The 2.13 series release notes contain important changes in this release series.
jekyll-remote-themegem for GitHub Enterprise
A CRITICAL issue was identified that allows an attacker with repository write access to create Pages sites that can display the content of system files. This could used to further escalate the vulnerability to execute arbitrary commands on the GitHub Enterprise appliance.
The affected supported versions are:
We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.12.20, 2.13.12, 2.14.6, or greater.
jekyll-remote-themegem of GitHub Pages could allow users to display the content of local files.
Connection timed outif the hookshot service was unable to run migrations due to a firewall update that ran out of order.
ghe-repl-setupallowed re-adding the same node as a replica.
ghe-config-checkwould hang if run without any arguments.
hookshotlogs weren't purged properly in Elasticsearch and could consume large amounts of disk space.
ghe-migratorcould fail to complete trying to add the same label to an issue.
500 Internal Server Errorif a reviewer is no longer a member of the GitHub Enterprise environment.
ghe-migratorfails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
ghe-migratorfails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
The GitHub Team