GitHub Enterprise 11.10.310
May 08, 2013
- CRIT: Fixed potential authentication bypass in the Management Console.
- MOD: Fixed privilege escalation vulnerability due to world writable executable.
- LOW: Session cookie expiration time lowered to 1 week.
- Upgraded git to v188.8.131.52.
- Added ElasticSearch disk usage information to diagnostics.
- Removed git-daemon max connections limit.
- Increased MySQL innodb_buffer_pool_size from 8MB to 128MB.
- Added better sysctl defaults and the ability to customize them (see /etc/sysctl.conf for details).
- Added access to some limited sudo capabilities (netstat, kill, lsof, tcpdump, strace, tail, grep, shutdown).
- Added timeout cache clearing to "Clear Page Cache" functionality in Admin Tools facebox (hit backslash while viewing a repo).
- Added new Reports section in the Admin Tools dashboard to download CSV reports of users, organizations, and repositories.
- Added the ability to bulk suspend dormant users.
- Site Admins can now create wikis without disabling admin mode.
- In-repo source code searches for public repositories would throw 404 errors.
- Importing from MySQL backups taken prior to 11.10.300 could prevent logins from working if a configuration run wasn't performed.
- ElasticSearch indexes weren't being properly created under some conditions. This release will perform a full reindex.
- Ignore whitespace in diffs wasn't working as expected.
- Customer license information wasn't being displayed in diagnostics output.
- Logging out under CAS authentication wasn't working.
- Display issues on the license expiration page.
- An interrupted upgrade could put the install in a bad state.
- Upgrading would sometimes throw a 500 error while uploading the new GHP.
- Exporting/importing ssh authorized keys raised an error.
- Caching wasn't being properly cleared when gravatars were enabled, the hostname was changed or SSL was enabled.
- Gravatars stopped showing up properly even when email addresses were present.
- Some process monitoring-related issues would sometimes prevent git-daemon from starting properly after upgrades.
- Submodules living on GitHub.com would be linked to as if they were local.
- Some cookies were not being set to HttpOnly.
- Deleting an organization was failing.
- Downloading support bundles would sometimes throw 500 errors preventing them from being downloaded via the web UI.
- Pull requests from forks defaulted the target branch to master rather than the corresponding upstream branch.
- Timeouts when opening pull requests resulted in a 500 rather than a more user-friendly error message.
- User to Organization conversions were throwing a 500 error, making it impossible to convert a user to an organization.
- Unlocking private repositories as a site admin now works as expected.
Additional information is available here.