github · Octomerger · Dec 14, 2020 · Dec 14, 2020 · Dec 14, 2020 · Dec 14, 2020
@@ -0,0 +1,43 @@
+date: '2020-02-11'
+sections:
+  features:
+    - 'On a repository branch, repository administrators can reject any push that contains a merge commit by enabling `Require linear history` using [branch protection rules](https://help.github.com/en/github/administering-a-repository/enabling-branch-restrictions). {% comment %} https://github.blog/changelog/2019-12-04-expanded-branch-protection-rules/ {% endcomment %}'
+    - 'Repository administrators can grant all users with push access the ability to force-push to a protected branch by enabling `Allow force pushes` using [branch protection rules](https://help.github.com/en/github/administering-a-repository/enabling-branch-restrictions). {% comment %} https://github.blog/changelog/2019-12-04-expanded-branch-protection-rules/, https://github.com/github/ce-oss-happiness/issues/42, https://github.com/github/github/pull/125950 {% endcomment %}'
+    - 'Repository administrators can grant all users with push access the ability to delete a protected branch by enabling `Allow deletions` using [branch protection rules](https://help.github.com/en/github/administering-a-repository/enabling-branch-restrictions). {% comment %} https://github.blog/changelog/2019-12-04-expanded-branch-protection-rules/ {% endcomment %}'
+    - 'Administrators can set a `maxobjectsize` limit on repositories, [limiting the size of push commits](https://help.github.com/en/enterprise/admin/installation/setting-git-push-limits) to a repository that are not in [Git LFS](https://help.github.com/en/enterprise/admin/installation/configuring-git-large-file-storage-on-github-enterprise-server). {% comment %} https://github.com/github/babeld/pull/864, https://team.githubapp.com/posts/33519, https://github.com/githubcustomers/Slack/issues/27 {% endcomment %}'
+    - 'Organization owners can create a set of default labels when creating a new repository.{% comment %} https://github.com/github/issues-projects/issues/237, https://github.com/github/issues-projects/issues/179 {% endcomment %}'
+  security_fixes:
+    - Packages have been updated to the latest security versions.
+  bugs:
+    - 'When a member of an organization tried to view a public repository in that organization, an SSO prompt could break the page display. {% comment %} https://github.com/github/github/issues/126677, https://github.com/github/github/pull/127501 {% endcomment %}'
+    - "When viewing a users' profile, the links to that users' teams could be broken. {% comment %} https://github.com/github/github/issues/131771, https://github.com/github/github/pull/131865 {% endcomment %}"
+    - 'Users with the `maintain` role were unable to edit repository topics. {% comment %} https://github.com/github/github/pull/129503, https://github.com/github/github/issues/119456 {% endcomment %}'
+    - "A user who isn't an administrator for an organization would receive a 500 error when attempting to access the sign up page. {% comment %} https://github.com/github/github/pull/129213, https://github.com/github/github/issues/129210, https://github.com/github/github/issues/129212 {% endcomment %}"
+    - 'The edit history popup would not display on gist comments. {% comment %} https://github.com/github/github/pull/129134, https://github.com/github/github/issues/128496 {% endcomment %}'
+    - 'A new account could be registered with an email that was already registered.  {% comment %} https://github.com/github/github/pull/127905, https://github.com/github/github/issues/127858 {% endcomment %}'
+    - 'A storage service was hitting a file descriptor limit and causing kernel hanging and other services to log errors. {% comment %} https://github.com/github/enterprise2/pull/18775 {% endcomment %}'
+    - 'When an autolink reference was part of a url, the hyperlink could be removed. {% comment %} https://github.com/github/github/pull/126776 {% endcomment %}'
+    - 'When adding a comment to a pull request, the `Linked Issues` section from the sidebar could disappear. {% comment %} https://github.com/github/issues-projects/issues/384, https://github.com/github/github/pull/130514 {% endcomment %}'
+    - 'When editing an existing organization invitation for a user, a duplicate header could be appear on the `Teams` table. {% comment %} https://github.com/github/github/issues/120381, https://github.com/github/github/pull/128939 {% endcomment %}'
+    - 'The `resqued` service could stop logging events when the queues became too large. {% comment %} https://github.com/github/github/pull/130087, https://github.com/github/business-support/issues/2696 {% endcomment %}'
+    - 'Self-signed certificates are not automatically generated when running the `ghe-config-apply` command for cluster and high-availability configurations. {% comment %} https://github.com/github/enterprise2/pull/18773 {% endcomment %}'
+  changes:
+    - 'No logo will be displayed for a topic if one has not been uploaded. {% comment %} https://github.com/github/github/issues/130513, https://github.com/github/github/pull/130515 {% endcomment %}'
+    - 'When viewing an issue on a mobile browser, the issue metadata is listed at the top of the page. {% comment %} https://github.com/github/github/pull/127560 {% endcomment %}'
+    - 'Consul''s top-level domain has changed from ".consul" to ".ghe.local". {% comment %} https://github.com/github/enterprise2/pull/17443, https://github.com/github/enterprise2/issues/17701 {% endcomment %}'
+    - 'The hookshot service no longer relies on ElasticSearch and only uses MySQL as a database store. {% comment %} https://github.com/github/enterprise2/pull/18158, https://github.com/github/hookshot/pull/1128, https://github.com/github/enterprise2/pull/15898 {% endcomment %}'
+    - 'Improved visual distinction between issue, project and discussion has been implemented on project note cards. {% comment %} https://github.com/github/github/pull/132038 {% endcomment %}'
+    - 'On a pull request review, a notice is displayed if a multi-line comment is truncated. {% comment %} https://github.com/github/github/issues/125948, https://github.com/github/github/pull/128677 {% endcomment %}'
+    - 'Users can view their audit log on the `Security Log` tab of their personal settings page. {% comment %} https://github.com/github/github/pull/123041{% endcomment %}'
+  known_issues:
+    - 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+    - 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+    - 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+    - 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+    - 'When pushing to a gist, an exception could be triggered during the post-receive hook. {% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
+    - Duplicate webhook entries in the database can cause upgrades from previous versions to fail. (updated 2020-02-26)
+    - 'Upgrades and settings updates will fail if background worker configurations have been customised. {% comment %} https://github.com/github/enterprise2/issues/19119 {% endcomment %}'
+    - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+    - 'When upgrading from previous versions, background job workers may not be spawned, preventing essential features such as merging pull requests. (updated 2020-04-07) {% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}'
+    - 'Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23) {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+    - 'Dependency graph is not detecting dependencies when deployed in a cluster configuration with multiple Redis nodes. (updated 2020-06-30) {% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
@@ -0,0 +1,20 @@
+date: '2020-02-27'
+sections:
+  security_fixes:
+    - 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/19116, https://github.com/github/enterprise2/pull/19110, https://github.com/github/enterprise2/pull/19154, https://github.com/github/enterprise2/pull/19142 {% endcomment %}'
+  bugs:
+    - 'Restore from backups would fail with an `Invalid RDB version number` error. {% comment %} https://github.com/github/enterprise2/pull/19117, https://github.com/github/enterprise2/pull/19109 {% endcomment %}'
+    - 'Upgrading an HA replica would stall indefinitely waiting for MySQL to start. {% comment %} https://github.com/github/enterprise2/pull/19168, https://github.com/github/enterprise2/pull/19101 {% endcomment %}'
+    - 'PR review comments with unexpected values for "position" or "original_position" caused imports to fail. {% comment %} https://github.com/github/github/pull/135439, https://github.com/github/github/pull/135374 {% endcomment %}'
+    - 'Duplicate webhook entries in the database could cause upgrades from previous versions to fail. {% comment %} https://github.com/github/hookshot/pull/1541, https://github.com/github/hookshot/pull/1426, https://github.com/github/hookshot/pull/1540 {% endcomment %}'
+  known_issues:
+    - 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+    - 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+    - 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+    - 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+    - 'When pushing to a gist, an exception could be triggered during the post-receive hook. {% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
+    - 'Upgrades and settings updates will fail if background worker configurations have been customised. {% comment %} https://github.com/github/enterprise2/issues/19119 {% endcomment %}'
+    - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+    - 'When upgrading from previous versions, background job workers may not be spawned, preventing essential features such as merging pull requests. (updated 2020-04-07) {% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}'
+    - 'Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23) {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+    - 'Dependency graph is not detecting dependencies when deployed in a cluster configuration with multiple Redis nodes. (updated 2020-06-30) {% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
@@ -0,0 +1,20 @@
+date: '2020-06-23'
+sections:
+  security_fixes:
+    - 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/20746, https://github.com/github/enterprise2/pull/20727 {% endcomment %}'
+  bugs:
+    - 'Excessively large log events could lead to log forwarding instability when UDP was used as the transport mechanism. {% comment %} https://github.com/github/enterprise2/pull/20457, https://github.com/github/enterprise2/pull/20445 {% endcomment %}'
+    - "Automatic unsuspension of a user through SSO did not complete if the SSH keys attribute had keys already associated with the user's account. {% comment %} https://github.com/github/github/pull/143474, https://github.com/github/github/pull/142927 {% endcomment %}"
+    - 'The repository permission hash from the REST API indicated no access for business members who have pull access to internal repositories. {% comment %} https://github.com/github/github/pull/144755, https://github.com/github/github/pull/144292 {% endcomment %}'
+    - 'Previewing a GitHub App description written in markdown was not properly rendered. {% comment %} https://github.com/github/github/pull/145038, https://github.com/github/github/pull/133360 {% endcomment %}'
+    - 'The audit log did not include branch protection changes events. {% comment %} https://github.com/github/github/pull/145995, https://github.com/github/github/pull/145014 {% endcomment %}'
+    - "Trying to assign code review to a member of an empty team would result in a '500 Internal Server Error'. {% comment %} https://github.com/github/github/pull/146328, https://github.com/github/github/pull/139330 {% endcomment %}"
+    - 'Code review assignment using the load balancing algorithm could repeatedly assign to the same team member. {% comment %} https://github.com/github/github/pull/146329, https://github.com/github/github/pull/136504 {% endcomment %}'
+  known_issues:
+    - 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+    - 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+    - 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+    - 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+    - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+    - 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+    - 'Dependency graph is not detecting dependencies when deployed in a cluster configuration with multiple Redis nodes. (updated 2020-06-30) {% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
@@ -0,0 +1,18 @@
+date: '2020-07-09'
+sections:
+  security_fixes:
+    - '**MEDIUM:** Updated nginx to 1.16.1 and addressed CVE-2019-20372. (updated 2020-07-22) {% comment %} https://github.com/github/enterprise2/pull/21251 {% endcomment %}'
+    - 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/21088, https://github.com/github/enterprise2/pull/21036 {% endcomment %}'
+  bugs:
+    - 'Dependency graph was not detecting dependencies when deployed in a cluster configuration with multiple Redis nodes. {% comment %} https://github.com/github/enterprise2/pull/21260, https://github.com/github/enterprise2/pull/21102 {% endcomment %}'
+    - 'Certain log files did not rotate every 7 days. {% comment %} https://github.com/github/enterprise2/pull/21278, https://github.com/github/enterprise2/pull/21264 {% endcomment %}'
+    - 'Rapid reuse of webhook source ports resulted in rejected connections. {% comment %} https://github.com/github/enterprise2/pull/21289 {% endcomment %}'
+    - 'Incorrect background jobs could attempt to run on instances configured as passive replicas. {% comment %} https://github.com/github/enterprise2/pull/21318, https://github.com/github/enterprise2/pull/21212, https://github.com/github/enterprise2/issues/21167 {% endcomment %}'
+    - 'Internal repositories were not correctly included in search results for SAML-enabled orgs. {% comment %} https://github.com/github/github/pull/147503, https://github.com/github/github/pull/145692 {% endcomment %}'
+  known_issues:
+    - 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+    - 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+    - 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+    - 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+    - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+    - 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'