GitHub Enterprise 2.2.24 August 03, 2016 Download

Security Fixes

  • LOW The permissions on rbenv, used by many components of GitHub Enterprise, have been tightened.
  • Packages have been updated to the latest security versions.

Deprecation of GitHub Enterprise 2.2

GitHub Enterprise 2.2 is now deprecated. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

GitHub Enterprise 2.2.23 July 12, 2016 Download

Security Fixes

  • HIGH Due to the way that email addresses with Unicode in the 'local part' are handled, it was possible to generate a password reset token for an email address and have it delivered to a separate email address with Unicode homoglyphs that normalized to the original email address.
  • LOW Admin users could still access user reports after being suspended.
  • Packages have been updated to the latest security versions.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

GitHub Enterprise 2.2.22 June 21, 2016 Download

Security Fixes

  • Packages have been updated to the latest security versions.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

GitHub Enterprise 2.2.21 May 31, 2016 Download

Security Fixes

  • Packages have been updated to the latest security versions.

Bug Fixes

  • OAuth application callback hostnames were limited to no longer than 63 characters, which caused some OAuth applications to stop working.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

GitHub Enterprise 2.2.20 May 17, 2016 Download

Security Fixes

  • Packages have been updated to the latest security versions.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

GitHub Enterprise 2.2.19 May 04, 2016 Download

Security Fixes

Remote Code Execution in ImageMagick

Several vulnerabilities in ImageMagick, a package commonly used by web services to process images, have been discovered and disclosed by members of the Mail.ru Security team. One of the vulnerabilities is critical and can lead to remote code execution when processing user submitted images.

Final patches for all the disclosed vulnerabilities within ImageMagick are still pending. This release mitigates the remote code execution vulnerability by implementing the recommended policy to disable the vulnerable ImageMagick coders.

This vulnerability exists in ImageMagick but there is no evidence that it has been exploited on GitHub Enterprise.

We strongly recommend that all GitHub Enterprise customers upgrade their instances as soon as possible.

Mitigation
If you can't immediately upgrade, the issue can be mitigated by implementing the policy changes as follows:

  1. SSH to your GitHub Enterprise appliance.

  2. Edit the /etc/ImageMagick/policy.xml file:

    sudo vi /etc/ImageMagick/policy.xml
    
  3. Disable the vulnerable coders by replacing the <policymap> section with:

    <policymap>
      <policy domain="coder" rights="none" pattern="EPHEMERAL" />
      <policy domain="coder" rights="none" pattern="URL" />
      <policy domain="coder" rights="none" pattern="HTTPS" />
      <policy domain="coder" rights="none" pattern="MVG" />
      <policy domain="coder" rights="none" pattern="MSL" />
    </policymap>
    

There is no need to reboot or restart any services; the changes will take effect immediately.

Please contact GitHub Enterprise Support if you have any questions.

Bug Fixes

  • Memcached didn't log warnings or errors.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

GitHub Enterprise 2.2.18 April 26, 2016 Download

Changes

  • Shell history is written after each command.

Security Fixes

  • MEDIUM Resolved a cross-site scripting (XSS) vulnerability in task lists.
  • MEDIUM Implemented mitigation for a URI decoding vulnerability that affects modern versions of Microsoft Internet Explorer.
  • Packages have been updated to the latest security versions.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

GitHub Enterprise 2.2.17 March 29, 2016 Download

Bug Fixes

  • Migrating wikis to the new repository layout could fail if the original migration was interrupted before completion.
  • Custom certificate authority (CA) certificates were not maintained across upgrades with SSL disabled.

Security Fixes

  • MEDIUM Resolved a cross-site scripting (XSS) vulnerability.
  • LOW The secure flag was not set for the _gh_render cookie, potentially allowing the render cookie to be sent in plaintext HTTP requests. However, Enterprise sets the Strict-Transport-Security header for modern browsers when SSL is enabled, which largely mitigates the issue.
  • Packages have been updated to the latest security versions.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

GitHub Enterprise 2.2.16 March 15, 2016 Download

Bug Fixes

  • Changing a public repository to private would cause Git operations to stop replicating to the high availability replica.

Security Fixes

  • MEDIUM OpenSSL packages have been updated to address multiple vulnerabilities, including CVE-2016-0800, known as known as DROWN, which did not affect GitHub Enterprise.
  • MEDIUM Ruby on Rails packages have been updated to address multiple vulnerabilities.
  • MEDIUM Implemented mitigation for a cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 (CVE-2015-0072).
  • MEDIUM Implemented mitigation for a cross-site scripting (XSS) vulnerability where plain text or other content types could be parsed as HTML.
  • Packages have been updated to the latest security versions.
  • The ca-certificates package has been updated to remove outdated certificate authority (CA) certificates. This update refreshes the included certificates and removes the SPI CA and CA certificates with 1024-bit RSA keys.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

GitHub Enterprise 2.2.15 February 23, 2016 Download

Security Fixes

  • HIGH glibc packages have been updated to address CVE-2015-7547, a getaddrinfo stack-based buffer overflow.
  • HIGH libssh packages have been updated to address CVE-2016-0739, a weakness in diffie-hellman secret key generation.
  • MEDIUM nss packages have been updated to address CVE-2016-1938.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error.

Thanks!

The GitHub Team

GitHub Enterprise 2.2.14 February 09, 2016 Download

Bug Fixes

  • Repository maintenance was not run on the high availability replica. This could lead to high load while repositories were repacked when first promoting the replica.
  • Accessing the raw URL for a file named 'policies' would fail with a 404 error.
  • Downloading the diagnostics via the Management Console could time out on instances with many release or Git LFS assets.

Security Fixes

  • HIGH OpenSSH packages have been updated to address multiple vulnerabilities.
  • MED libxml2 and related packages have been updated to address multiple vulnerabilities.
  • MED rsync has been updated to address a recently identified vulnerability.
  • Packages have been updated to the latest security versions.
  • LOW Passwords and two-factor one-time passwords could be written to the exceptions log.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.

  • Enqueued background jobs are sometimes not purged when a repository is deleted.

  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.

  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.

  • Management console sessions can expire too quickly for Safari users.

  • Gist repositories are not garbage collected by the maintenance scheduler.

  • Gist profile pages don't have proper styling when subdomain isolation is disabled.

  • Custom firewall rules aren't maintained during an upgrade.

  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.

  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.

  • Jobs stuck on code indexing can delay other jobs from running.

  • Replication setup fails for IPv6 hosts.

  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.

  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.

  • Gists can't be created when using Safari 8.x in Private Mode.

  • Deleting a user doesn't delete their gists, which can cause problems with replication.

  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.

  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.

  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.

  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.

  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)

  • HIGH (CVE-2015-7547) 2.2 is vulnerable to glibc getaddrinfo stack-based buffer overflow. To manually patch your appliance, apply the hotfix by connecting to your appliance via SSH and running these commands: (updated 2016-02-17)

    $ curl -O https://github-enterprise.s3.amazonaws.com/patches/github-enterprise-libc-precise.hpkg
    $ md5sum github-enterprise-libc-precise.hpkg # c068256696f2775579e2cd8223f82306
    $ chmod +x github-enterprise-libc-precise.hpkg
    $ ./github-enterprise-libc-precise.hpkg
    

Thanks!

The GitHub Team

GitHub Enterprise 2.2.13 December 15, 2015 Download

Security Fixes

  • HIGH An integer overflow in Git could result in incorrect memory allocation values (CVE-2016-2315, CVE-2016-2324). (updated 2016-03-17)
  • MED libxml2 and related packages have been updated to address multiple vulnerabilities.
  • MED OpenSSL packages have been updated to address multiple vulnerabilities.
  • LOW Auto-completion within several fields of the management console settings could cause SNMP and LDAP secrets to be logged in plaintext.
  • Packages have been updated to the latest security versions.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
  • Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Git LFS Client Vulnerability

An issue has been identified that could allow an attacker to execute arbitrary commands on a user’s computer if they had Git LFS installed and cloned a malicious repository. Git LFS supports a per-repository configuration file to customize how certain aspects of Git LFS function. However, this file also allowed arbitrary Git configuration options to be modified. We have addressed the vulnerability by whitelisting the set of per-repository Git LFS configuration options that can be used to a safe subset.

GitHub Enterprise is not directly affected as this is a client-side vulnerability and Git LFS is disabled on GitHub Enterprise by default. If you have enabled Git LFS on your appliance, we recommend you upgrade your clients to Git LFS 1.0.1 or later to address this vulnerability.

Thanks!

The GitHub Team

GitHub Enterprise 2.2.12 December 01, 2015 Download

Security Fixes

  • Packages have been updated to the latest security versions.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
  • Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

GitHub Enterprise 2.2.11 November 03, 2015 Download

Bug Fixes

  • ghe-upgrade would fail with a GPG signature error if run as the root user.
  • The Gist resqued.log file was not regularly rotated.

Security Fixes

  • MED OpenJDK has been updated to address multiple vulnerabilities related to information disclosure, data integrity and availability.
  • MED NTP packages have been updated to address multiple vulnerabilities.
  • Packages have been updated to the latest security versions.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
  • Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

GitHub Enterprise 2.2.10 October 06, 2015 Download

Bug Fixes

  • Some repositories could have temporary merge-trees directories left from git operations that timed out but weren't automatically cleaned up.

Security Fixes

  • MED Unvalidated parameters passed to the GitHub Enterprise metrics could be used to generate a denial of service attack against the appliance.
  • LOW Large Git updates could trigger an overflow in Git xdiff.
  • Packages have been updated to the latest security versions.

Changes

  • Setting up high availability replication can sometimes fail when establishing the VPN connection. We've made the output more verbose to help with determining the cause of these failures.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
  • Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

GitHub Enterprise 2.2.9 September 15, 2015 Download

Security Fixes

  • HIGH Read access to public API endpoints of private-mode instances and to specific reporting endpoints can be authenticated by connecting via local trusted ports. This authentication could be bypassed by manipulating specific HTTP headers and lead to information disclosure.
  • Kernel and packages have been updated to the latest security versions.
  • Mediawiki Math markup within Gists and repository files with the .mediawiki suffix could leak information to the Google Chart API when they were displayed.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
  • Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

GitHub Enterprise 2.2.8 August 25, 2015 Download

Bug Fixes

  • The longpoll service, which provides live updates to Issues and Pull Requests pages, didn't restart properly if it was terminated.
  • Logs for some background jobs were not forwarded.
  • The ghe-storage-extend command, which resizes the storage volume, could fail with a Volume group name ghe_storage_* has invalid characters error under some circumstances.

Security Fixes

  • Kernel and packages have been updated to the latest security versions.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed.
  • Updates to Wiki pages by users without a primary email address set throw errors.
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
  • Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

GitHub Enterprise 2.2.7 August 11, 2015 Download

Bug Fixes

  • A failed login attempt caused multiple LDAP authentication failures, which could cause accounts to be locked on the LDAP server side.
  • Using uppercase characters in the hostname caused a redirect loop.
  • When displaying a commit made with an email address that doesn't belong to an existing GitHub Enterprise user, we loaded a default avatar from a GitHub.com subdomain.
  • An error in the VMware tools configuration caused excessive logging.
  • During an upgrade, checking the validity of the SSL certificate and key could output an error message. There is nothing wrong, but the error message can look scary.

Security Fixes

  • Kernel and packages have been updated to the latest security versions.
  • MEDIUM: Cached form objects could cause CSRF tokens to be shared across users.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.
  • When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
  • Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
  • Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

GitHub Enterprise 2.2.6 July 28, 2015 Download

Bug Fixes

  • Services failed to start properly after upgrading if SSL was disabled.
  • When trying to merge a pull request through the API where the author didn't have a primary email address, a server error was returned instead of a useful error message.
  • When running GitHub Enterprise on Xen, upgrades could fail due to incorrectly detecting that the hypervisor was HyperV.
  • On boot, we automatically fix corruption in the Redis appendonly file but user input was needed, so it appeared to hang.

Security Fixes

  • Ubuntu packages have been updated to the latest bugfix versions.

Changes

  • We've added resource usage graphs for processes to the monitoring dashboard.
  • We added the longpoll process, which handles live updates to issues, to the ghe-service-list output.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.

  • Enqueued background jobs are sometimes not purged when a repository is deleted.

  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.

  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.

  • Management console sessions can expire too quickly for Safari users.

  • Gist repositories are not garbage collected by the maintenance scheduler.

  • Gist profile pages don't have proper styling when subdomain isolation is disabled.

  • Custom firewall rules aren't maintained during an upgrade.

  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.

  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.

  • Jobs stuck on code indexing can delay other jobs from running.

  • Replication setup fails for IPv6 hosts.

  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.

  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.

  • Gists can't be created when using Safari 8.x in Private Mode.

  • Deleting a user doesn't delete their gists, which can cause problems with replication.

  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.

  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.

  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.

  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.

  • Using uppercase characters in the hostname causes a redirect loop.

  • When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)

  • Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)

  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)

  • Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Thanks!

The GitHub Team

GitHub Enterprise 2.2.5 July 07, 2015 Download

Security Fixes

  • Ubuntu kernel and packages have been updated to the latest security versions.
  • HIGH: Update HAProxy to address CVE-2015-3281, which could allow an attacker to use a specially crafted request to read memory contents that might contain data from a past request or session.
  • MEDIUM: Scopeless access tokens could list private Gists.
  • LOW: Service hooks could log passwords used for HTTP Basic authentication to disk. (updated 2015-07-28)
  • This release and previous releases of GitHub Enterprise are not affected by the OpenSSL Advisory issued 9 July 2015 (CVE-2015-1793)

Bug Fixes

  • Ubuntu kernel and packages have been updated to the latest bugfix versions.
  • A repository could be incorrectly deleted from disk after migration to the new repository layout. If a repository was deleted and no other repositories were created before a reboot, we reused the ID of the deleted repository. This happens because when MySQL starts, the auto increment ID system is inititialized with the last ID in the table. This means the first new repository created would have the same ID as the deleted repository, and the repository cleanup job would incorrectly see the new repository as deleted.
  • The Redis appendonly file could become corrupt when performing a hard reboot of the appliance, which caused Redis to not start.
  • A race condition in the pull request synchronize event could result in incorrect SHAs and timestamps in the webhook payload.
  • Collectd could cause lots of tiny writes to the root volume, which could affect the performance of the appliance.
  • Old webhook delivery logs were deleted inefficiently. We've changed the directory structure so we can delete them more efficiently.
  • Viewing compare pages and pull requests could result in a 500 error due to a race condition.
  • LDAP restricted groups couldn't be removed.
  • The site admin showed Gravatar icons for users' additional email addresses.
  • SNMP couldn't be run on high availability replicas.
  • A high availability replica that's been promoted to primary and then set up as a replica again didn't properly show the replica status page, but showed 'Starting...' instead.
  • Searching Gists could fail after upgrading to GitHub Enterprise 2.2.
  • It was not possible to view user profiles or repositories for users with usernames that started with "raw".
  • Events in the github_audit and haproxy log streams were being logged twice.
  • Setting up high availability replication could fail due to a large entry in one of the MySQL tables.
  • Promoting a high availability replica could fail if Elasticsearch took too long to restart.

Changes

  • We've added a graph for disk utilization to the monitoring dashboard.
  • Direct root SSH access was not possible in the past, but as an additional measure we've also added PermitRootLogin to no within the SSH configuration.
  • We've added support for the C4 and M4 AWS instance types.
  • You are now prompted to confirm that you wish high availability replication to continue when we detect you are attempting to setup replication on an instance that is currently, or has been, an active configured instance. This reduces the chances of accidental replication over an active primary instance.
  • The diagnostics output gathered on high availability replicas now only gathers information relevant to replica instances.
  • NTP is now configured on the high availability replica when replication is setup.
  • Old compressed rotated log files are no longer retained during an upgrade.

Known Issues

  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.

  • Enqueued background jobs are sometimes not purged when a repository is deleted.

  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.

  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.

  • Management console sessions can expire too quickly for Safari users.

  • Gist repositories are not garbage collected by the maintenance scheduler.

  • Gist profile pages don't have proper styling when subdomain isolation is disabled.

  • Custom firewall rules aren't maintained during an upgrade.

  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.

  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.

  • Jobs stuck on code indexing can delay other jobs from running.

  • Replication setup fails for IPv6 hosts.

  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.

  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.

  • The site admin shows errors in the 'repo reflogs' section, which isn't fully implemented on GitHub Enterprise.

  • Gists can't be created when using Safari 8.x in Private Mode.

  • Deleting a user doesn't delete their gists, which can cause problems with replication.

  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.

  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.

  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone.

  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled.

  • Services fail to start properly after upgrading to this release if SSL is disabled. (updated 2015-07-20)

  • Using uppercase characters in the hostname causes a redirect loop. (updated 2015-07-28)

  • When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)

  • Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)

  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)

  • Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

  • The 'repo reflogs' section of the site admin was removed in 2.2.4.

Thanks!

The GitHub Team

GitHub Enterprise 2.2.4 June 16, 2015 Download

Bug Fixes

  • Ubuntu kernel and packages have been updated to the latest bugfix versions.
  • Our Collectd checks for enqueued background jobs could cause elevated CPU usage.
  • On a Team settings page, the contextual rocket link that site administrators see didn't properly link to the site admin for the team.
  • With private mode enabled, a Pages site with no default page served a generic error rather than an informative message.
  • The ghe-resque-info script incorrectly showed all background job queues as empty.
  • In some versions of Internet Explorer 11, creating a repository with a dash in its name crashed the browser. This is a browser bug but we worked around it to avoid the crash.
  • Editing a Gist could cause a 500 error. This is an authentication problem between Gist and GitHub Enterprise, so logging out and back in again should fix the problem.
  • Expensive Git processes could keep running after the parent Ruby process had died.
  • The site admin showed errors in the 'repo reflogs' section, which isn't fully implemented on GitHub Enterprise. We've now removed the section. (updated 2015-07-28)

Known Issues

  • Service hooks may log passwords used for HTTP Basic authentication to disk. (updated 2015-07-28)
  • A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows 'Starting...' instead.
  • Repositories that are in an incomplete state, which is a rare problem, can cause the migration to the new repository disk layout to fail.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • LDAP restricted groups can't be removed.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Management console sessions can expire too quickly for Safari users.
  • Mail delivery to localhost fails. (updated 2015-07-14)
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Custom firewall rules aren't maintained during an upgrade.
  • SNMP can't be run on high availability replicas.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Replication setup fails for IPv6 hosts.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • The site admin shows errors in the 'repo reflogs' section, which isn't fully implemented on GitHub Enterprise.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
  • Using uppercase characters in the hostname causes a redirect loop. (updated 2015-07-28)
  • When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
  • Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
  • Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

  • Failure to deliver mail to localhost was fixed in 2.2.0. (updated 2015-07-14)
  • The 'repo reflogs' section of the site admin was removed in this release.

Thanks!

The GitHub Team

GitHub Enterprise 2.2.3 June 02, 2015 Download

Changes

  • We've added more graphs to the monitoring dashboard.
  • The Linux Out-Of-Memory killer is configured to deprioritize killing MySQL in cases of memory shortage.

Bug Fixes

  • Setting up replication now ensures that the replica passes the preflight checks.
  • Upgrading to GitHub Enterprise 2.2 with a lot of repositories could be slow due to unnecessary permission changes.
  • In some circumstances, after an upgrade we prompted you to upload a license, even though there was already a valid license.
  • Creating diagnostics could time out due to large numbers of webhook delivery logs.
  • The number of diffs for non-text file types displayed in pull requests was often too small. It's been increased from 25 to 100.
  • Management console monitoring graphs were refreshed too often, and the application server could fail to keep up.
  • Checking the high availability Git replication status could throw an error when working out what repositories need to be replicated.
  • Upgrading caused private mode to become enabled.
  • SAML authentication always provided the optional KeyInfo element with no signing certificate in the AuthnRequest response, which caused errors for some identity providers. We don't include the optional KeyInfo element at all now.
  • Events in the github_audit log stream were being logged twice.
  • Empty Git LFS objects caused errors.
  • The Subversion bridge would skip revisions or number them incorrectly.
  • Background jobs running during a backup would never be processed if the backup was restored.
  • Suspended LDAP users were unsuspended if no LDAP restricted groups were configured.
  • We didn't recognize email addresses with trailing whitespace as valid when inviting users, and showed a confusing error message.
  • Enabling Hyper-V Dynamic Memory caused kernel panics.
  • A high availability replica set up multiple times could show an out of sync repository as up to date.
  • The merge button could break when a high availability replica was promoted to primary.
  • Session cookies could become very large and fill the HAProxy buffer when CAS authentication is enabled, causing server errors.
  • PubSubHubbub requests could be slow.
  • Browsing to the HTTP or HTTPS clone URL didn't redirect to the repository, which wasn't consistent with previous versions or GitHub.com.
  • On very busy instances, the worker processes delivering webhooks in the background could fall behind. Now there are more worker processes, if you have provisioned enough memory.
  • On instances with thousands of users, requests to the discover Gists page could time out.
  • The endpoint for marking notifications as read was behind authentication, which caused unneeded traffic and meant that read notifications weren't correctly archived.
  • GitHub Enterprise could become briefly unstable if a Pages site build timed out, for example for very large Pages sites.
  • On busy instances, the GitHub application server's backlog could fill up, causing the web server to time out.
  • Git LFS objects were limited to 1 GB. We've bumped the limit to 2 GB

Security Fixes

  • Ubuntu kernel has been updated to include security fixes.

Known Issues

  • Service hooks may log passwords used for HTTP Basic authentication to disk. (updated 2015-07-28)
  • The site admin shows errors in the "repo reflogs" section, which isn't fully implemented on GitHub Enterprise.
  • Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • Jobs stuck on code indexing can delay other jobs from running.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • Replication setup fails for IPv6 hosts.
  • SNMP can't be run on high availability replicas.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Management console sessions can expire too quickly for Safari users.
  • A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
  • Custom firewall rules aren't maintained during an upgrade.
  • Mail delivery to localhost fails. (updated 2015-07-14)
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
  • With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message.
  • Enqueued background jobs are sometimes not purged when a repository is deleted.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
  • The ghe-resque-info script incorrectly shows all background job queues as empty. (updated 2015-06-16)
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
  • Editing a Gist can cause a 500 error. This is an authentication problem between Gist and GitHub Enterprise, so logging out and back in again should fix the problem. (updated 2015-07-15)
  • Using uppercase characters in the hostname causes a redirect loop. (updated 2015-07-28)
  • When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
  • Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
  • Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

  • Failure to deliver mail to localhost was fixed in 2.2.0. (updated 2015-07-14)

Thanks!

The GitHub Team

GitHub Enterprise 2.2.2 May 19, 2015 Download

Bug Fixes

  • Ubuntu packages have been updated to the latest bug fix versions.
  • Upgrading to GitHub Enterprise 2.2 with a lot of repositories could take a very long time.
  • Transition to the new repository layout could fail if a repository was missing an owner. We've made the transition more resilient to bad data.
  • With LDAP authentication enabled, users who renamed their accounts and then had their DN changed couldn't log in.
  • Logging of notification deliveries was extremely verbose, which could put I/O pressure on busy instances.
  • Site-wide audit logs didn't appear in the site admin interface.
  • Setting the admin management console password with ghe-set-password failed.
  • When maintenance mode was enabled, we ignored the configured support email address and always showed the default.
  • It was not possible to forward logs over IPv6.
  • We showed the wrong clone URL when displaying a Gist when subdomain isolation was enabled.
  • Elasticsearch wasn't properly tuned based on available memory.
  • Notification, event, and session database entries weren't properly archived, which could cause those tables to grow very large on busy instances.
  • Some valid SSL certificates were incorrectly rejected in the management console.
  • Promoting a high availability replica that had previously been a primary could show out of date pages due to a stale cache.
  • Pushing large repositories over HTTPS could timeout.
  • Some upgrade messages were not shown.
  • Replication status did not show queued repositories.
  • The activity dashboard graph could dip to zero periodically, creating misleading sawtooth patterns.
  • Checking file size limits for Git pushes could be expensive and time consuming.

Changes

  • Unlock repository administrator dialog contained information not relevant to GitHub Enterprise.
  • Elasticsearch, Memcached, MySQL, Redis, Nginx, tcpconns and netlink Collectd plugins are now enabled.
  • More performance statistics are shown in the administrators' toolbar.
  • User sessions are updated less frequently, reducing load on the database.

Security Fixes

Repository storage changes

Changing the repository storage layout has been improved significantly in this release, cutting down the migration time from hours to minutes. If your instance contains more than 20,000 repositories (including gists and wikis) you can now upgrade to 2.2.2.

Please refer to the "Repository storage changes" section of the 2.2.0 release notes for further advice on upgrading.

SAML response requirement changes

We've improved the validation of the SAML responses we receive. A response message must now contain a Recipient set to the Assertion Consumer Service URL, http(s)://[hostname]/saml/consume.

In addition to the Recipient attribute, GitHub Enterprise will now also verify the Destination and Audience attributes, if they are supplied in the response message.

Most SAML implementations already provide this information in their responses.

Known Issues

  • Service hooks may log passwords used for HTTP Basic authentication to disk. (updated 2015-07-28)
  • Organization invitation emails are sent from the configured support email address rather than the no-reply address.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Events in the github_audit log stream are being logged twice.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Mail delivery to localhost fails. (updated 2015-07-14)
  • Replication setup fails for IPv6 hosts.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Promoting a high availability replica can fail if Elasticsearch takes too long to restart.
  • Deleting a user doesn't delete their gists, which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • SNMP can't be run on high availability replicas.
  • Custom firewall rules aren't maintained during an upgrade.
  • A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
  • Management console sessions can expire too quickly for Safari users.
  • Enabling Hyper-V Dynamic Memory causes kernel panics. (updated 2015-05-30)
  • Suspended LDAP users are unsuspended if no LDAP restricted groups are configured. (updated 2015-05-30)
  • We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
  • With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
  • Editing a Gist can cause a 500 error. This is an authentication problem between Gist and GitHub Enterprise, so logging out and back in again should fix the problem. (updated 2015-07-15)
  • Using uppercase characters in the hostname causes a redirect loop. (updated 2015-07-28)
  • When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
  • Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
  • Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

  • Failure to deliver mail to localhost was fixed in 2.2.0. (updated 2015-07-14)

Thanks!

The GitHub Team

GitHub Enterprise 2.2.1 May 05, 2015 Download

Bug Fixes

  • Ubuntu packages have been updated to the latest bugfix versions.
  • Multibyte characters in management console configuration options caused an error when saving settings.
  • SSH public keys with the = character would not allow administrative SSH access to the instance.
  • Upgrading a replica showed harmless syntax errors.

Known Issues

  • Service hooks may log passwords used for HTTP Basic authentication to disk. (updated 2015-07-28)
  • Upgrading to GitHub Enterprise 2.2 with a lot of repositories can take a very long time.
  • We show the wrong clone URL when displaying a Gist when subdomain isolation is disabled.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Mail delivery to localhost fails. (updated 2015-07-14)
  • Deleting a user doesn't delete their gists which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Organization invitation emails are sent from the support email address rather than the noreply email address.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • SNMP can't be run on high availability replicas.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Management console sessions can expire too quickly for Safari users.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Custom firewall rules aren't maintained during an upgrade.
  • A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
  • Replication setup fails for IPv6 hosts.
  • It is not possible to forward logs over IPv6. (updated 2015-05-07)
  • Site-wide audit logs do not appear in the site admin interface. (updated 2015-05-14)
  • Setting the admin SSH password with ghe-set-password fails. (updated 2015-05-19)
  • Enabling Hyper-V Dynamic Memory causes kernel panics. (updated 2015-05-30)
  • Suspended LDAP users are unsuspended if no LDAP restricted groups are configured. (updated 2015-05-30)
  • We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
  • With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
  • Editing a Gist can cause a 500 error. This is an authentication problem between Gist and GitHub Enterprise, so logging out and back in again should fix the problem. (updated 2015-07-15)
  • Using uppercase characters in the hostname causes a redirect loop. (updated 2015-07-28)
  • When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
  • Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
  • Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

  • Failure to deliver mail to localhost was fixed in 2.2.0. (updated 2015-07-14)

Thanks!

The GitHub Team

GitHub Enterprise 2.2.0 April 29, 2015 Download

New Features

With the new features added in GitHub Enterprise 2.2.0, you can:

Changes

  • We recommend a minimum of 16 GB RAM be provisioned for the GitHub Enterprise virtual machine. We now enforce a minimum amount of RAM. (updated 2015-05-04)
  • The way we store repositories has been changed to improve disk usage.
  • The undocumented site/stats API endpoint has been removed.
  • We've moved to using syslog-ng for the system logger, which drops support for RELP. Log forwarding will be disabled if you used RELP prior to upgrading.
  • We didn't add files larger than 384 KB to the search index. We've now bumped this limit to 10 MB.
  • When using LDAP authentication, user account suspension is managed by using restricted group membership. Users will be suspended or unsuspended based on their membership at login. If LDAP Sync is enabled, this process will happen automatically during a synchronization run. (updated 2015-05-21)
  • LDAP Sync shows a team error indicator when an LDAP Group isn't found.
  • New users will be added to their LDAP Sync-enabled teams when they log in for the first time. (updated 2015-05-08)

Bug Fixes

  • Ubuntu packages have been updated to the latest bugfix versions.
  • We didn't give much feedback during an upgrade, so it was hard to know if it was still progressing as expected. We include the current upgrade status on the starting page now.
  • Setting up static networking could fail in some circumstances.
  • LDAP user search in the site admin was limited to 1000 results. This performed poorly when searching some directories, and people are more likely to refine the search than to page through so many results, so it's now limited to 150 results.
  • With SAML authentication configured, signing out and signing in again could redirect you to a page saying you were still signed out.
  • When a new organization was created with LDAP sync enabled, we showed an incorrect hint about importing teams.
  • LDAP users could not be suspended or renamed when LDAP sync was off.
  • The Owners team was not automatically removed from LDAP sync.
  • LDAP sync didn't sync members of a group where the LDAP group name contained a dot (.).
  • Wiki files larger than 500 KB were cut off when they were served, which could result in large images not loading completely.
  • The ghe-btop command line utility incorrectly dropped --help and --usage flags.
  • WOFF 2.0 font files did not have their content-type header set correctly in Pages.
  • The top OAuth applications list in the site admin didn't load.
  • Replication needed to be be set up again after upgrading a high availability replica. We restart replication automatically now.
  • Under some circumstances, application services didn't restart properly. This could happen when restoring a backup to a new instance, which could cause a redirect to the old host if it had a different hostname, or when uploading a new license, which caused the old license to be used on some requests.
  • CoffeeScript in GitHub Pages sites caused build failures.
  • Converting a user to an organization failed with a billing plan error, which shouldn't have been in effect on GitHub Enterprise.
  • Some API endpoints could leak the existence of a private repository.
  • A complex series of actions could cause a user's profile page to load in place of their contributions graph on their profile page; profile page inception.
  • MySQL could recycle unique IDs after rebooting GitHub Enterprise. This could lead to strange behavior if you delete the most recently created repository, reboot, then create a new repository.
  • Removing admin SSH keys with invisible characters via the Management Console failed silently.
  • Git replication could be slow and CPU intense during initial push of large or complex repositories.
  • Events in the github_audit log stream were logged twice.
  • Management Console sessions would timeout when accessing GitHub Enterprise in another tab.
  • Bad SSL certificates could slip by validation.
  • Creating the OpenVPN connection could fail, causing replication set up with ghe-repl-setup to hang.
  • Git clients could display intermittent "fatal: protocol error: bad pack header" messages when garbage collection ran while fetching a pack file that was bigger than a configured memory limit. (updated 2015-05-06)
  • Avatars, release downloads, and image attachments to wikis and issues were not copied correctly by high availability replication. (updated 2015-05-20)
  • Repositories with a leading dot in their name failed to replicate if they were created before replication was set up. (updated 2015-06-16)
  • Mail delivery to localhost failed. (updated 2015-07-14)

Security Fixes

  • Ubuntu packages have been updated to the latest security fix versions.
  • LOW: Disable SSLv2 and SSLv3 in Postfix.

Repository storage changes

This release changes the way GitHub Enterprise stores repositories, which reduces disk usage by sharing Git objects between forks and improves caching performance when reading repository data. This is a major change, and has some implications you need to be aware of.

Changing the repository storage layout can take several hours if your instance contains many repositories. We're working on making this faster so if your instance contains more than 20,000 repositories (including gists and wikis) we do not recommend upgrading to GitHub Enterprise 2.2 until further notice. Everyone should now upgrade to GitHub Enterprise 2.2.2 or later, as the migration process has been made significantly faster.

You can check how many repositories you have using the Admin Stats API. For example, you can SSH into the VM and run the following command, then add together "total_repos", "total_wikis", and "total_gists":

curl -s http://127.0.0.1:1337/api/v3/enterprise/stats/all

Before upgrading

As a precaution, before your upgrade you should take a backup-utils snapshot after putting the instance in maintenance mode. We also recommend taking a disk snapshot of the user data volume.

Upgrading

The upgrade process takes care of moving repository data from the existing storage layout to the new storage layout. If you have a large amount of repository data moving the data can take some time, so we recommend that you test the upgrade on a staging instance first. You can use the test upgrade to make an estimate of how long of a maintenance window you'll need for your production instance.

After upgrading, you may notice a large number of background jobs being processed. Each job is optimizing a repository for the new storage layout, but uses a high nice value, so should have minimal impact on performance. The jobs will be enqueued in the maint_localhost jobs queue, which may have a large backlog, but it's a dedicated queue and won't block other jobs from completing.

Repository backups

For compatibility with the new repository layout, you need to upgrade backup-utils to version 2.2.

The first update taken after you upgrade will be a full backup rather than an incremental backup. This means it will take more disk space and more time to complete. Subsequent backups will be incremental again.

Other implications of the change

Some customers routinely ran Git garbage collection on their repositories. The existing repository layout maps nicely to what you can see in the user interface, so you could easily find a repository on disk at /data/repositories/[owner]/[repository].git. This is no longer the case with the new repository layout, but it does let us be smarter about running garbage collection, so running it manually shouldn't be necessary.

So that they could be restored if necessary, deleted repositories were previously moved to the /data/repositories/__purgatory__ directory. This special area for archived repositories is no longer needed or used. Repositories are kept in their normal location until purged three months after being archived.

Please contact Enterprise Support if you have any questions about this change.

Snapshot and rollback recommendations

Due to the invasive changes in the repository disk layout in GitHub Enterprise 2.2, we strongly recommend reading the upgrade guide prior to upgrading your virtual machine. This provides information about using snapshots and rolling back to a pre-upgrade state in the event an upgrade fails or is interrupted.

Upcoming deprecation of authentication using GitHub OAuth

User authentication via GitHub OAuth is being deprecated and will be removed in a future feature release. It will be removed no sooner than November 2015.

GitHub Enterprise includes support for authenticating users via OAuth to accounts on GitHub.com because it provides a simple way to set up external authentication. However, after speaking with many customers, we've found that organizations commonly have other sources they want to use to automate identity and access management.

We want to focus on features that best meet the needs of our users, so we're planning to remove support for GitHub OAuth in a future feature release and focus on making ongoing improvements to other authentication methods like SAML and LDAP.

Note that this change will only affect user authentication via GitHub.com and not personal access tokens or OAuth applications added to your GitHub Enterprise instance.

Known Issues

  • Service hooks may log passwords used for HTTP Basic authentication to disk. (updated 2015-07-28)
  • The management console incorrectly strips the = character from new and current administrative SSH keys when adding or removing keys. This will cause administrative SSH access to the instance to fail for those keys.
  • Upgrading to GitHub Enterprise 2.2 with a lot of repositories can take a very long time.
  • We show the wrong clone URL when displaying a Gist when subdomain isolation is disabled.
  • Gist repositories are not garbage collected by the maintenance scheduler.
  • Mail delivery to localhost fails. (updated 2015-07-14)
  • Deleting a user doesn't delete their gists which can cause problems with replication.
  • In our instructions to merge a pull request on the command line, we show the steps to merge using the Git protocol even when private mode is on. Private mode forces authentication but the Git protocol is unauthenticated so the steps will always fail. We also don't show the steps to merge using SSH.
  • We incorrectly redirect to the dashboard if you access GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
  • Organization invitation emails are sent from the support email address rather than the noreply email address.
  • The management console settings interface doesn't clearly show if you have previously uploaded certificate files or a private key.
  • Jobs stuck on code indexing can delay other jobs from running.
  • Dashboard activity feed links point to wrong hostname after restoring from backup if the hostname has changed.
  • In some circumstances, after an upgrade we prompt you to upload a license, even though there's already a valid license.
  • On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
  • Gists can't be created when using Safari 8.x in Private Mode.
  • SNMP can't be run on high availability replicas.
  • Gist profile pages don't have proper styling when subdomain isolation is disabled.
  • Management console sessions can expire too quickly for Safari users.
  • We can fail to properly create the key for the secure connection between a high availability replica and the primary, which causes replication setup to fail.
  • Custom firewall rules aren't maintained during an upgrade.
  • A high availability replica that's been promoted to primary and then set up as a replica again doesn't properly show the replica status page, but shows "Starting..." instead.
  • Replication setup fails for IPv6 hosts.
  • It is not possible to forward logs over IPv6. (updated 2015-05-07)
  • Site-wide audit logs do not appear in the site admin interface. (updated 2015-05-14)
  • Setting the admin SSH password with ghe-set-password fails. (updated 2015-05-19)
  • Enabling Hyper-V Dynamic Memory causes kernel panics. (updated 2015-05-30)
  • Suspended LDAP users are unsuspended if no LDAP restricted groups are configured. (updated 2015-05-30)
  • We show your gravatar or identicon on Gists instead of your custom profile picture. (updated 2015-06-15)
  • We display the time in the scheduled maintenance banner in UTC instead of the viewer's timezone. (updated 2015-06-18)
  • Users with LDAP DNs longer than 255 characters are suspended if LDAP Sync is enabled. (updated 2015-06-19)
  • Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes. (updated 2015-07-14)
  • With private mode enabled, a Pages site with no default page serves a generic error rather than an informative message. (updated 2015-07-14)
  • Editing a Gist can cause a 500 error. This is an authentication problem between Gist and GitHub Enterprise, so logging out and back in again should fix the problem. (updated 2015-07-15)
  • Using uppercase characters in the hostname causes a redirect loop. (updated 2015-07-28)
  • When a fork is detached from its repository network by an administrator or by changing visibility, its filesystem path won't be updated on a high availability replica until at least one commit has been pushed. (updated 2015-08-13)
  • Updates to Wiki pages by users without a primary email address set throw errors. (updated 2015-08-25)
  • Viewing raw files in repositories owned by a user or organization named "github" fails with a 400 error. (updated 2015-12-15)
  • Trying to add a file to a repository with Subversion 1.9 clients incorrectly detects the file already exists and fails. (updated 2016-01-14)

Errata

  • Failure to deliver mail to localhost was fixed in 2.2.0. (updated 2015-07-14)

Thanks!

The GitHub Team