can be slow and CPU intense during initial push of large or complex repositories.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Events in the github_audit log stream are being logged twice.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • SNMP can't be run on high availability replicas.
  • Enabling LDAP Sync for emails can cause background jobs to be continuously queued, which in turn can affect performance. We recommend disabling email sync in this version. (updated 2015-02-25)
  • Viewing a PSD or STL file with more than one revision results in an error being thrown. (updated 2015-02-27)

Security Fixes

  • LOW: SAML authentication responses weren't signed.

2.0.7 February 17, 2015

Bug Fixes

  • Ubuntu packages have been updated to the latest bugfix/security versions.
  • Updating a license in the management console was not reflected in the GitHub application under some circumstances.
  • We didn't require SAML responses to be signed. We enforce that now.

Known Issues

  • Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
  • Replica promotion can hang when running ghe-repl-promote.
  • Git replication can be slow and CPU intense during initial push of large or complex repositories.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • The ghe-org-owner-promote command line utility is currently broken.
  • In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Switching to a different authentication method doesn't expire existing sessions.
  • Events in the github_audit log stream are being logged twice.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • SNMP can't be run on high availability replicas.

Security Fixes

  • LOW: SAML authentication responses weren't signed.

Errata

  • We didn't include the fix to sign SAML authentication responses in this release.

2.1.2 January 31, 2015

GitHub Enterprise 2.1.2 Update Released

The 2.1.2 release for GitHub Enterprise is now available for download from https://enterprise.github.com/download. See the 2.1.0 release notes for important changes in this release series. The full release notes for 2.1.2 follow:

Bug Fixes

  • Static network configuration had to be reapplied after upgrading from 2.1.0 to 2.1.1. We now properly maintain these settings during an upgrade.

Known Issues

  • Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
  • Replica promotion can hang when running ghe-repl-promote.
  • Git replication can be slow and CPU intense during initial push of large or complex repositories.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • The ghe-org-owner-promote command line utility is currently broken.
  • In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Switching to a different authentication method doesn't expire existing sessions.
  • Events in the github_audit log stream are being logged twice.
  • Replication needs to be reconfigured after upgrading a replica with ghe-upgrade.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • SNMP can't be run on high availability replicas.
  • Updating a license in the management console is not reflected in the GitHub application under some circumstances. (updated 2015-02-02)
  • Enabling LDAP Sync for emails can cause background jobs to be continuously queued, which in turn can affect performance. We recommend disabling email sync in this version. (updated 2015-02-25)
  • Viewing a PSD or STL file with more than one revision results in an error being thrown. (updated 2015-02-27)

Thanks!

The GitHub Team

2.1.1 January 30, 2015

GitHub Enterprise 2.1.1 Update Released

The 2.1.1 release for GitHub Enterprise is now available for download from https://enterprise.github.com/download. See the 2.1.0 release notes for important changes in this release series. The full release notes for 2.1.1 follow:

Bug Fixes

  • Ubuntu packages have been updated to the latest bugfix/security versions.
  • With more than seven tabs open, dynamic content could fail to load due to browser connection limits. We've returned to using polling instead.
  • When a SAML response incorrectly had an email as the NameID, but didn't include email as a released attribute, users could sign in the first time but couldn't sign in again after signing out.
  • If an SSH key contained extra whitespace or a comment, LDAP Sync sent emails warning that an SSH key was added to your account each time sync ran.
  • When synchronizing an LDAP Group mapped to multiple GitHub Teams, we queried the LDAP directory for each Team. We now query once for the Group and update all the Teams at the same time. We also improved the performance of searching for group members.
  • Creating LDAP users through the site admin caused an error if their LDAP username included characters that would be normalized in their GitHub username, like $, _, ..
  • Members of the LDAP admin group were given admin privileges on account creation or LDAP Sync, but not when they signed in.
  • We incorrectly hid avatar options in the management console if a service URL was set but avatars were disabled.
  • If your management console session timed out, connectivity tests failed without any error message. Now you're redirected to log in again.
  • The From: address was wrong in notification emails if the "no-reply" email address was configued, using the SMTP HELO domain instead.
  • SASL was enabled even if SMTP authentication wasn't turned on, which could cause email delivery failures.
  • Doing an initial installation using the management console API failed if you didn't include the port, because we dropped data when redirecting.
  • If Pages on a replica fell too far behind the primary, the alert shown by ghe-repl-status was missing how far behind replication was.
  • Diagnostics always said Log Forwarding was disabled, regardless of reality.
  • The Git gateway tried to log timing statistics to an inaccessible statsd server.
  • Hovering over the timing statistics graph in the site admin showed undefined instead of the hostname and Ruby version.
  • Compressing a support bundle could be slow, so we sped it up using more than one core (but with a high nice so it won't affect anything else).

Known Issues

  • Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
  • Replica promotion can hang when running ghe-repl-promote.
  • Git replication can be slow and CPU intense during initial push of large or complex repositories.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • The ghe-org-owner-promote command line utility is currently broken.
  • In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Switching to a different authentication method doesn't expire existing sessions.
  • Events in the github_audit log stream are being logged twice.
  • Replication needs to be reconfigured after upgrading a replica with ghe-upgrade.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • SNMP can't be run on high availability replicas.
  • Updating a license in the management console is not reflected in the GitHub application under some circumstances. (updated 2015-02-02)
  • Enabling LDAP Sync for emails can cause background jobs to be continuously queued, which in turn can affect performance. We recommend disabling email sync in this version. (updated 2015-02-25)
  • Viewing a PSD or STL file with more than one revision results in an error being thrown. (updated 2015-02-27)

Security Fixes

  • MEDIUM: Buffer overflow in gethostbyname. Also known as the GHOST vulnerability.

GHOST vulnerability

Qualys researchers have found a buffer overflow vulnerability in the gethostbyname function in the C standard library that could allow remote code execution under some circumstances. There is currently no known way to exploit GitHub Enterprise remotely using this vulnerability, as many services don't use gethostbyname in a way that is exploitable. However, as a precaution we recommend upgrading to this latest patch release or to a later version.

Thanks!

The GitHub Team

https://enterprise.github.com/releases

https://enterprise.github.com/releases/2.1.1

https://enterprise.github.com/staff/releases/2.1.1/edit

https://enterprise.github.com/staff/notifications/211-update-released/

Security Notification

Important Security Vulnerabilities Fixed in GitHub Enterprise 2.1.1

The following important security vulnerabilities have been fixed in the 2.1.1 release:

  • MEDIUM: Buffer overflow in gethostbyname. Also known as the GHOST vulnerability.

GHOST vulnerability

Qualys researchers have found a buffer overflow vulnerability in the gethostbyname function in the C standard library that could allow remote code execution under some circumstances. There is currently no known way to exploit GitHub Enterprise remotely using this vulnerability, as many services don't use gethostbyname in a way that is exploitable. However, as a precaution we recommend upgrading to this latest patch release or to a later version.

If you have any questions, please contact support at enterprise@github.com

Thanks!

The GitHub Team

https://enterprise.github.com/staff/notifications/important-security-vulnerabilities-fixed-in-211/

2.0.6 January 30, 2015

Release Notification

GitHub Enterprise 2.0.6 Update Released

The 2.0.6 release for GitHub Enterprise is now available for download from https://enterprise.github.com/download. The full release notes for 2.0.6 follow:

Bug Fixes

  • Ubuntu packages have been updated to the latest bugfix/security versions.
  • With private mode enabled, redirects could leak the Nginx version we use.
  • Changes to authentication settings in the management console were lost if any settings failed to validate.
  • Adding an SSH key that contained non-ASCII characters like smart quotes would break the management console.
  • If your management console session timed out, connectivity tests failed without any error message. Now you're redirected to log in again.
  • We stopped you from adding a duplicate or broken SSH key to the management console, but the error didn't show up properly.
  • The HAProxy connection limits were incorrectly configured, making them a little bit lower than they should have been.
  • When a SAML response incorrectly had an email as the NameID, but didn't include email as a released attribute, users could sign in the first time but couldn't sign in again after signing out.
  • * Checking replica status with ghe-repl-status was really slow. We made it faster.
  • If Pages on a replica fell too far behind the primary, the alert shown by ghe-repl-status was missing how far behind replication was.
  • Replication didn't restart properly after rebooting a high availability replica.
  • Replication didn't replicate custom DNS settings.
  • The SSH key used for replication didn't survive upgrades and had to be regenerated.
  • The Git gateway tried to log timing statistics to an inaccessible statsd server.
  • The Git gateway included the repository twice in SSH log entries.
  • The Git gateway logs were messed up when we tried to rotate them.
  • The Git gateway was being restarted every day, but we didn't need to do that.
  • The hypervisor console script timed out every five seconds and respawned, spamming the logs.
  • Git clone events weren't being forwarded as part of the github_audit log stream.
  • Hovering over the timing statistics graph in the site admin showed undefined instead of the hostname and Ruby version.
  • Compressing a support bundle could be slow, so we sped it up using more than one core (but with a high nice so it won't affect anything else).
  • Diagnostics always said Log Forwarding was disabled, regardless of reality.
  • Creating the diagnostics file for support could timeout if there were lots of webhook delivery logs.
  • In Pages sites, JSON files were served with the wrong MIME type.
  • We sometimes didn't show the gateway address in the hypervisor console.
  • Accessing GitHub Enterprise in Firefox with the default certificate still enabled displayed the SSL warning twice.
  • The 'Revert' button didn't work properly when trying to revert a pull request from a fork.
  • Git authentication could fail after changing the hostname.

Known Issues

  • Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
  • Replica promotion can hang when running ghe-repl-promote.
  • Git replication can be slow and CPU intense during initial push of large or complex repositories.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • The ghe-org-owner-promote command line utility is currently broken.
  • In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Switching to a different authentication method doesn't expire existing sessions.
  • Events in the github_audit log stream are being logged twice.
  • Replication needs to be reconfigured after upgrading a replica with ghe-upgrade.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • SNMP can't be run on high availability replicas.

Security Fixes

  • MEDIUM: Buffer overflow in gethostbyname. Also known as the GHOST vulnerability.
  • LOW: Desktop applications were granted API tokens with more access scope than was necessary.

GHOST vulnerability

Qualys researchers have found a buffer overflow vulnerability in the gethostbyname function in the C standard library that could allow remote code execution under some circumstances. There is currently no known way to exploit GitHub Enterprise remotely using this vulnerability, as many services don't use gethostbyname in a way that is exploitable. However, as a precaution we recommend upgrading to this latest patch release or to a later version.

Thanks!

The GitHub Team

https://enterprise.github.com/releases

https://enterprise.github.com/releases/2.0.6

https://enterprise.github.com/staff/releases/2.0.6/edit

https://enterprise.github.com/staff/notifications/206-update-released/

Security Notification

Important Security Vulnerabilities Fixed in GitHub Enterprise 2.0.6

The following important security vulnerabilities have been fixed in the 2.0.6 release:

  • MEDIUM: Buffer overflow in gethostbyname. Also known as the GHOST vulnerability.

GHOST vulnerability

Qualys researchers have found a buffer overflow vulnerability in the gethostbyname function in the C standard library that could allow remote code execution under some circumstances. There is currently no known way to exploit GitHub Enterprise remotely using this vulnerability, as many services don't use gethostbyname in a way that is exploitable. However, as a precaution we recommend upgrading to this latest patch release or to a later version.

If you have any questions, please contact support at enterprise@github.com

Thanks!

The GitHub Team

11.10.352 January 30, 2015

Important Security Vulnerability Fixed in 11.10.352

The following important security vulnerability has been fixed in the 11.10.352 release:

  • MEDIUM: Buffer overflow in gethostbyname. Also known as the GHOST vulnerability.

GHOST vulnerability

Qualys researchers have found a buffer overflow vulnerability in the gethostbyname function in the C standard library that could allow remote code execution under some circumstances. There is currently no known way to exploit GitHub Enterprise remotely using this vulnerability, as many services don't use gethostbyname in a way that is exploitable. However, as a precaution we recommend upgrading to this latest patch release or to a later version.

If you have any questions, please contact support at enterprise@github.com

Thanks!

The GitHub Team

2.1.0 January 20, 2015

New Features

With the new features added in GitHub Enterprise 2.1.0, you can:

Changes

  • To stop users committing large files that can harm server performance, files larger than 100MB are now rejected by default. The file size limit can be changed or removed. (updated 2015-02-02)
  • With the release of the profile pictures feature, support for external avatar services has been deprecated. (updated 2015-02-02)

Bug Fixes

  • Ubuntu packages have been updated to the latest bugfix/security versions.
  • When installing, you had to upload the license and then set the password. Now we do it in one step, so someone nasty can't set a password after you've uploaded the license and gone for coffee.
  • With private mode enabled, redirects could leak the Nginx version we use.
  • When talking to an LDAP server multiple times in a request, we'd start a new connection each time. Now we reuse connections where possible, so it's much faster.
  • Checking replica status with ghe-repl-status was really slow. We made it faster.
  • We sometimes didn't show the gateway address in the hypervisor console.
  • We stopped you from adding a duplicate or broken SSH key to the management console, but the error didn't show up properly.
  • Accessing GitHub Enterprise in Firefox with the default certificate still enabled displayed the SSL warning twice.
  • It was easy to accidentally change network settings in the VMware console. Now you have to hit 's' instead of any key.
  • In the security section of the settings page, we incorrectly showed requests coming from 127.0.0.1 if they came from a private network.
  • Replication didn't restart properly after rebooting a high availability replica.
  • Replication didn't replicate custom DNS settings.
  • If a high availability replica was offline for a while, restarting it could fail if MySQL had moved on too far.
  • The SSH key used for replication didn't survive upgrades and had to be regenerated.
  • Memcached didn't restart after a crash, which broke Gist and other pages.
  • In Pages sites, JSON files were served with the wrong MIME type.
  • People expected to be able to invite users to an organization by their full name. Now you can.
  • Wiki links to other wiki pages were rendered as images when a repository contained a directory with the same name.
  • Adding an SSH key that contained non-ASCII characters like smart quotes would break the management console.
  • The 'Revert' button didn't work properly when trying to revert a pull request from a fork.
  • The hypervisor console script timed out every five seconds and respawned, spamming the logs.
  • Git clone events weren't being forwarded as part of the github_audit log stream.
  • The Git gateway logs were messed up when we tried to rotate them.
  • Creating the diagnostics file for support could timeout if there were lots of webhook delivery logs.
  • The page that users see when maintenance mode is enabled linked to enterprise@github.com instead of your configured support email address.
  • The "Open in desktop" button only worked if you already had the desktop application installed.
  • PSD files didn't render with the default self-signed certificate.
  • Git authentication could fail after changing the hostname. (updated 2015-02-02)

Security Fixes

  • LOW: Desktop applications were granted API tokens with more access scope than was necessary.
  • LOW: OpenSSL 1.0.1-4ubuntu5.21.

Removal of RC4 SSL cipher

To keep GitHub Enterprise as secure as possible, we have removed support for the cryptographically weak RC4 cipher in our SSL configuration. With the removal of RC4, Internet Explorer on Windows XP will no longer be able to access GitHub Enterprise. You can read more about this change in our announcement on GitHub.com.

Known Issues

  • Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
  • Replica promotion can hang when running ghe-repl-promote.
  • Git replication can be slow and CPU intense during initial push of large/complex repositories.
  • The management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Dashboard activity feed links point to the wrong hostname after restore if the hostname has changed.
  • The ghe-org-owner-promote command line utility is currently broken.
  • In some circumstances after an upgrade, we prompt you to upload a license even though there's already a valid license.
  • If your management console session has timed out, connectivity tests can fail without any error message.
  • On a freshly set up GitHub Enterprise instance without any users, an attacker could create the first admin user.
  • Switching to a different authentication method doesn't expire existing sessions.
  • Events in the github_audit log stream are being logged twice.
  • Replication needs to be reconfigured after upgrading a replica with ghe-upgrade.
  • Gists can't be created when using Safari 8.x in Private Mode. (updated 2015-01-27)
  • SNMP can't be run on high availability replicas. Our previous fix was incomplete. (updated 2015-02-02)
  • Updating a license in the management console is not reflected in the GitHub application under some circumstances. (updated 2015-02-02)
  • Enabling LDAP Sync for emails can cause background jobs to be continuously queued, which in turn can affect performance. We recommend disabling email sync in this version. (updated 2015-02-25)
  • Viewing a PSD or STL file with more than one revision results in an error being thrown. (updated 2015-02-27)

The GitHub Team

https://enterprise.github.com/releases

https://enterprise.github.com/releases/2.1.0

2.0.5 December 22, 2014

Security Fixes

  • CRITICAL: Remote code execution possible via ntpd.
  • MEDIUM: Specially crafted Gist updates could bypass the Git client protection introduced in 2.0.4.
  • MEDIUM: The web editor could be used to bypass the Git client protection introduced in 2.0.4.

NTP vulnerability

Critical vulnerabilities in the Network Time Protocol (NTP) have been discovered and disclosed by members of the Google Security Team. These vulnerabilities make it possible for a remote attacker to send a carefully crafted packet with malicious arbitrary code that will execute at the privilege level of the ntpd process.

This release includes patches to NTP from upstream to make sure it is not exploitable. As an additional measure, we've also updated the firewall rules to be more strict. We strongly recommend that all GitHub Enterprise customers upgrade their instances as soon as possible.

More details on the vulnerabilities can be found in the ICSA-14-353-01 advisory.

Mitigation
If you can't immediately upgrade, the attack can be mitigated by removing the firewall rule that accepts traffic to port 123. To temporarily remove the rule, SSH into the appliance and run:

sudo ufw delete allow ghe-123

If you have any questions, please contact support at enterprise@github.com

Known Issues

  • Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
  • Replica promotion can hang when running ghe-repl-promote.
  • Replicas need to be restarted after upgrading with ghe-upgrade.
  • Git replication slow and CPU intense during initial push of large/complex repositories.
  • First run in Firefox displays the SSL warning twice.
  • Admin is prompted to reapply the license after ghe-upgrade runs even though the license file is present.
  • The management console doesn't handle non-ASCII characters in authorized_keys.
  • Management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
  • Downloading diagnostics from the web can time out if there are a lot of hook deliveries.
  • Memcache doesn't restart properly after a crash and must be manually restarted.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Dashboard activity feed links point to wrong hostname after restore if the hostname has changed.
  • A user cannot be invited to an organization by their full name.
  • Wiki links to other wiki pages are rendered as images when a repository contains a directory with the same name.

11.10.351 December 22, 2014

Security Fixes

  • CRITICAL: Remote code execution possible via ntpd.
  • MEDIUM: Specially crafted Gist updates could bypass the Git client protection introduced in 11.10.349.
  • MEDIUM: The web editor could be used to bypass the Git client protection introduced in 11.10.349.

NTP vulnerability

Critical vulnerabilities in the Network Time Protocol (NTP) have been discovered and disclosed by members of the Google Security Team. These vulnerabilities make it possible for a remote attacker to send a carefully crafted packet with malicious arbitrary code that will execute at the privilege level of the ntpd process.

This release includes patches to NTP from upstream to make sure it is not exploitable. As an additional measure, we've also updated the firewall rules to be more strict. We strongly recommend that all GitHub Enterprise customers upgrade their instances as soon as possible.

More details on the vulnerabilities can be found in the ICSA-14-353-01 advisory.

Mitigation
If you can't immediately upgrade, the attack can be mitigated by removing the firewall rule that accepts traffic to port 123. To temporarily remove the rule, SSH into the appliance and run:

sudo ufw delete allow ghe-123

The rule will be re-enabled if settings are saved or a configuration run is performed. To prevent the rule from being restored, SSH into the appliance and run:

sudo rm /data/enterprise/cookbooks/ufw/files/default/ufw_apps/ghe-123
sudo rm /etc/ufw/applications.d/ghe-123

If you have any questions, please contact support at enterprise@github.com

2.0.4 December 19, 2014

Git client vulnerability

Yesterday a critical Git security vulnerability was announced that affects all versions of the official Git client and all related software that interacts with Git repositories.

While GitHub Enterprise itself is not directly affected, it may be used as a distribution point for an attacker to reach unpatched clients. This release detects and blocks malicious trees from being pushed to an Enterprise instance, eliminating it as an attack vector.

Important details

It it critical to note that this release only provides mitigation against low-levels attacks where a user with write access could attempt to push malicious files to a GitHub Enterprise instance. It does not prevent interactions with malicious external Git servers that can open up command-line level attack vectors, as those must be dealt with at the Git client level.

For full protection, we strongly recommend you ensure that all developers update their Git clients, in addition to upgrading to this release. Installing this update alone does not mean your organization is fully safe against this vulnerability. The only way to make sure none of your developers are vulnerable is to have everyone upgrade their Git client.

More details on the vulnerability can be found in the official Git mailing list announcement, on the git-blame blog, and on the GitHub blog.

If you have any questions, please contact support at enterprise@github.com

Bug Fixes and Updates

  • Maintenance pages now display the configured support email rather than the enterprise@github.com default.
  • The version number is displayed correctly on AWS installations.
  • The index entries in Index Management correctly change the cursor to indicate they are clickable links.
  • The welcome screen will no longer blank and requires s rather than any key to start network setup.
  • There is now a /usr/local/bin/ghe-btop utility to query the status of babeld.

Known Issues

  • Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
  • Replica promotion can hang when running ghe-repl-promote.
  • Replicas need to be restarted after upgrading with ghe-upgrade.
  • Git replication slow and CPU intense during initial push of large/complex repositories.
  • First run in Firefox displays the SSL warning twice.
  • Admin is prompted to reapply the license after ghe-upgrade runs even though the license file is present.
  • The management console doesn't handle non-ASCII characters in authorized_keys.
  • Management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
  • Downloading diagnostics from the web can time out if there are a lot of hook deliveries.
  • Memcache doesn't restart properly after a crash and must be manually restarted.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Dashboard activity feed links point to wrong hostname after restore if the hostname has changed.
  • A user cannot be invited to an organization by their full name.
  • Wiki links to other wiki pages are rendered as images when a repository contains a directory with the same name.

11.10.349 December 19, 2014

Git client vulnerability

Yesterday a critical Git security vulnerability was announced that affects all versions of the official Git client and all related software that interacts with Git repositories.

While GitHub Enterprise itself is not directly affected, it may be used as a distribution point for an attacker to reach unpatched clients. This release detects and blocks malicious trees from being pushed to an Enterprise instance, eliminating it as an attack vector.

Important details

It it critical to note that this release only provides mitigation against low-levels attacks where a user with write access could attempt to push malicious files to a GitHub Enterprise instance. It does not prevent interactions with malicious external Git servers that can open up command-line level attack vectors, as those must be dealt with at the Git client level.

For full protection, we strongly recommend you ensure that all developers update their Git clients, in addition to upgrading to this release. Installing this update alone does not mean your organization is fully safe against this vulnerability. The only way to make sure none of your developers are vulnerable is to have everyone upgrade their Git client.

More details on the vulnerability can be found in the official Git mailing list announcement, on the git-blame blog, and on the GitHub blog.

If you have any questions, please contact support at enterprise@github.com

2.0.3 December 16, 2014

Bug Fixes and Updates

  • Fixes a regression in 2.0.2 that prevented new AWS installations when the second block device was attached before the instance was first started.

Known Issues

  • The version number is incorrectly shown on AWS installations as 2.0.2.
  • Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
  • Replica promotion can hang when running ghe-repl-promote.
  • Replicas need to be restarted after upgrading with ghe-upgrade.
  • Git replication slow and CPU intense during initial push of large/complex repositories.
  • First run in Firefox displays the SSL warning twice.
  • Admin is prompted to reapply the license after ghe-upgrade runs even though the license file is present.
  • The management console doesn't handle non-ASCII characters in authorized_keys.
  • Management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
  • Downloading diagnostics from the web can time out if there are a lot of hook deliveries.
  • Memcache doesn't restart properly after a crash and must be manually restarted.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Dashboard activity feed links point to wrong hostname after restore if the hostname has changed.
  • A user cannot be invited to an organization by their full name.
  • Wiki links to other wiki pages are rendered as images when a repository contains a directory with the same name.

2.0.2 December 16, 2014

Bug Fixes and Updates

  • Updated installed packages and Ubuntu kernel to latest released versions.
  • Services would not start properly in some circumstances, so the appliance would get stuck in a "Starting..." state.
  • SSH keys were deleted during sign in when SAML authentication was used.
  • It was possible to upload an invalid SAML idP certificate, which caused an error when trying to log in.
  • Updating a license didn't take effect until settings had been saved.
  • A 404 Not Found error was returned when visiting the user page of a suspended user.
  • The ghe-user-csv command line utility didn't include email addresses in some circumstances.
  • After upgrading, the appliance could briefly revert to using the default self-signed SSL certificate.
  • Changing network settings could break the HAProxy SSL certificate, making services on the appliance unreachable.
  • Our handling of deleted refs could cause high availability Git replication to fail for affected repositories.
  • The management console could report the pre-upgrade version number after an upgrade.
  • Events that trigger notification emails could cause 500 errors if the configured SMTP server timed out.
  • Testing domain settings in the management console failed if the uploaded SSL certificate didn't have 'Subject Alternative Name' extensions.
  • Testing domain settings in the management console failed when the DNS server wasn't reachable or valid.
  • Testing LDAP group membership in the management console returned incorrect results when only an admin group was set.
  • Searching for a repository in the site admin could miss exact matches.
  • User creation could time out if the LDAP administrator group wasn't set.
  • Gist log level was set too high, so the Gist logs could grow very big.
  • Some management console styles and functionality were broken for supported versions of IE.
  • When restoring to a backup with ghe-restore, maintenance mode was automatically enabled, which could be confusing. Maintenance mode now has to be enabled manually through the management console, using the management console API, or using the ghe-maintenance command line utility.
  • Resizing the root partition caused upgrades to fail.
  • The web user interface and API could be slow to update after Git pushes.
  • During initial installation, the self-signed certificate warning screen suggested verifying the certificate over SSH when no SSH keys were installed. The certificate fingerprint is now shown in the hypervisor console.
  • SSH password authentication was incorrectly enabled for admin access, even though no password was set.
  • The support email couldn't be set without enabling outgoing email.
  • Slow response times from NetApp storage could cause the root partition to be remounted as read only.
  • Some metadata was missing when importing the OVA.
  • It wasn't possible to add more than 8 vCPUs under ESXi without upgrading the virtual hardware version.
  • The raw Gist main page returned an error.
  • Inconsistent 404 Not Found error pages were displayed in some cases.
  • Sending malformed JSON to the management console API caused an error rather than being handled gracefully.
  • Links to help articles didn't link to the Enterprise-specific articles.
  • The color used to highlight search term results in code was too similar to the fold highlighting color.

Known Issues

  • ghe-upgrade expects the upgrade filename to be github-enterprise-esx-2.0.2.pkg on VMWare or github-enterprise-ami-2.0.2.pkg on AWS.
  • Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
  • Replica promotion can hang when running ghe-repl-promote.
  • Replicas need to be restarted after upgrading with ghe-upgrade.
  • Git replication slow and CPU intense during initial push of large/complex repositories.
  • First run in Firefox displays the SSL warning twice.
  • Admin is prompted to reapply the license after ghe-upgrade runs even though the license file is present.
  • The management console doesn't handle non-ASCII characters in authorized_keys.
  • Management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
  • Downloading diagnostics from the web can time out if there are a lot of hook deliveries.
  • Memcache doesn't restart properly after a crash and must be manually restarted.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Dashboard activity feed links point to wrong hostname after restore if the hostname has changed.
  • A user cannot be invited to an organization by their full name.
  • Wiki links to other wiki pages are rendered as images when a repository contains a directory with the same name.

2.0.1 November 20, 2014

Bug Fixes and Changes

  • Ubuntu packages have been updated to the latest bugfix/security versions.
  • Data migration failed if there were organizations without administrators.
  • Services could fail to start correctly if configuration was applied without storage being prepared.
  • A race condition could cause a configuration failure to be incorrectly reported.
  • When saving Management Console settings, redirecting to the progress page could fail.
  • Saving Management Console settings with an inaccessible LDAP server caused an error.
  • Static network settings would be lost across upgrades.
  • Gist Git repositories could not be pushed to directly.
  • The number of Rails worker processes was static, and now depends on the provisioned memory.
  • GitHub OAuth did not redirect to the requested page when login was required.
  • Diagnostic output did not include the EC2 instance type.
  • MySQL replication was shown as a running query in the Management Console maintenance page.
  • A SAML single logout URL was incorrectly published. GitHub Enterprise does not currently support single logout.
  • Excessive log entries were generated because the MySQL slow transaction threshold was set too low.
  • The default memory for the OVA was incorrectly set to 8GB, instead of the recommended 16GB.
  • Lowercase hostnames were not enforced in the Management Console settings.
  • collectd and log data are were not preserved through upgrades.
  • Support bundles did not include configuration logs.
  • SAML times did not append Z for compliance with the SAML Core 1.3.3 standard.
  • Incorrect license information was shown in diagnostic output.
  • The Git HTTPS daemon contained a file descriptor leak.
  • Added ghe-mysql-checksum script to checksum InnoDB tables.
  • Management Console restore messaging was imprecise.
  • Subdomain isolation caused a redirect loop when accessing the Pages root URL.
  • The crash kernel was unnecessarily enabled, causing 128M of memory to be used.
  • Webhook logs did not include timestamps.
  • Excessive log entries were generated if Gitmon could not open its data store.
  • Non-DST time changes caused ambiguous Russian timezones.

DNS Servers

Major change: DNS settings are no longer configured via the the Management Console, and any custom nameservers specified via the console will be lost after upgrading to 2.0.1.

When configured to use DHCP, GitHub Enterprise now relies on the DNS nameservers provided by the DHCP server. This is the default configuration for GitHub on AWS, and no changes are required when upgrading an EC2 instance.

If you are using DHCP on VMWare and your server does not provide nameservers, or if you need custom nameservers that are different from your DHCP lease, please add them to /etc/resolvconf/resolv.conf.d/head after upgrading.

If you are using a static IP configuration, please reconfigure static network configuration after upgrading to 2.0.1, either via tty1 or sudo ghe-setup-network -v.

Note: You may also choose to add custom nameservers to /etc/resolvconf/resolv.conf.d/head before running ghe-upgrade. These settings will be retained across the upgrade to 2.0.1 and future releases.

Known Issues

The 2.0.1 release ships with some known issues that we were unable to fix before release. If any of these will cause major problems for your organization, we recommending waiting for 2.1.0 or 2.0.2 before upgrading.

  • News feed activity links point to the hostname and protocol used when they were generated (affects renamed hosts).
  • "Test domain settings" will fail when a DNS server is invalid or not reachable.
  • ghe-restore should require that maintenance mode is enabled before restoring.
  • ghe-repl-status-git is CPU intensive and may be slow on the primary node.
  • The Site Admin dashboard has an autofocus issue in Firefox.
  • Accessing the Gist raw subdomain can cause an error.
  • Git replication is slow and CPU intense during initial push of large or complex repositories.
  • Webhook deliveries may be delayed when search indexing jobs are running.
  • The lock issue dialog does not link to the versioned Enterprise Help URL: https://help.github.com/enterprise/2.0/user/articles/what-are-the-different-access-permissions
  • Search on Pages 404 pages does not work.
  • 404 pages are not consistent across Assets, Gist and GitHub URLs.
  • ghe-user-csv script doesn't return valid email addresses.
  • SMTP over SSL/SMTPS on port 465 is not supported.

2.0.0 November 11, 2014

Features and Changes

Bug Fixes

  • Pull requests could include the wrong commits.
  • Webhooks would only keep the most recent 150 deliveries per hook.
  • LDAP authentication failed when using Oracle Unified Directory LDAP.
  • Git clone could fail for large repositories.
  • MySQL could not be restarted without rebooting the VM..
  • Experimental: Active Directory users could not be found when the user was in a nested group (ask Enterprise Support for access to this bug fix).

Security Fixes

  • HIGH: Subdomain Isolation (strongly recommended but disabled by default) hosts Archives, Gist, Assets, Pages, content rendering, user uploads, and raw files on separate subdomains. This feature isolates these potentially insecure resources from user sessions and mitigates cross-site scripting attacks by moving them to different origins.
  • HIGH: Multiple cross-site scripting vulnerabilities and configuration file injection issues fixed in management console. Exploitation required authentication.
  • MED: Management console now runs on port 8443 (or 8080 when SSL is disabled) to separate user and administrative interfaces.
  • MED: SSL is enabled by default and uses self-signed certificates on initial setup.
  • MED: Management console now uses password-based authentication instead of authentication using license files.

LDAP Support

Supported LDAP servers are now Active Directory, FreeIPA, Oracle Directory Server Enterprise Edition, OpenLDAP, Open Directory and 389 Directory Server. These are the servers that we will test before shipping a GitHub Enterprise release. If you need support for another LDAP server please contact GitHub Enterprise Support.

VirtualBox Unsupported

Enterprise 2.0 OVAs will no longer run with VirtualBox. VirtualBox has previously offered a poor customer experience for GitHub Enterprise. The supported hypervisors are VMware ESX and Amazon Web Service's EC2. VMware desktop products (e.g. VMware Workstation, VMware Fusion, VMware Player) are supported for trial purposes but should not be used in production.

Known Issues

The 2.0.0 release ships with some known issues that we were unable to fix before release. If any of these will cause major problems for your organization, we recommending waiting for 2.1.0 or 2.0.1 before upgrading.

  • Dashboard activity feed links point to the hostname and protocol used when they were generated.
  • "Test domain settings" will fail when a DNS server is not reachable or invalid.
  • Gist Git repositories cannot be pushed to.
  • GitHub OAuth does not redirect to the requested page when login is required.
  • ghe-restore should require that maintenance mode is enabled before restoring.
  • ghe-repl-status-git is CPU intense and may be slow on the primary node.
  • Saving settings with an inaccessible LDAP server results in an error.
  • The Site Admin dashboard has an autofocus issue in Firefox.
  • collectd data is not preserved through upgrades.
  • Accessing the Gist raw subdomain can cause an error.
  • Git replication is slow and CPU intense during initial push of large or complex repositories.
  • Webhook deliveries may be delayed when search indexing jobs are running.
  • The lock issue dialog does not link to the versioned Enterprise Help URL: https://help.github.com/enterprise/2.0/user/articles/what-are-the-different-access-permissions
  • Search on Pages 404 pages does not work.
  • Inconsistent 404 behaviour for Assets, Gist and GitHub URLs.
  • ghe-user-csv script doesn't return valid email addresses.
  • Uppercase hostnames cause redirect loops and are not rejected by the management console.
  • SMTP over SSL/SMTPS on port 465 is not supported.

11.10.348 October 16, 2014

Bug Fixes

  • Quickly recreating a repository after deletion could result in the new repository being deleted.
  • A GitHub.com billing plan could be incorrectly assigned to a user, causing upgrades to fail.
  • MOTD was incorrectly enabled for non-interactive SSH sessions.
  • The Subversion bridge could fail to restart.
  • Repositories with missing discussion metadata were not properly deleted.
  • Gists from previous versions were not shown in searches after upgrade.
  • Duplicate repository records could cause upgrades to fail.
  • Git garbage collection could run while a backup was in progress.
  • Internal hooks could cause poor Git performance.
  • Active Directory LDAP subgroups were not searched recursively.
  • Diffs of STL files did not work in private mode.
  • Clicking links in Gists in Firefox redirected incorrectly to an error page.

Google Chrome

A bug in Chrome caused our security middleware to incorrectly forbid file uploads, causing an empty response. This could cause initial installation, upgrades, or unlocking with a license file to fail for all instances using the 11.10.320 OVA. The bug is fixed in the 11.10.320.1 OVA included with this release.

Security Fixes

SSLv3 disabled

Google researchers have found a critical vulnerability in the SSLv3 protocol. This protocol is very old and has been replaced with TLS 1.0, 1.1 and 1.2. Due to the vulnerability we have disabled SSLv3 support by default in 11.10.348.

We strongly recommend against reenabling SSLv3 but if it is needed after upgrading to 11.10.348 by legacy software the following steps will reenable it:

ghe-unlock

WARNING: This command opens root access to the admin user via sudo. It is
provided as a troubleshooting facility and should be used only under the
guidance of GitHub Enterprise support.

While unlocked, any user with admin SSH access will have full root access to
the VM. Please use with caution and run the ghe-lock command when finished to
prevent accidental modification of system files.

Do you understand? [Y/n] Y
Okay. Full sudo access via the admin user is now enabled.

Replace the line ssl_protocols TLSv1 TLSv1.1 TLSv1.2; in /etc/nginx/sites-enabled/github.conf with ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;:

sudo sed 's/ssl_protocols TLSv1 TLSv1.1 TLSv1.2/ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2/' -i /etc/nginx/sites-enabled/github.conf
sudo service nginx reload

You can verify if the change was successful by running the following command from outside the instance:

openssl s_client -connect my-enterprise-instance:443 -ssl3

This should show a message similar to the following:

CONNECTED(00000003)
..
Server certificate
-----BEGIN CERTIFICATE-----

11.10.347 September 28, 2014

Security fixes

Bugfixes

  • Forking regression which resulted in substantially more disk space and resource utilization.

11.10.337 September 28, 2014

Security fixes

11.10.346 September 25, 2014

Security fixes

11.10.336 September 25, 2014

Security fixes

11.10.335 September 24, 2014

Security fixes

11.10.345 September 24, 2014

Security fixes

11.10.344 September 2, 2014

Bugfixes

  • Site admin rocket icon did not show in Internet Explorer 11.
  • Proxy services for Git, Git HTTP and SVN did not log correctly.
  • Recent webhook delivery metadata were not displayed in repository settings under some circumstances.
  • Pull request synchronization in the site admin could cause a Not Found error.
  • Compiled GitHub Pages sites could be improperly removed.
  • Support bundles could be extremely large. Rotated logs are now excluded by default.
  • Visiting the user page of a suspended user incorrectly caused a Not Found error.
  • LDAP user listing in the site admin could time out.
  • LDAP posixGroup membership checks failed improperly.
  • Testing connection settings caused an error when the LDAP server was unreachable.

Security fixes

11.10.343 July 30, 2014

Bugfixes

  • Incorrect rendering of repository pages when following a link from a Gist.
  • Pages generation could fail with SSL enabled.
  • reStructuredText files failed to render.
  • To prevent broken avatars, set GitHub.com as the default fallback for serving identicons.
  • Filtered SNMP community string from the support bundles.
  • LDAP authentication timeouts could cause sign in and HTTP clones to fail.
  • Upgrades could fail if VMware tools had been installed.
  • Collectd was sending duplicate packets when forwarding messages.
  • Changed authentication settings could fail to take effect.
  • To prevent system authentication logs from becoming too large, we now rotate the auth.log daily and discard them after one week.
  • Administrators did not have permission to update firewall rules with UFW.
  • Git incorrectly detected commits as unreachable on fetch.
  • Elasticsearch status was inconsistent after upgrade.
  • When creating a repository with the same name as a deleted repository, the deleted code was restored.
  • Upgrade could fail with a large user sessions table.
  • Improved styling of search results sort order button.
  • Better handling errors when renaming users from stafftools.
  • Seat count was misreported.
  • Gists with legacy ID URLs cound not be cloned.
  • Commit build statuses were not shown after upgrade.
  • Removed site_admin API scope from metadata calls.
  • Unlocking repositories failed after a sudo timeout with LDAP authentication enabled.
  • Webhooks status icons remained grey on delivery.
  • Image diffs did not load consistently.

Security fixes

  • MED: Pages repository submodule could access other repositories on the VM.

Upgrade path

  • Please upgrade your instance to GitHub Enterprise 11.10.317 or later before upgrading to 11.10.343.

11.10.342 July 10, 2014

Bugfixes

  • Upgrade could fail due to incorrect process ordering
  • Upgrade could timeout during database migration
  • Upgrade could fail when repository data cannot be found
  • Incorrectly allowed duplicate SSH keys in the Management Console
  • Gist log files were not rotated
  • API rate limiting incorrectly enabled

Upgrade path

  • Please upgrade your instance to GitHub Enterprise 11.10.317 or later before upgrading to 11.10.342.

11.10.341 July 7, 2014

Bugfixes

  • Upgrades could fail when using LDAP.

11.10.340 Improvements

This release also includes all features and bug fixes from 11.10.340, including:

New Features

LDAP improvements

Bugfixes

  • Improperly displayed information about Git alternate networks on the repository admin page.
  • Blacklist "network" for user/organization names.
  • Improperly displayed Mirrors filter on repositories listing.
  • Inconsistent interface elements displayed when interacting with internal links on custom tabs.
  • Improperly excluded some system log files from log forwarding.
  • Error during sign in when LDAP passwords contain accented characters.
  • Error when creating an LDAP user through the site admin if the login was normalized.
  • Failed to load LDAP users page when the directory server's size limit was exceeded.

Security fixes

  • MED: Timing attack vulnerability in Management Console.

11.10.334 July 7, 2014

Security fixes

  • CRIT: Improperly standardized user logins could allow users to log in to other user accounts when using GitHub OAuth. Enterprise installations using other authentication methods are not affected.

11.10.333 June 10, 2014

CCS Injection Vulnerability (CVE-2014-0224)

The ChangeCipherSpec vulnerability in the OpenSSL library allows third parties to perform man-in-the-middle attacks. In other words, if attackers can intercept encrypted network traffic they can decrypt it without their victims knowing.

This attack only works on servers that use OpenSSL version 1.0.1 or later. The version at the client doesn't matter. GitHub Enterprise itself is not vulnerable because it ships with OpenSSL 1.0.0.

However, webhooks might be vulnerable to this attack. If the server that is the target of the webhook is running a vulnerable version of OpenSSL and an attacker can intercept network traffic, they would be able to decrypt the communication.

We care about the security of our customers and therefore decided that even though the risk is minimal the best solution is to issue an update.

Security

Bugfixes

  • Fixed an upgrade issue that would cause failures when upgrading from versions prior to 11.10.260.

11.10.332 April 23, 2014

Heartbleed Vulnerability Information

GitHub Enterprise is not (and was not) affected by the Heartbleed vulnerability. The version of OpenSSL included with the appliance is not vulnerable to the attack. Please contact us at enterprise@github.com if we can help elaborate on this in any way.

Security

  • CRIT: An authorized user could perform remote command execution with specially crafted Git requests.
  • HIGH: Remote content could be loaded in faceboxes by injecting rel=facebox in user-editable content.
  • HIGH: Java applications were potentially remotely exploitable (Oracle's April 2014 Critical Patch Update).
  • MED: A potential regex DoS attack vector existed in the API.
  • MED: A public repository could be compared to a private fork by an unauthorized user using the API.
  • MED: YAML URI parsing could allow arbitrary code execution through a heap overflow (CVE-2014-2525).

Bugfixes

  • A race condition during configuration could prevent some processes from restarting.
  • Repository size on disk was miscalculated in some circumstances.
  • Paths were not always properly UTF-8 encoded when using Subversion.
  • File size limits were too restrictive when using Subversion.
  • Merging a pull request could introduce repository corruption in some cases.
  • Web requests to repository pages were not properly redirected when .git was appended.
  • Users could create repositories via the API that they subsequently couldn't access under some conditions.
  • The API incorrectly returned a 404 Not Found status in some cases when an incorrect LDAP password was used.

11.10.331 February 20, 2014

Last month GitHub launched a Security Bug Bounty program, which has been wildly successful in identifying a number of security vulnerabilities ranging from low to critical risk on GitHub.com. To get these fixes to you more quickly, we've pushed the 11.10.330 Feature Release back to 11.10.340. Between now and then, we'll be using the 11.10.33x series for further security/bugfix releases.

This release addresses the following issues:

Security

  • CRIT: Root exploit vulnerability.
  • CRIT: Authentication bypass vulnerability for LDAP under certain conditions.
  • HIGH: Gist vulnerability that could grant access to private repos under a targeted chain attack.
  • HIGH: Content Security Policy (CSP) bypass vulnerability.
  • HIGH: Flash Cross Site Scripting (XSS) vulnerability for raw blobs.
  • HIGH: DOM-based XSS + CSP bypass vulnerability.
  • MED: JSONP callback vulnerability that could result in arbitrary Flash execution.
  • MED: OAuth URL parsing open redirect vulnerability.
  • MED: Vulnerability where raw gist content could be viewed without authentication for public gists when Private Mode was enabled.
  • LOW: Issue where the dotcom_user session cookie wasn't being removed on logout.
  • LOW: Open redirect vulnerability.
  • LOW: SSH key audit verification CSRF vulnerability.
  • LOW: Contributor Graph XSS vulnerability.
  • LOW: OAuth URL parsing path traversal vulnerability.
  • LOW: Login open redirect vulnerability.
  • LOW: OAuth subdomain bypass vulnerability.
  • LOW: Java updated to pull in a variety of security and bug fixes.

General

  • ghe-user-demote was demoting admins improperly (they still lost admin privileges).
  • The audit.log file was unreadable by the admin SSH user.

GitHub

  • Pull request mergeability checks were failing under some conditions when opening new pull requests.
  • System emails being sent to a user with no primary email set would cause an error.
  • Exceptions weren't being reported properly in some cases.
  • Audit log data wasn't being printed as valid JSON.

Authentication

  • The first LDAP user who logged in wasn't being auto-promoted to Site Admin if no Admin Group was specified.
  • Not all errors were displayed if any were encountered when a user first signed in under LDAP.
  • GitHub for Mac would fail to authenticate properly if Private Mode was enabled.
  • GitHub for Mac would fail to authenticate properly with user logins that had to be normalized (e.g., had a period or underscore in them).

Git

  • Git push performance regression affecting repositories with large numbers of refs (branches/tags).

API

  • API scope validation issue producing false positives.

11.10.329 January 9, 2014

Security

  • HIGH: Fixed a vulnerability affecting Pages that would allow arbitrary file reads and writes on the installation.

General

  • Fixed a bug where Pull Request merge status checks were failing in some cases when opening a new Pull Request.

Authentication

  • Fixed a bug where invalid data in LDAP mail attributes would prevent new user accounts from being created.

11.10.328 December 18, 2013

General

  • Fixed a bug where editing files in the web editor using Safari under Mavericks resulted in the cursor being displayed incorrectly.
  • Fixed a bug where migrating from older releases would trigger errors during the configuration process.
  • Fixed a bug where viewing a user's comments in the Admin Tools dashboard would throw a 500 if a Gist comment was included.
  • Fixed a bug that could cause race conditions when attempting to merge pull requests that would result in a 500 error.
  • Removed rate limiting options from the OAuth application settings as rate limiting is globally disabled on Enterprise.
  • Fixed a bug where gravatars continued being displayed on repository network graphs even when they were disabled.
  • Fixed a bug where pull requests that were far behind their head ref would be incorrectly closed automatically.
  • Fixed a bug where a branch could be deleted from a merged pull request when another open pull request was using it as its base.
  • Suspended users now get see the email address of the GitHub Enterprise administrator, if they've added it in the settings.
  • Fixed a bug where the support bundle was attempting to include a non-existent directory.
  • Fixed a bug where the configured support email wasn't being used on the maintenance page.
  • Fixed a bug where ProTips for GitHub.com where being shown instead of the ones specific to GitHub Enterprise.
  • Added support for large cookies (up to 32 kb) to better support highly proxied environments.

Authentication

  • Fixed a bug where the All LDAP users section of the Admin Tools dashboard would yield a 500 error under some conditions.
  • Fixed a bug where login errors due to not being in an allowed LDAP group were not distinguished from incorrect credentials at login time.
  • Fixed a bug where multiple attempts at creating LDAP user emails were being made on initial login resulting in an error.
  • Fixed a bug where a 500 error could occur if none of the restricted LDAP groups were found.
  • Fixed a bug where the LDAP configuration test wasn't limiting its user search to the specified groups.

Gist

  • Fixed a bug where navigation links weren't respecting the custom appliance hostname.
  • Fixed a bug where embedded gists weren't rendering properly.
  • Fixed a bug where viewing gists in IE11 would result in a 422 Unprocessable Entity browser error.
  • Fixed a bug where previewing comments in gists would fail.
  • Fixed a bug where the Google Analytics code for GitHub.com was being included in gist pages.

11.10.327 December 4, 2013

Security

  • CRIT: Updated Java and other system packages to address critical vulnerabilities.
  • CRIT: Updated Ruby to protect against a buffer overflow vulnerability.
  • CRIT: Fixed a bug where a user could craft a special request that would allow arbitrary command execution on the appliance.
  • HIGH: Updated git for 32-bit and 64-bit installs to prevent a buffer overflow under some conditions.
  • HIGH: Kernel updated to prevent an exploit where an SSH user on the appliance could potentially gain elevated root permissions.
  • HIGH: Fixed a bug in the API that would allow for brute force password guessing.
  • HIGH: Updated Gist to address new Rails security vulnerabilities.
  • LOW: Fixed a bug that allowed users to inject LDAP filters into the username field on the login page.
  • LOW: Fixed an issue where a Gist's content wasn't filtered correctly and therefore appeared in the log files.

11.10.326 October 28, 2013

Bugfixes

  • Fixed an issue that occurred under specific conditions that caused erroneous LDAP validation errors which prevented settings from being changed in the Management Console.
  • Fixed an issue that caused Gists to display error messages when browsed to if they had been commented on.
  • Fixed an issue where the email service hook wasn't respecting the TLS SMTP option configured for the installation.
  • Fixed a bug where moving a block device that had previously been used on another installation and attaching it to a new installation would result in any data it contained being deleted.
  • Fixed a bug where Reports being generated would include partial datasets under some conditions.
  • Fixed a bug where Gist indexing was occurring in-line during upgrades rather than in the background, which caused some upgrades to fail due to a timeout.
  • Re-enabled "Detach from network" option for repositories in the Admin Tools dashboard.

11.10.325 October 17, 2013

Security

  • LOW: Fixed a bug where service hook delivery lists were accessible to unauthenticated users on publicly accessible installations. No customer data would have been accessible from this page.

Bugfixes

  • Fixed a bug where email service hooks weren't delivering mail properly for installations with SMTP Authentication set to "none".
  • Fixed LDAP issues related to bases and groups not validating properly in some cases when attempting to save settings or test.
  • Fixed a bug where teams added as collaborators on repositories were showing up twice. To fix cases where this is already present, remove and re-add the team.
  • Re-enabled the public push option for repositories.
  • Fixed a bug where the ghe-es-reindex utility wasn't applying to all search indexes.
  • Removed the ghe-es-reset utility since its functionality has been superseded by ghe-es-reindex.
  • Fixed a bug where archives weren't building properly for private repositories.
  • Fixed a bug where the Gist API was providing an incorrect URL for raw files.
  • Fixed a bug where re-authorization prompts were happening when adding users to teams under CAS authentication (where re-authorization prompts don't work).
  • Fixed a bug where use of non-https image URLs in Gist was resulting in broken images.
  • Fixed a bug where two-factor authentication wouldn't work properly with GitHub for Mac when using the GitHub OAuth authentication option.
  • Fixed a bug where users with disallowed characters in their LDAP username (which are converted to dashes ordinarily) couldn't log in using GitHub native clients.
  • Fixed a bug where Pages sites weren't being properly renamed after a user or organization was renamed.
  • Fixed a bug where a variety of errors were showing up due to users not having a primary email set.
  • Fixed a bug where HTML tables weren't being rendered properly in inline comments.
  • Fixed a bug where services weren't always being restarted as they should after configuration runs. This resolves an issue with hostname updates when viewing service hook deliveries and viewing gists when private mode is disabled.
  • Fixed a bug where the "All Gists" link was no longer being displayed in Gist.
  • Fixed CSS rendering issue on the Explore page.

11.10.324 September 23, 2013

Security

  • CRIT: Fixed a vulnerability that would allow an individual to login as any user under LDAP authentication. Other methods of authentication and releases prior to 11.10.320 are unaffected.

11.10.323 September 20, 2013

Enhancements

  • Added a banner to remind users to add an email address if they don't have one.

Bugfixes

  • Fixed a bug where disk usage units in the admin stats bar are wrong.
  • ElasticSearch cluster status was incorrectly displayed as 'yellow'.
  • Fixed a bug where email service hooks weren't delivering emails properly.
  • Fixed a bug where saving settings in the Management Console doesn't work if SSL is enabled.
  • Fixed a bug where GitHub OAuth authentication caused a redirect loop at login.
  • Fixed a bug where previewing a wiki page would throw a 500 error.
  • Fixed a bug where public repos were showing up with private repo styling.
  • Fixed a bug where the signout confirmation page wasn't mobile friendly.
  • Fixed a bug with database migrations that affected really old installations upgrading to the latest version.
  • Fixed a bug where pushing to a gist using git over http(s) would throw an exception in the post-receive hook.
  • Fixed a bug where wiki spam check jobs were queueing mistakenly and never processed.

11.10.322 September 16, 2013

Security

  • MOD: Fixed a bug where passwords weren't being filtered properly when an exception occurred while logging in.

Bugfixes

  • Fixed a bug involving the two-factor authentication configuration. Note that this will invalidate 2FA for accounts where it's enabled. Use Forgot Password workflow to re-enable affected accounts.
  • Fixed a bug where Gist would throw a 500 error under some conditions when an SSL certificate was installed.
  • Fixed a bug where old style Gist URLs weren't redirecting properly.
  • Fixed a bug where LDAP logins were breaking when using SSL encryption.
  • Fixed a bug where LDAP groups weren't behaving as expected with some LDAP server variants.
  • Fixed a bug where LDAP searches weren't filtering as expected with some LDAP server variants.

11.10.321 September 13, 2013

Bugfixes

  • Fixed a bug that was preventing notifications from sending properly.
  • Fixed a bug that was causing upgrades to fail if you were using GitHub OAuth authentication.
  • Made some adjustments to the LDAP Users view to help it work better under some LDAP implementations.

11.10.320 September 13, 2013

New

Enhancements

  • Upgraded git to v1.8.4. This should fix some repository corruption issues caused by git race conditions.
  • Removed solr (all searching is now uses ElasticSearch).
  • Admin CSV reports are now only cached for an hour (down from 24 hours).

Additional information is available here.

11.10.317 August 21, 2013

Enhancements

  • Updated server-side gitconfig to remove the packSizeLimit. This should result in better performance for very large repositories.
  • Added stale .keep file check to ghe-cleanup-repos.

Bugfixes

  • Fixed an issue where service hooks sending payloads to external services using self-signed SSL certificates would fail silently.
  • Fixed an issue where attempting to upgrade an expired license resulted in a 403 error.
  • Fixed an issue where uploading new license files would sometimes result in 401 unauthorized errors.
  • Fixed an issue preventing email addresses with apostrophes in them from working properly.
  • Fixed an issue where the URLs provided by the root API URL were incorrect.
  • Fixed an issue that caused the /applications API endpoint to fail when Private Mode was enabled.
  • Fixed a bug where the admin SSH .profile wasn't being managed which could lead to a broken PATH.
  • Fixed a bug where an organization's ATOM feed was inaccessible when running the appliance in Private Mode.
  • Fixed a bug affecting image asset uploads in issues and pull request comments that were made by pasting an image from the clipboard.
  • Fixed an issue where some MySQL imports using ghe-import-mysql would fail with max_allowed_packet errors.
  • Fixed an issue that would cause networking issues for some OVAs after being cloned.
  • Fixed a bug where admin SSH public key fingerprints weren't matching ssh-keygen -lf output.
  • Fixed a bug where nodeload archives were being exported with repositories when using ghe-export-repositories.
  • Fixed a bug in the Management Console API that prevented settings updates from working in some cases.
  • Fixed a bug where UTF-8 encoding errors would prevent license installation under some conditions.

11.10.316 July 8, 2013

Bugfixes

  • Fixed a bug where changes to SMTP settings weren't being properly applied to all processes.
  • Fixed a bug where user and organization Pages sites weren't being built properly.
  • Fixed a bug where reports would time out on large installations.
  • Fixed a bug where Language rankings weren't being calculated or displayed properly.
  • Removed GitHub.com-specific error message for git protocol operations when the maintenance page was up.
  • Removed ghe-import and ghe-export meta utilities that were broken and shouldn't be used over the more specific ghe-{import,export}-* utilities.
  • Indexing of /setup/* by search indexing robots is now prevented.
  • Fixed a bug where a race condition could occur when uploading a GHP via the Management Console API that would cause the GHP to be deleted before it was unpacked.
  • Fixed a bug where an unnecessary post-receive hook would cause --mirror git push operations for repositories with large numbers of refs to take extremely long.
  • Disallowed http clones for CAS authentication and hid http cloning URLs in the UI (http authentication doesn't work under CAS authentication).
  • Updated ghe-cleanup-repos utility to detect zero byte ref files and fix them when possible.
  • Fixed a bug where the owner email address would always show up as nil in webhook API payloads if the owner was an organization.
  • Fixed a bug where the embed URL of a gist was shown html escaped.
  • Fixed a bug where password reset notification emails were referring to GitHub.com.
  • Fixed a bug where the Enterprise Stats API wasn't returning the correct count of suspended users.
  • Fixed a bug that caused migrations from GitHub:FI to fail during the database migration.
  • Log forwarding now includes auth.log and production.log files in the stream.
  • Removed "Email" wording from the Pages generation notification.

11.10.315 June 5, 2013

Enhancements

  • Added the ability for users to add notes to OAuth tokens created via the web UI.
  • Added the ability to cleanup zip/tarball archives and repositories in purgatory via ghe-cleanup-caches.

Bugfixes

  • Fixed some bugs involving switching repository storage from using the root filesystem to a block device.
  • Fixed an issue where LDAP authentication using SSL could break when updating settings.
  • The "search" username is now reserved.
  • Fixed a bug where service hook payloads could be truncated if they contained multibyte characters.
  • Fixed a bug where the ghe-cleanup-repos utility threw errors when trying to cleanup repositories that were in the database, but not on disk.
  • Re-added the solr-related utilities for gist.
  • Fixed a bug where GitHub OAuth settings were being left out of diagnostics output.
  • Fixed a bug where ghe-export-pages wouldn't provide any feedback when no pages data existed.
  • Fixed a bug where dormant users weren't showing up properly in Reports and Dormant Users listing.

11.10.314 May 16, 2013

Enhancements

  • Users can now generate OAuth tokens via the web UI in the Account Settings > Applications area.

Bugfixes

  • Fixed a bug that prevented Pages from being generated properly.
  • Fixed a bug where issue and pull request notification status information disappeared for past notifications in the web UI.
  • Fixed a problem that prevented the configuration run from completing on a new VM when adding a new repository block device.
  • Fixed a problem where the last configuration step would show as completed before the run was actually done.
  • Fixed a bug where users weren't being considered dormant if they had private repositories.
  • Fixed a bug where changing certain settings could break images and formatting under some conditions.
  • Removed "Open Source" wording from Contributions graph.

11.10.313 May 10, 2013

Bugfixes

  • Fixed a bug preventing service hooks from firing properly.
  • Resolved some problems in 11.10.312 related to internal build issues.

11.10.312 May 9, 2013

Enhancements

  • Added checks to fail early if a GHP is uploaded for the wrong architecture.

Bugfixes

  • Increased unicorn failed timeout for Management Console to avoid some timeout errors.
  • Fixed a bug where SSH pushes were failing with 0x06 errors under some conditions due to timeouts.
  • Fixed a load order issue that caused upgrades to fail with certain sets of configuration settings.
  • Fixed a bug involving javascript error handling on the Management Console upgrade page.
  • Fixed a bug where the "Sync Pull Request" link in the Admin Tools repository facebox would 404.
  • Fixed a bug where the Suspended users view would throw 500 errors.
  • Fixed a bug where some post-receive hooks would throw encoder errors.
  • Fixed a bug where downloading a repository report would lead to a 500 error under certain conditions.

11.10.311 May 8, 2013

Bugfixes

  • Fixed bug causing a LoadError during git clone and push operations.

11.10.310 May 8, 2013

Security

  • CRIT: Fixed potential authentication bypass in the Management Console.
  • MOD: Fixed privilege escalation vulnerability due to world writable executable.
  • LOW: Session cookie expiration time lowered to 1 week.

New

Enhancements

  • Upgraded git to v1.8.1.6.
  • Added ElasticSearch disk usage information to diagnostics.
  • Removed git-daemon max connections limit.
  • Increased MySQL innodb_buffer_pool_size from 8MB to 128MB.
  • Added better sysctl defaults and the ability to customize them (see /etc/sysctl.conf for details).
  • Added access to some limited sudo capabilities (netstat, kill, lsof, tcpdump, strace, tail, grep, shutdown).
  • Added timeout cache clearing to "Clear Page Cache" functionality in Admin Tools facebox (hit backslash while viewing a repo).
  • Added new Reports section in the Admin Tools dashboard to download CSV reports of users, organizations, and repositories.
  • Added the ability to bulk suspend dormant users.

Bugfixes

  • Site Admins can now create wikis without disabling admin mode.
  • In-repo source code searches for public repositories would throw 404 errors.
  • Importing from MySQL backups taken prior to 11.10.300 could prevent logins from working if a configuration run wasn't performed.
  • ElasticSearch indexes weren't being properly created under some conditions. This release will perform a full reindex.
  • Ignore whitespace in diffs wasn't working as expected.
  • Customer license information wasn't being displayed in diagnostics output.
  • Logging out under CAS authentication wasn't working.
  • Display issues on the license expiration page.
  • An interrupted upgrade could put the install in a bad state.
  • Upgrading would sometimes throw a 500 error while uploading the new GHP.
  • Exporting/importing ssh authorized keys raised an error.
  • Caching wasn't being properly cleared when gravatars were enabled, the hostname was changed or SSL was enabled.
  • Gravatars stopped showing up properly even when email addresses were present.
  • Some process monitoring-related issues would sometimes prevent git-daemon from starting properly after upgrades.
  • Submodules living on GitHub.com would be linked to as if they were local.
  • Some cookies were not being set to HttpOnly.
  • Deleting an organization was failing.
  • Downloading support bundles would sometimes throw 500 errors preventing them from being downloaded via the web UI.
  • Pull requests from forks defaulted the target branch to master rather than the corresponding upstream branch.
  • Timeouts when opening pull requests resulted in a 500 rather than a more user-friendly error message.
  • User to Organization conversions were throwing a 500 error, making it impossible to convert a user to an organization.
  • Unlocking private repositories as a site admin now works as expected.

Additional information is available here.

11.10.302 February 11, 2013

Security

Bugfixes / Enhancements

  • Upgraded git to our latest custom build, fixing some issues with refs going missing under certain conditions.

11.10.301 February 7, 2013

New

  • Additional CLI utility:
    • ghe-ssl-ca-certificate to install custom root CA certificates.
  • Added ability to authenticate against Management Console API via Basic Auth.
  • Added new complete parameter to the configure Management Console API call to force a full configuration.

Bugfixes / Enhancements

  • Fixed a bug where hitting back while viewing files in the file browser didn't work.
  • Site Admin users will no longer show up as GitHub Staff.
  • Enabling and disabling Gravatars will now flush memcached to ensure no cached avatars remain.
  • Fixed an ohai error that showed up when generating a Support Bundle via ghe-support-bundle.
  • Fixed a bug where switching Repository Storage from using the root filesystem to a block device failed to migrate repositories that were already on disk.
  • Fixed a bug where unrecognized or invalid SSH authorized keys for the admin user could cause the Management Console settings page to throw 500 errors.
  • Fixed a bug where uploading new GHL licenses through the web UI wasn't properly updating the license information on the appliance.
  • Fixed a display bug where the tease commit above the repository file tree displayed the author as "Unknown" if the author email wasn't associated with an existing user.
  • Fixed a configuration issue where image assets wouldn't load properly if the hostname was changed.
  • Fixed an LDAP bug where the underlying LDAP library would sometimes emit a packet with a zero-length control sequence, which would result in an LDAP Protocol Error. This only affected some LDAP servers (ActiveDirectory was not affected).

11.10.300 January 31, 2013

New

Bugfixes / Enhancements

  • Major overhaul of Admin Tools dashboard.
  • Dropped support for IE 7/8.
  • Fixed longstanding hostname verification bug.
  • Fixed many pull request creation timeout issues.
  • Improved performance of file listing on repos.
  • Updated ghe-export-mysql so it no longer locks tables.
  • New CLI Utilies:
    • ghe-es-status for detecting and fixing common ElasticSearch issues.
    • ghe-es-reindex for reindexing all items in ElasticSearch.
    • ghe-check-disk-usage for finding large files consuming space on the root volume.
  • Added better error checking to ghe-user-{promote,demote} and ghe-user-{suspend,unsuspend} utilities.
  • Git pull/clone operations will now be logged to the audit.log file.
  • Anonymous git pull/clone operations will now log the real ip performing the operation.
  • Added a more informative error when the root volume runs out of space while upgrading.
  • Renamed the repository admin area to "Settings".
  • Updated the process monitoring configuration to help make it more reliable.
  • Fixed a bug where a 405 http status code was received if someone was POSTing while maintenance mode was enabled.
  • Fixed a bug where installations could get stuck in a bad state if an upgrade failed partway through.
  • Added audit logging for site admin and suspension changes for users.
  • Added the ability to delete users who are members of orgs (so long as they aren't the sole owner).
  • Updated to latest linux-generic-pae kernel. [requires VM reboot to take advantage of upgrade]
  • Removed "Page build successful!" notifications for Pages.
  • Fixed bug where the incorrect hostname was being used in Test Emails.
  • Fixed bug where hitting escape in a commit comment would cause anything written to be lost.

Security

Additional information is available here.

11.10.293 January 9, 2013

Security

  • Fixed an issue where SSL aNULL ciphers were still being allowed in some cases.
  • Fixed a potential XSS security vulnerability where search results were being evaluated in-line for repository source code searches.
  • Disabled asciidoc rendering due to a potential security vulnerability.
  • Disabled XML response parsing to handle a potential Rails YAML unmarshaling exploit.
  • Fixed an ActiveRecord dynamic finder vulnerability.
  • Hardened sshd_config permissions.

11.10.292 November 28, 2012

Security

  • Code search previews will no longer be evaluated inline.

Bugfixes / Enhancements

  • Audit log entries will now be made via background job.
  • The Email Test will now use the new notification headers.
  • Added validation for No-Reply and Support Email addresses.
  • Added the ability to specify the broadcast address for static IP configurations to prevent 0.0.0.0 default. (VM restart required)
  • The header will no longer be displayed twice when renaming a repository.
  • 'help' will now work as expected in the command bar.
  • Image files will no longer cause a 500 error when checking out via SVN with some clients.
  • Fixed a bug where the last digit of some static IP configurations wasn't being displayed.
  • DHCP will no longer override manually assigned DNS nameservers.
  • Elastic Search index checks will no longer take 10 minutes to timeout.
  • Email Test errors will now be displayed properly.

11.10.291 November 1, 2012

Bugfixes / Enhancements

  • Fixed an issue that prevented some installations from upgrading successfully due to a rsyslog dependency issue.
  • Fixed an issue causing some installations to fail while attempting to install the elasticsearch package.
  • Fixed some non-critical module load errors that surfaced when rebooting after having upgraded to 11.10.290.
  • Fixed an issue where elasticsearch wasn't binding to all ports as expected under some conditions.

11.10.290 October 31, 2012

New

Bugfixes / Enhancements

  • Improved code, user, and repository search backend.
  • Disabling gravatars now properly affects the contributors graph as well.
  • The VM hostname will no longer return to the default of "github-enterprise-11-10" after reboots.
  • The ghe-cleanup-repos utility will no longer incorrectly identify gists and wikis as deleted repositories.
  • Fixed some truncation issues with really long repository names.
  • LDAP connection testing is now available in the Management Console.

Additional information is available here.

11.10.284 October 17, 2012

Bugfixes / Enhancements

  • Email confirmations are no longer sent when a user deletes their own user account.
  • Content Security Violation errors will no longer occur when browsing to the site as an admin user when using Firefox.
  • Rsyslog will now reload settings properly when log forwarding options are changed.
  • The admin stats API will now report accurate numbers for repo counts.
  • Fixed a bug where license expiration warnings were not showing up as expected in all cases.
  • Fixed a bug in the JIRA service hook that prevented it from working as intended.
  • Fixed a variety of SVN-related errors encountered when using the SVN bridge.
  • Fixed a bug where the API would return https URLs regardless of the SSL settings of the installation.
  • Fixed a bug in the ghe-cleanup-repos utility that was causing it to identify all gists as bad repositories.

11.10.283 October 3, 2012

Bugfixes / Enhancements

  • Fixed a bug that prevented the SVN bridge from starting properly.
  • Fixed a long-standing issue that would cause successful configuration runs to incorrectly display as failed under certain conditions.

11.10.282 October 1, 2012

New

  • No-reply and support email addresses are now configurable.

Bugfixes / Enhancements

  • Performance improvements
    • Resque worker counts are now scaled based on CPU rather than memory.
    • Memcached max cache size is now greatly increased for installations with 12GB or more of memory.
    • Future upgrades will now consume much less memory.
    • Number of web processes serving the Management Console has been reduced.
    • Repository network graphs are no longer built after every git push.
  • SVN commits will now work as expected.
  • Fixed an issue where GitHub would sometimes become unresponsive after upgrading or saving settings.
  • The email notification beacon will now properly mark notifications as read when Private Mode is enabled.
  • Atom feed URLs will now work in Private Mode.
  • Fixed an issue where failed upgrades would cause the Management Console to redirect to /setup/start.
  • Fixed an issue where ghe-reindex was failing to execute properly.
  • The Management Console will create a session as expected now (i.e., it won't require an unlock every time it's browsed to).
  • 404s occurring during a fresh installation will now properly show up as a 500 error.
  • Requests to api.[hostname] and gist.[hostname] will no longer be automatically redirected to [hostname].
  • Fixed a bug where ghe-dbconsole utility wasn't working as expected.
  • /setup/diagnostics and ghe-diagnostics utility will take less time to execute.
  • User-to-user repo transfers will happen as expected now.
  • Email service hook will now use the appropriate domain name.
  • Fixed a bug where organization creation was being prevented when at the license seat limit.
  • Fixed a bug where gist comment previews weren't working properly.
  • The default gravatar image used for users who don't have a gravatar will work as expected now.
  • Upgraded git to 1.7.10 (the same version used on GitHub.com).
  • Updated the ghe-cleanup-repos script to handle empty repo directories.
  • Fixed an upgrade issue that would cause failures while attempting to install the god gem.

11.10.281 September 11, 2012

Bugfixes / Enhancements

  • Fixed an issue that caused some valid GHL licenses to fail to unlock the Management Console for an installation, displaying a "license mismatch" error.
  • Fixed a timeout issue while uploading GHPs – after installing this release there should be fewer errors immediately following upload of a new GHP package.

11.10.280 September 10, 2012

New

Bugfixes / Enhancements

  • All requests to installations that don't use the hostname specified in the Management Console will automatically get redirected to the configured hostname.
  • Fixed a bug where the ghe-export-redis utility was generated corrupt backups.
  • Fixed a bug where disk usage for the repositories block device wasn't being exported by SNMP.
  • Fixed problem where search indexing background jobs could pile up causing degraded performance for installations.
  • User-to-user repository transfers should now work as expected.
  • Fixed a bug where long issue labels were getting truncated prematurely.
  • Adjustments were made that should help decrease load when there are large numbers of active SSH connections.
  • NTP will no longer hang indefinitely during configuration runs if the NTP servers are unreachable.
  • Renaming a repository will now properly rename its associated wiki.
  • OpenSearch now references the specified hostname rather than github.com.
  • Filenames with multiple periods in their name will no longer cause errors.
  • All user agents are now allowed in the robots.txt file.

Additional information is available here.

11.10.273 July 24, 2012

Bugfixes / Enhancements

  • Fixed an issue that caused HTTP clones to fail under some conditions.
  • Fixed a problem that was causing upgrades from older releases to fail.
  • Fixed a bug in the ghe-cleanup-repos utility where affected repos weren't being deleted from the database.

11.10.272 July 5, 2012

Bugfixes / Enhancements

  • Fixed a bug that caused errors during the upgrade process under some conditions. If you've successfully upgraded to 11.10.271 already, then this bug does not affect you.

11.10.271 June 28, 2012

New

  • Added ghe-time-sync utility to force a one-time large time correction.
  • Added ghe-cleanup-repos utility to cleanup failed repo forks, empty wiki repos, and repos that failed to delete for customers affected by the background job bug mentioned below.

Bugfixes / Enhancements

  • Fixed a bug that caused background jobs to fail after upgrading under some conditions (introduced in 11.10.270).
  • Fixed an issue that caused errors at the end of configuration runs (this did not impact the outcome of the configuration run).
  • The ghe-user-csv utility will now always output all fields. Added repository count, ssh key count, and organization membership count columns. Use -h flag to view new options.
  • Changes to prevent failed configuration runs due to certain processes failing to restart immediately.
  • Corrected a number of places where GitHub.com-specific email addresses and URLs were hardcoded.
  • Fixed a bug that caused an error when deleting organizations from the Admin Tools dashboard.

11.10.270 June 6, 2012

New

Bugfixes / Enhancements

  • SSL certificate validation improved.
  • User-to-organization conversions now work as expected.
  • Improvements to the ghe-user-csv and ghe-grow-root utilities.
  • Renaming a user will now rename corresponding directories on the filesystem as well.
  • Better error messaging in the Management Console.
  • Fixed an infinite redirect loop during configuration that would occur under some conditions.
  • Long-running network graph generation should no longer block other background jobs.
  • Fixed an issue that would cause search indexing to fail when issues contained no body.

Additional information is available here.

11.10.262 May 11, 2012

Bugfixes / Enhancements

  • Fixed a bug that caused errors when forking repos or adding collaborators.
  • Rally service hook has been added.
  • Refinements to the ghe-grow-root script (new syntax -- use -h flag for more info).

11.10.261 May 2, 2012

Bugfixes / Enhancements

  • Fixed a bug where admin SSH access wasn't enabling properly under some conditions.
  • Fixed a bug with the ghe-user-csv utility that prevented printing only non-admin users.
  • Fixed a bug in the ghe-solr-recreate utility that prevented it from reindexing properly.
  • Fixed a service hook bug that caused hooks with custom names to break. This fixes the Jenkins service hooks.

11.10.260 May 1, 2012

Security

  • aNULL SSL ciphers are no longer allowed.
  • Added CSRF protection to Gists (this will break creating gists by POSTing directly to /gist -- please use the API).

New

Bugfixes / Enhancements

  • CAS authentication fixes and enhancements.
  • Custom DNS nameservers are now always enabled. This fixes a bug where custom DNS nameservers entered at the console prompt could get disabled unintentionally on first setup. By default, it will try to use Google Public DNS nameservers.
  • Fixed an issue that would sometimes cause 404s when uploading new GHPs.
  • Fixed a bug that would result in an infinite redirect loop during initial setup under certain conditions.

11.10.259 April 4, 2012

Bugfixes / Enhancements

  • Fixed an issue where the Orgs tab in the Admin Tools dashboard wasn't loading properly.
  • Fixed a caching issue related to the header buttons and using the Fake Login feature.
  • Improvements to help prevent the git-daemon from causing configuration runs to fail in some cases.
  • The Fork Queue has been removed (details here).

11.10.257 March 30, 2012

Bugfixes / Enhancements

  • SSH key add password confirmation will now also prompt for username when using LDAP authentication.
  • Admins who test other accounts using the Fake Login feature can now resume their admin session by logging out.

11.10.254 March 20, 2012

Bugfixes / Enhancements

  • Fixed a bug that prevented trial installations from inviting users.
  • Fixed a bug that resulted in an "unrecognized command" error when push/pulling (only existed on 11.10.253 release).

11.10.252 March 17, 2012

Bugfixes / Enhancements

  • Fixed a bug where the Invite User form wasn't working properly for Built-in Authentication.

11.10.251 March 15, 2012

Bugfixes / Enhancements

  • SSH key password confirmation will now work with LDAP and CAS authentication.

11.10.250 March 15, 2012

Security

  • Nginx security vulnerability fixed. Details here.
  • SSH Key Audit feature added. Details here.
  • Adding new SSH keys will now prompt for a password and send an email notification.

New

Bugfixes / Enhancements

  • Organization links in Account Settings now use the correct domain.
  • Transferring a repository will no longer cause its wiki to disappear.
  • Fixed bug that prevented GitHub:FI migrations from completing under some conditions.

11.10.240 March 7, 2012

Security

  • Vulnerability in the SSH public key update form fixed. Details here.

New

Bugfixes / Enhancements

  • Logs are now being rotated. Please click here for more details including how to retain all existing logs.
  • Significant performance increases for VMs with more than 4GB of memory (NOTE: reboot required to take advantage of this).
  • Suggested minimum memory requirements are being increased to 8GB as of this release.
  • Email service hook now works with more SMTP server configurations.
  • User profiles will now save properly under LDAP and CAS authentication.
  • Growing the filesystem of the attached repository storage is now possible. Instructions are available here.
  • Admin interface improvements
    • On initial setup the first LDAP or CAS user that logs in will automatically be promoted to Admin status now.
    • Admin Tools dashboard now has separate tabs for Users and Organizations.
    • Invite User tab now hidden in Admin Tools for LDAP and CAS authentication.
    • Admin Tools link now shows up properly for users who are promoted to Admin status.
  • Reset password and change username options are now hidden under LDAP and CAS authentication.
  • SSH connection limit has been increased significantly.
  • Configuration runs now give feedback when they fail and link to logs.
  • Various UI and performance enhancements.

11.10.205 February 9, 2012

Bugfixes / Enhancements

  • Fixed a bug where some background jobs were not being processed under certain conditions.
  • Another fix related to configuration runs without internet access.

11.10.195 February 8, 2012

Bugfixes / Enhancements

  • Fixed an additional bug related to configuration runs without internet access.

11.10.179 February 7, 2012

New

  • Admin stats API is now available.
  • The root disk for Enterprise installs created with the new OVA will now default to 75GB when using VMware ESXi.

Bugfixes / Enhancements

  • Installations without internet access will now complete the configuration process after Management Console saves.
  • Fixed a bug causing the search service (Solr) to crash on new installs.
  • Signup link is no longer available in the header when using LDAP authentication.
  • Clippy flash widget will no longer burn CPU cycles with many commit pages open.
  • Milestones and assignees added to Pull Requests.
  • Admin stats bar now displays breakdown of page load time and root disk usage information.
  • Various UI and performance enhancements.

11.10.143 January 17, 2012

New

  • GitHub Pages feature now available. CNAME files and user subdomains are not supported.

Bugfixes / Enhancements

  • Problem with console prompt and configuration fixed (this is why 11.10.135 was yanked).
  • Network graph will now show a much larger range of commits for repos with long histories.
  • SSL certificates with passphrases or in unsupported formats will no longer be accepted.
  • PivotalTracker service hook now supports on-premise Tracker installs.
  • UI enhancements for user dashboard and repository/README views.
  • Reparent Admin Tool feature for repositories is now enabled.

Security / Maintenance

  • Additional log filtering was added.

11.10.112 December 28, 2011

  • API authentication now works properly under LDAP.
  • LDAP connections will no longer stop working after short periods of time.
  • Fixed a slow connection problem for SSH git operations caused by a configuration issue.
  • Fixed a bug with network graphs that prevented hover information from showing over a commit.
  • Fixed an issue with SMTP email tests that kept successful tests from logging debug output.

11.10.104 December 21, 2011

  • New skinny header integrated.
  • Fixed a bug with moving repositories from users to organizations. If you experienced this issue, contact support to find out how to get your repository back in a good state so you can take advantage of this fix.
  • Fixed a bug where some pull requests or commit views were generating 500 errors.
  • Fixed a code indexing issue with search. Code results should now show up in searches. Keep in mind that code, users, and repos are indexed periodically rather than immediately after they're created. If it doesn't show up immediately, wait for 20-30 minutes or so and it should show up.
  • A checksum is now performed on GHP files after they've been uploaded to the Management Console to detect in-transit corruption.
  • Added additional SMTP debug logging when sending test emails in the Management Console. Note that this logging only shows up if the message was not sent successfully.

11.10.87 December 12, 2011

  • Block storage devices now mount properly after reboot.
  • Fixed a bug with switching from Root Filesystem to Block Device storage that caused the root filesystem backup to attempt to run on every configuration.
  • Fixed a variety of SMTP configuration issues.
  • Added support for explicitly disabling TLS for SMTP.

11.10.27 November 4, 2011

Enterprise Changes

  • Bug fixes related to LDAP integration.
  • Fix the default .ovf path to be compatible with windows paths.
  • Display the default network adapters MAC address on the console welcome screen.

GitHub Changes

  • Fix the LDAP uid lookup which caused usernames to include DC information.
  • Fixed bug in unicorn reloading related to environment variables.

11.10.12 October 15, 2011

Initial release.