The 2.13 series release notes contain important changes in this release series.
jekyll-remote-theme
gem for GitHub EnterpriseA CRITICAL issue was identified that allows an attacker with repository write access to create Pages sites that can display the content of system files. This could used to further escalate the vulnerability to execute arbitrary commands on the GitHub Enterprise appliance.
The affected supported versions are:
We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.12.20, 2.13.12, 2.14.6, or greater.
jekyll-remote-theme
gem of GitHub Pages could allow users to display the content of local files. gzip
encoding. Connection timed out
if the hookshot service was unable to run migrations due to a firewall update that ran out of order. ghe-repl-status
. ghe-repl-setup
allowed re-adding the same node as a replica. ghe-config-check
would hang if run without any arguments. hookshot
logs weren't purged properly in Elasticsearch and could consume large amounts of disk space. ghe-migrator
could fail to complete trying to add the same label to an issue. 500 Internal Server Error
if a reviewer is no longer a member of the GitHub Enterprise environment. ghe-migrator
. ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team