Version 11.10.331

Latest Released on February 20, 2014

Last month GitHub launched a Security Bug Bounty program, which has been wildly successful in identifying a number of security vulnerabilities ranging from low to critical risk on GitHub.com. To get these fixes to you more quickly, we've pushed the 11.10.330 Feature Release back to 11.10.340. Between now and then, we'll be using the 11.10.33x series for further security/bugfix releases.

This release addresses the following issues:

Security

  • CRIT: Root exploit vulnerability.
  • CRIT: Authentication bypass vulnerability for LDAP under certain conditions.
  • HIGH: Gist vulnerability that could grant access to private repos under a targeted chain attack.
  • HIGH: Content Security Policy (CSP) bypass vulnerability.
  • HIGH: Flash Cross Site Scripting (XSS) vulnerability for raw blobs.
  • HIGH: DOM-based XSS + CSP bypass vulnerability.
  • MED: JSONP callback vulnerability that could result in arbitrary Flash execution.
  • MED: OAuth URL parsing open redirect vulnerability.
  • MED: Vulnerability where raw gist content could be viewed without authentication for public gists when Private Mode was enabled.
  • LOW: Issue where the dotcom_user session cookie wasn't being removed on logout.
  • LOW: Open redirect vulnerability.
  • LOW: SSH key audit verification CSRF vulnerability.
  • LOW: Contributor Graph XSS vulnerability.
  • LOW: OAuth URL parsing path traversal vulnerability.
  • LOW: Login open redirect vulnerability.
  • LOW: OAuth subdomain bypass vulnerability.
  • LOW: Java updated to pull in a variety of security and bug fixes.

General

  • ghe-user-demote was demoting admins improperly (they still lost admin privileges).
  • The audit.log file was unreadable by the admin SSH user.

GitHub

  • Pull request mergeability checks were failing under some conditions when opening new pull requests.
  • System emails being sent to a user with no primary email set would cause an error.
  • Exceptions weren't being reported properly in some cases.
  • Audit log data wasn't being printed as valid JSON.

Authentication

  • The first LDAP user who logged in wasn't being auto-promoted to Site Admin if no Admin Group was specified.
  • Not all errors were displayed if any were encountered when a user first signed in under LDAP.
  • GitHub for Mac would fail to authenticate properly if Private Mode was enabled.
  • GitHub for Mac would fail to authenticate properly with user logins that had to be normalized (e.g., had a period or underscore in them).

Git

  • Git push performance regression affecting repositories with large numbers of refs (branches/tags).

API

  • API scope validation issue producing false positives.

Version 11.10.329

Released on January 9, 2014

Security

  • HIGH: Fixed a vulnerability affecting Pages that would allow arbitrary file reads and writes on the installation.

General

  • Fixed a bug where Pull Request merge status checks were failing in some cases when opening a new Pull Request.

Authentication

  • Fixed a bug where invalid data in LDAP mail attributes would prevent new user accounts from being created.

Version 11.10.328

Released on December 18, 2013

General

  • Fixed a bug where editing files in the web editor using Safari under Mavericks resulted in the cursor being displayed incorrectly.
  • Fixed a bug where migrating from older releases would trigger errors during the configuration process.
  • Fixed a bug where viewing a user's comments in the Admin Tools dashboard would throw a 500 if a Gist comment was included.
  • Fixed a bug that could cause race conditions when attempting to merge pull requests that would result in a 500 error.
  • Removed rate limiting options from the OAuth application settings as rate limiting is globally disabled on Enterprise.
  • Fixed a bug where gravatars continued being displayed on repository network graphs even when they were disabled.
  • Fixed a bug where pull requests that were far behind their head ref would be incorrectly closed automatically.
  • Fixed a bug where a branch could be deleted from a merged pull request when another open pull request was using it as its base.
  • Suspended users now get see the email address of the GitHub Enterprise administrator, if they've added it in the settings.
  • Fixed a bug where the support bundle was attempting to include a non-existent directory.
  • Fixed a bug where the configured support email wasn't being used on the maintenance page.
  • Fixed a bug where ProTips for GitHub.com where being shown instead of the ones specific to GitHub Enterprise.
  • Added support for large cookies (up to 32 kb) to better support highly proxied environments.

Authentication

  • Fixed a bug where the All LDAP users section of the Admin Tools dashboard would yield a 500 error under some conditions.
  • Fixed a bug where login errors due to not being in an allowed LDAP group were not distinguished from incorrect credentials at login time.
  • Fixed a bug where multiple attempts at creating LDAP user emails were being made on initial login resulting in an error.
  • Fixed a bug where a 500 error could occur if none of the restricted LDAP groups were found.
  • Fixed a bug where the LDAP configuration test wasn't limiting its user search to the specified groups.

Gist

  • Fixed a bug where navigation links weren't respecting the custom appliance hostname.
  • Fixed a bug where embedded gists weren't rendering properly.
  • Fixed a bug where viewing gists in IE11 would result in a 422 Unprocessable Entity browser error.
  • Fixed a bug where previewing comments in gists would fail.
  • Fixed a bug where the Google Analytics code for GitHub.com was being included in gist pages.

Version 11.10.327

Released on December 4, 2013

Security

  • CRIT: Updated Java and other system packages to address critical vulnerabilities.
  • CRIT: Updated Ruby to protect against a buffer overflow vulnerability.
  • CRIT: Fixed a bug where a user could craft a special request that would allow arbitrary command execution on the appliance.
  • HIGH: Updated git for 32-bit and 64-bit installs to prevent a buffer overflow under some conditions.
  • HIGH: Kernel updated to prevent an exploit where an SSH user on the appliance could potentially gain elevated root permissions.
  • HIGH: Fixed a bug in the API that would allow for brute force password guessing.
  • HIGH: Updated Gist to address new Rails security vulnerabilities.
  • LOW: Fixed a bug that allowed users to inject LDAP filters into the username field on the login page.
  • LOW: Fixed an issue where a Gist's content wasn't filtered correctly and therefore appeared in the log files.

Version 11.10.326

Released on October 28, 2013

Bugfixes

  • Fixed an issue that occurred under specific conditions that caused erroneous LDAP validation errors which prevented settings from being changed in the Management Console.
  • Fixed an issue that caused Gists to display error messages when browsed to if they had been commented on.
  • Fixed an issue where the email service hook wasn't respecting the TLS SMTP option configured for the installation.
  • Fixed a bug where moving a block device that had previously been used on another installation and attaching it to a new installation would result in any data it contained being deleted.
  • Fixed a bug where Reports being generated would include partial datasets under some conditions.
  • Fixed a bug where Gist indexing was occurring in-line during upgrades rather than in the background, which caused some upgrades to fail due to a timeout.
  • Re-enabled "Detach from network" option for repositories in the Admin Tools dashboard.

Version 11.10.325

Released on October 17, 2013

Security

  • LOW: Fixed a bug where service hook delivery lists were accessible to unauthenticated users on publicly accessible installations. No customer data would have been accessible from this page.

Bugfixes

  • Fixed a bug where email service hooks weren't delivering mail properly for installations with SMTP Authentication set to "none".
  • Fixed LDAP issues related to bases and groups not validating properly in some cases when attempting to save settings or test.
  • Fixed a bug where teams added as collaborators on repositories were showing up twice. To fix cases where this is already present, remove and re-add the team.
  • Re-enabled the public push option for repositories.
  • Fixed a bug where the ghe-es-reindex utility wasn't applying to all search indexes.
  • Removed the ghe-es-reset utility since its functionality has been superseded by ghe-es-reindex.
  • Fixed a bug where archives weren't building properly for private repositories.
  • Fixed a bug where the Gist API was providing an incorrect URL for raw files.
  • Fixed a bug where re-authorization prompts were happening when adding users to teams under CAS authentication (where re-authorization prompts don't work).
  • Fixed a bug where use of non-https image URLs in Gist was resulting in broken images.
  • Fixed a bug where two-factor authentication wouldn't work properly with GitHub for Mac when using the GitHub OAuth authentication option.
  • Fixed a bug where users with disallowed characters in their LDAP username (which are converted to dashes ordinarily) couldn't log in using GitHub native clients.
  • Fixed a bug where Pages sites weren't being properly renamed after a user or organization was renamed.
  • Fixed a bug where a variety of errors were showing up due to users not having a primary email set.
  • Fixed a bug where HTML tables weren't being rendered properly in inline comments.
  • Fixed a bug where services weren't always being restarted as they should after configuration runs. This resolves an issue with hostname updates when viewing service hook deliveries and viewing gists when private mode is disabled.
  • Fixed a bug where the "All Gists" link was no longer being displayed in Gist.
  • Fixed CSS rendering issue on the Explore page.

Version 11.10.324

Released on September 23, 2013

Security

  • CRIT: Fixed a vulnerability that would allow an individual to login as any user under LDAP authentication. Other methods of authentication and releases prior to 11.10.320 are unaffected.

Version 11.10.323

Released on September 20, 2013

Enhancements

  • Added a banner to remind users to add an email address if they don't have one.

Bugfixes

  • Fixed a bug where disk usage units in the admin stats bar are wrong.
  • ElasticSearch cluster status was incorrectly displayed as 'yellow'.
  • Fixed a bug where email service hooks weren't delivering emails properly.
  • Fixed a bug where saving settings in the Management Console doesn't work if SSL is enabled.
  • Fixed a bug where GitHub OAuth authentication caused a redirect loop at login.
  • Fixed a bug where previewing a wiki page would throw a 500 error.
  • Fixed a bug where public repos were showing up with private repo styling.
  • Fixed a bug where the signout confirmation page wasn't mobile friendly.
  • Fixed a bug with database migrations that affected really old installations upgrading to the latest version.
  • Fixed a bug where pushing to a gist using git over http(s) would throw an exception in the post-receive hook.
  • Fixed a bug where wiki spam check jobs were queueing mistakenly and never processed.

Version 11.10.322

Released on September 16, 2013

Security

  • MOD: Fixed a bug where passwords weren't being filtered properly when an exception occurred while logging in.

Bugfixes

  • Fixed a bug involving the two-factor authentication configuration. Note that this will invalidate 2FA for accounts where it's enabled. Use Forgot Password workflow to re-enable affected accounts.
  • Fixed a bug where Gist would throw a 500 error under some conditions when an SSL certificate was installed.
  • Fixed a bug where old style Gist URLs weren't redirecting properly.
  • Fixed a bug where LDAP logins were breaking when using SSL encryption.
  • Fixed a bug where LDAP groups weren't behaving as expected with some LDAP server variants.
  • Fixed a bug where LDAP searches weren't filtering as expected with some LDAP server variants.

Version 11.10.321

Released on September 13, 2013

Bugfixes

  • Fixed a bug that was preventing notifications from sending properly.
  • Fixed a bug that was causing upgrades to fail if you were using GitHub OAuth authentication.
  • Made some adjustments to the LDAP Users view to help it work better under some LDAP implementations.

Version 11.10.320

Released on September 13, 2013

New

Enhancements

  • Upgraded git to v1.8.4. This should fix some repository corruption issues caused by git race conditions.
  • Removed solr (all searching is now uses ElasticSearch).
  • Admin CSV reports are now only cached for an hour (down from 24 hours).

Additional information is available here.

Version 11.10.317

Released on August 21, 2013

Enhancements

  • Updated server-side gitconfig to remove the packSizeLimit. This should result in better performance for very large repositories.
  • Added stale .keep file check to ghe-cleanup-repos.

Bugfixes

  • Fixed an issue where service hooks sending payloads to external services using self-signed SSL certificates would fail silently.
  • Fixed an issue where attempting to upgrade an expired license resulted in a 403 error.
  • Fixed an issue where uploading new license files would sometimes result in 401 unauthorized errors.
  • Fixed an issue preventing email addresses with apostrophes in them from working properly.
  • Fixed an issue where the URLs provided by the root API URL were incorrect.
  • Fixed an issue that caused the /applications API endpoint to fail when Private Mode was enabled.
  • Fixed a bug where the admin SSH .profile wasn't being managed which could lead to a broken PATH.
  • Fixed a bug where an organization's ATOM feed was inaccessible when running the appliance in Private Mode.
  • Fixed a bug affecting image asset uploads in issues and pull request comments that were made by pasting an image from the clipboard.
  • Fixed an issue where some MySQL imports using ghe-import-mysql would fail with max_allowed_packet errors.
  • Fixed an issue that would cause networking issues for some OVAs after being cloned.
  • Fixed a bug where admin SSH public key fingerprints weren't matching ssh-keygen -lf output.
  • Fixed a bug where nodeload archives were being exported with repositories when using ghe-export-repositories.
  • Fixed a bug in the Management Console API that prevented settings updates from working in some cases.
  • Fixed a bug where UTF-8 encoding errors would prevent license installation under some conditions.

Version 11.10.316

Released on July 8, 2013

Bugfixes

  • Fixed a bug where changes to SMTP settings weren't being properly applied to all processes.
  • Fixed a bug where user and organization Pages sites weren't being built properly.
  • Fixed a bug where reports would time out on large installations.
  • Fixed a bug where Language rankings weren't being calculated or displayed properly.
  • Removed GitHub.com-specific error message for git protocol operations when the maintenance page was up.
  • Removed ghe-import and ghe-export meta utilities that were broken and shouldn't be used over the more specific ghe-{import,export}-* utilities.
  • Indexing of /setup/* by search indexing robots is now prevented.
  • Fixed a bug where a race condition could occur when uploading a GHP via the Management Console API that would cause the GHP to be deleted before it was unpacked.
  • Fixed a bug where an unnecessary post-receive hook would cause --mirror git push operations for repositories with large numbers of refs to take extremely long.
  • Disallowed http clones for CAS authentication and hid http cloning URLs in the UI (http authentication doesn't work under CAS authentication).
  • Updated ghe-cleanup-repos utility to detect zero byte ref files and fix them when possible.
  • Fixed a bug where the owner email address would always show up as nil in webhook API payloads if the owner was an organization.
  • Fixed a bug where the embed URL of a gist was shown html escaped.
  • Fixed a bug where password reset notification emails were referring to GitHub.com.
  • Fixed a bug where the Enterprise Stats API wasn't returning the correct count of suspended users.
  • Fixed a bug that caused migrations from GitHub:FI to fail during the database migration.
  • Log forwarding now includes auth.log and production.log files in the stream.
  • Removed "Email" wording from the Pages generation notification.

Version 11.10.315

Released on June 5, 2013

Enhancements

  • Added the ability for users to add notes to OAuth tokens created via the web UI.
  • Added the ability to cleanup zip/tarball archives and repositories in purgatory via ghe-cleanup-caches.

Bugfixes

  • Fixed some bugs involving switching repository storage from using the root filesystem to a block device.
  • Fixed an issue where LDAP authentication using SSL could break when updating settings.
  • The "search" username is now reserved.
  • Fixed a bug where service hook payloads could be truncated if they contained multibyte characters.
  • Fixed a bug where the ghe-cleanup-repos utility threw errors when trying to cleanup repositories that were in the database, but not on disk.
  • Re-added the solr-related utilities for gist.
  • Fixed a bug where GitHub OAuth settings were being left out of diagnostics output.
  • Fixed a bug where ghe-export-pages wouldn't provide any feedback when no pages data existed.
  • Fixed a bug where dormant users weren't showing up properly in Reports and Dormant Users listing.

Version 11.10.314

Released on May 16, 2013

Enhancements

  • Users can now generate OAuth tokens via the web UI in the Account Settings > Applications area.

Bugfixes

  • Fixed a bug that prevented Pages from being generated properly.
  • Fixed a bug where issue and pull request notification status information disappeared for past notifications in the web UI.
  • Fixed a problem that prevented the configuration run from completing on a new VM when adding a new repository block device.
  • Fixed a problem where the last configuration step would show as completed before the run was actually done.
  • Fixed a bug where users weren't being considered dormant if they had private repositories.
  • Fixed a bug where changing certain settings could break images and formatting under some conditions.
  • Removed "Open Source" wording from Contributions graph.

Version 11.10.313

Released on May 10, 2013

Bugfixes

  • Fixed a bug preventing service hooks from firing properly.
  • Resolved some problems in 11.10.312 related to internal build issues.

Version 11.10.312

Released on May 9, 2013

Enhancements

  • Added checks to fail early if a GHP is uploaded for the wrong architecture.

Bugfixes

  • Increased unicorn failed timeout for Management Console to avoid some timeout errors.
  • Fixed a bug where SSH pushes were failing with 0x06 errors under some conditions due to timeouts.
  • Fixed a load order issue that caused upgrades to fail with certain sets of configuration settings.
  • Fixed a bug involving javascript error handling on the Management Console upgrade page.
  • Fixed a bug where the "Sync Pull Request" link in the Admin Tools repository facebox would 404.
  • Fixed a bug where the Suspended users view would throw 500 errors.
  • Fixed a bug where some post-receive hooks would throw encoder errors.
  • Fixed a bug where downloading a repository report would lead to a 500 error under certain conditions.

Version 11.10.311

Released on May 8, 2013

Bugfixes

  • Fixed bug causing a LoadError during git clone and push operations.

Version 11.10.310

Released on May 8, 2013

Security

  • CRIT: Fixed potential authentication bypass in the Management Console.
  • MOD: Fixed privilege escalation vulnerability due to world writable executable.
  • LOW: Session cookie expiration time lowered to 1 week.

New

Enhancements

  • Upgraded git to v1.8.1.6.
  • Added ElasticSearch disk usage information to diagnostics.
  • Removed git-daemon max connections limit.
  • Increased MySQL innodb_buffer_pool_size from 8MB to 128MB.
  • Added better sysctl defaults and the ability to customize them (see /etc/sysctl.conf for details).
  • Added access to some limited sudo capabilities (netstat, kill, lsof, tcpdump, strace, tail, grep, shutdown).
  • Added timeout cache clearing to "Clear Page Cache" functionality in Admin Tools facebox (hit backslash while viewing a repo).
  • Added new Reports section in the Admin Tools dashboard to download CSV reports of users, organizations, and repositories.
  • Added the ability to bulk suspend dormant users.

Bugfixes

  • Site Admins can now create wikis without disabling admin mode.
  • In-repo source code searches for public repositories would throw 404 errors.
  • Importing from MySQL backups taken prior to 11.10.300 could prevent logins from working if a configuration run wasn't performed.
  • ElasticSearch indexes weren't being properly created under some conditions. This release will perform a full reindex.
  • Ignore whitespace in diffs wasn't working as expected.
  • Customer license information wasn't being displayed in diagnostics output.
  • Logging out under CAS authentication wasn't working.
  • Display issues on the license expiration page.
  • An interrupted upgrade could put the install in a bad state.
  • Upgrading would sometimes throw a 500 error while uploading the new GHP.
  • Exporting/importing ssh authorized keys raised an error.
  • Caching wasn't being properly cleared when gravatars were enabled, the hostname was changed or SSL was enabled.
  • Gravatars stopped showing up properly even when email addresses were present.
  • Some process monitoring-related issues would sometimes prevent git-daemon from starting properly after upgrades.
  • Submodules living on GitHub.com would be linked to as if they were local.
  • Some cookies were not being set to HttpOnly.
  • Deleting an organization was failing.
  • Downloading support bundles would sometimes throw 500 errors preventing them from being downloaded via the web UI.
  • Pull requests from forks defaulted the target branch to master rather than the corresponding upstream branch.
  • Timeouts when opening pull requests resulted in a 500 rather than a more user-friendly error message.
  • User to Organization conversions were throwing a 500 error, making it impossible to convert a user to an organization.
  • Unlocking private repositories as a site admin now works as expected.

Additional information is available here.

Version 11.10.302

Released on February 11, 2013

Security

Bugfixes / Enhancements

  • Upgraded git to our latest custom build, fixing some issues with refs going missing under certain conditions.

Version 11.10.301

Released on February 7, 2013

New

  • Additional CLI utility:
    • ghe-ssl-ca-certificate to install custom root CA certificates.
  • Added ability to authenticate against Management Console API via Basic Auth.
  • Added new complete parameter to the configure Management Console API call to force a full configuration.

Bugfixes / Enhancements

  • Fixed a bug where hitting back while viewing files in the file browser didn't work.
  • Site Admin users will no longer show up as GitHub Staff.
  • Enabling and disabling Gravatars will now flush memcached to ensure no cached avatars remain.
  • Fixed an ohai error that showed up when generating a Support Bundle via ghe-support-bundle.
  • Fixed a bug where switching Repository Storage from using the root filesystem to a block device failed to migrate repositories that were already on disk.
  • Fixed a bug where unrecognized or invalid SSH authorized keys for the admin user could cause the Management Console settings page to throw 500 errors.
  • Fixed a bug where uploading new GHL licenses through the web UI wasn't properly updating the license information on the appliance.
  • Fixed a display bug where the tease commit above the repository file tree displayed the author as "Unknown" if the author email wasn't associated with an existing user.
  • Fixed a configuration issue where image assets wouldn't load properly if the hostname was changed.
  • Fixed an LDAP bug where the underlying LDAP library would sometimes emit a packet with a zero-length control sequence, which would result in an LDAP Protocol Error. This only affected some LDAP servers (ActiveDirectory was not affected).

Version 11.10.300

Released on January 31, 2013

New

Bugfixes / Enhancements

  • Major overhaul of Admin Tools dashboard.
  • Dropped support for IE 7/8.
  • Fixed longstanding hostname verification bug.
  • Fixed many pull request creation timeout issues.
  • Improved performance of file listing on repos.
  • Updated ghe-export-mysql so it no longer locks tables.
  • New CLI Utilies:
    • ghe-es-status for detecting and fixing common ElasticSearch issues.
    • ghe-es-reindex for reindexing all items in ElasticSearch.
    • ghe-check-disk-usage for finding large files consuming space on the root volume.
  • Added better error checking to ghe-user-{promote,demote} and ghe-user-{suspend,unsuspend} utilities.
  • Git pull/clone operations will now be logged to the audit.log file.
  • Anonymous git pull/clone operations will now log the real ip performing the operation.
  • Added a more informative error when the root volume runs out of space while upgrading.
  • Renamed the repository admin area to "Settings".
  • Updated the process monitoring configuration to help make it more reliable.
  • Fixed a bug where a 405 http status code was received if someone was POSTing while maintenance mode was enabled.
  • Fixed a bug where installations could get stuck in a bad state if an upgrade failed partway through.
  • Added audit logging for site admin and suspension changes for users.
  • Added the ability to delete users who are members of orgs (so long as they aren't the sole owner).
  • Updated to latest linux-generic-pae kernel. [requires VM reboot to take advantage of upgrade]
  • Removed "Page build successful!" notifications for Pages.
  • Fixed bug where the incorrect hostname was being used in Test Emails.
  • Fixed bug where hitting escape in a commit comment would cause anything written to be lost.

Security

Additional information is available here.

Version 11.10.293

Released on January 9, 2013

Security

  • Fixed an issue where SSL aNULL ciphers were still being allowed in some cases.
  • Fixed a potential XSS security vulnerability where search results were being evaluated in-line for repository source code searches.
  • Disabled asciidoc rendering due to a potential security vulnerability.
  • Disabled XML response parsing to handle a potential Rails YAML unmarshaling exploit.
  • Fixed an ActiveRecord dynamic finder vulnerability.
  • Hardened sshd_config permissions.

Version 11.10.292

Released on November 28, 2012

Security

  • Code search previews will no longer be evaluated inline.

Bugfixes / Enhancements

  • Audit log entries will now be made via background job.
  • The Email Test will now use the new notification headers.
  • Added validation for No-Reply and Support Email addresses.
  • Added the ability to specify the broadcast address for static IP configurations to prevent 0.0.0.0 default. (VM restart required)
  • The header will no longer be displayed twice when renaming a repository.
  • 'help' will now work as expected in the command bar.
  • Image files will no longer cause a 500 error when checking out via SVN with some clients.
  • Fixed a bug where the last digit of some static IP configurations wasn't being displayed.
  • DHCP will no longer override manually assigned DNS nameservers.
  • Elastic Search index checks will no longer take 10 minutes to timeout.
  • Email Test errors will now be displayed properly.

Version 11.10.291

Released on November 1, 2012

Bugfixes / Enhancements

  • Fixed an issue that prevented some installations from upgrading successfully due to a rsyslog dependency issue.
  • Fixed an issue causing some installations to fail while attempting to install the elasticsearch package.
  • Fixed some non-critical module load errors that surfaced when rebooting after having upgraded to 11.10.290.
  • Fixed an issue where elasticsearch wasn't binding to all ports as expected under some conditions.

Version 11.10.290

Released on October 31, 2012

New

Bugfixes / Enhancements

  • Improved code, user, and repository search backend.
  • Disabling gravatars now properly affects the contributors graph as well.
  • The VM hostname will no longer return to the default of "github-enterprise-11-10" after reboots.
  • The ghe-cleanup-repos utility will no longer incorrectly identify gists and wikis as deleted repositories.
  • Fixed some truncation issues with really long repository names.
  • LDAP connection testing is now available in the Management Console.

Additional information is available here.

Version 11.10.284

Released on October 17, 2012

Bugfixes / Enhancements

  • Email confirmations are no longer sent when a user deletes their own user account.
  • Content Security Violation errors will no longer occur when browsing to the site as an admin user when using Firefox.
  • Rsyslog will now reload settings properly when log forwarding options are changed.
  • The admin stats API will now report accurate numbers for repo counts.
  • Fixed a bug where license expiration warnings were not showing up as expected in all cases.
  • Fixed a bug in the JIRA service hook that prevented it from working as intended.
  • Fixed a variety of SVN-related errors encountered when using the SVN bridge.
  • Fixed a bug where the API would return https URLs regardless of the SSL settings of the installation.
  • Fixed a bug in the ghe-cleanup-repos utility that was causing it to identify all gists as bad repositories.

Version 11.10.283

Released on October 3, 2012

Bugfixes / Enhancements

  • Fixed a bug that prevented the SVN bridge from starting properly.
  • Fixed a long-standing issue that would cause successful configuration runs to incorrectly display as failed under certain conditions.

Version 11.10.282

Released on October 1, 2012

New

  • No-reply and support email addresses are now configurable.

Bugfixes / Enhancements

  • Performance improvements
    • Resque worker counts are now scaled based on CPU rather than memory.
    • Memcached max cache size is now greatly increased for installations with 12GB or more of memory.
    • Future upgrades will now consume much less memory.
    • Number of web processes serving the Management Console has been reduced.
    • Repository network graphs are no longer built after every git push.
  • SVN commits will now work as expected.
  • Fixed an issue where GitHub would sometimes become unresponsive after upgrading or saving settings.
  • The email notification beacon will now properly mark notifications as read when Private Mode is enabled.
  • Atom feed URLs will now work in Private Mode.
  • Fixed an issue where failed upgrades would cause the Management Console to redirect to /setup/start.
  • Fixed an issue where ghe-reindex was failing to execute properly.
  • The Management Console will create a session as expected now (i.e., it won't require an unlock every time it's browsed to).
  • 404s occurring during a fresh installation will now properly show up as a 500 error.
  • Requests to api.[hostname] and gist.[hostname] will no longer be automatically redirected to [hostname].
  • Fixed a bug where ghe-dbconsole utility wasn't working as expected.
  • /setup/diagnostics and ghe-diagnostics utility will take less time to execute.
  • User-to-user repo transfers will happen as expected now.
  • Email service hook will now use the appropriate domain name.
  • Fixed a bug where organization creation was being prevented when at the license seat limit.
  • Fixed a bug where gist comment previews weren't working properly.
  • The default gravatar image used for users who don't have a gravatar will work as expected now.
  • Upgraded git to 1.7.10 (the same version used on GitHub.com).
  • Updated the ghe-cleanup-repos script to handle empty repo directories.
  • Fixed an upgrade issue that would cause failures while attempting to install the god gem.

Version 11.10.281

Released on September 11, 2012

Bugfixes / Enhancements

  • Fixed an issue that caused some valid GHL licenses to fail to unlock the Management Console for an installation, displaying a "license mismatch" error.
  • Fixed a timeout issue while uploading GHPs – after installing this release there should be fewer errors immediately following upload of a new GHP package.

Version 11.10.280

Released on September 10, 2012

New

Bugfixes / Enhancements

  • All requests to installations that don't use the hostname specified in the Management Console will automatically get redirected to the configured hostname.
  • Fixed a bug where the ghe-export-redis utility was generated corrupt backups.
  • Fixed a bug where disk usage for the repositories block device wasn't being exported by SNMP.
  • Fixed problem where search indexing background jobs could pile up causing degraded performance for installations.
  • User-to-user repository transfers should now work as expected.
  • Fixed a bug where long issue labels were getting truncated prematurely.
  • Adjustments were made that should help decrease load when there are large numbers of active SSH connections.
  • NTP will no longer hang indefinitely during configuration runs if the NTP servers are unreachable.
  • Renaming a repository will now properly rename its associated wiki.
  • OpenSearch now references the specified hostname rather than github.com.
  • Filenames with multiple periods in their name will no longer cause errors.
  • All user agents are now allowed in the robots.txt file.

Additional information is available here.

Version 11.10.273

Released on July 24, 2012

Bugfixes / Enhancements

  • Fixed an issue that caused HTTP clones to fail under some conditions.
  • Fixed a problem that was causing upgrades from older releases to fail.
  • Fixed a bug in the ghe-cleanup-repos utility where affected repos weren't being deleted from the database.

Version 11.10.272

Released on July 5, 2012

Bugfixes / Enhancements

  • Fixed a bug that caused errors during the upgrade process under some conditions. If you've successfully upgraded to 11.10.271 already, then this bug does not affect you.

Version 11.10.271

Released on June 28, 2012

New

  • Added ghe-time-sync utility to force a one-time large time correction.
  • Added ghe-cleanup-repos utility to cleanup failed repo forks, empty wiki repos, and repos that failed to delete for customers affected by the background job bug mentioned below.

Bugfixes / Enhancements

  • Fixed a bug that caused background jobs to fail after upgrading under some conditions (introduced in 11.10.270).
  • Fixed an issue that caused errors at the end of configuration runs (this did not impact the outcome of the configuration run).
  • The ghe-user-csv utility will now always output all fields. Added repository count, ssh key count, and organization membership count columns. Use -h flag to view new options.
  • Changes to prevent failed configuration runs due to certain processes failing to restart immediately.
  • Corrected a number of places where GitHub.com-specific email addresses and URLs were hardcoded.
  • Fixed a bug that caused an error when deleting organizations from the Admin Tools dashboard.

Version 11.10.270

Released on June 6, 2012

New

Bugfixes / Enhancements

  • SSL certificate validation improved.
  • User-to-organization conversions now work as expected.
  • Improvements to the ghe-user-csv and ghe-grow-root utilities.
  • Renaming a user will now rename corresponding directories on the filesystem as well.
  • Better error messaging in the Management Console.
  • Fixed an infinite redirect loop during configuration that would occur under some conditions.
  • Long-running network graph generation should no longer block other background jobs.
  • Fixed an issue that would cause search indexing to fail when issues contained no body.

Additional information is available here.

Version 11.10.262

Released on May 11, 2012

Bugfixes / Enhancements

  • Fixed a bug that caused errors when forking repos or adding collaborators.
  • Rally service hook has been added.
  • Refinements to the ghe-grow-root script (new syntax -- use -h flag for more info).

Version 11.10.261

Released on May 2, 2012

Bugfixes / Enhancements

  • Fixed a bug where admin SSH access wasn't enabling properly under some conditions.
  • Fixed a bug with the ghe-user-csv utility that prevented printing only non-admin users.
  • Fixed a bug in the ghe-solr-recreate utility that prevented it from reindexing properly.
  • Fixed a service hook bug that caused hooks with custom names to break. This fixes the Jenkins service hooks.

Version 11.10.260

Released on May 1, 2012

Security

  • aNULL SSL ciphers are no longer allowed.
  • Added CSRF protection to Gists (this will break creating gists by POSTing directly to /gist -- please use the API).

New

Bugfixes / Enhancements

  • CAS authentication fixes and enhancements.
  • Custom DNS nameservers are now always enabled. This fixes a bug where custom DNS nameservers entered at the console prompt could get disabled unintentionally on first setup. By default, it will try to use Google Public DNS nameservers.
  • Fixed an issue that would sometimes cause 404s when uploading new GHPs.
  • Fixed a bug that would result in an infinite redirect loop during initial setup under certain conditions.

Version 11.10.259

Released on April 4, 2012

Bugfixes / Enhancements

  • Fixed an issue where the Orgs tab in the Admin Tools dashboard wasn't loading properly.
  • Fixed a caching issue related to the header buttons and using the Fake Login feature.
  • Improvements to help prevent the git-daemon from causing configuration runs to fail in some cases.
  • The Fork Queue has been removed (details here).

Version 11.10.257

Released on March 30, 2012

Bugfixes / Enhancements

  • SSH key add password confirmation will now also prompt for username when using LDAP authentication.
  • Admins who test other accounts using the Fake Login feature can now resume their admin session by logging out.

Version 11.10.254

Released on March 20, 2012

Bugfixes / Enhancements

  • Fixed a bug that prevented trial installations from inviting users.
  • Fixed a bug that resulted in an "unrecognized command" error when push/pulling (only existed on 11.10.253 release).

Version 11.10.252

Released on March 17, 2012

Bugfixes / Enhancements

  • Fixed a bug where the Invite User form wasn't working properly for Built-in Authentication.

Version 11.10.251

Released on March 15, 2012

Bugfixes / Enhancements

  • SSH key password confirmation will now work with LDAP and CAS authentication.

Version 11.10.250

Released on March 15, 2012

Security

  • Nginx security vulnerability fixed. Details here.
  • SSH Key Audit feature added. Details here.
  • Adding new SSH keys will now prompt for a password and send an email notification.

New

Bugfixes / Enhancements

  • Organization links in Account Settings now use the correct domain.
  • Transferring a repository will no longer cause its wiki to disappear.
  • Fixed bug that prevented GitHub:FI migrations from completing under some conditions.

Version 11.10.240

Released on March 7, 2012

Security

  • Vulnerability in the SSH public key update form fixed. Details here.

New

Bugfixes / Enhancements

  • Logs are now being rotated. Please click here for more details including how to retain all existing logs.
  • Significant performance increases for VMs with more than 4GB of memory (NOTE: reboot required to take advantage of this).
  • Suggested minimum memory requirements are being increased to 8GB as of this release.
  • Email service hook now works with more SMTP server configurations.
  • User profiles will now save properly under LDAP and CAS authentication.
  • Growing the filesystem of the attached repository storage is now possible. Instructions are available here.
  • Admin interface improvements
    • On initial setup the first LDAP or CAS user that logs in will automatically be promoted to Admin status now.
    • Admin Tools dashboard now has separate tabs for Users and Organizations.
    • Invite User tab now hidden in Admin Tools for LDAP and CAS authentication.
    • Admin Tools link now shows up properly for users who are promoted to Admin status.
  • Reset password and change username options are now hidden under LDAP and CAS authentication.
  • SSH connection limit has been increased significantly.
  • Configuration runs now give feedback when they fail and link to logs.
  • Various UI and performance enhancements.

Version 11.10.205

Released on February 9, 2012

Bugfixes / Enhancements

  • Fixed a bug where some background jobs were not being processed under certain conditions.
  • Another fix related to configuration runs without internet access.

Version 11.10.195

Released on February 8, 2012

Bugfixes / Enhancements

  • Fixed an additional bug related to configuration runs without internet access.

Version 11.10.179

Released on February 7, 2012

New

  • Admin stats API is now available.
  • The root disk for Enterprise installs created with the new OVA will now default to 75GB when using VMware ESXi.

Bugfixes / Enhancements

  • Installations without internet access will now complete the configuration process after Management Console saves.
  • Fixed a bug causing the search service (Solr) to crash on new installs.
  • Signup link is no longer available in the header when using LDAP authentication.
  • Clippy flash widget will no longer burn CPU cycles with many commit pages open.
  • Milestones and assignees added to Pull Requests.
  • Admin stats bar now displays breakdown of page load time and root disk usage information.
  • Various UI and performance enhancements.

Version 11.10.143

Released on January 17, 2012

New

  • GitHub Pages feature now available. CNAME files and user subdomains are not supported.

Bugfixes / Enhancements

  • Problem with console prompt and configuration fixed (this is why 11.10.135 was yanked).
  • Network graph will now show a much larger range of commits for repos with long histories.
  • SSL certificates with passphrases or in unsupported formats will no longer be accepted.
  • PivotalTracker service hook now supports on-premise Tracker installs.
  • UI enhancements for user dashboard and repository/README views.
  • Reparent Admin Tool feature for repositories is now enabled.

Security / Maintenance

  • Additional log filtering was added.

Version 11.10.112

Released on December 28, 2011

  • API authentication now works properly under LDAP.
  • LDAP connections will no longer stop working after short periods of time.
  • Fixed a slow connection problem for SSH git operations caused by a configuration issue.
  • Fixed a bug with network graphs that prevented hover information from showing over a commit.
  • Fixed an issue with SMTP email tests that kept successful tests from logging debug output.

Version 11.10.104

Released on December 21, 2011

  • New skinny header integrated.
  • Fixed a bug with moving repositories from users to organizations. If you experienced this issue, contact support to find out how to get your repository back in a good state so you can take advantage of this fix.
  • Fixed a bug where some pull requests or commit views were generating 500 errors.
  • Fixed a code indexing issue with search. Code results should now show up in searches. Keep in mind that code, users, and repos are indexed periodically rather than immediately after they're created. If it doesn't show up immediately, wait for 20-30 minutes or so and it should show up.
  • A checksum is now performed on GHP files after they've been uploaded to the Management Console to detect in-transit corruption.
  • Added additional SMTP debug logging when sending test emails in the Management Console. Note that this logging only shows up if the message was not sent successfully.

Version 11.10.87

Released on December 12, 2011

  • Block storage devices now mount properly after reboot.
  • Fixed a bug with switching from Root Filesystem to Block Device storage that caused the root filesystem backup to attempt to run on every configuration.
  • Fixed a variety of SMTP configuration issues.
  • Added support for explicitly disabling TLS for SMTP.

Version 11.10.27

Released on November 4, 2011

Enterprise Changes

  • Bug fixes related to LDAP integration.
  • Fix the default .ovf path to be compatible with windows paths.
  • Display the default network adapters MAC address on the console welcome screen.

GitHub Changes

  • Fix the LDAP uid lookup which caused usernames to include DC information.
  • Fixed bug in unicorn reloading related to environment variables.

Version 2011.10.12

Latest Released on October 15, 2011

Initial release.