GitHub Enterprise - The best way to build and ship software

The 2.15 series release notes contain important changes in this release series.

Security Fixes

MEDIUM: An attacker with direct network access to the server could send a specially crafted sequence of network packets that could cause a kernel panic or slow down the system causing a Denial of Service (DoS). For more information, see the associated CVEs: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479.
Packages have been updated to the latest security versions.

Internal API data values exceeded internal buffer sizes and caused access from the Git command-line to fail unconditionally for some users or deploy keys.
Pre-seeding the initial replica appliance in a HA configuration would result in the failure of the existing primary appliance.
The "Learn why" link beside the message "Custom sign-in messages are disabled when SAML authentication is enabled" pointed to a nonexistent help article.
GitHub Enterprise incorrectly enforced a version of Backup Utilities that was the same or newer than the precise patch version of GitHub Enterprise.

When pushing a very large number of Git LFS objects to a repository, the returning "Git LFS Integrity Check" warning message was confusing, leading users to think something went wrong.

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption.

Thanks!

The GitHub Team