GitHub Enterprise - The best way to build and ship software

The 2.13 series release notes contain important changes in this release series.

Security Fixes

LOW: Changed how certain types of exceptions are handled to prevent sensitive user data from being written to log files.

Resetting the self signed certificate, either manually or as a result of a hostname or IP change, would fail.
Monitoring graphs in the management console can be unavailable when a metrics node is down in a cluster configuration.
Updates the support of automatically-managed TLS certificates from Let's Encrypt to request a single-domain certificate when Subdomain Isolation is disabled, and a multi-domain (SAN) certificate when Subdomain Isolation is enabled. A GitHub Enterprise installation will no longer require a wildcard DNS record to use this feature when Subdomain Isolation is disabled.
Corrects calculation of hour and day of month for the crontab entry supporting renewals of automatically-managed ACME (Let's Encrypt) TLS certificates.
Users may be unable to sign in to GitHub Enterprise via a private GitHub Pages site if subdomain isolation is enabled.
After upgrading to 2.13.0, users could lose access to their LDAP mapped teams when LDAP sync was enabled.
The dashboard graphs at /dashboards/overview were empty.
Generated identicons for GitHub Apps and OAuth Apps responded with a 404 Not Found.
LDAP sync could suspend user accounts created with built-in authentication.
Pages builds failed when TLS is disabled.

Proportional Set Size (PSS) metric has been added to ghe-diagnostics.
Disabled redundant UDP listener in memcached.
Updated ESX image guest identifier to other26xLinux64Guest, which allows provisioning 65-128 virtual CPU cores on VMWare.
The footer has been updated to display current version of GitHub Enterprise.

Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Pull request review comments are missing from an import with ghe-migrator.
We incorrectly show a warning message, "You can't perform this action at this time", on team discussion pages. The message can be safely ignored. (updated 2018-04-11)
On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)
The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team