GitHub Enterprise - The best way to build and ship software

GitHub Enterprise 2.0.0 November 11, 2014 Series notes · Download

Features and Changes

Runs on Amazon Web Services EC2 with officially supported Amazon Machine Images.
Now running on Ubuntu 12.04 LTS.
High availability support with replication and failover: https://help.github.com/enterprise/2.0/admin-guide/ha-cluster/.
SAML 2.0 authentication with support for OneLogin, PingIdentity, Okta, and Shibboleth.
Inbound email - replies to pull request/issue/commit emails show up as comments: https://github.com/blog/811-reply-to-comments-from-email
Diffs have a split view: https://github.com/blog/1884-introducing-split-diffs.
GitHub Issues has improved search, status, and notifications: https://github.com/blog/1866-the-new-github-issues.
Gist design update: https://github.com/blog/1850-gist-design-update.
Users receive notifications when issues are assigned to them.
Users added to organizations receive email invites: https://github.com/blog/1868-inviting-people-to-your-organization.
New mobile views with design improvements.
Search code by filename, e.g., servolux filename:Gemfile.
Folder paths expand to allow quick access to deeply nested hierarchies: https://github.com/blog/1877-folder-jumping.
Organizations have improved audit logs: https://github.com/blog/1872-improved-audit-log.
Markdown task lists can now be nested.
PSD files can be viewed inline and compared: https://github.com/blog/1845-psd-viewing-diffing.
Lock conversations, so only collaborators can post further comments: https://github.com/blog/1847-locking-conversations.
Branches pages have improved UI and filters: https://github.com/blog/1852-a-better-branches-page.
Pull requests can be reverted with a button that creates a reversed, revert pull request: https://github.com/blog/1857-introducing-the-revert-button.
Emoji and team autocompletion are smarter.
Users can set up 2FA with a TOTP application, and they'll get more reminders to download their recovery codes in case of a lock out.
Pages uses Jekyll 2.2.0: https://github.com/blog/1867-github-pages-now-runs-jekyll-2-2-0
Webhook services have added for VisualOps.io, Bugzilla 4.4.3, Snap-CI, tinyPM, CodeReviewHub, Heroku deployments, GoCD, and AWS OpsWorks deployments support.
SSH appliance administration is now on port 122.
Configuration runs no longer use Chef and are much faster and more reliable.
New Git daemon for all protocols provides increased reliability, performance, and maximum number of parallel connections.
Future upgrades can be done with the ghe-upgrade command-line tool over SSH.
The admin SSH user has full sudo access to perform regular administrative tasks and troubleshooting.

Bug Fixes

Pull requests could include the wrong commits.
Webhooks would only keep the most recent 150 deliveries per hook.
LDAP authentication failed when using Oracle Unified Directory LDAP.
Git clone could fail for large repositories.
MySQL could not be restarted without rebooting the VM.
Experimental: Active Directory users could not be found when the user was in a nested group (ask Enterprise Support for access to this bug fix).
GitHub Pages URLs were case insensitive, which defied W3C guidelines. (updated 2015-04-17)

Security Fixes

HIGH: Subdomain Isolation (strongly recommended but disabled by default) hosts Archives, Gist, Assets, Pages, content rendering, user uploads, and raw files on separate subdomains. This feature isolates these potentially insecure resources from user sessions and mitigates cross-site scripting attacks by moving them to different origins.
HIGH: Multiple cross-site scripting vulnerabilities and configuration file injection issues fixed in management console. Exploitation required authentication.
MED: Management console now runs on port 8443 (or 8080 when SSL is disabled) to separate user and administrative interfaces.
MED: SSL is enabled by default and uses self-signed certificates on initial setup.
MED: Management console now uses password-based authentication instead of authentication using license files.

LDAP Support

Supported LDAP servers are now Active Directory, FreeIPA, Oracle Directory Server Enterprise Edition, OpenLDAP, Open Directory and 389 Directory Server. These are the servers that we will test before shipping a GitHub Enterprise release. If you need support for another LDAP server please contact GitHub Enterprise Support.

VirtualBox Unsupported

Enterprise 2.0 OVAs will no longer run with VirtualBox. VirtualBox has previously offered a poor customer experience for GitHub Enterprise. The supported hypervisors are VMware ESX and Amazon Web Service's EC2. VMware desktop products (e.g. VMware Workstation, VMware Fusion, VMware Player) are supported for trial purposes but should not be used in production.

Known Issues

The 2.0.0 release ships with some known issues that we were unable to fix before release. If any of these will cause major problems for your organization, we recommending waiting for 2.1.0 or 2.0.1 before upgrading.

Dashboard activity feed links point to the hostname and protocol used when they were generated.
"Test domain settings" will fail when a DNS server is not reachable or invalid.
Gist Git repositories cannot be pushed to.
GitHub OAuth does not redirect to the requested page when login is required.
ghe-restore should require that maintenance mode is enabled before restoring.
ghe-repl-status-git is CPU intense and may be slow on the primary node.
Saving settings with an inaccessible LDAP server results in an error.
The Site Admin dashboard has an autofocus issue in Firefox.
collectd data is not preserved through upgrades.
Accessing the Gist raw subdomain can cause an error.
Git replication is slow and CPU intense during initial push of large or complex repositories.
Webhook deliveries may be delayed when search indexing jobs are running.
The lock issue dialog does not link to the versioned Enterprise Help URL: https://help.github.com/enterprise/2.0/user/articles/what-are-the-different-access-permissions
Search on Pages 404 pages does not work.
Inconsistent 404 behaviour for Assets, Gist and GitHub URLs.
ghe-user-csv script doesn't return valid email addresses.
Uppercase hostnames cause redirect loops and are not rejected by the management console.
SMTP over SSL/SMTPS on port 465 is not supported.
We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)