The 2.15 series release notes contain important changes in this release series.

Security Fixes

• CVE-2018-16471 was addressed by updating Rack.
• Packages have been updated to the latest security versions.

Bug Fixes

• A stale temporary file could prevent an object managed by the Alambic service, which handles binary data such as avatars and image attachments, from syncing to HA or cluster replica nodes.
• Attempting to save settings in the Management Console incorrectly raised a validation error when an already saved TLS certificate or private key contains bag attributes.
• Custom DNS resolver settings were reverted during appliance hotpatch upgrades.
• /var/log/error was not automatically rotated with logrotate and could sometimes use too much disk space.
• Submitting a comment after clicking the "Start a new conversation" button on a pull request diff raised an error under some circumstances.
• There was a layout issue with a notice shown to new organization members on the dashboard.
• Git authentication errors suggested the SSH protocol to the user even if it was disabled.
• The GitHub App installation settings page always showed the viewer as the one that had installed the App.
• Complicated rebases within very busy repositories could cause replicas to get out of sync, sometimes leading to transient push errors.
• The POST /repos/:owner/:repo/pulls REST API endpoint could return a 502 Bad Gateway response due to using suboptimal query indexes.
• The repository permissions settings for newly created organizations could get stuck in an "Update in progress" state.
• Pre-receive hook failures were not communicated to the end user when attempting to merge a pull request.
• The "Unsupported Browser" notice was not correctly shown when an unsupported browser was being used.

Known Issues

• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• Listing the GUIDs of migrations that are in progress with the ghe-migrator list command throws an error and fails.
• The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance.
• Some settings available on the /business page are inaccessible when the company name in the license file is comprised of multi byte strings.
• Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
• Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
• Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
• Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team