Security Fixes

• HIGH OpenSSH packages have been updated to address multiple vulnerabilities.
• MED libxml2 and related packages have been updated to address multiple vulnerabilities.
• MED rsync has been updated to address a recently identified vulnerability.
• Packages have been updated to the latest security versions.
• LOW Passwords and two-factor one-time passwords could be written to the exceptions log.

Known Issues

• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Events in the github_audit log stream are logged twice.
• Jobs stuck on code indexing can delay other jobs from running.
• SNMP can't be run on high availability replicas.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Gists can't be created when using Safari 8.x in Private Mode.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Deprecation of GitHub Enterprise 2.0

GitHub Enterprise 2.0 is now deprecated. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Thanks!

The GitHub Team

Security Fixes

• HIGH An integer overflow in Git could result in incorrect memory allocation values (CVE-2016-2315, CVE-2016-2324). (updated 2016-03-17)
• MED OpenSSL packages have been updated to address multiple vulnerabilities.
• LOW Auto-completion within several fields of the management console settings could cause SNMP and LDAP secrets to be logged in plaintext.
• Packages have been updated to the latest security versions.

Known Issues

• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Events in the github_audit log stream are logged twice.
• Jobs stuck on code indexing can delay other jobs from running.
• SNMP can't be run on high availability replicas.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Gists can't be created when using Safari 8.x in Private Mode.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Upcoming deprecation of GitHub Enterprise 2.0

GitHub Enterprise 2.0 will be deprecated as of January 1, 2016. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Known Issues

• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Events in the github_audit log stream are logged twice.
• Jobs stuck on code indexing can delay other jobs from running.
• SNMP can't be run on high availability replicas.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Gists can't be created when using Safari 8.x in Private Mode.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Upcoming deprecation of GitHub Enterprise 2.0

GitHub Enterprise 2.0 will be deprecated as of January 1, 2016. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Thanks!

The GitHub Team

Security Fixes

• MED Oracle Java 7.0 is no longer supported by Oracle. We have switched to OpenJDK 7 and updated to the latest version to address multiple vulnerabilities related to information disclosure, data integrity and availability.
• MED NTP packages have been updated to address multiple vulnerabilities.

Known Issues

• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Events in the github_audit log stream are logged twice.
• Jobs stuck on code indexing can delay other jobs from running.
• SNMP can't be run on high availability replicas.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Gists can't be created when using Safari 8.x in Private Mode.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Upcoming deprecation of GitHub Enterprise 2.0

GitHub Enterprise 2.0 will be deprecated as of January 1, 2016. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Thanks!

The GitHub Team

Security Fixes

• MED Unvalidated parameters passed to the GitHub Enterprise metrics could be used to generate a denial of service attack against the appliance.
• LOW Large Git updates could trigger an overflow in Git xdiff.
• Packages have been updated to the latest security versions.

Known Issues

• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Events in the github_audit log stream are logged twice.
• Jobs stuck on code indexing can delay other jobs from running.
• SNMP can't be run on high availability replicas.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Gists can't be created when using Safari 8.x in Private Mode.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Thanks!

The GitHub Team

Security Fixes

• HIGH Read access to public API endpoints of private-mode instances and to specific reporting endpoints can be authenticated by connecting via local trusted ports. This authentication could be bypassed by manipulating specific HTTP headers and lead to information disclosure.
• Kernel and packages have been updated to the latest security versions.
• Mediawiki Math markup within Gists and repository files with the .mediawiki suffix could leak information to the Google Chart API when they were displayed.

Known Issues

• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Events in the github_audit log stream are logged twice.
• Jobs stuck on code indexing can delay other jobs from running.
• SNMP can't be run on high availability replicas.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Gists can't be created when using Safari 8.x in Private Mode.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Thanks!

The GitHub Team

Security Fixes

Kernel and packages have been updated to the latest security versions.

Known Issues

• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Events in the github_audit log stream are logged twice.
• Jobs stuck on code indexing can delay other jobs from running.
• SNMP can't be run on high availability replicas.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Gists can't be created when using Safari 8.x in Private Mode.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Thanks!

The GitHub Team

Security Fixes

• Kernel and packages have been updated to the latest security versions.
• MEDIUM; Cached form objects could cause CSRF tokens to be shared across users.

Known Issues

• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Events in the github_audit log stream are logged twice.
• SNMP can't be run on high availability replicas.
• Jobs stuck on code indexing can delay other jobs from running.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Gists can't be created when using Safari 8.x in Private Mode.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Thanks!

The GitHub Team

Security Fixes

Ubuntu packages have been updated to the latest security versions.

Known Issues

• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Events in the github_audit log stream are logged twice.
• SNMP can't be run on high availability replicas.
• Jobs stuck on code indexing can delay other jobs from running.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Gists can't be created when using Safari 8.x in Private Mode.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

Thanks!

The GitHub Team

Security Fixes

• Ubuntu kernel and packages have been updated to the latest security versions.
• HIGH: Update HAProxy to address CVE-2015-3281, which could allow an attacker to use a specially crafted request to read memory contents that might contain data from a past request or session.
• MEDIUM: Scopeless access tokens could list private Gists.
• This release and previous releases of GitHub Enterprise are not affected by the OpenSSL Advisory issued 9 July 2015 (CVE-2015-1793)

Bug Fixes

• Ubuntu kernel and packages have been updated to the latest bugfix versions.

Changes

• We now gather VMware memory statistics in the diagnostics output.
• Direct root SSH access was not possible in the past, but as an additional measure we've also added PermitRootLogin to no within the SSH configuration.

Known Issues

• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Events in the github_audit log stream are being logged twice.
• SNMP can't be run on high availability replicas.
• Jobs stuck on code indexing can delay other jobs from running.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Gists can't be created when using Safari 8.x in Private Mode.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Thanks!

The GitHub Team

Security Fixes

• Ubuntu kernel and packages have been updated to the latest security versions.

Known Issues

• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Events in the github_audit log stream are being logged twice.
• SNMP can't be run on high availability replicas.
• Jobs stuck on code indexing can delay other jobs from running.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Gists can't be created when using Safari 8.x in Private Mode.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Thanks!

The GitHub Team

Security Fixes

• Ubuntu kernel has been updated to include security fixes.

Known Issues

• Gists can't be created when using Safari 8.x in Private Mode.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• Jobs stuck on code indexing can delay other jobs from running.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• SNMP can't be run on high availability replicas.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Events in the github_audit log stream are being logged twice.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Thanks!

The GitHub Team

Security Fixes

• Ubuntu kernel and packages have been updated to the latest security versions.

• LOW: OpenSSL 1.0.1-4ubuntu5.27.

• LOW: Update libssh to address denial of service vulnerabilities CVE-2014-8132 and CVE-2015-3145.

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Events in the github_audit log stream are being logged twice.
• Gists can't be created when using Safari 8.x in Private Mode.
• SNMP can't be run on high availability replicas.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Thanks!

The GitHub Team

Security Fixes

• Ubuntu packages have been updated to the latest security versions.
• LOW: Ruby 2.1.6

Note the 2.0.x releases are not susceptible to the XSS vulnerability mentioned in the 2.1.6 release notes.

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Events in the github_audit log stream are being logged twice.
• Gists can't be created when using Safari 8.x in Private Mode.
• SNMP can't be run on high availability replicas.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Thanks!

The GitHub Team

Bug Fixes

• One of the Percona database tools we ship with the VM was phoning home to check for updates.

Security Fixes

• Ubuntu packages have been updated to the latest security versions.
• LOW: Using an access token with public_repo scope, requests for lists of issues would return issues from private repositories.
• LOW: OpenSSL 1.0.1-4ubuntu5.25

Integration with GitHub for Mac

• For reasons outside our control, the implementation behind the "Clone in desktop" button for GitHub for Mac doesn't work any more. We now use the same method for both desktop applications and check you have an application configured. This means we'll only show the button when you're logged in.

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Events in the github_audit log stream are being logged twice.
• Gists can't be created when using Safari 8.x in Private Mode.
• SNMP can't be run on high availability replicas.
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Thanks!

The GitHub Team

Security Fixes

• Ubuntu packages have been updated to the latest security versions.
• MEDIUM: There was an XSS vulnerability in wikis.
• LOW: We didn't require SAML responses to be signed. We enforce that now.

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Events in the github_audit log stream are being logged twice.
• Gists can't be created when using Safari 8.x in Private Mode.
• SNMP can't be run on high availability replicas.
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Bug Fixes

• Ubuntu packages have been updated to the latest bugfix/security versions.
• Updating a license in the management console was not reflected in the GitHub application under some circumstances.
• We didn't require SAML responses to be signed. We enforce that now.

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Replica promotion can hang when running ghe-repl-promote.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• The ghe-org-owner-promote command line utility is currently broken.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Switching to a different authentication method doesn't expire existing sessions.
• Events in the github_audit log stream are being logged twice.
• Gists can't be created when using Safari 8.x in Private Mode.
• SNMP can't be run on high availability replicas.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Security Fixes

• LOW: SAML authentication responses weren't signed.
• LOW HIGH: OpenSSL 1.0.1-4ubuntu5.21.

Errata

• We didn't include the fix to sign SAML authentication responses in this release.
• Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.
• The OpenSSL 1.0.1-4ubuntu5.21 update was upgraded to a HIGH security fix due to the publication of Freak Attack.

Bug Fixes

• Ubuntu packages have been updated to the latest bugfix/security versions.
• With private mode enabled, redirects could leak the Nginx version we use.
• Changes to authentication settings in the management console were lost if any settings failed to validate.
• Adding an SSH key that contained non-ASCII characters like smart quotes would break the management console.
• If your management console session timed out, connectivity tests failed without any error message. Now you're redirected to log in again.
• We stopped you from adding a duplicate or broken SSH key to the management console, but the error didn't show up properly.
• The HAProxy connection limits were incorrectly configured, making them a little bit lower than they should have been.
• When a SAML response incorrectly had an email as the NameID, but didn't include email as a released attribute, users could sign in the first time but couldn't sign in again after signing out.
• Checking replica status with ghe-repl-status was really slow. We made it faster.
• If Pages on a replica fell too far behind the primary, the alert shown by ghe-repl-status was missing how far behind replication was.
• Replication didn't restart properly after rebooting a high availability replica.
• Replication didn't replicate custom DNS settings.
• The SSH key used for replication didn't survive upgrades and had to be regenerated.
• The Git gateway tried to log timing statistics to an inaccessible statsd server.
• The Git gateway included the repository twice in SSH log entries.
• The Git gateway logs were messed up when we tried to rotate them.
• The Git gateway was being restarted every day, but we didn't need to do that.
• The hypervisor console script timed out every five seconds and respawned, spamming the logs.
• Git clone events weren't being forwarded as part of the github_audit log stream.
• Hovering over the timing statistics graph in the site admin showed undefined instead of the hostname and Ruby version.
• Compressing a support bundle could be slow, so we sped it up using more than one core (but with a high nice so it won't affect anything else).
• Diagnostics always said Log Forwarding was disabled, regardless of reality.
• Creating the diagnostics file for support could timeout if there were lots of webhook delivery logs.
• In Pages sites, JSON files were served with the wrong MIME type.
• We sometimes didn't show the gateway address in the hypervisor console.
• Accessing GitHub Enterprise in Firefox with the default certificate still enabled displayed the SSL warning twice.
• The 'Revert' button didn't work properly when trying to revert a pull request from a fork.
• Git authentication could fail after changing the hostname.

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Replica promotion can hang when running ghe-repl-promote.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• The ghe-org-owner-promote command line utility is currently broken.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Switching to a different authentication method doesn't expire existing sessions.
• Events in the github_audit log stream are being logged twice.
• Replication needs to be reconfigured after upgrading a replica with ghe-upgrade.
• Gists can't be created when using Safari 8.x in Private Mode.
• SNMP can't be run on high availability replicas.
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Security Fixes

• MEDIUM: Buffer overflow in gethostbyname. Also known as the GHOST vulnerability.
• LOW: Desktop applications were granted API tokens with more access scope than was necessary.

GHOST vulnerability

Qualys researchers have found a buffer overflow vulnerability in the gethostbyname function in the C standard library that could allow remote code execution under some circumstances. There is currently no known way to exploit GitHub Enterprise remotely using this vulnerability, as many services don't use gethostbyname in a way that is exploitable. However, as a precaution we recommend upgrading to this latest patch release or to a later version.

Errata

• Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.

Thanks!

The GitHub Team

https://enterprise.github.com/releases

https://enterprise.github.com/releases/2.0.6

https://enterprise.github.com/staff/releases/2.0.6/edit

https://enterprise.github.com/staff/notifications/206-update-released/

Security Notification

Important Security Vulnerabilities Fixed in GitHub Enterprise 2.0.6

The following important security vulnerabilities have been fixed in the 2.0.6 release:

• MEDIUM: Buffer overflow in gethostbyname. Also known as the GHOST vulnerability.

GHOST vulnerability

Qualys researchers have found a buffer overflow vulnerability in the gethostbyname function in the C standard library that could allow remote code execution under some circumstances. There is currently no known way to exploit GitHub Enterprise remotely using this vulnerability, as many services don't use gethostbyname in a way that is exploitable. However, as a precaution we recommend upgrading to this latest patch release or to a later version.

If you have any questions, please contact support at enterprise@github.com

Thanks!

The GitHub Team

Security Fixes

• CRITICAL: Remote code execution possible via ntpd.
• MEDIUM: Specially crafted Gist updates could bypass the Git client protection introduced in 2.0.4.
• MEDIUM: The web editor could be used to bypass the Git client protection introduced in 2.0.4.

NTP vulnerability

Critical vulnerabilities in the Network Time Protocol (NTP) have been discovered and disclosed by members of the Google Security Team. These vulnerabilities make it possible for a remote attacker to send a carefully crafted packet with malicious arbitrary code that will execute at the privilege level of the ntpd process.

This release includes patches to NTP from upstream to make sure it is not exploitable. As an additional measure, we've also updated the firewall rules to be more strict. We strongly recommend that all GitHub Enterprise customers upgrade their instances as soon as possible.

More details on the vulnerabilities can be found in the ICSA-14-353-01 advisory.

Mitigation
If you can't immediately upgrade, the attack can be mitigated by removing the firewall rule that accepts traffic to port 123. To temporarily remove the rule, SSH into the appliance and run:

sudo ufw delete allow ghe-123

If you have any questions, please contact support at enterprise@github.com

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Replica promotion can hang when running ghe-repl-promote.
• Replicas need to be restarted after upgrading with ghe-upgrade.
• Git replication slow and CPU intense during initial push of large/complex repositories.
• First run in Firefox displays the SSL warning twice.
• Admin is prompted to reapply the license after ghe-upgrade runs even though the license file is present.
• The management console doesn't handle non-ASCII characters in authorized_keys.
• Management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
• Downloading diagnostics from the web can time out if there are a lot of hook deliveries.
• Memcache doesn't restart properly after a crash and must be manually restarted.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restore if the hostname has changed.
• A user cannot be invited to an organization by their full name.
• Wiki links to other wiki pages are rendered as images when a repository contains a directory with the same name.
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Git client vulnerability

Yesterday a critical Git security vulnerability was announced that affects all versions of the official Git client and all related software that interacts with Git repositories.

While GitHub Enterprise itself is not directly affected, it may be used as a distribution point for an attacker to reach unpatched clients. This release detects and blocks malicious trees from being pushed to an Enterprise instance, eliminating it as an attack vector.

Important details

It it critical to note that this release only provides mitigation against low-levels attacks where a user with write access could attempt to push malicious files to a GitHub Enterprise instance. It does not prevent interactions with malicious external Git servers that can open up command-line level attack vectors, as those must be dealt with at the Git client level.

For full protection, we strongly recommend you ensure that all developers update their Git clients, in addition to upgrading to this release. Installing this update alone does not mean your organization is fully safe against this vulnerability. The only way to make sure none of your developers are vulnerable is to have everyone upgrade their Git client.

More details on the vulnerability can be found in the official Git mailing list announcement, on the git-blame blog, and on the GitHub blog.

If you have any questions, please contact support at enterprise@github.com

Bug Fixes and Updates

• Maintenance pages now display the configured support email rather than the enterprise@github.com default.
• The version number is displayed correctly on AWS installations.
• The index entries in Index Management correctly change the cursor to indicate they are clickable links.
• The welcome screen will no longer blank and requires s rather than any key to start network setup.
• There is now a /usr/local/bin/ghe-btop utility to query the status of babeld.

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Replica promotion can hang when running ghe-repl-promote.
• Replicas need to be restarted after upgrading with ghe-upgrade.
• Git replication slow and CPU intense during initial push of large/complex repositories.
• First run in Firefox displays the SSL warning twice.
• Admin is prompted to reapply the license after ghe-upgrade runs even though the license file is present.
• The management console doesn't handle non-ASCII characters in authorized_keys.
• Management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
• Downloading diagnostics from the web can time out if there are a lot of hook deliveries.
• Memcache doesn't restart properly after a crash and must be manually restarted.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restore if the hostname has changed.
• A user cannot be invited to an organization by their full name.
• Wiki links to other wiki pages are rendered as images when a repository contains a directory with the same name.
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Bug Fixes and Updates

• Fixes a regression in 2.0.2 that prevented new AWS installations when the second block device was attached before the instance was first started.

Known Issues

• The version number is incorrectly shown on AWS installations as 2.0.2.
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Replica promotion can hang when running ghe-repl-promote.
• Replicas need to be restarted after upgrading with ghe-upgrade.
• Git replication slow and CPU intense during initial push of large/complex repositories.
• First run in Firefox displays the SSL warning twice.
• Admin is prompted to reapply the license after ghe-upgrade runs even though the license file is present.
• The management console doesn't handle non-ASCII characters in authorized_keys.
• Management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
• Downloading diagnostics from the web can time out if there are a lot of hook deliveries.
• Memcache doesn't restart properly after a crash and must be manually restarted.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restore if the hostname has changed.
• A user cannot be invited to an organization by their full name.
• Wiki links to other wiki pages are rendered as images when a repository contains a directory with the same name.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Errata

• Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.

Bug Fixes and Updates

• Updated installed packages and Ubuntu kernel to latest released versions.
• Services would not start properly in some circumstances, so the appliance would get stuck in a "Starting..." state.
• SSH keys were deleted during sign in when SAML authentication was used.
• It was possible to upload an invalid SAML idP certificate, which caused an error when trying to log in.
• Updating a license didn't take effect until settings had been saved.
• A 404 Not Found error was returned when visiting the user page of a suspended user.
• The ghe-user-csv command line utility didn't include email addresses in some circumstances.
• After upgrading, the appliance could briefly revert to using the default self-signed SSL certificate.
• Changing network settings could break the HAProxy SSL certificate, making services on the appliance unreachable.
• Our handling of deleted refs could cause high availability Git replication to fail for affected repositories.
• The management console could report the pre-upgrade version number after an upgrade.
• Events that trigger notification emails could cause 500 errors if the configured SMTP server timed out.
• Testing domain settings in the management console failed if the uploaded SSL certificate didn't have 'Subject Alternative Name' extensions.
• Testing domain settings in the management console failed when the DNS server wasn't reachable or valid.
• Testing LDAP group membership in the management console returned incorrect results when only an admin group was set.
• Searching for a repository in the site admin could miss exact matches.
• User creation could time out if the LDAP administrator group wasn't set.
• Gist log level was set too high, so the Gist logs could grow very big.
• Some management console styles and functionality were broken for supported versions of IE.
• When restoring to a backup with ghe-restore, maintenance mode was automatically enabled, which could be confusing. Maintenance mode now has to be enabled manually through the management console, using the management console API, or using the ghe-maintenance command line utility.
• Resizing the root partition caused upgrades to fail.
• The web user interface and API could be slow to update after Git pushes.
• During initial installation, the self-signed certificate warning screen suggested verifying the certificate over SSH when no SSH keys were installed. The certificate fingerprint is now shown in the hypervisor console.
• SSH password authentication was incorrectly enabled for admin access, even though no password was set.
• The support email couldn't be set without enabling outgoing email.
• Slow response times from NetApp storage could cause the root partition to be remounted as read only.
• Some metadata was missing when importing the OVA.
• It wasn't possible to add more than 8 vCPUs under ESXi without upgrading the virtual hardware version.
• The raw Gist main page returned an error.
• Inconsistent 404 Not Found error pages were displayed in some cases.
• Sending malformed JSON to the management console API caused an error rather than being handled gracefully.
• Links to help articles didn't link to the Enterprise-specific articles.
• The color used to highlight search term results in code was too similar to the fold highlighting color.

Known Issues

• ghe-upgrade expects the upgrade filename to be github-enterprise-esx-2.0.2.pkg on VMWare or github-enterprise-ami-2.0.2.pkg on AWS.
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Replica promotion can hang when running ghe-repl-promote.
• Replicas need to be restarted after upgrading with ghe-upgrade.
• Git replication slow and CPU intense during initial push of large/complex repositories.
• First run in Firefox displays the SSL warning twice.
• Admin is prompted to reapply the license after ghe-upgrade runs even though the license file is present.
• The management console doesn't handle non-ASCII characters in authorized_keys.
• Management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
• Downloading diagnostics from the web can time out if there are a lot of hook deliveries.
• Memcache doesn't restart properly after a crash and must be manually restarted.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restore if the hostname has changed.
• A user cannot be invited to an organization by their full name.
• Wiki links to other wiki pages are rendered as images when a repository contains a directory with the same name.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Errata

• Replica promotion hanging when running ghe-repl-promote was fixed in this release.

Bug Fixes and Changes

• Ubuntu packages have been updated to the latest bugfix/security versions.
• Data migration failed if there were organizations without administrators.
• Services could fail to start correctly if configuration was applied without storage being prepared.
• A race condition could cause a configuration failure to be incorrectly reported.
• When saving Management Console settings, redirecting to the progress page could fail.
• Saving Management Console settings with an inaccessible LDAP server caused an error.
• Static network settings would be lost across upgrades.
• Gist Git repositories could not be pushed to directly.
• The number of Rails worker processes was static, and now depends on the provisioned memory.
• GitHub OAuth did not redirect to the requested page when login was required.
• Diagnostic output did not include the EC2 instance type.
• MySQL replication was shown as a running query in the Management Console maintenance page.
• A SAML single logout URL was incorrectly published. GitHub Enterprise does not currently support single logout.
• Excessive log entries were generated because the MySQL slow transaction threshold was set too low.
• The default memory for the OVA was incorrectly set to 8GB, instead of the recommended 16GB.
• Lowercase hostnames were not enforced in the Management Console settings.
• collectd and log data are were not preserved through upgrades.
• Support bundles did not include configuration logs.
• SAML times did not append Z for compliance with the SAML Core 1.3.3 standard.
• Incorrect license information was shown in diagnostic output.
• The Git HTTPS daemon contained a file descriptor leak.
• Added ghe-mysql-checksum script to checksum InnoDB tables.
• Management Console restore messaging was imprecise.
• Subdomain isolation caused a redirect loop when accessing the Pages root URL.
• The crash kernel was unnecessarily enabled, causing 128M of memory to be used.
• Webhook logs did not include timestamps.
• Excessive log entries were generated if Gitmon could not open its data store.
• Non-DST time changes caused ambiguous Russian timezones.

DNS Servers

Major change: DNS settings are no longer configured via the the Management Console, and any custom nameservers specified via the console will be lost after upgrading to 2.0.1.

When configured to use DHCP, GitHub Enterprise now relies on the DNS nameservers provided by the DHCP server. This is the default configuration for GitHub on AWS, and no changes are required when upgrading an EC2 instance.

If you are using DHCP on VMWare and your server does not provide nameservers, or if you need custom nameservers that are different from your DHCP lease, please add them to /etc/resolvconf/resolv.conf.d/head after upgrading.

If you are using a static IP configuration, please reconfigure static network configuration after upgrading to 2.0.1, either via tty1 or sudo ghe-setup-network -v.

Note: You may also choose to add custom nameservers to /etc/resolvconf/resolv.conf.d/head before running ghe-upgrade. These settings will be retained across the upgrade to 2.0.1 and future releases.

Known Issues

The 2.0.1 release ships with some known issues that we were unable to fix before release. If any of these will cause major problems for your organization, we recommending waiting for 2.1.0 or 2.0.2 before upgrading.

• News feed activity links point to the hostname and protocol used when they were generated (affects renamed hosts).
• "Test domain settings" will fail when a DNS server is invalid or not reachable.
• ghe-restore should require that maintenance mode is enabled before restoring.
• ghe-repl-status-git is CPU intensive and may be slow on the primary node.
• The Site Admin dashboard has an autofocus issue in Firefox.
• Accessing the Gist raw subdomain can cause an error.
• Git replication is slow and CPU intense during initial push of large or complex repositories.
• Webhook deliveries may be delayed when search indexing jobs are running.
• The lock issue dialog does not link to the versioned Enterprise Help URL: https://help.github.com/enterprise/2.0/user/articles/what-are-the-different-access-permissions
• Search on Pages 404 pages does not work.
• 404 pages are not consistent across Assets, Gist and GitHub URLs.
• ghe-user-csv script doesn't return valid email addresses.
• SMTP over SSL/SMTPS on port 465 is not supported.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)

Features and Changes

• Runs on Amazon Web Services EC2 with officially supported Amazon Machine Images.
• Now running on Ubuntu 12.04 LTS.
• High availability support with replication and failover: https://help.github.com/enterprise/2.0/admin-guide/ha-cluster/.
• SAML 2.0 authentication with support for OneLogin, PingIdentity, Okta, and Shibboleth.
• Inbound email - replies to pull request/issue/commit emails show up as comments: https://github.com/blog/811-reply-to-comments-from-email
• Diffs have a split view: https://github.com/blog/1884-introducing-split-diffs.
• GitHub Issues has improved search, status, and notifications: https://github.com/blog/1866-the-new-github-issues.
• Gist design update: https://github.com/blog/1850-gist-design-update.
• Users receive notifications when issues are assigned to them.
• Users added to organizations receive email invites: https://github.com/blog/1868-inviting-people-to-your-organization.
• New mobile views with design improvements.
• Search code by filename, e.g., servolux filename:Gemfile.
• Folder paths expand to allow quick access to deeply nested hierarchies: https://github.com/blog/1877-folder-jumping.
• Organizations have improved audit logs: https://github.com/blog/1872-improved-audit-log.
• Markdown task lists can now be nested.
• PSD files can be viewed inline and compared: https://github.com/blog/1845-psd-viewing-diffing.
• Lock conversations, so only collaborators can post further comments: https://github.com/blog/1847-locking-conversations.
• Branches pages have improved UI and filters: https://github.com/blog/1852-a-better-branches-page.
• Pull requests can be reverted with a button that creates a reversed, revert pull request: https://github.com/blog/1857-introducing-the-revert-button.
• Emoji and team autocompletion are smarter.
• Users can set up 2FA with a TOTP application, and they'll get more reminders to download their recovery codes in case of a lock out.
• Pages uses Jekyll 2.2.0: https://github.com/blog/1867-github-pages-now-runs-jekyll-2-2-0
• Webhook services have added for VisualOps.io, Bugzilla 4.4.3, Snap-CI, tinyPM, CodeReviewHub, Heroku deployments, GoCD, and AWS OpsWorks deployments support.
• SSH appliance administration is now on port 122.
• Configuration runs no longer use Chef and are much faster and more reliable.
• New Git daemon for all protocols provides increased reliability, performance, and maximum number of parallel connections.
• Future upgrades can be done with the ghe-upgrade command-line tool over SSH.
• The admin SSH user has full sudo access to perform regular administrative tasks and troubleshooting.

Bug Fixes

• Pull requests could include the wrong commits.
• Webhooks would only keep the most recent 150 deliveries per hook.
• LDAP authentication failed when using Oracle Unified Directory LDAP.
• Git clone could fail for large repositories.
• MySQL could not be restarted without rebooting the VM.
• Experimental: Active Directory users could not be found when the user was in a nested group (ask Enterprise Support for access to this bug fix).
• GitHub Pages URLs were case insensitive, which defied W3C guidelines. (updated 2015-04-17)

Security Fixes

• HIGH: Subdomain Isolation (strongly recommended but disabled by default) hosts Archives, Gist, Assets, Pages, content rendering, user uploads, and raw files on separate subdomains. This feature isolates these potentially insecure resources from user sessions and mitigates cross-site scripting attacks by moving them to different origins.
• HIGH: Multiple cross-site scripting vulnerabilities and configuration file injection issues fixed in management console. Exploitation required authentication.
• MED: Management console now runs on port 8443 (or 8080 when SSL is disabled) to separate user and administrative interfaces.
• MED: SSL is enabled by default and uses self-signed certificates on initial setup.
• MED: Management console now uses password-based authentication instead of authentication using license files.

LDAP Support

Supported LDAP servers are now Active Directory, FreeIPA, Oracle Directory Server Enterprise Edition, OpenLDAP, Open Directory and 389 Directory Server. These are the servers that we will test before shipping a GitHub Enterprise release. If you need support for another LDAP server please contact GitHub Enterprise Support.

VirtualBox Unsupported

Enterprise 2.0 OVAs will no longer run with VirtualBox. VirtualBox has previously offered a poor customer experience for GitHub Enterprise. The supported hypervisors are VMware ESX and Amazon Web Service's EC2. VMware desktop products (e.g. VMware Workstation, VMware Fusion, VMware Player) are supported for trial purposes but should not be used in production.

Known Issues

The 2.0.0 release ships with some known issues that we were unable to fix before release. If any of these will cause major problems for your organization, we recommending waiting for 2.1.0 or 2.0.1 before upgrading.

• Dashboard activity feed links point to the hostname and protocol used when they were generated.
• "Test domain settings" will fail when a DNS server is not reachable or invalid.
• Gist Git repositories cannot be pushed to.
• GitHub OAuth does not redirect to the requested page when login is required.
• ghe-restore should require that maintenance mode is enabled before restoring.
• ghe-repl-status-git is CPU intense and may be slow on the primary node.
• Saving settings with an inaccessible LDAP server results in an error.
• The Site Admin dashboard has an autofocus issue in Firefox.
• collectd data is not preserved through upgrades.
• Accessing the Gist raw subdomain can cause an error.
• Git replication is slow and CPU intense during initial push of large or complex repositories.
• Webhook deliveries may be delayed when search indexing jobs are running.
• The lock issue dialog does not link to the versioned Enterprise Help URL: https://help.github.com/enterprise/2.0/user/articles/what-are-the-different-access-permissions
• Search on Pages 404 pages does not work.
• Inconsistent 404 behaviour for Assets, Gist and GitHub URLs.
• ghe-user-csv script doesn't return valid email addresses.
• Uppercase hostnames cause redirect loops and are not rejected by the management console.
• SMTP over SSL/SMTPS on port 465 is not supported.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)