ghe-migrator
.GitHub Enterprise Server 2.13 will be deprecated as of March 27, 2019. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Thanks!
The GitHub Team
A CRITICAL issue was identified in Rails that allows an attacker to send a specially crafted request that could allow arbitrary files to be read and the file content to be disclosed.
The affected supported versions are:
All older, no longer supported versions are also affected.
We strongly urge upgrading your GitHub Enterprise Server appliance to the latest patch release in your series, GitHub Enterprise Server 2.13.22, 2.14.16, 2.15.9, 2.16.4, or greater immediately. If you have any questions, please contact GitHub support at https://enterprise.github.com/support.
ghe-migrator
.Thanks!
The GitHub Team
ghe-migrator
.Thanks!
The GitHub Team
babeld.log
, gitauth.log
, production.log
, resqued.log
and unicorn.log
log files were truncated when forwarded to a central log server.ghe-migrator
.Thanks!
The GitHub Team
ghe-migrator
.Thanks!
The GitHub Team
ghe-migrator
we not automatically re-indexed so weren't returned in the search results until manually re-indexed.ghe-migrator
that contains references to another pull request the user does not have access to.ghe-migrator
.Thanks!
The GitHub Team
404 Not Found
errors were shown in the browser console for some script requests when using the code editor.ghe-migrator
failed when the creator of a card on the board no longer exists on the source instance.ghe-migrator
could lead to an incorrect mapping between links to pull requests and the correct pull requests.ghe-migrator
.Thanks!
The GitHub Team
/var/log/error
was not automatically rotated with logrotate and could sometimes use too much disk space.ghe-migrator
.ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance.Thanks!
The GitHub Team
__init__
, was removed in code blocks in MediaWiki-formatted pages.manifest.json
file instead of being redirected to the correct location in the user interface.ghe-migrator
.ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
grep: /etc/github/repl-state: No such file or directory
.ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance.ghe-migrator
.ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
git
package has been updated to detect malicious Git submodules that could be used to exploit CVE-2018-17456.osqueryi
utility has been added to the GitHub Enterprise environment.ghe-migrator
.ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
jekyll-remote-theme
gem of GitHub Pages could allow users to display the content of local files.gzip
encoding.Connection timed out
if the hookshot service was unable to run migrations due to a firewall update that ran out of order.ghe-repl-status
.ghe-repl-setup
allowed re-adding the same node as a replica.ghe-config-check
would hang if run without any arguments.hookshot
logs weren't purged properly in Elasticsearch and could consume large amounts of disk space.ghe-migrator
could fail to complete trying to add the same label to an issue.500 Internal Server Error
if a reviewer is no longer a member of the GitHub Enterprise environment.ghe-migrator
.ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
window.opener
when linking from GitHub Enterprise hosted Markdown content.ghe-migrator
.ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
A CRITICAL issue was identified that allows an attacker with repository write access to create Pages sites that can display the content of system files. This could used to further escalate the vulnerability to execute arbitrary commands on the GitHub Enterprise appliance.
The affected supported versions are:
GitHub Enterprise 2.11 is not vulnerable.
We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.12.18, 2.13.10, 2.14.4, or greater.
window.opener
when linking from GitHub Enterprise hosted Markdown content.ghe-snmpv3-remove-user
did not remove all account data, preventing administrators from updating the password for the SNMPv3 user.ghe-set-password
command could result in unexpected shell behavior.ghe-migrator
.ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
A CRITICAL issue was identified that allows an attacker with repository admin or owner privileges to execute arbitrary commands on the appliance.
The affected supported versions are:
GitHub Enterprise 2.14.3, 2.13.9, and 2.12.17 were not patched properly and are still vulnerable to the file path traversal vulnerability. GitHub Enterprise 2.14.4, 2.13.10, and 2.12.18 will ship next week to address this vulnerability. As a manual workaround, you can disable Pages on the GitHub Enterprise environment. (updated 2018-08-23)
A CRITICAL issue was identified that allows an attacker with repository write access to create Pages sites that can display the content of system files. This could used to further escalate the vulnerability to execute arbitrary commands on the GitHub Enterprise appliance.
The affected supported versions are:
GitHub Enterprise 2.11 is not vulnerable.
We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.12.17, 2.13.9 or 2.14.3.
Due to a change in the implementation on GitHub Enterprise 2.12 and later, it is not possible to apply the same fix to GitHub Enterprise 2.11 for the remote code execution vulnerability. We strongly recommend upgrading GitHub Enterprise 2.11 to 2.12 or newer.
waagent
and walinuxagent
.ghe-org-admin-promote
command-line utility would fail when attempting to promote a user without two-factor-authentication enabled as an admin of an org where two-factor authentication is required.User-Agent
has been added to Access-Control-Allow-Headers
to support API clients which follow the Fetch specification.ghe-migrator
.ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
connect
timeout has been increased to allow up to four retries during a cluster restore.ghe-migrator
.ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
ghe-migrator
.ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
0
./stafftools/users/ldap
had layout and accessibility issues.Host
header when requesting a Pages site would return a 404 error.ghe-migrator
.ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
/etc
directory.NameID
. (updated 2018-06-25)ghe-migrator
.ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.
We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.
More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235.
ghe-migrator
.NameID
. (updated 2018-06-25)ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
A number of critical Git security vulnerabilities were recently announced that affect all versions of the official Git client.
We strongly recommend that you ensure that all users update their Git clients, in addition to upgrading to this GitHub Enterprise release.
More details on these vulnerabilities can be found in the official announcement, and the associated CVEs, CVE-2018-11233 and CVE-2018-11235. (updated 2018-05-30)
ghe-legacy-github-services-report
.ghe-migrator
.NameID
. (updated 2018-06-25)ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
ghe-set-password
to reset the Management Console password would fail unless the haproxy-internal-proxy
service was manually started.collectd.log
contained superfluous Elasticsearch plugin warnings.ghe-migrator
failed to import a GitHub.com migration archive when a pull request's requested reviewer was not a member of the organization.ghe-migrator
.ghe-migrator
, project boards are not exported.NameID
. (updated 2018-06-25)ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
/dashboards/overview
were empty.404 Not Found
.ghe-diagnostics
.ghe-migrator
.ghe-migrator
, project boards are not exported. (updated 2018-05-07)NameID
. (updated 2018-06-25)ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
git --push_option
to transmit strings based to the server on to their pre-receive hooks.-i
flag with the ghe-migrator
command-line utilty./stafftools
./stafftools
.diffie-hellman-group1-sha1
and diffie-hellman-group14-sha1
algorithms have been deprecated and disallowed for git
SSH connections. (updated 2018-04-17)milestone:*
, milestone:any
, and milestone:none
search queries were not returning the correct issue or pull requests./stafftools
, administrators could incorrectly delete user accounts when they were the sole owner of a repository.prev
reference.ghe-migrator
.site_admin
scope when authenticating with an access token./stafftools
.ghe-org-admin-promote
requires an -a
flag to give admin privileges to all site administrators in all organizations.GitHub Enterprise 2.13 requires at least GitHub Enterprise Backup Utilities 2.13.0 for Backups and Disaster Recovery.
Starting with Backup Utilities 2.13.0, version support is inline with that of the GitHub Enterprise upgrade requirements and as such, support is limited to three versions of GitHub Enterprise: the version that corresponds with the version of Backup Utilities, and the two releases prior to it.
For example, Backup Utilities 2.13.0 can be used to backup and restore all patch releases from 2.11.0 to the latest patch release of GitHub Enterprise 2.13. Backup utilities 2.14.0 will be released when GitHub Enterprise 2.14.0 is released and will then be used to backup all releases of GitHub Enterprise from 2.12.0 to the latest patch release of GitHub Enterprise 2.14.
Backup Utilities 2.11.4 and earlier offer support for GitHub Enterprise 2.10 and earlier releases.
Support for Internet Explorer 11 will be deprecated on September 13, 2018. There will be no changes in site functionality, but a warning banner will be displayed to Internet Explorer 11 users.
Support for VMware ESX 5.5 will be deprecated on September 19, 2018.
GitHub Enterprise 2.10 will be deprecated as of June 5, 2018. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.
ghe-migrator
.ghe-migrator
, project boards are not exported. (updated 2018-05-07)NameID
. (updated 2018-06-25)ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team