The 2.14 series release notes contain important changes in this release series.

Security Fixes

• CVE-2018-16471 was addressed by updating Rack.
• Packages have been updated to the latest security versions.

Bug Fixes

• A stale temporary file could prevent an object managed by the Alambic service, which handles binary data such as avatars and image attachments, from syncing to HA or cluster replica nodes.
• Attempting to save settings in the Management Console incorrectly raised a validation error when an already saved TLS certificate or private key contains bag attributes.
• Custom DNS resolver settings were reverted during appliance hotpatch upgrades.
• /var/log/error was not automatically rotated with logrotate and could sometimes use too much disk space.
• A slow memory leak would result in performance degradation over time.
• The POST /repos/:owner/:repo/pulls REST API endpoint could return a 502 Bad Gateway response due to using suboptimal query indexes.

Known Issues

• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance.
• Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
• Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
• Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)

Thanks!

The GitHub Team