GitHub Enterprise Server 2.15 will be deprecated as of October 16, 2019 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Thanks!
The GitHub Team
GitHub Enterprise Server 2.15 will be deprecated as of October 16, 2019 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Thanks!
The GitHub Team
GitHub Enterprise Server 2.15 will be deprecated as of October 16, 2019 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Thanks!
The GitHub Team
GitHub Enterprise Server 2.15 will be deprecated as of October 16, 2019 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Thanks!
The GitHub Team
support@example.com
as the sender of notification emails in certain circumstances.Thanks!
The GitHub Team
Thanks!
The GitHub Team
404-html
, would display the error page and not the user's profile.Thanks!
The GitHub Team
A CRITICAL vulnerability was identified that allows an attacker to authorize an OAuth application on the account of a targeted user without the approval of the targeted user. This would allow an attacker to execute actions on behalf of the targeted user via the authorized OAuth application. The attacker would need to be able to create an OAuth application on the affected GitHub Enterprise Server instance to perform this attack. Additionally, to execute the attack, the targeted user would need to visit an attacker controlled website.
The affected supported versions are:
We strongly recommend upgrading your GitHub Enterprise Server appliance to the latest patch release in your series, GitHub Enterprise Server 2.14.24, 2.15.17, 2.16.12, 2.17.3, or greater immediately. If you have any questions, please contact GitHub support at https://enterprise.github.com/support.
This vulnerability was reported through the GitHub Security Bug Bounty program.
Thanks!
The GitHub Team
Thanks!
The GitHub Team
ghe-migrator
or exporting from GitHub.com, an export would silently fail to export pull request review comments when a repository was archived.Thanks!
The GitHub Team
Thanks!
The GitHub Team
~strikethrough~
text was not preserved and suggested changes were duplicated.ghe-migrator
, an import would fail if an attachment file was missing from the export archive.Thanks!
The GitHub Team
Thanks!
The GitHub Team
ghe-repl-promote
will now prompt for confirmation. To promote a replica without confirmation, use the -y
flag: ghe-repl-promote -y
.Thanks!
The GitHub Team
Thanks!
The GitHub Team
A CRITICAL issue was identified in Rails that allows an attacker to send a specially crafted request that could allow arbitrary files to be read and the file content to be disclosed.
The affected supported versions are:
All older, no longer supported versions are also affected.
We strongly urge upgrading your GitHub Enterprise Server appliance to the latest patch release in your series, GitHub Enterprise Server 2.13.22, 2.14.16, 2.15.9, 2.16.4, or greater immediately. If you have any questions, please contact GitHub support at https://enterprise.github.com/support.
Thanks!
The GitHub Team
Thanks!
The GitHub Team
babeld.log
, gitauth.log
, production.log
, resqued.log
and unicorn.log
log files were truncated when forwarded to a central log server.Thanks!
The GitHub Team
Thanks!
The GitHub Team
ghe-migrator
we not automatically re-indexed so weren't returned in the search results until manually re-indexed.ghe-migrator
that contains references to another pull request the user does not have access to.repo:
, org:
, etc.).Thanks!
The GitHub Team
/business
page were inaccessible when the company name in the license file is comprised of multi byte strings.404 Not Found
errors were shown in the browser console for some script requests when using the code editor.ghe-migrator
failed when the creator of a card on the board no longer exists on the source instance.ghe-migrator
could lead to an incorrect mapping between links to pull requests and the correct pull requests.ghe-migrator list
command failed with a "undefined method 'uniq'
error.ghe-migrator
would fail with a 500 Internal Server Error.Thanks!
The GitHub Team
/var/log/error
was not automatically rotated with logrotate and could sometimes use too much disk space.POST /repos/:owner/:repo/pulls
REST API endpoint could return a 502 Bad Gateway response due to using suboptimal query indexes.ghe-migrator list
command throws an error and fails.ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance./business
page are inaccessible when the company name in the license file is comprised of multi byte strings.Thanks!
The GitHub Team
__init__
, was removed in code blocks in MediaWiki-formatted pages.BackfillEnterpriseBusinessAdminsAndOrganizationsTransition
data transition could fail while running migrations.422 Unprocessable Entity
error./stafftools/users/:user/organization_memberships
in comparison to user-facing pages.admin
value was provided to the REST API endpoint to create an organization, an organization without any owners was created rather than a meaningful error message being returned.manifest.json
file instead of being redirected to the correct location in the user interface./business
page are inaccessible when the company name in the license file is comprised of multi byte strings.ghe-migrator list
command throws an error and fails. (updated 2018-11-21)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)/business
page are inaccessible when the company name in the license file is comprised of multi byte strings was incorrectly included in the bug fixes section instead of the known issues section. (updated 2019-01-10)Thanks!
The GitHub Team
grep: /etc/github/repl-state: No such file or directory
.ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance.422 Unprocessable Entity
error. (updated 2018-11-03)/business
page are inaccessible when the company name in the license file is comprised of multi byte strings. (updated 2018-11-7)ghe-migrator list
command throws an error and fails. (updated 2018-11-21)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)Thanks!
The GitHub Team
git push
.elasticsearch-server
in a separate datacenter.+
and -
diff markers are no longer copied to your clipboard when copying content from a diff.⌘ shift enter
) to leave a pull request review comment.alt
shortcut and clicking the inverted caret icon in any file header.README.md
directly from the repository's root page.repo
or read:org
scope.git
package has been updated to detect malicious Git submodules that could be used to exploit CVE-2018-17456.ghe-config-apply
contained innocuous and misleading error messages about WARNING: Setting ES auto_expand_replicas failed
.500 Internal Sever Error
.osqueryi
utility has been added to the GitHub Enterprise environment.agilezen
, boxcar
, codeportingcsharp2java
, coffeedocinfo
, coop
, cube
, distiller
, hall
, honbu
, loggly
, masterbranch
, nma
, notifymyandroid
, pushalot
, swiggle
, stormpath
, trajector
, visualops
, and yammer
GitHub services have been deprecated.GitHub Enterprise 2.15 requires at least GitHub Enterprise Backup Utilities 2.15.0 for Backups and Disaster Recovery.
GitHub Enterprise 2.12 will be deprecated as of December 12, 2018. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.
Starting with GitHub Enterprise 2.17.0, support for GitHub Services will be deprecated and administrators will not be able to install or configure new GitHub Services. Existing GitHub Services from a previous version of GitHub Enterprise will continue to function but GitHub Enterprise will not be providing any security or bug fixes to the GitHub Services functionality. At this time, there will be no changes to the existing functionality, but a warning banner will be displayed with the deprecation announcement blog post. Administrators can see which repositories are using GitHub Services with ghe-legacy-github-services-report
.
Support for Internet Explorer 11 has been deprecated as of GitHub Enterprise 2.15.0. Internet Explorer is still supported in GitHub Enterprise 2.15.0. Support for Internet Explorer 11 will be deprecated in the next feature release, 2.16.0. (updated 2018-11-22)
ghe-migrator
fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)422 Unprocessable Entity
error. (updated 2018-11-03)/business
page are inaccessible when the company name in the license file is comprised of multi byte strings. (updated 2018-11-7)ghe-migrator list
command throws an error and fails. (updated 2018-11-21)ghe-migrator
fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)elasticsearch-server
was added as part of preliminary work needed for Elasticsearch indices replication under cluster disaster recovery. This update does not affect any instance of GitHub Enterprise at this time. (updated 2018-10-29)Thanks!
The GitHub Team