GitHub Enterprise Server 2.17 will be deprecated as of May 23, 2020 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Thanks!
The GitHub Team
ghost
user as the sender and not the actual user performing the reinstatement.GitHub Enterprise Server 2.17 will be deprecated as of May 23, 2020 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Thanks!
The GitHub Team
GET
request to the Management Console API /setup/api/settings
endpoint would result in an Internal Server Error.GitHub Enterprise Server 2.17 will be deprecated as of May 23, 2020 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Thanks!
The GitHub Team
updated_at
field.package
field could not be queried via the GraphQL API.GitHub Enterprise Server 2.17 will be deprecated as of May 23, 2020 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Thanks!
The GitHub Team
ghe-migrator
exports did not contain milestone users, which could break import operations.GitHub Enterprise Server 2.17 will be deprecated as of May 23, 2020 That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Thanks!
The GitHub Team
ghe-license-check
command-line utility returned an "Invalid license file" error for some valid licenses, causing configuration changes to fail.org_block event
is not unavailable but was appearing for GitHub Apps on GitHub Enterprise Server.ProtectedBranch
objects.ghe-license-usage
command-line utility includes a new --unencrypted
option to provide visibility into the exported license usage file.Thanks!
The GitHub Team
Thanks!
The GitHub Team
GITHUB_REPO_PUBLIC
environment variable passed to pre-receive hooks could be empty.Thanks!
The GitHub Team
Thanks!
The GitHub Team
Thanks!
The GitHub Team
ghe-config-check
was returning validation errors for github-ssl.acme.ca-conf
and syslog.cert
.Thanks!
The GitHub Team
Thanks!
The GitHub Team
script-src: 'unsafe-inline'
CSP header was applied to all paths for Enterprise Manager.google_set_hostname
DHCP hook are now disabled on Google Cloud Platform images.Thanks!
The GitHub Team
Thanks!
The GitHub Team
Thanks!
The GitHub Team
.consul
domains.Thanks!
The GitHub Team
Thanks!
The GitHub Team
Thanks!
The GitHub Team
Thanks!
The GitHub Team
support@example.com
as the sender of notification emails in certain circumstances.Thanks!
The GitHub Team
Thanks!
The GitHub Team
404-html
, would display the error page and not the user's profile.Thanks!
The GitHub Team
A CRITICAL vulnerability was identified that allows an attacker to authorize an OAuth application on the account of a targeted user without the approval of the targeted user. This would allow an attacker to execute actions on behalf of the targeted user via the authorized OAuth application. The attacker would need to be able to create an OAuth application on the affected GitHub Enterprise Server instance to perform this attack. Additionally, to execute the attack, the targeted user would need to visit an attacker controlled website.
The affected supported versions are:
We strongly recommend upgrading your GitHub Enterprise Server appliance to the latest patch release in your series, GitHub Enterprise Server 2.14.24, 2.15.17, 2.16.12, 2.17.3, or greater immediately. If you have any questions, please contact GitHub support at https://enterprise.github.com/support.
This vulnerability was reported through the GitHub Security Bug Bounty program.
Thanks!
The GitHub Team
ghe-export-audit-logs
command did not correctly detect the instance type in some cases, causing backups to fail./etc/openvpn/easy-rsa/openssl.cnf
file.suggestedReviewers
field returned an error when queried in combination with some other fields (e.g., additions
or deletions
).FUNDING.yml
, which would then also fail to preview changes correctly.Thanks!
The GitHub Team
ghe-migrator
or exporting from GitHub.com, an export would silently fail to export pull request review comments when a repository was archived.ghe-migrator
.client_id
and client_secret
were added to the JSON payload when creating a GitHub App via manifest./etc/openvpn/easy-rsa/openssl.cnf
file. (updated: 2019-06-19)Thanks!
The GitHub Team
/var/log/github/exceptions.log
file could include a large number of QueryWarningLogger::QueryWarning
errors.ghe-migrator
were not added to the global enterprise account.esc
key.GitHub Enterprise Server 2.17 requires at least GitHub Enterprise Backup Utilities 2.17.0 for Backups and Disaster Recovery.
GitHub Enterprise Server 2.14 will be deprecated as of July 12, 2019. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Starting with GitHub Enterprise Server 2.17.0, support for GitHub Services is now deprecated and administrators will not be able to install or configure new GitHub Services. Existing GitHub Services from a previous version of GitHub Enterprise Server will continue to function but GitHub Enterprise Server will not be providing any security or bug fixes to the GitHub Services functionality. At this time, there will be no changes to the existing functionality, but a warning banner is displayed with the deprecation announcement blog post. Administrators can see which repositories are using GitHub Services with ghe-legacy-github-services-report
.
/etc/openvpn/easy-rsa/openssl.cnf
file. (updated: 2019-06-19)Thanks!
The GitHub Team