Release notes for the 2.8 series

Upcoming deprecation of GitHub Enterprise 2.8

GitHub Enterprise 2.8 will be deprecated as of November 9, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Security Fixes

• LOW: The TLS cipher list did not include ciphers that offer forward secrecy for legacy browsers.
• Packages have been updated to the latest security versions.

Bug Fixes

• ghe-repl-status-pages showed a critical status if run while a sync is in progress.
• The Management Console password could not be reset using ghe-set-password when the appliance is in recovery mode.
• ghe-diagnostics could output Connection refused line items when Redis, Memcached, or Elasticsearch services aren't running.
• Background job errors could cause Redis to consume large amounts of memory.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

GitHub Enterprise includes protection from vulnerable, weak SSH keys (CVE-2017-15361)

In response to CVE-2017-15361, certain SSH authentication RSA keys that were generated by some Yubikey 4 devices are vulnerable to private key factorization. Such keys are considered cryptographically weak and therefore in need of replacement. To help users avoid vulnerable keys, GitHub Enterprise has added capabilities to detect and reject them from being configured for user authentication. GitHub Enterprise now includes an administration utility, ghe-ssh-weak-fingerprints, to enable admins to list any affected keys and, optionally, perform a bulk revocation.

The affected supported versions are:

• 2.8.0 - 2.8.21
• 2.9.0 - 2.9.13
• 2.10.0 - 2.10.8
• 2.11.0 - 2.11.2

This vulnerability was found and reported internally and we have no evidence that it has been exploited in the wild.
We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.8.22, 2.9.14, 2.10.9, or 2.11.3.

Please contact GitHub Enterprise Support if you have questions.

Upcoming deprecation of GitHub Enterprise 2.8

GitHub Enterprise 2.8 will be deprecated as of November 9, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• On Firefox browsers, the first page of some PDF files was blank when rendered.
• Checking high availability replication status could incorrectly report "CRITICAL: git-hooks replication is behind the primary by 3600s".

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• Memory budgets computed for services were under-allocated leading to severe performance issues.

Fixes from 2.8.20 that was withdrawn due to a memory budget computation bug

• Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
• Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
• Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Downloads Have Been Disabled

This release has been withdrawn and is no longer available. Please upgrade to a newer version or contact support for assistance.

If you have already upgraded your appliance to GitHub Enterprise 2.8.20, please contact support for assistance.

Notice

• The 2.8.20 patch release has been withdrawn due to the introduction of a major bug which caused memory budgets for services to be under-allocated. If you have already upgraded your appliance to GitHub Enterprise 2.8.20, please contact support for assistance. (updated 2017-09-21)

Security Fixes

• Packages have been updated to the latest security versions.
• LOW: A PDF with looping xref tables caused the PDF renderer to consume high amounts of CPU or hang a user's browser.

Bug Fixes

• Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
• Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
• Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security Fixes

• MEDIUM: GitHub Services webhooks could be configured to use non-HTTP protocols.
• Packages have been updated to the latest security versions.

Bug Fixes

• The admin:pre_receive_hook scope wasn't displayed when authorizing an Oauth application requesting this particular scope.
• Cloning or pushing repositories with Git LFS assets could fail with a '500 Internal Server Error'.
• The Alambic service, which serves avatars, release downloads, and image attachments, could crash and not recover.
• Visiting a user's profile page whilst signed out failed with a '500 Internal Server Error'.
• Memcached could fail to start if another process claimed its port first.

Changes

• SSH keys added to a user via LDAP sync are automatically verified.

Upcoming deprecation of GitHub Enterprise 2.8

GitHub Enterprise 2.8 will be deprecated as of November 9, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• ghe-update-check --help would fail if ghe-update-check was already running.
• Ordered lists rendered incorrectly in custom messages on the sign in page.
• When two-factor authentication is required, LDAP team synchronization could fail if a member hasn't configured 2FA for their account.

Changes

• The verbosity of logging for the longpoll service, which provides live updates to Issues and Pull Requests pages, has been lowered.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.
• CRITICAL: Pages and Git have been updated to handle maliciously constructed ssh:// URLs during submodule cloning. This mitigates the vulnerability detailed in CVE-2017-100117 which could have allowed an authenticated attacker to run arbitrary commands on a GitHub Enterprise environment through Pages builds. (updated 2017-08-10)

Bug Fixes

• Pre-receive hooks with spaces in their paths failed to run.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to their latest security versions.
• LOW: OAuth application access tokens and personal access tokens weren't sanitized from support bundles.

Bug Fixes

• The authentication graphs in the management console could be inaccurate and not display a legend due to incorrectly grouped and ordered keys.
• collectd metric paths could be truncated, which caused multiple write attempts to the same file for different metrics.
• Password reset emails incorrectly displayed reset links were valid for 24 hours when they are only valid for three hours.
• Pre-receive hooks were incorrectly triggered on internal reference updates.
• Fetches or pushes that transferred more than 2 GB of data were incorrectly recorded as much larger in the logs for the Git proxy service, babeld.
• Users could receive a temporary "bad pack header" error when fetching a very large repository if the repository was being repacked at the same time.

Changes

• The ghe-support-bundle command now honors the http_proxy environment variable.
• The value of the X-Forwarded-For header will now be recorded in the HAproxy log.
• The maximum number of HTTPS and websocket connections has been increased.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• Creating a support bundle fails with a “File exists” error if HAproxy logs have been rotated. (updated 2017-07-24)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to their latest security versions.
• LOW: Tokens were contained in support bundles when they were used in GET requests as a URL parameter.

Bug Fixes

• On a 404 page with an appliance configured to use public mode and SAML, the "Sign in" button was illegible.
• contributions_backfill background jobs were enqueued on every additional push to a repository, even if it contained no commits from users of the appliance.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• After the parent repository has been deleted, the Git LFS objects from the forks were inaccessible.
• Adding a user as a collaborator via the API incorrectly sent an invitation without adding the user.
• Deleting a repository containing files in LFS could cause the 'File storage' within the Site Admin to show a temporary 500 error.
• The hypervisor console welcome screen may have incorrectly displayed sed: couldn't flush stdout: Broken pipe.
• Graphs in the Management Console displayed the sum instead of an average value. As a result, graphs had incorrectly displayed an increasing metric over time.
• Pre-receive hooks may have failed with mount: can't find ... error messages.
• ghe-upgrade.log contained harmless /proc/... No such file or directory messages.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Note about Git LFS v2.1.1

A CRITICAL security fix for the Git LFS client was released on 19 May. The remote code execution vulnerability can be exploited if:

• a repository contains a .lfsconfig with:

    ...
      url = ssh://-oProxyCommand=command
    ...
  

• a user clones the malicious repository with a vulnerable Git LFS client

This vulnerability exists in the Git LFS client and not GitHub Enterprise. However, we strongly encourage all users of GitHub Enterprise to upgrade their Git LFS client to v2.1.1 (or greater) from https://git-lfs.github.com/.

Please contact GitHub Enterprise Support if you have any questions.

Note: GitHub Enterprise supports broadcasting messages directly on the application with ghe-announce and Creating a custom sign in message.

Security Fixes

• This release and previous releases of GitHub Enterprise are not affected by the Git shell vulnerability announced 10 May 2017 (CVE-2017-8386).
• Packages have been updated to the latest security versions.

Bug Fixes

• When LDAP Sync is enabled, only organization owners could search the LDAP directory for groups when creating a new team.
• Deleting a repository containing files in LFS could cause the 'File storage' within the Site Admin to show a temporary 500 error.
• In a clustering environment, ghe-cluster-status would use the configured proxy when querying each node.
• In a clustering environment, restoring a backup to a cluster not meeting the minimum recommended number of pages-server and storage-server nodes would fail.
• Pagination of a webhook's 'Recent Deliveries' was not enabled, limiting access to the last ten deliveries.
• In clustering and high availability environments, the disk usage percentage and tooltip in the admin bar were incorrect.

Changes

• The GitHub Enterprise version is shown on the hypervisor welcome console.
• The SAML authentication logs no longer contain debug information by default. Debugging information can be enabled in the Admin Center.
• In a clustering environment, a failure to retrieve a support bundle from a node is reported as an error. It was reported as a warning.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security Fixes

• MEDIUM: When using 2FA, the recovery codes could be brute forced on browsers that do not implement the X-Content-Type-Options HTTP header correctly.
• Packages have been updated to the latest security versions.

Bug Fixes

• Service hooks were blocked from accessing the API endpoint of the local instance.
• Processes could be leaked if Collectd exited unexpectedly.
• Custom sysctl settings were not taking effect when saving the settings.

Changes

• Support bundles are now built and stored in /data/user/tmp to preserve free space on the root filesystem.

Deprecation of GitHub Enterprise 2.6

GitHub Enterprise 2.6 is now deprecated as of April 26, 2017. That means that no patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security Fixes

• MEDIUM: Local privileged MySQL credentials and Alambic HMAC/API keys were exposed in log files included in the support bundle.
• None of the currently supported releases of GitHub Enterprise are affected by the Linux kernel UDP remote code execution vulnerability issued 4 April 2017 (CVE-2016-10229).
• Packages have been updated to the latest security versions.

Bug Fixes

• An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggered a firewall rule that caused an internal server error on several pages, including the author's profile page.
• Collectd statistics were collected for the temporary pre-receive hook environment mount points.
• Users could be added to a team if they don't satisfy the Organization's 2FA requirements.
• Very large release or Git LFS assets failed to replicate due to a timeout in a high availability environment.
• In a clustering environment, several services failed to start following a reboot.
• In a clustering environment, configuring multiple nodes in parallel could lead to nodes overwriting each other's MySQL seed data.

Changes

• The jq utility has been added to the default pre-receive hook environment.
• More colors are used in the monitoring graphs in a high availability environment, making them more legible.
• Backups of cluster environments with a large number of archived repositories has been optimized for improved performance.

Upcoming deprecation of GitHub Enterprise 2.6

GitHub Enterprise 2.6 will be deprecated as of April 26, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security Fixes

• HIGH: Improper sanitization of user markup content, while not allowing full XSS, could have been abused to leak sensitive data or perform actions as the user viewing the content.
• LOW: Detect and reject any Git content that shows evidence of being part of a SHA-1 collision attack.
• Packages have been updated to the latest security versions.

Bug Fixes

• The webhook delivery log was missing timing metrics.
• The /trending page could incorrectly display a Sign up for free button.
• The total number of organizations was incorrect because the count included trusted OAuth applications.
• ghe-check-disk-usage incorrectly defaulted to a --verbose run.
• When migrating from GitHub.com or another GitHub Enterprise appliance, an @ could cause comments to be truncated.
• Administrators couldn't restore deleted LFS objects.
• Pull request review comment webhooks could fail to send.
• When a SAML user whose normalized username matches an organization's name tried to authenticate, the organization's attributes such as profile email could be incorrecty altered.
• A configuration run could revert an SSL certificate to an automatically generated self-signed certificate.
• Graphs in the Management Console monitoring page were incorrectly sorted.

Upcoming deprecation of GitHub Enterprise 2.6

GitHub Enterprise 2.6 will be deprecated as of April 26, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not. (updated 2017-03-30)
• An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-04-05)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security Fixes

• LOW: New, invited users received their initial passwords in clear text via e-mail. A password reset link, valid for 24 hours, is sent to the user instead.
• Packages have been updated to the latest security versions.

Bug Fixes

• The secondary NTP server was not allowed to be blank.
• A search index that was not marked as the primary index, for example when a new index was being built after an upgrade, could be incorrectly deleted.
• OAuth application authorization failed when the path contained more than one query parameter.
• The initial import of the VMware OVA image would fail when deployed via vCenter Server 6.0 or 6.5.

Changes

• A clustering environment requires at least 2 metrics-servers.

Deprecation of GitHub Enterprise 2.5

GitHub Enterprise 2.5 is now deprecated as of March 14, 2017. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Upcoming deprecation of GitHub Enterprise 2.6

GitHub Enterprise 2.6 will be deprecated as of April 26, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Graphs in the Management Console monitoring page are incorrectly sorted.
• An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security Fixes

• LOW: An internal upload policies API disclosed which users had push access to a repository.
• LOW: An internal administrative API was vulnerable to cross-site request forgery (CSRF).
• Packages have been updated to the latest security versions.

Bug Fixes

• Attempting to convert a user to an organization failed with an internal server error.
• Git LFS objects could take up to an hour to replicate in a High Availability configuration.
• In a clustering environment, reindexing failed when a pull request routes to an offline repository.
• svn checkout could incorrectly fail with a 429 HTTP error code.
• Copy to clipboard buttons failed for Internet Explorer 11 users.
• Pre-receive hooks failed to output UTF-8 characters.
• Migrations failed to preserve a label with a / character.
• A previously configured replica appliance excessively logged errors during High Availability initialization.
• Pre-receive hooks could fail with Device or resource busy.
• LDAP synchronization incorrectly removed users after a server-side LDAP timeout.
• An Encoding::Compatibility error occurred when viewing a webhook from /stafftools.
• The Management Console Add new SSH key field incorrectly allowed an SSH fingerprint instead of the contents of the key.
• A former primary appliance failed to create or update pre-receive hook environments.
• In a clustering environment, services were incorrectly started after reboot.
• Pre-receive hooks checking internal or temporary Git references failed.
• In a clustering environment, releases, uploads, avatars, and LFS files could fail to be accessible after a storage-server is removed.
• In a clustering environment, storage-server repair jobs took a long time when a new storage-server is added.
• In a clustering environment, the enterprise-manage and resolvconf service were incorrectly stopped after ghe-cluster-config-apply.
• An updated SAML Verification certificate did not take effect until the github-unicorn service was restarted.

Changes

• The Reactivate suspended users configuration has changed to reflect the current configured state.
• The <Destination> element is no longer optional in the SAML response.

Deprecation of GitHub Enterprise 2.4

GitHub Enterprise 2.4 is now deprecated as of February 9, 2017. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Upcoming deprecation of GitHub Enterprise 2.5

GitHub Enterprise 2.5 will be deprecated as of March 14, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Graphs in the Management Console monitoring page are incorrectly sorted.
• The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host.
• An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

SAML authentication bypass with XML signature wrapping in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker to bypass SAML authentication. The vulnerability is applicable if the attacker has access to a validly signed SAML assertion or response against the configured Verification certificate. When applicable, an attacker can sign in as any user, including administrators.

The affected supported versions are:

• 2.8.0 - 2.8.6
• 2.7.0 - 2.7.10
• 2.6.0 - 2.6.15
• 2.5.0 - 2.5.20
• 2.4.0 - 2.4.22

Note: This is a different vulnerability than the one addressed in GitHub Enterprise 2.8.6, 2.7.10, 2.6.15, and 2.5.20.

Remote code execution with server side request forgery in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker to execute arbitrary commands on the GitHub Enterprise appliance. The vulnerability is applicable if the attacker has access to configure a repository's Webhooks - owner or admin privileges to a repository.

The affected supported versions are:

• 2.8.0 - 2.8.6
• 2.7.0 - 2.7.10
• 2.6.0 - 2.6.15
• 2.5.0 - 2.5.20
• 2.4.0 - 2.4.22

Remote code execution in GitHub Enterprise Management Console

A CRITICAL issue was identified that allows an attacker to execute arbitrary commands on the GitHub Enterprise appliance. This vulnerability exists in the Management Console which is accessible from port 8080 and 8443. This is only applicable to GitHub Enterprise 2.8.0 - 2.8.6.

Next steps

We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.8.7, 2.7.11, 2.6.16, 2.5.21, or 2.4.23.

Additionally, if SAML authentication is configured in your appliance, all existing SAML user sessions should be destroyed:

1. Put your GitHub Enterprise environment in Maintenance Mode.

2. SSH to your primary GitHub Enterprise appliance.

3. Destroy the existing SAML sessions.

   $ echo SAML::Session.destroy_all | ghe-console -y
   

4. Upgrade to the latest patch release in your series, GitHub Enterprise 2.8.7, 2.7.11, 2.6.16, 2.5.21, or 2.4.23.

If possible, we also recommend restricting Management Console access to your site administrators.

These vulnerabilities were reported through the GitHub Security Bug Bounty program and we have no evidence that they have been exploited in the wild. To learn more about the Bug Bounty program for GitHub Enterprise, visit https://bounty.github.com/targets/github-enterprise.html and our recent blog post about the inclusion of GitHub Enterprise, Bug Bounty anniversary promotion: bigger bounties in January and February.

Please contact GitHub Enterprise Support if you have any questions.

Security Fixes

• CRITICAL: An attacker could bypass SAML authentication via XML signature wrapping and log in as any other user.
• CRITICAL: There was a remote code execution vulnerability via server side request forgery.
• CRITICAL: There was a remote code execution vulnerability through the Management Console.
• HIGH: With built-in authentication, suspended users could log in.
• Packages have been updated to the latest security versions.

Bug Fixes

• For Internet Explorer 11 users, the Write and Preview tabs in the comment window were switched.
• In a clustering environment, services would not automatically start after reboot.
• In a clustering environment, ghe-migrator failed to import when running on node with the git-server role.
• The /stafftools notification could incorrectly link to a deleted user's page.
• The OAuth application logo was incorrectly displayed when private mode was enabled.
• Collaborators with access via the default organization permissions were not listed in /repos/:owner/:repo/collaborators.
• LDAP Sync Totals graph was incorrectly counting runs instead of users and teams synced.
• @mentions would not work for single character organization or team names.

Upcoming deprecation of GitHub Enterprise 2.5

GitHub Enterprise 2.5 will be deprecated as of March 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Attempting to convert a user to an organization fails with an internal server error.
• Graphs in the Management Console monitoring page are incorrectly sorted.
• The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
• Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
• An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

SAML authentication bypass in GitHub Enterprise

A CRITICAL issue was identified that allows an attacker to bypass SAML authentication by creating a fake response. This could allow the attacker to sign in as any user, including administrators.

The affected supported versions are:

• 2.8.0 - 2.8.5
• 2.7.0 - 2.7.9
• 2.6.0 - 2.6.14
• 2.5.0 - 2.5.19

If you are using SAML as your authentication method, we strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.8.6, 2.7.10, 2.6.15, or 2.5.20.

Additionally, all existing user sessions should be destroyed:

1. Put your GitHub Enterprise environment in Maintenance Mode.

2. SSH to your primary GitHub Enterprise appliance.

3. Destroy the existing SAML sessions.

   $ echo SAML::Session.destroy_all | ghe-console -y
   

4. Upgrade to the latest patch release in your series, GitHub Enterprise 2.8.6, 2.7.10, 2.6.15, or 2.5.20.

This vulnerability was reported through the GitHub Security Bug Bounty program and we have no evidence that it has been exploited in the wild.

Please contact GitHub Enterprise Support if you have any questions.

Security Fixes

• CRITICAL: An attacker could bypass SAML authentication and log in as any other user.
• Packages have been updated to the latest security versions.

Bug Fixes

• Files uploaded to a repository through the web interface were saved in the wrong location if the target directory contained multi-byte characters.
• For teams synchronized to the same LDAP group, group members were inefficiently cached, leading to slower Team Synchronization job runs.
• When configured with more than one group, there was an extra comma in the list of restricted LDAP groups in the site admin user search page.
• The babeld, codeload, and ruby processes could crash.

Changes

• We now only save a single core file per process, so multiple crashes of the same process use less disk space.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Attempting to convert a user to an organization fails with an internal server error.
• Graphs in the Management Console monitoring page are incorrectly sorted. (updated 2017-01-18)
• The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
• Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security Fixes

• HIGH: Fix SQL injection in pre-receive hook APIs.
• Packages have been updated to the latest security versions.

Bug Fixes

• Downloading a support bundle through the Management Console failed if a support bundle was created since the last reboot.
• Japanese characters in PDF files were not rendered.
• Pre-receive hooks were blocked and not timeout properly.
• Alambic crashed resizing user avatars.
• Pending review comments were not included in the count on the pull request index page.

Changes

• ghe-migrator now scrubs access tokens from the logs.
• Added cron job to compress core files.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Attempting to convert a user to an organization fails with an internal server error.
• Graphs in the Management Console monitoring page are incorrectly sorted. (updated 2017-01-18)
• The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
• Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• Submodules with names ending in a digit weren't correctly linked in repository directory listings.
• User profile pages loaded slowly when the user was a member of many organizations. We now limit the number of organization avatars displayed to the first 25 with the most members.
• The sign up button was displayed on Gist pages for unauthenticated users when running GitHub Enterprise in public mode with sign ups disabled.
• Access to a repository granted to teams during a transfer to an organization didn't take effect.
• Viewing the site admin page for Projects with names that included non-ASCII characters failed with a 500 server error.
• The initial boot of an instance could hang on networks not using DHCP.
• Upgrading an instance could fail due to stale temporary files.
• Upgrading an instance without any Gists could fail.
• Maintenance mode was not enabled when scheduling in advance.
• A race condition could cause saving settings in the Management Console to fail with internal server error.

Changes

• GitHub Enterprise is now available in the EU West (London) and Canada (Central) AWS regions.
• The network information displayed on the hypervisor console clearly highlights the unset network settings.
• Admin Center can be used to configure automatic reactivation of suspended users when they successfully sign in.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Attempting to convert a user to an organization fails with an internal server error.
• The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
• Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• The background job to sync assets to the high availability replica appliance could fail.
• Pushing an update could cause the babeld service to segment fault under certain circumstances.
• The PullRequestReviewEvent webhook events were not triggered.
• The deletion of branches and tags rejected by a pre-receive hook would have failed with the error "Something went wrong with the request. Please try again."
• Organization and repository e-mails incorrectly contained links to https://github.com.
• Pushes to a promoted high availability replica failed.
• Attempts were prematurely made to gather redis performance statistics. This resulted in excessive logging to the collectd log files.
• The QR code used to configure two-factor authentication failed to generate on appliances with long hostnames and usernames.
• Appliance settings saved using the /setup/api/settings API endpoint failed to apply when applying at the same time as uploading the license for the first time.

Changes

• Elasticsearch logs are now forwarded when log forwarding is enabled.
• GitHub Enterprise 2.5 - 2.7 inadvertently ignored the SSH username for git operations with the SSH protocol. In GitHub Enterprise 2.8, the remote URL for SSH only works for the git user. (updated 2016-12-12)

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Attempting to convert a user to an organization fails with an internal server error.
• The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
• Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• Unable to view webhook delivery logs when the delivery GUID collided.
• 404 Not Found page incorrectly referred to status.github.com.
• LDAP authentication failures were missing from audit.log.
• The upload-pack events were missing from audit.log.
• Users were unable to update their primary e-mail address after their password was reset.
• An internal server error occurred in the Management Console when a corrupt license was uploaded.
• In a clustering environment, ghe-cluster-config-apply could restart services when the application configuration has not changed.
• Merge button was disabled for protected branches when memcached was stopped.
• Unable to set the site_admin scope for personal access tokens.
• Disallow administrators from renaming system accounts.
• Users were unable to update their primary e-mail address after migrating data with ghe-migrator.
• LFS push failed with a 0-byte file.
• Management Console was not redirecting to the previously navigated page after authentication.

Changes

• The two-factor authentication organization affiliation was added to users' /stafftools page.
• GitHub Enterprise 2.5 - 2.7 inadvertently ignored the SSH username for git operations with the SSH protocol. In GitHub Enterprise 2.8, the remote URL for SSH only works for the git user. (updated 2016-12-12)

Backups and Disaster Recovery

• GitHub Enterprise 2.8.2 requires backup-utils-2.8.2 or greater.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Attempting to convert a user to an organization fails with an internal server error. (updated 2016-11-22)
• WARNING: Pushes to a promoted high availability replica will fail. (updated 2016-11-23)
• The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
• Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Bug Fixes

• Pushing to a branch in a fork that is the head of a pull request closed the pull request.
• Unable to change an organization owned repository's visibility from public to private if the repository had collaborators.
• Upgrading or installing GitHub Enterprise 2.8.0 failed if your license file contained a non-ASCII character.

Changes

• GitHub Enterprise 2.5 - 2.7 inadvertently ignored the SSH username for git operations with the SSH protocol. In GitHub Enterprise 2.8, the remote URL for SSH only works for the git user. (updated 2016-12-12)

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Changes announced to the Projects API during its Early Access period are not included in the 2.8 feature release series. (updated 2016-11-18)
• User.failed_login events aren't recorded in the audit log when using LDAP authentication. (updated 2016-11-18)
• Attempting to convert a user to an organization fails with an internal server error. (updated 2016-11-22)
• WARNING: Pushes to a promoted high availability replica will fail. (updated 2016-11-23)
• The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
• Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team

Features

With the new features added in GitHub Enterprise 2.8.0, you can:

• Prioritize issues and pull requests within a milestone by dragging and dropping them.
• Invite anyone to become a member of your organization by email.
• Use the sidebar to search wikis.
• Edit the base branch after opening a pull request.
• Edit pull requests created from a fork.
• Use your profile to view special events in your GitHub usage history.
• Create a Project to track and prioritize issues, pull requests, and notes to match your workflow.
• Review the proposed changes in a pull request.
• As an organization owner, require two-factor authentication to add a layer of security for your organization members, and outside collaborators.
• Configure a website URL for all support links on the appliance.
• Use the command-line utility to grant site admins organization admin privileges to specific organizations.
• Import a repository from an external source repository.
• Add Jupyter notebook files to a repository and have them render as static HTML files on GitHub Enterprise.
• Set the default repository visibility to private or public for all new repositories on the appliance.
• Select a publishing source for GitHub Pages and host project documentation alongside your code.
• Add a Jekyll theme to your GitHub Pages site to install a different site design.
• Monitor authentication traffic on GitHub Enterprise.
• Reinstate a former member of an organization and restore their settings.
• Add a LICENSE file to your project and have it displayed at the top of the repository page.
• In a clustering environment, the Git Fileserver health dashboard was added to the Site Admin dashboard.

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• Additional white spacing could sometimes be seen above the Admin center header.
• A site administrator could configure SSL with invalid certificates (e.g. invalid issuer, incomplete chain).
• The ghe-update-check utility returned an incorrect message, you must first upgrade to, when it was not necessary.
• Replication failed after replica promotion because the OpenVPN service was not properly managed.
• The memcached would remain stopped after a crash (e.g. via OOM kill).
• A user could be assigned twice to an Issue.
• When creating a file from the web interface, a backspace incorrectly deleted characters from the directory's path.,
• When forking a private repository in an organization, repository owners were unable to configure a user to bypass branch restrictions.
• In a gist, users were unable to select lines starting with a number.
• In a wiki diff, users were unable to expand lines from a wiki diff.
• A punctuation could disappear after prettifying an issue or pull request reference.
• Fixed an incorrect description suggesting Member webhook events did not trigger for non-organization repositories.

Changes

• Reject assets (e.g. avatar, issue attachments) if the file type does not match the extension or Content-Type.
• The ghe-console and ghe-dbconsole utility has been updated with an interactive disclaimer.
• The Management Console, memcached, snmpd, graphite-web services run as an unprivileged user.
• The ghe-config does not require sudo.
• Pull request review comment webhook events were added.
• Adobe Flash is no longer required for clipboard operations.
• The Site Admin interface has been updated.
• Preview the new Projects API.
• Change the base branch using the updated Pull Request API.
• Removed sensitive fields from Organization API for non-owners.
• GitHub Enterprise 2.5 - 2.7 inadvertently ignored the SSH username for git operations with the SSH protocol. In GitHub Enterprise 2.8, the remote URL for SSH only works for the git user. (updated 2016-12-12)

Backups and Disaster Recovery

GitHub Enterprise 2.8 requires at least GitHub Enterprise Backup Utilities 2.8.0 for Backups and Disaster Recovery.

Deprecation of GitHub Enterprise 2.3

GitHub Enterprise 2.3 was deprecated as of November 1, 2016. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Upcoming deprecation of GitHub Enterprise 2.4

GitHub Enterprise 2.4 will be deprecated as of February 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Changes announced to the Projects API during its Early Access period are not included in the 2.8 feature release series. (updated 2016-11-18)
• User.failed_login events aren't recorded in the audit log when using LDAP authentication. (updated 2016-11-18)
• Attempting to convert a user to an organization fails with an internal server error. (updated 2016-11-22)
• WARNING: Upgrading or installing GitHub Enterprise 2.8.0 will fail if your license file contains a non-ASCII character. (updated 2016-11-09)
• WARNING: Pushing to a branch in a fork that is the head of a pull request closes the pull request. (updated 2016-11-10)
• WARNING: Pushes to a promoted high availability replica will fail. (updated 2016-11-23)
• The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host. (updated 2017-02-23)
• Git LFS objects may take up to an hour to replicate in a High Availability configuration. (updated 2017-02-23)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)

Thanks!

The GitHub Team