A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.
We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.
More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235.
GitHub Enterprise 2.10 is now deprecated as of June 5, 2018. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.
svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.Thanks!
The GitHub Team
A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.
We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.
More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235. (updated 2018-05-30)
svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.Thanks!
The GitHub Team
svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.Thanks!
The GitHub Team
ghe-migrator
.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.Thanks!
The GitHub Team
svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
documentation_url
field in some GraphQL API v4 responses referred to the REST API v3 documentation rather than the GraphQL API v4 documentation.403 Forbidden
response for some Git LFS-tracked files.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
ghe-migrator
can be wrong.ghe-repl-status
could show an inaccurate count when Alambic replication was behind.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
ghe-migrator
.ghe-migrator
.ghe-migrator
.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
hookshot-unicorn
service could fail to start if there was a large backlog of webhook jobs.ghe-diagnostics
can now upload directly to GitHub using the -u
or -t [ticket reference]
options.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
This release addresses the Meltdown (CVE-2017-5754) attack. This has been fixed in the 3.16.51-3+deb8u1
release from Debian. Please note that this patch does not address the Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerability. A fix is not available for the Spectre vulnerability yet.
Internally conducted benchmarks indicate the performance impact is limited to a 2-5% increase in CPU usage on most platforms. The impact can vary depending on your usage and platform though. If you see a significant performance difference, don't hesitate to reach out to Enterprise Support.
The hotpatch contains an upgrade to the kernel and requires a reboot. The Meltdown attack is not fixed until a reboot is performed.
svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to extract data which is currently processed on the same machine. This also can affect GitHub Enterprise.
The risk to GitHub Enterprise depends on the environment that it runs in. There are two main vectors of attack that need to be considered.
Given that GitHub Enterprise runs on various virtualization platforms, it's essential to update the virtualization platform where possible to mitigate any of these issues. The existing patches and fixes almost all focus on solving Meltdown. Meltdown is more straightforward to fix and most providers focus on this first.
Spectre is more complicated to exploit and also more complicated to fix. KVM for example is not vulnerable to Meltdown but is vulnerable, with a proof of concept, to Spectre which was tested by Google in the project originally (see https://googleprojectzero.blogspot.nl/2018/01/reading-privileged-memory-with-side.html). Specifically under "Reading host memory from a KVM guest". This Spectre exploit tested against a specific kernel version, but nothing implies it's impossible to adapt for other kernel versions and or other virtualization platforms.
The following Cloud and virtualization platforms have released announcements and/or fixes.
The vulnerability can also be exploited if there is code under the control of an attacker running on the same system. GitHub Enterprise has very limited support for custom code in the form of pre-receive hooks. Pre-receive hooks are limited such that administrators are the only ones who can set them up and their runtime execution is limited to 5 seconds. Both these aspects greatly limit the risk of data exposure through pre-receive hooks. As a general rule, administrators should ensure that only known and trusted pre-receive hooks are enabled on their appliance.
GitHub Enterprise is based on Debian Jessie. A fix for Meltdown is not yet available for Debian Jessie, as can be seen in the Debian CVE tracker for Meltdown. The new kernel version will be included in a future release of GitHub Enterprise and can potentially come with a performance regression. Accordingly, we recommend testing that release before putting it into production.
The primary risk for GitHub Enterprise installations is cross-guest or host <-> guest data leakage on the virtualization platform. This may be mitigated by the support cloud hosting providers, or by the suppliers of virtualization software. There is very limited risk of externally supplied software running within the appliance obtaining data from other processes, mitigated by administrators only enabling pre-receive hooks that are reviewed and trusted.
root
user.$GITHUB_PULL_REQUEST_AUTHOR_LOGIN
environment variable was empty when pull requests were merged via the API.enterprise@github.com
) has been disabled. Please contact GitHub Enterprise Support using the Submitting a ticket article.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
enforcement
could not be updated with the API.manitainer_can_modify
to false
when the field was not a part of the request.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.linux-image-3.16.51-2
and the workaround is to add the numa=off
parameter to the kernel command line in /boot/grub/grub.cfg
. Please contact GitHub Enterprise Support if you have questions. (updated 2017-12-28)ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
ghe-repl-status-pages
showed a critical status if run while a sync is in progress.ghe-set-password
when the appliance is in recovery mode.ghe-diagnostics
could output Connection refused
line items when Redis, Memcached, or Elasticsearch services aren't running.500 Internal Server Error
if it contained a review request from a deleted user.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
In response to CVE-2017-15361, certain SSH authentication RSA keys that were generated by some Yubikey 4 devices are vulnerable to private key factorization. Such keys are considered cryptographically weak and therefore in need of replacement. To help users avoid vulnerable keys, GitHub Enterprise has added capabilities to detect and reject them from being configured for user authentication. GitHub Enterprise now includes an administration utility, ghe-ssh-weak-fingerprints
, to enable admins to list any affected keys and, optionally, perform a bulk revocation.
The affected supported versions are:
This vulnerability was found and reported internally and we have no evidence that it has been exploited in the wild.
We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.8.22, 2.9.14, 2.10.9, or 2.11.3.
Please contact GitHub Enterprise Support if you have questions.
git lfs locks
to show the current locks on files tracked by Git LFS showed a user ID instead of a username.ghe-migrator
failed if an organization level Project referred to a repository that wasn't exported.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
ghe-migrator
.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
This release has been withdrawn and is no longer available. Please upgrade to a newer version or contact support for assistance.
If you have already upgraded your appliance to GitHub Enterprise 2.10.7, please contact support for assistance.
ghe-migrator
.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
admin:pre_receive_hook
scope wasn't displayed when authorizing an Oauth application requesting this particular scope.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
ghe-update-check --help
would fail if ghe-update-check
was already running.longpoll
service connections, which provide live updates to Issues and Pull Requests pages, could flood the instance leading to TCP connection exhaustion and excessive logging.ghe-saml-mapping-csv
, was not exposed to the admin user.ghe-migrator
, protected branch settings were always migrating with push restrictions enabled.longpoll
service, which provides live updates to Issues and Pull Requests pages, has been lowered.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
ssh://
URLs during submodule cloning. This mitigates the vulnerability detailed in CVE-2017-100117 which could have allowed an authenticated attacker to run arbitrary commands on a GitHub Enterprise environment through Pages builds. (updated 2017-08-10)svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-migrator
, protected branch settings are always migrating with push restrictions enabled. (updated 2017-08-01)ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
/setup/replication
in the management console returned a '500 Internal Server Error' when replication was configured.babeld
.ghe-support-bundle
command now honors the http_proxy
environment variable.X-Forwarded-For
header will now be recorded in the HAproxy log.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-resque-info
output and in management console graphs. (updated 2017-07-13)ghe-migrator
, protected branch settings are always migrating with push restrictions enabled. (updated 2017-08-01)ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
/setup/replication
in the Management console returned a '500 Internal Server Error' when replication was not running.ghe-cluster-config-apply
against an unresponsive HTTP proxy.ghe-cluster-config-init
.memcached
collectd stats have been added.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed./setup/replication
in the Management console returns a '500 Internal Server Error' when replication is configured. (updated 2017-06-27)ghe-resque-info
output and in management console graphs. (updated 2017-07-13)ghe-migrator
, protected branch settings are always migrating with push restrictions enabled. (updated 2017-08-01)ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
Packages have been updated to their latest security versions.
github
, hookshot
, slumlord
, and render
service logs weren't rotated which may cause the root disk to fill up.404
page with an appliance configured to use public mode and SAML, the "Sign in" button was illegible./explore
could have been slow due to querying each repositories language.edited
events could have incorrect body
values.contributions_backfill
background jobs were enqueued on every additional push to a repository, even if it contained no commits from users of the appliance.svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.ghe-resque-info
output and in management console graphs. (updated 2017-07-13)ghe-migrator
, protected branch settings are always migrating with push restrictions enabled. (updated 2017-08-01)ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team
With the new features added in GitHub Enterprise 2.10.0, you can:
ghe-migrator
tool to migrate pull request reviews, pull request review comments, protected branches, project boards, multiple assignees, and repository deploy keys.I
.Be a part of the Early Access Program:
404 Not Found
page instead of the login page.sed: couldn't flush stdout: Broken pipe
./stafftools
./status
endpoint on a high availability replica incorrectly returned 200 OK
instead of 503 Service Unavailable
.mount: can't find ...
error messages.ghe-upgrade.log
contained harmless /proc/... No such file or directory
messages.ghe-*
scripts require an Enter
keydown after the [y/N]
prompt.ghe-repl-stop
and start replication with ghe-repl-start
after the replica upgrade is complete..md
) files. (updated 2017-06-11)GitHub Enterprise 2.7 will be deprecated as of August 3, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.
svn checkout
may timeout while the repository data cache is being built. In most cases, subsequent svn checkout
attempts will succeed.github
, hookshot
, slumlord
, and render
service logs aren't rotated which may cause the root disk to fill up. (updated 2017-06-08) .ghe-resque-info
output and in management console graphs. (updated 2017-07-13)ghe-migrator
, protected branch settings are always migrating with push restrictions enabled. (updated 2017-08-01)ghe-migrator
. (updated 2018-04-12)Thanks!
The GitHub Team