The 2.0 series release notes contain important changes in this release series.
- HIGH An integer overflow in Git could result in incorrect memory allocation values (CVE-2016-2315, CVE-2016-2324). (updated 2016-03-17)
- MED OpenSSL packages have been updated to address multiple vulnerabilities.
- LOW Auto-completion within several fields of the management console settings could cause SNMP and LDAP secrets to be logged in plaintext.
- Packages have been updated to the latest security versions.
- In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
- Git replication can be slow and CPU intense during initial push of large or complex repositories.
- Creating the OpenVPN connection can fail, causing replication set up with
ghe-repl-setup to hang.
- Events in the
github_audit log stream are logged twice.
- Jobs stuck on code indexing can delay other jobs from running.
- SNMP can't be run on high availability replicas.
- On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
- Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
- The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
- Gists can't be created when using Safari 8.x in Private Mode.
- We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
- Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
- With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
Upcoming deprecation of GitHub Enterprise 2.0
GitHub Enterprise 2.0 will be deprecated as of January 1, 2016. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.
The GitHub Team