GitHub Enterprise - The best way to build and ship software

GitHub Enterprise 2.9.1 March 14, 2017 Series notes · Download

The 2.9 series release notes contain important changes in this release series.

Security Fixes

LOW: New, invited users received their initial passwords in clear text via e-mail. A password reset link, valid for 24 hours, is sent to the user instead.
Packages have been updated to the latest security versions.

Bug Fixes

Incorrect support bundle and diagnostics instructions were displayed for high availability environments.
The secondary NTP server was not allowed to be blank.
A search index that was not marked as the primary index, for example when a new index was being built after an upgrade, could be incorrectly deleted.
OAuth application authorization failed when the path contained more than one query parameter.
The initial import of the VMware OVA image would fail when deployed via vCenter Server 6.0 or 6.5.
Starting high availability replication would fail if the appliance was previously configured as a replica.
Git replication maintenance jobs failed to complete if there were unhealthy repositories prior to upgrading to 2.9.
An unused locations search index was incorrectly listed in the site admin indexing page.
Site administrators may have experienced 500 Internal Server Error if the license was approaching expiration or was close to the seat limit.
Accessing a GitHub Pages site would cause 500 Internal Server Error.
It was not possible to enable or disable maintenance mode through the Management Console.
Issues or pull requests with renamed labels were not properly indexed for filtering.
On Google Compute Engine, it was possible to use an ephemeral scratch disk as repository storage.

Changes

A clustering environment requires at least 2 metrics-servers.

Deprecation of GitHub Enterprise 2.5

GitHub Enterprise 2.5 is now deprecated as of March 14, 2017. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Upcoming deprecation of GitHub Enterprise 2.6

GitHub Enterprise 2.6 will be deprecated as of April 26, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
Custom firewall rules aren't maintained during an upgrade.
Enqueued background jobs are sometimes not purged when a repository is deleted.
svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
GitHub Enterprise clustering can not be configured without https.
Graphs in the Management Console monitoring page are incorrectly sorted.
It's possible to queue more jobs to repair a search index through the site admin than can be processed in a reasonable time, causing low priority jobs to become backlogged.
Deleting a search index doesn't delete all associated metadata, which is then incorrectly reused if a new search index is created. This can cause search index repair jobs to be reported as finished in the site admin when they're not.
A configuration run can incorrectly revert an SSL certificate to an automatically generated self-signed certificate.
The /status endpoint on a high availability replica incorrectly returns 200 OK instead of 503 Service Unavailable.
Site administrators can experience a 500 Internal Server Error after viewing the history for a file path containing Japanese characters. (updated 2017-03-30)
An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team