GitHub Enterprise Server 2.16.4 March 13, 2019 Series notes · Download

The 2.16 series release notes contain important changes in this release series.

Arbitrary file content disclosure vulnerability in GitHub Enterprise Server

A CRITICAL issue was identified in Rails that allows an attacker to send a specially crafted request that could allow arbitrary files to be read and the file content to be disclosed.

The affected supported versions are:

All older, no longer supported versions are also affected.

We strongly urge upgrading your GitHub Enterprise Server appliance to the latest patch release in your series, GitHub Enterprise Server 2.13.22, 2.14.16, 2.15.9, 2.16.4, or greater immediately. If you have any questions, please contact GitHub support at

Security Fixes

Bug Fixes

Known Issues


The GitHub Team