GitHub Enterprise - The best way to build and ship software

The 2.17 series release notes contain important changes in this release series.

Security Fixes

HIGH: An attacker could inject potentially malicious options into Git sub-commands when executed on the server. This could allow an attacker to truncate existing files on the server or execute other unintended functionality of affected Git sub-commands. To exploit this vulnerability, an attacker would need permission to create a branch within a repository on the GitHub Enterprise Server instance. This vulnerability was reported through the GitHub Security Bug Bounty program.
MEDIUM: GitHub App permissions could be incorrectly set by the user.
Packages have been updated to the latest security versions.

The database wouldn't automatically reconnect, which caused dependency graphs not to show on repositories.
When creating an organization, name availability check wouldn't correctly display its URL.
Using ghe-migrator or exporting from GitHub.com, an export would silently fail to export issue comments when a repository was archived.
GitHub Enterprise Server was incorrectly using support@example.com as the sender of notification emails in certain circumstances.
GitHub app managers were able to access and manage applications for the organization after being removed from it.
Comparing OAuth Access Tokens returned 404 Not Found error.
Deleting a repository and its projects could delete other owned or accessible projects.
When enabling a feature for GitHub Connect resulted in an error, users were not properly notified.

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
Lines in gists are not selectable.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

Thanks!

The GitHub Team