Release notes for the 2.10 series

Git client vulnerabilities

A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.

We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.

More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235.

Security Fixes

• CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. This fix is also available in GitHub Enterprise 2.10.22 and 2.10.23.
• GitHub will block pushing malicious Git submodules that could be used to exploit Git clients vulnerable to CVE-2018-11235.

Bug Fixes

• Enable marking one search index as primary when there are multiple primary Elasticsearch indexes listed.

Deprecation of GitHub Enterprise 2.10

GitHub Enterprise 2.10 is now deprecated as of June 5, 2018. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.

Thanks!

The GitHub Team

Git client vulnerabilities

A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.

We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.

More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235. (updated 2018-05-30)

Security Fixes

• CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. This fix is also available in GitHub Enterprise 2.10.22. (updated 2018-05-30)
• Packages have been updated to the latest security versions.

Bug Fixes

• Maintenance mode could be unset while a configuration run was in progress.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.

Thanks!

The GitHub Team

Security Fixes

• CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. (updated 2018-05-30)
• Packages have been updated to the latest security versions.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.

Thanks!

The GitHub Team

Security Fixes

• LOW: Changed how certain types of exceptions are handled to prevent sensitive user data from being written to log files.

Bug Fixes

• Duplicate object identifier (OID) entries were returned for the mounted partitions.
• Users may be unable to sign in to GitHub Enterprise via a private GitHub Pages site if subdomain isolation is enabled.
• Reviewers of a pull request were not correctly mapped when migrating repositories using ghe-migrator.
• Pages builds failed when TLS is disabled.

Changes

• Disabled redundant UDP listener in memcached.
• Updated ESX image guest identifier to other26xLinux64Guest, which allows provisioning 65-128 virtual CPU cores on VMWare.
• The footer has been updated to display current version of GitHub Enterprise.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.

Thanks!

The GitHub Team

Security Fixes

• LOW: It was identified internally that the existence of private repositories could be determined due to the differing error messages of some REST API endpoints. These error messages have been updated to be consistent regardless of a user’s authorization to the repository. No information except for the existence of a private repository would have been exposed due to this issue.

Bug Fixes

• Upgrades to later feature releases were blocked if the new patch release number is lower than the current one.
• Wiki footer options were not shown for read-only users.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• Pages builds fail when TLS is disabled. (updated 2018-04-03)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• An appliance could not be successfully deployed on Google Cloud Platform without allocating a public IP address.
• When creating a custom pre-receive hook environment, the operation would fail if the specified URL requested redirection.
• Upgrades with a package from an earlier release were not prevented.
• The documentation_url field in some GraphQL API v4 responses referred to the REST API v3 documentation rather than the GraphQL API v4 documentation.
• The Get repository contents API endpoint incorrectly returned a 403 Forbidden response for some Git LFS-tracked files.
• Milestones retrieved using the REST API were not sorted as documented by default.
• "You signed out in another tab or window. Reload to refresh your session" message was being shown to some Firefox users.

Changes

• Added the ability to add multiple repositories to an export at once using a text file that lists the repository URLs.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• Pages builds fail when TLS is disabled. (updated 2018-04-03)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Security Fixes

• LOW: Tokens were contained in extended support bundles when they were used in GET requests as a URL parameter.
• Packages were updated to their latest patch versions.

Bug Fixes

• RRD files used to store metrics that are no longer collected were never deleted, wasting space on the root file system.
• Failed to upgrade a replica to the same version on a newly partitioned root disk.
• Deleting a search index didn't delete all associated metadata, which were then incorrectly reused if a new search index was created. This caused search index repair jobs to be reported as finished in the site admin when they were not.
• The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
• LFS objects could fail to be cloned after a successful upload.

Changes

• ghe-repl-status could show an inaccurate count when Alambic replication was behind.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• The directory hierarchy was not retained when uploading a directory of files to a repository using drag & drop.
• Querying the status of storage objects using in high availability and cluster environments has been optimized for improved performance.
• Pull request reviewers were not migrated when migrating repositories using ghe-migrator.
• The pull request assignee event was duplicated on repositories migrated using ghe-migrator.
• The pull request review request had users reversed, after migration with ghe-migrator.
• Git references, such as tags or branch names, with a high number of transitions from letter to numbers and back again, could result in a background worker crashing causing some webhooks not to fire.

Changes

• GitHub Enterprise is now available in the Paris AWS region.
• Support bundles are more efficiently sanitized during generation.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• The hostname documentation link in the Management Console linked to an invalid location.
• Large Git LFS objects and release downloads were temporarily buffered to the root disk. This could lead to disk space contention.
• The create team API endpoint returned a 500 error if LDAP Sync is enabled and the team already exists.
• The hookshot-unicorn service could fail to start if there was a large backlog of webhook jobs.
• Tearing down replication did not remove the database seed data used when configuring high availability replication.
• The license expiry notification was shown if the appliance was restarted after the current has license expired.

Changes

• ghe-diagnostics can now upload directly to GitHub using the -u or -t [ticket reference] options.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Meltdown

This release addresses the Meltdown (CVE-2017-5754) attack. This has been fixed in the 3.16.51-3+deb8u1 release from Debian. Please note that this patch does not address the Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerability. A fix is not available for the Spectre vulnerability yet.

Internally conducted benchmarks indicate the performance impact is limited to a 2-5% increase in CPU usage on most platforms. The impact can vary depending on your usage and platform though. If you see a significant performance difference, don't hesitate to reach out to Enterprise Support.

Note on Hotpatching

The hotpatch contains an upgrade to the kernel and requires a reboot. The Meltdown attack is not fixed until a reboot is performed.

Security Fixes

• HIGH: Kernel is updated to 3.16.51-3+deb8u1 which implements Kernel Page Table Isolation (KPTI) to address Meltdown.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Meltdown & Spectre

Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to extract data which is currently processed on the same machine. This also can affect GitHub Enterprise.

The risk to GitHub Enterprise depends on the environment that it runs in. There are two main vectors of attack that need to be considered.

Virtualization platform

Given that GitHub Enterprise runs on various virtualization platforms, it's essential to update the virtualization platform where possible to mitigate any of these issues. The existing patches and fixes almost all focus on solving Meltdown. Meltdown is more straightforward to fix and most providers focus on this first.

Spectre is more complicated to exploit and also more complicated to fix. KVM for example is not vulnerable to Meltdown but is vulnerable, with a proof of concept, to Spectre which was tested by Google in the project originally (see https://googleprojectzero.blogspot.nl/2018/01/reading-privileged-memory-with-side.html). Specifically under "Reading host memory from a KVM guest". This Spectre exploit tested against a specific kernel version, but nothing implies it's impossible to adapt for other kernel versions and or other virtualization platforms.

The following Cloud and virtualization platforms have released announcements and/or fixes.

• On AWS we use HVM for virtualization. According to Amazon, HVM is not vulnerable to Meltdown. Also see https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
• Xen VMs using PV virtualization are vulnerable. We recommend switching to HVM virtualization as HVM is not vulnerable to Meltdown. Also see https://xenbits.xen.org/xsa/advisory-254.html under "Mitigation".
• Google Cloud is not vulnerable to Meltdown as VMs there are isolated and cross VM attacks are not possible.
  See their FAQ and the Google Cloud Security Bulletins page.
• Microsoft Azure is updating/rebooting infrastructure where necessary to mitigate potential hypervisor level issues. See https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/.
• VMWare has released patches to address this at the hypervisor level: https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html & https://lists.vmware.com/pipermail/security-announce/2018/000397.html. We strongly encourage customers install those patches.
• Intel has also announced they will be releasing updates for their processors. If the host platform you run GitHub Enterprise on has these patches available in the future, we also strongly recommend installing those.

Inside GitHub Enterprise

The vulnerability can also be exploited if there is code under the control of an attacker running on the same system. GitHub Enterprise has very limited support for custom code in the form of pre-receive hooks. Pre-receive hooks are limited such that administrators are the only ones who can set them up and their runtime execution is limited to 5 seconds. Both these aspects greatly limit the risk of data exposure through pre-receive hooks. As a general rule, administrators should ensure that only known and trusted pre-receive hooks are enabled on their appliance.

GitHub Enterprise is based on Debian Jessie. A fix for Meltdown is not yet available for Debian Jessie, as can be seen in the Debian CVE tracker for Meltdown. The new kernel version will be included in a future release of GitHub Enterprise and can potentially come with a performance regression. Accordingly, we recommend testing that release before putting it into production.

Summary

The primary risk for GitHub Enterprise installations is cross-guest or host <-> guest data leakage on the virtualization platform. This may be mitigated by the support cloud hosting providers, or by the suppliers of virtualization software. There is very limited risk of externally supplied software running within the appliance obtaining data from other processes, mitigated by administrators only enabling pre-receive hooks that are reviewed and trusted.

Security Fixes

• LOW: Pre-receive hooks could access internal cloud platform metadata. The metadata resources have been restricted to the root user.
• Packages have been updated to the latest security versions.

Bug Fixes

• NUMA enabled appliances could crash with a kernel panic. This was a known issue with linux-image-3.16.51-2.
• The pre-receive hook $GITHUB_PULL_REQUEST_AUTHOR_LOGIN environment variable was empty when pull requests were merged via the API.

Changes

• GitHub Enterprise support ticket creation via e-mail (enterprise@github.com) has been disabled. Please contact GitHub Enterprise Support using the Submitting a ticket article.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• The followers and following count incorrectly considered suspended accounts.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard.
• Pre-receive hook's enforcement could not be updated with the API.
• When restoring a deleted repository via the site admin dashboard, an error message could be shown even though the restore worked.
• Updates to a pull request through the API could incorrectly modify manitainer_can_modify to false when the field was not a part of the request.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• NUMA enabled appliances can crash with a kernel panic. This is a known issue with linux-image-3.16.51-2 and the workaround is to add the numa=off parameter to the kernel command line in /boot/grub/grub.cfg. Please contact GitHub Enterprise Support if you have questions. (updated 2017-12-28)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.
• Users could accept an organization invitation incorrectly sent to an unverified email address.

Bug Fixes

• Chrome attempted to automatically fill the SMTP and SNMP password fields with the password for the management console.
• Git repair jobs repeatedly tried to access unavailable objects, causing high CPU usage.
• Suspended users were suggested as pull request reviewers.
• Migration archives excluded users who created a protected branch and were subsequently removed from the organization.

Changes

• To restrict actions on raw content, including preventing popups, preventing the execution of plugins and scripts, and enforcing a same-origin policy, our content security policy (CSP) header for raw URLs now includes the sandbox attribute.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-12-19)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• The audit log migration process could leave old indices in place which would prevent upgrading to 2.11.
• LDAP team sync could cause a noticeable increase in CPU usage when synchronizing large teams.
• Pull request comments were not exported with ghe-migratior if the repository is locked.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-12-19)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Security Fixes

• LOW: The TLS cipher list did not include ciphers that offer forward secrecy for legacy browsers.
• Packages have been updated to the latest security versions.

Bug Fixes

• ghe-repl-status-pages showed a critical status if run while a sync is in progress.
• The Management Console password could not be reset using ghe-set-password when the appliance is in recovery mode.
• ghe-diagnostics could output Connection refused line items when Redis, Memcached, or Elasticsearch services aren't running.
• Background job errors could cause Redis to consume large amounts of memory.
• Viewing a pull request could fail with a 500 Internal Server Error if it contained a review request from a deleted user.
• The mobile view of the pull request dashboard displayed "No issues to show" instead of "No pull requests to show".
• The site admin cache indicator always displayed the memcached service as being active.
• Fetching a list of reviews from the API could have returned an empty page.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

GitHub Enterprise includes protection from vulnerable, weak SSH keys (CVE-2017-15361)

In response to CVE-2017-15361, certain SSH authentication RSA keys that were generated by some Yubikey 4 devices are vulnerable to private key factorization. Such keys are considered cryptographically weak and therefore in need of replacement. To help users avoid vulnerable keys, GitHub Enterprise has added capabilities to detect and reject them from being configured for user authentication. GitHub Enterprise now includes an administration utility, ghe-ssh-weak-fingerprints, to enable admins to list any affected keys and, optionally, perform a bulk revocation.

The affected supported versions are:

• 2.8.0 - 2.8.21
• 2.9.0 - 2.9.13
• 2.10.0 - 2.10.8
• 2.11.0 - 2.11.2

This vulnerability was found and reported internally and we have no evidence that it has been exploited in the wild.
We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.8.22, 2.9.14, 2.10.9, or 2.11.3.

Please contact GitHub Enterprise Support if you have questions.

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• On Firefox browsers, the first page of some PDF files was blank when rendered.
• With private mode enabled, using git lfs locks to show the current locks on files tracked by Git LFS showed a user ID instead of a username.
• Checking high availability replication status could incorrectly report "CRITICAL: git-hooks replication is behind the primary by 3600s".
• SMTP port was still accepting TLSv1 even after disabling the TLSv1 protocol via the Management Console.
• Migrating specific repositories with ghe-migrator failed if an organization level Project referred to a repository that wasn't exported.
• Password reset emails included an inaccurate description of when the password reset link would expire.
• The "Clear page cache" link in the site admin modal failed if the current page's URL included query string parameters.
• Restoring a deleted repository from the site admin dashboard did not correctly restore its wiki. (updated 2017-11-09)

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• Memory budgets computed for services were under-allocated leading to severe performance issues.
• LFS operations could fail with a slow LDAP server. The internal API timeout for LFS operations has been increased.

Fixes from 2.10.7 that was withdrawn due to a memory budget computation bug

• Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
• The repository owner was not displayed when configuring a pre-receive hook.
• Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
• Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Downloads Have Been Disabled

This release has been withdrawn and is no longer available. Please upgrade to a newer version or contact support for assistance.

If you have already upgraded your appliance to GitHub Enterprise 2.10.7, please contact support for assistance.

Notice

• The 2.10.7 patch release has been withdrawn due to the introduction of a major bug which caused memory budgets for services to be under-allocated. If you have already upgraded your appliance to GitHub Enterprise 2.10.7, please contact support for assistance. (updated 2017-09-21)

Security Fixes

• Packages have been updated to the latest security versions.
• LOW: A PDF with looping xref tables caused the PDF renderer to consume high amounts of CPU or hang a user's browser.

Bug Fixes

• Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
• The repository owner was not displayed when configuring a pre-receive hook.
• Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
• Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Security Fixes

• MEDIUM: GitHub Services webhooks could be configured to use non-HTTP protocols.
• Packages have been updated to the latest security versions.

Bug Fixes

• Repository read priority was incorrect after promoting a high availability replica and then re-introducing the original primary node as a replica. This can have a significant performance impact.
• Repository read performance could be severely impacted on very large instances under moderate load.
• The admin:pre_receive_hook scope wasn't displayed when authorizing an Oauth application requesting this particular scope.
• Cloning or pushing repositories with Git LFS assets could fail with a '500 Internal Server Error'.
• Labels with encoded characters didn't link correctly with an issue or pull request timeline.
• Manual wiki repository repairs and scheduled repair jobs would fail.

Changes

• SSH keys added to a user via LDAP sync are automatically verified.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Security fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• MySQL replication could fail to start if an old seed file was found.
• ghe-update-check --help would fail if ghe-update-check was already running.
• longpoll service connections, which provide live updates to Issues and Pull Requests pages, could flood the instance leading to TCP connection exhaustion and excessive logging.
• Forking a repository on a promoted high availability replica node could take a very long time.
• Suspended users were suggested as potential reviewers.
• The SAML record dumping and updating utility, ghe-saml-mapping-csv, was not exposed to the admin user.
• The @-mentions suggester didn't work in IE11.
• Ordered lists rendered incorrectly in custom messages on the sign in page.
• Using ghe-migrator, protected branch settings were always migrating with push restrictions enabled.
• When two-factor authentication is required, LDAP team synchronization could fail if a member hasn't configured 2FA for their account.

Changes

• The verbosity of logging for the longpoll service, which provides live updates to Issues and Pull Requests pages, has been lowered.
• The conflict editor can be disabled for cross-repository pull requests.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.
• CRITICAL: Pages and Git have been updated to handle maliciously constructed ssh:// URLs during submodule cloning. This mitigates the vulnerability detailed in CVE-2017-100117 which could have allowed an authenticated attacker to run arbitrary commands on a GitHub Enterprise environment through Pages builds. (updated 2017-08-10)

Bug Fixes

• Ping latency for High Availability replicas could be misreported in Enterprise Manage.
• Creating a support bundle failed with a “File exists” error if HAProxy logs have been rotated.
• Duplicate unicorn-worker related statistics were gathered by Collectd.
• ghe-repl-stop did not forcibly stop replication when the primary was offline.
• gpgverify could fail to start after an improper shutdown.
• Pre-receive hooks with spaces in their paths failed to run.
• Links to diffs in the first 50 lines of a file did not properly expand context.
• Calling the update-pre-receive-hook-enforcement API could result in an application error.
• Deleted repositories were not purged after three months.
• Webhook requests ignored local search domains when resolving hosts, which could result in "Couldn't resolve host name" errors.

Changes

• Added command-line tool to help map SAML records; ghe-saml-mapping-csv.
• Repository maintenance time and status is now shown on the repository network page in the Site Admin dashboard.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• Using ghe-migrator, protected branch settings are always migrating with push restrictions enabled. (updated 2017-08-01)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to their latest security versions.
• LOW: OAuth application access tokens and personal access tokens weren't sanitized from support bundles.

Bug Fixes

• The authentication graphs in the management console could be inaccurate and not display a legend due to incorrectly grouped and ordered keys.
• Authentication and application request/response graphs in the management console could fail to render when high availability replication was configured. The bug did not affect forwarding metrics to an external collectd server.
• /setup/replication in the management console returned a '500 Internal Server Error' when replication was configured.
• collectd metric paths could be truncated, which caused multiple write attempts to the same file for different metrics.
• Password reset emails incorrectly displayed reset links were valid for 24 hours when they are only valid for three hours.
• Pre-receive hooks were incorrectly triggered on internal reference updates.
• Pre-receive hooks could not be updated after moving to a new GitHub Enterprise instance, for example after failing over to a replica.
• Fetches or pushes that transferred more than 2 GB of data were incorrectly recorded as much larger in the logs for the Git proxy service, babeld.
• Users could receive a temporary "bad pack header" error when fetching a very large repository if the repository was being repacked at the same time.
• Suspended users could be assigned to issues.
• Users could delete organizations that contained repositories even if they were not permitted to delete repositories.
• Webhooks could send outdated data after editing an issue comment or changing the base branch of a pull request.
• Webhook requests incorrectly ignored local search domains when resolving hosts, which could result in "Couldn't resolve host name" errors.

Changes

• When authenticating via SAML the NameID will be recorded instead of the custom username attribute value when a custom username attribute is defined.
• The ghe-support-bundle command now honors the http_proxy environment variable.
• The value of the X-Forwarded-For header will now be recorded in the HAproxy log.
• The maximum number of HTTPS and websocket connections has been increased.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• Background jobs are added to the "toggle_hidden_user_in_notifications" queue, but these jobs aren't processed on GitHub Enterprise. The entries are harmless but will show in ghe-resque-info output and in management console graphs. (updated 2017-07-13)
• Webhook requests incorrectly ignore local search domains when resolving hosts, which can result in "Couldn't resolve host name" errors. (updated 2017-07-14)
• Creating a support bundle fails with a “File exists” error if HAProxy logs have been rotated. (updated 2017-07-24)
• Using ghe-migrator, protected branch settings are always migrating with push restrictions enabled. (updated 2017-08-01)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Errata

• We didn't include the fix for webhook requests incorrectly ignoring local search domains when resolving hosts in this release.

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to their latest security versions.
• LOW: Tokens were contained in support bundles when they were used in GET requests as a URL parameter.

Bug Fixes

• LDAP team sync failed when a duplicate fork was being restored.
• Users in large organizations and teams were unable to filter assignees and reviewers for issues and pull requests.
• Users in large organizations and teams were unable to @-mention users and teams in issue and pull request comments.
• /setup/replication in the Management console returned a '500 Internal Server Error' when replication was not running.
• In a clustering environment, collectd statistics weren't reported for the workers that handle RPC calls for Git.
• In a clustering environment, preflight checks failed when running ghe-cluster-config-apply against an unresponsive HTTP proxy.
• In a clustering environment, a new node could silently fail to be added after ghe-cluster-config-init.

Changes

• memcached collectd stats have been added.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• /setup/replication in the Management console returns a '500 Internal Server Error' when replication is configured. (updated 2017-06-27)
• Webhook requests incorrectly ignore local search domains when resolving hosts, which can result in "Couldn't resolve host name" errors. (updated 2017-07-10)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• Background jobs are added to the "toggle_hidden_user_in_notifications" queue, but these jobs aren't processed on GitHub Enterprise. The entries are harmless but will show in ghe-resque-info output and in management console graphs. (updated 2017-07-13)
• Using ghe-migrator, protected branch settings are always migrating with push restrictions enabled. (updated 2017-08-01)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Security Fixes

Packages have been updated to their latest security versions.

Bug Fixes

• On an appliance configured to use LDAP with SSL or StartTLS, users could have failed to authenticate from the web interface or Git client with a 500 error. The failure occurred when the LDAP host uses a certificate that isn't signed by a trusted certificate authority (CA) or is invalid.
• github, hookshot, slumlord, and render service logs weren't rotated which may cause the root disk to fill up.
• On a 404 page with an appliance configured to use public mode and SAML, the "Sign in" button was illegible.
• Visiting /explore could have been slow due to querying each repositories language.
• Requesting reviewers could have been slow when there are many users in the appliance.
• Webhook edited events could have incorrect body values.
• contributions_backfill background jobs were enqueued on every additional push to a repository, even if it contained no commits from users of the appliance.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• Webhook requests incorrectly ignore local search domains when resolving hosts, which can result in "Couldn't resolve host name" errors. (updated 2017-07-10)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• Background jobs are added to the "toggle_hidden_user_in_notifications" queue, but these jobs aren't processed on GitHub Enterprise. The entries are harmless but will show in ghe-resque-info output and in management console graphs. (updated 2017-07-13)
• Using ghe-migrator, protected branch settings are always migrating with push restrictions enabled. (updated 2017-08-01)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

Features

With the new features added in GitHub Enterprise 2.10.0, you can:

• Create your own tools with GitHub GraphQL API.
• Filter pull requests by review status.
• Use improved blame when viewing the revision history of a file.
• Use topics to explore repositories, find projects, and discover new solutions.
• View activity in your project board.
• Request a pull request review from suggested reviewers.
• Restrict who can dismiss pull request reviews.
• Search commits by the tree qualifier.
• View the audit log entry when an avatar is changed.
• Close project boards.
• Add issues and pull requests to a project board from the sidebar.
• Disable project boards in your organization.
• Dismiss stale pull request reviews.
• Restrict repository deletion to site administrators or the organization owners.
• Disable insecure TLS protocols.
• Configure rate limits for the API and protect the instance from abusive behavior.
• Use the ghe-migrator tool to migrate pull request reviews, pull request review comments, protected branches, project boards, multiple assignees, and repository deploy keys.
• Review which organizations have two-factor authentication enabled.
• Use Git LFS 2.0.0 client features like File Locking.
• Identify whether a user is a first-time contributor in the issue or pull request comment.
• Mark a notification as read with keyboard shortcut I.
• The edited by badge includes the actor when updated by a different author.

Early Access Program

Be a part of the Early Access Program:

• Request access to hotpatching for reduced downtime when you’re upgrading patch releases.
• If your team is geographically-distributed, request access to geo-replication for better performance in high availability environments.

Security Fixes

• Packages have been updated to their latest security versions.

Bug Fixes

• Users could fail to fork a repository if a conflicting fork was restored.
• Adding a user as a collaborator via the API incorrectly sent an invitation without adding the user.
• Users associated with a large number of repositories were unable to view their organization pages.
• Image wiki tag failed to render images.
• Migrations failed when the branch name contained an invalid unicode character.
• Unauthenticated users visiting a public repository's fork were incorrectly redirected to a 404 Not Found page instead of the login page.
• After the parent repository has been deleted, the Git LFS objects from the forks were inaccessible.
• Deleting a repository containing files in LFS could cause the 'File storage' within the Site Admin to show a temporary 500 error.
• After a user or organization renaming, search results incorrectly displayed the previous name.
• The hypervisor console welcome screen may have incorrectly displayed sed: couldn't flush stdout: Broken pipe.
• Repository and Gist synchronization could stall after restarting high availability replication.
• Archived repositories were not restorable from /stafftools.
• The /status endpoint on a high availability replica incorrectly returned 200 OK instead of 503 Service Unavailable.
• Issues and pull requests were inaccessible if a high availability replica was rebooted before it was promoted.
• Graphs in the Management Console displayed the sum instead of an average value. As a result, graphs had incorrectly displayed an increasing metric over time.
• Pre-receive hooks may have failed with mount: can't find ... error messages.
• ghe-upgrade.log contained harmless /proc/... No such file or directory messages.
• Gists were not rendering Jupyter notebook files. (updated 2017-06-14)

Changes

• The default root partition has increased to 200GB.
• New REST API resources have been added.
• New webhook events have been added.
• ghe-* scripts require an Enter keydown after the [y/N] prompt.
• GPG keys with duplicate subkeys will be added using the most recent subkey.
• Replication will not always start after upgrading a replica, but will instead assume the pre-upgrade state (stopped or started) in order to prevent issues with multiple replicas starting concurrently when using the Early access program for geo distributed replicas. We recommend that you stop replication with ghe-repl-stop and start replication with ghe-repl-start after the replica upgrade is complete.
• GitHub Enterprise clustering environments require an additional TCP port to be opened for LFS communication.
• GitHub Flavored Markdown, which is now compliant with CommonMark, is used to render repository markdown (e.g. .md) files. (updated 2017-06-11)

Upcoming deprecation of GitHub Enterprise 2.7

GitHub Enterprise 2.7 will be deprecated as of August 3, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• On an appliance configured to use LDAP with SSL or StartTLS, users could fail to authenticate from the web interface or Git client with a 500 error. The failure occurs when the LDAP host uses a certificate that isn't signed by a trusted certificate authority (CA) or is invalid. (updated 2017-06-05)
• github, hookshot, slumlord, and render service logs aren't rotated which may cause the root disk to fill up. (updated 2017-06-08) .
• Webhook requests incorrectly ignore local search domains when resolving hosts, which can result in "Couldn't resolve host name" errors. (updated 2017-07-10)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• Background jobs are added to the "toggle_hidden_user_in_notifications" queue, but these jobs aren't processed on GitHub Enterprise. The entries are harmless but will show in ghe-resque-info output and in management console graphs. (updated 2017-07-13)
• Using ghe-migrator, protected branch settings are always migrating with push restrictions enabled. (updated 2017-08-01)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
• Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team