The 2.1 series release notes contain important changes in this release series.

Bug Fixes

• Pull requests didn't properly trigger repository replication.
• In rare circumstances, Git clients displayed a misleading repository corruption message when garbage collection ran while fetching a pack file that was bigger than a configured memory limit. We've bumped up the configured memory limit to make that situation even less likely.
• If the credentials of the LDAP bind user became incorrect—for example, if a password expired—LDAP sync incorrectly removed users from teams. If those users had forks of private repositories, the forks were deleted.
• We incorrectly performed some LDAP searches as the authenticating user instead of the LDAP bind user. This user might have less access than the bind user, which could cause errors.
• The user API only returned a user's LDAP mapping if LDAP sync was enabled.
• We added support for the "SSH" and "SSHKey" prefixes for ActiveDirectory's altSecurityIdentities attributes.
• With LDAP Sync enabled, it was possible to set the special Owners team to sync with an LDAP group, but the sync couldn't complete. We disable syncing the Owners team now.
• When LDAP Sync was set to sync emails, we showed a banner message suggesting users add an email address even though they couldn't.
• Inviting a user to join an organization could return a "Not found" error when all the teams in an organization were mapped to LDAP groups and the invited user wasn't already a member of another team.
• After configuring a fresh instance to use static networking, we could still request a DHCP lease. Restarting the VM stopped the DHCP requests, but we fixed the problem and don't ask for a lease now.
• When saving settings, the "Restarting system services" spinner could keep spinning even after the services had restarted properly.
• The HAProxy logs were rotated weekly, so on busy instances they could get very large. We rotate them daily now.
• We kept too many logs for webhooks, which slowed stuff down. We purge older logs now.
• Some network setups made browsers send headers too big for us to handle, causing a "Request header or cookie too large" error. We've made our header buffers bigger.
• We added some flags to the ghe-support-bundle command line utility to make it possible to upload a support bundle directly to GitHub from the VM.
• Email hooks were incorrectly sent from "noreply@github.com" if "Send from author" wasn't selected. Some email services would reject those emails, making it seem like the hook was failing.
• One of the Percona database tools we ship with the VM was phoning home to check for updates.
• When the Status API was used to set a pending status on a pull request, we incorrectly said some checks had failed.
• There was a race condition in our assets server, which delivers resources like profile pictures and downloads, that could cause file handle leakage. If that happened, performance could be degraded. (updated 2015-03-25)
• Chrome 42 users weren't able to edit wiki pages or upload images via drag and drop, and autocomplete menus and repository graphs didn't display. (updated 2015-05-06)

Security Fixes

• Ubuntu packages have been updated to the latest security versions.
• LOW: Using an access token with public_repo scope, requests for lists of issues would return issues from private repositories.
• LOW: OpenSSL 1.0.1-4ubuntu5.25

Integration with GitHub for Mac

• For reasons outside our control, the implementation behind the "Clone in desktop" button for GitHub for Mac doesn't work any more. We now use the same method for both desktop applications and check you have an application configured. This means we'll only show the button when you're logged in.

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Events in the github_audit log stream are being logged twice.
• Gists can't be created when using Safari 8.x in Private Mode.
• SNMP can't be run on high availability replicas.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• Management console sessions can expire too quickly for Safari users.
• We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
• Custom firewall rules aren't maintained during an upgrade.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
• LDAP Sync fails for groups that have a period in their CN.
• Replication setup fails for IPv6 hosts.
• It's not possible to convert a user account to an organization.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• Can't suspend or rename users when LDAP Sync is off. (updated 2015-04-20)
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
• We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
• Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

The GitHub Team