The 2.14 series release notes contain important changes in this release series.
- CRITICAL: A file path traversal vulnerability in the
jekyll-remote-theme gem of GitHub Pages could allow users to display the content of local files.
ghe-repl-setup allowed re-adding the same node as a replica.
- GitHub Enterprise API responses would not be compressed when requested with
- Webhooks could fail to be delivered if the compressed payload was greater than 1 MB.
- Upgrades could fail with
Connection timed out if the hookshot service was unable to run migrations due to a firewall update that ran out of order.
- Repository replication records may be created inconsistently, resulting in unreported replication failures. This type of replication failure is now reported in
- Replication could fail due to stale or duplicate entries to the primary in a replica's
- Messages sent from the email service hook failed when the upstream SMTP server didn’t accept the
plain authentication method.
- Using Safari, administrators were unable to schedule a future hotpatch upgrade from the Management Console due to an incompatible date parse.
ghe-config-check would hang if run without any arguments.
hookshot logs weren't purged properly in Elasticsearch and could consume large amounts of disk space.
- Migrations with
ghe-migrator could fail to complete trying to add the same label to an issue.
- The pull request page could fail to load with a
500 Internal Server Error if a reviewer is no longer a member of the GitHub Enterprise environment.
- Users were unable to view the diff of comment edits, delete comment edit history items, dismiss the comment edit history onboarding, and reload on comment edits for gist comments.
- GitHub Enterprise clustering has been updated to purge older than one hour MySQL binary logs prior to a
- On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
- Custom firewall rules aren't maintained during an upgrade.
- svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
- Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
- The import of protected branches with
ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
- The import of project boards with
ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
- Upgrading to a later version in this series may overwrite custom DNS entries in
/etc/resolvconf/resolv.conf.d/head (updated 2018-12-19)
- Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
- Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
- Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
The GitHub Team