The 2.12 series release notes contain important changes in this release series.

Security Fixes

• The git package has been updated to detect malicious Git submodules that could be used to exploit CVE-2018-17456.
• Packages have been updated to the latest security versions.

Bug Fixes

• The access control list (ACL) of configuration files transferred to replica nodes could be lost when configuring High Availability replication.
• Pull request review requests weren't satisfied if a member of a subteam completed the review.

Changes

• The osqueryi utility has been added to the GitHub Enterprise environment.
• GitHub Enterprise is now available in Azure Government. (updated 2018-10-18)

Known Issues

• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
• Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.

Thanks!

The GitHub Team