Features

• Configure visibility for organization membership to allow or disallow users in your instance to see all members of their organizations.
• Extend user dormancy threshold from one month up to 90 days.
• Allow administrators to enable anonymous Git read access to public repositories when your instance is in private mode.
• Contact GitHub Enterprise Support using the Management Console.
• Provide data to GitHub Enterprise Support using command-line utilities and improve diagnostic files for providing data to GitHub Enterprise Support.
• Set granular permissions for project boards owned by organizations.
• Triage and prioritize bugs using an automated project board template.
• Reopen a closed project board and optionally resync automation.
• Require multiple approving reviews for pull requests against a protected branch.
• Request to add or change a parent team for a team in an organization.
• Use multiple issue templates in your repository with the issue template builder.
• Keep track of issues, pull requests, repositories, and organizations using improved personal and organization dashboards.
• See a comment's edit history.
• Request that an organization owner install an integration, and approve or deny requests.
• Search globally across your instance or scope your search to a particular organization or repository.
• Ignore whitespace changes in a pull request.
• Use keyboard shortcuts to autofill a saved reply, view user hovercards, and focus the search bar.
• Allow administrators to override the suggested protocol for cloning.
• View alerts when the configured TLS certificate will expire in the next 30 days.
• Communicate richer feedback to check runs against code changes with the new Checks API.

Security Fixes

• HIGH: A GitHub App could download a repository archive that it was not authorized to access during installation.
• MEDIUM: Command-line injection could be triggered by uploading a specially-crafted pre-receive hook environment.
• MEDIUM: Environment variables passed to pre-receive hook scripts were not properly escaped.
• LOW: It was possible to start a shell from the network configuration settings screen available on a virtual console.
• LOW: Filtering of parameters in log files was changed from a blacklist of fields to a whitelist. This ensures that less values are logged and in the future no values are accidentally logged.
• LOW: The body of API requests containing sensitive data was written to log files on the appliance. The request body is now only logged for debugging purposes and sensitive data is scrubbed before being logged.
• Packages have been updated to the latest security versions.

Bug Fixes

• Parallel uploads of the same Git LFS object could fail but reported as successful.
• Jupyter notebooks added to a Gist would fail to render on appliances with subdomain isolation disabled.
• Including the port in the Host header when requesting a Pages site would return a 404 error.
• A pull request created via the API could be assigned an ID of 0.
• The LDAP users page at /stafftools/users/ldap had layout and accessibility issues.
• The Fork button was enabled for repositories in cases where a repository could not be forked anywhere.

Changes

• Upgrade to Elasticsearch 5.6. An upgrade to GitHub Enterprise 2.14 requires a manual migration while the appliance is running GitHub Enterprise 2.12 or 2.13.
• Following users is rate limited to 35 users per minute or 300 users per hour.
• /var/log/github/audit.log has been updated to output audit events only when there has been a change.
• babeld.log has been updated to include the X-Forwarded-For and ts (timestamp) metadata.
• Renaming an existing user is enabled for SAML configured appliances.
• New REST API resources have been added.
• GraphQL API schema has been updated.
• New webhook events have been added.

Backups and Disaster Recovery

GitHub Enterprise 2.14 requires at least GitHub Enterprise Backup Utilities 2.14.0 for Backups and Disaster Recovery.

Upcoming deprecation of GitHub Services

Starting with GitHub Enterprise 2.17.0, support for GitHub Services will be deprecated and administrators will not be able to install or configure new GitHub Services. Existing GitHub Services from a previous version of GitHub Enterprise will continue to function but GitHub Enterprise will not be providing any security or bug fixes to the GitHub Services functionality. At this time, there will be no changes to the existing functionality, but a warning banner will be displayed with the deprecation announcement blog post. Administrators can see which repositories are using GitHub Services with ghe-legacy-github-services-report. (updated 2017-07-24)

Upcoming deprecation of Internet Explorer 11 support

Support for Internet Explorer 11 will be deprecated on September 13, 2018.

Known Issues

• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• The high availability replication status as reported by ghe-repl-status could report a harmless error, parse error: Invalid numeric literal at line 1, column 3. (updated 2018-07-17)
• The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
• The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
• Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
• Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
• Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team