GHES Patch Release Notes (#34380)
Co-authored-by: Release-Controller <runner@fv-az225-844.nn523fotaqjeti0rucxshd1u2e.jx.internal.cloudapp.net> Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
This commit is contained in:
release-controller[bot]
committed by
GitHub
GitHub
parent
2c220586f8
commit
0ce7ef45b9
22
data/release-notes/enterprise-server/3-4/15.yml
Normal file
22
data/release-notes/enterprise-server/3-4/15.yml
Normal file
@@ -0,0 +1,22 @@
|
||||
date: '2023-02-02'
|
||||
sections:
|
||||
security_fixes:
|
||||
- Packages have been updated to the latest security versions.
|
||||
bugs:
|
||||
- During the validation phase of a configuration run, a `No such object error` may have occurred for the Notebook and Viewscreen services.
|
||||
- When enabling automatic TLS certificate management with Let's Encrypt, the process could fail with the error `The certificate is not signed by a trusted certificate authority (CA) or the certificate chain in missing intermediate CA signing certificates`.
|
||||
changes:
|
||||
- When a timeout occurs during diff generation, such as when a commit displays an error that the diff is taking too long to generate, the `push` webhook event will deliver empty diff information. Previously, the `push` webhook event would fail to be delivered.
|
||||
known_issues:
|
||||
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are removed during the upgrade process.
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
|
||||
- When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
|
||||
- The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
|
||||
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
|
||||
- |
|
||||
After registering a self-hosted runner with the `--ephemeral` parameter on more than one level (for example, both enterprise and organization), the runner may get stuck in an idle state and require re-registration. [Updated: 2022-06-17]
|
||||
- After upgrading to {% data variables.product.prodname_ghe_server %} 3.4, releases may appear to be missing from repositories. This can occur when the required Elasticsearch index migrations have not successfully completed.
|
||||
- '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'
|
||||
- '{% data reusables.release-notes.2022-09-hotpatch-issue %}'
|
||||
20
data/release-notes/enterprise-server/3-5/12.yml
Normal file
20
data/release-notes/enterprise-server/3-5/12.yml
Normal file
@@ -0,0 +1,20 @@
|
||||
date: '2023-02-02'
|
||||
sections:
|
||||
security_fixes:
|
||||
- Packages have been updated to the latest security versions.
|
||||
bugs:
|
||||
- During the validation phase of a configuration run, a `No such object error` may have occurred for the Notebook and Viewscreen services.
|
||||
- When enabling automatic TLS certificate management with Let's Encrypt, the process could fail with the error `The certificate is not signed by a trusted certificate authority (CA) or the certificate chain in missing intermediate CA signing certificates`.
|
||||
changes:
|
||||
- When a timeout occurs during diff generation, such as when a commit displays an error that the diff is taking too long to generate, the `push` webhook event will deliver empty diff information. Previously, the `push` webhook event would fail to be delivered.
|
||||
known_issues:
|
||||
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are removed during the upgrade process.
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
|
||||
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
|
||||
- The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
|
||||
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
|
||||
- Actions services need to be restarted after restoring an appliance from a backup taken on a different host.
|
||||
- '{% data reusables.release-notes.2022-09-hotpatch-issue %}'
|
||||
- '{% data reusables.release-notes.babeld-max-threads-performance-issue %}'
|
||||
30
data/release-notes/enterprise-server/3-6/8.yml
Normal file
30
data/release-notes/enterprise-server/3-6/8.yml
Normal file
@@ -0,0 +1,30 @@
|
||||
date: '2023-02-02'
|
||||
sections:
|
||||
security_fixes:
|
||||
- Packages have been updated to the latest security versions.
|
||||
bugs:
|
||||
- After a site administrator adjusted the cutoff date for allowing SSH connections with RSA keys using `ghe-config app.gitauth.rsa-sha1`, the instance would still disallow connections with RSA keys if the connection attempt was signed by the SHA-1 hash function.
|
||||
- During the validation phase of a configuration run, a `No such object error` may have occurred for the Notebook and Viewscreen services.
|
||||
- When enabling automatic TLS certificate management with Let's Encrypt, the process could fail with the error `The certificate is not signed by a trusted certificate authority (CA) or the certificate chain in missing intermediate CA signing certificates`.
|
||||
- In some cases, users were unable to convert existing issues to discussions. If an issue is stuck while being converted to a discussion, enterprise owners can review the "Known issues" section below for more information.
|
||||
changes:
|
||||
- When a timeout occurs during diff generation, such as when a commit displays an error that the diff is taking too long to generate, the `push` webhook event will deliver empty diff information. Previously, the `push` webhook event would fail to be delivered.
|
||||
known_issues:
|
||||
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are removed during the upgrade process.
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
|
||||
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
|
||||
- The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
|
||||
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
|
||||
- Actions services need to be restarted after restoring an instance from a backup taken on a different host.
|
||||
- In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
|
||||
- In some cases, users cannot convert existing issues to discussions.
|
||||
- Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
|
||||
- '{% data reusables.release-notes.2022-09-hotpatch-issue %}'
|
||||
- |
|
||||
Following an upgrade to GitHub Enterprise Server 3.6 or later, existing inconsistencies in a repository such as broken refs or missing objects, may now be reported as errors like `invalid sha1 pointer 0000000000000000000000000000000000000000`, `Zero-length loose reference file`, or `Zero-length loose object file`. Previously, these indicators of repository corruption may have been silently ignored. GitHub Enterprise Server now uses an updated Git version with more diligent error reporting enabled. For more information, see this [upstream commit](https://github.com/git/git/commit/968f12fdac) in the Git project.
|
||||
|
||||
If you suspect a problem like this exists in one of your repositories, [contact GitHub Enterprise Support](/support/contacting-github-support/creating-a-support-ticket) for assistance.
|
||||
- '{% data reusables.release-notes.babeld-max-threads-performance-issue %}'
|
||||
- '{% data reusables.release-notes.stuck-discussion-conversion-issue %}'
|
||||
31
data/release-notes/enterprise-server/3-7/5.yml
Normal file
31
data/release-notes/enterprise-server/3-7/5.yml
Normal file
@@ -0,0 +1,31 @@
|
||||
date: '2023-02-02'
|
||||
sections:
|
||||
security_fixes:
|
||||
- Packages have been updated to the latest security versions.
|
||||
bugs:
|
||||
- After a site administrator adjusted the cutoff date for allowing SSH connections with RSA keys using `ghe-config app.gitauth.rsa-sha1`, the instance would still disallow connections with RSA keys if the connection attempt was signed by the SHA-1 hash function.
|
||||
- During the validation phase of a configuration run, a `No such object error` may have occurred for the Notebook and Viewscreen services.
|
||||
- SSH keys and personal access tokens (classic) would fail to allow REST API access to organization resources when GitHub Enterprise Server was configured with SCIM.
|
||||
- After disabling Dependabot updates, the avatar for Dependabot was displayed as the **@ghost** user in the Dependabot alert timeline.
|
||||
- In some cases, users could experience a `500` error when viewing the **Code security & analysis** settings page for an instance with a very high number of active committers.
|
||||
- Some links to contact GitHub Support or view the GitHub Enterprise Server release notes were incorrect.
|
||||
- The additional committers count for GitHub Advanced Security always showed 0.
|
||||
- In some cases, users were unable to convert existing issues to discussions. If an issue is stuck while being converted to a discussion, enterprise owners can review the "Known issues" section below for more information.
|
||||
known_issues:
|
||||
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are removed during the upgrade process.
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
|
||||
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
|
||||
- The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
|
||||
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
|
||||
- Actions services need to be restarted after restoring an instance from a backup taken on a different host.
|
||||
- In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
|
||||
- In some cases, users cannot convert existing issues to discussions.
|
||||
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
|
||||
- |
|
||||
Following an upgrade to GitHub Enterprise Server 3.6 or later, existing inconsistencies in a repository such as broken refs or missing objects, may now be reported as errors like `invalid sha1 pointer 0000000000000000000000000000000000000000`, `Zero-length loose reference file`, or `Zero-length loose object file`. Previously, these indicators of repository corruption may have been silently ignored. GitHub Enterprise Server now uses an updated Git version with more diligent error reporting enabled. For more information, see this [upstream commit](https://github.com/git/git/commit/968f12fdac) in the Git project.
|
||||
|
||||
If you suspect a problem like this exists in one of your repositories, [contact GitHub Enterprise Support](/support/contacting-github-support/creating-a-support-ticket) for assistance.
|
||||
- '{% data reusables.release-notes.babeld-max-threads-performance-issue %}'
|
||||
- '{% data reusables.release-notes.stuck-discussion-conversion-issue %}'
|
||||
@@ -0,0 +1,11 @@
|
||||
In some cases, while converting an issue to a discussion, the conversion process may hang. In this situation, an enterprise owner can try the following troubleshooting steps to resolve the issue.
|
||||
|
||||
1. At the end of the stuck discussion's URL, note the discussion's number.
|
||||
1. In the web UI, browse to the repository where the conversion is stuck.
|
||||
1. In the top-right corner of the web UI, click {% octicon "rocket" aria-label="The rocket ship" %}.
|
||||
1. Under "Collaboration", click **NUMBER discussions**.
|
||||
1. In the list, click the number from step 1.
|
||||
1. Under "Conversion", click **Enqueue conversion job**.
|
||||
1. Wait a few minutes, then check the issue's status.
|
||||
|
||||
If the conversion still hasn't completed, [contact GitHub Enterprise Support](/support/contacting-github-support/creating-a-support-ticket) for assistance.
|
||||
Reference in New Issue
Block a user