GitHub Enterprise 2.1.0 Update Released

The 2.1.0 release for GitHub Enterprise is now available for download from https://enterprise.github.com/download. We've listed out all the included features, bug fixes, and known issues below, and have also drafted up a set of upgrade instructions to help make your migration as smooth as possible.

New Features

With the new features added in GitHub Enterprise 2.1.0, you can:

• Automate user and team management with LDAP Sync.
• Deploy GitHub Enterprise on OpenStack KVM.
• Audit all user actions across your instance with the Instance Audit Log.
• Monitor the performance of GitHub Enterprise with the Instance Monitoring Dashboard.
• Configure webhooks at the organization level.
• Set your GitHub Enterprise profile picture.
• See the results from multiple pull requests status checks.
• View and diff SVG files.
• Manage todos with the /pulls and /issues dashboard pages.
• More easily review changes to code with syntax highlighted diffs.
• Automate deployments from GitHub Enterprise repositories with the Deployments API.
• Run GitHub Enterprise within your IPv6 network.
• Find what you're looking for on the go with mobile search.
• See what Git operations are running on GitHub Enterprise with the ghe-btop command line utility.
• Use Ed25519 SSH client keys for Git operations.

Changes

• To stop users committing large files that can harm server performance, files larger than 100MB are now rejected by default. The file size limit can be changed or removed. (updated 2015-02-02)
• With the release of the profile pictures feature, support for external avatar services has been deprecated. (updated 2015-02-02)

Bug Fixes

• Ubuntu packages have been updated to the latest bugfix/security versions.
• When installing, you had to upload the license and then set the password. Now we do it in one step, so someone nasty can't set a password after you've uploaded the license and gone for coffee.
• With private mode enabled, redirects could leak the Nginx version we use.
• When talking to an LDAP server multiple times in a request, we'd start a new connection each time. Now we reuse connections where possible, so it's much faster.
• Checking replica status with ghe-repl-status was really slow. We made it faster.
• We sometimes didn't show the gateway address in the hypervisor console.
• We stopped you from adding a duplicate or broken SSH key to the management console, but the error didn't show up properly.
• Accessing GitHub Enterprise in Firefox with the default certificate still enabled displayed the SSL warning twice.
• It was easy to accidentally change network settings in the VMware console. Now you have to hit 's' instead of any key.
• In the security section of the settings page, we incorrectly showed requests coming from 127.0.0.1 if they came from a private network.
• Replication didn't restart properly after rebooting a high availability replica.
• Replication didn't replicate custom DNS settings.
• If a high availability replica was offline for a while, restarting it could fail if MySQL had moved on too far.
• The SSH key used for replication didn't survive upgrades and had to be regenerated.
• Memcached didn't restart after a crash, which broke Gist and other pages.
• In Pages sites, JSON files were served with the wrong MIME type.
• People expected to be able to invite users to an organization by their full name. Now you can.
• Wiki links to other wiki pages were rendered as images when a repository contained a directory with the same name.
• Adding an SSH key that contained non-ASCII characters like smart quotes would break the management console.
• The 'Revert' button didn't work properly when trying to revert a pull request from a fork.
• The hypervisor console script timed out every five seconds and respawned, spamming the logs.
• Git clone events weren't being forwarded as part of the github_audit log stream.
• The Git gateway logs were messed up when we tried to rotate them.
• Creating the diagnostics file for support could timeout if there were lots of webhook delivery logs.
• The page that users see when maintenance mode is enabled linked to enterprise@github.com instead of your configured support email address.
• The "Open in desktop" button only worked if you already had the desktop application installed.
• PSD files didn't render with the default self-signed certificate.
• Git authentication could fail after changing the hostname. (updated 2015-02-02)

Security Fixes

• LOW: Desktop applications were granted API tokens with more access scope than was necessary.
• LOW HIGH: OpenSSL 1.0.1-4ubuntu5.21.

Removal of RC4 SSL cipher

To keep GitHub Enterprise as secure as possible, we have removed support for the cryptographically weak RC4 cipher in our SSL configuration. With the removal of RC4, Internet Explorer on Windows XP will no longer be able to access GitHub Enterprise. You can read more about this change in our announcement on GitHub.com.

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Replica promotion can hang when running ghe-repl-promote.
• Git replication can be slow and CPU intense during initial push of large/complex repositories.
• The management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to the wrong hostname after restore if the hostname has changed.
• The ghe-org-owner-promote command line utility is currently broken.
• In some circumstances after an upgrade, we prompt you to upload a license even though there's already a valid license.
• If your management console session has timed out, connectivity tests can fail without any error message.
• On a freshly set up GitHub Enterprise instance without any users, an attacker could create the first admin user.
• Switching to a different authentication method doesn't expire existing sessions.
• Events in the github_audit log stream are being logged twice.
• Replication needs to be reconfigured after upgrading a replica with ghe-upgrade.
• Gists can't be created when using Safari 8.x in Private Mode. (updated 2015-01-27)
• SNMP can't be run on high availability replicas. Our previous fix was incomplete. (updated 2015-02-02)
• Updating a license in the management console is not reflected in the GitHub application under some circumstances. (updated 2015-02-02)
• Enabling LDAP Sync for emails can cause background jobs to be continuously queued, which in turn can affect performance. We recommend disabling email sync in this version. (updated 2015-02-25)
• Viewing a PSD or STL file with more than one revision results in an error being thrown. (updated 2015-02-27)
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• When using Chrome 42 or newer, wiki pages can't be edited, images can't be uploaded via drag and drop, and autocomplete menus and repository graphs may not display. (updated 2015-05-06)
• Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
• We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
• Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

• Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.
• The OpenSSL 1.0.1-4ubuntu5.21 update was upgraded to a HIGH security fix due to the publication of Freak Attack.