-
Notifications
You must be signed in to change notification settings - Fork 59.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
39 changed files
with
779 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| date: '2020-02-11' | ||
| sections: | ||
| features: | ||
| - 'On a repository branch, repository administrators can reject any push that contains a merge commit by enabling `Require linear history` using [branch protection rules](https://help.github.com/en/github/administering-a-repository/enabling-branch-restrictions). {% comment %} https://github.blog/changelog/2019-12-04-expanded-branch-protection-rules/ {% endcomment %}' | ||
| - 'Repository administrators can grant all users with push access the ability to force-push to a protected branch by enabling `Allow force pushes` using [branch protection rules](https://help.github.com/en/github/administering-a-repository/enabling-branch-restrictions). {% comment %} https://github.blog/changelog/2019-12-04-expanded-branch-protection-rules/, https://github.com/github/ce-oss-happiness/issues/42, https://github.com/github/github/pull/125950 {% endcomment %}' | ||
| - 'Repository administrators can grant all users with push access the ability to delete a protected branch by enabling `Allow deletions` using [branch protection rules](https://help.github.com/en/github/administering-a-repository/enabling-branch-restrictions). {% comment %} https://github.blog/changelog/2019-12-04-expanded-branch-protection-rules/ {% endcomment %}' | ||
| - 'Administrators can set a `maxobjectsize` limit on repositories, [limiting the size of push commits](https://help.github.com/en/enterprise/admin/installation/setting-git-push-limits) to a repository that are not in [Git LFS](https://help.github.com/en/enterprise/admin/installation/configuring-git-large-file-storage-on-github-enterprise-server). {% comment %} https://github.com/github/babeld/pull/864, https://team.githubapp.com/posts/33519, https://github.com/githubcustomers/Slack/issues/27 {% endcomment %}' | ||
| - 'Organization owners can create a set of default labels when creating a new repository.{% comment %} https://github.com/github/issues-projects/issues/237, https://github.com/github/issues-projects/issues/179 {% endcomment %}' | ||
| security_fixes: | ||
| - Packages have been updated to the latest security versions. | ||
| bugs: | ||
| - 'When a member of an organization tried to view a public repository in that organization, an SSO prompt could break the page display. {% comment %} https://github.com/github/github/issues/126677, https://github.com/github/github/pull/127501 {% endcomment %}' | ||
| - "When viewing a users' profile, the links to that users' teams could be broken. {% comment %} https://github.com/github/github/issues/131771, https://github.com/github/github/pull/131865 {% endcomment %}" | ||
| - 'Users with the `maintain` role were unable to edit repository topics. {% comment %} https://github.com/github/github/pull/129503, https://github.com/github/github/issues/119456 {% endcomment %}' | ||
| - "A user who isn't an administrator for an organization would receive a 500 error when attempting to access the sign up page. {% comment %} https://github.com/github/github/pull/129213, https://github.com/github/github/issues/129210, https://github.com/github/github/issues/129212 {% endcomment %}" | ||
| - 'The edit history popup would not display on gist comments. {% comment %} https://github.com/github/github/pull/129134, https://github.com/github/github/issues/128496 {% endcomment %}' | ||
| - 'A new account could be registered with an email that was already registered. {% comment %} https://github.com/github/github/pull/127905, https://github.com/github/github/issues/127858 {% endcomment %}' | ||
| - 'A storage service was hitting a file descriptor limit and causing kernel hanging and other services to log errors. {% comment %} https://github.com/github/enterprise2/pull/18775 {% endcomment %}' | ||
| - 'When an autolink reference was part of a url, the hyperlink could be removed. {% comment %} https://github.com/github/github/pull/126776 {% endcomment %}' | ||
| - 'When adding a comment to a pull request, the `Linked Issues` section from the sidebar could disappear. {% comment %} https://github.com/github/issues-projects/issues/384, https://github.com/github/github/pull/130514 {% endcomment %}' | ||
| - 'When editing an existing organization invitation for a user, a duplicate header could be appear on the `Teams` table. {% comment %} https://github.com/github/github/issues/120381, https://github.com/github/github/pull/128939 {% endcomment %}' | ||
| - 'The `resqued` service could stop logging events when the queues became too large. {% comment %} https://github.com/github/github/pull/130087, https://github.com/github/business-support/issues/2696 {% endcomment %}' | ||
| - 'Self-signed certificates are not automatically generated when running the `ghe-config-apply` command for cluster and high-availability configurations. {% comment %} https://github.com/github/enterprise2/pull/18773 {% endcomment %}' | ||
| changes: | ||
| - 'No logo will be displayed for a topic if one has not been uploaded. {% comment %} https://github.com/github/github/issues/130513, https://github.com/github/github/pull/130515 {% endcomment %}' | ||
| - 'When viewing an issue on a mobile browser, the issue metadata is listed at the top of the page. {% comment %} https://github.com/github/github/pull/127560 {% endcomment %}' | ||
| - 'Consul''s top-level domain has changed from ".consul" to ".ghe.local". {% comment %} https://github.com/github/enterprise2/pull/17443, https://github.com/github/enterprise2/issues/17701 {% endcomment %}' | ||
| - 'The hookshot service no longer relies on ElasticSearch and only uses MySQL as a database store. {% comment %} https://github.com/github/enterprise2/pull/18158, https://github.com/github/hookshot/pull/1128, https://github.com/github/enterprise2/pull/15898 {% endcomment %}' | ||
| - 'Improved visual distinction between issue, project and discussion has been implemented on project note cards. {% comment %} https://github.com/github/github/pull/132038 {% endcomment %}' | ||
| - 'On a pull request review, a notice is displayed if a multi-line comment is truncated. {% comment %} https://github.com/github/github/issues/125948, https://github.com/github/github/pull/128677 {% endcomment %}' | ||
| - 'Users can view their audit log on the `Security Log` tab of their personal settings page. {% comment %} https://github.com/github/github/pull/123041{% endcomment %}' | ||
| known_issues: | ||
| - 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}' | ||
| - 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}' | ||
| - 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}' | ||
| - 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}' | ||
| - 'When pushing to a gist, an exception could be triggered during the post-receive hook. {% comment %} https://github.com/github/github/issues/129091 {% endcomment %}' | ||
| - Duplicate webhook entries in the database can cause upgrades from previous versions to fail. (updated 2020-02-26) | ||
| - 'Upgrades and settings updates will fail if background worker configurations have been customised. {% comment %} https://github.com/github/enterprise2/issues/19119 {% endcomment %}' | ||
| - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}' | ||
| - 'When upgrading from previous versions, background job workers may not be spawned, preventing essential features such as merging pull requests. (updated 2020-04-07) {% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}' | ||
| - 'Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23) {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}' | ||
| - 'Dependency graph is not detecting dependencies when deployed in a cluster configuration with multiple Redis nodes. (updated 2020-06-30) {% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| date: '2020-02-27' | ||
| sections: | ||
| security_fixes: | ||
| - 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/19116, https://github.com/github/enterprise2/pull/19110, https://github.com/github/enterprise2/pull/19154, https://github.com/github/enterprise2/pull/19142 {% endcomment %}' | ||
| bugs: | ||
| - 'Restore from backups would fail with an `Invalid RDB version number` error. {% comment %} https://github.com/github/enterprise2/pull/19117, https://github.com/github/enterprise2/pull/19109 {% endcomment %}' | ||
| - 'Upgrading an HA replica would stall indefinitely waiting for MySQL to start. {% comment %} https://github.com/github/enterprise2/pull/19168, https://github.com/github/enterprise2/pull/19101 {% endcomment %}' | ||
| - 'PR review comments with unexpected values for "position" or "original_position" caused imports to fail. {% comment %} https://github.com/github/github/pull/135439, https://github.com/github/github/pull/135374 {% endcomment %}' | ||
| - 'Duplicate webhook entries in the database could cause upgrades from previous versions to fail. {% comment %} https://github.com/github/hookshot/pull/1541, https://github.com/github/hookshot/pull/1426, https://github.com/github/hookshot/pull/1540 {% endcomment %}' | ||
| known_issues: | ||
| - 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}' | ||
| - 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}' | ||
| - 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}' | ||
| - 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}' | ||
| - 'When pushing to a gist, an exception could be triggered during the post-receive hook. {% comment %} https://github.com/github/github/issues/129091 {% endcomment %}' | ||
| - 'Upgrades and settings updates will fail if background worker configurations have been customised. {% comment %} https://github.com/github/enterprise2/issues/19119 {% endcomment %}' | ||
| - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}' | ||
| - 'When upgrading from previous versions, background job workers may not be spawned, preventing essential features such as merging pull requests. (updated 2020-04-07) {% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}' | ||
| - 'Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23) {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}' | ||
| - 'Dependency graph is not detecting dependencies when deployed in a cluster configuration with multiple Redis nodes. (updated 2020-06-30) {% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| date: '2020-06-23' | ||
| sections: | ||
| security_fixes: | ||
| - 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/20746, https://github.com/github/enterprise2/pull/20727 {% endcomment %}' | ||
| bugs: | ||
| - 'Excessively large log events could lead to log forwarding instability when UDP was used as the transport mechanism. {% comment %} https://github.com/github/enterprise2/pull/20457, https://github.com/github/enterprise2/pull/20445 {% endcomment %}' | ||
| - "Automatic unsuspension of a user through SSO did not complete if the SSH keys attribute had keys already associated with the user's account. {% comment %} https://github.com/github/github/pull/143474, https://github.com/github/github/pull/142927 {% endcomment %}" | ||
| - 'The repository permission hash from the REST API indicated no access for business members who have pull access to internal repositories. {% comment %} https://github.com/github/github/pull/144755, https://github.com/github/github/pull/144292 {% endcomment %}' | ||
| - 'Previewing a GitHub App description written in markdown was not properly rendered. {% comment %} https://github.com/github/github/pull/145038, https://github.com/github/github/pull/133360 {% endcomment %}' | ||
| - 'The audit log did not include branch protection changes events. {% comment %} https://github.com/github/github/pull/145995, https://github.com/github/github/pull/145014 {% endcomment %}' | ||
| - "Trying to assign code review to a member of an empty team would result in a '500 Internal Server Error'. {% comment %} https://github.com/github/github/pull/146328, https://github.com/github/github/pull/139330 {% endcomment %}" | ||
| - 'Code review assignment using the load balancing algorithm could repeatedly assign to the same team member. {% comment %} https://github.com/github/github/pull/146329, https://github.com/github/github/pull/136504 {% endcomment %}' | ||
| known_issues: | ||
| - 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}' | ||
| - 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}' | ||
| - 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}' | ||
| - 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}' | ||
| - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}' | ||
| - 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}' | ||
| - 'Dependency graph is not detecting dependencies when deployed in a cluster configuration with multiple Redis nodes. (updated 2020-06-30) {% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| date: '2020-07-09' | ||
| sections: | ||
| security_fixes: | ||
| - '**MEDIUM:** Updated nginx to 1.16.1 and addressed CVE-2019-20372. (updated 2020-07-22) {% comment %} https://github.com/github/enterprise2/pull/21251 {% endcomment %}' | ||
| - 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/21088, https://github.com/github/enterprise2/pull/21036 {% endcomment %}' | ||
| bugs: | ||
| - 'Dependency graph was not detecting dependencies when deployed in a cluster configuration with multiple Redis nodes. {% comment %} https://github.com/github/enterprise2/pull/21260, https://github.com/github/enterprise2/pull/21102 {% endcomment %}' | ||
| - 'Certain log files did not rotate every 7 days. {% comment %} https://github.com/github/enterprise2/pull/21278, https://github.com/github/enterprise2/pull/21264 {% endcomment %}' | ||
| - 'Rapid reuse of webhook source ports resulted in rejected connections. {% comment %} https://github.com/github/enterprise2/pull/21289 {% endcomment %}' | ||
| - 'Incorrect background jobs could attempt to run on instances configured as passive replicas. {% comment %} https://github.com/github/enterprise2/pull/21318, https://github.com/github/enterprise2/pull/21212, https://github.com/github/enterprise2/issues/21167 {% endcomment %}' | ||
| - 'Internal repositories were not correctly included in search results for SAML-enabled orgs. {% comment %} https://github.com/github/github/pull/147503, https://github.com/github/github/pull/145692 {% endcomment %}' | ||
| known_issues: | ||
| - 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}' | ||
| - 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}' | ||
| - 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}' | ||
| - 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}' | ||
| - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}' | ||
| - 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}' |
Oops, something went wrong.