The 2.3 series release notes contain important changes in this release series.
We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Email can't be sent over TLS when SSL is disabled.
Deleting a user doesn't delete their gists, which can cause problems with replication.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
Management console sessions can expire too quickly for Safari users.
Gist repositories are not garbage collected by the maintenance scheduler.
Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
Enqueued background jobs are sometimes not purged when a repository is deleted.
When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
HIGH (CVE-2015-7547) 2.3 is vulnerable to
glibc getaddrinfo stack-based buffer overflow. To manually patch your appliance, apply the hotfix by connecting to your appliance via SSH and running these commands: (updated 2016-02-17)
$ curl -O https://github-enterprise.s3.amazonaws.com/patches/github-enterprise-libc-precise.hpkg $ md5sum github-enterprise-libc-precise.hpkg # c068256696f2775579e2cd8223f82306 $ chmod +x github-enterprise-libc-precise.hpkg $ ./github-enterprise-libc-precise.hpkg
The GitHub Team