The 2.8 series release notes contain important changes in this release series.
Security Fixes
- LOW: New, invited users received their initial passwords in clear text via e-mail. A password reset link, valid for 24 hours, is sent to the user instead.
- Packages have been updated to the latest security versions.
Bug Fixes
- The secondary NTP server was not allowed to be blank.
- A search index that was not marked as the primary index, for example when a new index was being built after an upgrade, could be incorrectly deleted.
- OAuth application authorization failed when the path contained more than one query parameter.
- The initial import of the VMware OVA image would fail when deployed via vCenter Server 6.0 or 6.5.
Changes
- A clustering environment requires at least 2
metrics-server
s.
Deprecation of GitHub Enterprise 2.5
GitHub Enterprise 2.5 is now deprecated as of March 14, 2017. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.
Upcoming deprecation of GitHub Enterprise 2.6
GitHub Enterprise 2.6 will be deprecated as of April 26, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.
Known Issues
- We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
- Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
- On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
- Custom firewall rules aren't maintained during an upgrade.
- Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.
- Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
- GitHub Enterprise clustering can not be configured without https.
- Graphs in the Management Console monitoring page are incorrectly sorted.
- An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
- collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
- After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
Thanks!
The GitHub Team