GitHub Enterprise - The best way to build and ship software

The 2.16 series release notes contain important changes in this release series.

Security Fixes

MEDIUM: A race condition allowed a malicious GitHub App integrator to gain escalated user privileges by quickly updating their App's permissions during the OAuth flow.
Packages have been updated to the latest security versions.

Webhooks continued to be delivered via a proxy server after removing the proxy configuration.
Background jobs for the Content Attachments API used by GitHub Apps were not processed and as a result context information was not shown.
Successful delivery logs for Webhooks sent through a proxy server were reported as a delivery error if the proxy server inserted additional headers.
The migrations that are run while upgrading to GitHub Enterprise Server 2.16.0 could report "Column cache_version_number cannot be null" errors being logged to /var/log/github/exceptions.log.

Site admins can no longer create GitHup Apps and OAuth apps that start with the reserved words github or gist.

On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Stricter REST API validation has been prematurely enabled. As a result, API requests that previously succeeded may be rejected with a 422 Unprocessable Entity response. (updated 2019-02-01)
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Thanks!

The GitHub Team