GitHub Enterprise 2.5.0 February 09, 2016 Series notes · Download

New Features

With the new features added in GitHub Enterprise 2.5.0, you can:

Changes

Upgrading

Upgrading to the 2.5 release series is supported from GitHub Enterprise 2.3.0 and above.

Backup & Restore

In order to backup and restore GitHub Enterprise 2.5, you will need to upgrade backup-utils to version 2.5.0.

Bug Fixes

Security Fixes

Git LFS Client Vulnerability

An issue was identified that could allow an attacker to execute arbitrary commands on a user’s computer if they had Git LFS installed and cloned a malicious repository. Git LFS supports a per-repository configuration file to customize how certain aspects of Git LFS function. However, this file also allowed arbitrary Git configuration options to be modified. We have addressed the vulnerability by whitelisting the set of per-repository Git LFS configuration options that can be used to a safe subset.

GitHub Enterprise is not directly affected as this is a client-side vulnerability but as Git LFS is now enabled by default, we recommend you upgrade your clients to Git LFS 1.0.1 or later to address this vulnerability.

Asset storage changes (updated 2016-02-24)

To prepare for GitHub Clustering, this release changes the way GitHub Enterprise stores assets, such as release downloads, Git LFS objects, Avatars, and image attachments to wikis and issues. On instalations with many large assets, moving assets to their new location can take a long time. As always, we encourage you to test the upgrade in a staging environment before upgrading your production instance.

Deprecation of GitHub Enterprise 2.0

GitHub Enterprise 2.0 is now deprecated. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Upcoming deprecation of GitHub Enterprise 2.1

GitHub Enterprise 2.1 will be deprecated as of April 4, 2016. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Deprecation of Support for Internet Explorer 9 and 10

Support for Internet Explorer 9 and 10 will be deprecated in a future release. There will be no changes in site functionality, but a warning banner will be displayed to Internet Explorer 9 and 10 users.

Known Issues

Errata

Thanks!

The GitHub Team