Bug Fixes

• OpenVM tools was not properly installed.

Changes

• Shell history is written after each command.

Security Fixes

• MEDIUM Resolved a cross-site scripting (XSS) vulnerability in task lists.
• MEDIUM Implemented mitigation for a URI decoding vulnerability that affects modern versions of Microsoft Internet Explorer.
• Packages have been updated to the latest security versions.

Known Issues

• Management console sessions can expire too quickly for Safari users.
• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.

Deprecation of GitHub Enterprise 2.1

GitHub Enterprise 2.1 is now deprecated. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Thanks!

The GitHub Team

Security Fixes

• MEDIUM Resolved a cross-site scripting (XSS) vulnerability.
• LOW The secure flag was not set for the _gh_render cookie, potentially allowing the render cookie to be sent in plaintext HTTP requests. However, Enterprise sets the Strict-Transport-Security header for modern browsers when SSL is enabled, which largely mitigates the issue.
• Packages have been updated to the latest security versions.

Known Issues

• Management console sessions can expire too quickly for Safari users.
• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.

Thanks!

The GitHub Team

Security Fixes

• MEDIUM OpenSSL packages have been updated to address multiple vulnerabilities, including CVE-2016-0800, known as known as DROWN, which did not affect GitHub Enterprise.
• MEDIUM Ruby on Rails packages have been updated to address multiple vulnerabilities.
• MEDIUM Implemented mitigation for a cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 (CVE-2015-0072).
• MEDIUM Implemented mitigation for a cross-site scripting (XSS) vulnerability where plain text or other content types could be parsed as HTML.
• Packages have been updated to the latest security versions.
• The ca-certificates package has been updated to remove outdated certificate authority (CA) certificates. This update refreshes the included certificates and removes the SPI CA and CA certificates with 1024-bit RSA keys.

Known Issues

• Management console sessions can expire too quickly for Safari users.
• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.

Thanks!

The GitHub Team

Security Fixes

• HIGH glibc packages have been updated to address CVE-2015-7547, a getaddrinfo stack-based buffer overflow.
• HIGH libssh packages have been updated to address CVE-2016-0739, a weakness in diffie-hellman secret key generation.
• MEDIUM nss packages have been updated to address CVE-2016-1938.

Known Issues

• Management console sessions can expire too quickly for Safari users.
• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails.

Thanks!

The GitHub Team

Security Fixes

• HIGH OpenSSH packages have been updated to address multiple vulnerabilities.
• MED libxml2 and related packages have been updated to address multiple vulnerabilities.
• MED rsync has been updated to address a recently identified vulnerability.
• LOW Passwords and two-factor one-time passwords could be written to the exceptions log.
• Packages have been updated to the latest security versions.

Known Issues

• Management console sessions can expire too quickly for Safari users.

• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.

• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.

• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.

• Gist profile pages don't have proper styling when subdomain isolation disabled.

• SNMP can't be run on high availability replicas.

• Custom firewall rules aren't maintained during an upgrade.

• Deleting a user doesn't delete their gists, which can cause problems with replication.

• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.

• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.

• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.

• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.

• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.

• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.

• HIGH (CVE-2015-7547) 2.1 is vulnerable to glibc getaddrinfo stack-based buffer overflow. To manually patch your appliance, apply the hotfix by connecting to your appliance via SSH and running these commands: (updated 2016-02-17)

  $ curl -O https://github-enterprise.s3.amazonaws.com/patches/github-enterprise-libc-precise.hpkg
  $ md5sum github-enterprise-libc-precise.hpkg # c068256696f2775579e2cd8223f82306
  $ chmod +x github-enterprise-libc-precise.hpkg
  $ ./github-enterprise-libc-precise.hpkg
  

Upcoming deprecation of GitHub Enterprise 2.1

GitHub Enterprise 2.1 will be deprecated as of April 4, 2016. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Thanks!

The GitHub Team

Security Fixes

• HIGH An integer overflow in Git could result in incorrect memory allocation values (CVE-2016-2315, CVE-2016-2324). (updated 2016-03-17)
• MED libxml2 and related packages have been updated to address multiple vulnerabilities.
• MED OpenSSL packages have been updated to address multiple vulnerabilities.
• LOW Auto-completion within several fields of the management console settings could cause SNMP and LDAP secrets to be logged in plaintext.
• Packages have been updated to the latest security versions.

Known Issues

• Management console sessions can expire too quickly for Safari users.
• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Known Issues

• Management console sessions can expire too quickly for Safari users.
• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

Bug Fixes

• The Gist resqued.log file was not regularly rotated.

Security Fixes

• MED Oracle Java 7.0 is no longer supported by Oracle. We have switched to OpenJDK 7 and updated to the latest version to address multiple vulnerabilities related to information disclosure, data integrity and availability.
• MED NTP packages have been updated to address multiple vulnerabilities.

Known Issues

• Management console sessions can expire too quickly for Safari users.
• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

Security Fixes

• MED Unvalidated parameters passed to the GitHub Enterprise metrics could be used to generate a denial of service attack against the appliance.
• LOW Large Git updates could trigger an overflow in Git xdiff.
• Packages have been updated to the latest security versions.

Known Issues

• Management console sessions can expire too quickly for Safari users.
• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

Security Fixes

• HIGH Read access to public API endpoints of private-mode instances and to specific reporting endpoints can be authenticated by connecting via local trusted ports. This authentication could be bypassed by manipulating specific HTTP headers and lead to information disclosure.
• Kernel and packages have been updated to the latest security versions.
• Mediawiki Math markup within Gists and repository files with the .mediawiki suffix could leak information to the Google Chart API when they were displayed.

Known Issues

• Management console sessions can expire too quickly for Safari users.
• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

Security Fixes

• Kernel and packages have been updated to the latest security versions.

Known Issues

• Management console sessions can expire too quickly for Safari users.
• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
• Updates to Wiki pages by users without a primary email address set throw errors.
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

Bug Fixes

• An error in the VMware tools configuration caused excessive logging.

Security Fixes

• Kernel and packages have been updated to the latest security versions.
• MEDIUM: Cached form objects could cause CSRF tokens to be shared across users.

Known Issues

• Management console sessions can expire too quickly for Safari users.
• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

Security Fixes

• Ubuntu packages have been updated to the latest security versions.

Known Issues

• Management console sessions can expire too quickly for Safari users.
• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

Security Fixes

• Ubuntu kernel and packages have been updated to the latest security versions.
• HIGH: Update HAProxy to address CVE-2015-3281, which could allow an attacker to use a specially crafted request to read memory contents that might contain data from a past request or session.
• MEDIUM: Scopeless access tokens could list private Gists.
• This release and previous releases of GitHub Enterprise are not affected by the OpenSSL Advisory issued 9 July 2015 (CVE-2015-1793)

Bug Fixes

• Ubuntu kernel and packages have been updated to the latest bugfix versions.
• We could fail to properly create the key for the secure connection between a high availability replica and the primary, which caused replication setup to fail.

Changes

• Direct root SSH access was not possible in the past, but as an additional measure we've also added PermitRootLogin to no within the SSH configuration.
• We now gather VMware memory statistics in the diagnostics output.

Known Issues

• Management console sessions can expire too quickly for Safari users.
• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

Bug Fixes

• Ubuntu kernel and packages have been updated to the latest bugfix versions.
• Avatars, release downloads, and image attachments to wikis and issues were not copied correctly by high availability replication.

Security Fixes

• Ubuntu kernel and packages have been updated to the latest security versions.

Known Issues

• We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
• Management console sessions can expire too quickly for Safari users.
• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

Bug Fixes

• The endpoint for marking notifications as read was behind authentication, which caused unneeded traffic and meant that read notifications weren't correctly archived.

Security Fixes

• Ubuntu kernel has been updated to include security fixes.

Known Issues

• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Management console sessions can expire too quickly for Safari users.
• We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-06-13)
• We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
• Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

Bug Fixes

• Ubuntu packages have been updated to the latest bug fix versions.
• With LDAP authentication enabled, users who renamed their accounts and then had their DN changed couldn't log in.
• LDAP user search in the site admin was limited to 1000 results. This performed poorly when searching some directories, and people are more likely to refine the search than to page through so many results, so it's now limited to 150 results.
• Setting up static networking could fail when trying to stop the DHCP client.
• Configuring high availability replication incorrectly wrote a key fingerprint to the git user's authorized_keys file, which caused warning messages to be logged on the primary.
• Logging of notification deliveries was extremely verbose, which could put I/O pressure on busy instances.
• When maintenance mode was enabled, we ignored the configured support email address and always showed the default.
• We showed the wrong clone URL when displaying a Gist when subdomain isolation was enabled.
• Elasticsearch wasn't properly tuned based on available memory.
• Notification, event, and session database entries weren't properly archived, which could cause those tables to grow very large on busy instances.
• The activity dashboard graph could dip to zero periodically, creating misleading sawtooth patterns.
• Checking file size limits for Git pushes could be expensive and time consuming.
• With LDAP authentication enabled, entering the wrong password could cause a timeout for some users. (updated 2015-09-02)

Security Fixes

• Ubuntu kernel and packages have been updated to the latest security versions.

• LOW: OpenSSL 1.0.1-4ubuntu5.27.

• LOW: Update libssh to address denial of service vulnerabilities CVE-2014-8132 and CVE-2015-3145.

• LOW: Disable SSLv2 and SSLv3 in Postfix.

SAML response validation changes

We've improved the validation of the SAML responses we receive. A response message must now contain a Recipient set to the Assertion Consumer Service URL, http(s)://[hostname]/saml/consume.

In addition to the Recipient attribute, GitHub Enterprise will now also verify the Destination and Audience attributes, if they are supplied in the response message.

Most SAML implementations already provide this information in their responses.

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Events in the github_audit log stream are being logged twice.
• Gists can't be created when using Safari 8.x in Private Mode.
• LDAP Sync fails for groups that have a period in their CN.
• Replication setup fails for IPv6 hosts.
• It's not possible to convert a user account to an organization.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• SNMP can't be run on high availability replicas.
• Custom firewall rules aren't maintained during an upgrade.
• Management console sessions can expire too quickly for Safari users.
• Some processes continued to write to logs after they were rotated. This could cause the root file system to fill up.
• We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
• Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
• Deleting a user doesn't delete their gists, which can cause problems with replication.
• In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
• We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
• Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

Bug Fixes

• The organisation creation page gave incorrect details about when LDAP groups could be synced as teams.
• LDAP users could not be suspended or renamed when LDAP sync was off.
• ghe-btop's --usage and --help flags were not being passed correctly.
• WOFF 2.0 font files did not have their content-type set correctly in Pages.
• The top third party OAuth applications were not displayed.
• The Owners team was not automatically removed from LDAP sync.
• Replication was not restarted automatically after an upgrade.
• Unicorn masters were not always restarted correctly which left behind stale processes.
• LDAP sync wasn't syncing members of a group where the LDAP group name contained a ..
• ghe-repl-setup did not warn if the master had an existing replica.
• The system did not always shut down cleanly due to using kexec rather than reboot.
• ghe-service-list did not list github-svn-proxy or github-timerd.
• resqued, svn-proxy and timerd held on to a deleted log file rather than rotating correctly.

Security Fixes

• Ubuntu packages have been updated to the latest security versions.
• LOW: Ruby 2.1.6
• LOW: Branch names were not escaped correctly so could allow a XSS vulnerability.
• LOW: A bug in URL parsing in Safari could allow the bypass of the same origin checks in JavaScript.

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Events in the github_audit log stream are being logged twice.
• Gists can't be created when using Safari 8.x in Private Mode.
• SNMP can't be run on high availability replicas.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• Management console sessions can expire too quickly for Safari users.
• We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
• Custom firewall rules aren't maintained during an upgrade.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
• Replication setup fails for IPv6 hosts.
• It's not possible to convert a user account to an organization.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
• We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
• Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

Bug Fixes

• Pull requests didn't properly trigger repository replication.
• In rare circumstances, Git clients displayed a misleading repository corruption message when garbage collection ran while fetching a pack file that was bigger than a configured memory limit. We've bumped up the configured memory limit to make that situation even less likely.
• If the credentials of the LDAP bind user became incorrect—for example, if a password expired—LDAP sync incorrectly removed users from teams. If those users had forks of private repositories, the forks were deleted.
• We incorrectly performed some LDAP searches as the authenticating user instead of the LDAP bind user. This user might have less access than the bind user, which could cause errors.
• The user API only returned a user's LDAP mapping if LDAP sync was enabled.
• We added support for the "SSH" and "SSHKey" prefixes for ActiveDirectory's altSecurityIdentities attributes.
• With LDAP Sync enabled, it was possible to set the special Owners team to sync with an LDAP group, but the sync couldn't complete. We disable syncing the Owners team now.
• When LDAP Sync was set to sync emails, we showed a banner message suggesting users add an email address even though they couldn't.
• Inviting a user to join an organization could return a "Not found" error when all the teams in an organization were mapped to LDAP groups and the invited user wasn't already a member of another team.
• After configuring a fresh instance to use static networking, we could still request a DHCP lease. Restarting the VM stopped the DHCP requests, but we fixed the problem and don't ask for a lease now.
• When saving settings, the "Restarting system services" spinner could keep spinning even after the services had restarted properly.
• The HAProxy logs were rotated weekly, so on busy instances they could get very large. We rotate them daily now.
• We kept too many logs for webhooks, which slowed stuff down. We purge older logs now.
• Some network setups made browsers send headers too big for us to handle, causing a "Request header or cookie too large" error. We've made our header buffers bigger.
• We added some flags to the ghe-support-bundle command line utility to make it possible to upload a support bundle directly to GitHub from the VM.
• Email hooks were incorrectly sent from "noreply@github.com" if "Send from author" wasn't selected. Some email services would reject those emails, making it seem like the hook was failing.
• One of the Percona database tools we ship with the VM was phoning home to check for updates.
• When the Status API was used to set a pending status on a pull request, we incorrectly said some checks had failed.
• There was a race condition in our assets server, which delivers resources like profile pictures and downloads, that could cause file handle leakage. If that happened, performance could be degraded. (updated 2015-03-25)
• Chrome 42 users weren't able to edit wiki pages or upload images via drag and drop, and autocomplete menus and repository graphs didn't display. (updated 2015-05-06)

Security Fixes

• Ubuntu packages have been updated to the latest security versions.
• LOW: Using an access token with public_repo scope, requests for lists of issues would return issues from private repositories.
• LOW: OpenSSL 1.0.1-4ubuntu5.25

Integration with GitHub for Mac

• For reasons outside our control, the implementation behind the "Clone in desktop" button for GitHub for Mac doesn't work any more. We now use the same method for both desktop applications and check you have an application configured. This means we'll only show the button when you're logged in.

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Events in the github_audit log stream are being logged twice.
• Gists can't be created when using Safari 8.x in Private Mode.
• SNMP can't be run on high availability replicas.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• Management console sessions can expire too quickly for Safari users.
• We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
• Custom firewall rules aren't maintained during an upgrade.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
• LDAP Sync fails for groups that have a period in their CN.
• Replication setup fails for IPv6 hosts.
• It's not possible to convert a user account to an organization.
• Accessing GitHub Enterprise using a hostname alias with private mode enabled as an unauthenticated user will redirect you to the dashboard instead of the page you were trying to visit after you log in.
• Can't suspend or rename users when LDAP Sync is off. (updated 2015-04-20)
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
• We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
• Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

The GitHub Team

Bug Fixes

• Ubuntu packages have been updated to the latest bugfix/security versions.
• Enabling LDAP Sync for emails could cause background jobs to be continuously queued, which in turn could affect performance.
• Viewing a PSD or STL file with more than one revision results in an error being thrown.
• The GitHub application server could fail to start, because under some circumstances there could be a stale zero-downtime restart flag file.
• Scheduled maintenance mode didn't activate, so GitHub Enterprise was still available when it shouldn't have been.
• Saving settings in the management console with invalid LDAP connection settings caused an error. We fail with an appropriate message now.
• Promoting a high availability replica failed if the primary wasn't accessible.
• MySQL replication could fail on really, really busy instances.
• With SSL disabled, regenerating the self-signed certificate enabled SSL. This would happen if you use the IP address as the hostname and change the IP address of the VM.
• The admin SSH user didn't have proper access to man pages.
• There was an unused Redis stats bubble in the site admin toolbar, which looked like a warning. We've taken out the bubble.
• Chrome Canary didn't show the number of open pull requests when you viewed a repository.
• The ghe-upgrade command produced the following harmless error: line 205: /dev/null/: Is a directory.

Security Fixes

• MEDIUM: There was an XSS vulnerability in wikis.

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Events in the github_audit log stream are being logged twice.
• Gists can't be created when using Safari 8.x in Private Mode.
• SNMP can't be run on high availability replicas.
• Gist profile pages don't have proper styling when subdomain isolation disabled.
• After initial set up, an instance with static networking configured that has not been rebooted can try to get a DHCP lease.
• Management console sessions can expire too quickly for Safari users.
• We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
• Custom firewall rules aren't maintained during an upgrade.
• A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• When using Chrome 42 or newer, wiki pages can't be edited, images can't be uploaded via drag and drop, and autocomplete menus and repository graphs may not display. (updated 2015-05-06)
• Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
• We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
• Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Bug Fixes

• Ubuntu packages have been updated to the latest bugfix/security versions.
• Downloading code archives failed when private mode was enabled.
• The assets server didn't always properly close file handles, which could cause performance issues if the file handle limit was reached.
• Custom CA certificates installed with ghe-ssl-ca-certificate-install were lost after upgrading.
• Maintenance mode wasn't maintained after upgrading, so applications were unexpectedly accessible to users.
• Updating a license in the management console was not reflected in the GitHub application under some circumstances.
• Diagnostics always said avatars are disabled, regardless of reality.
• Some organization names were incorrectly blacklisted.
• We didn't require SAML responses to be signed. We enforce that now.
• We didn't properly support SAML single sign on URLs with query parameters.
• Our validation when adding restricted LDAP groups in the management console was overly strict, and stopped you adding groups whose name was a substring of existing groups.
• We weren't properly suspending users when they were suspended in ActiveDirectory.
• We failed to properly sync LDAP users' email addresses in some cases.
• LDAP Sync unsuspended users who'd been suspended if the userAccountControl attribute wasn't present. That's usually the case when the directory isn't ActiveDirectory unless the attribute was added with a custom schema.
• The ghe-org-owner-promote command line utility was broken.
• Wildcard SSL certificates in the management console could be incorrectly marked invalid under some circumstances.
• We only copied admin SSH keys when initially setting up replication, so the keys on the high availability replica could be out of sync. We regularly update them now.
• The management console settings and GitHub Enterprise license were only copied the first time replication was set up, so the high availability replica could be out of sync. Now we update the settings and license each time replication is set up.
• The monitoring graphs were set to PST timezone. We always use UTC now.
• We ignored region settings in the AWS CodeDeploy service hook, causing it to fail.
• Switching to a different authentication method didn't expire existing sessions.
• Profile pictures migrated from an avatar service could revert to identicons under some circumstances.

Known Issues

• The ghe-upgrade command will output the following harmless error: line 205: /dev/null/: Is a directory
• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Replica promotion can hang when running ghe-repl-promote.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Events in the github_audit log stream are being logged twice.
• Gists can't be created when using Safari 8.x in Private Mode.
• SNMP can't be run on high availability replicas.
• Enabling LDAP Sync for emails can cause background jobs to be continuously queued, which in turn can affect performance. We recommend disabling email sync in this version. (updated 2015-02-25)
• Viewing a PSD or STL file with more than one revision results in an error being thrown. (updated 2015-02-27)
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• When using Chrome 42 or newer, wiki pages can't be edited, images can't be uploaded via drag and drop, and autocomplete menus and repository graphs may not display. (updated 2015-05-06)
• Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
• We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
• Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Security Fixes

• LOW: SAML authentication responses weren't signed.

Errata

• Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.

Bug Fixes

• Static network configuration had to be reapplied after upgrading from 2.1.0 to 2.1.1. We now properly maintain these settings during an upgrade.

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Replica promotion can hang when running ghe-repl-promote.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• The ghe-org-owner-promote command line utility is currently broken.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Switching to a different authentication method doesn't expire existing sessions.
• Events in the github_audit log stream are being logged twice.
• Replication needs to be reconfigured after upgrading a replica with ghe-upgrade.
• Gists can't be created when using Safari 8.x in Private Mode.
• SNMP can't be run on high availability replicas.
• Updating a license in the management console is not reflected in the GitHub application under some circumstances. (updated 2015-02-02)
• Enabling LDAP Sync for emails can cause background jobs to be continuously queued, which in turn can affect performance. We recommend disabling email sync in this version. (updated 2015-02-25)
• Viewing a PSD or STL file with more than one revision results in an error being thrown. (updated 2015-02-27)
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• When using Chrome 42 or newer, wiki pages can't be edited, images can't be uploaded via drag and drop, and autocomplete menus and repository graphs may not display. (updated 2015-05-06)
• Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
• We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
• Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

• Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.

Thanks!

The GitHub Team

Bug Fixes

• Ubuntu packages have been updated to the latest bugfix/security versions.
• With more than seven tabs open, dynamic content could fail to load due to browser connection limits. We've returned to using polling instead.
• When a SAML response incorrectly had an email as the NameID, but didn't include email as a released attribute, users could sign in the first time but couldn't sign in again after signing out.
• If an SSH key contained extra whitespace or a comment, LDAP Sync sent emails warning that an SSH key was added to your account each time sync ran.
• When synchronizing an LDAP Group mapped to multiple GitHub Teams, we queried the LDAP directory for each Team. We now query once for the Group and update all the Teams at the same time. We also improved the performance of searching for group members.
• Creating LDAP users through the site admin caused an error if their LDAP username included characters that would be normalized in their GitHub username, like $, _, ..
• Members of the LDAP admin group were given admin privileges on account creation or LDAP Sync, but not when they signed in.
• We incorrectly hid avatar options in the management console if a service URL was set but avatars were disabled.
• If your management console session timed out, connectivity tests failed without any error message. Now you're redirected to log in again.
• The From: address was wrong in notification emails if the "no-reply" email address was configued, using the SMTP HELO domain instead.
• SASL was enabled even if SMTP authentication wasn't turned on, which could cause email delivery failures.
• Doing an initial installation using the management console API failed if you didn't include the port, because we dropped data when redirecting.
• If Pages on a replica fell too far behind the primary, the alert shown by ghe-repl-status was missing how far behind replication was.
• Diagnostics always said Log Forwarding was disabled, regardless of reality.
• The Git gateway tried to log timing statistics to an inaccessible statsd server.
• Hovering over the timing statistics graph in the site admin showed undefined instead of the hostname and Ruby version.
• Compressing a support bundle could be slow, so we sped it up using more than one core (but with a high nice so it won't affect anything else).

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Replica promotion can hang when running ghe-repl-promote.
• Git replication can be slow and CPU intense during initial push of large or complex repositories.
• The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
• The ghe-org-owner-promote command line utility is currently broken.
• In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Switching to a different authentication method doesn't expire existing sessions.
• Events in the github_audit log stream are being logged twice.
• Replication needs to be reconfigured after upgrading a replica with ghe-upgrade.
• Gists can't be created when using Safari 8.x in Private Mode.
• SNMP can't be run on high availability replicas.
• Updating a license in the management console is not reflected in the GitHub application under some circumstances. (updated 2015-02-02)
• Enabling LDAP Sync for emails can cause background jobs to be continuously queued, which in turn can affect performance. We recommend disabling email sync in this version. (updated 2015-02-25)
• Viewing a PSD or STL file with more than one revision results in an error being thrown. (updated 2015-02-27)
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• When using Chrome 42 or newer, wiki pages can't be edited, images can't be uploaded via drag and drop, and autocomplete menus and repository graphs may not display. (updated 2015-05-06)
• Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
• We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
• Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Security Fixes

• MEDIUM: Buffer overflow in gethostbyname. Also known as the GHOST vulnerability.

GHOST vulnerability

Qualys researchers have found a buffer overflow vulnerability in the gethostbyname function in the C standard library that could allow remote code execution under some circumstances. There is currently no known way to exploit GitHub Enterprise remotely using this vulnerability, as many services don't use gethostbyname in a way that is exploitable. However, as a precaution we recommend upgrading to this latest patch release or to a later version.

Errata

• Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.

Thanks!

The GitHub Team

https://enterprise.github.com/releases

https://enterprise.github.com/releases/2.1.1

Security Notification

Important Security Vulnerabilities Fixed in GitHub Enterprise 2.1.1

The following important security vulnerabilities have been fixed in the 2.1.1 release:

• MEDIUM: Buffer overflow in gethostbyname. Also known as the GHOST vulnerability.

GHOST vulnerability

Qualys researchers have found a buffer overflow vulnerability in the gethostbyname function in the C standard library that could allow remote code execution under some circumstances. There is currently no known way to exploit GitHub Enterprise remotely using this vulnerability, as many services don't use gethostbyname in a way that is exploitable. However, as a precaution we recommend upgrading to this latest patch release or to a later version.

If you have any questions, please contact support at enterprise@github.com

Thanks!

The GitHub Team

GitHub Enterprise 2.1.0 Update Released

The 2.1.0 release for GitHub Enterprise is now available for download from https://enterprise.github.com/download. We've listed out all the included features, bug fixes, and known issues below, and have also drafted up a set of upgrade instructions to help make your migration as smooth as possible.

New Features

With the new features added in GitHub Enterprise 2.1.0, you can:

• Automate user and team management with LDAP Sync.
• Deploy GitHub Enterprise on OpenStack KVM.
• Audit all user actions across your instance with the Instance Audit Log.
• Monitor the performance of GitHub Enterprise with the Instance Monitoring Dashboard.
• Configure webhooks at the organization level.
• Set your GitHub Enterprise profile picture.
• See the results from multiple pull requests status checks.
• View and diff SVG files.
• Manage todos with the /pulls and /issues dashboard pages.
• More easily review changes to code with syntax highlighted diffs.
• Automate deployments from GitHub Enterprise repositories with the Deployments API.
• Run GitHub Enterprise within your IPv6 network.
• Find what you're looking for on the go with mobile search.
• See what Git operations are running on GitHub Enterprise with the ghe-btop command line utility.
• Use Ed25519 SSH client keys for Git operations.

Changes

• To stop users committing large files that can harm server performance, files larger than 100MB are now rejected by default. The file size limit can be changed or removed. (updated 2015-02-02)
• With the release of the profile pictures feature, support for external avatar services has been deprecated. (updated 2015-02-02)

Bug Fixes

• Ubuntu packages have been updated to the latest bugfix/security versions.
• When installing, you had to upload the license and then set the password. Now we do it in one step, so someone nasty can't set a password after you've uploaded the license and gone for coffee.
• With private mode enabled, redirects could leak the Nginx version we use.
• When talking to an LDAP server multiple times in a request, we'd start a new connection each time. Now we reuse connections where possible, so it's much faster.
• Checking replica status with ghe-repl-status was really slow. We made it faster.
• We sometimes didn't show the gateway address in the hypervisor console.
• We stopped you from adding a duplicate or broken SSH key to the management console, but the error didn't show up properly.
• Accessing GitHub Enterprise in Firefox with the default certificate still enabled displayed the SSL warning twice.
• It was easy to accidentally change network settings in the VMware console. Now you have to hit 's' instead of any key.
• In the security section of the settings page, we incorrectly showed requests coming from 127.0.0.1 if they came from a private network.
• Replication didn't restart properly after rebooting a high availability replica.
• Replication didn't replicate custom DNS settings.
• If a high availability replica was offline for a while, restarting it could fail if MySQL had moved on too far.
• The SSH key used for replication didn't survive upgrades and had to be regenerated.
• Memcached didn't restart after a crash, which broke Gist and other pages.
• In Pages sites, JSON files were served with the wrong MIME type.
• People expected to be able to invite users to an organization by their full name. Now you can.
• Wiki links to other wiki pages were rendered as images when a repository contained a directory with the same name.
• Adding an SSH key that contained non-ASCII characters like smart quotes would break the management console.
• The 'Revert' button didn't work properly when trying to revert a pull request from a fork.
• The hypervisor console script timed out every five seconds and respawned, spamming the logs.
• Git clone events weren't being forwarded as part of the github_audit log stream.
• The Git gateway logs were messed up when we tried to rotate them.
• Creating the diagnostics file for support could timeout if there were lots of webhook delivery logs.
• The page that users see when maintenance mode is enabled linked to enterprise@github.com instead of your configured support email address.
• The "Open in desktop" button only worked if you already had the desktop application installed.
• PSD files didn't render with the default self-signed certificate.
• Git authentication could fail after changing the hostname. (updated 2015-02-02)

Security Fixes

• LOW: Desktop applications were granted API tokens with more access scope than was necessary.
• LOW HIGH: OpenSSL 1.0.1-4ubuntu5.21.

Removal of RC4 SSL cipher

To keep GitHub Enterprise as secure as possible, we have removed support for the cryptographically weak RC4 cipher in our SSL configuration. With the removal of RC4, Internet Explorer on Windows XP will no longer be able to access GitHub Enterprise. You can read more about this change in our announcement on GitHub.com.

Known Issues

• Creating the OpenVPN connection can fail, causing replication set up with ghe-repl-setup to hang.
• Replica promotion can hang when running ghe-repl-promote.
• Git replication can be slow and CPU intense during initial push of large/complex repositories.
• The management console settings interface does not clearly show if you have previously uploaded certificate files or a private key.
• Jobs stuck on code indexing can delay other jobs from running.
• Dashboard activity feed links point to the wrong hostname after restore if the hostname has changed.
• The ghe-org-owner-promote command line utility is currently broken.
• In some circumstances after an upgrade, we prompt you to upload a license even though there's already a valid license.
• If your management console session has timed out, connectivity tests can fail without any error message.
• On a freshly set up GitHub Enterprise instance without any users, an attacker could create the first admin user.
• Switching to a different authentication method doesn't expire existing sessions.
• Events in the github_audit log stream are being logged twice.
• Replication needs to be reconfigured after upgrading a replica with ghe-upgrade.
• Gists can't be created when using Safari 8.x in Private Mode. (updated 2015-01-27)
• SNMP can't be run on high availability replicas. Our previous fix was incomplete. (updated 2015-02-02)
• Updating a license in the management console is not reflected in the GitHub application under some circumstances. (updated 2015-02-02)
• Enabling LDAP Sync for emails can cause background jobs to be continuously queued, which in turn can affect performance. We recommend disabling email sync in this version. (updated 2015-02-25)
• Viewing a PSD or STL file with more than one revision results in an error being thrown. (updated 2015-02-27)
• Individual application logs are not reliably forwarded. (updated 2015-04-20)
• When using Chrome 42 or newer, wiki pages can't be edited, images can't be uploaded via drag and drop, and autocomplete menus and repository graphs may not display. (updated 2015-05-06)
• Avatars, release downloads, and image attachments to wikis and issues are not copied correctly by high availability replication. (updated 2015-05-20)
• We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
• Repositories with a leading dot in their name fail to replicate if they were created before replication was set up. (updated 2015-06-16)
• We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
• Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
• With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
• Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
• With LDAP authentication enabled, entering the wrong password can cause a timeout for some users. (updated 2015-09-02)
• Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

• Replica promotion hanging when running ghe-repl-promote was fixed in 2.0.2.
• The OpenSSL 1.0.1-4ubuntu5.21 update was upgraded to a HIGH security fix due to the publication of Freak Attack.