diff --git a/data/release-notes/enterprise-server/3-10/16.yml b/data/release-notes/enterprise-server/3-10/16.yml new file mode 100644 index 000000000000..67e6d06c10fe --- /dev/null +++ b/data/release-notes/enterprise-server/3-10/16.yml @@ -0,0 +1,95 @@ +date: '2024-08-20' +intro: | + {% warning %} + + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.16-known-issues)" section of these release notes. + + {% endwarning %} +sections: + features: + - | + Users can view the app state of gists, networks, and wikis in the `spokesctl info` output, enhancing visibility into the status of these elements. Additionally, `spokesctl check` can diagnose and, in most cases, fix empty repository networks, improving network management. + security_fixes: + - | + **CRITICAL:** On GitHub Enterprise Server instances that use SAML single sign-on (SSO) authentication with specific IdPs utilizing publicly exposed signed federation metadata XML, an attacker could forge a SAML response to provision and/or gain access to a user account with site administrator privileges. GitHub has requested CVE ID [CVE-2024-6800](https://www.cve.org/cverecord?id=CVE-2024-6800) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM:** An attacker could disclose the issue contents from a private repository using a GitHub App with only `contents: read` and `pull requests: write` permissions. This was only exploitable via user access token, and installation access tokens were not impacted. GitHub has requested CVE ID [CVE-2024-6337](https://www.cve.org/cverecord?id=CVE-2024-6337) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + Packages have been updated to the latest security versions. + bugs: + - | + On an instance with GitHub Actions enabled, during a hotpatch upgrade, a race condition could block various upgrade activities. + - | + The `ghe-config-apply` process made an unnecessary number of connections to Redis. + - | + Instances installed on Google Cloud Platform (GCP) could have their hostname overwritten by GCP when a hotpatch was applied. + - | + The minimum password requirements for Management Console users and the root site administrator required an upper case character when providing a password with a minimum of 8 characters, contradicting the documentation and password hint. + - | + On an instance with subdomain isolation enabled, configuration runs created subdomains for ChatOps services, such as `slack.HOSTNAME` and `teams.HOSTNAME`, regardless of whether the service was enabled. + - | + On an instance with GitHub Actions enabled, due to an insufficient wait time, MS SQL and MySQL replication could fail with the error message `Failed to start nomad service!`. + - | + Some users were unable to delete project views. + - | + Due to a regression introduced in a previous patch, for enterprises that use encrypted SAML assertions, SSO attempts failed with a digest mismatch error if the entire SAML response was signed, rather than just the assertions. + - | + Running `go get` for a Golang repository with a directory structure that overlaps with GitHub UI routes failed + - | + The `github-stream-processor` service could get into a state where it would continually fail to process messages with a `TRILOGY_CLOSED_CONNECTION` error. + - | + A corrupted entry in the Git audit log could cause out of memory errors. + - | + Fixes and improvements for the git core module. + changes: + - | + Actions KPI logs are disabled by default to reduce log size. + - | + Audit log events related to audit log streaming are available in the enterprise audit log page, and via audit log streaming. + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. + - | + The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. + - | + {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} + - | + {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %} + - | + {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} + - | + {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %} + - | + After an administrator enables maintenance mode from the instance's Management Console UI using Firefox, the administrator is redirected to the Settings page, but maintenance mode is not enabled. To work around this issue, use a different browser. + - | + {% data reusables.release-notes.2023-11-aws-system-time %} + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} + - | + {% data reusables.release-notes.2023-10-actions-upgrade-bug %} + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} + - | + {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %} + - | + The `reply.HOSTNAME` subdomain is falsely displayed as having no SSL and DNS record, when testing the domain settings via the Management Console without subdomain isolation. + - | + When log forwarding is enabled, some forwarded log entries may be duplicated. + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run. diff --git a/data/release-notes/enterprise-server/3-11/14.yml b/data/release-notes/enterprise-server/3-11/14.yml new file mode 100644 index 000000000000..51b639d76a2c --- /dev/null +++ b/data/release-notes/enterprise-server/3-11/14.yml @@ -0,0 +1,103 @@ +date: '2024-08-20' +sections: + features: + - | + Users can view the app state of gists, networks, and wikis in the `spokesctl info` output, enhancing visibility into the status of these elements. Additionally, `spokesctl check` can diagnose and, in most cases, fix empty repository networks, improving network management. + security_fixes: + - | + **CRITICAL:** On GitHub Enterprise Server instances that use SAML single sign-on (SSO) authentication with specific IdPs utilizing publicly exposed signed federation metadata XML, an attacker could forge a SAML response to provision and/or gain access to a user account with site administrator privileges. GitHub has requested CVE ID [CVE-2024-6800](https://www.cve.org/cverecord?id=CVE-2024-6800) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM:** An attacker could update the `title`, `assignees`, and `labels` of any issue inside a public repository. This was only exploitable inside a public repository, and private/internal repositories were not affected. GitHub has requested CVE ID [CVE-2024-7711](https://www.cve.org/cverecord?id=CVE-2024-7711) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM:** An attacker could disclose the issue contents from a private repository using a GitHub App with only `contents: read` and `pull requests: write` permissions. This was only exploitable via user access token, and installation access tokens were not impacted. GitHub has requested CVE ID [CVE-2024-6337](https://www.cve.org/cverecord?id=CVE-2024-6337) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + Packages have been updated to the latest security versions. + bugs: + - | + During hotpatching and sometimes when applying configuration changes, a configuration run to upgrade the GitHub Actions service was unnecessarily triggered. The GitHub Actions service will only be upgraded in GitHub Enterprise Server feature releases. + - | + On an instance with GitHub Actions enabled, during a hotpatch upgrade, a race condition could block various upgrade activities. + - | + The `ghe-config-apply` process made an unnecessary number of connections to Redis. + - | + Restarting the `resolvconf` service would not correctly update the contents of `/etc/resolv.conf`. + - | + Instances installed on Google Cloud Platform (GCP) could have their hostname overwritten by GCP when a hotpatch was applied. + - | + The minimum password requirements for Management Console users and the root site administrator required an upper case character when providing a password with a minimum of 8 characters, contradicting the documentation and password hint. + - | + The `ghe-migrations` utility for visualizing migrations did not work due to a regression. Administrators can now run `ghe-migrations` to view the progress and status of `github` migrations, or run `ghe-migrations --all` to view progress on all services. + - | + On an instance with subdomain isolation enabled, configuration runs created subdomains for ChatOps services, such as `slack.HOSTNAME` and `teams.HOSTNAME`, regardless of whether the service was enabled. + - | + On an instance with GitHub Actions enabled, due to an insufficient wait time, MS SQL and MySQL replication could fail with the error message `Failed to start nomad service!`. + - | + Site administrators could not switch maintenance mode directly from "scheduled" to "on," or vice versa. + - | + Some users were unable to delete project views. + - | + When importing using `ghe-migrator`, team URLs containing dots were imported as-is, leading to 404s when attempting to view the imported teams. Dots in imported team URLs are now escaped to dashes. + - | + Due to a regression introduced in a previous patch, for enterprises that use encrypted SAML assertions, SSO attempts failed with a digest mismatch error if the entire SAML response was signed, rather than just the assertions. + - | + Running `go get` for a Golang repository with a directory structure that overlaps with GitHub UI routes failed + - | + The `github-stream-processor` service could get into a state where it would continually fail to process messages with a `TRILOGY_CLOSED_CONNECTION` error. + - | + The wrong help link was displayed when push protection blocked a secret from the CLI. + - | + For repositories with issues disabled, issue links were redirected to pull requests. + - | + In custom pre-receive hooks, the paths stored in environment variables that allow for newly pushed objects to be in a quarantine directory could be incorrectly interpreted as relative to a worktree instead of the Git directory, causing certain commands to fail to read from the repository. The variables now use absolute paths. + - | + A corrupted entry in the Git audit log could cause out of memory errors. + - | + Fixes and improvements for the git core module. + changes: + - | + Actions KPI logs are disabled by default to reduce log size. + - | + Users can set their styling preference for link underlines in the web interface, on their "Accessibility" settings page. + - | + Audit log events related to audit log streaming are available in the enterprise audit log page, and via audit log streaming. + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. + - | + The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. + - | + {% data reusables.release-notes.2023-11-aws-system-time %} + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + {% data reusables.release-notes.2023-11-cluster-ha-failover-git-push-failure %} + - | + {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} + - | + {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %} + - | + Repositories originally imported using `ghe-migrator` will not correctly track Advanced Security contributions. + - | + Due to a known regression, operators will not be able to use the `ghe-migrations` visualizer to view the status of migrations during an upgrade. Instead, the operator can inspect the log files in `/var/log/dbmigration` to see the status and progress of migrations. + - | + The `reply.HOSTNAME` subdomain is falsely displayed as having no SSL and DNS record, when testing the domain settings via the Management Console without subdomain isolation. + - | + When log forwarding is enabled, some forwarded log entries may be duplicated. + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run. diff --git a/data/release-notes/enterprise-server/3-12/8.yml b/data/release-notes/enterprise-server/3-12/8.yml new file mode 100644 index 000000000000..9d3ca60503e5 --- /dev/null +++ b/data/release-notes/enterprise-server/3-12/8.yml @@ -0,0 +1,111 @@ +date: '2024-08-20' +sections: + features: + - | + Users can view the app state of gists, networks, and wikis in the `spokesctl info` output, enhancing visibility into the status of these elements. Additionally, `spokesctl check` can diagnose and, in most cases, fix empty repository networks, improving network management. + security_fixes: + - | + **CRITICAL:** On GitHub Enterprise Server instances that use SAML single sign-on (SSO) authentication with specific IdPs utilizing publicly exposed signed federation metadata XML, an attacker could forge a SAML response to provision and/or gain access to a user account with site administrator privileges. GitHub has requested CVE ID [CVE-2024-6800](https://www.cve.org/cverecord?id=CVE-2024-6800) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM:** An attacker could update the `title`, `assignees`, and `labels` of any issue inside a public repository. This was only exploitable inside a public repository, and private/internal repositories were not affected. GitHub has requested CVE ID [CVE-2024-7711](https://www.cve.org/cverecord?id=CVE-2024-7711) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM:** An attacker could disclose the issue contents from a private repository using a GitHub App with only `contents: read` and `pull requests: write` permissions. This was only exploitable via user access token, and installation access tokens were not impacted. GitHub has requested CVE ID [CVE-2024-6337](https://www.cve.org/cverecord?id=CVE-2024-6337) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + Packages have been updated to the latest security versions. + bugs: + - | + During hotpatching and sometimes when applying configuration changes, a configuration run to upgrade the GitHub Actions service was unnecessarily triggered. The GitHub Actions service will only be upgraded in GitHub Enterprise Server feature releases. + - | + On an instance with GitHub Actions enabled, during a hotpatch upgrade, a race condition could block various upgrade activities. + - | + The `ghe-config-apply` process made an unnecessary number of connections to Redis. + - | + Upgrading the Dependency Graph sometimes failed due to outdated data from `go.sum` manifests. + - | + Restarting the `resolvconf` service would not correctly update the contents of `/etc/resolv.conf`. + - | + Instances installed on Google Cloud Platform (GCP) could have their hostname overwritten by GCP when a hotpatch was applied. + - | + The minimum password requirements for Management Console users and the root site administrator required an upper case character when providing a password with a minimum of 8 characters, contradicting the documentation and password hint. + - | + The `ghe-migrations` utility for visualizing migrations did not work due to a regression. Administrators can now run `ghe-migrations` to view the progress and status of `github` migrations, or run `ghe-migrations --all` to view progress on all services. + - | + On an instance with subdomain isolation enabled, configuration runs created subdomains for ChatOps services, such as `slack.HOSTNAME` and `teams.HOSTNAME`, regardless of whether the service was enabled. + - | + During support bundle generation or when running `ghe-diagnostics`, filesystem usage for the Elasticsearch data directory was not be included. + - | + On an instance with GitHub Actions enabled, due to an insufficient wait time, MS SQL and MySQL replication could fail with the error message `Failed to start nomad service!`. + - | + Site administrators could not switch maintenance mode directly from "scheduled" to "on," or vice versa. + - | + Some users were unable to delete project views. + - | + On the repository settings page for GitHub Pages, users saw an option to upgrade to GitHub Enterprise to use GitHub Pages with private visibility. + - | + When importing using `ghe-migrator`, team URLs containing dots were imported as-is, leading to 404s when attempting to view the imported teams. Dots in imported team URLs are now escaped to dashes. + - | + Due to a regression introduced in a previous patch, for enterprises that use encrypted SAML assertions, SSO attempts failed with a digest mismatch error if the entire SAML response was signed, rather than just the assertions. + - | + On an instance with subdomain isolation enabled, images served from a subdomain or external source did not render correctly in issues opened in the Projects side panel. + - | + In tag input fields, such as when adding topics to a repository, pressing space did not start a new tag. + - | + Running `go get` for a Golang repository with a directory structure that overlaps with GitHub UI routes failed + - | + The wrong help link was displayed when push protection blocked a secret from the CLI. + - | + For repositories with issues disabled, issue links were redirected to pull requests. + - | + Fixes and improvements for the git core module. + - | + In custom pre-receive hooks, the paths stored in environment variables that allow for newly pushed objects to be in a quarantine directory could be incorrectly interpreted as relative to a worktree instead of the Git directory, causing certain commands to fail to read from the repository. The variables now use absolute paths. + - | + A corrupted entry in the Git audit log could cause out of memory errors. + changes: + - | + Actions KPI logs are disabled by default to reduce log size. + - | + When running `ghe-support-bundle`, the support bundle includes the Elasticsearch config. + - | + Users can set their styling preference for link underlines in the web interface, on their "Accessibility" settings page. + - | + Audit log events related to audit log streaming are available in the enterprise audit log page, and via audit log streaming. + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. + - | + The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. + - | + {% data reusables.release-notes.2023-11-aws-system-time %} + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + {% data reusables.release-notes.2023-11-cluster-ha-failover-git-push-failure %} + - | + {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} + - | + Repositories originally imported using `ghe-migrator` will not correctly track Advanced Security contributions. + - | + Due to a known regression, operators will not be able to use the `ghe-migrations` visualizer to view the status of migrations during an upgrade. Instead, the operator can inspect the log files in `/var/log/dbmigration` to see the status and progress of migrations. + - | + The `reply.HOSTNAME` subdomain is falsely displayed as having no SSL and DNS record, when testing the domain settings via the Management Console without subdomain isolation. + - | + When log forwarding is enabled, some forwarded log entries may be duplicated. + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected. + - | + The global search bar does not have suggestions enabled due to the redesigned navigation and pending new search experience. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run. diff --git a/data/release-notes/enterprise-server/3-13/0.yml b/data/release-notes/enterprise-server/3-13/0.yml index 3a01b59cc41e..9e61b5e3bb48 100644 --- a/data/release-notes/enterprise-server/3-13/0.yml +++ b/data/release-notes/enterprise-server/3-13/0.yml @@ -193,5 +193,11 @@ sections: # https://github.com/github/releases/issues/3859 - | The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)." + # https://github.com/github/releases/issues/3794 + - | + From November 19, 2024, references to v1 and v2 of artifacts actions in GitHub Actions will not resolve. GitHub deprecated v1 and v2 of actions/upload-artifact, actions/download-artifact, and related npm packages on June 30, 2024. You can read more about this deprecation on the [GitHub Blog](https://github.blog/changelog/2024-02-13-deprecation-notice-v1-and-v2-of-the-artifact-actions/). GitHub Enterprise Server instances configured to use GitHub Connect to download these actions will need to store cached copies locally for workflows to continue working. If your local copy of these actions has been removed, use [GitHub Actions Sync](https://github.com/actions/actions-sync) to manually re-download the actions. [Updated: 2024-18-20] + # https://github.com/github/releases/issues/3794 + - | + The deprecated v1 and v2 versions of artifacts actions will be removed from GitHub Enterprise Server 3.15 onwards. Users should update their workflows to use v3 or later versions of artifacts actions. [Updated: 2024-18-20] errata: - 'The "[Deprecations](/admin/release-notes#3.13.0-deprecations)" section previously indicated that the Management Console API would be deprecated in GitHub Enterprise Server 3.14. Instead, the Management Console API will be removed in GitHub Enterprise Server 3.15. [Updated: 2024-07-08]' diff --git a/data/release-notes/enterprise-server/3-13/3.yml b/data/release-notes/enterprise-server/3-13/3.yml new file mode 100644 index 000000000000..d799b63b584f --- /dev/null +++ b/data/release-notes/enterprise-server/3-13/3.yml @@ -0,0 +1,127 @@ +date: '2024-08-20' +sections: + features: + - | + Users can view the app state of gists, networks, and wikis in the `spokesctl info` output, enhancing visibility into the status of these elements. Additionally, `spokesctl check` can diagnose and, in most cases, fix empty repository networks, improving network management. + security_fixes: + - | + **CRITICAL:** On GitHub Enterprise Server instances that use SAML single sign-on (SSO) authentication with specific IdPs utilizing publicly exposed signed federation metadata XML, an attacker could forge a SAML response to provision and/or gain access to a user account with site administrator privileges. GitHub has requested CVE ID [CVE-2024-6800](https://www.cve.org/cverecord?id=CVE-2024-6800) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM:** An attacker could update the `title`, `assignees`, and `labels` of any issue inside a public repository. This was only exploitable inside a public repository, and private/internal repositories were not affected. GitHub has requested CVE ID [CVE-2024-7711](https://www.cve.org/cverecord?id=CVE-2024-7711) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM:** An attacker could disclose the issue contents from a private repository using a GitHub App with only `contents: read` and `pull requests: write` permissions. This was only exploitable via user access token, and installation access tokens were not impacted. GitHub has requested CVE ID [CVE-2024-6337](https://www.cve.org/cverecord?id=CVE-2024-6337) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + Packages have been updated to the latest security versions. + bugs: + - | + During hotpatching and sometimes when applying configuration changes, a configuration run to upgrade the GitHub Actions service was unnecessarily triggered. The GitHub Actions service will only be upgraded in GitHub Enterprise Server feature releases. + - | + On an instance with GitHub Actions enabled, during a hotpatch upgrade, a race condition could block various upgrade activities. + - | + The `ghe-config-apply` process made an unnecessary number of connections to Redis. + - | + Upgrading the Dependency Graph sometimes failed due to outdated data from `go.sum` manifests. + - | + Restarting the `resolvconf` service would not correctly update the contents of `/etc/resolv.conf`. + - | + The configuration log at `/data/user/common/ghe-config.log` was no longer rotated to `/data/user/config-apply/logs/` after each config apply run. This was because a regular expression failed to match after timestamps were added to the config apply log. + - | + Empty lines were inserted into the configuration log at `/data/user/common/ghe-config.log`. + - | + Instances installed on Google Cloud Platform (GCP) could have their hostname overwritten by GCP when a hotpatch was applied. + - | + The minimum password requirements for Management Console users and the root site administrator required an upper case character when providing a password with a minimum of 8 characters, contradicting the documentation and password hint. + - | + The `ghe-migrations` utility for visualizing migrations did not work due to a regression. Administrators can now run `ghe-migrations` to view the progress and status of `github` migrations, or run `ghe-migrations --all` to view progress on all services. + - | + On an instance with subdomain isolation enabled, configuration runs created subdomains for ChatOps services, such as `slack.HOSTNAME` and `teams.HOSTNAME`, regardless of whether the service was enabled. + - | + Audit log data migration failed on instances using a legacy Elasticsearch data directory. + - | + When clicking the help link under the Authentication header in enterprise-manage, the user would be redirected to `/admin/managing-accounts-and-repositories` instead of `/admin/managing-iam/understanding-iam-for-enterprises/about-identity-and-access-management`. + - | + During support bundle generation or when running `ghe-diagnostics`, filesystem usage for the Elasticsearch data directory was not be included. + - | + On an instance with GitHub Actions enabled, due to an insufficient wait time, MS SQL and MySQL replication could fail with the error message `Failed to start nomad service!`. + - | + Site administrators could not switch maintenance mode directly from "scheduled" to "on," or vice versa. + - | + Some users were unable to delete project views. + - | + On the repository settings page for GitHub Pages, users saw an option to upgrade to GitHub Enterprise to use GitHub Pages with private visibility. + - | + When importing using `ghe-migrator`, team URLs containing dots were imported as-is, leading to 404s when attempting to view the imported teams. Dots in imported team URLs are now escaped to dashes. + - | + In the file tree on the "Files changed" tab of a pull request, users could not collapse or expand directories. + - | + Due to a regression introduced in a previous patch, for enterprises that use encrypted SAML assertions, SSO attempts failed with a digest mismatch error if the entire SAML response was signed, rather than just the assertions. + - | + Administrators sometimes saw an error message when visiting the administrative search page. + - | + On an instance with subdomain isolation enabled, images served from a subdomain or external source did not render correctly in issues opened in the Projects side panel. + - | + Running `go get` for a Golang repository with a directory structure that overlaps with GitHub UI routes failed + - | + The wrong help link was displayed when push protection blocked a secret from the CLI. + - | + Embedded images in wiki pages were broken. + - | + For repositories with issues disabled, issue links were redirected to pull requests. + - | + In custom pre-receive hooks, the paths stored in environment variables that allow for newly pushed objects to be in a quarantine directory could be incorrectly interpreted as relative to a worktree instead of the Git directory, causing certain commands to fail to read from the repository. The variables now use absolute paths. + - | + A corrupted entry in the Git audit log could cause out of memory errors. + - | + Fixes and improvements for the git core module. + - | + When enabling GitHub Advanced Security for an organization, active committers in other organizations were not accounted for. + changes: + - | + Actions KPI logs are disabled by default to reduce log size. + - | + When running `ghe-support-bundle`, the support bundle includes the Elasticsearch config. + - | + In the site admin dashboard, administrators have more granular options for the maximum object size in repositories. + - | + Users can set their styling preference for link underlines in the web interface, on their "Accessibility" settings page. + - | + Audit log events related to audit log streaming are available in the enterprise audit log page, and via audit log streaming. + known_issues: + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + Repositories originally imported using `ghe-migrator` will not correctly track Advanced Security contributions. + - | + Due to a known regression, operators will not be able to use the `ghe-migrations` visualizer to view the status of migrations during an upgrade. Instead, the operator can inspect the log files in `/var/log/dbmigration` to see the status and progress of migrations. + - | + When log forwarding is enabled, some forwarded log entries may be duplicated. + - | + For an instance in a cluster configuration and with GitHub Actions enabled, restoring a cluster from backup requires targeting the primary DB node. + - | + `TokenScanningServiceMetricsApiError` errors may appear after the upgrade. + - | + When following the steps for [Replacing the primary MySQL node](/enterprise-server@3.12/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Memory utilization may increase after the upgrade. During periods of high traffic, interruptions in service may occur due to insufficient memory allocations for internal components. + - | + Running a `config apply` as part of the steps for [Replacing a node in an emergency](/enterprise-server@3.12/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + Including `../` when editing a file name does not move the file up a directory level. + - | + If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected. + - | + When restoring data originally backed up from a 3.13 appliance onto a 3.13 appliance, the elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + The global search bar does not have suggestions enabled due to the redesigned navigation and pending new search experience. + - | + Hotpatching in Azure fails with a `rsync` error. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run. + - | + Instance setup in AWS with IMDSv2 enforced fails if no public IP is present.