GitHub Enterprise - The best way to build and ship software

The 2.3 series release notes contain important changes in this release series.

Bug Fixes

User sessions were not properly revoked when they reached the expiry limit set by the SAML identity provider (IdP).

MEDIUM Resolved a cross-site scripting (XSS) vulnerability in task lists.
MEDIUM Implemented mitigation for a URI decoding vulnerability that affects modern versions of Microsoft Internet Explorer.
Packages have been updated to the latest security versions.

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team