GitHub Enterprise 2.12.18 August 28, 2018 Series notes · Download

The 2.12 series release notes contain important changes in this release series.

A file path traversal vulnerability in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker with repository write access to create Pages sites that can display the content of system files. This could used to further escalate the vulnerability to execute arbitrary commands on the GitHub Enterprise appliance.

The affected supported versions are:

GitHub Enterprise 2.11 is not vulnerable.

We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.12.18, 2.13.10, 2.14.4, or greater.

Security Fixes

Bug Fixes

Changes

Known Issues

Thanks!

The GitHub Team