The 2.12 series release notes contain important changes in this release series.
- CVE-2018-16471 was addressed by updating Rack.
- Packages have been updated to the latest security versions.
- A stale temporary file could prevent an object managed by the Alambic service, which handles binary data such as avatars and image attachments, from syncing to HA or cluster replica nodes.
- Attempting to save settings in the Management Console incorrectly raised a validation error when an already saved TLS certificate or private key contains bag attributes.
/var/log/error was not automatically rotated with logrotate and could sometimes use too much disk space.
- Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
- On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
- Custom firewall rules aren't maintained during an upgrade.
- svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
- Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
- Pull request review comments migrated with
ghe-migrator are displayed in the wrong order.
- Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.
Upcoming deprecation of GitHub Enterprise 2.12
GitHub Enterprise 2.12 will be deprecated as of December 12, 2018. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.
The GitHub Team