GitHub Enterprise - The best way to build and ship software

The 2.12 series release notes contain important changes in this release series.

Security Fixes

LOW: Changed how certain types of exceptions are handled to prevent sensitive user data from being written to log files.

Resetting the self signed certificate, either manually or as a result of a hostname or IP change, would fail.
Duplicate object identifier (OID) entries were returned for the mounted partitions.
Updates the support of automatically-managed TLS certificates from Let's Encrypt to request a single-domain certificate when Subdomain Isolation is disabled, and a multi-domain (SAN) certificate when Subdomain Isolation is enabled. A GitHub Enterprise installation will no longer require a wildcard DNS record to use this feature when Subdomain Isolation is disabled.
Corrects calculation of hour and day of month for the crontab entry supporting renewals of automatically-managed ACME (Let's Encrypt) TLS certificates.
Users may be unable to sign in to GitHub Enterprise via a private GitHub Pages site if subdomain isolation is enabled.
ghe-migrator failed when the user was not a member of the organization at the time of export.
Pages builds failed when TLS is disabled.

Disabled redundant UDP listener in memcached.
The appliance's UUID has been added to the replication overview page.
Updated ESX image guest identifier to other26xLinux64Guest, which allows provisioning 65-128 virtual CPU cores on VMWare.
The footer has been updated to display current version of GitHub Enterprise.

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.
On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team