GitHub Enterprise Server 2.16 will be deprecated as of January 22, 2020 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Thanks!
The GitHub Team
ghe-config-check
was returning validation errors for github-ssl.acme.ca-conf
and syslog.cert
.GitHub Enterprise Server 2.16 will be deprecated as of January 22, 2020 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Thanks!
The GitHub Team
GitHub Enterprise Server 2.16 will be deprecated as of January 22, 2020 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Thanks!
The GitHub Team
script-src: 'unsafe-inline'
CSP header was applied to all paths for Enterprise Manager.Thanks!
The GitHub Team
Thanks!
The GitHub Team
Thanks!
The GitHub Team
.consul
domains.Thanks!
The GitHub Team
Thanks!
The GitHub Team
Thanks!
The GitHub Team
Thanks!
The GitHub Team
support@example.com
as the sender of notification emails in certain circumstances.Thanks!
The GitHub Team
Thanks!
The GitHub Team
404-html
, would display the error page and not the user's profile.Thanks!
The GitHub Team
A CRITICAL vulnerability was identified that allows an attacker to authorize an OAuth application on the account of a targeted user without the approval of the targeted user. This would allow an attacker to execute actions on behalf of the targeted user via the authorized OAuth application. The attacker would need to be able to create an OAuth application on the affected GitHub Enterprise Server instance to perform this attack. Additionally, to execute the attack, the targeted user would need to visit an attacker controlled website.
The affected supported versions are:
We strongly recommend upgrading your GitHub Enterprise Server appliance to the latest patch release in your series, GitHub Enterprise Server 2.14.24, 2.15.17, 2.16.12, 2.17.3, or greater immediately. If you have any questions, please contact GitHub support at https://enterprise.github.com/support.
This vulnerability was reported through the GitHub Security Bug Bounty program.
Thanks!
The GitHub Team
suggestedReviewers
field returned an error when queried in combination with some other fields (e.g., additions
or deletions
).Thanks!
The GitHub Team
ghe-migrator
or exporting from GitHub.com, an export would silently fail to export pull request review comments when a repository was archived.ghe-migrator
.client_id
and client_secret
were added to the JSON payload when creating a GitHub App via manifest.Thanks!
The GitHub Team
/var/log/github/exceptions.log
file could include a large number of QueryWarningLogger::QueryWarning
errors.ghe-migrator
were not added to the global enterprise account.Thanks!
The GitHub Team
~strikethrough~
text was not preserved and suggested changes were duplicated.ghe-migrator
, an import would fail if an attachment file was missing from the export archive.Thanks!
The GitHub Team
Thanks!
The GitHub Team
ghe-repl-promote
will now prompt for confirmation. To promote a replica without confirmation, use the -y
flag: ghe-repl-promote -y
.Thanks!
The GitHub Team
Thanks!
The GitHub Team
A CRITICAL issue was identified in Rails that allows an attacker to send a specially crafted request that could allow arbitrary files to be read and the file content to be disclosed.
The affected supported versions are:
All older, no longer supported versions are also affected.
We strongly urge upgrading your GitHub Enterprise Server appliance to the latest patch release in your series, GitHub Enterprise Server 2.13.22, 2.14.16, 2.15.9, 2.16.4, or greater immediately. If you have any questions, please contact GitHub support at https://enterprise.github.com/support.
Thanks!
The GitHub Team
Thanks!
The GitHub Team
babeld.log
, gitauth.log
, production.log
, resqued.log
and unicorn.log
log files were truncated when forwarded to a central log server.422 Unprocessable Entity
response.Thanks!
The GitHub Team
/var/log/github/exceptions.log
.github
or gist
.422 Unprocessable Entity
response. (updated 2019-02-01)Thanks!
The GitHub Team
Closes #issue
text.GitHub Enterprise Server 2.16 requires at least GitHub Enterprise Backup Utilities 2.16.0 for Backups and Disaster Recovery.
GitHub Enterprise Server 2.13 will be deprecated as of March 27, 2019. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Starting with GitHub Enterprise Server 2.17.0, support for GitHub Services will be deprecated and administrators will not be able to install or configure new GitHub Services. Existing GitHub Services from a previous version of GitHub Enterprise Server will continue to function but GitHub Enterprise Server will not be providing any security or bug fixes to the GitHub Services functionality. At this time, there will be no changes to the existing functionality, but a warning banner will be displayed with the deprecation announcement blog post. Administrators can see which repositories are using GitHub Services with ghe-legacy-github-services-report
.
Starting with GitHub Enterprise Server 2.16.0, Internet Explorer 11 is no longer a supported browser. See a current list of supported browsers on this page.
422 Unprocessable Entity
response. (updated 2019-02-01)Thanks!
The GitHub Team