The 2.1 series release notes contain important changes in this release series.

Bug Fixes

• Ubuntu packages have been updated to the latest bugfix/security versions.
• Downloading code archives failed when private mode was enabled.
• The assets server didn't always properly close file handles, which could cause performance issues if the file handle limit was reached.
• Custom CA certificates installed with ghe-ssl-ca-certificate-install were lost after upgrading.
• Maintenance mode wasn't maintained after upgrading, so applications were unexpectedly accessible to users.
• Updating a license in the management console was not reflected in the GitHub application under some circumstances.
• Diagnostics always said avatars are disabled, regardless of reality.
• Some organization names were incorrectly blacklisted.
• We didn't require SAML responses to be signed. We enforce that now.
• We didn't properly support SAML single sign on URLs with query parameters.
• Our validation when adding restricted LDAP groups in the management console was overly strict, and stopped you adding groups whose name was a substring of existing groups.
• We weren't properly suspending users when they were suspended in ActiveDirectory.
• We failed to properly sync LDAP users' email addresses in some cases.
• LDAP Sync unsuspended users who'd been suspended if the userAccountControl attribute wasn't present. That's usually the case when the directory isn't ActiveDirectory unless the attribute was added with a custom schema.
• The ghe-org-owner-promote command line utility was broken.
• Wildcard SSL certificates in the management console could be incorrectly marked invalid under some circumstances.
• We only copied admin SSH keys when initially setting up replication, so the keys on the high availability replica could be out of sync. We regularly update them now.
• The management console settings and GitHub Enterprise license were only copied the first time replication was set up, so the high availability replica could be out of sync. Now we update the settings and license each time replication is set up.
• The monitoring graphs were set to PST timezone. We always use UTC now.
• We ignored region settings in the AWS CodeDeploy service hook, causing it to fail.
• Switching to a different authentication method didn't expire existing sessions.
• Profile pictures migrated from an avatar service could revert to identicons under some circumstances.

Known Issues

• The ghe-upgrade command will output the following harmless error: line 205: /dev/null/: Is a directory
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Replica promotion can hang when running ghe-repl-promote.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Events in the github_audit log stream are being logged twice.
• Gists can't be created when using Safari 8.x in Private Mode.
• SNMP can't be run on high availability replicas.
• Enabling LDAP Sync for emails can cause background jobs to be continuously queued, which in turn can affect performance. We recommend disabling email sync in this version. (updated 2015-02-25)
• Viewing a PSD or STL file with more than one revision results in an error being thrown. (updated 2015-02-27)
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• When using Chrome 42 or newer, wiki pages can't be edited, images can't be uploaded via drag and drop, and autocomplete menus and repository graphs may not display. (updated 2015-05-06)
• Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
• We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
• Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Security Fixes

• LOW: SAML authentication responses weren't signed.

Errata

• Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.