With the new features added in GitHub Enterprise 2.7.0, you can:
- CRITICAL: In current (less than 2.7) versions of GitHub Enterprise, a SAML or CAS authenticated user may log in as another user if they have full control of the login value registered with the external authentication provider. While this issue only affects specific installations, we have released this as a CRITICAL issue given its impact when external authentication configurations allow user control of registered logins.
- LOW: The permissions on
rbenv, used by many components of GitHub Enterprise, have been tightened.
- Packages have been updated to the latest security versions.
- Webhook responses that were not encoded as UTF-8 would not be viewable in the delivery log.
- Organizations could be suspended using the
- Transparent avatars were rendered with an opaque white background.
- Clicking the rocket icon led to the current repository administration page instead of the intended Site admin page.
- The first part of the fully qualified hostname was used in the system logs instead of the normalized hostname.
- Uploading PNG images with drag and drop could fail with the error 'Something went really wrong, and we can't process that file.'.
- The mobile view of a repository didn't show the total number of commits.
- Repository push logs didn't record whether a push was forced.
- Avatars may not have been displayed on preview.
- Console text was difficult to read on OpenStack KVM.
- The "Revert" button was missing when a pull request was squash merged. (updated 2016-09-21)
- Upgrading of Elasticsearch indices is now a background process. Searching will continue to operate normally during this time.
- The speed of some SVN to Git operations has been improved.
ghe-webhook-logs command line utility, a command-line viewer for webhook logs has been introduced.
- Unsubscribe links now require authentication. The logged in user must match the user the link was originally sent to in order for the unsubscribe to occur.
- RequestDenied SAML responses are better handled and a descriptive message is returned to the user.
- Webhooks can now be migrated along with repository and user data using
- GitHub Pages uses Jekyll 3.1.
Backups and Disaster Recovery
GitHub Enterprise 2.7 requires at least GitHub Enterprise Backup Utilities 2.7.0 for Backups and Disaster Recovery. (updated 2016-08-15)
Deprecation of GitHub Enterprise 2.2
GitHub Enterprise 2.2 is now deprecated. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.
Upcoming deprecation of GitHub Enterprise 2.3
GitHub Enterprise 2.3 will be deprecated as of October 2016. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.
Upcoming deprecation of Markdown engines
GitHub Pages on GitHub Enterprise 2.8 and later will only support kramdown, Jekyll's default Markdown engine. If you are currently using Rdiscount or Redcarpet we've enabled kramdown's GitHub-flavored Markdown support by default, meaning kramdown should have all the features of the two deprecated Markdown engines, so the transition should be as simple as updating the Markdown setting to
kramdown in your site's configuration (or removing it entirely).
- We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
- Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
- On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
- Custom firewall rules aren't maintained during an upgrade.
- Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent
svn checkout attempts will succeed.
- Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
- GitHub Enterprise clustering can not be configured without https.
- Administrators cannot view a user's GPG keys via the Site Admin dashboard.
- Additional white spacing can sometimes be seen above the Admin center header.
- When LDAP sync is enabled for SSH and/or GPG keys, users are still able to add new keys via the web UI.
- New and upgraded AWS-hosted instances will default to using
188.8.131.52 for the DNS server. This can cause issues if that DNS server is not reachable. Run:
sudo rm /etc/resolv.conf && sudo ln -s /etc/resolvconf/run/resolv.conf /etc/resolv.conf and then reboot to workaround this issue. (updated 2016-08-04)
- Pre-receive hooks using the
awk command in the default hook environment will fail with a cannot open shared object file message. (updated 2016-08-08)
git operations may block indefinitely if the data volume has less than 10% free disk space. (updated 2016-08-16)
- Issue assignees assigned in GitHub Enterprise 2.6 or earlier aren't visible. (updated 2016-08-27)
- The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
- Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
- collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
- Editing custom messages in the Admin center doesn't provide emoji suggestions was resolved in 2.7.0. (updated 2016-09-21)
- Native emoji are lost when saving custom messages in the Admin center was resolved in 2.7.0. (updated 2016-09-21)
The GitHub Team