The 2.14 series release notes contain important changes in this release series.
- CVE-2018-16471 was addressed by updating Rack.
- Packages have been updated to the latest security versions.
- A stale temporary file could prevent an object managed by the Alambic service, which handles binary data such as avatars and image attachments, from syncing to HA or cluster replica nodes.
- Attempting to save settings in the Management Console incorrectly raised a validation error when an already saved TLS certificate or private key contains bag attributes.
- Custom DNS resolver settings were reverted during appliance hotpatch upgrades.
/var/log/error was not automatically rotated with logrotate and could sometimes use too much disk space.
- A slow memory leak would result in performance degradation over time.
POST /repos/:owner/:repo/pulls REST API endpoint could return a 502 Bad Gateway response due to using suboptimal query indexes.
- On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
- Custom firewall rules aren't maintained during an upgrade.
- svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
- Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
- The import of project boards with
ghe-migrator fails when the creator of a card on the board no longer exists on the source instance.
- Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
- Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
- Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
The GitHub Team