GitHub Enterprise - The best way to build and ship software

The 2.19 series release notes contain important changes in this release series.

Security Fixes

If a repository has the "automatically delete head branches" setting enabled, the head branch wasn't automatically deleted, when a pull request was merged by a GitHub App installation.
When an organization member was reinstated, the webhook payload reported the ghost user as the sender and not the actual user performing the reinstatement.
If a repository has the "automatically delete head branches" setting enabled, the head branch wasn't automatically deleted where the head repository was different from the base repository.
The garbage collection of temporary files could lead to a license validation error.
In some situations, including when a repository is first created, the pre-receive hook would be run without a value populated for the GITHUB_REPO_PUBLIC environment variable.

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When pushing to a gist, an exception could be triggered during the post-receive hook.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team