New Features

With the new features added in GitHub Enterprise 2.3.0, you can:

• Use the API to create new users and organizations.
• Impersonate a user when making API calls, just as you can through the web interface.
• Have finer control over permissions with read-only deploy keys.
• Migrate complete repositories from one GitHub instance to another with ghe-migrator.
• Configure an HTTP proxy for outbound traffic, such as webhooks.

Changes

• Updates to the Authorizations API include breaking changes. If you use the Authorizations API, you should review the changes and update your usage before upgrading. (updated 2015-08-06)
• We no longer send email invitations when adding a user to an organization.
• The queues for background jobs can now be paused and resumed using the ghe-resque-info command line utility.
• Browsers no longer send a Referer header on requests originating from the GitHub Enterprise to prevent leaking the location of your Enterprise instance.
• The search index definitions have changed. Some searches will return partial results while the search indices are rebuilt. (updated 2015-10-07)

Upgrading

Upgrading to the 2.3 release series is supported from GitHub Enterprise 2.1.0 and above.

Bug Fixes

• Ubuntu packages have been updated to the latest bugfix versions.
• When displaying a commit made with an email address that doesn't belong to an existing GitHub Enterprise user, we loaded a default avatar from a GitHub.com subdomain.
• During an upgrade, checking the validity of the SSL certificate and key could output an error message. There is nothing wrong, but the error message can look scary.
• Using uppercase characters in the hostname caused a redirect loop.
• CSV files on Pages sites were transferred uncompressed.
• We didn't show an error if you uploaded an invalid license when the current license was expired.
• The page displayed when GitHub Enterprise is in maintenance mode could show an out of date support email address.
• Gist profile pages didn't have proper styling when subdomain isolation was disabled.
• Global notices weren't displayed on mobile devices.
• We didn't properly show user details in the search section of a user's profile in the site admin.
• Dashboard activity feed links pointed to the wrong hostname after restoring from backup if the hostname had changed.
• We displayed the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Replication setup failed for IPv6 hosts.
• Gists couldn't be created when using Safari 8.x in Private Mode.
• Users with LDAP DNs longer than 255 characters were suspended if LDAP Sync was enabled. (updated 2015-08-20)
• Deleting a user didn't delete their gists, which could cause problems with replication. (updated 2015-10-12)

Security Fixes

• Ubuntu kernel and packages have been updated to the latest security versions.
• MEDIUM: Cached form objects could cause CSRF tokens to be shared across users.

Upcoming deprecation of authentication using GitHub OAuth

User authentication via GitHub OAuth is being deprecated and will be removed in a future feature release. It will be removed no sooner than November 2015.

GitHub Enterprise includes support for authenticating users via OAuth to accounts on GitHub.com because it provides a simple way to set up external authentication. However, after speaking with many customers, we've found that organizations commonly have other sources they want to use to automate identity and access management.

We want to focus on features that best meet the needs of our users, so we're planning to remove support for GitHub OAuth in a future feature release and focus on making ongoing improvements to other authentication methods like SAML and LDAP.

Note that this change will only affect user authentication via GitHub.com and not personal access tokens or OAuth applications added to your GitHub Enterprise instance.

Known Issues

• Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• Management console sessions can expire too quickly for Safari users.
• Gist repositories are not garbage collected by the maintenance scheduler.
• Custom firewall rules aren't maintained during an upgrade.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Email can't be sent over TLS when SSL is disabled.
• During an upgrade, checking the validity of the SSL certificate and key could output an error message. There is nothing wrong, but the error message can look scary.
• When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• Viewing a repository's push log in a web browser displays the warning "Reflog Sync disabled on this repository. Results maybe out of date." This is cosmetic only and does not indicate an issue with the push log or repository storage. (updated 2015-08-28)
• When a member of a team with admin access tries to add a new team member, it fails without an error. Only the Owners team can add new team members. (updated 2015-09-08)
• Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

• Under some circumstances, it is still possible to trigger a harmless error message when checking the validity of the SSL certificate and key during an upgrade.
• Not deleting a user's gists when deleting the user was fixed in 2.3.0. (updated 2015-10-12)

Thanks!

The GitHub Team