GitHub Enterprise 2.11.19 June 19, 2018 Download

Security Fixes

  • Packages have been updated to the latest security versions.

Bug Fixes

  • Pre-receive hooks would fail if the pre-receive environment lacked a /etc directory.
  • Active git processes were not displayed on the Management Console's maintenance page

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The pull request review request has users reversed, after migration with ghe-migrator.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • The gpgverify service may consume large amounts of CPU time even when not processing requests.

Thanks!

The GitHub Team

GitHub Enterprise 2.11.18 June 05, 2018 Download

Git client vulnerabilities

A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.

We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.

More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235.

Security Fixes

  • CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. This fix is also available in GitHub Enterprise 2.11.16 and 2.11.17.
  • GitHub will block pushing malicious Git submodules that could be used to exploit Git clients vulnerable to CVE-2018-11235.

Bug Fixes

  • Elasticsearch metrics in the management console metrics dashboards have been fixed.
  • Enable marking one search index as primary when there are multiple primary Elasticsearch indexes listed.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The pull request review request has users reversed, after migration with ghe-migrator.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • The gpgverify service may consume large amounts of CPU time even when not processing requests.

Thanks!

The GitHub Team

GitHub Enterprise 2.11.17 May 22, 2018 Download

Git client vulnerabilities

A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.

We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.

More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235. (updated 2018-05-30)

Security Fixes

  • CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. This fix is also available in GitHub Enterprise 2.11.16. (updated 2018-05-30)
  • Packages have been updated to the latest security versions.

Bug Fixes

  • Maintenance mode could be unset while a configuration run was in progress.
  • A background job that purges deleted storage objects could cause backups to fail if run whilst a backup was in progress.
  • Restoring a backup to an unconfigured GitHub Enterprise appliance could fail to restore Pages data with a "could not find 3 online voting fileservers" error.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The pull request review request has users reversed, after migration with ghe-migrator.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • The gpgverify service may consume large amounts of CPU time even when not processing requests.

Thanks!

The GitHub Team

GitHub Enterprise 2.11.16 May 08, 2018 Download

Security Fixes

  • CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. (updated 2018-05-30)
  • Packages have been updated to the latest security versions.

Bug Fixes

  • collectd.log contained superfluous Elasticsearch plugin warnings.
  • ghe-migrator failed to import a GitHub.com migration archive when a pull request's requested reviewer was not a member of the organization.
  • Commits pushed to a closed pull request were not included when fetching the pull request's tracking branch.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The pull request review request has users reversed, after migration with ghe-migrator.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • The gpgverify service may consume large amounts of CPU time even when not processing requests.

Thanks!

The GitHub Team

GitHub Enterprise 2.11.15 April 10, 2018 Download

Security Fixes

  • LOW: Changed how certain types of exceptions are handled to prevent sensitive user data from being written to log files.

Bug Fixes

  • Duplicate object identifier (OID) entries were returned for the mounted partitions.
  • Users may be unable to sign in to GitHub Enterprise via a private GitHub Pages site if subdomain isolation is enabled.
  • Reviewers of a pull request were not correctly mapped when migrating repositories using ghe-migrator.
  • ghe-migrator failed when the user was not a member of the organization at the time of export.
  • Pages builds failed when TLS is disabled.

Changes

  • Disabled redundant UDP listener in memcached.
  • The appliance's UUID has been added to the replication overview page.
  • Updated ESX image guest identifier to other26xLinux64Guest, which allows provisioning 65-128 virtual CPU cores on VMWare.
  • The footer has been updated to display current version of GitHub Enterprise.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The pull request review request has users reversed, after migration with ghe-migrator.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • The gpgverify service may consume large amounts of CPU time even when not processing requests.

Thanks!

The GitHub Team

GitHub Enterprise 2.11.14 March 20, 2018 Download

Security Fixes

  • LOW: It was identified internally that the existence of private repositories could be determined due to the differing error messages of some REST API endpoints. These error messages have been updated to be consistent regardless of a user’s authorization to the repository. No information except for the existence of a private repository would have been exposed due to this issue.

Bug Fixes

  • Upgrades to later feature releases were blocked if the new patch release number is lower than the current one.
  • Wiki footer options were not shown for read-only users.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The pull request review request has users reversed, after migration with ghe-migrator.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • The gpgverify service may consume large amounts of CPU time even when not processing requests.
  • Pages builds fail when TLS is disabled. (updated 2018-04-03)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

GitHub Enterprise 2.11.13 March 13, 2018 Download

Security Fixes

  • Packages have been updated to the latest security versions.

Bug Fixes

  • An appliance could not be successfully deployed on Google Cloud Platform without allocating a public IP address.
  • When creating a custom pre-receive hook environment, the operation would fail if the specified URL requested redirection.
  • Upgrades with a package from an earlier release were not prevented.
  • Some services would fail to restart after applying a hotpatch.
  • The documentation_url field in some GraphQL API v4 responses referred to the REST API v3 documentation rather than the GraphQL API v4 documentation.
  • Archived gists were not restored in cluster environments.
  • The Get repository contents API endpoint incorrectly returned a 403 Forbidden response for some Git LFS-tracked files.
  • Milestones retrieved using the REST API were not sorted as documented by default.
  • "You signed out in another tab or window. Reload to refresh your session" message was being shown to some Firefox users.
  • Pull Request would not merge if it touches file(s) the author owns requiring reviews from code owners.

Changes

  • Entries recorded in the resqued.log file weren't included when forwarding logs to an external server. Customers monitoring the github_resque tag will need to switch to github_resqued instead.
  • Added the ability to add multiple repositories to an export at once using a text file that lists the repository URLs.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The pull request review request has users reversed, after migration with ghe-migrator.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pages builds fail when TLS is disabled. (updated 2018-04-03)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

GitHub Enterprise 2.11.12 February 27, 2018 Download

Security Fixes

  • LOW: Tokens were contained in extended support bundles when they were used in GET requests as a URL parameter.
  • Packages were updated to their latest patch versions.

Bug Fixes

  • RRD files used to store metrics that are no longer collected were never deleted, wasting space on the root file system.
  • Failed to upgrade a replica to the same version on a newly partitioned root disk.
  • Deleting a search index didn't delete all associated metadata, which were then incorrectly reused if a new search index was created. This caused search index repair jobs to be reported as finished in the site admin when they were not.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • LFS objects could fail to be cloned after a successful upload.

Changes

  • ghe-repl-status could show an inaccurate count when Alambic replication was behind.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The pull request review request has users reversed, after migration with ghe-migrator.
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

GitHub Enterprise 2.11.11 February 13, 2018 Download

Security Fixes

  • Packages have been updated to the latest security versions.

Bug Fixes

  • The directory hierarchy was not retained when uploading a directory of files to a repository using drag & drop.
  • An incorrect merge commit SHA could be returned for pull requests merged through the API.
  • Multiple attempts may have been required to resolve a merge conflict using the conflict resolution web interface.
  • The incomplete preview Community Profile API endpoint was enabled on GitHub Enterprise.
  • Pull request reviewers were not migrated when migrating repositories using ghe-migrator.
  • The pull request assignee event was duplicated on repositories migrated using ghe-migrator.
  • The pull request review request had users reversed, after migration with ghe-migrator.
  • Granting push permissions on a protected branch to a child team could fail with a 500 internal server error when submitting the form.
  • Querying the status of storage objects using in high availability and cluster environments has been optimized for improved performance.
  • Git references, such as tags or branch names, with a high number of transitions from letter to numbers and back again, could result in a background worker crashing causing some webhooks not to fire.
  • The gpgverify service could consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)

Changes

  • GitHub Enterprise is now available in the Paris AWS region.
  • Support bundles are more efficiently sanitized during generation.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

GitHub Enterprise 2.11.10 January 30, 2018 Download

Security Fixes

  • Packages have been updated to the latest security versions.

Bug Fixes

  • The hostname documentation link in the Management Console linked to an invalid location.
  • Large Git LFS objects and release downloads were temporarily buffered to the root disk. This could lead to disk space contention.
  • The create team API endpoint returned a 500 error if LDAP Sync is enabled and the team already exists.
  • The hookshot-unicorn service could fail to start if there was a large backlog of webhook jobs.
  • Tearing down replication did not remove the database seed data used when configuring high availability replication.
  • The license expiry notification was shown if the appliance was restarted after the current has license expired.
  • The elasticsearch-upgrade service was not stopped during the upgrade process when upgrading via a hotpatch. This could lead to unnecessary logging to the root disk.
  • Applying a hotpatch that required a reboot did not warn that a reboot is required.
  • Postfix attempted to negotiate NTLM authentication if the relay host offered it.
  • Toggling each of the Branch Protection settings would produce inconsistent audit log events.
  • Toggling the 'Require review from Code Owners' Branch Protection setting did not generate an audit log event.

Changes

  • ghe-diagnostics can now upload directly to GitHub using the -u or -t [ticket reference] options.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The pull request review request has users reversed, after migration with ghe-migrator.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

GitHub Enterprise 2.11.9 January 16, 2018 Download

Meltdown

This release addresses the Meltdown (CVE-2017-5754) attack. This has been fixed in the 3.16.51-3+deb8u1 release from Debian. Please note that this patch does not address the Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerability. A fix is not available for the Spectre vulnerability yet.

Internally conducted benchmarks indicate the performance impact is limited to a 2-5% increase in CPU usage on most platforms. The impact can vary depending on your usage and platform though. If you see a significant performance difference, don't hesitate to reach out to Enterprise Support.

Note on Hotpatching

The hotpatch contains an upgrade to the kernel and requires a reboot. The Meltdown attack is not fixed until a reboot is performed.

Security Fixes

  • HIGH: Kernel is updated to 3.16.51-3+deb8u1 which implements Kernel Page Table Isolation (KPTI) to address Meltdown.

Bug Fixes

  • The ghe-dpages check-replicas command could show an error incorrectly with widely dispersed geo replicas.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The pull request review request has users reversed, after migration with ghe-migrator.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

GitHub Enterprise 2.11.8 January 09, 2018 Download

Meltdown & Spectre

Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to extract data which is currently processed on the same machine. This also can affect GitHub Enterprise.

The risk to GitHub Enterprise depends on the environment that it runs in. There are two main vectors of attack that need to be considered.

Virtualization platform

Given that GitHub Enterprise runs on various virtualization platforms, it's essential to update the virtualization platform where possible to mitigate any of these issues. The existing patches and fixes almost all focus on solving Meltdown. Meltdown is more straightforward to fix and most providers focus on this first.

Spectre is more complicated to exploit and also more complicated to fix. KVM for example is not vulnerable to Meltdown but is vulnerable, with a proof of concept, to Spectre which was tested by Google in the project originally (see https://googleprojectzero.blogspot.nl/2018/01/reading-privileged-memory-with-side.html). Specifically under "Reading host memory from a KVM guest". This Spectre exploit tested against a specific kernel version, but nothing implies it's impossible to adapt for other kernel versions and or other virtualization platforms.

The following Cloud and virtualization platforms have released announcements and/or fixes.

Inside GitHub Enterprise

The vulnerability can also be exploited if there is code under the control of an attacker running on the same system. GitHub Enterprise has very limited support for custom code in the form of pre-receive hooks. Pre-receive hooks are limited such that administrators are the only ones who can set them up and their runtime execution is limited to 5 seconds. Both these aspects greatly limit the risk of data exposure through pre-receive hooks. As a general rule, administrators should ensure that only known and trusted pre-receive hooks are enabled on their appliance.

GitHub Enterprise is based on Debian Jessie. A fix for Meltdown is not yet available for Debian Jessie, as can be seen in the Debian CVE tracker for Meltdown. The new kernel version will be included in a future release of GitHub Enterprise and can potentially come with a performance regression. Accordingly, we recommend testing that release before putting it into production.

Summary

The primary risk for GitHub Enterprise installations is cross-guest or host <-> guest data leakage on the virtualization platform. This may be mitigated by the support cloud hosting providers, or by the suppliers of virtualization software. There is very limited risk of externally supplied software running within the appliance obtaining data from other processes, mitigated by administrators only enabling pre-receive hooks that are reviewed and trusted.

Security Fixes

  • LOW: Pre-receive hooks could access internal cloud platform metadata. The metadata resources have been restricted to the root user.
  • Packages have been updated to the latest security versions.

Bug Fixes

  • Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
  • After changing HTTP proxy configuration in the Management Console, webhooks did not use the settings unless hookshot-resqued was restarted manually.
  • NUMA enabled appliances could crash with a kernel panic. This was a known issue with linux-image-3.16.51-2.
  • The pre-receive hook $GITHUB_PULL_REQUEST_AUTHOR_LOGIN environment variable was empty when pull requests were merged via the API.

Changes

  • GitHub Enterprise support ticket creation via e-mail (enterprise@github.com) has been disabled. Please contact GitHub Enterprise Support using the Submitting a ticket article.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The pull request review request has users reversed, after migration with ghe-migrator.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

GitHub Enterprise 2.11.7 December 19, 2017 Download

Security Fixes

  • Packages have been updated to the latest security versions.

Bug Fixes

  • The followers and following count incorrectly considered suspended accounts.
  • After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard.
  • Orphaned resqued processes accumulated and caused out-of-memory (OOM) issues.
  • CODEOWNERS failed with CRLF line endings.
  • Nested teams could not be migrated with ghe-migrator.
  • Pre-receive hook's enforcement could not be updated with the API.
  • Repository changes and creation could timeout when an organization contains many teams and members.
  • When restoring a deleted repository via the site admin dashboard, an error message could be shown even though the restore worked.
  • The compare view could display the incorrect additions or deletions status.
  • Updates to a pull request through the API could incorrectly modify manitainer_can_modify to false when the field was not a part of the request.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
  • After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-20)
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
  • The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
  • NUMA enabled appliances can crash with a kernel panic. This is a known issue with linux-image-3.16.51-2 and the workaround is to add the numa=off parameter to the kernel command line in /boot/grub/grub.cfg. Please contact GitHub Enterprise Support if you have questions. (updated 2017-12-28)
  • The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

GitHub Enterprise 2.11.6 December 05, 2017 Download

Security Fixes

  • Packages have been updated to the latest security versions.
  • Users could accept an organization invitation incorrectly sent to an unverified email address.

Bug Fixes

  • The ghe-es-search-repair script refused to run in a single instance environment.
  • The OpenVPN log was not created if it did not already exist.
  • The audit log rotation schedule was unintentionally set to weekly instead of daily.
  • Archived repositories were not restored correctly in cluster environments.
  • The management application was not correctly reloaded after a hotpatch is applied.
  • Chrome attempted to automatically fill the SMTP and SNMP password fields with the password for the management console.
  • Migration archives excluded users who created a protected branch and were subsequently removed from the organization.
  • Git repair jobs repeatedly tried to access unavailable objects, causing high CPU usage.
  • Searching for users or email addresses in the stafftools did not return results for incomplete and fuzzy matches.
  • The merge button could get stuck in the "Checking for ability to merge" state.
  • Rebuilding a search index—including during an upgrade to this version—could cause many exceptions to be logged to /var/log/github/exceptions.log. The fast growth of this log file could cause the root disk to fill up. (updated 2017-12-20)

Changes

  • To restrict actions on raw content, including preventing popups, preventing the execution of plugins and scripts, and enforcing a same-origin policy, our content security policy (CSP) header for raw URLs now includes the sandbox attribute.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
  • After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
  • After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-12-19)
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
  • The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
  • The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

GitHub Enterprise 2.11.5 November 21, 2017 Download

Security Fixes

  • Packages have been updated to the latest security versions.

Bug Fixes

  • A configuration run could fail in high availability environments if Redis isn't ready.
  • The open-vm-tools package, included in ESXi VM images, has been updated to 2.10.1.5 to address stability issues when performing snapshots.
  • The audit log migration process could leave old indices in place which would prevent upgrading to 2.11.
  • LDAP team sync could cause a noticeable increase in CPU usage when synchronizing large teams.
  • Pull request comments were not exported with ghe-migrator if the repository is locked.

Changes

  • GraphQL authenticated requests rate limit has been increased from 200 to 5,000.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
  • After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
  • After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-12-19)
  • The merge button could get stuck in the "Checking for ability to merge" state. (updated 2017-12-20)
  • Rebuilding a search index—including during an upgrade to this version—could cause many exceptions to be logged to /var/log/github/exceptions.log. The fast growth of this log file could cause the root disk to fill up. (updated 2017-12-20)
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
  • The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
  • The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

GitHub Enterprise 2.11.4 November 07, 2017 Download

Security Fixes

  • LOW: The TLS cipher list did not include ciphers that offer forward secrecy for legacy browsers.
  • Packages have been updated to the latest security versions.

Bug Fixes

  • The Management Console password could not be reset using ghe-set-password when the appliance is in recovery mode.
  • ghe-diagnostics could output Connection refused line items when Redis, Memcached, or Elasticsearch services aren't running.
  • A pre-receive hook audit log search returned no results.
  • SSH metrics were missing from the Management Console authentication graphs.
  • Background job errors could cause Redis to consume large amounts of memory.
  • The mobile view of the pull request dashboard displayed "No issues to show" instead of "No pull requests to show".
  • The site admin cache indicator always displayed the memcached service as being active.
  • For a user or organization named apps, the profile page at /apps showed an integrations landing page and repository pages at /apps/<repository> resulting in a 404 Not Found response due to a conflict with an internal URL. (updated 2017-11-08)

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
  • After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
  • After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
  • The merge button could get stuck in the "Checking for ability to merge" state. (updated 2017-12-20)
  • Rebuilding a search index—including during an upgrade to this version—could cause many exceptions to be logged to /var/log/github/exceptions.log. The fast growth of this log file could cause the root disk to fill up. (updated 2017-12-20)
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
  • The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
  • The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

GitHub Enterprise 2.11.3 October 25, 2017 Download

GitHub Enterprise includes protection from vulnerable, weak SSH keys (CVE-2017-15361)

In response to CVE-2017-15361, certain SSH authentication RSA keys that were generated by some Yubikey 4 devices are vulnerable to private key factorization. Such keys are considered cryptographically weak and therefore in need of replacement. To help users avoid vulnerable keys, GitHub Enterprise has added capabilities to detect and reject them from being configured for user authentication. GitHub Enterprise now includes an administration utility, ghe-ssh-weak-fingerprints, to enable admins to list any affected keys and, optionally, perform a bulk revocation.

The affected supported versions are:

  • 2.8.0 - 2.8.21
  • 2.9.0 - 2.9.13
  • 2.10.0 - 2.10.8
  • 2.11.0 - 2.11.2

This vulnerability was found and reported internally and we have no evidence that it has been exploited in the wild.
We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.8.22, 2.9.14, 2.10.9, or 2.11.3.

Please contact GitHub Enterprise Support if you have questions.

Security Fixes

  • Packages have been updated to the latest security versions.

Bug Fixes

  • On Firefox browsers, the first page of some PDF files was blank when rendered.
  • Hotpatching failed to retain maintenance mode after a hotpatch was applied.
  • The babeld service required a manual restart after a hotpatch was applied.
  • SMTP port was still accepting TLSv1 even after disabling the TLSv1 protocol via the Management Console.
  • With private mode enabled, using git lfs locks to show the current locks on files tracked by Git LFS showed a user ID instead of a username.
  • Activities were not shown on the dashboard for users without any repositories.
  • Suspending all dormant users failed due to a serialization bug.
  • Password reset emails included an inaccurate description of when the password reset link would expire.
  • Migrating specific repositories with ghe-migrator failed if an organization level Project referred to a repository that wasn't exported.
  • Querying the Teams API endpoint could result in a 500 HTTP error if LDAP authentication was enabled.
  • A "Select a user below to manage roles" team maintainers tip was shown for LDAP-mapped teams.
  • Attempting to reset the password of a suspended user did not redirect the user to the suspended page.
  • Restoring a deleted repository from the site admin dashboard did not correctly restore its wiki. (updated 2017-11-09)
  • Checking high availability replication status could incorrectly report "CRITICAL: git-hooks replication is behind the primary by 3600s".
  • The "Clear page cache" link in the site admin modal failed if the current page's URL included query string parameters.
  • Pre-receive hooks could succeed or fail incorrectly because the $GITHUB_VIA environment variable contained a truncated value.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • For a user or organization named apps, the profile page at /apps shows an integrations landing page and repository pages at /apps/<repository> result in a 404 Not Found response due to a conflict with an internal URL. (updated 2017-11-08)
  • Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions. (updated 2017-10-27)
  • After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
  • After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
  • The merge button could get stuck in the "Checking for ability to merge" state. (updated 2017-12-20)
  • Rebuilding a search index—including during an upgrade to this version—could cause many exceptions to be logged to /var/log/github/exceptions.log. The fast growth of this log file could cause the root disk to fill up. (updated 2017-12-20)
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
  • The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
  • The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Note on Hotpatching

The hotpatch contains an upgrade to the kernel and related packages and requires a reboot. The reboot can be performed at a later time after applying the hotpatch.

Thanks!

The GitHub Team

GitHub Enterprise 2.11.2 September 22, 2017 Download

Security Fixes

  • Packages have been updated to the latest security versions.

Bug Fixes

  • Memory budgets computed for services were under-allocated leading to severe performance issues.
  • LFS operations could fail with a slow LDAP server. The internal API timeout for LFS operations has been increased.

Fixes from 2.11.1 that was withdrawn due to a memory budget computation bug

  • Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
  • Upgrading a high availability environment from a 2.10 release to 2.11.0 failed with a Failed drop elasticsearch scan file error.
  • The default authenticated homepage would be blank for users that don't own or have direct collaboration permissions to any repositories.
  • The repository owner was not displayed when configuring a pre-receive hook.
  • Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
  • Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Hotpatch upgrades 2.11.2 could fail reloading the babeld service. If the upgrade fails, run the following command from the affected appliance(s):

    $ sudo systemctl restart babeld
    
  • For a user or organization named apps, the profile page at /apps shows an integrations landing page and repository pages at /apps/<repository> result in a 404 Not Found response due to a conflict with an internal URL. (updated 2017-10-24)
  • Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions. (updated 2017-10-27)
  • After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
  • After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
  • The merge button could get stuck in the "Checking for ability to merge" state. (updated 2017-12-20)
  • Rebuilding a search index—including during an upgrade to this version—could cause many exceptions to be logged to /var/log/github/exceptions.log. The fast growth of this log file could cause the root disk to fill up. (updated 2017-12-20)
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
  • The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
  • The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

GitHub Enterprise 2.11.1 September 19, 2017 Download

Notice

  • The 2.11.1 patch release has been withdrawn due to the introduction of a major bug which caused memory budgets for services to be under-allocated. If you have already upgraded your appliance to GitHub Enterprise 2.11.1, please contact support for assistance. (updated 2017-09-21)

Security Fixes

  • Packages have been updated to the latest security versions.
  • LOW: A PDF with looping xref tables caused the PDF renderer to consume high amounts of CPU or hang a user's browser. This vulnerability was also patched in 2.11.0.

Bug Fixes

  • Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
  • Upgrading a high availability environment from a 2.10 release to 2.11.0 failed with a Failed drop elasticsearch scan file error.
  • Users had a missing dashboard (i.e. default authenticated homepage) if they didn't own or have direct collaboration permissions to any repositories.
  • The repository owner was not displayed when configuring a pre-receive hook.
  • Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
  • Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Hotpatch upgrades from 2.11.0 to 2.11.1 and configuration updates could fail reloading the babeld service. If the upgrade or configuration update fails, run the following command from the affected appliance(s): (updated 2017-09-21)

    $ sudo systemctl restart babeld
    
  • For a user or organization named apps, the profile page at /apps shows an integrations landing page and repository pages at /apps/<repository> result in a 404 Not Found response due to a conflict with an internal URL. (updated 2017-10-24)

  • Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions. (updated 2017-10-27)
  • After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
  • After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
  • The merge button could get stuck in the "Checking for ability to merge" state. (updated 2017-12-20)
  • Rebuilding a search index—including during an upgrade to this version—could cause many exceptions to be logged to /var/log/github/exceptions.log. The fast growth of this log file could cause the root disk to fill up. (updated 2017-12-20)
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
  • The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
  • The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team

GitHub Enterprise 2.11.0 September 13, 2017 Download

Features

Security Fixes

  • Packages have been updated to their latest security versions.
  • LOW: A PDF with looping xref tables caused the PDF renderer to consume high amounts of CPU or hang a user's browser. (updated 2017-09-19)

Bug Fixes

  • Commit contributions for a repository were not rebuilt when the gh-pages branch is deleted.
  • In a clustering environment, ghe-cluster-config-node-init could fail silently.
  • Adding a project note containing emoji would fail with a '500 Internal Server Error'.
  • The Branch Merging API stripped lines starting with # from commit messages.
  • The user suggestion functionality could timeout when adding members to a very large team.
  • Adding files with a blank content type, e.g. .zip, .docx, to conversations in issues and pull requests would fail.
  • An empty Projects board was shown when Elasticsearch was unavailable or rebuilding indices after an upgrade.

Changes

  • The MIME types used by GitHub Pages match those used by the rest of the appliance.
  • Syslog identifiers for various services have been made more explicit to make it easier to identify the service.
  • The maximum number of multiplexed session for administrative SSH session has been increased to 100. This improves backup restores for clustering environments.
  • NTLM has been removed from the SMTP configuration as an authentication protocol option. This was not working and is insecure.
  • Releases are sorted first by date and then semantic version instead of lexicographically.
  • Support for legacy high availability replication has been removed in 2.11. The default replication mechanism changed in 2.9 and this is now the only option in 2.11. This change has no impact unless legacy high availability replication was explicitly configured.
  • OpenVPN, used in high availability and clustering environments, has been upgraded to 2.4 with support for ECDHE. This removes the need to generate DH parameters and speeds up initial OpenVPN setup.
  • Pre-receive hooks now run as an unprivileged dedicated user. This could impact running hooks if hooks write temporary data outside /tmp. Running pre-receive hooks as an unprivileged dedicated user improves security by limiting access to the rest of the system from pre-receive hooks.
  • GitHub Pages now uses Jekyll 3.5.1.
  • GitHub Pages now uses Commonmark for Markdown rendering.
  • Using enterprise@github.com as the support address is no longer supported. Customers who have this email address configured need to change it to a valid internal support address or URL.
  • samplicator, the utility that sends statistics to the metrics servers in cluster environments, now runs as an unprivileged dedicated user.
  • The commit button text is now shown as "Commit merge" in the conflict editor to better communicate what is happening.

Backups and Disaster Recovery

GitHub Enterprise 2.11 requires at least GitHub Enterprise Backup Utilities 2.11.0 for Backups and Disaster Recovery.

Upcoming deprecation of Internet Explorer 11 support

  • Support for Internet Explorer 11 will be deprecated on September 13, 2018.

Upcoming deprecation of VMware ESX 5.5 support

  • Support for VMware ESX 5.5 will be deprecated on September 13, 2018.

Upcoming deprecation of GitHub Enterprise 2.8

GitHub Enterprise 2.8 will be deprecated as of November 9, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Upgrading a high availability environment from a 2.10 release to 2.11.0 could fail with the following error: (updated 2017-09-14)

      $ ghe-upgrade ./github-enterprise-ami-2.11.0.pkg
      *** verifying upgrade package signature...
      725MiB 0:00:05 [ 141MiB/s] [===========================>] 100%
      gpg: Signature made Tue 12 Sep 2017 05:03:10 AM UTC using RSA key ID 0D65D57A
      gpg: Good signature from "GitHub Enterprise (Upgrade Package Key) <enterprise@github.com>"
      *** applying update...
      Scanning for incompatible Elasticsearch mappings...
      waiting for ssh for [ghe-host-replica] to be available
      ssh command returned 255
      Failed drop elasticsearch scan file
    

    If you encounter this error, run the following command from your primary or replica appliance before running ghe-upgrade again:

      $ ghe-cluster-each -- sudo touch /data/user/common/es-scan-complete
    
  • Users may have a missing dashboard (i.e. default authenticated homepage) if they don't own or have direct collaboration permissions to any repositories. If users are encountering this error, they can work around this issue by creating a personal repository. (updated 2017-09-14)
  • For a user or organization named apps, the profile page at /apps shows an integrations landing page and repository pages at /apps/<repository> result in a 404 Not Found response due to a conflict with an internal URL. (updated 2017-10-24)
  • Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions. (updated 2017-10-27)
  • After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
  • After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
  • The merge button could get stuck in the "Checking for ability to merge" state. (updated 2017-12-20)
  • Rebuilding a search index—including during an upgrade to this version—could cause many exceptions to be logged to /var/log/github/exceptions.log. The fast growth of this log file could cause the root disk to fill up. (updated 2017-12-20)
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-20)
  • The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-20)
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-20)
  • The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)

Thanks!

The GitHub Team