GitHub Enterprise 2.12.14 July 10, 2018 Download

Security Fixes

  • MEDIUM: Environment variables passed to pre-receive hook scripts were not properly escaped.
  • LOW: It was possible to start a shell from the network configuration settings screen available on a virtual console.
  • LOW: Filtering of parameters in log files was changed from a blacklist of fields to a whitelist. This ensures that less values are logged and in the future no values are accidentally logged.
  • LOW: The body of API requests containing sensitive data was written to log files on the appliance. The request body is now only logged for debugging purposes and sensitive data is scrubbed before being logged.
  • Packages have been updated to the latest security versions.

Bug Fixes

  • Parallel uploads of the same Git LFS object could fail but still be reported as successful.
  • A hotpatch could be applied to the appliance whilst a configuration run was in progress. This could lead to inconsistencies and unexpected behaviour.
  • The LDAP users page at /stafftools/users/ldap had layout and accessibility issues.
  • The Fork button was enabled for repositories in cases where a repository could not be forked anywhere.
  • Including the port in the Host header when requesting a Pages site would return a 404 error.

Known Issues

  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.

Thanks!

The GitHub Team

GitHub Enterprise 2.12.13 June 19, 2018 Download

Security Fixes

  • Packages have been updated to the latest security versions.
  • MEDIUM: Command-line injection could be triggered by uploading a specially-crafted pre-receive hook environment. (updated 2018-07-12)

Bug Fixes

  • Pre-receive hooks would fail if the pre-receive environment lacked a /etc directory.
  • Active git processes were not displayed on the Management Console's maintenance page
  • Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Known Issues

  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.

Thanks!

The GitHub Team

GitHub Enterprise 2.12.12 June 05, 2018 Download

Git client vulnerabilities

A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.

We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.

More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235.

Security Fixes

  • CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. This fix is also available in GitHub Enterprise 2.12.10 and 2.12.11.
  • GitHub will block pushing malicious Git submodules that could be used to exploit Git clients vulnerable to CVE-2018-11235.

Bug Fixes

  • Elasticsearch metrics in the management console metrics dashboards have been fixed.
  • Enable marking one search index as primary when there are multiple primary Elasticsearch indexes listed.

Known Issues

  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.
  • Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

GitHub Enterprise 2.12.11 May 22, 2018 Download

Git client vulnerabilities

A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.

We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.

More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235. (updated 2018-05-30)

Security Fixes

  • CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. This fix is also available in GitHub Enterprise 2.12.10. (updated 2018-05-30)
  • Packages have been updated to the latest security versions.

Bug Fixes

  • Maintenance mode could be unset while a configuration run was in progress.
  • A background job that purges deleted storage objects could cause backups to fail if run whilst a backup was in progress.
  • Restoring a backup to an unconfigured GitHub Enterprise appliance could fail to restore Pages data with a "could not find 3 online voting fileservers" error.
  • Updating branch protections from the API ignored the restricted teams parameter.
  • Viewing a pull request reviewed by a member of a team that has been deleted could fail with a "500 Internal Server Error".
  • Exporting a repository didn't include project boards.

Known Issues

  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.
  • Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

GitHub Enterprise 2.12.10 May 08, 2018 Download

Security Fixes

  • CRITICAL There was a remote code execution vulnerability that leveraged CVE-2018-11235 during the Pages build process. The Git package has been updated to address the vulnerability in the Pages build process. (updated 2018-05-30)
  • Packages have been updated to the latest security versions.

Bug Fixes

  • When booted into recovery mode, using ghe-set-password to reset the Management Console password would fail unless the haproxy-internal-proxy service was manually started.
  • collectd.log contained superfluous Elasticsearch plugin warnings.
  • ghe-migrator failed to import a GitHub.com migration archive when a pull request's requested reviewer was not a member of the organization.
  • Commits pushed to a closed pull request were not included when fetching the pull request's tracking branch.
  • API returned an incorrect response code when adding organization team members to a repository.
  • The repository collaborator API ignored the permission parameter and always invited users with push permissions.

Changes

  • Our unified Git proxy, babeld, now uses the BoringSSL cryptographic library to avoid lock contention issues in Git over SSH connections, which may have been encountered on large and busy appliances.

Known Issues

  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.
  • On a repository that's been locked for migration using ghe-migrator, project boards are not exported.
  • Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

GitHub Enterprise 2.12.9 April 10, 2018 Download

Security Fixes

  • LOW: Changed how certain types of exceptions are handled to prevent sensitive user data from being written to log files.

Bug Fixes

  • Resetting the self signed certificate, either manually or as a result of a hostname or IP change, would fail.
  • Duplicate object identifier (OID) entries were returned for the mounted partitions.
  • Updates the support of automatically-managed TLS certificates from Let's Encrypt to request a single-domain certificate when Subdomain Isolation is disabled, and a multi-domain (SAN) certificate when Subdomain Isolation is enabled. A GitHub Enterprise installation will no longer require a wildcard DNS record to use this feature when Subdomain Isolation is disabled.
  • Corrects calculation of hour and day of month for the crontab entry supporting renewals of automatically-managed ACME (Let's Encrypt) TLS certificates.
  • Users may be unable to sign in to GitHub Enterprise via a private GitHub Pages site if subdomain isolation is enabled.
  • ghe-migrator failed when the user was not a member of the organization at the time of export.
  • Pages builds failed when TLS is disabled.

Changes

  • Disabled redundant UDP listener in memcached.
  • The appliance's UUID has been added to the replication overview page.
  • Updated ESX image guest identifier to other26xLinux64Guest, which allows provisioning 65-128 virtual CPU cores on VMWare.
  • The footer has been updated to display current version of GitHub Enterprise.

Known Issues

  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.
  • On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
  • Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

GitHub Enterprise 2.12.8 March 20, 2018 Download

Security Fixes

  • LOW: It was identified internally that the existence of private repositories could be determined due to the differing error messages of some REST API endpoints. These error messages have been updated to be consistent regardless of a user’s authorization to the repository. No information except for the existence of a private repository would have been exposed due to this issue.

Bug Fixes

  • Upgrades to later feature releases were blocked if the new patch release number is lower than the current one.
  • Wiki footer options were not shown for read-only users.

Known Issues

  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance.
  • Pages builds fail when TLS is disabled. (updated 2018-04-03)
  • On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
  • Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

GitHub Enterprise 2.12.7 March 13, 2018 Download

Security Fixes

  • Packages have been updated to the latest security versions.

Bug Fixes

  • An appliance could not be successfully deployed on Google Cloud Platform without allocating a public IP address.
  • Snapshots taken using the Backup Utilities from a GitHub Enterprise cluster will connect to the MySQL master node to allow transfer of SQL data via a unix domain socket instead of TCP.
  • When creating a custom pre-receive hook environment, the operation would fail if the specified URL requested redirection.
  • Upgrades with a package from an earlier release were not prevented.
  • Some services would fail to restart after applying a hotpatch.
  • The documentation_url field in some GraphQL API v4 responses referred to the REST API v3 documentation rather than the GraphQL API v4 documentation.
  • Adding members via the new organization page did not display added users.
  • Archived gists were not restored in cluster environments.
  • The Get repository contents API endpoint incorrectly returned a 403 Forbidden response for some Git LFS-tracked files.
  • Milestones retrieved using the REST API were not sorted as documented by default.
  • "You signed out in another tab or window. Reload to refresh your session" message was being shown to some Firefox users.
  • Pull Request would not merge if it touches file(s) the author owns requiring reviews from code owners.
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator.

Changes

  • Entries recorded in the resqued.log file weren't included when forwarding logs to an external server. Customers monitoring the github_resque tag will need to switch to github_resqued instead.
  • Added the ability to add multiple repositories to an export at once using a text file that lists the repository URLs.

Known Issues

  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance. (updated 2018-03-19)
  • Pages builds fail when TLS is disabled. (updated 2018-04-03)
  • On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
  • Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

GitHub Enterprise 2.12.6 February 27, 2018 Download

Security Fixes

  • LOW: Tokens were contained in extended support bundles when they were used in GET requests as a URL parameter.
  • Packages were updated to their latest patch versions.

Bug Fixes

  • RRD files used to store metrics that are no longer collected were never deleted, wasting space on the root file system.
  • Webhook delivery could fail in a clustering environment when one of the web-server nodes was unavailable and not explicitly marked as offline.
  • SVG files referenced using a relative path in a README were not shown.
  • Trial CloudFormation template updated to use current version of AWS instances. As part of this update, this trial template will no longer work within the EC2 Classic network type.
  • Failed to upgrade a replica to the same version on a newly partitioned root disk.
  • Deleting a search index didn't delete all associated metadata, which were then incorrectly reused if a new search index was created. This caused search index repair jobs to be reported as finished in the site admin when they were not.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • LFS objects could fail to be cloned after a successful upload.
  • GitHub Apps silently fail to be created when the name contains an underscore.
  • Trying to delete an App's avatar in settings/apps/[app-name] caused an error and didn't delete the avatar.
  • Installations failed to be removed while transferring repository ownership.
  • Collaborators added through the API were incorrectly sent invitations.

Changes

  • ghe-repl-status could show an inaccurate count when Alambic replication was behind.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance. (updated 2018-03-19)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
  • On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
  • Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

GitHub Enterprise 2.12.5 February 13, 2018 Download

Security Fixes

  • Packages have been updated to the latest security versions.

Bug Fixes

  • The directory hierarchy was not retained when uploading a directory of files to a repository using drag & drop.
  • MySQL backups could fail with mysqldump: Error 2013: Lost connection to MySQL server during query when dumping table error.
  • An incorrect merge commit SHA could be returned for pull requests merged through the API.
  • Multiple attempts may have been required to resolve a merge conflict using the conflict resolution web interface.
  • The incomplete preview Community Profile API endpoint was enabled on GitHub Enterprise.
  • Pull request reviewers were not migrated when migrating repositories using ghe-migrator.
  • The pull request assignee event was duplicated on repositories migrated using ghe-migrator.
  • The pull request review request had users reversed, after migration with ghe-migrator.
  • Granting push permissions on a protected branch to a child team could fail with a 500 internal server error when submitting the form.
  • Archived repositories could not be forked via the REST API.
  • Querying the status of storage objects using in high availability and cluster environments has been optimized for improved performance.
  • Git references, such as tags or branch names, with a high number of transitions from letter to numbers and back again, could result in a background worker crashing causing some webhooks not to fire.
  • The gpgverify service could consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)

Changes

  • GitHub Enterprise is now available in the Paris AWS region.
  • Support bundles are more efficiently sanitized during generation.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • GitHub Apps silently fail to be created when the name contains an underscore.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • Git LFS, release and issue assets, user profile images, webhooks, or Subversion access may be unavailable if an appliance is restarted after applying the 2.12.5 or greater hotpatch—if this occurs, please contact Enterprise Support for assistance. (updated 2018-03-19)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
  • On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
  • Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

GitHub Enterprise 2.12.4 January 30, 2018 Download

Security Fixes

  • Packages have been updated to the latest security versions.

Bug Fixes

  • The hostname documentation link in the Management Console linked to an invalid location.
  • Large Git LFS objects and release downloads were temporarily buffered to the root disk. This could lead to disk space contention.
  • The create team API endpoint returned a 500 error if LDAP Sync is enabled and the team already exists.
  • The hookshot-unicorn service could fail to start if there was a large backlog of webhook jobs.
  • Tearing down replication did not remove the database seed data used when configuring high availability replication.
  • The license expiry notification was shown if the appliance was restarted after the current has license expired.
  • The elasticsearch-upgrade service was not stopped during the upgrade process when upgrading via a hotpatch. This could lead to unnecessary logging to the root disk.
  • Applying a hotpatch that required a reboot did not warn that a reboot is required.
  • Postfix attempted to negotiate NTLM authentication if the relay host offered it.
  • Toggling each of the Branch Protection settings would produce inconsistent audit log events.
  • Toggling the 'Require review from Code Owners' Branch Protection setting did not generate an audit log event.
  • Background job logging to /var/log/github/production.log could consume large amounts of disk space. The fast growth of this log file could cause the root disk to fill up.
  • Comparing branches with unicode characters in their names could fail with a '500 Internal Server Error'.
  • Large API requests could trigger excessive logging in the exceptions log. (updated 2018-01-31)

Changes

  • ghe-diagnostics can now upload directly to GitHub using the -u or -t [ticket reference] options.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • GitHub Apps silently fail to be created when the name contains an underscore.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The pull request review request has users reversed, after migration with ghe-migrator.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
  • On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
  • Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

GitHub Enterprise 2.12.3 January 16, 2018 Download

Meltdown

This release addresses the Meltdown (CVE-2017-5754) attack. This has been fixed in the 3.16.51-3+deb8u1 release from Debian. Please note that this patch does not address the Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerability. A fix is not available for the Spectre vulnerability yet.

Internally conducted benchmarks indicate the performance impact is limited to a 2-5% increase in CPU usage on most platforms. The impact can vary depending on your usage and platform though. If you see a significant performance difference, don't hesitate to reach out to Enterprise Support.

Note on Hotpatching

The hotpatch contains an upgrade to the kernel and requires a reboot. The Meltdown attack is not fixed until a reboot is performed.

Security Fixes

  • HIGH: Kernel is updated to 3.16.51-3+deb8u1 which implements Kernel Page Table Isolation (KPTI) to address Meltdown.

Bug Fixes

  • ghe-dbconsole, in a cluster environment, did not work on nodes without a database role.
  • The ghe-repl-status command-line utility incorrectly showed TypeError: no implicit conversion of Symbol into Integer when there are repositories or gists with bad replica counts.
  • The ghe-dpages check-replicas command could show an error with widely dispersed geo replicas.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • GitHub Apps silently fail to be created when the name contains an underscore.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The pull request review request has users reversed, after migration with ghe-migrator.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.
  • Background job logging to /var/log/github/production.log may consume large amounts of disk space. The fast growth of this log file could cause the root disk to fill up.
  • Large API requests may trigger excessive logging in the exceptions log. (updated 2018-01-31)
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
  • On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
  • Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

GitHub Enterprise 2.12.2 January 09, 2018 Download

Meltdown & Spectre

Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to extract data which is currently processed on the same machine. This also can affect GitHub Enterprise.

The risk to GitHub Enterprise depends on the environment that it runs in. There are two main vectors of attack that need to be considered.

Virtualization platform

Given that GitHub Enterprise runs on various virtualization platforms, it's essential to update the virtualization platform where possible to mitigate any of these issues. The existing patches and fixes almost all focus on solving Meltdown. Meltdown is more straightforward to fix and most providers focus on this first.

Spectre is more complicated to exploit and also more complicated to fix. KVM for example is not vulnerable to Meltdown but is vulnerable, with a proof of concept, to Spectre which was tested by Google in the project originally (see https://googleprojectzero.blogspot.nl/2018/01/reading-privileged-memory-with-side.html). Specifically under "Reading host memory from a KVM guest". This Spectre exploit tested against a specific kernel version, but nothing implies it's impossible to adapt for other kernel versions and or other virtualization platforms.

The following Cloud and virtualization platforms have released announcements and/or fixes.

Inside GitHub Enterprise

The vulnerability can also be exploited if there is code under the control of an attacker running on the same system. GitHub Enterprise has very limited support for custom code in the form of pre-receive hooks. Pre-receive hooks are limited such that administrators are the only ones who can set them up and their runtime execution is limited to 5 seconds. Both these aspects greatly limit the risk of data exposure through pre-receive hooks. As a general rule, administrators should ensure that only known and trusted pre-receive hooks are enabled on their appliance.

GitHub Enterprise is based on Debian Jessie. A fix for Meltdown is not yet available for Debian Jessie, as can be seen in the Debian CVE tracker for Meltdown. The new kernel version will be included in a future release of GitHub Enterprise and can potentially come with a performance regression. Accordingly, we recommend testing that release before putting it into production.

Summary

The primary risk for GitHub Enterprise installations is cross-guest or host <-> guest data leakage on the virtualization platform. This may be mitigated by the support cloud hosting providers, or by the suppliers of virtualization software. There is very limited risk of externally supplied software running within the appliance obtaining data from other processes, mitigated by administrators only enabling pre-receive hooks that are reviewed and trusted.

Security Fixes

  • LOW: Pre-receive hooks could access internal cloud platform metadata. The metadata resources have been restricted to the root user.
  • Packages have been updated to the latest security versions.

Bug Fixes

  • Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
  • Changes to legal hold state of a repository did not trigger an audit log event.
  • After changing HTTP proxy configuration in the Management Console, webhooks did not use the settings unless hookshot-resqued was restarted manually.
  • NUMA enabled appliances could crash with a kernel panic. This was a known issue with linux-image-3.16.51-2.
  • GitHub Apps referenced an invalid profile in the notifications and comment views.
  • The pre-receive hook $GITHUB_PULL_REQUEST_AUTHOR_LOGIN environment variable was empty when pull requests were merged via the API.
  • Permission update notifications for GitHub Apps were not sent to organization administrators.

Changes

  • GitHub Enterprise support ticket creation via e-mail (enterprise@github.com) has been disabled. Please contact GitHub Enterprise Support using the Submitting a ticket article.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • GitHub Apps silently fail to be created when the name contains an underscore.
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order.
  • The pull request review request has users reversed, after migration with ghe-migrator.
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong.
  • The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.
  • The ghe-repl-status command-line utility incorrectly shows TypeError: no implicit conversion of Symbol into Integer when there are repositories or gists with bad replica counts. (updated 2018-01-10)
  • Reviewers and the "Review requested" status disappear on pull requests migrated with ghe-migrator. (updated 2018-01-12)
  • Background job logging to /var/log/github/production.log may consume large amounts of disk space. The fast growth of this log file could cause the root disk to fill up. (updated 2018-01-16)
  • Large API requests may trigger excessive logging in the exceptions log. (updated 2018-01-31)
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
  • On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
  • Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

GitHub Enterprise 2.12.1 December 19, 2017 Download

Security Fixes

  • Packages have been updated to the latest security versions.

Bug Fixes

  • After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard.
  • Authentication graphs in the management console were incorrectly empty and auth.result.* metrics weren't forwarded to external collectd servers.
  • Orphaned resqued processes accumulated and caused out-of-memory (OOM) issues.
  • CODEOWNERS failed with CRLF line endings.
  • Nested teams could not be migrated with ghe-migrator.
  • Pre-receive hook's enforcement could not be updated with the API.
  • GitHub Apps incorrectly linked to a "Report abuse" reference.
  • Repository changes and creation could timeout when an organization contains many teams and members.
  • When restoring a deleted repository via the site admin dashboard, an error message could be shown even though the restore worked.
  • The compare view could display the incorrect additions or deletions status.
  • Updates to a pull request through the API could incorrectly modify manitainer_can_modify to false when the field was not a part of the request.

Changes

  • /var/log/github/production.log has been updated to include more metadata for resque.performed and resque.queued events.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
  • GitHub Apps silently fail to be created when the name contains an underscore.
  • Changes to legal hold state of a repository does not trigger an audit log event.
  • After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-20)
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-27)
  • The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-27)
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-27)
  • NUMA enabled appliances can crash with a kernel panic. This is a known issue with linux-image-3.16.51-2 and the workaround is to add the numa=off parameter to the kernel command line in /boot/grub/grub.cfg. Please contact GitHub Enterprise Support if you have questions. (updated 2017-12-28)
  • The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
  • The ghe-repl-status command-line utility incorrectly shows TypeError: no implicit conversion of Symbol into Integer when there are repositories or gists with bad replica counts. (updated 2018-01-10)
  • Reviewers and the "Review requested" status disappear on pull requests migrated with ghe-migrator. (updated 2018-01-12)
  • Background job logging to /var/log/github/production.log may consume large amounts of disk space. The fast growth of this log file could cause the root disk to fill up. (updated 2018-01-16)
  • Large API requests may trigger excessive logging in the exceptions log. (updated 2018-01-31)
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
  • On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
  • Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team

GitHub Enterprise 2.12.0 December 12, 2017 Download

Features

Security Fixes

  • Packages have been updated to the latest security versions.
  • Users could accept an organization invitation incorrectly sent to an unverified email address.

Bug Fixes

  • The ghe-es-search-repair script refused to run in a single instance environment.
  • The OpenVPN log was not created if it did not already exist.
  • The audit log rotation schedule was unintentionally set to weekly instead of daily.
  • Archived repositories were not restored correctly in cluster environments.
  • The Management Console was not correctly reloaded after a hotpatch is applied.
  • Chrome attempted to automatically fill the SMTP and SNMP password fields with the password for the management console.
  • Migration archives excluded users who created a protected branch and were subsequently removed from the organization.
  • Git repair jobs repeatedly tried to access unavailable objects, causing high CPU usage.
  • Searching for users or email addresses in the site admin tools did not return results for incomplete and fuzzy matches.
  • The merge button got stuck in the "Checking for ability to merge" state.
  • ghe-cluster-status returned invalid JSON when nodes were unavailable.
  • Projects were incorrectly editable when the repositories was locked for migration.
  • Users were unable to add collaborators to a personal project when the actor followed a large number of users.
  • Pages failed to publish when the publishing source was configured as a path to a submodule.
  • The followers and following count incorrectly considered suspended accounts.
  • The squash and merge option was not resizing the text area to the height of the commit message.

Changes

  • To restrict actions on raw content, including preventing popups, preventing the execution of plugins and scripts, and enforcing a same-origin policy, our content security policy (CSP) header for raw URLs now includes the sandbox attribute.
  • babeld.log includes an api_time key for internal timings on verifying authentication.
  • codeload.log include a api_ms attribute for internal timings.
  • gitauth.log has been updated to add the commit-refs, verification-tokens, pre-2fa, and git-lfs-authenticate actions and include the request_ip and path_info metadata.
  • The GitHubMetadata GraphQL API object has been added.
  • The meta RESTAPI endpoint has been updated to include installed_version for the GitHub Enterprise version.
  • Webhooks payloads have been updated to include two headers, X-GitHub-Enterprise-Version and X-GitHub-Enterprise-Host.
  • The git signing API is no longer behind a preview header.
  • Outside collaborators will be counted in the team member count view in the site admin dashboard.
  • The number of cards awaiting triage has been added to the project section of the site admin dashboard.
  • ghe-nwo command-line utility can identify the repository owner from a repository id.
  • ghe-version command-line utility returns the current GitHub Enterprise version number.
  • Topic descriptions will render GitHub Flavored Markdown.
  • Project notes character limit has been increased to 1024 from from 250.
  • Project, webhook APIs created_at and updated_at fields have been updated to use a consistent and standard YYYY-MM-DDTHH:MM:SSZ ISO 8601 format.
  • GPG verification for commits are parallelized for faster performance.

Backups and Disaster Recovery

GitHub Enterprise 2.12 requires at least GitHub Enterprise Backup Utilities 2.11.2 for Backups and Disaster Recovery.

Upcoming deprecation of Internet Explorer 11 support

Support for Internet Explorer 11 will be deprecated on September 13, 2018. There will be no changes in site functionality, but a warning banner will be displayed to Internet Explorer 11 users.

Upcoming deprecation of VMware ESX 5.5 support

Support for VMware ESX 5.5 will be deprecated on September 19, 2018.

Upcoming deprecation of GitHub Enterprise 2.9

GitHub Enterprise 2.9 will be deprecated as of March 1, 2018. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

  • We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Custom firewall rules aren't maintained during an upgrade.
  • svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
  • GitHub Enterprise clustering can not be configured without https.
  • Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
  • Changing the parent of a nested team can result in the nested team not receiving updated inherited permissions.
  • After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-12-19)
  • GitHub Apps silently fail to be created when the name contains an underscore.
  • Authentication graph is incorrectly empty because auth.result.* metrics are missing and not forwarded to external collectd servers.
  • Changes to legal hold state of a repository does not trigger an audit log event.
  • After changing HTTP proxy configuration in the Management Console, webhooks do not use the settings unless hookshot-resqued is restarted manually via SSH by running: sudo systemctl restart hookshot-resqued. (updated 2017-12-19)
  • Pull request review comments migrated with ghe-migrator are displayed in the wrong order. (updated 2017-12-27)
  • The pull request review request has users reversed, after migration with ghe-migrator. (updated 2017-12-27)
  • The comment count in the "Conversation" tab of a pull request migrated with ghe-migrator can be wrong. (updated 2017-12-27)
  • The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)
  • The ghe-repl-status command-line utility incorrectly shows TypeError: no implicit conversion of Symbol into Integer when there are repositories or gists with bad replica counts. (updated 2018-01-10)
  • Reviewers and the "Review requested" status disappear on pull requests migrated with ghe-migrator. (updated 2018-01-12)
  • Large API requests may trigger excessive logging in the exceptions log. (updated 2018-01-31)
  • The gpgverify service may consume large amounts of CPU time even when not processing requests. (updated 2018-02-14)
  • Pull request reviewer usernames were not updated if a reviewer was mapped to a different username when migrating repositories using ghe-migrator. (updated 2018-04-12)
  • On a repository that's been locked for migration using ghe-migrator, project boards are not exported. (updated 2018-05-07)
  • Nameid-format matching on SAML response is too strict when value is "unspecified", which can cause an error with the "Another user already owns the account." message if the IdP changes NameID. (updated 2018-06-25)

Thanks!

The GitHub Team