Release notes for the 2.9 series

Security Fixes

• LOW: Tokens were contained in extended support bundles when they were used in GET requests as a URL parameter.
• Packages were updated to their latest patch versions.

Upcoming deprecation of GitHub Enterprise 2.9

GitHub Enterprise 2.9 will be deprecated as of March 1, 2018. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Bug Fixes

• Failed to upgrade a replica to the same version on a newly partitioned root disk.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• The directory hierarchy was not retained when uploading a directory of files to a repository using drag & drop.
• Git references, such as tags or branch names, with a high number of transitions from letter to numbers and back again, could result in a background worker crashing causing some webhooks not to fire.

Changes

• GitHub Enterprise is now available in the Paris AWS region.
• Support bundles are more efficiently sanitized during generation.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• The hostname documentation link in the Management Console linked to an invalid location.
• Large Git LFS objects and release downloads were temporarily buffered to the root disk. This could lead to disk space contention.
• The create team API endpoint returned a 500 error if LDAP Sync is enabled and the team already exists.
• The hookshot-unicorn service could fail to start if there was a large backlog of webhook jobs.

Changes

• ghe-diagnostics can now upload directly to GitHub using the -u or -t [ticket reference] options.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.

Thanks!

The GitHub Team

Meltdown

This release addresses the Meltdown (CVE-2017-5754) attack. This has been fixed in the 3.16.51-3+deb8u1 release from Debian. Please note that this patch does not address the Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerability. A fix is not available for the Spectre vulnerability yet.

Internally conducted benchmarks indicate the performance impact is limited to a 2-5% increase in CPU usage on most platforms. The impact can vary depending on your usage and platform though. If you see a significant performance difference, don't hesitate to reach out to Enterprise Support.

Note on Hotpatching

The hotpatch contains an upgrade to the kernel and requires a reboot. The Meltdown attack is not fixed until a reboot is performed.

Security Fixes

• HIGH: Kernel is updated to 3.16.51-3+deb8u1 which implements Kernel Page Table Isolation (KPTI) to address Meltdown.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.

Thanks!

The GitHub Team

Meltdown & Spectre

Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to extract data which is currently processed on the same machine. This also can affect GitHub Enterprise.

The risk to GitHub Enterprise depends on the environment that it runs in. There are two main vectors of attack that need to be considered.

Virtualization platform

Given that GitHub Enterprise runs on various virtualization platforms, it's essential to update the virtualization platform where possible to mitigate any of these issues. The existing patches and fixes almost all focus on solving Meltdown. Meltdown is more straightforward to fix and most providers focus on this first.

Spectre is more complicated to exploit and also more complicated to fix. KVM for example is not vulnerable to Meltdown but is vulnerable, with a proof of concept, to Spectre which was tested by Google in the project originally (see https://googleprojectzero.blogspot.nl/2018/01/reading-privileged-memory-with-side.html). Specifically under "Reading host memory from a KVM guest". This Spectre exploit tested against a specific kernel version, but nothing implies it's impossible to adapt for other kernel versions and or other virtualization platforms.

The following Cloud and virtualization platforms have released announcements and/or fixes.

• On AWS we use HVM for virtualization. According to Amazon, HVM is not vulnerable to Meltdown. Also see https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
• Xen VMs using PV virtualization are vulnerable. We recommend switching to HVM virtualization as HVM is not vulnerable to Meltdown. Also see https://xenbits.xen.org/xsa/advisory-254.html under "Mitigation".
• Google Cloud is not vulnerable to Meltdown as VMs there are isolated and cross VM attacks are not possible.
  See their FAQ and the Google Cloud Security Bulletins page.
• Microsoft Azure is updating/rebooting infrastructure where necessary to mitigate potential hypervisor level issues. See https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/.
• VMWare has released patches to address this at the hypervisor level: https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html & https://lists.vmware.com/pipermail/security-announce/2018/000397.html. We strongly encourage customers install those patches.
• Intel has also announced they will be releasing updates for their processors. If the host platform you run GitHub Enterprise on has these patches available in the future, we also strongly recommend installing those.

Inside GitHub Enterprise

The vulnerability can also be exploited if there is code under the control of an attacker running on the same system. GitHub Enterprise has very limited support for custom code in the form of pre-receive hooks. Pre-receive hooks are limited such that administrators are the only ones who can set them up and their runtime execution is limited to 5 seconds. Both these aspects greatly limit the risk of data exposure through pre-receive hooks. As a general rule, administrators should ensure that only known and trusted pre-receive hooks are enabled on their appliance.

GitHub Enterprise is based on Debian Jessie. A fix for Meltdown is not yet available for Debian Jessie, as can be seen in the Debian CVE tracker for Meltdown. The new kernel version will be included in a future release of GitHub Enterprise and can potentially come with a performance regression. Accordingly, we recommend testing that release before putting it into production.

Summary

The primary risk for GitHub Enterprise installations is cross-guest or host <-> guest data leakage on the virtualization platform. This may be mitigated by the support cloud hosting providers, or by the suppliers of virtualization software. There is very limited risk of externally supplied software running within the appliance obtaining data from other processes, mitigated by administrators only enabling pre-receive hooks that are reviewed and trusted.

Security Fixes

• LOW: Pre-receive hooks could access internal cloud platform metadata. The metadata resources have been restricted to the root user.
• Packages have been updated to the latest security versions.

Bug Fixes

• NUMA enabled appliances could crash with a kernel panic. This was a known issue with linux-image-3.16.51-2.
• The pre-receive hook $GITHUB_PULL_REQUEST_AUTHOR_LOGIN environment variable was empty when pull requests were merged via the API.

Changes

• GitHub Enterprise support ticket creation via e-mail (enterprise@github.com) has been disabled. Please contact GitHub Enterprise Support using the Submitting a ticket article.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists.

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• The followers and following count incorrectly considered suspended accounts.
• Pre-receive hook's enforcement could not be updated with the API.
• Updates to a pull request through the API could incorrectly modify manitainer_can_modify to false when the field was not a part of the request.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• NUMA enabled appliances can crash with a kernel panic. This is a known issue with linux-image-3.16.51-2 and the workaround is to add the numa=off parameter to the kernel command line in /boot/grub/grub.cfg. Please contact GitHub Enterprise Support if you have questions. (updated 2017-12-28)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.
• Users could accept an organization invitation incorrectly sent to an unverified email address.

Bug Fixes

• Chrome attempted to automatically fill the SMTP and SNMP password fields with the password for the management console.
• Git repair jobs repeatedly tried to access unavailable objects, causing high CPU usage.

Changes

• To restrict actions on raw content, including preventing popups, preventing the execution of plugins and scripts, and enforcing a same-origin policy, our content security policy (CSP) header for raw URLs now includes the sandbox attribute.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• The audit log migration process could leave old indices in place which would prevent upgrading to 2.11.
• LDAP team sync could cause a noticeable increase in CPU usage when synchronizing large teams.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Security Fixes

• LOW: The TLS cipher list did not include ciphers that offer forward secrecy for legacy browsers.
• Packages have been updated to the latest security versions.

Bug Fixes

• ghe-repl-status-pages showed a critical status if run while a sync is in progress.
• The Management Console password could not be reset using ghe-set-password when the appliance is in recovery mode.
• ghe-diagnostics could output Connection refused line items when Redis, Memcached, or Elasticsearch services aren't running.
• Background job errors could cause Redis to consume large amounts of memory.
• The mobile view of the pull request dashboard displayed "No issues to show" instead of "No pull requests to show".
• The site admin cache indicator always displayed the memcached service as being active.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

GitHub Enterprise includes protection from vulnerable, weak SSH keys (CVE-2017-15361)

In response to CVE-2017-15361, certain SSH authentication RSA keys that were generated by some Yubikey 4 devices are vulnerable to private key factorization. Such keys are considered cryptographically weak and therefore in need of replacement. To help users avoid vulnerable keys, GitHub Enterprise has added capabilities to detect and reject them from being configured for user authentication. GitHub Enterprise now includes an administration utility, ghe-ssh-weak-fingerprints, to enable admins to list any affected keys and, optionally, perform a bulk revocation.

The affected supported versions are:

• 2.8.0 - 2.8.21
• 2.9.0 - 2.9.13
• 2.10.0 - 2.10.8
• 2.11.0 - 2.11.2

This vulnerability was found and reported internally and we have no evidence that it has been exploited in the wild.
We strongly recommend upgrading your GitHub Enterprise appliance to the latest patch release in your series, GitHub Enterprise 2.8.22, 2.9.14, 2.10.9, or 2.11.3.

Please contact GitHub Enterprise Support if you have questions.

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• On Firefox browsers, the first page of some PDF files was blank when rendered.
• Checking high availability replication status could incorrectly report "CRITICAL: git-hooks replication is behind the primary by 3600s".
• Password reset emails included an inaccurate description of when the password reset link would expire.
• The "Clear page cache" link in the site admin modal failed if the current page's URL included query string parameters.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• Memory budgets computed for services were under-allocated leading to severe performance issues.

Fixes from 2.9.12 that was withdrawn due to a memory budget computation bug

• Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
• Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
• Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Downloads Have Been Disabled

This release has been withdrawn and is no longer available. Please upgrade to a newer version or contact support for assistance.

If you have already upgraded your appliance to GitHub Enterprise 2.9.12, please contact support for assistance.

Notice

• The 2.9.12 patch release has been withdrawn due to the introduction of a major bug which caused memory budgets for services to be under-allocated. If you have already upgraded your appliance to GitHub Enterprise 2.9.12, please contact support for assistance. (updated 2017-09-21)

Security Fixes

• Packages have been updated to the latest security versions.
• LOW: A PDF with looping xref tables caused the PDF renderer to consume high amounts of CPU or hang a user's browser.

Bug Fixes

• Elasticsearch could exceed recommended heap size. The memory budget is capped at a maximum of 32 GB.
• Querying the Teams API with an invalid ID failed with a '500 Internal Server Error'.
• Outside collaborators were not added to a repository if mapped to a suspended user during the migration of a repository using ghe-migrator.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded with through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Security Fixes

• MEDIUM: GitHub Services webhooks could be configured to use non-HTTP protocols.
• Packages have been updated to the latest security versions.

Bug Fixes

• Repository read priority was incorrect after promoting a high availability replica and then re-introducing the original primary node as a replica. This can have a significant performance impact.
• Repository read performance could be severely impacted on very large instances under moderate load.
• The admin:pre_receive_hook scope wasn't displayed when authorizing an Oauth application requesting this particular scope.
• Cloning or pushing repositories with Git LFS assets could fail with a '500 Internal Server Error'.

Changes

• SSH keys added to a user via LDAP sync are automatically verified.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Security fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• ghe-update-check --help would fail if ghe-update-check was already running.
• The @-mentions suggester didn't work in IE11.
• Ordered lists rendered incorrectly in custom messages on the sign in page.
• The SAML record dumping and updating utility, ghe-saml-mapping-csv, was not exposed to the admin user.
• When two-factor authentication is required, LDAP team synchronization could fail if a member hasn't configured 2FA for their account.

Changes

• The verbosity of logging for the longpoll service, which provides live updates to Issues and Pull Requests pages, has been lowered.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.
• CRITICAL: Pages and Git have been updated to handle maliciously constructed ssh:// URLs during submodule cloning. This mitigates the vulnerability detailed in CVE-2017-100117 which could have allowed an authenticated attacker to run arbitrary commands on a GitHub Enterprise environment through Pages builds. (updated 2017-08-10)

Bug Fixes

• ghe-repl-stop did not forcibly stop replication when the primary was offline.
• Pre-receive hooks with spaces in their paths failed to run.
• Calling the update-pre-receive-hook-enforcement API could result in an application error.

Changes

• Added command-line tool to help map SAML records; ghe-saml-mapping-csv.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to their latest security versions.
• LOW: OAuth application access tokens and personal access tokens weren't sanitized from support bundles.

Bug Fixes

• The authentication graphs in the management console could be inaccurate and not display a legend due to incorrectly grouped and ordered keys.
• collectd metric paths could be truncated, which caused multiple write attempts to the same file for different metrics.
• Password reset emails incorrectly displayed reset links were valid for 24 hours when they are only valid for three hours.
• Pre-receive hooks were incorrectly triggered on internal reference updates.
• Fetches or pushes that transferred more than 2 GB of data were incorrectly recorded as much larger in the logs for the Git proxy service, babeld.
• Suspended users could be assigned to issues.
• Updates to pre-receive hooks would not work when a replica was promoted to primary.
• Fetches on very large repositories could fail when a repack was running concurrently.
• Webhooks could send outdated data when a comment on an issue was edited or when the base branch of a pull request was changed.
• Milestones and labels could not be applied while creating an issue.

Changes

• When authenticating via SAML the NameID will be recorded instead of the custom username attribute value when a custom username attribute is defined.
• The ghe-support-bundle command now honors the http_proxy environment variable.
• The value of the X-Forwarded-For header will now be recorded in the HAproxy log.
• The maximum number of HTTPS and websocket connections has been increased.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• Creating a support bundle fails with a “File exists” error if HAproxy logs have been rotated. (updated 2017-07-24)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to their latest security versions.
• LOW: Tokens were contained in support bundles when they were used in GET requests as a URL parameter.

Bug Fixes

• On a 404 page with an appliance configured to use public mode and SAML, the "Sign in" button was illegible.
• Webhook edited events could have incorrect body values.
• contributions_backfill background jobs were enqueued on every additional push to a repository, even if it contained no commits from users of the appliance.
• LDAP team sync failed when a duplicate fork was being restored.
• Users in large organizations and teams were unable to filter assignees and reviewers for issues and pull requests.
• Users in large organizations and teams were unable to @-mention users and teams in issue and pull request comments.
• In a clustering environment, collectd statistics weren't reported for the workers that handle RPC calls for Git.
• In a clustering environment, preflight checks failed when running ghe-cluster-config-apply against an unresponsive HTTP proxy.
• In a clustering environment, a new node could silently fail to be added after ghe-cluster-config-init.

Changes

• memcached collectd stats have been added.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• It is not possible to select and apply labels or milestones when creating new issues. (updated 2017-07-04)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• After the parent repository has been deleted, the Git LFS objects from the forks were inaccessible.
• Deleting a repository containing files in LFS could cause the 'File storage' within the Site Admin to show a temporary 500 error.
• Adding a user as a collaborator via the API incorrectly sent an invitation without adding the user.
• After a user or organization renaming, search results incorrectly displayed the previous name.
• The hypervisor console welcome screen may have incorrectly displayed sed: couldn't flush stdout: Broken pipe.
• Repository and Gist synchronization could stall after restarting high availability replication.
• Archived repositories were not restorable from /stafftools.
• The /status endpoint on a high availability replica incorrectly returned 200 OK instead of 503 Service Unavailable.
• Issues and pull requests were inaccessible if a high availability replica was rebooted before it was promoted.
• Graphs in the Management Console displayed the sum instead of an average value. As a result, graphs had incorrectly displayed an increasing metric over time.
• Pre-receive hooks may have failed with mount: can't find ... error messages.
• ghe-upgrade.log contained harmless /proc/... No such file or directory messages.

Changes

• GitHub Flavored Markdown, which is now compliant with CommonMark, is used to render repository markdown (e.g. .md) files. (updated 2017-06-11)

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Note about Git LFS v2.1.1

A CRITICAL security fix for the Git LFS client was released on 19 May. The remote code execution vulnerability can be exploited if:

• a repository contains a .lfsconfig with:

    ...
      url = ssh://-oProxyCommand=command
    ...
  

• a user clones the malicious repository with a vulnerable Git LFS client

This vulnerability exists in the Git LFS client and not GitHub Enterprise. However, we strongly encourage all users of GitHub Enterprise to upgrade their Git LFS client to v2.1.1 (or greater) from https://git-lfs.github.com/.

Please contact GitHub Enterprise Support if you have any questions.

Note: GitHub Enterprise supports broadcasting messages directly on the application with ghe-announce and Creating a custom sign in message.

Security Fixes

• This release and previous releases of GitHub Enterprise are not affected by the Git shell vulnerability announced 10 May 2017 (CVE-2017-8386).
• Packages have been updated to the latest security versions.

Bug Fixes

• Memcached could fail to start if another process claimed its port first.
• A high availability replica could fail to connect to the primary after upgrading.
• When LDAP Sync is enabled, only organization owners could search the LDAP directory for groups when creating a new team.
• With SAML authentication configured, and the IdP set to assert administrator status, the user promotion/demotion button on a user's Site Admin page was shown as disabled but was still clickable and useable.
• In a clustering environment, ghe-cluster-status would use the configured proxy when querying each node.
• In a clustering environment, restoring a backup to a cluster not meeting the minimum recommended number of pages-server and storage-server nodes would fail.
• Pagination of a webhook's 'Recent Deliveries' was not enabled, limiting access to the last ten deliveries.
• High availability replication on 2.9.0-2.9.4 would not synchronize all Git data if the replica node has been offline for more than 90 minutes. Those failed synchronizations may not be reported by ghe-repl-status. We strongly recommend upgrading to 2.9.5 or later before promoting a replica. (updated 2017-05-16)
• A high availability replica could report a warning that alambic replication is behind the primary because deleting objects such as release assets or avatars did not remove their corresponding database entries. (updated 2017-05-25)

Changes

• The GitHub Enterprise version is shown on the hypervisor welcome console.
• The SAML authentication logs no longer contain debug information by default. Debugging information can be enabled in the Admin Center.
• Organizations are sorted alphabetically when selecting repository owner when creating a new repository.
• In a clustering environment, a failure to retrieve a support bundle from a node is reported as an error. It was reported as a warning.
• GitHub Flavored Markdown, which is now compliant with CommonMark, is used to render repository markdown (e.g. .md) files. (updated 2017-06-11)

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• Deleting a repository containing files in LFS can cause the 'File storage' within the Site Admin to show a temporary 500 error.
• Graphs in the Management Console are displaying the sum instead of an average value. As a result, graphs may incorrectly show an increasing metric over time. (updated 2017-05-17)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Security Fixes

• MEDIUM: When using 2FA, the recovery codes could be brute forced on browsers that do not implement the X-Content-Type-Options HTTP header correctly.
• Packages have been updated to the latest security versions.

Bug Fixes

• Service hooks were blocked from accessing the API endpoint of the local instance.
• Processes could be leaked if Collectd exited unexpectedly.
• Job queues could not be paused if the workers serviced multiple queues.
• Site administrators could experience a '500 Internal Server Error' after viewing the history for a file path containing Japanese characters.
• Fetching a list of pull request reviews via the API could fail with '422 Unprocessable Entity' or '500 Internal Server Error' errors.
• Git LFS files were not rendered when private mode is disabled.
• In cluster mode, restoring backups could hang indefinitely.
• Custom sysctl settings were not taking effect when saving the settings.

Changes

• Support bundles are now built and stored in /data/user/tmp to preserve free space on the root filesystem.
• The /status endpoint can be queried over HTTP.
• GitHub Flavored Markdown, which is now compliant with CommonMark, is used to render repository markdown (e.g. .md) files. (updated 2017-06-11)

Deprecation of GitHub Enterprise 2.6

GitHub Enterprise 2.6 is now deprecated as of April 26, 2017. That means that no patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• Graphs in the Management Console are displaying the sum instead of an average value. As a result, graphs may incorrectly show an increasing metric over time. (updated 2017-05-17)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Security Fixes

• MEDIUM: Local privileged MySQL credentials and Alambic HMAC/API keys were exposed in log files included in the support bundle.
• None of the currently supported releases of GitHub Enterprise are affected by the Linux kernel UDP remote code execution vulnerability issued 4 April 2017 (CVE-2016-10229).
• Packages have been updated to the latest security versions.

Bug Fixes

• An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggered a firewall rule that caused an internal server error on several pages, including the author's profile page.
• Collectd statistics were collected for the temporary pre-receive hook environment mount points.
• Users could be added to a team if they don't satisfy the Organization's 2FA requirements.
• Very large release or Git LFS assets failed to replicate due to a timeout in a high availability environment.
• In a clustering environment, several services failed to start following a reboot.
• In a clustering environment, configuring multiple nodes in parallel could lead to nodes overwriting each other's MySQL seed data.
• In clustering and high availability environments, the disk usage percentage and tooltip in the admin bar were incorrect.
• Attempts to authenticate via LDAP, would result in /var/log/github/auth.log log entries with via token repeated many times.
• A suggested branch name of "null" was displayed when using IE11 or Microsoft Edge browsers.
• Users were referred to the GitHub.com status page when a repository was offline.
• Pushes to a repository in a high availability environment could fail with ! [remote rejected] master -> master (missing necessary objects).
• New repositories created whilst a high availability replica was stopped were not created on disk and were marked offline.
• The Management Console did not become accessible after promoting a high availability replica.
• Saving custom messages containing UTF-8 characters in the Admin Center failed with a 500 error.
• HTTP clone URLs which include the username did not cause Git to prompt for credentials when password authentication is disabled.
• During maintenance mode for a high availability environment, the /setup/maintenance page did not list active processes.
• The /status endpoint on a high availability replica incorrectly returned 200 OK instead of 503 Service Unavailable.

Changes

• The jq utility has been added to the default pre-receive hook environment.
• More colors are used in the monitoring graphs in a high availability environment, making them more legible.
• Pinned Organization repositories can now only be modified by Organization owners.
• Backups of cluster environments with a large number of archived repositories has been optimized for improved performance.
• GitHub Flavored Markdown, which is now compliant with CommonMark, is used to render repository markdown (e.g. .md) files. (updated 2017-06-11)

Upcoming deprecation of GitHub Enterprise 2.6

GitHub Enterprise 2.6 will be deprecated as of April 26, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Site administrators can experience a 500 Internal Server Error after viewing the history for a file path containing Japanese characters.
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not.
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Security Fixes

• HIGH: Improper sanitization of user markup content, while not allowing full XSS, could have been abused to leak sensitive data or perform actions as the user viewing the content.
• LOW: A file path traversal vulnerability in the Management Console API could allow authenticated users to download content of local files ending with .txt.
• LOW: Improper sanitization of input allowed splitting of a response header value over multiple lines. No headers could be injected because the actual header name was included on each line.
• LOW: Detect and reject any Git content that shows evidence of being part of a SHA-1 collision attack
• Packages have been updated to the latest security versions.

Bug Fixes

• The webhook delivery log was missing timing metrics.
• The /trending page could incorrectly display a Sign up for free button.
• ghe-check-disk-usage incorrectly defaulted to a --verbose run.
• When migrating from GitHub.com or another GitHub Enterprise appliance, an @ could cause comments to be truncated.
• Status checks on a pull request weren't properly run after using the Update branch button, so the Merge pull request button was inaccessible.
• Processes responsible for Git repository replication could cause a high availability replica appliance to run out of memory and kill a dependent service.
• After an upgrade, the Management Console of a high availability replica appliance could indefinitely show the Starting... page.
• The total number of organizations was incorrect because the count included trusted OAuth applications.
• Exceptions were logged to /var/log/github/exceptions.log when a reaction was added a comment.
• It wasn't possible to give LDAP mapped access to a repository when transferring a repository to an organization.
• Administrators couldn't restore deleted LFS objects.
• When a SAML user whose normalized username matches an organization's name tried to authenticate, the organization's attributes such as profile email could be incorrecty altered.
• The org_repos count in /enterprise/stats incorrectly counted private user-owned forks.
• It was possible to queue more jobs to repair a search index through the site admin than could be processed in a reasonable time, causing low priority jobs to become backlogged.
• A configuration run could revert an SSL certificate to an automatically generated self-signed certificate.
• Graphs in the Management Console monitoring page were incorrectly sorted.

Changes

• Site admin reports are now accessible with a site_admin scoped OAuth token.
• GitHub Flavored Markdown, which is now compliant with CommonMark, is used to render repository markdown (e.g. .md) files. (updated 2017-06-11)

Upcoming deprecation of GitHub Enterprise 2.6

GitHub Enterprise 2.6 will be deprecated as of April 26, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• The /status endpoint on a high availability replica incorrectly returns 200 OK instead of 503 Service Unavailable.
• Site administrators can experience a 500 Internal Server Error after viewing the history for a file path containing Japanese characters. (updated 2017-03-30)
• Deleting a search index doesn't delete all associated metadata, which are then incorrectly reused if a new search index is created. This causes search index repair jobs to be reported as finished in the site admin when they were not. (updated 2017-03-30)
• During maintenance mode for a high availability environment, the /setup/maintenance does not list active processes. (updated 2017-03-30)
• An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Security Fixes

• LOW: New, invited users received their initial passwords in clear text via e-mail. A password reset link, valid for 24 hours, is sent to the user instead.
• Packages have been updated to the latest security versions.

Bug Fixes

• Incorrect support bundle and diagnostics instructions were displayed for high availability environments.
• The secondary NTP server was not allowed to be blank.
• A search index that was not marked as the primary index, for example when a new index was being built after an upgrade, could be incorrectly deleted.
• OAuth application authorization failed when the path contained more than one query parameter.
• The initial import of the VMware OVA image would fail when deployed via vCenter Server 6.0 or 6.5.
• Starting high availability replication would fail if the appliance was previously configured as a replica.
• Git replication maintenance jobs failed to complete if there were unhealthy repositories prior to upgrading to 2.9.
• An unused locations search index was incorrectly listed in the site admin indexing page.
• Site administrators may have experienced 500 Internal Server Error if the license was approaching expiration or was close to the seat limit.
• Accessing a GitHub Pages site would cause 500 Internal Server Error.
• It was not possible to enable or disable maintenance mode through the Management Console.
• Issues or pull requests with renamed labels were not properly indexed for filtering.
• On Google Compute Engine, it was possible to use an ephemeral scratch disk as repository storage.

Changes

• A clustering environment requires at least 2 metrics-servers.

Deprecation of GitHub Enterprise 2.5

GitHub Enterprise 2.5 is now deprecated as of March 14, 2017. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Upcoming deprecation of GitHub Enterprise 2.6

GitHub Enterprise 2.6 will be deprecated as of April 26, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Graphs in the Management Console monitoring page are incorrectly sorted.
• It's possible to queue more jobs to repair a search index through the site admin than can be processed in a reasonable time, causing low priority jobs to become backlogged.
• Deleting a search index doesn't delete all associated metadata, which is then incorrectly reused if a new search index is created. This can cause search index repair jobs to be reported as finished in the site admin when they're not.
• A configuration run can incorrectly revert an SSL certificate to an automatically generated self-signed certificate.
• The /status endpoint on a high availability replica incorrectly returns 200 OK instead of 503 Service Unavailable.
• Site administrators can experience a 500 Internal Server Error after viewing the history for a file path containing Japanese characters. (updated 2017-03-30)
• An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team

Features

With the new features added in GitHub Enterprise 2.9.0, you can:

• Configure the SAML username attribute name to match your organizational standard or what your identity provider uses.
• Disable password-based authentication for Git operations when using LDAP authentication.
• Use load balancers for a single appliance of GitHub Enterprise and in front of a High Availability environment.
• Use TLS encrypted communication for secure log forwarding.
• Deploy GitHub Enterprise on Google Compute Engine.
• Require users to download recovery codes before they can complete the 2FA setup process.
• Manage one or more users at a time with bulk management.
• Remove one or more outside collaborator's access to a single repository or to all organization owned repositories at one time.
• Locate users by their GPG key from /stafftools.
• Purge LFS objects in a repository from /stafftools.
• Search commits by fields such as message, author, and date.
  • Note: Due to indexing commits, this feature may require adding more space to the data partition (depending on the number of commits and the length of each message).
• View diffs beyond the previous 300 file maximum.
• Resolve merge conflicts from your pull requests.
• Request a pull request review from a specific person.
• Dismiss a review from a pull request.
• Preserve your forks even if you are removed from a team using LDAP sync.
• Identify whether a user is a contributor, owner, or member from badges in the issue or pull request comment.
• Allow organizations to pin repositories.
• Create an organization-wide project to manage issues and pull requests from any repository that belongs to an organization.
• Resume downloads of Git LFS objects, releases, and uploads with supported HTTP(S) clients.

Security Fixes

• Packages have been updated to the latest security versions.

Bug Fixes

• Directory names containing spaces failed to be created from the web interface.
• Directional hotkeys weren't functional on the commit activity graph.
• Searching repositories from the organization page was inconsistent with the results from the global search.
• Commits were incorrectly referenced to the parent repository in the timeline after restoring a fork.
• Validly signed commits were displayed as invalid if the client added metadata to the gpg signature.
• Attempting to convert a user to an organization failed with an internal server error.
• Git LFS objects could take up to an hour to replicate in a High Availability configuration.
• In a clustering environment, reindexing failed when a pull request routes to an offline repository.
• svn checkout could incorrectly fail with a 429 HTTP error code.
• Copy to clipboard buttons failed for Internet Explorer 11 users.
• Pre-receive hooks failed to output UTF-8 characters.
• Migrations failed to preserve a label with a / character.
• A previously configured replica appliance excessively logged errors during High Availability initialization.
• Pre-receive hooks could fail with Device or resource busy.
• LDAP synchronization incorrectly removed users after a server-side LDAP timeout.
• An Encoding::Compatibility error occurred when viewing a webhook from /stafftools.
• The Management Console Add new SSH key field incorrectly allowed an SSH fingerprint instead of the contents of the key.
• A former primary appliance failed to create or update pre-receive hook environments.
• In a clustering environment, services were incorrectly started after reboot.
• Pre-receive hooks checking internal or temporary Git references failed.
• In a clustering environment, releases, uploads, avatars, and LFS files could fail to be accessible after a storage-server is removed.
• In a clustering environment, storage-server repair jobs took a long time when a new storage-server is added.
• In a clustering environment, the enterprise-manage and resolvconf service were incorrectly stopped after ghe-cluster-config-apply.
• An updated SAML Verification certificate did not take effect until the github-unicorn service was restarted.

Changes

• The Reactivate suspended users configuration has changed to reflect the current configured state.
• The <Destination> element is no longer optional in the SAML response.
• The default Amazon Web Services EC2 root partition has increased to 80 GB.
• GitHub Flavored Markdown, which is used to render issue and pull request comments, is now compliant with CommonMark.
  • Note: Rendering for repository files has not changed.
• New webhook events have been added.
• New API resources have been added.
• High Availability Git replication has been updated to use Spokes.
• A ten second timeout is enforced for all LDAP authentication requests. In the event of a timeout, the user is notified, and the timeout is recorded to the log files and reflected on the LDAP Authentication Management Console monitoring graph.
• Outdated diffs and review comments are now hidden by default when viewing a Pull Request. (updated 2017-05-17)

Backups and Disaster Recovery

GitHub Enterprise 2.9 requires at least GitHub Enterprise Backup Utilities 2.9.0 for Backups and Disaster Recovery.

Deprecation of GitHub Enterprise 2.4

GitHub Enterprise 2.4 is now deprecated as of February 9, 2017. That means that no patch releases will be made, even for critical security issues, after this release. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Upcoming deprecation of GitHub Enterprise 2.5

GitHub Enterprise 2.5 will be deprecated as of March 14, 2017. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Known Issues

• We incorrectly redirect to the dashboard if you accessed GitHub Enterprise using an alias while in private mode. This might happen if you set a fully qualified domain name but the subdomain resolves correctly.
• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• Enqueued background jobs are sometimes not purged when a repository is deleted.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• GitHub Enterprise clustering can not be configured without https.
• Graphs in the Management Console monitoring page are incorrectly sorted.
• Site administrators may experience 500 Internal Server Error if the license is approaching expiration or is close to the seat limit. (updated 2017-03-08)
• The initial import of the VMware OVA image may fail when deployed via vCenter Server 6.0 or 6.5. The import will succeed when performed directly on an ESXi host.
• On Google Compute Engine, it's possible to use an ephemeral scratch disk as repository storage (updated 2017-03-10)
• A search index that's not marked as the primary index, for example when a new index is being built after an upgrade, can be incorrectly deleted. (updated 2017-03-10)
• It's possible to queue more jobs to repair a search index through the site admin than can be processed in a reasonable time, causing low priority jobs to become backlogged. (updated 2017-03-10)
• Deleting a search index doesn't delete all associated metadata, which is then incorrectly reused if a new search index is created. This can cause search index repair jobs to be reported as finished in the site admin when they're not. (updated 2017-03-10)
• An unused locations search index is incorrectly listed in the site admin indexing page. (updated 2017-03-10)
• It's not possible to enable or disable maintenance mode through the Management Console. Maintenance mode can still be enabled and disabled using the ghe-maintenance command line utility. (updated 2017-03-10)
• Accessing a GitHub Pages site could cause 500 Internal Server Error. (updated 2017-03-10)
• A configuration run can incorrectly revert an SSL certificate to an automatically generated self-signed certificate. (updated 2017-03-10)
• Starting high availability replication can fail if the appliance was previously configured as a replica. (updated 2017-03-10)
• The /status endpoint on a high availability replica incorrectly returns 200 OK instead of 503 Service Unavailable.
• Site administrators can experience a 500 Internal Server Error after viewing the history for a file path containing Japanese characters. (updated 2017-03-30)
• An issue or pull request comment containing the string "User-Agent: GitHub-Hookshot" incorrectly triggers a firewall rule and causes an internal server error on several pages, including the author's profile page. (updated 2017-03-30)
• collectd metric paths can be truncated, which causes multiple write attempts to the same file for different metrics. (updated 2017-07-10)
• After changing the visibility of a repository, wiki search results have a conflicting number of displayed search results. Administrators can reindex the wiki through the site admin dashboard. (updated 2017-11-09)
• The create team API endpoint returns a 500 error if LDAP Sync is enabled and the team already exists. (updated 2018-01-09)

Thanks!

The GitHub Team