With the new features added in GitHub Enterprise 2.4.0, you can:
- In private mode, deploy keys now only give access to the repository they are assigned to. The behavior of deploy keys was previously vague and allowed access to every public repository on the appliance in private mode. This behavior wasn't documented, and is considered unexpected behavior.
- Fullscreen (Zen mode) editing has been removed.
Upgrading to the 2.4 release series is supported from GitHub Enterprise 2.2.0 and above.
- Email couldn't be sent over TLS when SSL was disabled.
- Viewing a repository's push log in a web browser displayed the warning 'Reflog Sync disabled on this repository. Results maybe out of date.' This was cosmetic only and did not indicate an issue with the push log or repository storage.
- Improved the efficiency of Git LFS operations.
- When a fork was detached from its repository network by an administrator or by changing visibility, its filesystem path wasn't updated on a high availability replica until at least one commit had been pushed.
- DNS responses are cached to speed up lookups and to reduce the load on DNS servers.
- Gist repositories were not garbage collected by the maintenance scheduler.
- Packages have been updated to the latest security versions.
- LOW: Organization user lookup could reveal private members of other organizations.
- LOW: DES-based SSH ciphers are disabled for Git operations over SSH.
Upcoming deprecation of authentication using GitHub OAuth
User authentication via GitHub OAuth is being deprecated and will be removed in a future feature release. It will be removed no sooner than November 2015.
GitHub Enterprise includes support for authenticating users via OAuth to accounts on GitHub.com because it provides a simple way to set up external authentication. However, after speaking with many customers, we've found that organizations commonly have other sources they want to use to automate identity and access management.
We want to focus on features that best meet the needs of our users, so we're planning to remove support for GitHub OAuth in a future feature release and focus on making ongoing improvements to other authentication methods like SAML and LDAP.
Note that this change will only affect user authentication via GitHub.com and not personal access tokens or OAuth applications added to your GitHub Enterprise instance.
Upcoming deprecation of GitHub Enterprise 2.0
GitHub Enterprise 2.0 will be deprecated as of January 1, 2016. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.
- We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
- Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
- On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
- The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
- Management console sessions can expire too quickly for Safari users.
- Custom firewall rules aren't maintained during an upgrade.
Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
- Enqueued background jobs are sometimes not purged when a repository is deleted.
- Restoring backups from previous versions fail. As a workaround, create an instance matching the version the backup was taken from, restore the backup, then upgrade. (updated 2015-11-05)
- High availability replication sometimes fails to set the MySQL password correctly which prevents MySQL replication from starting. (updated 2015-11-11)
- High availability replication sometimes fails to set the correct master identifier during an upgrade. This prevents MySQL replication from starting. (updated 2015-11-11)
- Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
- Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)
- The failure to migrate repositories in an incomplete state to the new repository disk layout was resolved in 2.4.0. (updated 2015-12-01)
The GitHub Team