GitHub Enterprise 2.11.23 August 21, 2018 Series notes · Download

The 2.11 series release notes contain important changes in this release series.

Remote code execution with server side request forgery in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker with repository admin or owner privileges to execute arbitrary commands on the appliance.

The affected supported versions are:

Next steps

Due to a change in the implementation on GitHub Enterprise 2.12 and later, it is not possible to apply the same fix to GitHub Enterprise 2.11. We strongly recommend upgrading GitHub Enterprise 2.11 to 2.12 or newer.

Security Fixes

Bug Fixes

Changes

Upcoming deprecation of GitHub Enterprise 2.11

GitHub Enterprise 2.11 will be deprecated as of September 13, 2018. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

Thanks!

The GitHub Team