- On a repository branch, repository administrators can reject any push that contains a merge commit by enabling
Require linear history using branch protection rules.
- Repository administrators can grant all users with push access the ability to force-push to a protected branch by enabling
Allow force pushes using branch protection rules.
- Repository administrators can grant all users with push access the ability to delete a protected branch by enabling
Allow deletions using branch protection rules.
- Administrators can set a
maxobjectsize limit on repositories, limiting the size of push commits to a repository that are not in Git LFS.
- Organization owners can create a set of default labels when creating a new repository.
- Packages have been updated to the latest security versions.
- When a member of an organization tried to view a public repository in that organization, an SSO prompt could break the page display.
- When viewing a users' profile, the links to that users' teams could be broken.
- Users with the
maintain role were unable to edit repository topics.
- A user who isn't an administrator for an organization would receive a 500 error when attempting to access the sign up page.
- The edit history popup would not display on gist comments.
- A new account could be registered with an email that was already registered.
- A storage service was hitting a file descriptor limit and causing kernel hanging and other services to log errors.
- When an autolink reference was part of a url, the hyperlink could be removed.
- When adding a comment to a pull request, the
Linked Issues section from the sidebar could disappear.
- When editing an existing organization invitation for a user, a duplicate header could be appear on the
resqued service could stop logging events when the queues became too large.
- Self-signed certificates are not automatically generated when running the
ghe-config-apply command for cluster and high-availability configurations.
- No logo will be displayed for a topic if one has not been uploaded.
- When viewing an issue on a mobile browser, the issue metadata is listed at the top of the page.
- Consul's top-level domain has changed from ".consul" to ".ghe.local".
- The hookshot service no longer relies on ElasticSearch and only uses MySQL as a database store.
- Improved visual distinction between issue, project and discussion has been implemented on project note cards.
- On a pull request review, a notice is displayed if a multi-line comment is truncated.
- Users can view their audit log on the
Security Log tab of their personal settings page.
Internal Visibility in GitHub Enterprise Server
On May 23, 2019 GitHub launched internal visibility for repositories within a GitHub Enterprise Cloud account, making it easier to innersource code and projects to organization members while restricting access to outside collaborators. Our goal, starting with GitHub Enterprise Server 2.20, is to unify the repository visibility experience between GitHub Enterprise Cloud and GitHub Enterprise Server.
In this release, administrators may run an optional migration script to convert all public repositories into internal repositories. When running this migration when private mode is enabled, administrators should expect the following changes:
- All organization public repositories become internal repositories
- All user public repositories become private
- Forks of public repositories become private forks (fork network maintained)
- Creation of public repositories will be disabled (can be re-enabled)
This migration is optional at this time to allow customers to test these changes on a non-production instance. This migration will become mandatory in a later release. For more information, please contact your account representative.
Backups and Disaster Recovery
GitHub Enterprise Server 2.20 requires at least GitHub Enterprise Backup Utilities 2.20.0 for Backups and Disaster Recovery.
Upcoming Deprecation of GitHub Enterprise Server 2.17
GitHub Enterprise Server 2.17 will be deprecated as of May 23, 2020. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Deprecation of Adding New SSH-DSS Keys
The addition of new SSH-DSS keys is removed in GitHub Enterprise Server 2.20.0.
Deprecation of the Legacy Gravatar Service
Support for using an external service for Avatars was deprecated in GitHub Enterprise Server 2.1.0. At the time, functionality was implemented to copy avatars from the external service to the GitHub Enterprise Server and the configuration options remained in Enterprise Manage for instances configured with an external service prior to the deprecation. This functionality and configuration is removed from GitHub Enterprise Server 2.20.0.
Deprecation of Password-based HTTP basic authentication
Password-based HTTP basic authentication is deprecated in GitHub Enterprise Server 2.20.0. This functionality will continue to operate via personal access tokens.
- On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
- Custom firewall rules are not maintained during an upgrade.
- Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
- Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
- When pushing to a gist, an exception could be triggered during the post-receive hook.
- Duplicate webhook entries in the database can cause upgrades from previous versions to fail. (updated 2020-02-26)
The GitHub Team