The 2.0 series release notes contain important changes in this release series.
- Ubuntu kernel and packages have been updated to the latest security versions.
- HIGH: Update HAProxy to address CVE-2015-3281, which could allow an attacker to use a specially crafted request to read memory contents that might contain data from a past request or session.
- MEDIUM: Scopeless access tokens could list private Gists.
- This release and previous releases of GitHub Enterprise are not affected by the OpenSSL Advisory issued 9 July 2015 (CVE-2015-1793)
- Ubuntu kernel and packages have been updated to the latest bugfix versions.
- We now gather VMware memory statistics in the diagnostics output.
- Direct root SSH access was not possible in the past, but as an additional measure we've also added PermitRootLogin to no within the SSH configuration.
- In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
- Git replication can be slow and CPU intense during initial push of large or complex repositories.
- Creating the OpenVPN connection can fail, causing replication set up with
ghe-repl-setup to hang.
- Events in the
github_audit log stream are being logged twice.
- SNMP can't be run on high availability replicas.
- Jobs stuck on code indexing can delay other jobs from running.
- On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
- Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
- The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
- Gists can't be created when using Safari 8.x in Private Mode.
- We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
- Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
- With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
The GitHub Team