GitHub Enterprise 2.14.4 August 28, 2018 Series notes · Download

The 2.14 series release notes contain important changes in this release series.

A file path traversal vulnerability in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker with repository write access to create Pages sites that can display the content of system files. This could used to further escalate the vulnerability to execute arbitrary commands on the GitHub Enterprise appliance.

The affected supported versions are:

GitHub Enterprise 2.11 is not vulnerable.

We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.12.18, 2.13.10, 2.14.4, or greater.

Security Fixes

Bug Fixes

Upcoming deprecation of GitHub Enterprise 2.11

GitHub Enterprise 2.11 will be deprecated as of September 13, 2018. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues


The GitHub Team