From 0ce7ef45b9dfd282b9ac47fe4b13130ca2fc4070 Mon Sep 17 00:00:00 2001 From: "release-controller[bot]" <110195724+release-controller[bot]@users.noreply.github.com> Date: Thu, 2 Feb 2023 21:39:27 +0100 Subject: [PATCH] GHES Patch Release Notes (#34380) Co-authored-by: Release-Controller Co-authored-by: Matt Pollard --- .../enterprise-server/3-4/15.yml | 22 +++++++++++++ .../enterprise-server/3-5/12.yml | 20 ++++++++++++ .../release-notes/enterprise-server/3-6/8.yml | 30 ++++++++++++++++++ .../release-notes/enterprise-server/3-7/5.yml | 31 +++++++++++++++++++ .../stuck-discussion-conversion-issue.md | 11 +++++++ 5 files changed, 114 insertions(+) create mode 100644 data/release-notes/enterprise-server/3-4/15.yml create mode 100644 data/release-notes/enterprise-server/3-5/12.yml create mode 100644 data/release-notes/enterprise-server/3-6/8.yml create mode 100644 data/release-notes/enterprise-server/3-7/5.yml create mode 100644 data/reusables/release-notes/stuck-discussion-conversion-issue.md diff --git a/data/release-notes/enterprise-server/3-4/15.yml b/data/release-notes/enterprise-server/3-4/15.yml new file mode 100644 index 0000000000..91cb93f86f --- /dev/null +++ b/data/release-notes/enterprise-server/3-4/15.yml @@ -0,0 +1,22 @@ +date: '2023-02-02' +sections: + security_fixes: + - Packages have been updated to the latest security versions. + bugs: + - During the validation phase of a configuration run, a `No such object error` may have occurred for the Notebook and Viewscreen services. + - When enabling automatic TLS certificate management with Let's Encrypt, the process could fail with the error `The certificate is not signed by a trusted certificate authority (CA) or the certificate chain in missing intermediate CA signing certificates`. + changes: + - When a timeout occurs during diff generation, such as when a commit displays an error that the diff is taking too long to generate, the `push` webhook event will deliver empty diff information. Previously, the `push` webhook event would fail to be delivered. + known_issues: + - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user. + - Custom firewall rules are removed during the upgrade process. + - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. + - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters. + - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results. + - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues. + - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail. + - | + After registering a self-hosted runner with the `--ephemeral` parameter on more than one level (for example, both enterprise and organization), the runner may get stuck in an idle state and require re-registration. [Updated: 2022-06-17] + - After upgrading to {% data variables.product.prodname_ghe_server %} 3.4, releases may appear to be missing from repositories. This can occur when the required Elasticsearch index migrations have not successfully completed. + - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}' + - '{% data reusables.release-notes.2022-09-hotpatch-issue %}' diff --git a/data/release-notes/enterprise-server/3-5/12.yml b/data/release-notes/enterprise-server/3-5/12.yml new file mode 100644 index 0000000000..2e51b8649a --- /dev/null +++ b/data/release-notes/enterprise-server/3-5/12.yml @@ -0,0 +1,20 @@ +date: '2023-02-02' +sections: + security_fixes: + - Packages have been updated to the latest security versions. + bugs: + - During the validation phase of a configuration run, a `No such object error` may have occurred for the Notebook and Viewscreen services. + - When enabling automatic TLS certificate management with Let's Encrypt, the process could fail with the error `The certificate is not signed by a trusted certificate authority (CA) or the certificate chain in missing intermediate CA signing certificates`. + changes: + - When a timeout occurs during diff generation, such as when a commit displays an error that the diff is taking too long to generate, the `push` webhook event will deliver empty diff information. Previously, the `push` webhook event would fail to be delivered. + known_issues: + - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user. + - Custom firewall rules are removed during the upgrade process. + - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. + - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters. + - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. + - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues. + - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail. + - Actions services need to be restarted after restoring an appliance from a backup taken on a different host. + - '{% data reusables.release-notes.2022-09-hotpatch-issue %}' + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' diff --git a/data/release-notes/enterprise-server/3-6/8.yml b/data/release-notes/enterprise-server/3-6/8.yml new file mode 100644 index 0000000000..191c8e11d7 --- /dev/null +++ b/data/release-notes/enterprise-server/3-6/8.yml @@ -0,0 +1,30 @@ +date: '2023-02-02' +sections: + security_fixes: + - Packages have been updated to the latest security versions. + bugs: + - After a site administrator adjusted the cutoff date for allowing SSH connections with RSA keys using `ghe-config app.gitauth.rsa-sha1`, the instance would still disallow connections with RSA keys if the connection attempt was signed by the SHA-1 hash function. + - During the validation phase of a configuration run, a `No such object error` may have occurred for the Notebook and Viewscreen services. + - When enabling automatic TLS certificate management with Let's Encrypt, the process could fail with the error `The certificate is not signed by a trusted certificate authority (CA) or the certificate chain in missing intermediate CA signing certificates`. + - In some cases, users were unable to convert existing issues to discussions. If an issue is stuck while being converted to a discussion, enterprise owners can review the "Known issues" section below for more information. + changes: + - When a timeout occurs during diff generation, such as when a commit displays an error that the diff is taking too long to generate, the `push` webhook event will deliver empty diff information. Previously, the `push` webhook event would fail to be delivered. + known_issues: + - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user. + - Custom firewall rules are removed during the upgrade process. + - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. + - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters. + - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. + - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues. + - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail. + - Actions services need to be restarted after restoring an instance from a backup taken on a different host. + - In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality. + - In some cases, users cannot convert existing issues to discussions. + - Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter. + - '{% data reusables.release-notes.2022-09-hotpatch-issue %}' + - | + Following an upgrade to GitHub Enterprise Server 3.6 or later, existing inconsistencies in a repository such as broken refs or missing objects, may now be reported as errors like `invalid sha1 pointer 0000000000000000000000000000000000000000`, `Zero-length loose reference file`, or `Zero-length loose object file`. Previously, these indicators of repository corruption may have been silently ignored. GitHub Enterprise Server now uses an updated Git version with more diligent error reporting enabled. For more information, see this [upstream commit](https://github.com/git/git/commit/968f12fdac) in the Git project. + + If you suspect a problem like this exists in one of your repositories, [contact GitHub Enterprise Support](/support/contacting-github-support/creating-a-support-ticket) for assistance. + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' + - '{% data reusables.release-notes.stuck-discussion-conversion-issue %}' \ No newline at end of file diff --git a/data/release-notes/enterprise-server/3-7/5.yml b/data/release-notes/enterprise-server/3-7/5.yml new file mode 100644 index 0000000000..fdb219de2b --- /dev/null +++ b/data/release-notes/enterprise-server/3-7/5.yml @@ -0,0 +1,31 @@ +date: '2023-02-02' +sections: + security_fixes: + - Packages have been updated to the latest security versions. + bugs: + - After a site administrator adjusted the cutoff date for allowing SSH connections with RSA keys using `ghe-config app.gitauth.rsa-sha1`, the instance would still disallow connections with RSA keys if the connection attempt was signed by the SHA-1 hash function. + - During the validation phase of a configuration run, a `No such object error` may have occurred for the Notebook and Viewscreen services. + - SSH keys and personal access tokens (classic) would fail to allow REST API access to organization resources when GitHub Enterprise Server was configured with SCIM. + - After disabling Dependabot updates, the avatar for Dependabot was displayed as the **@ghost** user in the Dependabot alert timeline. + - In some cases, users could experience a `500` error when viewing the **Code security & analysis** settings page for an instance with a very high number of active committers. + - Some links to contact GitHub Support or view the GitHub Enterprise Server release notes were incorrect. + - The additional committers count for GitHub Advanced Security always showed 0. + - In some cases, users were unable to convert existing issues to discussions. If an issue is stuck while being converted to a discussion, enterprise owners can review the "Known issues" section below for more information. + known_issues: + - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user. + - Custom firewall rules are removed during the upgrade process. + - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. + - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters. + - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. + - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues. + - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail. + - Actions services need to be restarted after restoring an instance from a backup taken on a different host. + - In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality. + - In some cases, users cannot convert existing issues to discussions. + - During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + Following an upgrade to GitHub Enterprise Server 3.6 or later, existing inconsistencies in a repository such as broken refs or missing objects, may now be reported as errors like `invalid sha1 pointer 0000000000000000000000000000000000000000`, `Zero-length loose reference file`, or `Zero-length loose object file`. Previously, these indicators of repository corruption may have been silently ignored. GitHub Enterprise Server now uses an updated Git version with more diligent error reporting enabled. For more information, see this [upstream commit](https://github.com/git/git/commit/968f12fdac) in the Git project. + + If you suspect a problem like this exists in one of your repositories, [contact GitHub Enterprise Support](/support/contacting-github-support/creating-a-support-ticket) for assistance. + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' + - '{% data reusables.release-notes.stuck-discussion-conversion-issue %}' \ No newline at end of file diff --git a/data/reusables/release-notes/stuck-discussion-conversion-issue.md b/data/reusables/release-notes/stuck-discussion-conversion-issue.md new file mode 100644 index 0000000000..4c660a2606 --- /dev/null +++ b/data/reusables/release-notes/stuck-discussion-conversion-issue.md @@ -0,0 +1,11 @@ +In some cases, while converting an issue to a discussion, the conversion process may hang. In this situation, an enterprise owner can try the following troubleshooting steps to resolve the issue. + +1. At the end of the stuck discussion's URL, note the discussion's number. +1. In the web UI, browse to the repository where the conversion is stuck. +1. In the top-right corner of the web UI, click {% octicon "rocket" aria-label="The rocket ship" %}. +1. Under "Collaboration", click **NUMBER discussions**. +1. In the list, click the number from step 1. +1. Under "Conversion", click **Enqueue conversion job**. +1. Wait a few minutes, then check the issue's status. + +If the conversion still hasn't completed, [contact GitHub Enterprise Support](/support/contacting-github-support/creating-a-support-ticket) for assistance. \ No newline at end of file