The 2.17 series release notes contain important changes in this release series.
- HIGH: OpenSSL has been updated to address CVE-2020-1967.
- HIGH: Git has been updated to address CVE-2020-5260 and CVE-2020-11008. New restrictions prevent malicious repositories from being pushed to the server instance, protecting clients which have not yet been patched.
- LOW: ImageMagick has been updated to address CVE-2019-10131.
- Packages have been updated to the latest security versions.
- A mismatch in MySQL configurations could cause backups to fail in large installations.
- A periodic task to clean up old log files would fail and send error messages to the local root account.
- The recovery console would prompt for a root password, even if the root account was locked.
- When a GitHub Enterprise Server license contained non-ASCII characters, a
GET request to the Management Console API
/setup/api/settings endpoint would result in an Internal Server Error.
- When using the GraphQL's API for filtering issues assigned to a non-existent user, the message received would not be descriptive enough.
- A CODEOWNERS file with a leading UTF-8 Byte Order Mark would cause all codeowner rules to be ignored.
- When an external identity provider controlled user's site administrator status, users could not be demoted via the command line utility.
Upcoming deprecation of GitHub Enterprise Server 2.17
GitHub Enterprise Server 2.17 will be deprecated as of May 23, 2020 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
- On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
- Custom firewall rules aren't maintained during an upgrade.
- Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
- Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
- Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
- Lines in gists are not selectable.
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
The GitHub Team