The 2.0 series release notes contain important changes in this release series.
Security Fixes
- MED Unvalidated parameters passed to the GitHub Enterprise metrics could be used to generate a denial of service attack against the appliance.
- LOW Large Git updates could trigger an overflow in Git xdiff.
- Packages have been updated to the latest security versions.
Known Issues
- In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
- Git replication can be slow and CPU intense during initial push of large or complex repositories.
- Creating the OpenVPN connection can fail, causing replication set up with
ghe-repl-setup
to hang.
- Events in the
github_audit
log stream are logged twice.
- Jobs stuck on code indexing can delay other jobs from running.
- SNMP can't be run on high availability replicas.
- On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
- Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
- The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
- Gists can't be created when using Safari 8.x in Private Mode.
- We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
- Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
- With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
Thanks!
The GitHub Team