diff --git a/content/admin/configuration/configuring-your-enterprise/configuring-rate-limits.md b/content/admin/configuration/configuring-your-enterprise/configuring-rate-limits.md
index 4f25b255f2..26c878bfaa 100644
--- a/content/admin/configuration/configuring-your-enterprise/configuring-rate-limits.md
+++ b/content/admin/configuration/configuring-your-enterprise/configuring-rate-limits.md
@@ -52,7 +52,13 @@ Setting secondary rate limits protects the overall level of service on {% data v
## Enabling rate limits for Git
-You can apply Git rate limits per repository network or per user ID. Git rate limits are expressed in concurrent operations per minute, and are adaptive based on the current CPU load.
+If a member of {% data variables.product.company_short %}'s staff has recommended it, you can apply Git rate limits per repository network or per user ID. Git rate limits are expressed in concurrent operations per minute, and are adaptive based on the current CPU load.
+
+{% warning %}
+
+**Warning:** We encourage you to leave this setting disabled unless directly recommended by a member of {% data variables.product.company_short %}'s staff. Git operations are rarely the leading driver of CPU and RAM usage. Enabling this feature can make Git operations more likely to fail under high load conditions but does not address the underlying cause of those conditions.
+
+{% endwarning %}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.management-console %}
diff --git a/translations/log/msft-cn-resets.csv b/translations/log/msft-cn-resets.csv
index 5713b5d015..9f14fdc9bb 100644
--- a/translations/log/msft-cn-resets.csv
+++ b/translations/log/msft-cn-resets.csv
@@ -172,6 +172,7 @@ translations/zh-CN/content/rest/reference/users.md,file deleted because it no lo
translations/zh-CN/content/rest/reference/webhooks.md,file deleted because it no longer exists in main
translations/zh-CN/content/site-policy/github-terms/github-community-forum-code-of-conduct.md,file deleted because it no longer exists in main
translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-user-account.md,file deleted because it no longer exists in main
+translations/zh-CN/data/glossaries/internal.yml,file deleted because it no longer exists in main
translations/zh-CN/data/graphql/ghes-3.1/graphql_previews.enterprise.yml,file deleted because it no longer exists in main
translations/zh-CN/data/reusables/actions/self-hosted-runner-configure-runner-group-access.md,file deleted because it no longer exists in main
translations/zh-CN/data/reusables/actions/self-hosted-runner-configure-runner-group.md,file deleted because it no longer exists in main
@@ -259,6 +260,7 @@ translations/zh-CN/content/actions/hosting-your-own-runners/managing-access-to-s
translations/zh-CN/content/actions/learn-github-actions/contexts.md,broken liquid tags
translations/zh-CN/content/actions/learn-github-actions/understanding-github-actions.md,broken liquid tags
translations/zh-CN/content/actions/managing-workflow-runs/re-running-workflows-and-jobs.md,broken liquid tags
+translations/zh-CN/content/actions/publishing-packages/publishing-docker-images.md,broken liquid tags
translations/zh-CN/content/actions/publishing-packages/publishing-nodejs-packages.md,broken liquid tags
translations/zh-CN/content/actions/quickstart.md,rendering error
translations/zh-CN/content/actions/security-guides/automatic-token-authentication.md,broken liquid tags
@@ -415,14 +417,37 @@ translations/zh-CN/content/repositories/managing-your-repositorys-settings-and-f
translations/zh-CN/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-autolinks-to-reference-external-resources.md,broken liquid tags
translations/zh-CN/content/repositories/releasing-projects-on-github/managing-releases-in-a-repository.md,broken liquid tags
translations/zh-CN/content/repositories/working-with-files/using-files/working-with-non-code-files.md,broken liquid tags
+translations/zh-CN/content/rest/guides/getting-started-with-the-rest-api.md,broken liquid tags
translations/zh-CN/content/rest/overview/other-authentication-methods.md,broken liquid tags
translations/zh-CN/content/rest/overview/resources-in-the-rest-api.md,broken liquid tags
translations/zh-CN/content/rest/repos/lfs.md,broken liquid tags
translations/zh-CN/content/search-github/getting-started-with-searching-on-github/enabling-githubcom-repository-search-from-your-private-enterprise-environment.md,rendering error
translations/zh-CN/content/search-github/searching-on-github/searching-issues-and-pull-requests.md,broken liquid tags
translations/zh-CN/content/site-policy/privacy-policies/github-subprocessors-and-cookies.md,broken liquid tags
+translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization.md,broken liquid tags
+translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account.md,broken liquid tags
translations/zh-CN/content/support/learning-about-github-support/about-github-support.md,broken liquid tags
-translations/zh-CN/data/release-notes/github-ae/2021-06/2021-12-06.yml,broken liquid tags
+translations/zh-CN/data/release-notes/enterprise-server/2-21/6.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/2-22/0.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/2-22/1.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/2-22/2.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/2-22/22.yml,broken liquid tags
+translations/zh-CN/data/release-notes/enterprise-server/2-22/3.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/2-22/7.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/2-22/8.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/2-22/9.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/3-0/0.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/3-0/1.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/3-0/2.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/3-0/3.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/3-1/1.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/3-1/2.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/3-1/4.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/3-2/0-rc1.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/3-3/0-rc1.yml,rendering error
+translations/zh-CN/data/release-notes/enterprise-server/3-4/0-rc1.yml,rendering error
+translations/zh-CN/data/release-notes/github-ae/2021-03/2021-03-03.yml,rendering error
+translations/zh-CN/data/release-notes/github-ae/2021-06/2021-12-06.yml,rendering error
translations/zh-CN/data/reusables/actions/about-actions-for-enterprises.md,rendering error
translations/zh-CN/data/reusables/actions/actions-audit-events-workflow.md,broken liquid tags
translations/zh-CN/data/reusables/actions/actions-billing.md,broken liquid tags
diff --git a/translations/log/msft-pt-resets.csv b/translations/log/msft-pt-resets.csv
index 7c4b0a53cc..98eb1387a5 100644
--- a/translations/log/msft-pt-resets.csv
+++ b/translations/log/msft-pt-resets.csv
@@ -262,6 +262,7 @@ translations/pt-BR/content/actions/hosting-your-own-runners/managing-access-to-s
translations/pt-BR/content/actions/learn-github-actions/contexts.md,broken liquid tags
translations/pt-BR/content/actions/learn-github-actions/understanding-github-actions.md,broken liquid tags
translations/pt-BR/content/actions/managing-workflow-runs/re-running-workflows-and-jobs.md,broken liquid tags
+translations/pt-BR/content/actions/publishing-packages/publishing-docker-images.md,broken liquid tags
translations/pt-BR/content/actions/publishing-packages/publishing-nodejs-packages.md,broken liquid tags
translations/pt-BR/content/actions/security-guides/automatic-token-authentication.md,broken liquid tags
translations/pt-BR/content/actions/security-guides/encrypted-secrets.md,broken liquid tags
@@ -392,6 +393,7 @@ translations/pt-BR/content/packages/learn-github-packages/about-permissions-for-
translations/pt-BR/content/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility.md,broken liquid tags
translations/pt-BR/content/packages/learn-github-packages/deleting-and-restoring-a-package.md,broken liquid tags
translations/pt-BR/content/packages/learn-github-packages/viewing-packages.md,broken liquid tags
+translations/pt-BR/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md,broken liquid tags
translations/pt-BR/content/pages/getting-started-with-github-pages/creating-a-github-pages-site.md,broken liquid tags
translations/pt-BR/content/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request.md,broken liquid tags
translations/pt-BR/content/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request.md,broken liquid tags
@@ -405,6 +407,8 @@ translations/pt-BR/content/rest/overview/resources-in-the-rest-api.md,broken liq
translations/pt-BR/content/rest/repos/lfs.md,broken liquid tags
translations/pt-BR/content/search-github/searching-on-github/searching-issues-and-pull-requests.md,broken liquid tags
translations/pt-BR/content/site-policy/privacy-policies/github-subprocessors-and-cookies.md,broken liquid tags
+translations/pt-BR/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization.md,broken liquid tags
+translations/pt-BR/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account.md,broken liquid tags
translations/pt-BR/content/support/learning-about-github-support/about-github-support.md,broken liquid tags
translations/pt-BR/data/glossaries/external.yml,broken liquid tags
translations/pt-BR/data/learning-tracks/code-security.yml,broken liquid tags
diff --git a/translations/pt-BR/content/actions/publishing-packages/publishing-docker-images.md b/translations/pt-BR/content/actions/publishing-packages/publishing-docker-images.md
index 11d2135fcf..c56906a838 100644
--- a/translations/pt-BR/content/actions/publishing-packages/publishing-docker-images.md
+++ b/translations/pt-BR/content/actions/publishing-packages/publishing-docker-images.md
@@ -1,6 +1,6 @@
---
-title: Publicando imagens do Docker
-intro: 'Você pode publicar imagens Docker para um registro, como o Docker Hub ou {% data variables.product.prodname_registry %}, como parte do seu fluxo de trabalho de integração contínua (CI).'
+title: Publishing Docker images
+intro: 'You can publish Docker images to a registry, such as Docker Hub or {% data variables.product.prodname_registry %}, as part of your continuous integration (CI) workflow.'
redirect_from:
- /actions/language-and-framework-guides/publishing-docker-images
- /actions/guides/publishing-docker-images
@@ -14,61 +14,63 @@ topics:
- Packaging
- Publishing
- Docker
-ms.openlocfilehash: 01f20527dedeea3685855797993187e7af462de4
-ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
-ms.translationtype: HT
-ms.contentlocale: pt-BR
-ms.lasthandoff: 09/05/2022
-ms.locfileid: '147410288'
---
-{% data reusables.actions.enterprise-beta %} {% data reusables.actions.enterprise-github-hosted-runners %}
-## Introdução
+{% data reusables.actions.enterprise-beta %}
+{% data reusables.actions.enterprise-github-hosted-runners %}
-Este guia mostra como criar um fluxo de trabalho que realiza uma criação do Docker e, em seguida, publica imagens do Docker no Docker Hub ou no {% data variables.product.prodname_registry %}. Com um único fluxo de trabalho, você pode publicar imagens em um único registro ou em vários registros.
+## Introduction
+
+This guide shows you how to create a workflow that performs a Docker build, and then publishes Docker images to Docker Hub or {% data variables.product.prodname_registry %}. With a single workflow, you can publish images to a single registry or to multiple registries.
{% note %}
-**Observação:** caso você deseje efetuar push para outro registro do Docker de terceiros, o exemplo descrito na seção "[Como publicar imagens no {% data variables.product.prodname_registry %}](#publishing-images-to-github-packages)" pode servir como um bom modelo.
+**Note:** If you want to push to another third-party Docker registry, the example in the "[Publishing images to {% data variables.product.prodname_registry %}](#publishing-images-to-github-packages)" section can serve as a good template.
{% endnote %}
-## Pré-requisitos
+## Prerequisites
-Recomendamos que você tenha um entendimento básico das opções de configuração do fluxo de trabalho e de como criar um arquivo do fluxo de trabalho. Para obter mais informações, confira "[Aprenda a usar o {% data variables.product.prodname_actions %}](/actions/learn-github-actions)".
+We recommend that you have a basic understanding of workflow configuration options and how to create a workflow file. For more information, see "[Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)."
-Você também pode achar útil ter um entendimento básico do seguinte:
+You might also find it helpful to have a basic understanding of the following:
-- "[Segredos criptografados](/actions/reference/encrypted-secrets)"
-- "[Autenticação em um fluxo de trabalho](/actions/reference/authentication-in-a-workflow)"{% ifversion fpt or ghec %}
-- "[Como trabalhar com o {% data variables.product.prodname_container_registry %}](/packages/working-with-a-github-packages-registry/working-with-the-container-registry)"{% else %}
-- "[Como trabalhar com o registro do Docker](/packages/working-with-a-github-packages-registry/working-with-the-docker-registry)"{% endif %}
+- "[Encrypted secrets](/actions/reference/encrypted-secrets)"
+- "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow)"{% ifversion fpt or ghec %}
+- "[Working with the {% data variables.product.prodname_container_registry %}](/packages/working-with-a-github-packages-registry/working-with-the-container-registry)"{% else %}
+- "[Working with the Docker registry](/packages/working-with-a-github-packages-registry/working-with-the-docker-registry)"{% endif %}
-## Sobre a configuração da imagem
+## About image configuration
-Este guia pressupõe que você tem uma definição completa para uma imagem Docker armazenada em um repositório {% data variables.product.prodname_dotcom %}. Por exemplo, seu repositório precisa conter um _Dockerfile_ e todos os outros arquivos necessários para executar um build do Docker para criar uma imagem.
+This guide assumes that you have a complete definition for a Docker image stored in a {% data variables.product.prodname_dotcom %} repository. For example, your repository must contain a _Dockerfile_, and any other files needed to perform a Docker build to create an image.
-Neste guia, usaremos a ação `build-push-action` do Docker para compilar a imagem do Docker e efetuar push dela para um ou mais registros do Docker. Para obter mais informações, confira [`build-push-action`](https://github.com/marketplace/actions/build-and-push-docker-images).
+{% ifversion fpt or ghec or ghes > 3.4 %}
+
+{% data reusables.package_registry.about-docker-labels %} For more information, see "[Working with the {% data variables.product.prodname_container_registry %}](/packages/working-with-a-github-packages-registry/working-with-the-container-registry#labelling-container-images)."
+
+{% endif %}
+
+In this guide, we will use the Docker `build-push-action` action to build the Docker image and push it to one or more Docker registries. For more information, see [`build-push-action`](https://github.com/marketplace/actions/build-and-push-docker-images).
{% data reusables.actions.enterprise-marketplace-actions %}
-## Publicar imagens no Docker Hub
+## Publishing images to Docker Hub
{% data reusables.actions.release-trigger-workflow %}
-No exemplo de fluxo de trabalho abaixo, usaremos as ações `login-action` e `build-push-action` do Docker para compilar a imagem do Docker e, se o build for bem-sucedido, efetuaremos push da imagem compilada para o Docker Hub.
+In the example workflow below, we use the Docker `login-action` and `build-push-action` actions to build the Docker image and, if the build succeeds, push the built image to Docker Hub.
-Para fazer push para o Docker Hub, você deverá ter uma conta Docker Hub e ter criado um repositório Docker Hub. Para obter mais informações, confira "[Como efetuar push de uma imagem de contêiner do Docker para o Docker Hub](https://docs.docker.com/docker-hub/repos/#pushing-a-docker-container-image-to-docker-hub)" na documentação do Docker.
+To push to Docker Hub, you will need to have a Docker Hub account, and have a Docker Hub repository created. For more information, see "[Pushing a Docker container image to Docker Hub](https://docs.docker.com/docker-hub/repos/#pushing-a-docker-container-image-to-docker-hub)" in the Docker documentation.
-As opções `login-action` necessárias para o Docker Hub são:
-* `username` e `password`: esse é seu nome de usuário e sua senha do Docker Hub. Recomendamos armazenar seu nome de usuário e senha do Docker Hub como segredos para que não estejam expostos no seu arquivo de fluxo de trabalho. Para obter mais informações, confira "[Como criar e usar segredos criptografados](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)".
+The `login-action` options required for Docker Hub are:
+* `username` and `password`: This is your Docker Hub username and password. We recommend storing your Docker Hub username and password as secrets so they aren't exposed in your workflow file. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
-A opção `metadata-action` obrigatória para o Docker Hub é:
-* `images`: o namespace e o nome da imagem do Docker que você está compilando/enviando por push para o Docker Hub.
+The `metadata-action` option required for Docker Hub is:
+* `images`: The namespace and name for the Docker image you are building/pushing to Docker Hub.
-As opções `build-push-action` necessárias para o Docker Hub são:
-* `tags`: a marca da nova imagem no formato `DOCKER-HUB-NAMESPACE/DOCKER-HUB-REPOSITORY:VERSION`. Você pode definir uma única tag, conforme mostrado abaixo, ou especificar várias tags em uma lista.
-* `push`: se isso for definido como `true`, a imagem será enviada por push para o registro se for compilada com sucesso.
+The `build-push-action` options required for Docker Hub are:
+* `tags`: The tag of your new image in the format `DOCKER-HUB-NAMESPACE/DOCKER-HUB-REPOSITORY:VERSION`. You can set a single tag as shown below, or specify multiple tags in a list.
+* `push`: If set to `true`, the image will be pushed to the registry if it is built successfully.
```yaml{:copy}
{% data reusables.actions.actions-not-certified-by-github-comment %}
@@ -110,38 +112,42 @@ jobs:
labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %}
```
-O fluxo de trabalho acima faz check-out do repositório do {% data variables.product.prodname_dotcom %}, usa `login-action` para fazer logon no registro e usa a ação `build-push-action` para: compilar uma imagem do Docker com base no `Dockerfile` do seu repositório, efetuar push da imagem para o Docker Hub e aplicar uma marca à imagem.
+The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` to log in to the registry, and then uses the `build-push-action` action to: build a Docker image based on your repository's `Dockerfile`; push the image to Docker Hub, and apply a tag to the image.
-## Publicar imagens em {% data variables.product.prodname_registry %}
+## Publishing images to {% data variables.product.prodname_registry %}
-{% ifversion ghes > 3.4 %} {% data reusables.package_registry.container-registry-ghes-beta %} {% endif %}
+{% ifversion ghes > 3.4 %}
+{% data reusables.package_registry.container-registry-ghes-beta %}
+{% endif %}
{% data reusables.actions.release-trigger-workflow %}
-No exemplo de fluxo de trabalho abaixo, usaremos as ações `login-action`{% ifversion fpt or ghec %}, `metadata-action`{% endif %} e `build-push-action` do Docker para compilar a imagem do Docker e, se o build for bem-sucedido, efetuar push da imagem compilada para o {% data variables.product.prodname_registry %}.
+In the example workflow below, we use the Docker `login-action`{% ifversion fpt or ghec %}, `metadata-action`,{% endif %} and `build-push-action` actions to build the Docker image, and if the build succeeds, push the built image to {% data variables.product.prodname_registry %}.
-As opções `login-action` obrigatórias para o {% data variables.product.prodname_registry %} são:
-* `registry`: deve ser definido como {% ifversion fpt or ghec %}`ghcr.io`{% elsif ghes > 3.4 %}`{% data reusables.package_registry.container-registry-hostname %}`{% else %}`docker.pkg.github.com`{% endif %}.
-* `username`: use o contexto {% raw %}`${{ github.actor }}`{% endraw %} para usar automaticamente o nome de usuário do usuário que disparou a execução de fluxo de trabalho. Para obter mais informações, confira "[Contextos](/actions/learn-github-actions/contexts#github-context)".
-* `password`: use o segredo `GITHUB_TOKEN` gerado automaticamente para a senha. Para obter mais informações, confira "[Como se autenticar com o GITHUB_TOKEN](/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token)".
+The `login-action` options required for {% data variables.product.prodname_registry %} are:
+* `registry`: Must be set to {% ifversion fpt or ghec %}`ghcr.io`{% elsif ghes > 3.4 %}`{% data reusables.package_registry.container-registry-hostname %}`{% else %}`docker.pkg.github.com`{% endif %}.
+* `username`: You can use the {% raw %}`${{ github.actor }}`{% endraw %} context to automatically use the username of the user that triggered the workflow run. For more information, see "[Contexts](/actions/learn-github-actions/contexts#github-context)."
+* `password`: You can use the automatically-generated `GITHUB_TOKEN` secret for the password. For more information, see "[Authenticating with the GITHUB_TOKEN](/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token)."
-{% ifversion fpt or ghec %} A opção `metadata-action` obrigatória para o {% data variables.product.prodname_registry %} é:
-* `images`: o namespace e o nome da imagem do Docker que está sendo compilada.
+{% ifversion fpt or ghec %}
+The `metadata-action` option required for {% data variables.product.prodname_registry %} is:
+* `images`: The namespace and name for the Docker image you are building.
{% endif %}
-As opções `build-push-action` obrigatórias para o {% data variables.product.prodname_registry %} são:{% ifversion fpt or ghec %}
-* `context`: define o contexto do build como o conjunto de arquivos localizado no caminho especificado.{% endif %}
-* `push`: se isso for definido como `true`, a imagem será enviada por push para o registro se for compilada com sucesso.{% ifversion fpt or ghec %}
-* `tags` e `labels`: são preenchidos pela saída de `metadata-action`.{% else %}
-* `tags`: deve ser definido no formato {% ifversion ghes > 3.4 %}`{% data reusables.package_registry.container-registry-hostname %}/OWNER/REPOSITORY/IMAGE_NAME:VERSION`.
+The `build-push-action` options required for {% data variables.product.prodname_registry %} are:{% ifversion fpt or ghec %}
+* `context`: Defines the build's context as the set of files located in the specified path.{% endif %}
+* `push`: If set to `true`, the image will be pushed to the registry if it is built successfully.{% ifversion fpt or ghec %}
+* `tags` and `labels`: These are populated by output from `metadata-action`.{% else %}
+* `tags`: Must be set in the format {% ifversion ghes > 3.4 %}`{% data reusables.package_registry.container-registry-hostname %}/OWNER/REPOSITORY/IMAGE_NAME:VERSION`.
- Por exemplo, para uma imagem chamada `octo-image` armazenada no {% data variables.product.prodname_ghe_server %} em `https://HOSTNAME/octo-org/octo-repo`, a opção `tags` deverá ser definida como `{% data reusables.package_registry.container-registry-hostname %}/octo-org/octo-repo/octo-image:latest`{% else %}`docker.pkg.github.com/OWNER/REPOSITORY/IMAGE_NAME:VERSION`.
+ For example, for an image named `octo-image` stored on {% data variables.product.prodname_ghe_server %} at `https://HOSTNAME/octo-org/octo-repo`, the `tags` option should be set to `{% data reusables.package_registry.container-registry-hostname %}/octo-org/octo-repo/octo-image:latest`{% else %}`docker.pkg.github.com/OWNER/REPOSITORY/IMAGE_NAME:VERSION`.
- Por exemplo, para uma imagem chamada `octo-image` armazenada no {% data variables.product.prodname_dotcom %} em `http://github.com/octo-org/octo-repo`, a opção `tags` deve ser definida como `docker.pkg.github.com/octo-org/octo-repo/octo-image:latest`{% endif %}. Você pode definir uma única tag, conforme mostrado abaixo, ou especificar várias tags em uma lista.{% endif %}
+ For example, for an image named `octo-image` stored on {% data variables.product.prodname_dotcom %} at `http://github.com/octo-org/octo-repo`, the `tags` option should be set to `docker.pkg.github.com/octo-org/octo-repo/octo-image:latest`{% endif %}. You can set a single tag as shown below, or specify multiple tags in a list.{% endif %}
-{% ifversion fpt or ghec or ghes > 3.4 %} {% data reusables.package_registry.publish-docker-image %}
+{% ifversion fpt or ghec or ghes > 3.4 %}
+{% data reusables.package_registry.publish-docker-image %}
-O fluxo de trabalho acima é acionado por um push para o branch da "versão". Ele faz check-out do repositório do GitHub e usa `login-action` para fazer logon no {% data variables.product.prodname_container_registry %}. Em seguida, extrai etiquetas e tags para a imagem do Docker. Por fim, ele usa a ação `build-push-action` para criar a imagem e publicá-la no {% data variables.product.prodname_container_registry %}.
+The above workflow is triggered by a push to the "release" branch. It checks out the GitHub repository, and uses the `login-action` to log in to the {% data variables.product.prodname_container_registry %}. It then extracts labels and tags for the Docker image. Finally, it uses the `build-push-action` action to build the image and publish it on the {% data variables.product.prodname_container_registry %}.
{% else %}
@@ -183,16 +189,18 @@ jobs:
{% ifversion ghae %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %}/${{ github.repository }}/octo-image:${{ github.event.release.tag_name }}{% endraw %}
```
-O fluxo de trabalho acima faz check-out do repositório do {% data variables.product.product_name %}, usa `login-action` para fazer logon no registro e usa a ação `build-push-action` para: compilar uma imagem do Docker com base no `Dockerfile` do repositório, enviar por push a imagem para o registro do Docker e aplicar a confirmação do SHA e a versão como marcas da imagem.
+The above workflow checks out the {% data variables.product.product_name %} repository, uses the `login-action` to log in to the registry, and then uses the `build-push-action` action to: build a Docker image based on your repository's `Dockerfile`; push the image to the Docker registry, and apply the commit SHA and release version as image tags.
{% endif %}
-## Publicar imagens no Docker Hub e {% data variables.product.prodname_registry %}
+## Publishing images to Docker Hub and {% data variables.product.prodname_registry %}
-{% ifversion ghes > 3.4 %} {% data reusables.package_registry.container-registry-ghes-beta %} {% endif %}
+{% ifversion ghes > 3.4 %}
+{% data reusables.package_registry.container-registry-ghes-beta %}
+{% endif %}
-Em um fluxo de trabalho individual, você pode publicar sua imagem do Docker em vários registros usando as ações `login-action` e `build-push-action` para cada registro.
+In a single workflow, you can publish your Docker image to multiple registries by using the `login-action` and `build-push-action` actions for each registry.
-O exemplo de fluxo de trabalho a seguir usa as etapas das seções anteriores ("[Como publicar imagens no Docker Hub](#publishing-images-to-docker-hub)" e "[Como publicar imagens no {% data variables.product.prodname_registry %}](#publishing-images-to-github-packages)") para criar um fluxo de trabalho individual que efetua push para os dois registros.
+The following example workflow uses the steps from the previous sections ("[Publishing images to Docker Hub](#publishing-images-to-docker-hub)" and "[Publishing images to {% data variables.product.prodname_registry %}](#publishing-images-to-github-packages)") to create a single workflow that pushes to both registries.
```yaml{:copy}
{% data reusables.actions.actions-not-certified-by-github-comment %}
@@ -246,5 +254,5 @@ jobs:
labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %}
```
-O fluxo de trabalho acima faz check-out do repositório do {% data variables.product.product_name %}, usa a `login-action` duas vezes para fazer logon nos dois registros e gera marcas e rótulos com a ação `metadata-action`.
-Em seguida, a ação `build-push-action` compila a imagem do Docker e a envia por push para o Docker Hub e o {% ifversion fpt or ghec or ghes > 3.4 %}{% data variables.product.prodname_container_registry %}{% else %}Registro do Docker{% endif %}.
+The above workflow checks out the {% data variables.product.product_name %} repository, uses the `login-action` twice to log in to both registries and generates tags and labels with the `metadata-action` action.
+Then the `build-push-action` action builds and pushes the Docker image to Docker Hub and the {% ifversion fpt or ghec or ghes > 3.4 %}{% data variables.product.prodname_container_registry %}{% else %}Docker registry{% endif %}.
diff --git a/translations/pt-BR/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md b/translations/pt-BR/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md
index 3b853a5df7..edf9540d4a 100644
--- a/translations/pt-BR/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md
+++ b/translations/pt-BR/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md
@@ -1,6 +1,6 @@
---
-title: Trabalhando com o registro do Contêiner
-intro: 'Você pode armazenar e gerenciar imagens do Docker e OCI no {% data variables.product.prodname_container_registry %}, que usa o namespace `https://{% data reusables.package_registry.container-registry-hostname %}`do pacote.'
+title: Working with the Container registry
+intro: 'You can store and manage Docker and OCI images in the {% data variables.product.prodname_container_registry %}, which uses the package namespace `https://{% data reusables.package_registry.container-registry-hostname %}`.'
product: '{% data reusables.gated-features.packages %}'
redirect_from:
- /packages/managing-container-images-with-github-container-registry/pushing-and-pulling-docker-images
@@ -17,85 +17,82 @@ versions:
ghec: '*'
ghes: '>= 3.5'
shortTitle: Container registry
-ms.openlocfilehash: fc99e2e21a647c7a1a2517de8aa68822faac496e
-ms.sourcegitcommit: 478f2931167988096ae6478a257f492ecaa11794
-ms.translationtype: HT
-ms.contentlocale: pt-BR
-ms.lasthandoff: 09/09/2022
-ms.locfileid: '147705048'
---
+
{% data reusables.package_registry.container-registry-ghes-beta %}
-## Sobre o {% data variables.product.prodname_container_registry %}
+## About the {% data variables.product.prodname_container_registry %}
{% data reusables.package_registry.container-registry-benefits %}
{% ifversion ghes > 3.4 %}
-Para usar o {% data variables.product.prodname_container_registry %} no {% data variables.product.product_name %}, o administrador do site deverá primeiro configurar {% data variables.product.prodname_registry %} para sua instância **e** habilitar o isolamento de subdomínio. Para obter mais informações, confira "[Introdução aos Pacotes do GitHub para sua empresa](/admin/packages/getting-started-with-github-packages-for-your-enterprise)" e "[Habilitar o isolamento de subdomínio](/admin/configuration/configuring-network-settings/enabling-subdomain-isolation)."
+To use the {% data variables.product.prodname_container_registry %} on {% data variables.product.product_name %}, your site administrator must first configure {% data variables.product.prodname_registry %} for your instance **and** enable subdomain isolation. For more information, see "[Getting started with GitHub Packages for your enterprise](/admin/packages/getting-started-with-github-packages-for-your-enterprise)" and "[Enabling subdomain isolation](/admin/configuration/configuring-network-settings/enabling-subdomain-isolation)."
{% endif %}
-## Sobre o suporte de {% data variables.product.prodname_container_registry %}
+## About {% data variables.product.prodname_container_registry %} support
-O {% data variables.product.prodname_container_registry %} é atualmente compatível com os seguintes formatos de imagem do contêiner:
+The {% data variables.product.prodname_container_registry %} currently supports the following container image formats:
-* [Manifesto de Imagem do Docker V2, Esquema 2](https://docs.docker.com/registry/spec/manifest-v2-2/)
-* [Especificações da OCI (Open Container Initiative)](https://github.com/opencontainers/image-spec)
+* [Docker Image Manifest V2, Schema 2](https://docs.docker.com/registry/spec/manifest-v2-2/)
+* [Open Container Initiative (OCI) Specifications](https://github.com/opencontainers/image-spec)
-Ao instalar ou publicar uma imagem Docker, a {% data variables.product.prodname_container_registry %} é compatível com as camadas estrangeiras, como imagens do Windows.
+When installing or publishing a Docker image, the {% data variables.product.prodname_container_registry %} supports foreign layers, such as Windows images.
-## Efetuar a autenticação no {% data variables.product.prodname_container_registry %}
+## Authenticating to the {% data variables.product.prodname_container_registry %}
-{% ifversion fpt or ghec or ghes > 3.4 %} Para se autenticar no {% data variables.product.prodname_container_registry %} (`ghcr.io`) dentro de um fluxo de trabalho de{% data variables.product.prodname_actions %}, use `GITHUB_TOKEN` para a melhor segurança e experiência. {% data reusables.package_registry.authenticate_with_pat_for_v2_registry %} {% endif %}
+{% ifversion fpt or ghec or ghes > 3.4 %}
+To authenticate to the {% data variables.product.prodname_container_registry %} (`ghcr.io`) within a {% data variables.product.prodname_actions %} workflow, use the `GITHUB_TOKEN` for the best security and experience. {% data reusables.package_registry.authenticate_with_pat_for_v2_registry %}
+{% endif %}
-{% ifversion ghes %}Substitua `HOSTNAME` por {% data variables.product.product_location_enterprise %} nome do host ou endereço IP nos exemplos abaixo.{% endif %}
+{% ifversion ghes %}Ensure that you replace `HOSTNAME` with {% data variables.product.product_location_enterprise %} hostname or IP address in the examples below.{% endif %}
{% data reusables.package_registry.authenticate-to-container-registry-steps %}
-## Fazer push das imagens do contêiner
+## Pushing container images
-Este exemplo efetua push da última versão de `IMAGE_NAME`.
+This example pushes the latest version of `IMAGE_NAME`.
```shell
$ docker push {% data reusables.package_registry.container-registry-hostname %}/OWNER/IMAGE_NAME:latest
```
-Este exemplo efetua push da versão `2.5` da imagem.
+This example pushes the `2.5` version of the image.
```shell
$ docker push {% data reusables.package_registry.container-registry-hostname %}/OWNER/IMAGE_NAME:2.5
```
-Ao publicar um pacote pela primeira vez a visibilidade-padrão será privada. Para alterar a visibilidade ou definir permissões de acesso, confira "[Como configurar o controle de acesso e a visibilidade de um pacote](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)".
+When you first publish a package, the default visibility is private. To change the visibility or set access permissions, see "[Configuring a package's access control and visibility](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)."
-## Fazer pull das imagens de contêiner
+## Pulling container images
-### Pull por resumo
+### Pull by digest
-Para garantir que você esteja sempre usando a mesma imagem, especifique a versão exata da imagem de contêiner da qual deseja efetuar pull pelo valor do SHA de `digest`.
+To ensure you're always using the same image, you can specify the exact container image version you want to pull by the `digest` SHA value.
-1. Para localizar o valor do SHA de resumo, use `docker inspect` ou `docker pull` e copie o valor do SHA após `Digest:`
+1. To find the digest SHA value, use `docker inspect` or `docker pull` and copy the SHA value after `Digest:`
```shell
$ docker inspect {% data reusables.package_registry.container-registry-hostname %}/OWNER/IMAGE_NAME
```
-2. Remova a imagem localmente, conforme necessário.
+2. Remove image locally as needed.
```shell
$ docker rmi {% data reusables.package_registry.container-registry-hostname %}/OWNER/IMAGE_NAME:latest
```
-3. Efetue pull da imagem de contêiner com `@YOUR_SHA_VALUE` após o nome da imagem.
+3. Pull the container image with `@YOUR_SHA_VALUE` after the image name.
```shell
$ docker pull {% data reusables.package_registry.container-registry-hostname %}/OWNER/IMAGE_NAME@sha256:82jf9a84u29hiasldj289498uhois8498hjs29hkuhs
```
-### Pull por nome
+### Pull by name
```shell
$ docker pull {% data reusables.package_registry.container-registry-hostname %}/OWNER/IMAGE_NAME
```
-### Pull por nome e versão
+### Pull by name and version
-Exemplo da CLI do Docker que mostra uma imagem extraída pelo nome e pela tag de versão `1.14.1`:
+Docker CLI example showing an image pulled by its name and the `1.14.1` version tag:
```shell
$ docker pull {% data reusables.package_registry.container-registry-hostname %}/OWNER/IMAGE_NAME:1.14.1
> 5e35bd43cf78: Pull complete
@@ -107,7 +104,7 @@ Exemplo da CLI do Docker que mostra uma imagem extraída pelo nome e pela tag de
> {% data reusables.package_registry.container-registry-hostname %}/orgname/image-name/release:1.14.1
```
-### Pull por nome e última versão
+### Pull by name and latest version
```shell
$ docker pull {% data reusables.package_registry.container-registry-hostname %}/OWNER/IMAGE_NAME:latest
@@ -117,16 +114,16 @@ Exemplo da CLI do Docker que mostra uma imagem extraída pelo nome e pela tag de
> {% data reusables.package_registry.container-registry-hostname %}/user/image-name:latest
```
-## Criar imagens de contêiner
+## Building container images
-Este exemplo compila a imagem `hello_docker`:
+This example builds the `hello_docker` image:
```shell
$ docker build -t hello_docker .
```
-## Marcar imagens de contêiner
+## Tagging container images
-1. Encontre o ID da imagem do Docker que você deseja marcar.
+1. Find the ID for the Docker image you want to tag.
```shell
$ docker images
> REPOSITORY TAG IMAGE ID CREATED SIZE
@@ -135,7 +132,35 @@ Este exemplo compila a imagem `hello_docker`:
> hello-world latest fce289e99eb9 16 months ago 1.84kB
```
-2. Marque a sua imagem do Docker usando o ID da imagem, o nome da imagem desejada e a hospedagem de destino.
+2. Tag your Docker image using the image ID and your desired image name and hosting destination.
```shell
$ docker tag 38f737a91f39 {% data reusables.package_registry.container-registry-hostname %}/OWNER/NEW_IMAGE_NAME:latest
```
+
+## Labelling container images
+
+{% data reusables.package_registry.about-docker-labels %} For more information on Docker labels, see [LABEL](https://docs.docker.com/engine/reference/builder/#label) in the official Docker documentation and [Pre-Defined Annotation Keys](https://github.com/opencontainers/image-spec/blob/master/annotations.md#pre-defined-annotation-keys) in the `opencontainers/image-spec` repository.
+
+The following labels are supported in the {% data variables.product.prodname_container_registry %}. Supported labels will appear on the package page for the image.
+
+Label | Description
+------|------------
+| `org.opencontainers.image.source` | The URL of the repository associated with the package. For more information, see "[Connecting a repository to a package](/packages/learn-github-packages/connecting-a-repository-to-a-package#connecting-a-repository-to-a-container-image-using-the-command-line)."
+| `org.opencontainers.image.description` | A text-only description limited to 512 characters. This description will appear on the package page, below the name of the package.
+| `org.opencontainers.image.licenses` | An SPDX license identifier such as "MIT," limited to 256 characters. The license will appear on the package page, in the "Details" sidebar. For more information, see [SPDX License List](https://spdx.org/licenses/).
+
+To add labels to an image, we recommend using the `LABEL` instruction in your `Dockerfile`. For example, if you're the user `monalisa` and you own `my-repo`, and your image is distributed under the terms of the MIT license, you would add the following lines to your `Dockerfile`:
+
+```dockerfile
+LABEL org.opencontainers.image.source=https://{% ifversion fpt or ghec %}github.com{% else %}HOSTNAME{% endif %}/monalisa/my-repo
+LABEL org.opencontainers.image.description="My container image"
+LABEL org.opencontainers.image.licenses=MIT
+```
+
+Alternatively, you can add labels to an image at buildtime with the `docker build` command.
+
+```shell
+$ docker build \
+ --label "org.opencontainers.image.source=https://{% ifversion fpt or ghec %}github.com{% else %}HOSTNAME{% endif %}/monalisa/my-repo" \
+ --label "org.opencontainers.image.description=My container image" \
+ --label "org.opencontainers.image.licenses=MIT"
diff --git a/translations/pt-BR/content/sponsors/receiving-sponsorships-through-github-sponsors/index.md b/translations/pt-BR/content/sponsors/receiving-sponsorships-through-github-sponsors/index.md
index 5017e089e9..54c8daf16f 100644
--- a/translations/pt-BR/content/sponsors/receiving-sponsorships-through-github-sponsors/index.md
+++ b/translations/pt-BR/content/sponsors/receiving-sponsorships-through-github-sponsors/index.md
@@ -13,6 +13,7 @@ children:
- /about-github-sponsors-for-open-source-contributors
- /setting-up-github-sponsors-for-your-personal-account
- /setting-up-github-sponsors-for-your-organization
+ - /using-a-fiscal-host-to-receive-github-sponsors-payouts
- /editing-your-profile-details-for-github-sponsors
- /managing-your-sponsorship-goal
- /managing-your-sponsorship-tiers
diff --git a/translations/pt-BR/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization.md b/translations/pt-BR/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization.md
index 3f15d45538..7fff95c1c3 100644
--- a/translations/pt-BR/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization.md
+++ b/translations/pt-BR/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization.md
@@ -1,6 +1,6 @@
---
-title: Configurando o GitHub Sponsors (Patrocinadores do GitHub) para sua organização
-intro: 'Sua organização pode ingressar no {% data variables.product.prodname_sponsors %} para receber pagamentos pelo seu trabalho.'
+title: Setting up GitHub Sponsors for your organization
+intro: 'Your organization can join {% data variables.product.prodname_sponsors %} to receive payments for your work.'
redirect_from:
- /articles/setting-up-github-sponsorship-for-your-organization
- /articles/receiving-sponsorships-as-a-sponsored-organization
@@ -15,64 +15,84 @@ topics:
- Sponsors profile
- Open Source
shortTitle: Set up for organization
-ms.openlocfilehash: d7de813453d379ae898cc26d9579e06710aab26d
-ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
-ms.translationtype: HT
-ms.contentlocale: pt-BR
-ms.lasthandoff: 09/05/2022
-ms.locfileid: '145164467'
---
-## Ingressar no {% data variables.product.prodname_sponsors %}
+
+## Joining {% data variables.product.prodname_sponsors %}
{% data reusables.sponsors.you-can-be-a-sponsored-organization %} {% data reusables.sponsors.stripe-supported-regions %}
-Depois de receber um convite para sua organização ingressar no {% data variables.product.prodname_sponsors %}, você poderá concluir as etapas abaixo para se tornar uma organização patrocinada.
+After you receive an invitation for your organization to join {% data variables.product.prodname_sponsors %}, you can complete the steps below to become a sponsored organization.
-Para ingressar no {% data variables.product.prodname_sponsors %} como colaborador individual fora de uma organização, confira "[Como configurar o {% data variables.product.prodname_sponsors %} para sua conta pessoal](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account)".
+To join {% data variables.product.prodname_sponsors %} as an individual contributor outside an organization, see "[Setting up {% data variables.product.prodname_sponsors %} for your personal account](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account)."
-{% data reusables.sponsors.navigate-to-github-sponsors %} {% data reusables.sponsors.view-eligible-accounts %}
-3. À direita da sua organização, clique em **Ingressar na lista de espera**.
-{% data reusables.sponsors.contact-info %} {% data reusables.sponsors.accept-legal-terms %}
+{% data reusables.sponsors.navigate-to-github-sponsors %}
+{% data reusables.sponsors.view-eligible-accounts %}
+3. To the right of your organization, click **Join the waitlist**.
+{% data reusables.sponsors.contact-info %}
+{% data reusables.sponsors.payout-choice %}
+ 
-## Preencher seu perfil de organização patrocinada
+{% data reusables.sponsors.accept-legal-terms %}
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.navigate-to-profile-tab %} {% data reusables.sponsors.short-bio %} {% data reusables.sponsors.add-introduction %} {% data reusables.sponsors.meet-the-team %} {% data reusables.sponsors.edit-featured-work %} {% data reusables.sponsors.opt-in-to-being-featured %} {% data reusables.sponsors.save-profile %}
+## Completing your sponsored organization profile
-## Criar camadas de patrocínio
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.navigate-to-profile-tab %}
+{% data reusables.sponsors.short-bio %}
+{% data reusables.sponsors.add-introduction %}
+{% data reusables.sponsors.meet-the-team %}
+{% data reusables.sponsors.edit-featured-work %}
+{% data reusables.sponsors.opt-in-to-being-featured %}
+{% data reusables.sponsors.save-profile %}
+
+## Creating sponsorship tiers
{% data reusables.sponsors.tier-details %}
{% data reusables.sponsors.maximum-tier %}
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.navigate-to-sponsor-tiers-tab %} {% data reusables.sponsors.click-add-tier %} {% data reusables.sponsors.tier-price-description %} {% data reusables.sponsors.add-welcome-message %} {% data reusables.sponsors.save-tier-draft %} {% data reusables.sponsors.review-and-publish-tier %} {% data reusables.sponsors.add-more-tiers %}
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.navigate-to-sponsor-tiers-tab %}
+{% data reusables.sponsors.click-add-tier %}
+{% data reusables.sponsors.tier-price-description %}
+{% data reusables.sponsors.add-welcome-message %}
+{% data reusables.sponsors.save-tier-draft %}
+{% data reusables.sponsors.review-and-publish-tier %}
+{% data reusables.sponsors.add-more-tiers %}
-## Enviando informações bancárias
+## Submitting your bank information
-Como organização patrocinada, você receberá pagamentos para uma conta bancária em uma região compatível. Esta pode ser uma conta bancária dedicada à sua organização ou a uma conta bancária pessoal. Obtenha uma conta bancária empresarial por meio de serviços como o [Stripe Atlas](https://stripe.com/atlas) ou ingresse em um host fiscal como o [Open Collective](https://opencollective.com/). A pessoa que criou o {% data variables.product.prodname_sponsors %} para a organização também deve morar na mesma região suportada. {% data reusables.sponsors.stripe-supported-regions %}
+As a sponsored organization, you will receive payouts to a bank account in a supported region or via a fiscal host.
+
+{% data reusables.sponsors.bank-info-fiscal-host-reminder %} For more information about setting up and using fiscal hosts, see "[Using a fiscal host to receive GitHub Sponsors payouts](/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts)."
+
+If you choose to receive payouts to a bank account, your bank account can be a dedicated bank account for your organization or a personal bank account. You can get a business bank account through services like [Stripe Atlas](https://stripe.com/atlas). The person setting up {% data variables.product.prodname_sponsors %} for the organization must live in the same supported region, too. {% data reusables.sponsors.stripe-supported-regions %}
{% data reusables.sponsors.double-check-stripe-info %}
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.create-stripe-account %}
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.create-stripe-account %}
-Para obter mais informações sobre como configurar o Stripe Connect usando o Open Collective, confira [Como configurar o {% data variables.product.prodname_sponsors %}](https://docs.opencollective.com/help/collectives/github-sponsors) no Open Collective Docs.
-
-## Enviando suas informações fiscais
+## Submitting your tax information
{% data reusables.sponsors.tax-form-information-org %}
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.overview-tab %} {% data reusables.sponsors.tax-form-link %}
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.overview-tab %}
+{% data reusables.sponsors.tax-form-link %}
-## Habilitar a autenticação de dois fatores (2FA, two-factor authentication) na sua conta do {% data variables.product.prodname_dotcom %}
+## Enabling two-factor authentication (2FA) on your {% data variables.product.prodname_dotcom %} account
-Antes que sua organização possa se tornar uma organização patrocinada, você deverá habilitar a 2FA para sua conta em {% data variables.product.product_location %}. Para obter mais informações, confira "[Como configurar a autenticação de dois fatores](/articles/configuring-two-factor-authentication)".
+Before your organization can become a sponsored organization, you must enable 2FA for your account on {% data variables.product.product_location %}. For more information, see "[Configuring two-factor authentication](/articles/configuring-two-factor-authentication)."
-## Enviar seu aplicativo ao {% data variables.product.prodname_dotcom %} para aprovação
+## Submitting your application to {% data variables.product.prodname_dotcom %} for approval
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.request-approval %}
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.request-approval %}
{% data reusables.sponsors.github-review-app %}
-## Leitura adicional
+## Further reading
-- "[Sobre o {% data variables.product.prodname_sponsors %}](/sponsors/getting-started-with-github-sponsors/about-github-sponsors)"
-- "[Como receber patrocínios por meio do {% data variables.product.prodname_sponsors %}](/sponsors/receiving-sponsorships-through-github-sponsors)"
+- "[About {% data variables.product.prodname_sponsors %}](/sponsors/getting-started-with-github-sponsors/about-github-sponsors)"
+- "[Receiving sponsorships through {% data variables.product.prodname_sponsors %}](/sponsors/receiving-sponsorships-through-github-sponsors)"
diff --git a/translations/pt-BR/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account.md b/translations/pt-BR/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account.md
index 6e1220fbe4..a5929f0a51 100644
--- a/translations/pt-BR/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account.md
+++ b/translations/pt-BR/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account.md
@@ -1,6 +1,6 @@
---
-title: Como configurar patrocinadores do GitHub para sua conta pessoal
-intro: 'Você pode se tornar um desenvolvedor patrocinado participando de {% data variables.product.prodname_sponsors %}, completando seu perfil de desenvolvedor patrocinado, criando camadasde patrocínio, enviando seus dados bancários e fiscais e habilitando a autenticação de dois fatores para sua conta em {% data variables.product.product_location %}.'
+title: Setting up GitHub Sponsors for your personal account
+intro: 'You can become a sponsored developer by joining {% data variables.product.prodname_sponsors %}, completing your sponsored developer profile, creating sponsorship tiers, submitting your bank and tax information, and enabling two-factor authentication for your account on {% data variables.product.product_location %}.'
redirect_from:
- /articles/becoming-a-sponsored-developer
- /github/supporting-the-open-source-community-with-github-sponsors/becoming-a-sponsored-developer
@@ -14,62 +14,82 @@ topics:
- User account
- Sponsors profile
shortTitle: Set up for personal account
-ms.openlocfilehash: 288dd5ab53d1a27b7f97ccf9429973a668d8f72b
-ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
-ms.translationtype: HT
-ms.contentlocale: pt-BR
-ms.lasthandoff: 09/05/2022
-ms.locfileid: '145164558'
---
-## Ingressar no {% data variables.product.prodname_sponsors %}
+
+## Joining {% data variables.product.prodname_sponsors %}
{% data reusables.sponsors.you-can-be-a-sponsored-developer %} {% data reusables.sponsors.stripe-supported-regions %}
-Para ingressar no {% data variables.product.prodname_sponsors %} como uma organização, confira "[Como configurar o {% data variables.product.prodname_sponsors %} para sua organização](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization)".
+To join {% data variables.product.prodname_sponsors %} as an organization, see "[Setting up {% data variables.product.prodname_sponsors %} for your organization](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization)."
{% data reusables.sponsors.navigate-to-github-sponsors %}
-2. Se você é o proprietário de uma organização, você tem mais de uma conta elegível. Clique em **Ver suas contas qualificadas** e, na lista de contas, localize sua conta pessoal.
-3. Clique em **Ingressar na lista de espera**.
-{% data reusables.sponsors.contact-info %} {% data reusables.sponsors.accept-legal-terms %}
+2. If you are an organization owner, you have more than one eligible account. Click **Get sponsored**, then in the list of accounts, find your personal account.
+ 
+3. Click **Join the waitlist**.
+{% data reusables.sponsors.contact-info %}
+{% data reusables.sponsors.payout-choice %}
+ 
-Se você tiver uma conta bancária em uma região aceita, o {% data variables.product.prodname_dotcom %} irá rever sua solicitação dentro de duas semanas.
+{% data reusables.sponsors.accept-legal-terms %}
-## Preencher seu perfil de desenvolvedor patrocinado
+If you have a bank account in a supported region, {% data variables.product.prodname_dotcom %} will review your application within two weeks.
-Depois de {% data variables.product.prodname_dotcom %} avaliar sua solicitação, você pode configurar o seu perfil de desenvolvedor patrocinado para que as pessoas possam começar a patrocinar você.
+## Completing your sponsored developer profile
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.navigate-to-profile-tab %} {% data reusables.sponsors.short-bio %} {% data reusables.sponsors.add-introduction %} {% data reusables.sponsors.edit-featured-work %} {% data reusables.sponsors.opt-in-to-being-featured %} {% data reusables.sponsors.save-profile %}
+After {% data variables.product.prodname_dotcom %} reviews your application, you can set up your sponsored developer profile so that people can start sponsoring you.
-## Criar camadas de patrocínio
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.navigate-to-profile-tab %}
+{% data reusables.sponsors.short-bio %}
+{% data reusables.sponsors.add-introduction %}
+{% data reusables.sponsors.edit-featured-work %}
+{% data reusables.sponsors.opt-in-to-being-featured %}
+{% data reusables.sponsors.save-profile %}
+
+## Creating sponsorship tiers
{% data reusables.sponsors.tier-details %}
{% data reusables.sponsors.maximum-tier %}
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.navigate-to-sponsor-tiers-tab %} {% data reusables.sponsors.click-add-tier %} {% data reusables.sponsors.tier-price-description %} {% data reusables.sponsors.add-welcome-message %} {% data reusables.sponsors.save-tier-draft %} {% data reusables.sponsors.review-and-publish-tier %} {% data reusables.sponsors.add-more-tiers %}
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.navigate-to-sponsor-tiers-tab %}
+{% data reusables.sponsors.click-add-tier %}
+{% data reusables.sponsors.tier-price-description %}
+{% data reusables.sponsors.add-welcome-message %}
+{% data reusables.sponsors.save-tier-draft %}
+{% data reusables.sponsors.review-and-publish-tier %}
+{% data reusables.sponsors.add-more-tiers %}
-## Enviando informações bancárias
+## Submitting your bank information
-Se você vive em uma região aceita, você pode seguir essas instruções para enviar informações bancárias criando uma conta do Stripe Connect. A sua região de residência e a região da sua conta bancária devem corresponder. {% data reusables.sponsors.stripe-supported-regions %}
+As a sponsored user, you will receive payouts to a bank account in a supported region or via a fiscal host.
+
+{% data reusables.sponsors.bank-info-fiscal-host-reminder %} For more information about setting up and using fiscal hosts, see "[Using a fiscal host to receive GitHub Sponsors payouts](/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts)."
+
+If you choose to receive payouts to a bank account, your region of residence and the region of your bank account must match. {% data reusables.sponsors.stripe-supported-regions %}
{% data reusables.sponsors.double-check-stripe-info %}
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.create-stripe-account %}
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.create-stripe-account %}
-## Enviando suas informações fiscais
+## Submitting your tax information
{% data reusables.sponsors.tax-form-information-dev %}
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.overview-tab %} {% data reusables.sponsors.tax-form-link %}
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.overview-tab %}
+{% data reusables.sponsors.tax-form-link %}
-## Habilitar a autenticação de dois fatores (2FA, two-factor authentication) na sua conta do {% data variables.product.prodname_dotcom %}
+## Enabling two-factor authentication (2FA) on your {% data variables.product.prodname_dotcom %} account
-Antes de se tornar um desenvolvedor patrocinado, você deve habilitar a 2FA para sua conta em {% data variables.product.product_location %}. Para obter mais informações, confira "[Como configurar a autenticação de dois fatores](/articles/configuring-two-factor-authentication)".
+Before you can become a sponsored developer, you must enable 2FA for your account on {% data variables.product.product_location %}. For more information, see "[Configuring two-factor authentication](/articles/configuring-two-factor-authentication)."
-## Enviar seu aplicativo ao {% data variables.product.prodname_dotcom %} para aprovação
+## Submitting your application to {% data variables.product.prodname_dotcom %} for approval
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
-4. Clique em **Solicitar aprovação**.
- 
+4. Click **Request approval**.
+ 
{% data reusables.sponsors.github-review-app %}
diff --git a/translations/zh-CN/content/actions/publishing-packages/publishing-docker-images.md b/translations/zh-CN/content/actions/publishing-packages/publishing-docker-images.md
index e28aff59f6..c56906a838 100644
--- a/translations/zh-CN/content/actions/publishing-packages/publishing-docker-images.md
+++ b/translations/zh-CN/content/actions/publishing-packages/publishing-docker-images.md
@@ -1,6 +1,6 @@
---
-title: 发布 Docker 映像
-intro: '您可以将 Docker 映像发布到注册表,例如 Docker Hub 或 {% data variables.product.prodname_registry %},作为持续集成 (CI) 工作流程的一部分。'
+title: Publishing Docker images
+intro: 'You can publish Docker images to a registry, such as Docker Hub or {% data variables.product.prodname_registry %}, as part of your continuous integration (CI) workflow.'
redirect_from:
- /actions/language-and-framework-guides/publishing-docker-images
- /actions/guides/publishing-docker-images
@@ -14,61 +14,63 @@ topics:
- Packaging
- Publishing
- Docker
-ms.openlocfilehash: 01f20527dedeea3685855797993187e7af462de4
-ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
-ms.translationtype: HT
-ms.contentlocale: zh-CN
-ms.lasthandoff: 09/05/2022
-ms.locfileid: '147410289'
---
-{% data reusables.actions.enterprise-beta %} {% data reusables.actions.enterprise-github-hosted-runners %}
-## 简介
+{% data reusables.actions.enterprise-beta %}
+{% data reusables.actions.enterprise-github-hosted-runners %}
-本指南介绍如何创建执行 Docker 构建的工作流程,然后将 Docker 映像发布到 Docker Hub 或 {% data variables.product.prodname_registry %}。 通过单个工作流程,您可以将映像发布到单一注册表或多个注册表。
+## Introduction
+
+This guide shows you how to create a workflow that performs a Docker build, and then publishes Docker images to Docker Hub or {% data variables.product.prodname_registry %}. With a single workflow, you can publish images to a single registry or to multiple registries.
{% note %}
-注意:如果你想推送到另一个第三方 Docker 注册表,“[将映像发布到 {% data variables.product.prodname_registry %}](#publishing-images-to-github-packages)”部分中的示例可以用作一个很好的模板。
+**Note:** If you want to push to another third-party Docker registry, the example in the "[Publishing images to {% data variables.product.prodname_registry %}](#publishing-images-to-github-packages)" section can serve as a good template.
{% endnote %}
-## 先决条件
+## Prerequisites
-建议基本了解工作流程配置选项和如何创建工作流程文件。 有关详细信息,请参阅“[了解 {% data variables.product.prodname_actions %}](/actions/learn-github-actions)。”
+We recommend that you have a basic understanding of workflow configuration options and how to create a workflow file. For more information, see "[Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)."
-您可能还发现基本了解以下内容是有帮助的:
+You might also find it helpful to have a basic understanding of the following:
-- [加密的机密](/actions/reference/encrypted-secrets)
-- [工作流中的身份验证](/actions/reference/authentication-in-a-workflow){% ifversion fpt or ghec %}
-- [使用 {% data variables.product.prodname_container_registry %}](/packages/working-with-a-github-packages-registry/working-with-the-container-registry){% else %}
-- [使用 Docker 注册表](/packages/working-with-a-github-packages-registry/working-with-the-docker-registry){% endif %}
+- "[Encrypted secrets](/actions/reference/encrypted-secrets)"
+- "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow)"{% ifversion fpt or ghec %}
+- "[Working with the {% data variables.product.prodname_container_registry %}](/packages/working-with-a-github-packages-registry/working-with-the-container-registry)"{% else %}
+- "[Working with the Docker registry](/packages/working-with-a-github-packages-registry/working-with-the-docker-registry)"{% endif %}
-## 关于映像配置
+## About image configuration
-本指南假定您对存储在 {% data variables.product.prodname_dotcom %} 仓库的 Docker 映像有完整的定义。 例如,存储库必须包含一个 Dockerfile,以及执行 Docker 构建以创建映像所需的任何其他文件。
+This guide assumes that you have a complete definition for a Docker image stored in a {% data variables.product.prodname_dotcom %} repository. For example, your repository must contain a _Dockerfile_, and any other files needed to perform a Docker build to create an image.
-在本指南中,我们将使用 Docker `build-push-action` 操作来构建 Docker 映像并将其推送到一个或多个 Docker 注册表。 有关详细信息,请参阅 [`build-push-action`](https://github.com/marketplace/actions/build-and-push-docker-images)。
+{% ifversion fpt or ghec or ghes > 3.4 %}
+
+{% data reusables.package_registry.about-docker-labels %} For more information, see "[Working with the {% data variables.product.prodname_container_registry %}](/packages/working-with-a-github-packages-registry/working-with-the-container-registry#labelling-container-images)."
+
+{% endif %}
+
+In this guide, we will use the Docker `build-push-action` action to build the Docker image and push it to one or more Docker registries. For more information, see [`build-push-action`](https://github.com/marketplace/actions/build-and-push-docker-images).
{% data reusables.actions.enterprise-marketplace-actions %}
-## 将映像发布到 Docker Hub
+## Publishing images to Docker Hub
{% data reusables.actions.release-trigger-workflow %}
-在下面的示例工作流中,我们使用 Docker `login-action` 和 `build-push-action` 操作来构建 Docker 映像,如果构建成功,则将构建的映像推送到 Docker Hub。
+In the example workflow below, we use the Docker `login-action` and `build-push-action` actions to build the Docker image and, if the build succeeds, push the built image to Docker Hub.
-要推送到 Docker Hub,您需要有一个 Docker Hub 帐户,并创建一个 Docker Hub 仓库。 有关详细信息,请参阅 Docker 文档中的“[将 Docker 容器映像推送到 Docker Hub](https://docs.docker.com/docker-hub/repos/#pushing-a-docker-container-image-to-docker-hub)”。
+To push to Docker Hub, you will need to have a Docker Hub account, and have a Docker Hub repository created. For more information, see "[Pushing a Docker container image to Docker Hub](https://docs.docker.com/docker-hub/repos/#pushing-a-docker-container-image-to-docker-hub)" in the Docker documentation.
-Docker Hub 所需的 `login-action` 选项是:
-* `username` 和 `password`:这是 Docker Hub 用户名和密码。 我们建议将 Docker Hub 用户名和密码存储为机密,使它们不会公开在工作流程文件中。 有关详细信息,请参阅“[创建和使用已加密的机密](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)。”
+The `login-action` options required for Docker Hub are:
+* `username` and `password`: This is your Docker Hub username and password. We recommend storing your Docker Hub username and password as secrets so they aren't exposed in your workflow file. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
-Docker Hub 所需的 `metadata-action` 选项是:
-* `images`:你正在构建/推送到 Docker Hub 的 Docker 映像的命名空间和名称。
+The `metadata-action` option required for Docker Hub is:
+* `images`: The namespace and name for the Docker image you are building/pushing to Docker Hub.
-Docker Hub 所需的 `build-push-action` 选项是:
-* `tags`:你的新映像的标签,格式为 `DOCKER-HUB-NAMESPACE/DOCKER-HUB-REPOSITORY:VERSION`。 您可以如下所示设置单个标记,或在列表中指定多个标记。
-* `push`:如果设置为 `true`,则映像将推送到注册表(如果成功构建)。
+The `build-push-action` options required for Docker Hub are:
+* `tags`: The tag of your new image in the format `DOCKER-HUB-NAMESPACE/DOCKER-HUB-REPOSITORY:VERSION`. You can set a single tag as shown below, or specify multiple tags in a list.
+* `push`: If set to `true`, the image will be pushed to the registry if it is built successfully.
```yaml{:copy}
{% data reusables.actions.actions-not-certified-by-github-comment %}
@@ -110,38 +112,42 @@ jobs:
labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %}
```
-上述工作流签出 {% data variables.product.prodname_dotcom %} 存储库,使用 `login-action` 登录注册表,然后使用 `build-push-action` 操作:基于存储库的 `Dockerfile` 构建 Docker 映像;将映像推送到 Docker Hub,并向映像应用标签。
+The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` to log in to the registry, and then uses the `build-push-action` action to: build a Docker image based on your repository's `Dockerfile`; push the image to Docker Hub, and apply a tag to the image.
-## 发布映像到 {% data variables.product.prodname_registry %}
+## Publishing images to {% data variables.product.prodname_registry %}
-{% ifversion ghes > 3.4 %} {% data reusables.package_registry.container-registry-ghes-beta %} {% endif %}
+{% ifversion ghes > 3.4 %}
+{% data reusables.package_registry.container-registry-ghes-beta %}
+{% endif %}
{% data reusables.actions.release-trigger-workflow %}
-在下面的示例工作流中,我们使用 Docker `login-action`{% ifversion fpt or ghec %}、`metadata-action`、{% endif %}和 `build-push-action` 操作来构建 Docker 映像,如果构建成功,则将构建的映像推送到 {% data variables.product.prodname_registry %}。
+In the example workflow below, we use the Docker `login-action`{% ifversion fpt or ghec %}, `metadata-action`,{% endif %} and `build-push-action` actions to build the Docker image, and if the build succeeds, push the built image to {% data variables.product.prodname_registry %}.
-{% data variables.product.prodname_registry %} 所需的 `login-action` 选项是:
-* `registry`:必须设置为 {% ifversion fpt or ghec %}`ghcr.io`{% elsif ghes > 3.4 %}`{% data reusables.package_registry.container-registry-hostname %}`{% else %}`docker.pkg.github.com`{% endif %}。
-* `username`:你可以使用 {% raw %}`${{ github.actor }}` {% endraw %} 上下文自动使用触发工作流运行的用户的用户名。 有关详细信息,请参阅“[上下文](/actions/learn-github-actions/contexts#github-context)。”
-* `password`:可以使用自动生成 `GITHUB_TOKEN` 的密码机密。 有关详细信息,请参阅“[使用 GITHUB_TOKEN 进行身份验证](/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token)。”
+The `login-action` options required for {% data variables.product.prodname_registry %} are:
+* `registry`: Must be set to {% ifversion fpt or ghec %}`ghcr.io`{% elsif ghes > 3.4 %}`{% data reusables.package_registry.container-registry-hostname %}`{% else %}`docker.pkg.github.com`{% endif %}.
+* `username`: You can use the {% raw %}`${{ github.actor }}`{% endraw %} context to automatically use the username of the user that triggered the workflow run. For more information, see "[Contexts](/actions/learn-github-actions/contexts#github-context)."
+* `password`: You can use the automatically-generated `GITHUB_TOKEN` secret for the password. For more information, see "[Authenticating with the GITHUB_TOKEN](/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token)."
-{% ifversion fpt or ghec %} {% data variables.product.prodname_registry %} 所需的 `metadata-action` 选项是:
-* `images`:正在构建的 Docker 映像的命名空间和名称。
+{% ifversion fpt or ghec %}
+The `metadata-action` option required for {% data variables.product.prodname_registry %} is:
+* `images`: The namespace and name for the Docker image you are building.
{% endif %}
-{% data variables.product.prodname_registry %} 所需的 `build-push-action` 选项是:{% ifversion fpt or ghec %}
-* `context`:将构建的上下文定义为位于指定路径中的文件集。{% endif %}
-* `push`:如果设置为 `true`,则映像将推送到注册表(如果成功构建)。{% ifversion fpt or ghec %}
-* `tags` 和 `labels`:它们由 `metadata-action` 的输出填充。{% else %}
-* `tags`:必须采用格式 {% ifversion ghes > 3.4 %}`{% data reusables.package_registry.container-registry-hostname %}/OWNER/REPOSITORY/IMAGE_NAME:VERSION` 设置。
+The `build-push-action` options required for {% data variables.product.prodname_registry %} are:{% ifversion fpt or ghec %}
+* `context`: Defines the build's context as the set of files located in the specified path.{% endif %}
+* `push`: If set to `true`, the image will be pushed to the registry if it is built successfully.{% ifversion fpt or ghec %}
+* `tags` and `labels`: These are populated by output from `metadata-action`.{% else %}
+* `tags`: Must be set in the format {% ifversion ghes > 3.4 %}`{% data reusables.package_registry.container-registry-hostname %}/OWNER/REPOSITORY/IMAGE_NAME:VERSION`.
- 例如,对于存储在 `https://HOSTNAME/octo-org/octo-repo` 的 {% data variables.product.prodname_ghe_server %} 上的名为 `octo-image` 的映像,`tags` 选项应设置为 `{% data reusables.package_registry.container-registry-hostname %}/octo-org/octo-repo/octo-image:latest`{% else %}`docker.pkg.github.com/OWNER/REPOSITORY/IMAGE_NAME:VERSION`。
+ For example, for an image named `octo-image` stored on {% data variables.product.prodname_ghe_server %} at `https://HOSTNAME/octo-org/octo-repo`, the `tags` option should be set to `{% data reusables.package_registry.container-registry-hostname %}/octo-org/octo-repo/octo-image:latest`{% else %}`docker.pkg.github.com/OWNER/REPOSITORY/IMAGE_NAME:VERSION`.
- 例如,对于存储在 `http://github.com/octo-org/octo-repo` 的 {% data variables.product.prodname_dotcom %} 上的名为 `octo-image` 的映像,`tags` 选项应设置为 `docker.pkg.github.com/octo-org/octo-repo/octo-image:latest`{% endif %}。 您可以如下所示设置单个标记,或在列表中指定多个标记。{% endif %}
+ For example, for an image named `octo-image` stored on {% data variables.product.prodname_dotcom %} at `http://github.com/octo-org/octo-repo`, the `tags` option should be set to `docker.pkg.github.com/octo-org/octo-repo/octo-image:latest`{% endif %}. You can set a single tag as shown below, or specify multiple tags in a list.{% endif %}
-{% ifversion fpt or ghec or ghes > 3.4 %} {% data reusables.package_registry.publish-docker-image %}
+{% ifversion fpt or ghec or ghes > 3.4 %}
+{% data reusables.package_registry.publish-docker-image %}
-上述工作流程通过推送到“发行版”分支触发。 它签出 GitHub 存储库,并使用 `login-action` 登录到 {% data variables.product.prodname_container_registry %}。 然后,它将提取 Docker 映像的标签和标记。 最后,它使用 `build-push-action` 操作构建映像并将其发布到 {% data variables.product.prodname_container_registry %}。
+The above workflow is triggered by a push to the "release" branch. It checks out the GitHub repository, and uses the `login-action` to log in to the {% data variables.product.prodname_container_registry %}. It then extracts labels and tags for the Docker image. Finally, it uses the `build-push-action` action to build the image and publish it on the {% data variables.product.prodname_container_registry %}.
{% else %}
@@ -183,16 +189,18 @@ jobs:
{% ifversion ghae %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %}/${{ github.repository }}/octo-image:${{ github.event.release.tag_name }}{% endraw %}
```
-上述工作流签出 {% data variables.product.product_name %} 存储库,使用 `login-action` 登录注册表,然后使用 `build-push-action` 操作:基于存储库的 `Dockerfile` 构建 Docker 映像;将映像推送到 Docker 注册表,并将提交 SHA 和发布版本应用为映像标签。
+The above workflow checks out the {% data variables.product.product_name %} repository, uses the `login-action` to log in to the registry, and then uses the `build-push-action` action to: build a Docker image based on your repository's `Dockerfile`; push the image to the Docker registry, and apply the commit SHA and release version as image tags.
{% endif %}
-## 发布映像到 Docker Hub 和 {% data variables.product.prodname_registry %}
+## Publishing images to Docker Hub and {% data variables.product.prodname_registry %}
-{% ifversion ghes > 3.4 %} {% data reusables.package_registry.container-registry-ghes-beta %} {% endif %}
+{% ifversion ghes > 3.4 %}
+{% data reusables.package_registry.container-registry-ghes-beta %}
+{% endif %}
-在单个工作流中,你可以通过对每个注册表使用 `login-action` 和 `build-push-action` 操作将 Docker 映像发布到多个注册表。
+In a single workflow, you can publish your Docker image to multiple registries by using the `login-action` and `build-push-action` actions for each registry.
-以下示例工作流使用上述部分(“[将映像发布到 Docker Hub](#publishing-images-to-docker-hub)”和“[将映像发布到 {% data variables.product.prodname_registry %}](#publishing-images-to-github-packages)”)中的步骤创建推送到两个注册表的单个工作流。
+The following example workflow uses the steps from the previous sections ("[Publishing images to Docker Hub](#publishing-images-to-docker-hub)" and "[Publishing images to {% data variables.product.prodname_registry %}](#publishing-images-to-github-packages)") to create a single workflow that pushes to both registries.
```yaml{:copy}
{% data reusables.actions.actions-not-certified-by-github-comment %}
@@ -246,5 +254,5 @@ jobs:
labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %}
```
-上述工作流签出 {% data variables.product.product_name %} 存储库,使用 `login-action` 两次以登录到两个注册表,并使用 `metadata-action` 操作生成标记和标签。
-然后 `build-push-action` 操作构建 Docker 映像并将其推送到 Docker Hub 和 {% ifversion fpt or ghec or ghes > 3.4 %}{% data variables.product.prodname_container_registry %}{% else %}Docker 注册表{% endif %}。
+The above workflow checks out the {% data variables.product.product_name %} repository, uses the `login-action` twice to log in to both registries and generates tags and labels with the `metadata-action` action.
+Then the `build-push-action` action builds and pushes the Docker image to Docker Hub and the {% ifversion fpt or ghec or ghes > 3.4 %}{% data variables.product.prodname_container_registry %}{% else %}Docker registry{% endif %}.
diff --git a/translations/zh-CN/content/actions/using-workflows/about-workflows.md b/translations/zh-CN/content/actions/using-workflows/about-workflows.md
index f224456a13..59e17cd860 100644
--- a/translations/zh-CN/content/actions/using-workflows/about-workflows.md
+++ b/translations/zh-CN/content/actions/using-workflows/about-workflows.md
@@ -1,7 +1,7 @@
---
title: About workflows
shortTitle: About workflows
-intro: 'Get a high level overview {% data variables.product.prodname_actions %} workflows, including triggers, syntax, and advanced features.'
+intro: 'Get a high-level overview of {% data variables.product.prodname_actions %} workflows, including triggers, syntax, and advanced features.'
versions:
fpt: '*'
ghes: '*'
diff --git a/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md b/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md
index 98ac905c0a..edf9540d4a 100644
--- a/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md
+++ b/translations/zh-CN/content/packages/working-with-a-github-packages-registry/working-with-the-container-registry.md
@@ -136,3 +136,31 @@ This example builds the `hello_docker` image:
```shell
$ docker tag 38f737a91f39 {% data reusables.package_registry.container-registry-hostname %}/OWNER/NEW_IMAGE_NAME:latest
```
+
+## Labelling container images
+
+{% data reusables.package_registry.about-docker-labels %} For more information on Docker labels, see [LABEL](https://docs.docker.com/engine/reference/builder/#label) in the official Docker documentation and [Pre-Defined Annotation Keys](https://github.com/opencontainers/image-spec/blob/master/annotations.md#pre-defined-annotation-keys) in the `opencontainers/image-spec` repository.
+
+The following labels are supported in the {% data variables.product.prodname_container_registry %}. Supported labels will appear on the package page for the image.
+
+Label | Description
+------|------------
+| `org.opencontainers.image.source` | The URL of the repository associated with the package. For more information, see "[Connecting a repository to a package](/packages/learn-github-packages/connecting-a-repository-to-a-package#connecting-a-repository-to-a-container-image-using-the-command-line)."
+| `org.opencontainers.image.description` | A text-only description limited to 512 characters. This description will appear on the package page, below the name of the package.
+| `org.opencontainers.image.licenses` | An SPDX license identifier such as "MIT," limited to 256 characters. The license will appear on the package page, in the "Details" sidebar. For more information, see [SPDX License List](https://spdx.org/licenses/).
+
+To add labels to an image, we recommend using the `LABEL` instruction in your `Dockerfile`. For example, if you're the user `monalisa` and you own `my-repo`, and your image is distributed under the terms of the MIT license, you would add the following lines to your `Dockerfile`:
+
+```dockerfile
+LABEL org.opencontainers.image.source=https://{% ifversion fpt or ghec %}github.com{% else %}HOSTNAME{% endif %}/monalisa/my-repo
+LABEL org.opencontainers.image.description="My container image"
+LABEL org.opencontainers.image.licenses=MIT
+```
+
+Alternatively, you can add labels to an image at buildtime with the `docker build` command.
+
+```shell
+$ docker build \
+ --label "org.opencontainers.image.source=https://{% ifversion fpt or ghec %}github.com{% else %}HOSTNAME{% endif %}/monalisa/my-repo" \
+ --label "org.opencontainers.image.description=My container image" \
+ --label "org.opencontainers.image.licenses=MIT"
diff --git a/translations/zh-CN/content/rest/guides/getting-started-with-the-rest-api.md b/translations/zh-CN/content/rest/guides/getting-started-with-the-rest-api.md
index c761e16bce..8c54d89f60 100644
--- a/translations/zh-CN/content/rest/guides/getting-started-with-the-rest-api.md
+++ b/translations/zh-CN/content/rest/guides/getting-started-with-the-rest-api.md
@@ -1,9 +1,6 @@
---
-title: REST API 入门
-intro: 从身份验证和一些端点示例开始,了解使用 REST API 的基础。
-redirect_from:
- - /guides/getting-started
- - /v3/guides/getting-started
+title: Getting started with the REST API
+intro: 'Learn how to use the {% data variables.product.prodname_dotcom %} REST API.'
versions:
fpt: '*'
ghes: '*'
@@ -11,419 +8,754 @@ versions:
ghec: '*'
topics:
- API
-shortTitle: Get started - REST API
-ms.openlocfilehash: a466a3ccad214c8fe797dd73e4e96af3ab6eead8
-ms.sourcegitcommit: 8544f120269257d01adfe4a27b62f08fc8691727
-ms.translationtype: HT
-ms.contentlocale: zh-CN
-ms.lasthandoff: 08/02/2022
-ms.locfileid: '147445078'
+shortTitle: Using the API
+miniTocMaxHeadingLevel: 3
---
-让我们逐步了解在处理一些日常用例时涉及的核心 API 概念。
-{% data reusables.rest-api.dotcom-only-guide-note %}
+## About the {% data variables.product.prodname_dotcom %} REST API
-## 概述
+This article describes how to use the {% data variables.product.prodname_dotcom %} REST API using {% data variables.product.prodname_cli %}, JavaScript, or cURL. For a quickstart guide, see "[Quickstart for GitHub REST API](/rest/quickstart)."
-大多数应用程序将使用所选语言的现有[包装器库][wrappers],但你需要先熟悉基础 API HTTP 方法。
+When you make a request to the REST API, you will specify an HTTP method and a path. Additionally, you might also specify request headers and path, query, or body parameters. The API will return the response status code, response headers, and potentially a response body.
-没有比使用 [cURL][curl] 更容易的入手方式了。{% ifversion fpt or ghec %} 如果你使用其他客户端,请注意,你需要在请求中发送有效的[用户代理标头](/rest/overview/resources-in-the-rest-api#user-agent-required)。{% endif %}
+The REST API reference documentation describes the HTTP method, path, and parameters for every operation. It also displays example requests and responses for each operation. For more information, see the [REST reference documentation](/rest).
-### Hello World
+## Making a request
-让我们先测试设置。 打开命令提示符并输入以下命令:
+To make a request, first find the HTTP method and the path for the operation that you want to use. For example, the "Get Octocat" operation uses the `GET` method and the `/octocat` path. For the full reference documentation for this operation, see "[Get Octocat](/rest/meta#get-octocat)."
+
+{% cli %}
+
+{% note %}
+
+**Note**: You must install {% data variables.product.prodname_cli %} in order to use the commands in the {% data variables.product.prodname_cli %} examples. For installation instructions, see the [{% data variables.product.prodname_cli %} repository](https://github.com/cli/cli#installation).
+
+{% endnote %}
+
+If you are not already authenticated to {% data variables.product.prodname_cli %}, you must use the `gh auth login` subcommand to authenticate before making any requests. For more information, see "[Authenticating](#authenticating)."
+
+To make a request using {% data variables.product.prodname_cli %}, use the `api` subcommand along with the path. Use the `--method` or `-X` flag to specify the method.
```shell
-$ curl https://api.github.com/zen
-
-> Keep it logically awesome.
+gh api /octocat --method GET
```
-响应将是我们设计理念中的随机选择。
+{% endcli %}
-接下来,让我们 `GET`[Chris Wanstrath 的][defunkt github] [GitHub 配置文件][users api]:
+{% javascript %}
+
+{% note %}
+
+**Note**: You must install and import `octokit` in order to use the Octokit.js library used in the JavaScript examples. For more information, see [the Octokit.js README](https://github.com/octokit/octokit.js/#readme).
+
+{% endnote %}
+
+To make a request using JavaScript, you can use Octokit.js. For more information, see [the Octokit.js README](https://github.com/octokit/octokit.js/#readme).
+
+First, create an instance of `Octokit`.{% ifversion ghes or ghae %} Set the base URL to `{% data variables.product.api_url_code %}`. Replace `[hostname]` with the name of {% data variables.product.product_location %}.{% endif %}
+
+```javascript
+const octokit = new Octokit({ {% ifversion ghes or ghae %}
+ baseUrl: "{% data variables.product.api_url_code %}",
+{% endif %}});
+```
+
+Then, use the `request` method to make requests. Pass the HTTP method and path as the first argument.
+
+```javascript
+await octokit.request("GET /octocat", {});
+```
+
+{% endjavascript %}
+
+{% curl %}
+
+Prepend the base URL for the {% data variables.product.prodname_dotcom %} REST API, `{% data variables.product.api_url_code %}`, to the path to get the full URL: `{% data variables.product.api_url_code %}/octocat`.{% ifversion ghes or ghae %} Replace `[hostname]` with the name of {% data variables.product.product_location %}.{% endif %}
+
+Use the `curl` command in your command line. Use the `--request` or `-X` flag followed by the HTTP method. Use the `--url` flag followed by the full URL.
```shell
-# GET /users/defunkt
-$ curl https://api.github.com/users/defunkt
-
-> {
-> "login": "defunkt",
-> "id": 2,
-> "node_id": "MDQ6VXNlcjI=",
-> "avatar_url": "https://avatars.githubusercontent.com/u/2?v=4",
-> "gravatar_id": "",
-> "url": "https://api.github.com/users/defunkt",
-> "html_url": "https://github.com/defunkt",
-> ...
-> }
+curl --request GET \
+--url "https://api.github.com/octocat"
```
-嗯,类似于 [JSON][json]。 让我们添加 `-i` 标志以包含标头:
+{% note %}
+
+**Note**: If you get a message similar to "command not found: curl", you may need to download and install cURL. For more information, see [the cURL project download page](https://curl.se/download.html).
+
+{% endnote %}
+
+{% endcurl %}
+
+Continue reading to learn how to authenticate, send parameters, and use the response.
+
+## Authenticating
+
+Many operations require authentication or return additional information if you are authenticated. Additionally, you can make more requests per hour when you are authenticated.{% cli %} Although some REST API operations are accessible without authentication, you must authenticate to {% data variables.product.prodname_cli %} in order to use the `api` subcommand.{% endcli %}
+
+### About tokens
+
+You can authenticate your request by adding a token.
+
+If you want to use the {% data variables.product.company_short %} REST API for personal use, you can create a personal access token (PAT). The REST API operations used in this article require `repo` scope for personal access tokens. Other operations may require different scopes. For more information about creating a personal access token, see "[Creating a personal access token](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
+
+If you want to use the API on behalf of an organization or another user, {% data variables.product.company_short %} recommends that you use a {% data variables.product.prodname_github_app %}. If an operation is available to {% data variables.product.prodname_github_apps %}, the REST reference documentation for that operation will say "Works with GitHub Apps." The REST API operations used in this article require `issues` read and write permissions for {% data variables.product.prodname_github_apps %}. Other operations may require different permissions. For more information, see "[Creating a GitHub App](/developers/apps/building-github-apps/creating-a-github-app)", "[Authenticating with GitHub Apps](/developers/apps/building-github-apps/authenticating-with-github-apps), and "[Identifying and authorizing users for GitHub Apps](/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps)."
+
+If you want to use the API in a {% data variables.product.prodname_actions %} workflow, {% data variables.product.company_short %} recommends that you authenticate with the built-in `GITHUB_TOKEN` instead of creating a token. You can grant permissions to the `GITHUB_TOKEN` with the `permissions` key. For more information, see "[Automatic token authentication](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token)."
+
+### Authentication example
+
+{% cli %}
+
+With {% data variables.product.prodname_cli %}, you don't need to create an access token in advance. Use the `auth login` subcommand to authenticate to {% data variables.product.prodname_cli %}:
```shell
-$ curl -i https://api.github.com/users/defunkt
-
-> HTTP/2 200
-> server: GitHub.com
-> date: Thu, 08 Jul 2021 07:04:08 GMT
-> content-type: application/json; charset=utf-8
-> cache-control: public, max-age=60, s-maxage=60
-> vary: Accept, Accept-Encoding, Accept, X-Requested-With
-> etag: W/"61e964bf6efa3bc3f9e8549e56d4db6e0911d8fa20fcd8ab9d88f13d513f26f0"
-> last-modified: Fri, 01 Nov 2019 21:56:00 GMT
-> x-github-media-type: github.v3; format=json
-> access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset
-> access-control-allow-origin: *
-> strict-transport-security: max-age=31536000; includeSubdomains; preload
-> x-frame-options: deny
-> x-content-type-options: nosniff
-> x-xss-protection: 0
-> referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
-> content-security-policy: default-src 'none'
-> x-ratelimit-limit: 60
-> x-ratelimit-remaining: 53
-> x-ratelimit-reset: 1625731053
-> x-ratelimit-resource: core
-> x-ratelimit-used: 7
-> accept-ranges: bytes
-> content-length: 1305
-> x-github-request-id: 9F60:7019:ACC5CD5:B03C931:60E6A368
->
-> {
-> "login": "defunkt",
-> "id": 2,
-> "node_id": "MDQ6VXNlcjI=",
-> "avatar_url": "https://avatars.githubusercontent.com/u/2?v=4",
-> "gravatar_id": "",
-> "url": "https://api.github.com/users/defunkt",
-> "html_url": "https://github.com/defunkt",
->
-> ...
-> }
+gh auth login
```
-响应标头中有一些有趣的地方。 正如预期的那样,`Content-Type` 为 `application/json`。
+You can use the `--scopes` flag to specify what scopes you want. If you want to authenticate with a token that you created, you can use the `--with-token` flag. For more information, see the [{% data variables.product.prodname_cli %} `auth login` documentation](https://cli.github.com/manual/gh_auth_login).
-任何以 `X-` 开头的标头都是自定义标头,不包含在 HTTP 规范中。例如,记下 `X-RateLimit-Limit` 和 `X-RateLimit-Remaining` 标头。 这对标头指示在滚动时间段(通常为一小时)内[一个客户端可以发出多少个请求][rate-limiting],以及该客户端已发送其中多少个请求。
+{% endcli %}
-## 身份验证
-
-未经身份验证的客户端每小时可以发出 60 个请求。 要每小时发出更多请求,我们需要进行身份验证。 事实上,使用 {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} API 进行任何交互都需要[身份验证][authentication]。
-
-### 使用个人访问令牌
-
-使用 {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} API 进行身份验证的最简单和最佳的方式是[通过 OAuth 令牌](/rest/overview/other-authentication-methods#via-oauth-and-personal-access-tokens)使用基本身份验证。 OAuth 令牌包括[个人访问令牌][personal token]。
-
-使用 `-u` 标志设置你的用户名:
-
-```shell
-$ curl -i -u your_username {% data variables.product.api_url_pre %}/users/octocat
-
-```
-
-出现提示时,您可以输入 OAuth 令牌,但我们建议您为它设置一个变量:
-
-你可以使用 `-u "your_username:$token"` 并为 `token` 设置一个变量,以避免你的令牌留在 shell 历史记录中,这种情况应尽量避免。
-
-```shell
-$ curl -i -u your_username:$token {% data variables.product.api_url_pre %}/users/octocat
-
-```
-
-进行身份验证时,你应该会看到你的速率限制达到每小时 5,000 个请求,如 `X-RateLimit-Limit` 标头中所示。 除了每小时提供更多调用次数之外,身份验证还使您能够使用 API 读取和写入私有信息。
-
-可以使用[个人访问令牌设置页][tokens settings]轻松[创建个人访问令牌][personal token]:
+{% javascript %}
{% warning %}
-为了帮助保护您的信息安全,我们强烈建议为您的个人访问令牌设置一个到期日。
+**Warning**: Treat your access token like a password.
+
+To keep your token secure, you can store your token as a secret and run your script through {% data variables.product.prodname_actions %}. For more information, see "[Encrypted secrets](/actions/security-guides/encrypted-secrets)."
+
+{% ifversion ghec or fpt %}You can also store your token as a {% data variables.product.prodname_codespaces %} secret and run your script in {% data variables.product.prodname_codespaces %}. For more information, see "[Managing encrypted secrets for your codespaces](/codespaces/managing-your-codespaces/managing-encrypted-secrets-for-your-codespaces)."{% endif %}
+
+If these options are not possible, consider using another service such as [the 1Password CLI](https://developer.1password.com/docs/cli/secret-references/) to store your token securely.
{% endwarning %}
-{% ifversion fpt or ghes or ghec %}  {% endif %}
+To authenticate with the Octokit.js library, you can pass your token when you create an instance of `Octokit`. Replace `YOUR-TOKEN` with your token.{% ifversion ghes or ghae %} Replace `[hostname]` with the name of {% data variables.product.product_location %}.{% endif %}
-{% ifversion ghae %}  {% endif %}
-
-使用到期的个人访问令牌的 API 请求将通过 `GitHub-Authentication-Token-Expiration` 标头返回该令牌的到期日期。 当令牌接近其过期日期时,您可以使用脚本中的标头来提供警告信息。
-
-### 获取自己的用户个人资料
-
-在正确验证身份后,你可以利用与 {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.product.product_location %}{% endif %} 上的帐户相关的权限。 例如,尝试获取[自己的用户配置文件][auth user api]:
-
-```shell
-$ curl -i -u your_username:your_token {% data variables.product.api_url_pre %}/user
-
-> {
-> ...
-> "plan": {
-> "space": 2516582,
-> "collaborators": 10,
-> "private_repos": 20,
-> "name": "medium"
-> }
-> ...
-> }
+```javascript
+const octokit = new Octokit({ {% ifversion ghes or ghae %}
+ baseUrl: "{% data variables.product.api_url_code %}",{% endif %}
+ auth: 'YOUR-TOKEN',
+});
```
-此时,除了先前为 [@defunkt][defunkt github] 检索到的公共信息集之外,你还可以查看你的用户个人资料的非公共信息。 例如,你将在响应中看到 `plan` 对象,它提供有关帐户的 {% data variables.product.product_name %} 计划的详细信息。
+{% endjavascript %}
-### 对应用程序使用 OAuth 令牌
+{% curl %}
-需要代表其他用户使用 API 读取或写入专用信息的应用程序应使用 [OAuth][oauth]。
+{% warning %}
-OAuth 使用令牌。 令牌具有两大特点:
+**Warning**: Treat your access token like a password.
-* 可撤销访问权限:用户可以随时撤销对第三方应用程序的授权
-* 有限访问权限:用户可以在对第三方应用授权前审查令牌将提供的具体访问权限
+To help keep your account secure, you can use {% data variables.product.prodname_cli %} instead of cURL. {% data variables.product.prodname_cli %} will take care of authentication for you. For more information, see the {% data variables.product.prodname_cli %} version of this page.
-应通过 [Web 流][webflow]创建令牌。 应用程序将用户发送到 {% data variables.product.product_name %} 进行登录。 {% data variables.product.product_name %} 随后显示一个对话框,指示应用的名称以及应用经用户授权后具有的权限级别。 经用户授权访问后,{% data variables.product.product_name %} 将用户重定向到应用程序:
+{% ifversion ghec or fpt %}You can also store your token as a {% data variables.product.prodname_codespaces %} secret and use the command line through {% data variables.product.prodname_codespaces %}. For more information, see "[Managing encrypted secrets for your codespaces](/codespaces/managing-your-codespaces/managing-encrypted-secrets-for-your-codespaces)."{% endif %}
-
+If these options are not possible, consider using another service such as [the 1Password CLI](https://developer.1password.com/docs/cli/secret-references/) to store your token securely.
-**将 OAuth 令牌视为密码!** 不要与其他用户共享它们,也不要将其存储在不安全的地方。 这些示例中的令牌是虚构的,并且更改了名称以免波及无辜。
+{% endwarning %}
-现在我们已经掌握了进行经身份验证的调用,接下来介绍[存储库 API][repos-api]。
-
-## 存储库
-
-几乎任何有意义的 {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} API 使用都会涉及某种级别的存储库信息。 我们可以像之前提取用户详细信息一样 [`GET` 存储库详细信息][get repo]:
+With cURL, you will send an `Authorization` header with your token. Replace `YOUR-TOKEN` with your token:
```shell
-$ curl -i {% data variables.product.api_url_pre %}/repos/twbs/bootstrap
+curl --request GET \
+--url "https://api.github.com/octocat" \
+--header "Authorization: Bearer YOUR-TOKEN"
```
-以同样的方式,我们可以[查看经过身份验证的用户的存储库][user repos api]:
+{% note %}
+
+**Note:** {% data reusables.getting-started.bearer-vs-token %}
+
+{% endnote %}
+
+{% endcurl %}
+
+### Authentication example for {% data variables.product.prodname_actions %}
+
+{% cli %}
+
+You can also use the `run` keyword to execute {% data variables.product.prodname_cli %} commands in your {% data variables.product.prodname_actions %} workflows. For more information, see "[Workflow syntax for GitHub Actions](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun)."
+
+Instead of using the `gh auth login` command, pass your token as an environment variable called `GH_TOKEN`. {% data variables.product.prodname_dotcom %} recommends that you authenticate with the built-in `GITHUB_TOKEN` instead of creating a token. If this is not possible, store your token as a secret and replace `GITHUB_TOKEN` in the example below with the name of your secret. For more information about `GITHUB_TOKEN`, see "[Automatic token authentication](/actions/security-guides/automatic-token-authentication)." For more information about secrets, see "[Encrypted secrets](/actions/security-guides/encrypted-secrets)."
+
+```yaml
+jobs:
+ use_api:
+ runs-on: ubuntu-latest
+ permissions: {}
+ steps:
+ - env:
+ GH_TOKEN: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
+ run: |
+ gh api /octocat
+```
+
+{% endcli %}
+
+{% javascript %}
+
+You can also use the `run` keyword to execute your JavaScript scripts in your {% data variables.product.prodname_actions %} workflows. For more information, see "[Workflow syntax for GitHub Actions](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun)."
+
+{% data variables.product.prodname_dotcom %} recommends that you authenticate with the built-in `GITHUB_TOKEN` instead of creating a token. If this is not possible, store your token as a secret and replace `GITHUB_TOKEN` in the example below with the name of your secret. For more information about `GITHUB_TOKEN`, see "[Automatic token authentication](/actions/security-guides/automatic-token-authentication)." For more information about secrets, see "[Encrypted secrets](/actions/security-guides/encrypted-secrets)."
+
+The following example workflow:
+
+1. Checks out the repository content
+1. Sets up Node.js
+1. Installs `octokit`
+1. Stores the value of `GITHUB_TOKEN` as an environment variable called `TOKEN` and runs `.github/actions-scripts/use-the-api.mjs`, which can access that environment variable as `process.env.TOKEN`
+
+Example workflow:
+
+```yaml
+on:
+ workflow_dispatch:
+jobs:
+ use_api_via_script:
+ runs-on: ubuntu-latest
+ permissions: {}
+ steps:
+ - name: Check out repo content
+ uses: {% data reusables.actions.action-checkout %}
+
+ - name: Setup Node
+ uses: {% data reusables.actions.action-setup-node %}
+ with:
+ node-version: '16.15.0'
+ cache: npm
+
+ - name: Install dependencies
+ run: npm install octokit
+
+ - name: Run script
+ env:
+ TOKEN: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
+ run: |
+ node .github/actions-scripts/use-the-api.mjs
+```
+
+Example JavaScript script, with the file path `.github/actions-scripts/use-the-api.mjs`:
+
+```javascript
+import { Octokit } from "octokit";
+
+const octokit = new Octokit({ {% ifversion ghes or ghae %}
+ baseUrl: "{% data variables.product.api_url_code %}",{% endif %}
+ auth: process.env.TOKEN,
+});
+
+await octokit.request("GET /octocat", {});
+```
+
+Instead of storing your script in a separate file and executing the script from your workflow, you can use the `actions/github-script` action to run a script. For more information, see the [actions/github-script README](https://github.com/actions/github-script).
+
+```yaml
+jobs:
+ use_api_via_script:
+ runs-on: ubuntu-latest
+ permissions: {}
+ steps:
+ - uses: {% data reusables.actions.action-github-script %}
+ with:
+ github-token: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
+ script: |
+ await github.request('GET /octocat', {})
+```
+
+{% endjavascript %}
+
+{% curl %}
+
+You can also use the `run` keyword to execute cURL commands in your {% data variables.product.prodname_actions %} workflows. For more information, see "[Workflow syntax for GitHub Actions](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun)."
+
+{% data variables.product.prodname_dotcom %} recommends that you authenticate with the built-in `GITHUB_TOKEN` instead of creating a token. If this is not possible, store your token as a secret and replace `GITHUB_TOKEN` in the example below with the name of your secret. For more information about `GITHUB_TOKEN`, see "[Automatic token authentication](/actions/security-guides/automatic-token-authentication)." For more information about secrets, see "[Encrypted secrets](/actions/security-guides/encrypted-secrets)."
+
+```yaml
+jobs:
+ use_api:
+ runs-on: ubuntu-latest
+ permissions: {}
+ steps:
+ - env:
+ GH_TOKEN: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
+ run: |
+ curl --request GET \
+ --url "https://api.github.com/octocat" \
+ --header "Authorization: Bearer $GH_TOKEN"
+```
+
+{% endcurl %}
+
+## Using headers
+
+Most operations specify that you should pass an `Accept` header with a value of `application/vnd.github.v3+json`. Other operations may specify that you should send a different `Accept` header or additional headers.
+
+{% cli %}
+
+To send a header with {% data variables.product.prodname_cli %}, use the `--header` or `-H` flag followed by the header in `key: value` format.
```shell
-$ curl -i -H "Authorization: token ghp_16C7e42F292c6912E7710c838347Ae178B4a" \
- {% data variables.product.api_url_pre %}/user/repos
+gh api --header 'Accept: application/vnd.github.v3+json' --method GET /octocat
```
-或者,我们可以[列出其他用户的存储库][other user repos api]:
+{% endcli %}
+
+{% javascript %}
+
+The Octokit.js library automatically passes the `Accept: application/vnd.github.v3+json` header. To pass additional headers or a different `Accept` header, add a `headers` property to the object that is passed as a second argument to the `request` method. The value of the `headers` property is an object with the header names as keys and header values as values. For example, to send a `content-type` header with a value of `text/plain`:
+
+```javascript
+await octokit.request("GET /octocat", {
+ headers: {
+ "content-type": "text/plain",
+ },
+});
+```
+
+{% endjavascript %}
+
+{% curl %}
+
+To send a header with cURL, use the `--header` or `-H` flag followed by the header in `key: value` format.
```shell
-$ curl -i {% data variables.product.api_url_pre %}/users/octocat/repos
+curl --request GET \
+--url "https://api.github.com/octocat" \
+--header "Accept: application/vnd.github.v3+json" \
+--header "Authorization: Bearer YOUR-TOKEN"
```
-或者,我们可以[列出组织的存储库][org repos api]:
+{% endcurl %}
+
+## Using path parameters
+
+Path parameters modify the operation path. For example, the "List repository issues" path is `/repos/{owner}/{repo}/issues`. The curly brackets `{}` denote path parameters that you need to specify. In this case, you must specify the repository owner and name. For the reference documentation for this operation, see "[List repository issues](/rest/issues/issues#list-repository-issues)."
+
+{% cli %}
+
+{% ifversion ghes or ghae %}
+{% note %}
+
+**Note:** In order for this command to work for {% data variables.product.product_location %}, replace `octocat/Spoon-Knife` with a repository owned by {% data variables.product.product_location %}. Otherwise, rerun the `gh auth login` command to authenticate to {% data variables.product.prodname_dotcom_the_website %} instead of {% data variables.product.product_location %}.
+
+{% endnote %}
+{% endif %}
+
+To get issues from the `octocat/Spoon-Knife` repository, replace `{owner}` with `octocat` and `{repo}` with `Spoon-Knife`.
```shell
-$ curl -i {% data variables.product.api_url_pre %}/orgs/octo-org/repos
+gh api --header 'Accept: application/vnd.github.v3+json' --method GET /repos/octocat/Spoon-Knife/issues
```
-从这些调用返回的信息将取决于我们进行身份验证时令牌所具有的作用域:
+{% endcli %}
-{%- ifversion fpt or ghec or ghes %}
-* 具有 `public_repo` [作用域][scopes]的令牌返回的响应包含我们在 {% data variables.product.product_location %} 上有权查看的所有公共存储库。
-{%- endif %}
-* 具有 `repo` [作用域][scopes]的令牌返回的响应包含我们在 {% data variables.product.product_location %} 上有权查看的所有{% ifversion fpt %}public or private{% elsif ghec or ghes %}公共、专用或内部{% elsif ghae %}private or internal{% endif %}存储库。
+{% javascript %}
-如[文档][repos-api]所示,这些方法采用 `type` 参数,可根据用户对存储库的访问权限类型来筛选返回的存储库。 这样,我们可以只提取直接拥有的存储库、组织存储库或用户通过团队进行协作的存储库。
+{% ifversion ghes or ghae %}
+{% note %}
+
+**Note:** In order for this example to work for {% data variables.product.product_location %}, replace `octocat/Spoon-Knife` with a repository owned by {% data variables.product.product_location %}. Otherwise, create a new `Octokit` instance and do not specify `baseURL`.
+
+{% endnote %}
+{% endif %}
+
+When you make a request with Octokit.js, all parameters, including path parameters, are passed in an object as the second argument to the `request` method. To get issues from the `octocat/Spoon-Knife` repository, specify `owner` as `octocat` and `repo` as `Spoon-Knife`.
+
+```javascript
+await octokit.request("GET /repos/{owner}/{repo}/issues", {
+ owner: "octocat",
+ repo: "Spoon-Knife"
+});
+```
+
+{% endjavascript %}
+
+{% curl %}
+
+To get issues from the `octocat/Spoon-Knife` repository, replace `{owner}` with `octocat` and `{repo}` with `Spoon-Knife`. To build the full path, prepend the base URL for the {% data variables.product.prodname_dotcom %} REST API, `https://api.github.com`: `https://api.github.com/repos/octocat/Spoon-Knife/issues`.
+
+{% ifversion ghes or ghae %}
+{% note %}
+
+**Note:** If you want to use {% data variables.product.product_location %} instead of {% data variables.product.prodname_dotcom_the_website %}, use `{% data variables.product.api_url_code %}` instead of `https://api.github.com` and replace `[hostname]` with the name of {% data variables.product.product_location %}. Replace `octocat/Spoon-Knife` with a repository owned by {% data variables.product.product_location %}.
+
+{% endnote %}
+{% endif %}
```shell
-$ curl -i "{% data variables.product.api_url_pre %}/users/octocat/repos?type=owner"
+curl --request GET \
+--url "https://api.github.com/repos/octocat/Spoon-Knife/issues" \
+--header "Accept: application/vnd.github.v3+json" \
+--header "Authorization: Bearer YOUR-TOKEN"
```
-在此示例中,我们只获取 octocat 拥有的存储库,而没有获取她协作的存储库。 请注意上面的引用 URL。 根据你的 shell 设置,cURL 有时需要一个引用 URL,否则它会忽略查询字符串。
+{% endcurl %}
-### 创建存储库
+The operation returns a list of issues and data about each issue. For more information about using the response, see the "[Using the response](#using-the-response)" section.
-提取现有存储库的信息是一种常见的用例,但 {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} API 也支持创建新的存储库。 要[创建存储库][create repo],我们需要 `POST` 一些包含详细信息和配置选项的 JSON。
+## Using query parameters
+
+Query parameters allow you to control what data is returned for a request. For example, a query parameter may let you specify how many items are returned when the response is paginated.
+
+By default, the "List repository issues" operation returns thirty issues, sorted in descending order by the date they were created. You can use the `per_page` parameter to return two issues instead of 30. You can use the `sort` parameter to sort the issues by the date they were last updated instead of by the date they were created. You can use the `direction` parameter to sort the results in ascending order instead of descending order.
+
+{% cli %}
+
+For {% data variables.product.prodname_cli %}, use the `-F` flag to pass a parameter that is a number, Boolean, or null. Use `-f` to pass string parameters.
+
+{% note %}
+
+**Note**: {% data variables.product.prodname_cli %} does not currently accept parameters that are arrays. For more information, see [this issue](https://github.com/cli/cli/issues/1484).
+
+{% endnote %}
```shell
-$ curl -i -H "Authorization: token ghp_16C7e42F292c6912E7710c838347Ae178B4a" \
- -d '{
- "name": "blog",
- "auto_init": true,
- "private": true,
- "gitignore_template": "nanoc"
- }' \
- {% data variables.product.api_url_pre %}/user/repos
+gh api --header 'Accept: application/vnd.github.v3+json' --method GET /repos/octocat/Spoon-Knife/issues -F per_page=2 -f sort=updated -f direction=asc
```
-在这个最小的示例中,我们为博客(也许要在 [GitHub Pages][pages] 上提供)创建了一个新的专用存储库。 虽然博客 {% ifversion not ghae %}将是公开的{% else %}可供所有企业成员访问{% endif %},但我们已经将仓库设置为私有。 在这一步中,我们还将使用自述文件和 [nanoc][nanoc] 风格的 [.gitignore 模板][gitignore templates]对其进行初始化。
+{% endcli %}
-生成的存储库可在 `https://github.com//blog` 上找到。
-要在你拥有的组织下创建存储库,只需将 API 方法从 `/user/repos` 更改为 `/orgs//repos`。
+{% javascript %}
-接下来,我们将获取新创建的仓库:
+When you make a request with Octokit.js, all parameters, including query parameters, are passed in an object as the second argument to the `request` method.
+
+```javascript
+await octokit.request("GET /repos/{owner}/{repo}/issues", {
+ owner: "octocat",
+ repo: "Spoon-Knife",
+ per_page: 2,
+ sort: "updated",
+ direction: "asc",
+});
+```
+
+{% endjavascript %}
+
+{% curl %}
+
+For cURL, add a `?` to the end of the path, then append your query parameter name and value in the form `parameter_name=value`. Separate multiple query parameters with `&`.
```shell
-$ curl -i {% data variables.product.api_url_pre %}/repos/pengwynn/blog
-
-> HTTP/2 404
-
-> {
-> "message": "Not Found"
-> }
+curl --request GET \
+--url "https://api.github.com/repos/octocat/Spoon-Knife/issues?per_page=2&sort=updated&direction=asc" \
+--header "Accept: application/vnd.github.v3+json" \
+--header "Authorization: Bearer YOUR-TOKEN"
```
-哦,不! 它去哪儿了? 因为我们将存储库创建为专用存储库,所以需要经过身份验证才能看到它。 如果你是一位资深的 HTTP 用户,你可能会预期返回 `403`。 由于我们不想泄露有关专用存储库的信息,因此在本例中,{% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} API 返回 `404`,就好像说“我们既不能确认也不能否认这个存储库的存在”。
+{% endcurl %}
-## 问题
+The operation returns a list of issues and data about each issue. For more information about using the response, see the "[Using the response](#using-the-response)" section.
-{% data variables.product.product_name %} 上的问题 UI 旨在提供“恰到好处”的工作流,不会妨碍你的其他工作。 通过 {% data variables.product.product_name %} [问题 API][issues-api],你可以利用其他工具来提取数据或创建问题,以打造适合你的团队的工作流。
+## Using body parameters
-与 github.com 一样,API 为经过身份验证的用户提供了一些查看问题的方法。 要[查看所有问题][get issues api],请调用 `GET /issues`:
+Body parameters allow you to pass additional data to the API. For example, the "Create an issue" operation requires you to specify a title for the new issue. It also lets you specify other information, such as text to put in the issue body. For the full reference documentation for this operation, see "[Create an issue](/rest/issues/issues#create-an-issue)."
+
+The "Create an issue" operation uses the same path as the "List repository issues" operation in the examples above, but it uses a `POST` method instead of a `GET` method.
+
+{% cli %}
+
+For {% data variables.product.prodname_cli %}, use the `-F` flag to pass a parameter that is a number, Boolean, or null. Use `-f` to pass string parameters.
+
+{% note %}
+
+**Note**: {% data variables.product.prodname_cli %} does not currently accept parameters that are arrays. For more information, see [this issue](https://github.com/cli/cli/issues/1484).
+
+{% endnote %}
```shell
-$ curl -i -H "Authorization: token ghp_16C7e42F292c6912E7710c838347Ae178B4a" \
- {% data variables.product.api_url_pre %}/issues
+gh api --header 'Accept: application/vnd.github.v3+json' --method POST /repos/octocat/Spoon-Knife/issues -f title="Created with the REST API" -f body="This is a test issue created by the REST API"
```
-要仅获取[某个 {% data variables.product.product_name %} 组织下的问题][get issues api],请调用 `GET
-/orgs//issues`:
+{% endcli %}
+
+{% javascript %}
+
+When you make a request with Octokit.js, all parameters, including body parameters, are passed in an object as the second argument to the `request` method.
+
+```javascript
+await octokit.request("POST /repos/{owner}/{repo}/issues", {
+ owner: "octocat",
+ repo: "Spoon-Knife",
+ title: "Created with the REST API",
+ body: "This is a test issue created by the REST API",
+});
+```
+
+{% endjavascript %}
+
+{% curl %}
+
+For cURL, use the `--data` flag to pass the body parameters in a JSON object.
```shell
-$ curl -i -H "Authorization: token ghp_16C7e42F292c6912E7710c838347Ae178B4a" \
- {% data variables.product.api_url_pre %}/orgs/rails/issues
+curl --request POST \
+--url "https://api.github.com/repos/octocat/Spoon-Knife/issues" \
+--header "Accept: application/vnd.github.v3+json" \
+--header "Authorization: Bearer YOUR-TOKEN" \
+--data '{
+ "title": "Created with the REST API",
+ "body": "This is a test issue created by the REST API"
+}'
```
-我们还可以获取[单个存储库下的所有问题][repo issues api]:
+{% endcurl %}
+
+The operation creates an issue and returns data about the new issue. In the response, find the `html_url` of your issue and navigate to your issue in the browser. For more information about using the response, see the "[Using the response](#using-the-response)" section.
+
+## Using the response
+
+### About the response code and headers
+
+Every request will return an HTTP status code that indicates the success of the response. For more information about response codes, see [the MDN HTTP response status code documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status).
+
+Additionally, the response will include headers that give more details about the response. Headers that start with `X-` or `x-` are custom to {% data variables.product.company_short %}. For example, the `x-ratelimit-remaining` and `x-ratelimit-reset` headers tell you how many requests you can make in a time period.
+
+{% cli %}
+
+To view the status code and headers, use the `--include` or `--i` flag when you send your request.
+
+For example, this request:
```shell
-$ curl -i {% data variables.product.api_url_pre %}/repos/rails/rails/issues
+gh api --header 'Accept: application/vnd.github.v3+json' --method GET /repos/octocat/Spoon-Knife/issues -F per_page=2 --include
```
-### 分页
-
-一个 Rails 规模的项目有数千个议题。 我们需要[分页][pagination],进行多次 API 调用来获取数据。 让我们重复上一次调用,这次请注意响应头:
+returns the response code and headers like:
```shell
-$ curl -i {% data variables.product.api_url_pre %}/repos/rails/rails/issues
-
-> HTTP/2 200
-
-> ...
-> Link: <{% data variables.product.api_url_pre %}/repositories/8514/issues?page=2>; rel="next", <{% data variables.product.api_url_pre %}/repositories/8514/issues?page=30>; rel="last"
-> ...
+HTTP/2.0 200 OK
+Access-Control-Allow-Origin: *
+Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
+Cache-Control: private, max-age=60, s-maxage=60
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json; charset=utf-8
+Date: Thu, 04 Aug 2022 19:56:41 GMT
+Etag: W/"a63dfbcfdb73621e9d2e89551edcf9856731ced534bd7f1e114a5da1f5f73418"
+Link: ; rel="next", ; rel="last"
+Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
+Server: GitHub.com
+Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
+Vary: Accept, Authorization, Cookie, X-GitHub-OTP, Accept-Encoding, Accept, X-Requested-With
+X-Accepted-Oauth-Scopes: repo
+X-Content-Type-Options: nosniff
+X-Frame-Options: deny
+X-Github-Api-Version-Selected: 2022-08-09
+X-Github-Media-Type: github.v3; format=json
+X-Github-Request-Id: 1C73:26D4:E2E500:1EF78F4:62EC2479
+X-Oauth-Client-Id: 178c6fc778ccc68e1d6a
+X-Oauth-Scopes: gist, read:org, repo, workflow
+X-Ratelimit-Limit: 15000
+X-Ratelimit-Remaining: 14996
+X-Ratelimit-Reset: 1659645499
+X-Ratelimit-Resource: core
+X-Ratelimit-Used: 4
+X-Xss-Protection: 0
```
-[`Link` 标头][link-header]为响应提供了一种链接到外部资源(在本例中为附加数据页)的方法。 由于我们的调用发现了超过 30 个问题(默认页面大小),因此 API 将告诉我们在哪里可以找到下一页和最后一页结果。
+In this example, the response code is `200`, which indicates a successful request.
-### 创建议题
+{% endcli %}
-现在我们已经了解如何对问题列表分页,现在来使用 API [创建问题][create issue]。
+{% javascript %}
-要创建问题,我们需要进行身份验证,因此我们将在标头中传递 OAuth 令牌。 此外,我们还将 JSON 正文中的标题、正文和标签传递到要在其中创建问题的存储库下的 `/issues` 路径:
+When you make a request with Octokit.js, the `request` method returns a promise. If the request was successful, the promise resolves to an object that includes the HTTP status code of the response (`status`) and the response headers (`headers`). If an error occurs, the promise resolves to an object that includes the HTTP status code of the response (`status`) and the response headers (`response.headers`).
+
+You can use a `try/catch` block to catch an error if it occurs. For example, if the request in the following script is successful, the script will log the status code and the value of the `x-ratelimit-remaining` header. If the request was not successful, the script will log the status code, the value of the `x-ratelimit-remaining` header, and the error message.
+
+```javascript
+try {
+ const result = await octokit.request("GET /repos/{owner}/{repo}/issues", {
+ owner: "octocat",
+ repo: "Spoon-Knife",
+ per_page: 2,
+ });
+
+ console.log(`Success! Status: ${result.status}. Rate limit remaining: ${result.headers["x-ratelimit-remaining"]}`)
+
+} catch (error) {
+ console.log(`Error! Status: ${error.status}. Rate limit remaining: ${error.headers["x-ratelimit-remaining"]}. Message: ${error.response.data.message}`)
+}
+```
+
+{% endjavascript %}
+
+{% curl %}
+
+To view the status code and headers, use the `--include` or `--i` flag when you send your request.
+
+For example, this request:
```shell
-$ curl -i -H 'Authorization: token ghp_16C7e42F292c6912E7710c838347Ae178B4a' \
-$ -d '{ \
-$ "title": "New logo", \
-$ "body": "We should have one", \
-$ "labels": ["design"] \
-$ }' \
-$ {% data variables.product.api_url_pre %}/repos/pengwynn/api-sandbox/issues
-
-> HTTP/2 201
-> Location: {% data variables.product.api_url_pre %}/repos/pengwynn/api-sandbox/issues/17
-> X-RateLimit-Limit: 5000
-
-> {
-> "pull_request": {
-> "patch_url": null,
-> "html_url": null,
-> "diff_url": null
-> },
-> "created_at": "2012-11-14T15:25:33Z",
-> "comments": 0,
-> "milestone": null,
-> "title": "New logo",
-> "body": "We should have one",
-> "user": {
-> "login": "pengwynn",
-> "gravatar_id": "7e19cd5486b5d6dc1ef90e671ba52ae0",
-> "avatar_url": "https://secure.gravatar.com/avatar/7e19cd5486b5d6dc1ef90e671ba52ae0?d=https://a248.e.akamai.net/assets.github.com%2Fimages%2Fgravatars%2Fgravatar-user-420.png",
-> "id": 865,
-> "url": "{% data variables.product.api_url_pre %}/users/pengwynn"
-> },
-> "closed_at": null,
-> "updated_at": "2012-11-14T15:25:33Z",
-> "number": 17,
-> "closed_by": null,
-> "html_url": "https://github.com/pengwynn/api-sandbox/issues/17",
-> "labels": [
-> {
-> "color": "ededed",
-> "name": "design",
-> "url": "{% data variables.product.api_url_pre %}/repos/pengwynn/api-sandbox/labels/design"
-> }
-> ],
-> "id": 8356941,
-> "assignee": null,
-> "state": "open",
-> "url": "{% data variables.product.api_url_pre %}/repos/pengwynn/api-sandbox/issues/17"
-> }
+curl --request GET \
+--url "https://api.github.com/repos/octocat/Spoon-Knife/issues?per_page=2" \
+--header "Accept: application/vnd.github.v3+json" \
+--header "Authorization: Bearer YOUR-TOKEN" \
+--include
```
-该响应在 `Location` 响应头和 JSON 响应的 `url` 字段中为我们提供了几个指向新创建问题的指针。
-
-## 条件请求
-
-通过缓存未更改的信息来遵守速率限制,是成为一个良好 API 公民的重要特质。 API 支持[条件请求][conditional-requests]并帮助你正确行事。 请注意我们为获取 defunkt 的个人资料而进行的第一个调用:
+returns the response code and headers like:
```shell
-$ curl -i {% data variables.product.api_url_pre %}/users/defunkt
-
-> HTTP/2 200
-> etag: W/"61e964bf6efa3bc3f9e8549e56d4db6e0911d8fa20fcd8ab9d88f13d513f26f0"
+HTTP/2 200
+server: GitHub.com
+date: Thu, 04 Aug 2022 20:07:51 GMT
+content-type: application/json; charset=utf-8
+cache-control: public, max-age=60, s-maxage=60
+vary: Accept, Accept-Encoding, Accept, X-Requested-With
+etag: W/"7fceb7e8c958d3ec4d02524b042578dcc7b282192e6c939070f4a70390962e18"
+x-github-media-type: github.v3; format=json
+link: ; rel="next", ; rel="last"
+access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
+access-control-allow-origin: *
+strict-transport-security: max-age=31536000; includeSubdomains; preload
+x-frame-options: deny
+x-content-type-options: nosniff
+x-xss-protection: 0
+referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
+content-security-policy: default-src 'none'
+x-ratelimit-limit: 15000
+x-ratelimit-remaining: 14996
+x-ratelimit-reset: 1659645535
+x-ratelimit-resource: core
+x-ratelimit-used: 4
+accept-ranges: bytes
+content-length: 4936
+x-github-request-id: 14E0:4BC6:F1B8BA:208E317:62EC2715
```
-除了 JSON 正文之外,还要注意 HTTP 状态代码 `200` 和 `ETag` 标头。
-[ETag][etag] 是响应的指纹。 如果我们在后续调用中传递它,则可以告诉 API 仅在资源发生改变的情况才将其再次提供给我们:
+In this example, the response code is `200`, which indicates a successful request.
+
+{% endcurl %}
+
+### About the response body
+
+Many operations will return a response body. Unless otherwise specified, the response body is in JSON format. For example, this request returns a list of issues with data about each issue:
+
+{% cli %}
```shell
-$ curl -i -H 'If-None-Match: "61e964bf6efa3bc3f9e8549e56d4db6e0911d8fa20fcd8ab9d88f13d513f26f0"' \
-$ {% data variables.product.api_url_pre %}/users/defunkt
-
-> HTTP/2 304
+gh api --header 'Accept: application/vnd.github.v3+json' --method GET /repos/octocat/Spoon-Knife/issues -F per_page=2
```
-`304` 状态表示该资源自上次请求以来没有发生改变,该响应将不包含任何正文。 另外,`304` 响应不计入你的[速率限制][rate-limiting]。
+{% endcli %}
-现在您了解 {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} API 的基础知识了!
+{% javascript %}
-* 基本和 OAuth 身份验证
-* 获取和创建仓库及议题
-* 条件请求
+```javascript
+await octokit.request("GET /repos/{owner}/{repo}/issues", {
+ owner: "octocat",
+ repo: "Spoon-Knife",
+ per_page: 2,
+});
+```
-继续学习下一个 API 指南[身份验证基础知识][auth guide]!
+{% endjavascript %}
-[wrappers]: /libraries/
-[curl]: http://curl.haxx.se/
-[media types]: /rest/overview/media-types
-[oauth]: /apps/building-integrations/setting-up-and-registering-oauth-apps/
-[webflow]: /apps/building-oauth-apps/authorizing-oauth-apps/
-[scopes]: /apps/building-oauth-apps/understanding-scopes-for-oauth-apps/
-[repos-api]: /rest/reference/repos
-[pages]: http://pages.github.com
-[nanoc]: http://nanoc.ws/
-[gitignore templates]: https://github.com/github/gitignore
-[issues-api]: /rest/reference/issues
-[link-header]: https://www.w3.org/wiki/LinkHeader
-[conditional-requests]: /rest#conditional-requests
-[rate-limiting]: /rest/overview/resources-in-the-rest-api#rate-limit-http-headers
-[users api]: /rest/reference/users#get-a-user
-[auth user api]: /rest/reference/users#get-the-authenticated-user
-[defunkt github]: https://github.com/defunkt
-[json]: http://en.wikipedia.org/wiki/JSON
-[authentication]: /rest#authentication
-[2fa]: /articles/about-two-factor-authentication
-[2fa header]: /rest/overview/other-authentication-methods#working-with-two-factor-authentication
-[oauth section]: /rest/guides/getting-started-with-the-rest-api#oauth
-[personal token]: /articles/creating-an-access-token-for-command-line-use
-[tokens settings]: https://github.com/settings/tokens
-[pagination]: /rest#pagination
-[get repo]: /rest/reference/repos#get-a-repository
-[create repo]: /rest/reference/repos#create-a-repository-for-the-authenticated-user
-[create issue]: /rest/reference/issues#create-an-issue
-[auth guide]: /guides/basics-of-authentication
-[user repos api]: /rest/reference/repos#list-repositories-for-the-authenticated-user
-[other user repos api]: /rest/reference/repos#list-repositories-for-a-user
-[org repos api]: /rest/reference/repos#list-organization-repositories
-[get issues api]: /rest/reference/issues#list-issues-assigned-to-the-authenticated-user
-[repo issues api]: /rest/reference/issues#list-repository-issues
-[etag]: http://en.wikipedia.org/wiki/HTTP_ETag
-[2fa section]: /rest/guides/getting-started-with-the-rest-api#two-factor-authentication
+{% curl %}
+
+```shell
+curl --request GET \
+--url "https://api.github.com/repos/octocat/Spoon-Knife/issues?per_page=2" \
+--header "Accept: application/vnd.github.v3+json" \
+--header "Authorization: Bearer YOUR-TOKEN"
+```
+
+{% endcurl %}
+
+Unlike the GraphQL API where you specify what information you want, the REST API typically returns more information than you need. If desired, you can parse the response to pull out specific pieces of information.
+
+{% cli %}
+
+For example, you can use `>` to redirect the response to a file:
+
+```shell
+gh api --header 'Accept: application/vnd.github.v3+json' --method GET /repos/octocat/Spoon-Knife/issues -F per_page=2 > data.json
+```
+
+Then you can use jq to get the title and author ID of each issue:
+
+```shell
+jq '.[] | {title: .title, authorID: .user.id}' data.json
+```
+
+The previous two commands return something like:
+
+```
+{
+ "title": "Update index.html",
+ "authorID": 10701255
+}
+{
+ "title": "Edit index file",
+ "authorID": 53709285
+}
+```
+
+For more information about jq, see [the jq documentation](https://stedolan.github.io/jq/) and [jq play](https://jqplay.org/).
+
+{% endcli %}
+
+{% javascript %}
+
+For example, you can get the title and author ID of each issue:
+
+```javascript
+try {
+ const result = await octokit.request("GET /repos/{owner}/{repo}/issues", {
+ owner: "octocat",
+ repo: "Spoon-Knife",
+ per_page: 2,
+ });
+
+ const titleAndAuthor = result.data.map(issue => {title: issue.title, authorID: issue.user.id})
+
+ console.log(titleAndAuthor)
+
+} catch (error) {
+ console.log(`Error! Status: ${error.status}. Message: ${error.response.data.message}`)
+}
+```
+
+{% endjavascript %}
+
+{% curl %}
+
+For example, you can use `>` to redirect the response to a file:
+
+```shell
+curl --request GET \
+--url "https://api.github.com/repos/octocat/Spoon-Knife/issues?per_page=2" \
+--header "Accept: application/vnd.github.v3+json" \
+--header "Authorization: Bearer YOUR-TOKEN" > data.json
+```
+
+Then you can use jq to get the title and author ID of each issue:
+
+```shell
+jq '.[] | {title: .title, authorID: .user.id}' data.json
+```
+
+The previous two commands return something like:
+
+```
+{
+ "title": "Update index.html",
+ "authorID": 10701255
+}
+{
+ "title": "Edit index file",
+ "authorID": 53709285
+}
+```
+
+For more information about jq, see [the jq documentation](https://stedolan.github.io/jq/) and [jq play](https://jqplay.org/).
+
+{% endcurl %}
+
+## Next steps
+
+This article demonstrated how to list and create issues in a repository. For more practice, try to comment on an issue, edit the title of an issue, or close an issue. For more information about these operations, see "[Create an issue comment](/rest/issues#create-an-issue-comment)" and "[Update an issue](/rest/issues/issues#update-an-issue)."
+
+For more information about the operations that you can use, see the [REST reference documentation](/rest).
diff --git a/translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/index.md b/translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/index.md
index 9e355d867b..2789f89036 100644
--- a/translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/index.md
+++ b/translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/index.md
@@ -13,6 +13,7 @@ children:
- /about-github-sponsors-for-open-source-contributors
- /setting-up-github-sponsors-for-your-personal-account
- /setting-up-github-sponsors-for-your-organization
+ - /using-a-fiscal-host-to-receive-github-sponsors-payouts
- /editing-your-profile-details-for-github-sponsors
- /managing-your-sponsorship-goal
- /managing-your-sponsorship-tiers
diff --git a/translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization.md b/translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization.md
index c00e45cc39..7fff95c1c3 100644
--- a/translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization.md
+++ b/translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization.md
@@ -1,6 +1,6 @@
---
-title: 为您的组织设置 GitHub Sponsors
-intro: '您的组织可以加入 {% data variables.product.prodname_sponsors %} 以接受对您工作的付款。'
+title: Setting up GitHub Sponsors for your organization
+intro: 'Your organization can join {% data variables.product.prodname_sponsors %} to receive payments for your work.'
redirect_from:
- /articles/setting-up-github-sponsorship-for-your-organization
- /articles/receiving-sponsorships-as-a-sponsored-organization
@@ -15,64 +15,84 @@ topics:
- Sponsors profile
- Open Source
shortTitle: Set up for organization
-ms.openlocfilehash: d7de813453d379ae898cc26d9579e06710aab26d
-ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
-ms.translationtype: HT
-ms.contentlocale: zh-CN
-ms.lasthandoff: 09/05/2022
-ms.locfileid: '145164468'
---
-## 加入 {% data variables.product.prodname_sponsors %}
+
+## Joining {% data variables.product.prodname_sponsors %}
{% data reusables.sponsors.you-can-be-a-sponsored-organization %} {% data reusables.sponsors.stripe-supported-regions %}
-收到邀请您的组织加入 {% data variables.product.prodname_sponsors %} 的邀请后,您可以完成以下步骤以成为被赞助的组织。
+After you receive an invitation for your organization to join {% data variables.product.prodname_sponsors %}, you can complete the steps below to become a sponsored organization.
-若要将 {% data variables.product.prodname_sponsors %} 作为组织外部的个人参与者加入,请参阅“[为个人帐户设置 {% data variables.product.prodname_sponsors %}](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account)”。
+To join {% data variables.product.prodname_sponsors %} as an individual contributor outside an organization, see "[Setting up {% data variables.product.prodname_sponsors %} for your personal account](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account)."
-{% data reusables.sponsors.navigate-to-github-sponsors %} {% data reusables.sponsors.view-eligible-accounts %}
-3. 在组织的右侧,单击“加入等待列表”。
-{% data reusables.sponsors.contact-info %} {% data reusables.sponsors.accept-legal-terms %}
+{% data reusables.sponsors.navigate-to-github-sponsors %}
+{% data reusables.sponsors.view-eligible-accounts %}
+3. To the right of your organization, click **Join the waitlist**.
+{% data reusables.sponsors.contact-info %}
+{% data reusables.sponsors.payout-choice %}
+ 
-## 填写被赞助组织资料
+{% data reusables.sponsors.accept-legal-terms %}
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.navigate-to-profile-tab %} {% data reusables.sponsors.short-bio %} {% data reusables.sponsors.add-introduction %} {% data reusables.sponsors.meet-the-team %} {% data reusables.sponsors.edit-featured-work %} {% data reusables.sponsors.opt-in-to-being-featured %} {% data reusables.sponsors.save-profile %}
+## Completing your sponsored organization profile
-## 创建赞助等级
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.navigate-to-profile-tab %}
+{% data reusables.sponsors.short-bio %}
+{% data reusables.sponsors.add-introduction %}
+{% data reusables.sponsors.meet-the-team %}
+{% data reusables.sponsors.edit-featured-work %}
+{% data reusables.sponsors.opt-in-to-being-featured %}
+{% data reusables.sponsors.save-profile %}
+
+## Creating sponsorship tiers
{% data reusables.sponsors.tier-details %}
{% data reusables.sponsors.maximum-tier %}
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.navigate-to-sponsor-tiers-tab %} {% data reusables.sponsors.click-add-tier %} {% data reusables.sponsors.tier-price-description %} {% data reusables.sponsors.add-welcome-message %} {% data reusables.sponsors.save-tier-draft %} {% data reusables.sponsors.review-and-publish-tier %} {% data reusables.sponsors.add-more-tiers %}
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.navigate-to-sponsor-tiers-tab %}
+{% data reusables.sponsors.click-add-tier %}
+{% data reusables.sponsors.tier-price-description %}
+{% data reusables.sponsors.add-welcome-message %}
+{% data reusables.sponsors.save-tier-draft %}
+{% data reusables.sponsors.review-and-publish-tier %}
+{% data reusables.sponsors.add-more-tiers %}
-## 提交您的银行信息
+## Submitting your bank information
-作为被赞助组织,您将在受支持的区域接收支付到银行帐户的赞助款。 这可以是您组织的专用银行帐户或个人银行帐户。 可以通过 [Stripe Atlas](https://stripe.com/atlas) 等服务获取商业银行帐户,也可以加入 [Open Collective](https://opencollective.com/) 等财务托管。 为组织设置 {% data variables.product.prodname_sponsors %} 的人员也必须居住在同一受支持的区域。 {% data reusables.sponsors.stripe-supported-regions %}
+As a sponsored organization, you will receive payouts to a bank account in a supported region or via a fiscal host.
+
+{% data reusables.sponsors.bank-info-fiscal-host-reminder %} For more information about setting up and using fiscal hosts, see "[Using a fiscal host to receive GitHub Sponsors payouts](/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts)."
+
+If you choose to receive payouts to a bank account, your bank account can be a dedicated bank account for your organization or a personal bank account. You can get a business bank account through services like [Stripe Atlas](https://stripe.com/atlas). The person setting up {% data variables.product.prodname_sponsors %} for the organization must live in the same supported region, too. {% data reusables.sponsors.stripe-supported-regions %}
{% data reusables.sponsors.double-check-stripe-info %}
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.create-stripe-account %}
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.create-stripe-account %}
-有关使用 Open Collective 设置 Stripe 连接的详细信息,请参阅 Open Collective 文档中的[设置 {% data variables.product.prodname_sponsors %}](https://docs.opencollective.com/help/collectives/github-sponsors)。
-
-## 提交您的税务信息
+## Submitting your tax information
{% data reusables.sponsors.tax-form-information-org %}
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.overview-tab %} {% data reusables.sponsors.tax-form-link %}
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.overview-tab %}
+{% data reusables.sponsors.tax-form-link %}
-## 在您的 {% data variables.product.prodname_dotcom %} 帐户上启用双重身份验证 (2FA)。
+## Enabling two-factor authentication (2FA) on your {% data variables.product.prodname_dotcom %} account
-在您的组织成为被赞助的组织之前,您必须为您在 {% data variables.product.product_location %} 上的帐户启用 2FA。 有关详细信息,请参阅“[配置双重身份验证](/articles/configuring-two-factor-authentication)”。
+Before your organization can become a sponsored organization, you must enable 2FA for your account on {% data variables.product.product_location %}. For more information, see "[Configuring two-factor authentication](/articles/configuring-two-factor-authentication)."
-## 向 {% data variables.product.prodname_dotcom %} 提交申请以请求批准
+## Submitting your application to {% data variables.product.prodname_dotcom %} for approval
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.request-approval %}
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.request-approval %}
{% data reusables.sponsors.github-review-app %}
-## 延伸阅读
+## Further reading
-- [关于 {% data variables.product.prodname_sponsors %}](/sponsors/getting-started-with-github-sponsors/about-github-sponsors)
-- [通过 {% data variables.product.prodname_sponsors %} 接受赞助](/sponsors/receiving-sponsorships-through-github-sponsors)
+- "[About {% data variables.product.prodname_sponsors %}](/sponsors/getting-started-with-github-sponsors/about-github-sponsors)"
+- "[Receiving sponsorships through {% data variables.product.prodname_sponsors %}](/sponsors/receiving-sponsorships-through-github-sponsors)"
diff --git a/translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account.md b/translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account.md
index 4af951e64f..a5929f0a51 100644
--- a/translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account.md
+++ b/translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-personal-account.md
@@ -1,6 +1,6 @@
---
-title: 针对个人帐户设置 GitHub 赞助商
-intro: '要成为被赞助的开发者,请加入 {% data variables.product.prodname_sponsors %}、填写被赞助开发者个人资料、创建赞助等级、提交您的银行和税务信息并为您在 {% data variables.product.product_location %} 上的帐户启用双重身份验证。'
+title: Setting up GitHub Sponsors for your personal account
+intro: 'You can become a sponsored developer by joining {% data variables.product.prodname_sponsors %}, completing your sponsored developer profile, creating sponsorship tiers, submitting your bank and tax information, and enabling two-factor authentication for your account on {% data variables.product.product_location %}.'
redirect_from:
- /articles/becoming-a-sponsored-developer
- /github/supporting-the-open-source-community-with-github-sponsors/becoming-a-sponsored-developer
@@ -14,62 +14,82 @@ topics:
- User account
- Sponsors profile
shortTitle: Set up for personal account
-ms.openlocfilehash: 288dd5ab53d1a27b7f97ccf9429973a668d8f72b
-ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
-ms.translationtype: HT
-ms.contentlocale: zh-CN
-ms.lasthandoff: 09/05/2022
-ms.locfileid: '145164620'
---
-## 加入 {% data variables.product.prodname_sponsors %}
+
+## Joining {% data variables.product.prodname_sponsors %}
{% data reusables.sponsors.you-can-be-a-sponsored-developer %} {% data reusables.sponsors.stripe-supported-regions %}
-若要将 {% data variables.product.prodname_sponsors %} 作为组织加入,请参阅“[为组织设置 {% data variables.product.prodname_sponsors %}](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization)”。
+To join {% data variables.product.prodname_sponsors %} as an organization, see "[Setting up {% data variables.product.prodname_sponsors %} for your organization](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-organization)."
{% data reusables.sponsors.navigate-to-github-sponsors %}
-2. 如果您是组织所有者,则有多个符合条件的帐户。 单击“查看符合条件的帐户”,然后在帐户列表中找到你的个人帐户。
-3. 单击“加入等待列表”。
-{% data reusables.sponsors.contact-info %} {% data reusables.sponsors.accept-legal-terms %}
+2. If you are an organization owner, you have more than one eligible account. Click **Get sponsored**, then in the list of accounts, find your personal account.
+ 
+3. Click **Join the waitlist**.
+{% data reusables.sponsors.contact-info %}
+{% data reusables.sponsors.payout-choice %}
+ 
-如果您在受支持的区域有银行帐户, {% data variables.product.prodname_dotcom %} 将在两周内审核您的申请。
+{% data reusables.sponsors.accept-legal-terms %}
-## 填写被赞助开发者个人资料
+If you have a bank account in a supported region, {% data variables.product.prodname_dotcom %} will review your application within two weeks.
-在 {% data variables.product.prodname_dotcom %} 审核您的申请后,您可以设置您的被赞助开发者个人资料,以便人们可以开始赞助您。
+## Completing your sponsored developer profile
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.navigate-to-profile-tab %} {% data reusables.sponsors.short-bio %} {% data reusables.sponsors.add-introduction %} {% data reusables.sponsors.edit-featured-work %} {% data reusables.sponsors.opt-in-to-being-featured %} {% data reusables.sponsors.save-profile %}
+After {% data variables.product.prodname_dotcom %} reviews your application, you can set up your sponsored developer profile so that people can start sponsoring you.
-## 创建赞助等级
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.navigate-to-profile-tab %}
+{% data reusables.sponsors.short-bio %}
+{% data reusables.sponsors.add-introduction %}
+{% data reusables.sponsors.edit-featured-work %}
+{% data reusables.sponsors.opt-in-to-being-featured %}
+{% data reusables.sponsors.save-profile %}
+
+## Creating sponsorship tiers
{% data reusables.sponsors.tier-details %}
{% data reusables.sponsors.maximum-tier %}
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.navigate-to-sponsor-tiers-tab %} {% data reusables.sponsors.click-add-tier %} {% data reusables.sponsors.tier-price-description %} {% data reusables.sponsors.add-welcome-message %} {% data reusables.sponsors.save-tier-draft %} {% data reusables.sponsors.review-and-publish-tier %} {% data reusables.sponsors.add-more-tiers %}
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.navigate-to-sponsor-tiers-tab %}
+{% data reusables.sponsors.click-add-tier %}
+{% data reusables.sponsors.tier-price-description %}
+{% data reusables.sponsors.add-welcome-message %}
+{% data reusables.sponsors.save-tier-draft %}
+{% data reusables.sponsors.review-and-publish-tier %}
+{% data reusables.sponsors.add-more-tiers %}
-## 提交您的银行信息
+## Submitting your bank information
-如果您居住在受支持的区域,可以按照这些说明创建 Stripe Connect 帐户来提交银行信息。 您居住的区域与您的银行帐户所在区域必须匹配。 {% data reusables.sponsors.stripe-supported-regions %}
+As a sponsored user, you will receive payouts to a bank account in a supported region or via a fiscal host.
+
+{% data reusables.sponsors.bank-info-fiscal-host-reminder %} For more information about setting up and using fiscal hosts, see "[Using a fiscal host to receive GitHub Sponsors payouts](/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts)."
+
+If you choose to receive payouts to a bank account, your region of residence and the region of your bank account must match. {% data reusables.sponsors.stripe-supported-regions %}
{% data reusables.sponsors.double-check-stripe-info %}
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.create-stripe-account %}
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.create-stripe-account %}
-## 提交您的税务信息
+## Submitting your tax information
{% data reusables.sponsors.tax-form-information-dev %}
-{% data reusables.sponsors.navigate-to-sponsors-dashboard %} {% data reusables.sponsors.overview-tab %} {% data reusables.sponsors.tax-form-link %}
+{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
+{% data reusables.sponsors.overview-tab %}
+{% data reusables.sponsors.tax-form-link %}
-## 在您的 {% data variables.product.prodname_dotcom %} 帐户上启用双重身份验证 (2FA)。
+## Enabling two-factor authentication (2FA) on your {% data variables.product.prodname_dotcom %} account
-在成为被赞助的开发者之前,您必须为您在 {% data variables.product.product_location %} 上的帐户启用 2FA。 有关详细信息,请参阅“[配置双因素身份验证](/articles/configuring-two-factor-authentication)”。
+Before you can become a sponsored developer, you must enable 2FA for your account on {% data variables.product.product_location %}. For more information, see "[Configuring two-factor authentication](/articles/configuring-two-factor-authentication)."
-## 向 {% data variables.product.prodname_dotcom %} 提交申请以请求批准
+## Submitting your application to {% data variables.product.prodname_dotcom %} for approval
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
-4. 单击“请求审批”。
- 
+4. Click **Request approval**.
+ 
{% data reusables.sponsors.github-review-app %}
diff --git a/translations/zh-CN/data/features/GH-advisory-db-supports-malware.yml b/translations/zh-CN/data/features/GH-advisory-db-supports-malware.yml
new file mode 100644
index 0000000000..6283037ef5
--- /dev/null
+++ b/translations/zh-CN/data/features/GH-advisory-db-supports-malware.yml
@@ -0,0 +1,6 @@
+# Reference: Issue #7088 GitHub Advisory Database now supports advisories for malware
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>3.5'
+ ghae: 'issue-7088'
diff --git a/translations/zh-CN/data/features/actions-cache-management.yml b/translations/zh-CN/data/features/actions-cache-management.yml
new file mode 100644
index 0000000000..08f9d50538
--- /dev/null
+++ b/translations/zh-CN/data/features/actions-cache-management.yml
@@ -0,0 +1,7 @@
+# Reference: #6154
+# Documentation for Actions cache management APIs (initial ship)
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '> 3.4'
+ ghae: '问题-6154'
diff --git a/translations/zh-CN/data/features/actions-cache-policy-apis.yml b/translations/zh-CN/data/features/actions-cache-policy-apis.yml
new file mode 100644
index 0000000000..9e8f3ef50e
--- /dev/null
+++ b/translations/zh-CN/data/features/actions-cache-policy-apis.yml
@@ -0,0 +1,5 @@
+# Reference: #6456
+# APIs to set default and max cache sizes. Only for GHES.
+versions:
+ ghes: '>=3.5'
+ ghae: '问题-6456'
diff --git a/translations/zh-CN/data/features/actions-caching.yml b/translations/zh-CN/data/features/actions-caching.yml
new file mode 100644
index 0000000000..b2da42f90e
--- /dev/null
+++ b/translations/zh-CN/data/features/actions-caching.yml
@@ -0,0 +1,7 @@
+# Reference: #6456
+# General versioning for caching feature for Actions, newly added to GHES in 3.5
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.5'
+ ghae: 'issue-6456'
diff --git a/translations/zh-CN/data/features/actions-node16-action.yml b/translations/zh-CN/data/features/actions-node16-action.yml
new file mode 100644
index 0000000000..e85c758fc2
--- /dev/null
+++ b/translations/zh-CN/data/features/actions-node16-action.yml
@@ -0,0 +1,7 @@
+# Reference: #6447
+# Versions of actions used in workflows have been updated to their Node 16 version.
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.5'
+ ghae: 'issue-6447'
diff --git a/translations/zh-CN/data/features/actions-runner-arch-envvars.yml b/translations/zh-CN/data/features/actions-runner-arch-envvars.yml
new file mode 100644
index 0000000000..976842672d
--- /dev/null
+++ b/translations/zh-CN/data/features/actions-runner-arch-envvars.yml
@@ -0,0 +1,7 @@
+# Reference: #5727
+# Documentation for new runner 'arch' environment variables set by the `runner` app.
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.4'
+ ghae: '问题-5727'
diff --git a/translations/zh-CN/data/features/actions-workflow-policy.yml b/translations/zh-CN/data/features/actions-workflow-policy.yml
new file mode 100644
index 0000000000..3801888ae6
--- /dev/null
+++ b/translations/zh-CN/data/features/actions-workflow-policy.yml
@@ -0,0 +1,5 @@
+# Reference: #6478.
+# Versioning for enterprise/org/repo policy settings for reusable workflow use.
+versions:
+ fpt: '*'
+ ghec: '*'
diff --git a/translations/zh-CN/data/features/allow-actions-to-approve-pr-with-ent-repo.yml b/translations/zh-CN/data/features/allow-actions-to-approve-pr-with-ent-repo.yml
new file mode 100644
index 0000000000..054654f95d
--- /dev/null
+++ b/translations/zh-CN/data/features/allow-actions-to-approve-pr-with-ent-repo.yml
@@ -0,0 +1,7 @@
+# Reference: #6926.
+# Versioning for enterprise/repository policy settings for workflow PR creation or approval permission. This is only the enterprise and repo settings! For the previous separate ship for the org setting (that only overed approvals), see the allow-actions-to-approve-pr flag.
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.6'
+ ghae: 'issue-6926'
diff --git a/translations/zh-CN/data/features/audit-data-retention-tab.yml b/translations/zh-CN/data/features/audit-data-retention-tab.yml
new file mode 100644
index 0000000000..91f203cdce
--- /dev/null
+++ b/translations/zh-CN/data/features/audit-data-retention-tab.yml
@@ -0,0 +1,5 @@
+# Reference #5104
+# Documentation for the "Audit data retention" tab in the enterprise audit log
+versions:
+ ghes: '>=3.4'
+ ghae: '问题-5104'
diff --git a/translations/zh-CN/data/features/audit-log-streaming.yml b/translations/zh-CN/data/features/audit-log-streaming.yml
new file mode 100644
index 0000000000..d90c1ecaeb
--- /dev/null
+++ b/translations/zh-CN/data/features/audit-log-streaming.yml
@@ -0,0 +1,5 @@
+# Reference: #7055
+# Documentation for audit log streaming
+versions:
+ ghec: '*'
+ ghes: '>= 3.6'
diff --git a/translations/zh-CN/data/features/blame-ignore-revs.yml b/translations/zh-CN/data/features/blame-ignore-revs.yml
new file mode 100644
index 0000000000..f962aa054c
--- /dev/null
+++ b/translations/zh-CN/data/features/blame-ignore-revs.yml
@@ -0,0 +1,6 @@
+# Reference: #6378.
+# Documentation for the `.git-blame-ignore-revs` file and the blame view
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>3.4'
diff --git a/translations/zh-CN/data/features/code-scanning-pr-conversations-tab.yml b/translations/zh-CN/data/features/code-scanning-pr-conversations-tab.yml
new file mode 100644
index 0000000000..9820cecef1
--- /dev/null
+++ b/translations/zh-CN/data/features/code-scanning-pr-conversations-tab.yml
@@ -0,0 +1,5 @@
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.7'
+ ghae: '问题-5895'
diff --git a/translations/zh-CN/data/features/codeowners-errors.yml b/translations/zh-CN/data/features/codeowners-errors.yml
new file mode 100644
index 0000000000..1cb68e3aa8
--- /dev/null
+++ b/translations/zh-CN/data/features/codeowners-errors.yml
@@ -0,0 +1,5 @@
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.5'
+ ghae: '问题-6078'
diff --git a/translations/zh-CN/data/features/codeql-ml-queries.yml b/translations/zh-CN/data/features/codeql-ml-queries.yml
new file mode 100644
index 0000000000..75942fdae8
--- /dev/null
+++ b/translations/zh-CN/data/features/codeql-ml-queries.yml
@@ -0,0 +1,6 @@
+# Reference: #5604.
+# Documentation for the beta release of CodeQL queries boosted by machine learning
+# to generate experiemental alerts in code scanning.
+versions:
+ fpt: '*'
+ ghec: '*'
diff --git a/translations/zh-CN/data/features/codeql-packs.yml b/translations/zh-CN/data/features/codeql-packs.yml
new file mode 100644
index 0000000000..368d28bd7b
--- /dev/null
+++ b/translations/zh-CN/data/features/codeql-packs.yml
@@ -0,0 +1,5 @@
+# Reference: #4702.
+# Documentation for the CodeQL package manager and CodeQL packs.
+versions:
+ fpt: '*'
+ ghec: '*'
diff --git a/translations/zh-CN/data/features/command-palette.yml b/translations/zh-CN/data/features/command-palette.yml
new file mode 100644
index 0000000000..c6f6f4efee
--- /dev/null
+++ b/translations/zh-CN/data/features/command-palette.yml
@@ -0,0 +1,5 @@
+# Reference: #5199.
+# Documentation for the Command palette.
+versions:
+ fpt: '*'
+ ghec: '*'
diff --git a/translations/zh-CN/data/features/container-hooks.yml b/translations/zh-CN/data/features/container-hooks.yml
new file mode 100644
index 0000000000..ab196f4fd1
--- /dev/null
+++ b/translations/zh-CN/data/features/container-hooks.yml
@@ -0,0 +1,6 @@
+# Reference: #7070
+# Actions Runner Container Hooks
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghae: '问题-7070'
diff --git a/translations/zh-CN/data/features/copilot.yml b/translations/zh-CN/data/features/copilot.yml
new file mode 100644
index 0000000000..14ba8f5e2d
--- /dev/null
+++ b/translations/zh-CN/data/features/copilot.yml
@@ -0,0 +1,3 @@
+versions:
+ fpt: '*'
+ ghec: '*'
diff --git a/translations/zh-CN/data/features/custom-repository-roles.yml b/translations/zh-CN/data/features/custom-repository-roles.yml
new file mode 100644
index 0000000000..6ac03846ba
--- /dev/null
+++ b/translations/zh-CN/data/features/custom-repository-roles.yml
@@ -0,0 +1,4 @@
+versions:
+ ghec: '*'
+ ghes: '>=3.5'
+ ghae: '问题-6271'
diff --git a/translations/zh-CN/data/features/delete-code-scanning-alerts.yml b/translations/zh-CN/data/features/delete-code-scanning-alerts.yml
new file mode 100644
index 0000000000..8a836fed97
--- /dev/null
+++ b/translations/zh-CN/data/features/delete-code-scanning-alerts.yml
@@ -0,0 +1,5 @@
+# Tracking removing ability to delete code scanning alerts: ghae-issue-6776
+
+versions:
+ ghae: '*'
+ ghes: '<3.6'
diff --git a/translations/zh-CN/data/features/dependabot-grouped-dependencies.yml b/translations/zh-CN/data/features/dependabot-grouped-dependencies.yml
new file mode 100644
index 0000000000..85a02f85ea
--- /dev/null
+++ b/translations/zh-CN/data/features/dependabot-grouped-dependencies.yml
@@ -0,0 +1,7 @@
+# Reference: #6913
+# Dependabot support for TypeScript @types/*
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>3.5'
+ ghae: '问题-6913'
diff --git a/translations/zh-CN/data/features/dependabot-updates-github-connect.yml b/translations/zh-CN/data/features/dependabot-updates-github-connect.yml
new file mode 100644
index 0000000000..7f81be942e
--- /dev/null
+++ b/translations/zh-CN/data/features/dependabot-updates-github-connect.yml
@@ -0,0 +1,3 @@
+versions:
+ ghes: '>=3.4'
+ ghae: 'issue-5867'
diff --git a/translations/zh-CN/data/features/dependency-graph-rust-support.yml b/translations/zh-CN/data/features/dependency-graph-rust-support.yml
new file mode 100644
index 0000000000..006a11ae8e
--- /dev/null
+++ b/translations/zh-CN/data/features/dependency-graph-rust-support.yml
@@ -0,0 +1,6 @@
+# Reference: Issue #6964 Support for Rust manifest parsing in Dependency graph
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>3.5'
+ ghae: '问题-6964'
diff --git a/translations/zh-CN/data/features/dependency-review-action-configuration.yml b/translations/zh-CN/data/features/dependency-review-action-configuration.yml
new file mode 100644
index 0000000000..557594cb3b
--- /dev/null
+++ b/translations/zh-CN/data/features/dependency-review-action-configuration.yml
@@ -0,0 +1,6 @@
+# Reference: Issue #7061 Configuring the dependency review action - [Public Beta]
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>3.5'
+ ghae: 'issue-7061'
diff --git a/translations/zh-CN/data/features/enterprise-owners-visible-for-org-members.yml b/translations/zh-CN/data/features/enterprise-owners-visible-for-org-members.yml
new file mode 100644
index 0000000000..2cc9348ee3
--- /dev/null
+++ b/translations/zh-CN/data/features/enterprise-owners-visible-for-org-members.yml
@@ -0,0 +1,6 @@
+# Reference: Issue #5741 in docs-content
+# Documentation for enterprise owners UI updates
+versions:
+ ghes: '>=3.4'
+ ghae: 'issue-5741'
+ ghec: '*'
diff --git a/translations/zh-CN/data/features/fixed-width-font-gfm-fields.yml b/translations/zh-CN/data/features/fixed-width-font-gfm-fields.yml
new file mode 100644
index 0000000000..d0d51209f6
--- /dev/null
+++ b/translations/zh-CN/data/features/fixed-width-font-gfm-fields.yml
@@ -0,0 +1,7 @@
+# Reference: #5278.
+# Documentation for the fixed-width font support for markdown fields.
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.4'
+ ghae: 'issue-5278'
diff --git a/translations/zh-CN/data/features/for-you-feed.yml b/translations/zh-CN/data/features/for-you-feed.yml
new file mode 100644
index 0000000000..72ecc3755f
--- /dev/null
+++ b/translations/zh-CN/data/features/for-you-feed.yml
@@ -0,0 +1,6 @@
+# Issues 4834 and 5722
+# New feed for personal dashboards and option to follow organizations
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.5'
diff --git a/translations/zh-CN/data/features/git-events-audit-log.yml b/translations/zh-CN/data/features/git-events-audit-log.yml
new file mode 100644
index 0000000000..1c2fba042a
--- /dev/null
+++ b/translations/zh-CN/data/features/git-events-audit-log.yml
@@ -0,0 +1,6 @@
+# Reference: #6724
+# Documentation for Git events in the audit log
+versions:
+ ghec: '*'
+ ghes: '>=3.5'
+ ghae: 'issue-6724'
diff --git a/translations/zh-CN/data/features/github-actions-in-dependency-graph.yml b/translations/zh-CN/data/features/github-actions-in-dependency-graph.yml
new file mode 100644
index 0000000000..c352888955
--- /dev/null
+++ b/translations/zh-CN/data/features/github-actions-in-dependency-graph.yml
@@ -0,0 +1,7 @@
+# Reference: #5813.
+# Documentation for GitHub Actions workflow dependencies appearing in the dependency graph
+versions:
+ fpt: '*'
+ ghae: 'issue-5813'
+ ghes: '>3.4'
+ ghec: '*'
diff --git a/translations/zh-CN/data/features/github-runner-dashboard.yml b/translations/zh-CN/data/features/github-runner-dashboard.yml
new file mode 100644
index 0000000000..14ba8f5e2d
--- /dev/null
+++ b/translations/zh-CN/data/features/github-runner-dashboard.yml
@@ -0,0 +1,3 @@
+versions:
+ fpt: '*'
+ ghec: '*'
diff --git a/translations/zh-CN/data/features/githubdev-editor.yml b/translations/zh-CN/data/features/githubdev-editor.yml
new file mode 100644
index 0000000000..78af2427c1
--- /dev/null
+++ b/translations/zh-CN/data/features/githubdev-editor.yml
@@ -0,0 +1,5 @@
+# Reference: #4918, #7438.
+# Documentation for the github.dev web-based editor
+versions:
+ fpt: '*'
+ ghec: '*'
diff --git a/translations/zh-CN/data/features/innersource-fork-policies.yml b/translations/zh-CN/data/features/innersource-fork-policies.yml
new file mode 100644
index 0000000000..378ad794ac
--- /dev/null
+++ b/translations/zh-CN/data/features/innersource-fork-policies.yml
@@ -0,0 +1,7 @@
+# Reference: #6035 #6036 #6037
+# Documentation for enterprise policies that define where forks can be created.
+
+versions:
+ ghec: '*'
+ ghes: '>3.6'
+ ghae: '问题-6035'
diff --git a/translations/zh-CN/data/features/integration-branch-protection-exceptions.yml b/translations/zh-CN/data/features/integration-branch-protection-exceptions.yml
new file mode 100644
index 0000000000..9dd596d47c
--- /dev/null
+++ b/translations/zh-CN/data/features/integration-branch-protection-exceptions.yml
@@ -0,0 +1,7 @@
+# Reference: #6665
+# GitHub Apps are supported as actors in all types of exceptions to branch protections
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>= 3.6'
+ ghae: '问题-6665'
diff --git a/translations/zh-CN/data/features/ip-exception-list.yml b/translations/zh-CN/data/features/ip-exception-list.yml
new file mode 100644
index 0000000000..25902ba928
--- /dev/null
+++ b/translations/zh-CN/data/features/ip-exception-list.yml
@@ -0,0 +1,2 @@
+versions:
+ ghes: '>=3.5'
diff --git a/translations/zh-CN/data/features/math-fenced-blocks.yml b/translations/zh-CN/data/features/math-fenced-blocks.yml
new file mode 100644
index 0000000000..56e2025e64
--- /dev/null
+++ b/translations/zh-CN/data/features/math-fenced-blocks.yml
@@ -0,0 +1,7 @@
+# Reference: #7471.
+# Documentation for fenced math blocks in markdown.
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.7'
+ ghae: 'issue-7471'
diff --git a/translations/zh-CN/data/features/oidc-for-emu.yml b/translations/zh-CN/data/features/oidc-for-emu.yml
new file mode 100644
index 0000000000..3d999160e8
--- /dev/null
+++ b/translations/zh-CN/data/features/oidc-for-emu.yml
@@ -0,0 +1,5 @@
+# Issues 6495 and 6494
+# OIDC/CAP for Enterprise Managed Users
+versions:
+ ghec: '*'
+ ghae: 'issue-6495'
diff --git a/translations/zh-CN/data/features/only-notify-requested-members.yml b/translations/zh-CN/data/features/only-notify-requested-members.yml
new file mode 100644
index 0000000000..8a9af01b18
--- /dev/null
+++ b/translations/zh-CN/data/features/only-notify-requested-members.yml
@@ -0,0 +1,7 @@
+# Issue #5108
+# Documentation for the "Only notify requested team members" option in the code review settings
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.4'
+ ghae: 'issue-5108'
diff --git a/translations/zh-CN/data/features/placeholder.yml b/translations/zh-CN/data/features/placeholder.yml
new file mode 100644
index 0000000000..17ea1d6574
--- /dev/null
+++ b/translations/zh-CN/data/features/placeholder.yml
@@ -0,0 +1,5 @@
+# Do not delete! Used by tests.
+versions:
+ ghes: '>3.0'
+ ghec: '*'
+ ghae: '*'
diff --git a/translations/zh-CN/data/features/prevent-org-admin-add-outside-collaborator.yml b/translations/zh-CN/data/features/prevent-org-admin-add-outside-collaborator.yml
new file mode 100644
index 0000000000..b26850a422
--- /dev/null
+++ b/translations/zh-CN/data/features/prevent-org-admin-add-outside-collaborator.yml
@@ -0,0 +1,4 @@
+versions:
+ ghec: '*'
+ ghes: '>=3.6'
+ ghae: 'issue-6336'
diff --git a/translations/zh-CN/data/features/previous-release-tag.yml b/translations/zh-CN/data/features/previous-release-tag.yml
new file mode 100644
index 0000000000..45d24c0a1c
--- /dev/null
+++ b/translations/zh-CN/data/features/previous-release-tag.yml
@@ -0,0 +1,7 @@
+# Issue 7052
+# Adding a previous (release) tag for users when creating a new release and autogenerating release notes
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.6'
+ ghae: 'issue-7052'
diff --git a/translations/zh-CN/data/features/pull-request-approval-limit.yml b/translations/zh-CN/data/features/pull-request-approval-limit.yml
new file mode 100644
index 0000000000..54b8e0fe9a
--- /dev/null
+++ b/translations/zh-CN/data/features/pull-request-approval-limit.yml
@@ -0,0 +1,5 @@
+# Reference: #5244
+# Documentation for moderation setting to limit who can approve or request changes on a PR.
+versions:
+ fpt: '*'
+ ghec: '*'
diff --git a/translations/zh-CN/data/features/reopen-dependabot-alerts.yml b/translations/zh-CN/data/features/reopen-dependabot-alerts.yml
new file mode 100644
index 0000000000..eb46bfb94c
--- /dev/null
+++ b/translations/zh-CN/data/features/reopen-dependabot-alerts.yml
@@ -0,0 +1,6 @@
+# Reference 5861
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>3.4'
+ ghae: '问题-5861'
diff --git a/translations/zh-CN/data/features/restrict-groups-to-workflows.yml b/translations/zh-CN/data/features/restrict-groups-to-workflows.yml
new file mode 100644
index 0000000000..0a7b9e5b25
--- /dev/null
+++ b/translations/zh-CN/data/features/restrict-groups-to-workflows.yml
@@ -0,0 +1,6 @@
+# Issue 6137
+# Restrict self-hosted runner groups to specific workflows
+versions:
+ ghec: '*'
+ ghes: '>=3.5'
+ ghae: 'issue-6137'
diff --git a/translations/zh-CN/data/features/restrict-pushes-create-branch.yml b/translations/zh-CN/data/features/restrict-pushes-create-branch.yml
new file mode 100644
index 0000000000..156a3b6018
--- /dev/null
+++ b/translations/zh-CN/data/features/restrict-pushes-create-branch.yml
@@ -0,0 +1,7 @@
+# Issue 6045
+# Restrict pushes that create matching branches option, within branch restrictions
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.6'
+ ghae: 'issue-6045'
diff --git a/translations/zh-CN/data/features/secret-scanning-alert-audit-log.yml b/translations/zh-CN/data/features/secret-scanning-alert-audit-log.yml
new file mode 100644
index 0000000000..696d452194
--- /dev/null
+++ b/translations/zh-CN/data/features/secret-scanning-alert-audit-log.yml
@@ -0,0 +1,6 @@
+# Reference: #7046.
+# Documentation for new audit log events for alerts for secret scanning.
+versions:
+ ghec: '*'
+ ghes: '>=3.6'
+ ghae: '问题-7046'
diff --git a/translations/zh-CN/data/features/secret-scanning-audit-log-custom-patterns.yml b/translations/zh-CN/data/features/secret-scanning-audit-log-custom-patterns.yml
new file mode 100644
index 0000000000..0318bd397e
--- /dev/null
+++ b/translations/zh-CN/data/features/secret-scanning-audit-log-custom-patterns.yml
@@ -0,0 +1,6 @@
+# Reference: #6615.
+# Documentation for new audit log events for custom patterns for secret scanning.
+versions:
+ ghec: '*'
+ ghes: '>=3.5'
+ ghae: 'issue-6615'
diff --git a/translations/zh-CN/data/features/secret-scanning-push-protection-bypasses.yml b/translations/zh-CN/data/features/secret-scanning-push-protection-bypasses.yml
new file mode 100644
index 0000000000..9754b0c274
--- /dev/null
+++ b/translations/zh-CN/data/features/secret-scanning-push-protection-bypasses.yml
@@ -0,0 +1,6 @@
+# Reference: #7298.
+# Documentation for new events related to secret scanning push protection bypasses, e.g. audit log.
+versions:
+ ghec: '*'
+ ghes: '>=3.6'
+ ghae: '问题-7298'
diff --git a/translations/zh-CN/data/features/secret-scanning-push-protection-email.yml b/translations/zh-CN/data/features/secret-scanning-push-protection-email.yml
new file mode 100644
index 0000000000..3bf19a3b05
--- /dev/null
+++ b/translations/zh-CN/data/features/secret-scanning-push-protection-email.yml
@@ -0,0 +1,6 @@
+# Reference: #7511.
+# When developers bypass a block by push protection for a detected secret, administrators will receive an email notification of that bypass.
+versions:
+ ghec: '*'
+ ghes: '>=3.7'
+ ghae: '问题-7511'
diff --git a/translations/zh-CN/data/features/secret-scanning-push-protection-web-ui.yml b/translations/zh-CN/data/features/secret-scanning-push-protection-web-ui.yml
new file mode 100644
index 0000000000..5e61e50ab8
--- /dev/null
+++ b/translations/zh-CN/data/features/secret-scanning-push-protection-web-ui.yml
@@ -0,0 +1,6 @@
+# Reference: #6788.
+# Documentation for secret scanning as a push protection in the web ui (as opposed to command line)
+versions:
+ ghes: '>=3.6'
+ ghae: 'issue-6788'
+ ghec: '*'
diff --git a/translations/zh-CN/data/features/security-managers.yml b/translations/zh-CN/data/features/security-managers.yml
new file mode 100644
index 0000000000..689f14c090
--- /dev/null
+++ b/translations/zh-CN/data/features/security-managers.yml
@@ -0,0 +1,7 @@
+# Reference: #4999.
+# Documentation for the security manager org-level role
+versions:
+ fpt: '*'
+ ghes: '>=3.3'
+ ghae: '*'
+ ghec: '*'
diff --git a/translations/zh-CN/data/features/security-overview-views.yml b/translations/zh-CN/data/features/security-overview-views.yml
new file mode 100644
index 0000000000..60f8016c1e
--- /dev/null
+++ b/translations/zh-CN/data/features/security-overview-views.yml
@@ -0,0 +1,6 @@
+# Reference: #5503.
+# Documentation for the security overview individual views
+versions:
+ ghes: '> 3.4'
+ ghae: 'issue-5503'
+ ghec: '*'
diff --git a/translations/zh-CN/data/features/server-statistics.yml b/translations/zh-CN/data/features/server-statistics.yml
new file mode 100644
index 0000000000..229675f2b3
--- /dev/null
+++ b/translations/zh-CN/data/features/server-statistics.yml
@@ -0,0 +1,4 @@
+# Reference #6677
+# Documentation for GitHub Enterprise Server Statistics
+versions:
+ ghes: '>=3.5'
diff --git a/translations/zh-CN/data/glossaries/candidates.yml b/translations/zh-CN/data/glossaries/candidates.yml
new file mode 100644
index 0000000000..96ae44d0ba
--- /dev/null
+++ b/translations/zh-CN/data/glossaries/candidates.yml
@@ -0,0 +1,101 @@
+- term: 高级支持
+- term: 标准支持
+- term: 事件
+- term: 提交
+- term: 联系人
+- term: 严重性
+- term: 服务级别协议
+- term: 额度
+- term: 客户管理团队
+- term: 票证
+- term: 企业支持
+- term: 支持门户
+- term: 紧急
+- term: 高
+- term: 中等
+- term: 低
+- term: 外延支持包
+- term: 公司名称
+- term: 隐私模式
+- term: 身份验证方法
+- term: 运行时间
+- term: 领导力
+- term: 上报到管理
+- term: 票证未响应
+- term: 异地复制
+- term: 生产系统
+- term: 从敏感数据中删除识别信息
+- term: 业务理由
+- term: 合格信用
+- term: 联系销售
+- term: 联系培训
+- term: 出站
+- term: 字母数字
+- term: 引用
+- term: 定价计划
+- term: 单元计划
+- term: 角色 (role)
+- term: 兑换优惠券
+- term: 免费计划
+- term: 可用
+- term: 折扣
+- term: 旧评论
+- term: 贡献积分
+- term: 冲突标记
+- term: 提交正在进行的工作
+- term: 提交原型
+- term: 贡献图
+- term: 审批
+- term: 关闭
+- term: 阶段 (stage)
+- term: 邀请
+- term: 运行时间
+- term: 讨论
+- term: 服务和隐私策略
+- term: 恢复
+- term: 管理中心
+- term: 学术角色
+- term: 教育折扣
+- term: 一次性域名
+- term: 结转
+- term: quota
+- term: 私钥 (private key)
+- term: 公钥 (public key)
+- term: 热补丁
+- term: 功能发布
+- term: 合作提交
+- term: 子域隔离
+- term: 内置身份验证
+- term: 滥用率限制
+- term: 平均负载
+- term: 临时
+- term: 运行前检查
+- term: 客户代表
+- term: 统一搜索
+- term: 休眠用户
+- term: 调试
+- term: 合法保留
+- term: 非请求响应 SSO
+- term: IdP 发起的 SSO
+- term: 消息真实性
+- term: 保留所有权利
+- term: Campus Advisors
+- term: Campus Experts
+- term: 协作开发模式
+- term: 统一视图
+- term: 三点差异
+- term: 多差异
+- term: 聊天
+- term: 公共 Gist/机密 Gist
+- term: 扩展
+- term: 采购公司
+- term: 续订订单
+- term: 每用户定价
+- term: 观察程序
+- term: 必需提交签名
+- term: 检查套件
+- term: 课堂折扣
+- term: 学生开发包
+- term: 学术研究折扣
+- term: Stargazers
+- term: 撤销垃圾邮件标记
diff --git a/translations/zh-CN/data/glossaries/external.yml b/translations/zh-CN/data/glossaries/external.yml
new file mode 100644
index 0000000000..ab2e874d2f
--- /dev/null
+++ b/translations/zh-CN/data/glossaries/external.yml
@@ -0,0 +1,564 @@
+- term: '@提及'
+ description:
+ 用于通过在用户名前使用 `@` 来通知 GitHub 上的个人。GitHub 上组织中的用户也可以是可以被提及的团队中的一员。
+- term: 访问令牌
+ description: >-
+ 在命令行或 API 上使用 Git 通过 HTTPS 执行 Git 操作时,用来代替密码的令牌。也称为个人访问令牌。
+- term: API 预览
+ description: >-
+ 一种尝试新 API 以及在现有 API 方法成为正式 GitHub API 之前对其进行更改的方式。
+- term: 工具
+ description: >-
+ 一种结合恰当操作系统 (JeOS) 在行业标准硬件(通常是服务器)上或虚拟机中最佳运行的软件应用程序。
+- term: assignee
+ description: 分配到某个问题的用户。
+- term: 验证码
+ description: >-
+ 通过浏览器使用 2FA 登录时,除了 GitHub 密码外,还需要提供代码。此代码由应用程序生成或通过短信发送到你的手机。也称为“2FA 验证码”。
+- term: 基础分支
+ description:
+ 合并拉取请求时,将更改合并到其中的分支。创建拉取请求时,如果需要,可以将基础分支从存储库的默认分支更改为另一个分支。
+- term: 基本身份验证
+ description: >-
+ 凭据以未加密文本形式发送的身份验证方法。
+- term: 个人简历
+ description: >-
+ 个人资料中用户生成的描述:[为个人资料添加简介](/articles/adding-a-bio-to-your-profile)
+- term: 计费周期
+ description: 特定计费计划的时间间隔。
+- term: 计费邮箱
+ description: >-
+ GitHub 用于发送收据、信用卡或 PayPal 费用及其他计费相关信息的组织电子邮件地址。
+- term: 计费管理员
+ description: 负责管理组织计费设置的组织成员。
+- term: 收费计划
+ description: >-
+ 用户和组织的付款计划,包括每种计划的设置功能。
+- term: 追溯
+ description: >-
+ Git 中的“追溯”功能描述文件中每一行的最后修改,通常显示修订、作者和时间信息。例如,在跟踪添加某项功能的时间或导致特定 bug 的提交时,此功能非常有用。
+- term: block
+ description: >-
+ 用于删除用户协作处理组织存储库的能力。
+- term: branch
+ description: >-
+ 分支是存储库的并行版本。它包含在存储库中,但不会影响主分支,从而允许在不影响“在线”版本的情况下自由工作。完成所需更改后,可以将分支合并回主分支以发布你的更改。
+- term: 分支限制
+ description: >-
+ 存储库管理员可以启用的一种限制,只允许特定用户或团队推送到分支或做出特定的更改。
+- term: 业务计划
+ description: >-
+ 一种组织计费计划,可以在其中协作处理无限的公共和专用存储库,允许或要求组织成员使用 SAML SSO 对 GitHub 进行身份验证,以及使用 SAML 或 SCIM 预配和取消预配访问权限。
+- term: CA 证书
+ description: >-
+ 由证书机构 (CA) 颁发的数字证书,用于确保有效连接两台计算机,例如用户的计算机和 GitHub.com,以及验证站点的所有权。
+- term: 卡
+ description: 项目板中与某个问题或拉取请求关联的可移动方框。
+- term: 检查
+ description: >-
+ 检查是 {% data variables.product.product_name %} 上的一种状态检查类型。请参阅“[状态检查](#status-checks)”。
+- term: 签出
+ description: >-
+ 可在命令行上使用 `git checkout` 创建新分支,将当前工作分支更改为其他分支,也可使用 `git checkout [分支名称] [文件路径]` 从不同的分支切换到不同版本的文件。“签出”操作使用对象数据库中的树对象或 Blob 更新全部或部分工作树,如果整个工作树指向新分支,则更新索引和 HEAD。
+- term: 挑拣
+ description: >-
+ 用于从一系列更改(通常是提交)中选择更改的子集,并将它们记录为位于不同代码库之上的一系列新更改。在 Git 中,此操作是由 `git cherry-pick` 命令执行的,用于提取另一个分支上现有提交引入的更改,并根据当前分支的提示将其记录为新提交。有关详细信息,请参阅 Git 文档中的 [git-cherry-pick](https://git-scm.com/docs/git-cherry-pick)。
+- term: 子团队
+ description: >-
+ 在嵌套团队内,继承父团队访问权限和 @提及的子团队。
+- term: 清洁
+ description: >-
+ 如果工作树与当前 HEAD 引用的版本对应,则工作树是清洁的。另请参阅“脏”。
+- term: 克隆
+ description: >-
+ 克隆是存在于计算机上(而不是网站的服务器上)的存储库副本,或者表示创建该副本的行为。进行克隆时,可以在无需联机的情况下,在首选编辑器中编辑文件并使用 Git 跟踪你的更改。克隆的存储库仍将连接到远程版本,这样你就可以将本地更改推送到远程,以便在联机时使其保持同步。
+- term: 聚类分析
+ description: >-
+ 跨多个节点运行 GitHub Enterprise 服务并在它们之间实现请求的负载平衡的功能。
+- term: 代码频率图
+ description: >-
+ 一种显示存储库历史记录中每周的内容添加和删除的存储库图。
+- term: 行为准则
+ description: 定义关于如何参与社区的标准的文档。
+- term: 代码所有者
+ description: >-
+ 被指定为部分存储库代码所有者的个人。当有人打开对代码所有者拥有的代码进行更改的拉取请求(非草稿模式)时,会自动请求代码所有者进行审查。
+- term: 协作者
+ description: >-
+ 协作者是受存储库所有者邀请参与,对存储库拥有读取和写入权限的人。
+- term: 提交 (commit)
+ description: >-
+ 提交或“修订”是对文件(或文件集)的单独更改。当提交以保存工作时,Git 将创建一个唯一的 ID(也称为“SHA”或“哈希”),它允许记录提交的特定更改以及提交者和提交时间。提交通常包含提交消息,该消息简要说明所做的更改。
+- term: 提交作者
+ description: 进行提交的用户。
+- term: 提交图
+ description: >-
+ 显示过去一年对存储库的所有提交的存储库图。
+- term: 提交 ID
+ description: 也称为 SHA。用于识别提交的 40 个字符的校验和哈希。
+- term: 提交消息
+ description: >-
+ 随附于提交的简短描述性文字,用于沟通提交引入的更改。
+- term: 比较分支
+ description: >-
+ 用于创建拉取请求的分支。将此分支与为拉取请求选择的基础分支进行比较,并识别更改。合并拉取请求时,基础分支将使用比较分支中的更改进行更新。也称为拉取请求的“头部分支”。
+- term: 持续集成
+ description: >-
+ 也称为 CI。有人将更改提交到 GitHub 上配置的存储库后,就会运行自动生成和测试的过程。CI 是软件开发中常见的最佳做法,有助于检测错误。
+- term: 参与图
+ description: >-
+ 用户个人资料中显示其参与记录(最长一年,按天显示)的部分。
+- term: 参与指南
+ description: 说明人们应如何参与项目的文档。
+- term: 参与
+ description: >-
+ GitHub 上的特定活动,将会:- 添加方块到用户的参与图:“[什么算作参与](/articles/viewing-contributions-on-your-profile/#what-counts-as-a-contribution)”- 添加活动到用户个人资料上的时间线:“[参与活动](/articles/viewing-contributions-on-your-profile/#contribution-activity)”
+- term: 参与者
+ description: >-
+ 参与者是指对存储库没有协作者权限但参与过项目,并且他们打开的拉取请求已合并到存储库的人员。
+- term: 参与者图
+ description: 显示存储库前 100 个参与者的存储库图。
+- term: 优惠券
+ description: >-
+ 一种由 GitHub 提供的代码,用户或组织可使用它支付其所有或部分订阅费用。
+- term: cron
+ description: 类似于 Unix 的计算机操作系统中的一个基于时间的作业计划程序。
+- term: cURL
+ description: 在命令行或脚本中用于传输数据。
+- term: 仪表板
+ description: >-
+ 个人仪表板是 GitHub 上的活动的主要中心。通过个人仪表板,可跟踪正在关注或处理的问题和拉取请求、导航到顶层存储库和团队页面,以及了解正在关注或参与的存储库中的最近活动。还可以发现新的存储库,这些存储库是根据正在关注的用户和已加星标的存储库而推荐的。要仅查看特定组织的活动,请访问该组织的仪表板。有关详细信息,请参阅“[关于个人仪表板](/articles/about-your-personal-dashboard)”或“[关于组织仪表板](/articles/about-your-organization-dashboard)”。
+- term: 默认分支
+ description: >-
+ 存储库中新拉取请求和代码提交的基础分支。每个存储库至少具有一个分支,Git 在初始化存储库时将会创建该分支。第一个分支通常被称为 {% ifversion ghes < 3.2 %}`master`{% else %}`main`{% endif %},通常是默认分支。
+- term: 依赖项图
+ description: >-
+ 一种显示依赖于公共存储库的包、项目和存储库的存储库图。
+- term: 依赖项关系图
+ description: >-
+ 一种显示存储库所依赖的包和项目的存储库图。
+- term: 部署密钥
+ description: >-
+ 部署密钥是存储在服务器上并授予对单个 GitHub 存储库的访问权限的 SSH 密钥。此密钥直接附加到存储库,而不是附加到个人用户帐户。
+- term: 拆离的 HEAD
+ description: >-
+ 如果正在处理拆离的 HEAD,Git 将发出警告,这意味着 Git 没有指向某个分支,并且所做的任何提交都不会出现在提交历史记录中。 例如,当签出不属于任何特定分支的最新提交的任意提交时,表示你正在处理“拆离的 HEAD”。
+- term: 诊断
+ description: GitHub Enterprise 实例设置和环境的概述。
+- term: diff
+ description: >-
+ 差异是两次提交或保存的更改之间的更改差异。差异将直观地描述自上次提交以来文件中添加的或删除的内容。
+- term: directory
+ description: >-
+ 包含一个或多个文件/文件夹的文件夹。可以创建目录来组织存储库的内容。
+- term: 脏
+ description: >-
+ 工作树如果包含尚未提交到当前分支的更改,将被视为“脏”。
+- term: 电子邮件通知
+ description: 已发送到用户的电子邮件地址的通知。
+- term: 企业帐户
+ description: "企业帐户允许集中管理多个组织的策略和计费。{% data reusables.gated-features.enterprise-accounts %}"
+- term: 资源管理器
+ description: >-
+ GraphiQL 的实例,它是“图形交互式浏览器内 GraphQL IDE”。
+- term: 转发
+ description: >-
+ 转发是一种特殊类型的合并,其中有一个修订,并且你将“合并”另一个分支的更改,这些更改恰好是你所拥有的内容的后代。在这种情况下,不会进行新的合并提交,而只是更新到此修订。这将在远程存储库的远程跟踪分支上经常发生。
+- term: 功能分支
+ description: >-
+ 用于试验新功能或修复非生产环境中的问题的分支。也称为主题分支。
+- term: 围栏代码块
+ description: "可以在代码块前后使用三个反引号 \\`\\`\\` 通过 GitHub 风格的 Markdown 创建的缩进代码块。请参阅此 [示例](/articles/creating-and-highlighting-code-blocks#fenced-code-blocks)。"
+- term: “etch
+ description: >-
+ 当使用 `git fetch` 时,将更改从远程存储库添加到本地工作分支,而无需提交它们。与 `git pull` 不同,提取允许在将更改提交到本地分支之前查看该更改。
+- term: 跟进(用户)
+ description: 用于获取关于另一个用户的贡献和活动的通知。
+- term: 强制推送
+ description: >-
+ 使用本地更改覆盖远程存储库而不考虑冲突的 Git 推送。
+- term: 分支
+ description: >-
+ 分支是位于帐户中的其他用户存储库的个人副本。通过分支,可随意更改项目,而不会影响原始上游存储库。还可以在上游存储库中打开拉取请求,并使分支与最新更改保持同步,因为这两个存储库仍处于连接状态。
+- term: 免费计划
+ description: >-
+ 免费的用户帐户计费计划。用户可以与无限的协作者协作处理无限的公共存储库。
+- term: gist
+ description: >-
+ gist 是一个可共享的文件,可在 GitHub 上对其进行编辑、克隆和创建分支。可以将 gist 设为{% ifversion ghae %}internal{% else %}公开{% endif %}或机密,但任何{% ifversion ghae %}any enterprise member{% else %}拥有该 URL 的人{% endif %}都可以使用机密。
+- term: Git
+ description: >-
+ Git 是一个开源程序,用于跟踪文本文件中的更改。它由 Linux 操作系统的作者编写,是 GitHub、社交和用户界面赖以构建的核心技术。
+- term: GitHub Apps
+ description: >-
+ GitHub Apps 为整个组织提供服务,并在执行其功能时使用自己的标识。它们可以直接安装在组织和用户帐户上,并获得对特定存储库的访问权限。它们随附精细的权限和内置的 Webhook。
+- term: GitHub 风格的 Markdown
+ description: "GitHub 特定的 Markdown,用于在 GitHub 上格式化 prose 和代码。请参阅 [GitHub 风格的 Markdown 规范](https://github.github.com/gfm/) 或 [在 GitHub 上编写和设置格式入门](/articles/getting-started-with-writing-and-formatting-on-github)。"
+- term: GitHub 导入工具
+ description: >-
+ 一种可让用户快速将源代码存储库(包括提交和修订历史记录)导入 GitHub 的工具。
+- term: GitHub Jobs
+ description: >-
+ 一个 GitHub 网站,雇主可在其中发布 GitHub 用户可能感兴趣的职位。
+- term: GitHub Marketplace
+ description: >-
+ GitHub 用户和组织用于购买和安装可扩展及补充其工作流的应用程序的子站点。
+- term: GitHub Pages
+ description: >-
+ 也称为 Pages。设计为直接托管 GitHub 存储库中的个人、组织或项目页面的静态站点托管服务。
+- term: GitHub Wiki
+ description: 用于在 GitHub 存储库上托管 Wiki 样式文档的部分。
+- term: gitfile
+ description: >-
+ 一个纯文本 `.git` 文件,它始终位于工作树的根目录中,并指向包含整个 Git 存储库及其元数据的 Git 目录。可在命令行上使用作为真正存储库的 `git rev-parse --git-dir` 查看存储库的此文件。
+- term: GraphQL
+ description: >-
+ 一种针对 API 的查询语言,以及用于使用现有数据完成这些查询的运行时。
+- term: HEAD
+ description: 定义的分支提交,通常是分支顶端的最新提交。
+- term: 头部分支
+ description: 合并拉取请求时,将其更改合并到基础分支中的分支。也称为“比较分支”。
+- term: 'Hello, World'
+ description: >-
+ “Hello, World”程序是向用户输出或显示“Hello, World!”的计算机程序。由于此程序通常非常简单,因此常被用作编程语言的基本语法的示例,并作为学习新编程语言的第一个常见练习。
+- term: 高可用性
+ description: >-
+ 可持续运行较长时间的系统或组件。
+- term: 挂钩
+ description: >-
+ 在几个 Git 命令的正常执行过程中,将调用允许开发人员添加功能或进行检查的可选脚本。通常,挂钩允许预先验证且可能中止的命令,并允许在操作完成后发布后通知。
+- term: hostname
+ description: >-
+ 人类可读的昵称,与连接到网络的设备地址对应。
+- term: 默认肖像
+ description: >-
+ 当用户注册 GitHub 时,用作默认个人资料照片的自动生成图像。用户可以用自己的个人资料照片替换其标识图标。
+- term: 标识提供者
+ description: >-
+ 也称为 IdP。受信任的提供者,可让你使用 SAML 单一登录 (SSO) 访问其他网站。
+- term: instance
+ description: >-
+ 包含在组织配置和控制的虚拟机中的组织 GitHub 私人副本。
+- term: 集成
+ description: >-
+ 与 GitHub 集成的第三方应用程序。这些应用程序可以是 GitHub Apps、OAuth Apps 或 Webhook。
+- term: 问题
+ description: >-
+ 问题是与存储库相关的建议改进、任务或问题。问题可由任何人创建(对于公共存储库),并由存储库协作者进行管理。每个问题都包含自己的讨论线程。还可以使用标签对问题进行分类,并将其分配给某人。
+- term: Jekyll
+ description: 针对个人、项目或组织站点的静态站点生成器。
+- term: Jekyll 主题选择器
+ description: >-
+ 一种无需编辑或复制 CSS 文件即可为 Jekyll 站点选择视觉对象主题的自动化方式。
+- term: 密钥指纹
+ description: 用于标识较长公钥的短字节序列。
+- term: 密钥链
+ description: macOS 中的密码管理系统。
+- term: 关键字 (keyword)
+ description: 用在拉取请求中时可关闭问题的特定词。
+- term: label
+ description: >-
+ 问题或拉取请求上的标记。存储库随附一系列默认标签,但用户也可创建自定义标签。
+- term: LFS
+ description: >-
+ Git Large File Storage。一种开源 Git 扩展,用于对大文件进行版本控制。
+- term: license
+ description: >-
+ 一种可随附于项目的文档,告知人们能够对源代码执行哪些操作,不能执行哪些操作。
+- term: Linguist
+ description: >-
+ GitHub 上使用的一个库,用于检测 Blob l语言,忽略二进制或 vendor 文件,抑制差异中生成的文件,以及生成语言细分图。
+- term: 行注释
+ description: 拉取请求内特定代码行上的评论。
+- term: 行结束符
+ description: >-
+ 用符号表示文本文件中一行结束的不可见字符。
+- term: 已锁定个人帐户
+ description: >-
+ 用户无法访问的个人帐户。当用户将其付费帐户降级到免费帐户或者其付费计划过期时,帐户将被锁定。
+- term: 管理控制台
+ description: >-
+ GitHub Enterprise 界面中包含管理功能的部分。
+- term: Markdown
+ description: >-
+ Markdown 是一种非常简单的语义文件格式,与 .doc、.rtf 及 .txt 区别不大。Markdown 可帮助没有网络发布功底的人编写 prose(包括链接、列表、项目符号等)并将其显示为网站。GitHub 支持 Markdown 并使用一种特殊形式的 Markdown,称为 GitHub 风格的 Markdown。请参阅 [GitHub 风格的 Markdown 规范](https://github.github.com/gfm/) 或 [在 GitHub 上编写和设置格式入门](/articles/getting-started-with-writing-and-formatting-on-github)。
+- term: 标记
+ description: 一种用于注释和格式化文档的系统。
+- term: main
+ description: >-
+ {% ifversion fpt or ghes > 3.1 or ghae %}默认开发分支。每当创建 Git 存储库时,都会创建一个名为 `main` 的分支,并使其成为活动分支。在大多数情况下,这包含本地开发,不过这纯粹是按照惯例的,也不是必需的。{% else %}通常选择名称作为存储库默认分支的 `master` 的替代品。{% endif %}
+- term: 主
+ description: >-
+ 许多 Git 存储库中的默认分支。默认情况下,每当在命令行上创建新的 Git 存储库时,都会创建一个名为 `master` 的分支。许多工具现在为默认分支使用替代名称。{% ifversion fpt or ghes > 3.1 or ghae %}例如,当在 GitHub 上创建新存储库时,默认分支称为 `main`。{% endif %}
+- term: 成员图
+ description: 显示存储库所有分支的存储库图。
+- term: 提及
+ description: >-
+ 通过在用户名前加上 @ 符号发送给用户的通知。GitHub 上组织中的用户也可以是可以被提及的团队中的一员。
+- term: merge
+ description: >-
+ 合并从一个分支(在同一个存储库中或来自分支)中获取更改并将其应用到另一个分支。这通常作为“拉取请求”(可被视为合并请求)或通过命令行发生。如果没有冲突的更改,可以通过 GitHub.com Web 界面的拉取请求完成合并,也可以始终通过命令行完成合并。
+- term: 合并冲突
+ description: >-
+ 合并分支之间发生的差异。当人们对相同文件的相同行进行不同的更改时,或者一个人编辑文件而另一个人删除同一文件时,就会发生合并冲突。必须先解决合并冲突,然后才能合并分支。
+- term: 里程碑
+ description: >-
+ 一种跟踪存储库中问题或拉取请求组进度的方式。
+- term: 镜像
+ description: 存储库的新副本。
+- term: 嵌套团队
+ description: >-
+ 父团队的子团队。可以拥有多个子(或嵌套)团队。
+- term: 网络图
+ description: >-
+ 显示整个存储库网络的分支历史记录的存储库图,其中包括根存储库的分支以及包含网络独有提交的分叉的分支。
+- term: 消息馈送
+ description: >-
+ 监视的存储库或人员的活动视图。组织的消息馈送显示该组织拥有的存储库上的活动。
+- term: 非快进
+ description: >-
+ 当存储库的本地副本未与上游存储库同步时,需要在推送本地更改之前获取上游更改。
+- term: 通知
+ description: >-
+ 通过 Web 或电子邮件(具体取决于你的设置)提供的更新,它提供有关你感兴趣的活动的信息。
+- term: OAuth App
+ description: >-
+ 使用访问令牌而非密码来访问用户信息的第三方应用程序。
+- term: OAuth 令牌
+ description: OAuth Apps 中用于访问用户信息的访问令牌。
+- term: 外部协作者
+ description: >-
+ 已被授予对组织的一个或多个存储库的访问权限,但对该组织没有其他访问权限且不属于组织成员的用户。
+- term: 开源
+ description: >-
+ 开源软件是任何人都可以自由使用、修改和共享(以修改和未修改的形式)的软件。今天,“开源”的概念往往超越了软件,它代表一种协作理念:任何人都可以在线获取工作材料,然后创建分支、修改和讨论它们并为项目做出贡献。
+- term: organization
+ description: >-
+ 组织是由两个或多个用户组成的组,它们通常反映了真实世界的组织。它们由用户管理,可以同时包含存储库和团队。
+- term: 组织所有者
+ description: 对自己拥有的组织具有完全管理访问权限的用户。
+- term: origin
+ description: >-
+ 默认上游存储库。大多数项目至少有一个他们跟踪的上游项目。默认情况下,原点用于此目的。
+- term: owner
+ description: >-
+ 对组织具有完全管理权限的组织成员。
+- term: 父团队
+ description: >-
+ 在嵌套团队内,子团队继承访问权限和 @提及的主要团队。
+- term: 参与通知
+ description: >-
+ 关于用户名或团队被提及或之前在评论中回复的问题或拉取请求中对话更新的通知。
+- term: 永久链接
+ description: 指向特定网页的永久静态超链接。
+- term: 个人帐户
+ description: >-
+ 属于个别用户的 GitHub 帐户。
+- term: 主电子邮件地址
+ description: >-
+ GitHub 用于发送收据、信用卡或 PayPal 费用及其他计费相关信息的主要电子邮件地址。
+- term: 固定存储库
+ description: >-
+ 用户已决定在其个人资料中突出显示的存储库。
+- term: 预接收挂钩
+ description: >-
+ 在可用于实现质量检查的 GitHub Enterprise 服务器上运行的脚本。
+- term: 专用贡献
+ description: 对专用(与公共相对)存储库的贡献。
+- term: 专用存储库
+ description: >-
+ 专用存储库仅对存储库所有者和所有者指定的协作者可见。
+- term: 生产分支
+ description: >-
+ 包含可使用或部署到应用程序或站点的最终更改的分支。
+- term: 个人资料
+ description: 显示 GitHub 上用户活动相关信息的页面。
+- term: 个人资料照片
+ description: >-
+ 用户上传到 GitHub 的自定义图像,用于标识其活动,通常与其用户名结合使用。这也称为“应用”。
+- term: 项目板
+ description: >-
+ GitHub 内由问题、拉取请求和注释组成的板,按列分类为卡。
+- term: 受保护分支
+ description: >-
+ 受保护分支在存储库管理员选择保护的分支上阻止 Git 的多个功能。不能在没有通过所需检查或批准所需审查的情况下强制推送、删除、合并更改这些分支,也不能将文件从 GitHub Web 界面上传到它。受保护分支通常为默认分支。
+- term: 公共贡献
+ description: 对公共(与专用相对)存储库的贡献。
+- term: 公共存储库
+ description: >-
+ 公共存储库可供任何人查看,包括不是 GitHub 用户的人员。
+- term: pull
+ description: >-
+ 拉取指的是提取更改并合并这些更改的行为。例如,如果有人编辑了你们正在合作处理的远程文件,则需要将这些更改拉取到本地副本,以使其保持最新状态。另请参阅“提取”。
+- term: 拉取权限
+ description: 读取权限的同义词。
+- term: 拉取请求
+ description: >-
+ 拉取请求是由用户提交的对存储库的建议更改,由存储库协作者接受或拒绝。与问题一样,每个拉取请求都有自己的讨论论坛。
+- term: 拉取请求审查
+ description: >-
+ 拉取请求中协作者批准更改或在拉取请求合并之前申请进一步更改的评论。
+- term: 脉冲图
+ description: 提供存储库活动概述的存储库图。
+- term: 打卡图
+ description: >-
+ 根据周日期和时间显示存储库更新频率的存储库图
+- term: push
+ description: >-
+ 推送意味着将提交的更改发送到 GitHub.com 上的远程存储库。例如,如果在本地更改了某些内容,则可以推送这些更改,以便其他人可以访问它们。
+- term: 推送分支
+ description: >-
+ 如果成功将分支推送到远程存储库,则可以使用本地分支中的更改更新远程分支。当“推送分支”时,Git 将在远程存储库中搜索分支的 HEAD 引用,并验证它是否是该分支的本地 HEAD 引用的直接上级。验证后,Git 将所有对象(可从本地 HEAD 引用访问,但在远程存储库中丢失)拉取到远程对象数据库,然后更新远程 HEAD 引用。如果远程 HEAD 不是本地 HEAD 的上级,则推送将失败。
+- term: 推送访问权限
+ description: 写入访问权限的同义词。
+- term: 读取访问权限
+ description: >-
+ 存储库上的权限级别,可让用户从存储库中拉取或读取信息。所有公共存储库都为所有 GitHub 用户提供读取访问权限。拉取访问权限的同义词。
+- term: 自述文件
+ description: 一个包含有关存储库中文件的信息的文本文件,该文件通常是存储库访问者将看到的第一个文件。自述文件以及存储库许可证、参与指南和行为准则可帮助你共享期望并管理对项目的贡献。
+- term: 变基
+ description: >-
+ 要将一系列变更从一个分支重新应用到不同的基础分支,并将该分支的 HEAD 重置为结果。
+- term: 恢复代码
+ description: 帮助你重新获取对 GitHub 帐户的访问权限的代码。
+- term: 发布
+ description: GitHub 封装软件并向用户提供软件的方式。
+- term: remote
+ description: >-
+ 这是托管在服务器上的存储库或分支的版本,很可能是 GitHub.com。远程版本可以连接到本地克隆,以便可以同步更改。
+- term: 远程存储库
+ description: >-
+ 用于跟踪同一个项目但储存在其他位置的存储库。
+- term: 远程 URL
+ description: >-
+ 存储代码的位置:GitHub、其他用户分支甚至不同服务器上的存储库。
+- term: 副本 (replica)
+ description: >-
+ 为主要 GitHub Enterprise 实例提供冗余的 GitHub Enterprise 实例。
+- term: repository
+ description: >-
+ 存储库是 GitHub 最基本的元素。它们很容易被想象为项目的文件夹。存储库包含所有项目文件(包括文档),并存储每个文件的修订历史记录。存储库可以有多个协作者,并且可以是公共的,也可以是专用的。
+- term: 存储库缓存
+ description: >-
+ GitHub Enterprise 服务器实例的存储库的只读镜像,位于分布式团队和 CI 客户端附近。
+- term: 存储库图
+ description: 存储库数据的视觉对象表现形式。
+- term: 存储库维护者
+ description: >-
+ 管理存储库的人。此人可以帮助分类问题,并使用标签和其他功能来管理存储库的工作。此人还可能负责更新自述文件和参与文件。
+- term: 必需拉取请求审查
+ description: >-
+ 必需审查确保拉取请求至少获得一次审批审查之后,协作者才可更改受保护分支。
+- term: 必需状态检查
+ description: >-
+ 拉取请求检查,确保在协作者可以对受保护分支进行更改前,所有必需的 CI 测试都已通过。
+- term: resolve
+ description: 手动修复自动合并失败的操作。
+- term: 还原
+ description: >-
+ 当在 GitHub 上还原拉取请求时,会自动打开一个新的拉取请求,其中包含一个从原始合并拉取请求还原合并提交的提交。在 Git 中,可以使用 `git revert` 还原提交。
+- term: 审查
+ description: >-
+ 审查允许对存储库具有访问权限的其他人评论拉取请求中建议的更改、批准更改或在合并拉取请求之前请求进一步更改。
+- term: 根目录
+ description: 层次结构中的第一个目录。
+- term: 根文件系统
+ description: 基本操作系统和 GitHub Enterprise 应用程序环境。
+- term: 已保存回复
+ description: >-
+ 可保存并添加到 GitHub 用户帐户的评论,这样你就可以在 GitHub 中的问题和拉取请求中使用它。
+- term: scope
+ description: >-
+ OAuth App 可以请求访问公共和非公共数据的命名权限组。
+- term: 席位
+ description: >-
+ GitHub Enterprise 组织内的用户。这可以被称为“席位数”。
+- term: 机密团队
+ description: >-
+ 只有团队其他人以及具有所有者权限的人员可见的团队。
+- term: 安全日志
+ description: >-
+ 列出最近 50 次操作或过去 90 天内执行的操作的日志。
+- term: 服务器到服务器请求
+ description: >-
+ 由充当机器人的应用程序使用的 API 请求,独立于任何特定用户。例如,按计划运行并关闭长时间没有活动的问题的应用程序。使用此类身份验证的应用程序不使用许可的 GitHub 帐户,因此,在具有允许使用一定数量许可证的计费计划的企业中,服务器到服务器机器人不会使用其中一个 GitHub 许可证。服务器到服务器请求中使用的令牌是通过 [GitHub API](/rest/reference/apps#create-an-installation-access-token-for-an-app) 以编程方式获取的。另请参阅“[用户到服务器请求](#user-to-server-request)”。
+- term: 服务挂钩
+ description: >-
+ 也称为“Webhook”。 Webhook 是一种通知方式,只要存储库或组织上发生特定操作,就会发送通知到外部 Web 服务器。
+- term: 单一登录
+ description: >-
+ 也称为 SSO。允许用户登录到一个位置,然后标识提供者 (IdP) 授予用户对其他服务提供程序的访问权限。
+- term: 快照
+ description: 虚拟机在某一时间点的检查点。
+- term: 压缩
+ description: 用于将多个提交合并为一个提交。也称为 Git 命令。
+- term: SSH 密钥
+ description: >-
+ SSH 密钥是一种使用加密消息向在线服务器标识自己的方法。就好像计算机对其他服务具有自己的唯一密码一样。{% data variables.product.product_name %}使用 SSH 密钥将信息安全地传输到计算机。
+- term: 暂存实例
+ description: >-
+ 在将修改应用到实际 GitHub Enterprise 实例之前测试修改的一种方法。
+- term: status
+ description: >-
+ 拉取请求中的视觉对象表现形式,表示提交符合为参与的存储库设置的条件。
+- term: 状态检查
+ description: >-
+ 状态检查是为在存储库中进行的每个提交而运行的外部进程,例如持续集成生成。有关详细信息,请参阅“[关于状态检查](/articles/about-status-checks)”。
+- term: 星级
+ description: >-
+ 对存储库的书签或表示赞赏。星级是一种手动对项目的受欢迎程度进行排名的方法。
+- term: 订阅
+ description: 用户或组织的 GitHub 计划。
+- term: 团队
+ description: >-
+ 通过级联访问权限和提及来反映公司或组结构的组织成员组。
+- term: 团队维护者
+ description: >-
+ 具有组织所有者一部分团队管理权限的组织成员。
+- term: 团队计划
+ description: >-
+ 提供无限公共和专用存储库的组织计费计划。
+- term: 时间线
+ description: 拉取请求或用户个人资料中的一系列事件。
+- term: 主题分支
+ description: >-
+ 一个常规的 Git 分支,开发人员使用它来识别开发的概念线。由于分支非常简单且成本低廉,因此通常希望有几个小分支,每个分支都包含定义非常明确的概念或小的增量但相关的更改。也可以称为特征分支。
+- term: topics
+ description: >-
+ 一种方法,用于探索特定主题领域中的存储库,查找要参与的项目,以及在 GitHub 上发现特定问题的新解决方案。
+- term: 流量图
+ description: >-
+ 显示存储库流量的存储库图,包括完整克隆(非提取)、过去 14 天的访问者、推荐站点及热门内容。
+- term: 传输
+ description: >-
+ 转让存储库是指更改存储库的所有者。新所有者能够立即管理存储库的内容、问题、拉取请求、发行版和设置。
+- term: 上游
+ description: >-
+ 在谈论分支或分叉时,原始存储库上的主分支通常被称为“上游”,因为它是获取其他更改的主要位置。正在处理的分支/分叉则被称为“下游”。也称为原点。
+- term: 上游分支
+ description: >-
+ 合并到相关分支(或相关分支重新基于的分支)中的默认分支。它是通过 `branch..remote` 和 `branch..merge` 配置的。如果 A 的上游分支是原点/B,有时表示为“A 是跟踪原点/B”。
+- term: user
+ description: >-
+ 用户是拥有个人 GitHub 帐户的人员。每个用户都有自己的个人资料,并且可以拥有多个公共或专用存储库。他们可以创建或受邀加入组织,也可以在其他用户的存储库上进行协作。
+- term: username
+ description: GitHub 上的用户句柄。
+- term: 用户到服务器请求
+ description: >-
+ 由代表特定用户执行任务的应用程序所使用的 API 请求。如果使用用户到服务器身份验证执行任务,则在 GitHub 上显示为由用户通过应用程序完成的任务。例如,可以选择在第三方应用程序中创建问题,该应用程序将代表用户在 GitHub 上执行此操作。应用程序可使用用户到服务器请求执行的任务范围受到应用和用户的权限和访问权限的限制。用户到服务器请求中所使用的令牌是通过 OAuth 获取的。有关详细信息,请参阅“[识别和授权 GitHub Apps 的用户](/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps)”。 另请参阅“[服务器到服务器请求](#server-to-server-request)”。
+- term: 可见团队
+ description: 可被每个组织成员查看和 @提及的团队。
+- term: 监视
+ description: >-
+ 可以监视存储库或问题,以在对问题或拉取请求进行更新时接收通知。
+- term: 查看通知
+ description: 关于用户订阅的存储库中活动的通知。
+- term: Web 通知
+ description: >-
+ 显示在 GitHub 的 Web 界面中的通知:https://github.com/notifications
+- term: webhooks
+ description: >-
+ Webhook 允许构建或设置订阅 GitHub.com 上某些事件的 GitHub Apps。Webhook 是一种通知方式,只要存储库或组织上发生特定操作,就会发送通知到外部 Web 服务器。也被称为服务挂钩。
+- term: 写入访问权限
+ description: >-
+ 存储库上的权限级别,可让用户推送或写入对存储库的更改。
diff --git a/translations/zh-CN/data/learning-tracks/actions.yml b/translations/zh-CN/data/learning-tracks/actions.yml
new file mode 100644
index 0000000000..a22ad998cd
--- /dev/null
+++ b/translations/zh-CN/data/learning-tracks/actions.yml
@@ -0,0 +1,91 @@
+getting_started:
+ title: '{% data variables.product.prodname_actions %} 入门'
+ description: '通过创建第一个工作流来发现 {% data variables.product.prodname_actions %} 的可能性。'
+ guides:
+ - /actions/learn-github-actions/introduction-to-github-actions
+ - /actions/learn-github-actions/finding-and-customizing-actions
+ - /actions/learn-github-actions/essential-features-of-github-actions
+ - /actions/learn-github-actions/managing-complex-workflows
+ - /actions/learn-github-actions/reusing-workflows
+ - /actions/security-guides/security-hardening-for-github-actions
+ featured_track: true
+continuous_integration:
+ title: '生成和测试代码'
+ description: '可以在存储库中创建自定义持续集成 (CI) 工作流。'
+ guides:
+ - /actions/automating-builds-and-tests/about-continuous-integration
+ - /actions/automating-builds-and-tests/building-and-testing-powershell
+ - /actions/automating-builds-and-tests/building-and-testing-ruby
+ - /actions/automating-builds-and-tests/building-and-testing-java-with-maven
+ - /actions/automating-builds-and-tests/building-and-testing-java-with-gradle
+ - /actions/automating-builds-and-tests/building-and-testing-java-with-ant
+ - /actions/automating-builds-and-tests/building-and-testing-swift
+continuous_deployment:
+ title: '自动部署'
+ description: '了解如何使用 {% data variables.product.prodname_actions %} 中的自定义持续部署 (CD) 工作流自动发布项目。'
+ guides:
+ - /actions/publishing-packages/about-packaging-with-github-actions
+ - /actions/publishing-packages/publishing-nodejs-packages
+ - /actions/publishing-packages/publishing-java-packages-with-maven
+ - /actions/publishing-packages/publishing-java-packages-with-gradle
+ - /actions/publishing-packages/publishing-docker-images
+deploy_to_the_cloud:
+ title: '部署到云端'
+ description: '了解如何使用 {% data variables.product.prodname_actions %} 生成应用程序并将其部署到各种基于云的平台。'
+ guides:
+ - /actions/deployment/deploying-to-amazon-elastic-container-service
+ - /actions/deployment/deploying-to-azure-app-service
+ - /actions/deployment/deploying-to-google-kubernetes-engine
+adopting_github_actions_for_your_enterprise_ghec:
+ title: '为企业采用 GitHub Actions'
+ description: '了解如何在企业中计划和实现 {% data variables.product.prodname_actions %} 的推出。'
+ versions:
+ ghec: '*'
+ guides:
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises
+ - /actions/learn-github-actions/understanding-github-actions
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud
+ - /actions/security-guides/security-hardening-for-github-actions
+ - /billing/managing-billing-for-github-actions/about-billing-for-github-actions
+adopting_github_actions_for_your_enterprise_ghes_and_ghae:
+ title: '为企业采用 GitHub Actions'
+ description: '了解如何在企业中计划和实现 {% data variables.product.prodname_actions %} 的推出。'
+ versions:
+ ghes: '*'
+ ghae: '*'
+ guides:
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises
+ - /actions/learn-github-actions/understanding-github-actions
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server
+ - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise
+ - /actions/security-guides/security-hardening-for-github-actions
+ - /billing/managing-billing-for-github-actions/about-billing-for-github-actions
+hosting_your_own_runners:
+ title: '托管自己的运行器'
+ description: '可以创建自托管运行器,以便在高度可自定义的环境中运行工作流。'
+ guides:
+ - /actions/hosting-your-own-runners/about-self-hosted-runners
+ - /actions/hosting-your-own-runners/adding-self-hosted-runners
+ - /actions/hosting-your-own-runners/configuring-the-self-hosted-runner-application-as-a-service
+ - /actions/hosting-your-own-runners/using-a-proxy-server-with-self-hosted-runners
+ - /actions/hosting-your-own-runners/using-labels-with-self-hosted-runners
+ - /actions/hosting-your-own-runners/using-self-hosted-runners-in-a-workflow
+ - /actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups
+ - /actions/hosting-your-own-runners/monitoring-and-troubleshooting-self-hosted-runners
+create_actions:
+ title: '创建操作'
+ description: '是否对新操作有想法?是否为项目生成了自定义内容?了解如何构建可共享操作并将其发布到 GitHub 市场。'
+ guides:
+ - /actions/creating-actions/about-custom-actions
+ - /actions/creating-actions/creating-a-docker-container-action
+ - /actions/creating-actions/creating-a-javascript-action
+ - /actions/creating-actions/creating-a-composite-action
+ - /actions/creating-actions/metadata-syntax-for-github-actions
+ - /actions/creating-actions/dockerfile-support-for-github-actions
+ - /actions/creating-actions/setting-exit-codes-for-actions
+ - /actions/creating-actions/publishing-actions-in-github-marketplace
diff --git a/translations/zh-CN/data/product-examples/code-security/code-examples.yml b/translations/zh-CN/data/product-examples/code-security/code-examples.yml
new file mode 100644
index 0000000000..e6c472f816
--- /dev/null
+++ b/translations/zh-CN/data/product-examples/code-security/code-examples.yml
@@ -0,0 +1,86 @@
+# Code scanning configurations
+- title: Microsoft 的 CodeQL 代码扫描
+ description: Microsoft 开源仓库中 CodeQL 操作的代码扫描工作流示例。
+ href: /microsoft/opensource.microsoft.com/blob/main/.github/workflows/codeql-analysis.yml
+ languages:
+ - javascript
+ tags:
+ - CodeQL
+ - 代码扫描
+ - GitHub 操作
+- title: Adversarial Robustness Toolbox (ART) CodeQL 代码扫描
+ description: 受信任的 AI 仓库中 CodeQL 操作的代码扫描工作流示例。
+ href: /Trusted-AI/adversarial-robustness-toolbox/blob/main/.github/workflows/codeql-analysis.yml
+ languages:
+ - Python
+ tags:
+ - CodeQL
+ - 代码扫描
+ - GitHub 操作
+
+# Security policies
+- title: Microsoft 安全策略模板
+ description: 示例安全策略
+ href: /microsoft/repo-templates/blob/main/shared/SECURITY.md
+ tags:
+ - 安全策略
+- title: Electron 安全策略
+ description: 示例安全策略
+ href: /electron/electron/blob/master/SECURITY.md
+ tags:
+ - 安全策略
+
+# Example of security advisory in a major product
+- title: Rails 的安全通告
+ description: Rails 针对 CVE-2020-15169 发布的安全通告。
+ href: /rails/rails/security/advisories/GHSA-cfjv-5498-mph5
+ tags:
+ - 安全通告
+
+# Sample scripts for enabling Dependabot alerts and security updates across a whole organization
+- title: 自动启用 Dependabot 警报和安全更新
+ description: 用于在整个组织中启用 Dependabot 警报和安全更新的示例脚本。
+ href: /github/enable-security-alerts-sample
+ tags:
+ - Dependabot
+ - 警报
+ - 安全更新
+ - 组织
+ - 脚本
+ versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.3'
+
+# Dependabot configuration only relevant to GitHub.com and GHES 3.3+
+# Convert "languages" to "package-ecosystems" for Dependabot configurations
+- title: Super Linter 配置
+ description: Super Linter 仓库中的 Dependabot 版本更新配置示例。
+ href: /github/super-linter/blob/master/.github/dependabot.yml
+ languages:
+ - github-actions
+ - npm
+ - bundler
+ - docker
+ - pip
+ tags:
+ - Dependabot
+ - 版本更新
+ - 配置
+ versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.3'
+
+- title: Dependabot 版本更新 PR
+ description: Super Linter 仓库中的 Dependabot 版本更新配置生成的拉取请求示例。
+ href: /github/super-linter/pull/1398
+ languages:
+ tags:
+ - Dependabot
+ - 版本更新
+ - 拉取请求
+ versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.3'
diff --git a/translations/zh-CN/data/product-examples/codespaces/code-examples.yml b/translations/zh-CN/data/product-examples/codespaces/code-examples.yml
index ee5e1c7ac8..6652c54fae 100644
--- a/translations/zh-CN/data/product-examples/codespaces/code-examples.yml
+++ b/translations/zh-CN/data/product-examples/codespaces/code-examples.yml
@@ -3,34 +3,34 @@
languages: Javascript
href: microsoft/vscode-remote-try-node
tags:
- - development containers
+ - 开发容器
- title: Python 示例项目
description: 使用自定义开发容器尝试 Python 项目
languages: Python
href: microsoft/vscode-remote-try-python
tags:
- - development containers
+ - 开发容器
- title: Java 示例项目
description: 使用自定义开发容器尝试 Java 项目
languages: Java
href: microsoft/vscode-remote-try-java
tags:
- - development containers
+ - 开发容器
- title: Go 示例项目
description: 使用自定义开发容器尝试 Go 项目
languages: Go
href: microsoft/vscode-remote-try-go
tags:
- - development containers
+ - 开发容器
- title: Rust 示例项目
description: 使用自定义开发容器尝试 Rust 项目
languages: Rust
href: microsoft/vscode-remote-try-rust
tags:
- - development containers
+ - 开发容器
- title: PHP 示例项目
description: 使用自定义开发容器尝试 PHP 项目
languages: PHP
href: microsoft/vscode-remote-try-php
tags:
- - development containers
\ No newline at end of file
+ - 开发容器
diff --git a/translations/zh-CN/data/product-examples/discussions/community-examples.yml b/translations/zh-CN/data/product-examples/discussions/community-examples.yml
new file mode 100644
index 0000000000..9b59d85535
--- /dev/null
+++ b/translations/zh-CN/data/product-examples/discussions/community-examples.yml
@@ -0,0 +1,37 @@
+# Images and descriptions are pulled directly from the repo
+
+- repo: vercel/next.js
+ description: React 框架
+
+- repo: gatsbyjs/gatsby
+ description: 使用 React 构建快速、现代的应用和网站
+
+- repo: nodejs/node
+ description: Node.js JavaScript 运行时 ✨🐢🚀✨
+
+- repo: tailwindlabs/tailwindcss
+ description: 用于快速 UI 发展的实用程序优先 CSS 框架。
+
+- repo: laravel/framework
+ description: Laravel 是一个 Web 应用程序框架,采用富有表现力、优雅的语法。
+
+- repo: prisma/prisma
+ description: "Node.js 和 TypeScript 的现代数据库访问(ORM 替代方法) | PostgreSQL, MySQL, MariaDB & SQLite"
+
+- repo: dotnet/csharplang
+ description: "C# 编程语言设计的官方存储库"
+
+- repo: home-assistant/frontend
+ description: 🍭 Home Assistant 的前端
+
+- repo: jspsych/jsPsych
+ description: 用于在 Web 浏览器中创建和运行行为试验的 JavaScript 库
+
+- repo: adonisjs/core
+ description: 🚀 高度集中于开发者人体工程学、稳定性和信心的 Node.js 框架
+
+- repo: ImageMagick/ImageMagick
+ description: 🧙♂️ ImageMagick 7
+
+- repo: react-hook-form/react-hook-form
+ description: 📋 用于表单验证的 React Hooks (Web + React Native)
diff --git a/translations/zh-CN/data/product-examples/sponsors/user-examples.yml b/translations/zh-CN/data/product-examples/sponsors/user-examples.yml
new file mode 100644
index 0000000000..850e8c9e0c
--- /dev/null
+++ b/translations/zh-CN/data/product-examples/sponsors/user-examples.yml
@@ -0,0 +1,19 @@
+# Images and descriptions are pulled directly from the repo
+
+- user: chaynHQ
+ description: Chayn 帮助遭受虐待的妇女找到掌握自己生活所需的正确信息和支持。
+
+- user: foosel
+ description: 👋我叫 Gina,是 OctoPrint 🐙 的创作者和主要开发者。
+
+- user: dayhaysoos
+ description: 怎么了?我叫 Nick,是一名工程师,对消除电子商务开发人员体验中的摩擦有着新的热情。
+
+- user: yyx990803
+ description: 我在 Vue.js 和 Vite 上全职工作,前者是一种用于构建 Web 应用程序的前端 JavaScript 框架,后者是一种新式 Web 构建工具。
+
+- user: calebporzio
+ description: 🚶♂️我于 2019 年 1 月辞去了日常工作,追求开源。此后,我构建了 Laravel Livewire、AlpineJS 和一堆其他东西。
+
+- user: kjaymiller
+ description: 大家好,我是 Jay!👋我是一名海军陆战队老兵,现已变成开发人员,自 2014 年以来一直在积极编码。我还参与了生产力空间,在那里我帮助人们自动化一些他们最喜欢的应用和工具。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/1.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/1.yml
new file mode 100644
index 0000000000..3a318e0188
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/1.yml
@@ -0,0 +1,21 @@
+date: '2020-02-27'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/19116, https://github.com/github/enterprise2/pull/19110, https://github.com/github/enterprise2/pull/19154, https://github.com/github/enterprise2/pull/19142 {% endcomment %}'
+ bugs:
+ - '从备份还原将会失败,并显示“RDB 版本号无效”错误。{% comment %} https://github.com/github/enterprise2/pull/19117, https://github.com/github/enterprise2/pull/19109 {% endcomment %}'
+ - '升级 HA 副本将停止无限期等待 MySQL 启动。{% comment %} https://github.com/github/enterprise2/pull/19168, https://github.com/github/enterprise2/pull/19101 {% endcomment %}'
+ - '具有意外“position”或“original_position”值的 PR 审核评论导致导入失败。{% comment %} https://github.com/github/github/pull/135439, https://github.com/github/github/pull/135374 {% endcomment %}'
+ - '数据库中重复的 Webhook 条目可能导致先前版本的升级失败。{% comment %} https://github.com/github/hookshot/pull/1541, https://github.com/github/hookshot/pull/1426, https://github.com/github/hookshot/pull/1540 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '推送到 Gist 时,可能会在后接收挂钩时触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
+ - '如果自定义了后台工作进程配置,则升级和设置更新将失败。{% comment %} https://github.com/github/enterprise2/issues/19119 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '从早期版本升级时,可能无法生成后台作业工作进程,从而阻止合并拉取请求等基本功能。(更新时间:2020-04-07){% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}'
+ - '推送到命令行上的存储库时,不会报告安全警报。(更新时间于 2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '依赖项关系图在具有多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新时间时间:2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/10.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/10.yml
new file mode 100644
index 0000000000..2dc1fa1665
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/10.yml
@@ -0,0 +1,21 @@
+date: '2020-06-23'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/20746, https://github.com/github/enterprise2/pull/20727 {% endcomment %}'
+ bugs:
+ - '当使用 UDP 作为传输机制时,过大的日志事件可能导致日志转发不稳定。{% comment %} https://github.com/github/enterprise2/pull/20457, https://github.com/github/enterprise2/pull/20445 {% endcomment %}'
+ - "如果 SSH 密钥属性具有已与用户帐户关联的密钥,则用户通过 SSO 进行的自动取消暂停未完成。 {% comment %} https://github.com/github/github/pull/143474, https://github.com/github/github/pull/142927 {% endcomment %}"
+ - '来自 REST API 的仓库权限哈希表示,对于可拉取访问内部仓库的业务成员,无法访问仓库。 {% comment %} https://github.com/github/github/pull/144755, https://github.com/github/github/pull/144292 {% endcomment %}'
+ - '预览 Markdown 中写入的 GitHub 应用程序描述未正确呈现。{% comment %} https://github.com/github/github/pull/145038, https://github.com/github/github/pull/133360 {% endcomment %}'
+ - '审核日志不包括分支保护更改事件。 {% comment %} https://github.com/github/github/pull/145995, https://github.com/github/github/pull/145014 {% endcomment %}'
+ - "尝试将代码审核分配给空团队成员将导致“500内部服务器错误”。 {% comment %} https://github.com/github/github/pull/146328, https://github.com/github/github/pull/139330 {% endcomment %}"
+ - '使用负载平衡算法的代码审核分配可能反复分配给同一团队成员。{% comment %} https://github.com/github/github/pull/146329, https://github.com/github/github/pull/136504 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '议题若是包含同一仓库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。 {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '推送到命令行上的仓库时,不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '依赖项关系图在多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新于 2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/11.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/11.yml
new file mode 100644
index 0000000000..9e09ac9a05
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/11.yml
@@ -0,0 +1,19 @@
+date: '2020-07-09'
+sections:
+ security_fixes:
+ - '**中:** 将 nginx 更新到 1.16.1 并解决了 CV-2019-20372。(更新于 2020-07-22){% comment %} https://github.com/github/enterprise2/pull/21251 {% endcomment %}'
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/21088, https://github.com/github/enterprise2/pull/21036 {% endcomment %}'
+ bugs:
+ - '依赖项关系图在多个 Redis 节点的群集配置中部署时不会检测依赖项。{% comment %} https://github.com/github/enterprise2/pull/21260, https://github.com/github/enterprise2/pull/21102 {% endcomment %}'
+ - '某些日志文件没有每 7 天轮换一次。 {% comment %} https://github.com/github/enterprise2/pull/21278, https://github.com/github/enterprise2/pull/21264 {% endcomment %}'
+ - '快速重新使用 web 挂钩源端口导致拒绝连接。 {% comment %} https://github.com/github/enterprise2/pull/21289 {% endcomment %}'
+ - '不正确的背景作业可能尝试在配置为被动副本的实例上运行。{% comment %} https://github.com/github/enterprise2/pull/21318, https://github.com/github/enterprise2/pull/21212, https://github.com/github/enterprise2/issues/21167 {% endcomment %}'
+ - '内部仓库未正确地包含在启用 SAML 的组织的搜索结果中。 {% comment %} https://github.com/github/github/pull/147503, https://github.com/github/github/pull/145692 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '议题若是包含同一仓库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。 {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '推送到命令行上的仓库时,不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/12.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/12.yml
new file mode 100644
index 0000000000..c370c177fb
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/12.yml
@@ -0,0 +1,17 @@
+date: '2020-07-21'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/21437, https://github.com/github/enterprise2/pull/21402, https://github.com/github/enterprise2/pull/21495, https://github.com/github/enterprise2/pull/21479 {% endcomment %}'
+ bugs:
+ - '管理控制台监视图有时无法在更大的屏幕上正确显示。 {% comment %} https://github.com/github/enterprise2/pull/21397, https://github.com/github/enterprise2/pull/21381 {% endcomment %}'
+ - '应用 SameSite Cookie 策略时,GitHub 应用程序清单创建流在某些情况下无法使用。 {% comment %} https://github.com/github/github/pull/147826, https://github.com/github/github/pull/144121 {% endcomment %}'
+ changes:
+ - '改进 HAProxy 缩放。 {% comment %} https://github.com/github/enterprise2/pull/21383 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '议题若是包含同一仓库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。 {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '推送到命令行上的仓库时,不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/13.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/13.yml
new file mode 100644
index 0000000000..cf56d4e79f
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/13.yml
@@ -0,0 +1,22 @@
+date: '2020-08-11'
+sections:
+ security_fixes:
+ - '{% octicon "alert" aria-label="The alert icon" %} **关键:**在 GitHub Pages 中发现了一个远程执行代码漏洞,攻击者可利用该漏洞在构建 GitHub Pages 站点的过程中执行命令。此问题是由于在 Pages 构建过程中使用过时且易受攻击的依赖项造成的。要利用此漏洞,攻击者需要获得在 GitHub Enterprise Server 实例上创建和构建 GitHub Pages 站点的权限。 此漏洞影响 GitHub Enterprise Server 的所有版本。为了缓解此漏洞,Kramdown 已更新以解决 CVE-2020-14001。{% comment %} https://github.com/github/pages/pull/2836, https://github.com/github/pages/pull/2827 {% endcomment %}'
+ - '**高:**在 GitHub Enterprise Server 上执行时,攻击者可以将恶意参数注入 Git 子命令。这可能使攻击者能够使用用户控制的部分内容覆盖任意文件,并可能在 GitHub Enterprise Server 实例上执行任意命令。要利用此漏洞,攻击者需要获得访问 GitHub Enterprise Server 实例中存储库的权限。但是,由于存在其他保护措施,我们无法确定积极利用此漏洞的方法。此漏洞通过 GitHub 安全 Bug 悬赏计划报告。{% comment %} https://github.com/github/github/pull/151097 {% endcomment %}'
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/21811, https://github.com/github/enterprise2/pull/21700 {% endcomment %}'
+ bugs:
+ - 'Consul 配置错误导致无法在独立实例上处理某些后台作业。{% comment %} https://github.com/github/enterprise2/pull/21464 {% endcomment %}'
+ - '服务内存分配计算可能会将不正确或无限制的内存分配给某项服务,从而导致系统性能下降。{% comment %} https://github.com/github/enterprise2/pull/21716 {% endcomment %}'
+ - '未正确检测到 oVirt KVM 系统的虚拟化平台,导致升级过程中出现问题。{% comment %} https://github.com/github/enterprise2/pull/21730, https://github.com/github/enterprise2/pull/21669 {% endcomment %}'
+ - "通过 Git 命令行使用密码进行无效身份验证的错误消息未填充 URL 链接以添加适当的令牌或 SSH 密钥。{% comment %} https://github.com/github/github/pull/149714 {% endcomment %}"
+ - 'GitHub Connect 使用的是已弃用的 GitHub.com API 终结点。{% comment %} https://github.com/github/github/pull/150828, https://github.com/github/github/pull/150545 {% endcomment %}'
+ - '在迁移到新实例的存储库上,无法按 *最近更新* 对问题进行排序。{% comment %} https://github.com/github/github/pull/150843, https://github.com/github/github/pull/149330 {% endcomment %}'
+ - '404 页面的页脚中包含 GitHub.com 联系人和状态链接。{% comment %} https://github.com/github/github/pull/151316 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/16.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/16.yml
new file mode 100644
index 0000000000..fa27d40c7b
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/16.yml
@@ -0,0 +1,13 @@
+date: '2020-09-08'
+sections:
+ bugs:
+ - '服务运行状况检查会造成会话增加,从而耗尽文件系统 Inode。{% comment %} https://github.com/github/enterprise2/pull/22480, https://github.com/github/enterprise2/pull/22475 {% endcomment %}'
+ - "使用热补丁的升级可能会失败,并显示错误:`'libdbi1' was not found` {% comment %} https://github.com/github/enterprise2/pull/22558,https://github.com/github/enterprise2/pull/22552 {% endcomment %}"
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/19.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/19.yml
new file mode 100644
index 0000000000..848ad4fa39
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/19.yml
@@ -0,0 +1,14 @@
+date: '2020-10-20'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/23095, https://github.com/github/enterprise2/pull/23081 {% endcomment %}'
+ bugs:
+ - '企业帐户“确认双因素要求策略”消息不正确。{% comment %} https://github.com/github/github/pull/158737 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/2.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/2.yml
new file mode 100644
index 0000000000..76e0513b0c
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/2.yml
@@ -0,0 +1,28 @@
+date: '2020-03-10'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/19204, https://github.com/github/enterprise2/pull/19187 {% endcomment %}'
+ bugs:
+ - '在某些情况下,转发的日志条目(主要用于 audit.log)被截断。{% comment %} https://github.com/github/enterprise2/pull/19244, https://github.com/github/enterprise2/pull/19192, https://github.com/github/enterprise2/issues/16655 {% endcomment %}'
+ - '`ghe-license-check` 命令行实用程序对某些有效的许可返回“无效的许可证文件”错误,导致配置更改失败。{% comment %} https://github.com/github/enterprise2/pull/19249, https://github.com/github/enterprise2/pull/19185, https://github.zendesk.com/agent/tickets/549903 {% endcomment %}'
+ - 'Alambic 异常日志没有被 syslog 转发。{% comment %} https://github.com/github/enterprise2/pull/19263, https://github.com/github/enterprise2/pull/19123, https://github.com/github/enterprise2/issues/18734 {% endcomment %}'
+ - '[`org_block event`](https://developer.github.com/v3/activity/events/types/#orgblockevent) 并非不可用,但在 GitHub Enterprise Server 上的 GitHub 应用中显示。{% comment %} https://github.com/github/github/pull/136227, https://github.com/github/github/pull/135640, https://github.com/github/ecosystem-apps/issues/693 {% endcomment %}'
+ - 'GraphQL 查询响应有时返回 `ProtectedBranch` 对象的不匹配节点标识符。{% comment %} https://github.com/github/github/pull/136376, https://github.com/github/github/pull/136214, https://github.com/github/github/issues/135407 {% endcomment %}'
+ - 'GitHub Connect 使用的 GitHub 应用凭据在过期后未能立即刷新。{% comment %} https://github.com/github/github/pull/136384, https://github.com/github/github/pull/136259 {% endcomment %}'
+ - '在回复拉请求评论时留下评论会间歇性地创建挂起拉请求审查。{% comment %} https://github.com/github/github/pull/136454, https://github.com/github/github/pull/133697, https://github.com/github/github/issues/127401 {% endcomment %}'
+ - '使用 ghe-migrator 或从 GitHub.com 导出时,导出非图片附件会自动失败。{% comment %} https://github.com/github/github/pull/136487, https://github.com/github/github/pull/134524, https://github.com/github/github/issues/134358 {% endcomment %}'
+ - '在遇到 UTF-8 字符时,预接收挂钩会在 Web UI 上返回 500 错误。{% comment %} https://github.com/github/github/pull/136699, https://github.com/github/github/pull/136014, https://github.com/github/github/issues/133501 {% endcomment %}'
+ changes:
+ - '` ghe-license-usage ` 命令行实用程序新增了 `--unencrypted` 选项,用于查看导出的许可使用文件。{% comment %} https://github.com/github/github/pull/136134, https://github.com/github/github/pull/136000 {% endcomment %}'
+ known_issues:
+ - '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪的文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '推送到 Gist 时,可能会在后接收挂钩时触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
+ - '如果自定义了后台工作进程配置,则升级和设置更新将失败。{% comment %} https://github.com/github/enterprise2/issues/19119 {% endcomment %}'
+ - '对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '从早期版本升级时,可能无法生成后台作业工作进程,从而阻止合并拉取请求等基本功能。(更新时间:2020-04-07){% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}'
+ - '推送到命令行上的仓库时,不会报告安全警报。(更新时间:2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '依赖项关系图在多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新时间:2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/20.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/20.yml
new file mode 100644
index 0000000000..dab45f31dd
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/20.yml
@@ -0,0 +1,16 @@
+date: '2020-11-03'
+sections:
+ security_fixes:
+ - '**中:**高 CPU 使用可能被特殊构建的 SVN 桥请求触发,导致 SVN 桥服务上的拒绝服务 (DoS)。{% comment %} https://github.com/github/slumlord/pull/1003, https://github.com/github/slumlord/pull/1000 {% endcomment %}'
+ - "**低:**不正确的令牌验证导致身份验证期间匹配令牌的熵减少。分析表明,在实践中,这里没有重大的安全风险。{% comment %} https://github.com/github/github/pull/159453, https://github.com/github/github/pull/159193 {% endcomment %}"
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/23538, https://github.com/github/enterprise2/pull/23171, https://github.com/github/enterprise2/pull/23691, https://github.com/github/enterprise2/pull/23677 {% endcomment %}'
+ bugs:
+ - '推荐用户列表中包含已暂停的用户,其中可能隐藏未暂停的用户。{% comment %} https://github.com/github/github/pull/159809, https://github.com/github/github/pull/140563, https://github.com/github/github/pull/142146 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/22.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/22.yml
new file mode 100644
index 0000000000..da27dc46d1
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/22.yml
@@ -0,0 +1,19 @@
+date: '2020-12-03'
+sections:
+ bugs:
+ - '由于启动中的争用条件导致服务重新启动,因此检测到授权服务不正常。{% comment %} https://github.com/github/authzd/pull/1279, {% endcomment %}'
+ - '在热补丁升级过程中,一种基础行为导致服务不可用。{% comment %} https://github.com/github/enterprise2/pull/24053, https://github.com/github/enterprise2/issues/23947 {% endcomment %}'
+ - '未正确应用部分日志转发 SSL 证书。{% comment %} https://github.com/github/enterprise2/pull/24112, https://github.com/github/enterprise2/pull/23981 {% endcomment %}'
+ - '从团队或组织中移除暂停用户时向他们发送电子邮件通知。{% comment %} https://github.com/github/github/pull/163107, https://github.com/github/github/pull/162742 {% endcomment %}'
+ - '组织和企业之间应用 SSH 证书的方式不一致。{% comment %} https://github.com/github/github/pull/163429, https://github.com/github/github/pull/159538, https://github.com/github/authentication/issues/115 {% endcomment %}'
+ - '当帐户因使用不正确的密码而受到速率限制时,可能被锁定长达 24 小时。{% comment %} https://github.com/github/github/pull/163456, https://github.com/github/github/pull/162938, https://github.com/github/github-ds/pull/51 {% endcomment %}'
+ - '在具有许多引用的存储库上进行拉取请求同步可能会导致工作线程队列落后。{% comment %} https://github.com/github/github/pull/163576, https://github.com/github/github/pull/163142 {% endcomment %}'
+ - '在尝试访问特定页面后登录时,用户将发送到主页,而不是其预期目的地。{% comment %} https://github.com/github/github/pull/163785, https://github.com/github/github/pull/163579, https://github.com/github/github/pull/154117, https://github.com/github/ecosystem-apps/issues/1076 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/3.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/3.yml
new file mode 100644
index 0000000000..c13bcaf404
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/3.yml
@@ -0,0 +1,15 @@
+date: '2020-03-12'
+sections:
+ bugs:
+ - '如果自定义了后台工作进程配置,升级和设置更新将失败。{% comment %} https://github.com/github/enterprise2/pull/19321, https://github.com/github/enterprise2/pull/19299 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '推送到 Gist 时,可能会在后接收挂钩时触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '从早期版本升级时,可能无法生成后台作业工作进程,从而阻止合并拉取请求等基本功能。(更新时间:2020-04-07){% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}'
+ - '推送到命令行上的存储库时,不会报告安全警报。(更新时间于 2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '依赖项关系图在具有多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新时间时间:2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/4.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/4.yml
new file mode 100644
index 0000000000..7322860bb3
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/4.yml
@@ -0,0 +1,18 @@
+date: '2020-03-25'
+sections:
+ bugs:
+ - 'SAML 身份验证请求和元数据没有严格编码,导致一些标识提供者无法正确处理服务提供者发起的身份验证请求。{% comment %} https://github.com/github/github/pull/137150, https://github.com/github/github/pull/136770, https://github.com/github/github/issues/136766 {% endcomment %}'
+ - '`ghe-migrator` 导出不含里程碑用户,可能会中断导入操作。{% comment %} https://github.com/github/github/pull/138100, https://github.com/github/github/pull/137987, https://github.com/github/github/issues/137779 {% endcomment %}'
+ - '推送到 Gist 时,可能会在后接收挂钩时触发异常。{% comment %} https://github.com/github/github/pull/138460, https://github.com/github/github/pull/138313 {% endcomment %}'
+ - '在尝试显示未完全复制的存储库时,`ghe-repl-status` 可能会失败。{% comment %} https://github.com/github/github/pull/138463, https://github.com/github/github/pull/138388 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '推送到 Gist 时,可能会在后接收挂钩时触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '从早期版本升级时,可能无法生成后台作业工作进程,从而阻止合并拉取请求等基本功能。(更新时间:2020-04-07){% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}'
+ - '推送到命令行上的存储库时,不会报告安全警报。(更新时间于 2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '依赖项关系图在具有多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新时间时间:2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/5.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/5.yml
new file mode 100644
index 0000000000..79bb908419
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/5.yml
@@ -0,0 +1,20 @@
+date: '2020-04-07'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/19536, https://github.com/github/enterprise2/pull/19494 {% endcomment %}'
+ bugs:
+ - '当全球企业帐户设置了 100MB 以外的 Git 对象大小选项时,无法为存储库选择 100MB 大小的最大 Git 对象选项。{% comment %} https://github.com/github/github/pull/138805, https://github.com/github/github/pull/138683 {% endcomment %}'
+ - '当按 `updated_at` 字段排序时,问题和拉取请求 API 的结果可能存在不一致的行为。{% comment %} https://github.com/github/github/pull/139247, https://github.com/github/github/pull/138486 {% endcomment %}'
+ - '无法通过 GraphQL API 查询 SecurityVulnerability `package` 字段。{% comment %} https://github.com/github/github/pull/139418, https://github.com/github/github/pull/138245 {% endcomment %}'
+ - '将存储库从*公共*更改为*内部*会显示一条不相关的计费消息。{% comment %} https://github.com/github/github/pull/139531, https://github.com/github/github/pull/139492 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新设置的 GitHub Enterprise Server 上,,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '当推送到 Gist 时,可能会在后接收挂钩期间触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '从以前的版本升级时,可能不会生成后台作业工作者,从而阻止基本功能,例如合并拉取请求。{% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。(2020 年 6 月 23 日更新){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '依赖项关系图在具有多个 Redis 节点的群集配置中部署时不会检测依赖项。(2020 年 6 月 30 日更新){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
+ - '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/7.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/7.yml
new file mode 100644
index 0000000000..6755e6d22c
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/7.yml
@@ -0,0 +1,21 @@
+date: '2020-05-05'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/20027, https://github.com/github/enterprise2/pull/19997 {% endcomment %}'
+ bugs:
+ - '`ghe-repl-start` 和 `ghe-repl-status` 显示了语法错误。{% comment %} https://github.com/github/enterprise2/pull/19954, https://github.com/github/enterprise2/pull/19927 {% endcomment %}'
+ - '如果仓库启用了“自动删除头分支”设置,则当 GitHub App 安装合并拉取请求时,头部分支不会自动删除。{% comment %} https://github.com/github/github/pull/141588, https://github.com/github/github/pull/133698, https://github.com/github/github/pull/133871, https://github.com/github/github/issues/132588 {% endcomment %}'
+ - '当组织成员恢复时,web 挂钩有效负载将 `ghost` 用户报告为发送者,而不是执行恢复的实际用户。{% comment %} https://github.com/github/github/pull/141731, https://github.com/github/github/pull/140609 {% endcomment %}'
+ - '如果仓库启用了“自动删除头部分支”设置,则在头部仓库不同于基础仓库的地方,头部分支不会被自动删除。{% comment %} https://github.com/github/github/pull/142096, https://github.com/github/github/pull/133871 {% endcomment %}'
+ - '临时文件的垃圾收集可能导致许可证验证错误。{% comment %} https://github.com/github/github/pull/142209, https://github.com/github/github/pull/142189 {% endcomment %}'
+ - '在某些情况下,包括在首次创建仓库时,接收前挂钩将在没有为 GITHUBHUBB_REPO_PUBLIC 环境变量填写值的情况下运行。{% comment %} https://github.com/github/github/pull/139419, https://github.com/github/github/pull/136228, https://github.com/github/github/pull/134363 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS 跟踪的 [通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories) 文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '当推送到 Gist 时,可能会在后接收挂钩期间触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '推送到命令行上的存储库时,不会报告安全警报。(更新时间:2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '依赖项关系图在具有多个 Redis 节点的群集配置中部署时不会检测依赖项。(2020 年 6 月 30 日更新){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
+ - '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/8.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/8.yml
new file mode 100644
index 0000000000..3d89e875db
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/8.yml
@@ -0,0 +1,20 @@
+date: '2020-05-19'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/20108, https://github.com/github/enterprise2/pull/20086 {% endcomment %}'
+ bugs:
+ - '许可证文件更新后,未正确重新加载服务,导致功能丢失。{% comment %} https://github.com/github/enterprise2/pull/20072, https://github.com/github/enterprise2/pull/19989 {% endcomment %}'
+ - '如果响应正文过大,内部 API 请求更新依赖项关系图信息可能会失败。{% comment %} https://github.com/github/enterprise2/pull/20231, https://github.com/github/enterprise2/pull/20208 {% endcomment %}'
+ - '未遵从某些 GraphQL 存储库连接的 `affiliations` 参数。{% comment %} https://github.com/github/github/pull/142036, https://github.com/github/github/pull/140658 {% endcomment %}'
+ - '如果 SAML 电子邮件属性与 GitHub 用户电子邮件大小写形式不同,则无法通过 SSO 自动取消暂停用户。{% comment %} https://github.com/github/github/pull/143321, https://github.com/github/github/pull/142915 {% endcomment %}'
+ - '将用户的成员身份恢复为组织没有在 Webhook 和审核日志有效负载中检测参与者。{% comment %} https://github.com/github/github/pull/143231, https://github.com/github/github/pull/140849 {% endcomment %}'
+ known_issues:
+ - '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪的文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '推送到 Gist 时,可能会在后接收挂钩时触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
+ - '对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '推送到命令行上的仓库时,不会报告安全警报。(更新时间:2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '依赖项关系图在多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新时间:2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-20/9.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-20/9.yml
new file mode 100644
index 0000000000..3e01f8fba2
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-20/9.yml
@@ -0,0 +1,17 @@
+date: '2020-06-02'
+sections:
+ security_fixes:
+ - '**高:**在 GitHub Enterprise Server API 中发现了一个不适当的访问控制漏洞,该漏洞允许组织成员升级权限,获得对组织内未经授权的存储库的访问权限。此漏洞影响 GitHub Enterprise Server 2.21 之前的所有版本。 为应对此问题,我们发布了 [CVE-2020-10516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10516)。此漏洞通过 [GitHub Bug 赏金计划](https://bounty.github.com)报告。{% comment %} https://github.com/github/github/pull/144454, https://github.com/github/github/pull/143444 {% endcomment %}'
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/20421, https://github.com/github/enterprise2/pull/20315 {% endcomment %}'
+ bugs:
+ - '面向 Internet 的 GitHub Enterprise Server 实例可以通过搜索引擎编制索引。{% comment %} https://github.com/github/github/pull/145073, https://github.com/github/github/pull/144973 {% endcomment %}'
+ known_issues:
+ - '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪的文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '推送到 Gist 时,可能会在后接收挂钩时触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
+ - '对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '推送到命令行上的仓库时,不会报告安全警报。(更新时间:2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '依赖项关系图在多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新时间:2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/1.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/1.yml
new file mode 100644
index 0000000000..4550bee32a
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/1.yml
@@ -0,0 +1,21 @@
+date: '2020-06-23'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/20747, https://github.com/github/enterprise2/pull/20727 {% endcomment %}'
+ bugs:
+ - '当使用 UDP 作为传输机制时,过大的日志事件可能导致日志转发不稳定。{% comment %} https://github.com/github/enterprise2/pull/20458, https://github.com/github/enterprise2/pull/20445 {% endcomment %}'
+ - '用于访问 MySQL 的内部通信服务可能会比预期更频繁地重启,包括在升级过程中,这可能会导致升级部分失败。我们降低了重启率并使代码更加稳健。{% comment %} https://github.com/github/enterprise2/pull/20957, https://github.com/github/enterprise2/pull/20972, https://github.com/github/github/pull/146974 {% endcomment %}'
+ - "如果 SSH 密钥属性具有已与用户帐户关联的密钥,则用户通过 SSO 进行的自动取消暂停未完成。{% comment %} https://github.com/github/github/pull/143475, https://github.com/github/github/pull/142927 {% endcomment %}"
+ - '来自 REST API 的存储库权限哈希表示,对于可拉取访问内部存储库的业务成员,无法访问存储库。{% comment %} https://github.com/github/github/pull/144756, https://github.com/github/github/pull/144292 {% endcomment %}'
+ - '“存储库问题删除”企业帐户策略未反映当前保存的设置。{% comment %} https://github.com/github/github/pull/145218, https://github.com/github/github/pull/145067 {% endcomment %}'
+ - '审核日志不包括分支保护更改事件。{% comment %} https://github.com/github/github/pull/145998, https://github.com/github/github/pull/145014 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+ - "将存储库的权限配置为“会审”或“维护”失败,并显示错误消息。"
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/10.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/10.yml
new file mode 100644
index 0000000000..9241ea8b92
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/10.yml
@@ -0,0 +1,15 @@
+date: '2020-10-20'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/23096, https://github.com/github/enterprise2/pull/23081 {% endcomment %}'
+ bugs:
+ - '企业帐户“确认双因素要求策略”消息不正确。{% comment %} https://github.com/github/github/pull/158736 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/11.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/11.yml
new file mode 100644
index 0000000000..de748ef8f0
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/11.yml
@@ -0,0 +1,18 @@
+date: '2020-11-03'
+sections:
+ security_fixes:
+ - '**中:**高 CPU 使用可能被特殊构建的 SVN 桥请求触发,导致 SVN 桥服务上的拒绝服务 (DoS)。{% comment %} https://github.com/github/slumlord/pull/1004, https://github.com/github/slumlord/pull/1000 {% endcomment %}'
+ - "**低:**不正确的令牌验证导致身份验证期间匹配令牌的熵减少。分析表明,在实践中,这里没有重大的安全风险。{% comment %} https://github.com/github/github/pull/159455, https://github.com/github/github/pull/159193 {% endcomment %}"
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/23539, https://github.com/github/enterprise2/pull/23171, https://github.com/github/enterprise2/pull/23692, https://github.com/github/enterprise2/pull/23677 {% endcomment %}'
+ bugs:
+ - '使用包含非 ASCII 字符的文件名编辑问题模板将会失败,并显示“500 内部服务器错误”。{% comment %} https://github.com/github/github/pull/160589, https://github.com/github/github/pull/159747 {% endcomment %}'
+ - '背景作业的指标收集方法提高了 CPU 利用率。(更新时间:2020-11-03){% comment %} https://github.com/github/github/pull/160109 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。{% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/12.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/12.yml
new file mode 100644
index 0000000000..7f68292a85
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/12.yml
@@ -0,0 +1,16 @@
+date: '2020-11-17'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/23844, https://github.com/github/enterprise2/pull/23712 {% endcomment %}'
+ bugs:
+ - 'Babeld 日志在秒与微秒之间缺少分隔符。{% comment %} https://github.com/github/babeld/pull/1005, https://github.com/github/babeld/pull/1002 {% endcomment %}'
+ - '当企业帐户“存储库可见性更改”策略设置为“启用”时,组织所有者无法更改组织内存储库的可见性。{% comment %} https://github.com/github/github/pull/160921, https://github.com/github/github/pull/160773 {% endcomment %}'
+ - '审核日志可以归因于 127.0.0.1,而不是实际的源 IP 地址。{% comment %} https://github.com/github/github/pull/162436, https://github.com/github/github/pull/161215 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/13.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/13.yml
new file mode 100644
index 0000000000..23bb387e3b
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/13.yml
@@ -0,0 +1,19 @@
+date: '2020-12-03'
+sections:
+ bugs:
+ - '由于 bootstrap 中的争用条件导致服务重启,授权服务被检测为运行不正常。{% comment %} https://github.com/github/authzd/pull/1278 {% endcomment %}'
+ - '在热补丁升级过程中,一种潜在的行为导致服务不可用。{% comment %} https://github.com/github/enterprise2/pull/24054, https://github.com/github/enterprise2/issues/23947 {% endcomment %}'
+ - '未正确应用日志转发 SSL 证书的子集。{% comment %} https://github.com/github/enterprise2/pull/24113, https://github.com/github/enterprise2/pull/23981 {% endcomment %}'
+ - '发送电子邮件通知给已经从团队或组织中移除的已停用用户。{% comment %} https://github.com/github/github/pull/162971, https://github.com/github/github/pull/162742 {% endcomment %}'
+ - '组织和企业之间应用 SSH 证书的方式不一致。{% comment %} https://github.com/github/github/pull/163426, https://github.com/github/github/pull/159538, https://github.com/github/authentication/issues/115 {% endcomment %}'
+ - '当帐户因使用不正确的密码而受到速率限制时,可能被锁定长达 24 小时。{% comment %} https://github.com/github/github/pull/163436, https://github.com/github/github/pull/162938, https://github.com/github/github-ds/pull/51 {% endcomment %}'
+ - '在具有许多引用的存储库上进行拉取请求同步可能导致工作进程队列落后。{% comment %} https://github.com/github/github/pull/163575, https://github.com/github/github/pull/163142 {% endcomment %}'
+ - '在尝试访问特定页面后登录时,用户被发送到主页,而不是其预期目的地。{% comment %} https://github.com/github/github/pull/163784, https://github.com/github/github/pull/163579, https://github.com/github/github/pull/154117, https://github.com/github/ecosystem-apps/issues/1076 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/14.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/14.yml
new file mode 100644
index 0000000000..aaf7e30402
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/14.yml
@@ -0,0 +1,13 @@
+date: '2020-12-17'
+sections:
+ security_fixes:
+ - '**低:**高 CPU 使用可能被特殊构建的 SVN 桥请求触发,导致 SVN 桥服务上的拒绝服务 (DoS)。{% comment %} https://github.com/github/slumlord/pull/1021, https://github.com/github/slumlord/pull/1017 {% endcomment %}'
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/24352, https://github.com/github/enterprise2/pull/23866 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS 跟踪的 [通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories) 文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/15.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/15.yml
new file mode 100644
index 0000000000..20bd0c49a7
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/15.yml
@@ -0,0 +1,33 @@
+date: '2021-03-02'
+sections:
+ security_fixes:
+ - '**高:**在 GitHub Enterprise Server 中发现了一个不适当的访问控制漏洞,该漏洞允许已通过身份验证的实例用户通过专门制定的拉取请求和 REST API 请求获得对未经授权存储库的写入权限。攻击者需要能够创建目标存储库分支,该设置默认为组织拥有的专用存储库禁用。分支保护(如所需的拉取请求审查或状态检查)将防止未经授权的提交在未进行进一步审查或验证的情况下合并。此漏洞编号为 CVE-2021-22861。此问题通过 [GitHub Bug 赏金计划](https://bounty.github.com) 报告。'
+ - '**高:**在 GitHub Enterprise Server GraphQL API 中发现了一个不适当的访问控制漏洞,该漏洞允许已通过身份验证的实例用户在未经适当授权的情况下修改拉取请求的维护员协作权限。攻击者利用此漏洞将能够访问在他们作为维护员的存储库上打开的拉取请求的头部分支。默认情况下会为组织拥有的专用存储库禁用分支,可以防止此漏洞。此外,分支保护(如所需的拉取请求审查或状态检查)将防止未经授权的提交在未进行进一步审查或验证的情况下合并。此漏洞编号为 CVE-2021-22863。此问题通过 [GitHub Bug 赏金计划](https://bounty.github.com) 报告。'
+ - '**高:**在 GitHub Enterprise Server 中发现了一个远程代码执行漏洞,该漏洞在生成 GitHub Pages 站点时可能会被利用。GitHub Pages 使用的基础分析程序的用户控制配置没有受到足够的限制,因此可以在 GitHub Enterprise Server 实例上执行命令。若要利用此漏洞,攻击者需要获得在 GitHub Enterprise Server 实例上创建和生成 GitHub Pages 站点的权限。该漏洞编号为 CVE-2020-10519,通过 [GitHub Bug 赏金计划](https://bounty.github.com/) 报告。'
+ - '**中:**来自 GitHub Pages 生成的 GitHub 令牌最终可能会出现在日志中。'
+ - '**低:**对 SVN 桥的专门制定请求可能会在失败前触发长时间的等待,从而导致拒绝服务 (DoS)。'
+ - '包已更新到最新的安全版本。'
+ bugs:
+ - '在某些情况下,负载均衡器运行状况检查可能导致 babld 日志全是有关代理协议的错误。'
+ - '在 GitHub Enterprise 备份实用程序快照期间,信息性消息被无意中记录为错误,这导致侦听输出到 stderr 的 cron 作业在安排备份时发送不必要的电子邮件。'
+ - '在还原大型备份时,与 Redis 内存耗尽相关的异常记录可能导致还原因磁盘已满而失败。'
+ - '用户在编辑 wiki 页面时,如果单击“保存”按钮,可能会遇到 500 错误。'
+ - '使用主题替代名称中具有多个名称的证书签名的 S/MIME 签名提交将在提交提示标记中错误地显示为“未验证”。'
+ - '已暂停的用户在添加到团队时会收到电子邮件。'
+ - '当存储库具有大量清单时,“见解 ->依赖项关系图”选项卡上会显示错误“已达到此存储库允许的最大清单文件数 (20)”。有关详细信息,请参阅[可视化效果限制](https://docs.github.com/en/github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies#are-there-limits-which-affect-the-dependency-graph-data)。'
+ - '上传与之前许可证文件不同席位数的新许可证文件时,企业帐户的“设置”->“许可证”页面中不会正确表示席位差异。'
+ - '无法成功启用或禁用企业帐户设置中的“禁止存储库管理员更改匿名 Git 读取访问权限”复选框。'
+ - 'GitHub Pages 生成失败时,电子邮件通知包含了错误的支持位置链接。'
+ - '在闰年,用户在星期一尝试查看贡献活动时收到 404 响应。'
+ - '无法访问浏览**部分,出现 500 内部服务器错误。'
+ changes:
+ - '添加了对 [AWS EC2 r5b 实例类型](https://aws.amazon.com/about-aws/whats-new/2020/12/introducing-new-amazon-ec2-r5b-instances-feuring-60-gbps-of-ebbandwidth-260K-iops/)的支持。'
+ - '调整后台队列优先级,以更均匀地分配作业。'
+ known_issues:
+ - '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。'
+ - '在升级期间不会维护自定义防火墙规则。'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。'
+ - '对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。'
+ - '推送到命令行上的仓库时,不会报告安全警报。'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/16.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/16.yml
new file mode 100644
index 0000000000..a9364810d0
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/16.yml
@@ -0,0 +1,14 @@
+date: '2021-03-16'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 从 GitHub Enterprise Server 中导入正在丢失存储库文件的存储库存档将失败并报告错误。
+ known_issues:
+ - 在没有任何用户的新设置的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
+ - 在升级期间不会维护自定义防火墙规则。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - 在命令行上推送到存储库时不会报告安全警报。
+ - "当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/18.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/18.yml
new file mode 100644
index 0000000000..b6e86259eb
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/18.yml
@@ -0,0 +1,16 @@
+date: '2021-04-01'
+sections:
+ security_fixes:
+ - "**高:** 在 GitHub Enterprise Server 中发现了一个不适当的访问控制漏洞,该漏洞允许根据 GitHub 应用的 [Web 身份验证流](https://docs.github.com/en/developers/apps/identifying-and-authorizing-users-for-github-apps#web-application-flow) 生成的访问令牌通过 REST API 读取专用存储库元数据,而无需获取适当的权限。若要攻击这个漏洞,攻击者需要在实例上创建 GitHub 应用,并让用户通过 Web 身份验证流对应用程序进行授权。返回的专用存储库元数据将仅限于令牌标识的用户拥有的存储库。此漏洞影响 GitHub Enterprise Server 3.0.4 之前的所有版本,并已在 3.0.4、2.22.10 和 2.21.18 版本中修复。此漏洞编号为 CVE-2021-22865,并通过 [GitHub Bug 赏金计划](https://bounty.github.com/) 进行报告。"
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 服务未作为日志轮换的一部分转换到新的日志文件,导致磁盘使用量增加。
+ - 内部存储库搜索结果上的标签显示为“专用”而不是“内部”。
+ known_issues:
+ - 在没有任何用户的新设置的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
+ - 在升级期间不会维护自定义防火墙规则。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - 在命令行上推送到存储库时不会报告安全警报。
+ - '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/19.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/19.yml
new file mode 100644
index 0000000000..d9ccb888bb
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/19.yml
@@ -0,0 +1,18 @@
+date: '2021-04-14'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - '在副本升级期间可能会出现警告消息 `jq: error (at :0): Cannot index number with string "settings"`。'
+ - 访问 `/settings/email` 页面会存储在退出登录并重新登录时可能导致错误重定向的状态。
+ - 对于其通告在 `vulnerable_version_ranges` 中具有大写包名称的一些组件,未显示依赖项关系图警报。
+ - 用户在配置了 LDAP 身份验证的实例上执行 git 操作时会看到 500 错误。
+ - 当 ghe-migrator 遇到导入错误时,它有时会中止整个进程,但日志中没有包含足够的上下文。
+ known_issues:
+ - 在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
+ - 在升级期间不会维护自定义防火墙规则。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - 在命令行上推送到存储库时不会报告安全警报。
+ - '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/2.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/2.yml
new file mode 100644
index 0000000000..f3d8d4e493
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/2.yml
@@ -0,0 +1,21 @@
+date: '2020-07-09'
+sections:
+ security_fixes:
+ - '**中:** 将 nginx 更新到 1.16.1 并解决了 CVE-2019-20372。(更新于 2020-07-22){% comment %} https://github.com/github/enterprise2/pull/21252 {% endcomment %}'
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/21089, https://github.com/github/enterprise2/pull/21036 {% endcomment %}'
+ bugs:
+ - '一些特定日志文件不会每 7 天轮换一次。{% comment %} https://github.com/github/enterprise2/pull/21279, https://github.com/github/enterprise2/pull/21264 {% endcomment %}'
+ - '快速重新使用 webhook 源端口导致拒绝连接。{% comment %} https://github.com/github/enterprise2/pull/21286, https://github.com/github/enterprise2/pull/21280 {% endcomment %}'
+ - '不正确的背景作业可能尝试在配置为被动副本的实例上运行。{% comment %} https://github.com/github/enterprise2/pull/21317, https://github.com/github/enterprise2/pull/21212, https://github.com/github/enterprise2/issues/21167 {% endcomment %}'
+ - '节点之间的 VPN 可能会变得不稳定,导致记录错误并且可用的根卷空间被耗尽。{% comment %} https://github.com/github/enterprise2/pull/21360, https://github.com/github/enterprise2/pull/21357 {% endcomment %}'
+ - '内部仓库未正确包含在启用 SAML 的组织的搜索结果中。{% comment %} https://github.com/github/github/pull/147505, https://github.com/github/github/pull/145692 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+ - "将存储库的权限配置为“会审”或“维护”失败,并显示错误消息。"
+ - '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/21.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/21.yml
new file mode 100644
index 0000000000..6f3f8092e2
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/21.yml
@@ -0,0 +1,15 @@
+date: '2021-05-13'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 在配置应用阶段可以启用 Orchestrator 自动故障转移。
+ - 具有存储库维护员权限的用户会收到电子邮件验证警告,而不是在存储库 Pages 设置页面上构建成功的页面。
+ known_issues:
+ - 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
+ - 在升级期间不会维护自定义防火墙规则。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - 推送到命令行上的仓库时,不会报告安全警报。
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/22.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/22.yml
new file mode 100644
index 0000000000..fd1d867027
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/22.yml
@@ -0,0 +1,16 @@
+date: '2021-05-25'
+sections:
+ security_fixes:
+ - '**中:**在某些情况下,从团队或组织中删除的用户可以保留对已打开现有拉取请求的分支的写入权限。'
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 管理员使用“创建白名单条目”按钮添加的 IP 地址仍可能被锁定。
+ - 在群集或 HA 环境中,GitHub Pages 构建可能在将会失败的次要节点上触发。
+ known_issues:
+ - 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。
+ - 在升级期间不会维护自定义防火墙规则。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - 推送到命令行上的存储库时,不会报告安全警报。
+ - '当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能会将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/23.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/23.yml
new file mode 100644
index 0000000000..175ffb0c6a
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/23.yml
@@ -0,0 +1,16 @@
+date: '2021-06-10'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - "从 非 GitHub 源导入组织或仓库失败可能会产生 `undefined method '[]' for nil:NilClass` 错误。"
+ changes:
+ - GraphQL API 用户可在 `PullRequest` 对象上查询公共字段 `closingIssuesReferences`。该字段检索将在合并拉取请求时自动关闭的问题。这种方法还将允许将来迁移这些数据,作为更高保真度迁移过程的一部分。
+ known_issues:
+ - 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
+ - 自定义防火墙规则在升级过程中被删除。
+ - "Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。"
+ - 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接,则议题无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。
+ - 推送到命令行上的仓库时不报告安全警报。
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/3.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/3.yml
new file mode 100644
index 0000000000..61e9cc25c1
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/3.yml
@@ -0,0 +1,18 @@
+date: '2020-07-21'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/21438, https://github.com/github/enterprise2/pull/21402, https://github.com/github/enterprise2/pull/21496, https://github.com/github/enterprise2/pull/21479 {% endcomment %}'
+ bugs:
+ - '管理控制台监视图有时无法在更大的屏幕上正确显示。{% comment %} https://github.com/github/enterprise2/pull/21398, https://github.com/github/enterprise2/pull/21381 {% endcomment %}'
+ - '应用 SameSite Cookie 策略时,GitHub 应用部件清单 (manifest) 创建流在某些情况下无法使用。{% comment %} https://github.com/github/github/pull/147829, https://github.com/github/github/pull/144121 {% endcomment %}'
+ - "在某些情况下,访问“探索”页面会引发应用程序错误。{% comment %} https://github.com/github/github/pull/149605, https://github.com/github/github/pull/148949 {% endcomment %}"
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+ - "将存储库的权限配置为“会审”或“维护”失败,并显示错误消息。"
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/4.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/4.yml
new file mode 100644
index 0000000000..fe8a7af32a
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/4.yml
@@ -0,0 +1,28 @@
+date: '2020-08-11'
+sections:
+ security_fixes:
+ - '{% octicon "alert" aria-label="The alert icon" %} **关键:**在 GitHub Pages 中发现了一个远程执行代码漏洞,攻击者可利用该漏洞在构建 GitHub Pages 站点的过程中执行命令。此问题是由于在 Pages 构建过程中使用过时且易受攻击的依赖项造成的。要利用此漏洞,攻击者需要获得在 GitHub Enterprise Server 实例上创建和构建 GitHub Pages 站点的权限。 此漏洞影响 GitHub Enterprise Server 的所有版本。为了缓解此漏洞,Kramdown 已更新以解决 CVE-2020-14001。{% comment %} https://github.com/github/pages/pull/2835, https://github.com/github/pages/pull/2827 {% endcomment %}'
+ - '**高:**在 GitHub Enterprise Server 上执行时,攻击者可以将恶意参数注入 Git 子命令。这可能使攻击者能够使用部分用户控制的内容覆盖任意文件,并可能在 GitHub Enterprise Server 实例上执行任意命令。要利用此漏洞,攻击者需要获得访问 GHES 实例中存储库的权限。但是,由于存在其他保护措施,我们无法确定积极利用此漏洞的方法。此漏洞通过 GitHub 安全 Bug 悬赏计划报告。{% comment %} https://github.com/github/github/pull/150936, https://github.com/github/github/pull/150634 {% endcomment %}'
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/21679, https://github.com/github/enterprise2/pull/21542, https://github.com/github/enterprise2/pull/21812, https://github.com/github/enterprise2/pull/21700 {% endcomment %}'
+ bugs:
+ - 'Consul 配置错误导致无法在独立实例上处理某些后台作业。{% comment %} https://github.com/github/enterprise2/pull/21463 {% endcomment %}'
+ - '服务内存分配计算可能会将不正确或无限制的内存分配给某项服务,导致系统性能差。{% comment %} https://github.com/github/enterprise2/pull/21689 {% endcomment %}'
+ - '未正确检测到 oVirt KVM 系统的虚拟化平台,从而在升级过程中造成问题。{% comment %} https://github.com/github/enterprise2/pull/21731, https://github.com/github/enterprise2/pull/21669 {% endcomment %}'
+ - "通过 Git 命令行使用密码进行无效身份验证的错误消息未填充 URL 链接以添加适当的令牌或 SSH 密钥。{% comment %} https://github.com/github/github/pull/149607, https://github.com/github/github/pull/149351 {% endcomment %}"
+ - '使用问题模板功能在用户存储库上创建问题可能失败,并出现内部服务器错误。{% comment %} https://github.com/github/github/pull/150173, https://github.com/github/github/pull/149445 {% endcomment %}'
+ - '访问“探索”部分失败,出现 500 内部服务器错误。{% comment %} https://github.com/github/github/pull/150512, https://github.com/github/github/pull/150504 {% endcomment %}'
+ - '在迁移到新实例的存储库上,无法按 *最近更新* 对问题进行排序。{% comment %} https://github.com/github/github/pull/150688, https://github.com/github/github/pull/149330 {% endcomment %}'
+ - 'GitHub Connect 使用的是已弃用的 GitHub.com API 终结点。{% comment %} https://github.com/github/github/pull/150827, https://github.com/github/github/pull/150545 {% endcomment %}'
+ - '为后台作业收集的内部指标导致不必要的 CPU 和内存使用。{% comment %} https://github.com/github/github/pull/151182, https://github.com/github/github/pull/147695 {% endcomment %}'
+ - '404 页面的页脚中包含 GitHub.com 联系人和状态链接。{% comment %} https://github.com/github/github/pull/151315 {% endcomment %}'
+ - '未发布功能的后台作业已排队,尚未处理。{% comment %} https://github.com/github/github/pull/151395, https://github.com/github/github/pull/146248 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+ - "将存储库的权限配置为“会审”或“维护”失败,并显示错误消息。"
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/5.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/5.yml
new file mode 100644
index 0000000000..f80dee5edb
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/5.yml
@@ -0,0 +1,16 @@
+date: '2020-08-12'
+sections:
+ bugs:
+ - '解决了在生成系统配置模板时可能导致高 CPU 使用率的问题。{% comment %} https://github.com/github/enterprise2/pull/21786, https://github.com/github/enterprise2/pull/21741 {% endcomment %}'
+ - '最近对内存分配的更改可能导致系统性能降低 {% comment %} https://github.com/github/enterprise2/pull/22066 {% endcomment %}'
+ - '运行数据库迁移时的临时连接问题可能导致数据丢失。{% comment %} https://github.com/github/enterprise2/pull/22128, https://github.com/github/enterprise2/pull/22100 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '审核日志可归于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+ - "将存储库的权限配置为“会审”或“维护”失败,并显示错误消息。"
+ - '当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/6.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/6.yml
new file mode 100644
index 0000000000..c9ef772868
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/6.yml
@@ -0,0 +1,28 @@
+date: '2020-08-26'
+sections:
+ security_fixes:
+ - >-
+ {% octicon "alert" aria-label="The alert icon" %} **Critical:** A remote code execution vulnerability was identified in GitHub Pages that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program. We have issued CVE-2020-10518. {% comment %} https://github.com/github/pages/pull/2882, https://github.com/github/pages/pull/2902, https://github.com/github/pages/pull/2894, https://github.com/github/pages/pull/2877, https://github.com/github/pages-gem/pull/700,
+ https://github.com/github/pages/pull/2889, https://github.com/github/pages/pull/2899, https://github.com/github/pages/pull/2903, https://github.com/github/pages/pull/2890, https://github.com/github/pages/pull/2891, https://github.com/github/pages/pull/2884 {% endcomment %}
+ - '**Medium:** An improper access control vulnerability was identified that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and has been assigned [CVE-2020-10517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10517). The vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com). {% comment %} https://github.com/github/github/pull/151986, https://github.com/github/github/pull/151713 {% endcomment %}'
+ - 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/21853, https://github.com/github/enterprise2/pull/21828, https://github.com/github/enterprise2/pull/22154, https://github.com/github/enterprise2/pull/21920, https://github.com/github/enterprise2/pull/22216, https://github.com/github/enterprise2/pull/22190 {% endcomment %}'
+ bugs:
+ - 'A message was not logged when the ghe-config-apply process had finished running ghe-es-auto-expand. {% comment %} https://github.com/github/enterprise2/pull/22178, https://github.com/github/enterprise2/pull/22171 {% endcomment %}'
+ - 'Excessive logging to the `syslog` file could occur on high-availability replicas if the primary appliance is unavailable. {% comment %} https://github.com/github/enterprise2/pull/22268, https://github.com/github/enterprise2/pull/22124 {% endcomment %}'
+ - "Database re-seeding on a replica could fail with an error: `Got packet bigger than 'max_allowed_packet'` {% comment %} https://github.com/github/enterprise2/pull/22322, https://github.com/github/enterprise2/pull/20063 {% endcomment %}"
+ - 'In some cases duplicate user data could cause a 500 error while running the ghe-license-usage script. {% comment %} https://github.com/github/github/pull/152637 {% endcomment %}'
+ - 'Using `ghe-migrator`, the `add` command would fail to lock a repository when using the `--lock` flag. {% comment %} https://github.com/github/github/pull/152780, https://github.com/github/github/pull/152588 {% endcomment %}'
+ changes:
+ - 'In a high availability or geo-replication configuration, replica instances would exit maintenance mode when ghe-config-apply ran. {% comment %} https://github.com/github/enterprise2/pull/21777, https://github.com/github/enterprise2/pull/21440 {% endcomment %}'
+ - "We've added support for the R5a and R5n AWS instance types. {% comment %} https://github.com/github/enterprise2/pull/21903, https://github.com/github/enterprise2/pull/21173 {% endcomment %}"
+ - 'Removed the license seat count information on the administrative SSH MOTD due to a performance issue impacting GitHub Enterprise Server clusters. {% comment %} https://github.com/github/enterprise2/pull/21994, https://github.com/github/enterprise2/pull/21870 {% endcomment %}'
+ known_issues:
+ - 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - 'Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. (updated 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+ - "Configuring a repository's permission to `Triage` or `Maintain` fails with an error message."
+ - 'When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/7.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/7.yml
new file mode 100644
index 0000000000..b3467f5f1c
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/7.yml
@@ -0,0 +1,15 @@
+date: '2020-09-08'
+sections:
+ bugs:
+ - '服务运行状况检查会造成会话增加,从而耗尽文件系统 Inode。{% comment %} https://github.com/github/enterprise2/pull/22481, https://github.com/github/enterprise2/pull/22475 {% endcomment %}'
+ - "使用热补丁的升级可能会失败,并显示错误:“未找到 'libdbi1'”{% comment %} https://github.com/github/enterprise2/pull/22556, https://github.com/github/enterprise2/pull/22552 {% endcomment %}"
+ - "将存储库的权限配置为“会审”或“维护”不再失败。"
+ known_issues:
+ - '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪的文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '推送到命令行上的仓库时,不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/8.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/8.yml
new file mode 100644
index 0000000000..2834cac6c7
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/8.yml
@@ -0,0 +1,16 @@
+date: '2020-09-23'
+sections:
+ security_fixes:
+ - '**中**:ImageMagick 已经更新,可解决 [DSA-4715-1](https://www.debian.org/security/2020/dsa-4715). {% comment %} https://github.com/github/enterprise2/pull/22621, https://github.com/github/enterprise2/pull/22610 {% endcomment %}'
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/22571, https://github.com/github/enterprise2/pull/22426, https://github.com/github/enterprise2/pull/22602, https://github.com/github/enterprise2/pull/22592, https://github.com/github/enterprise2/pull/22719, https://github.com/github/enterprise2/pull/22699 {% endcomment %}'
+ bugs:
+ - '管理员无法看到已交付的存储库 Webhook,而是看到“抱歉,出错了,我们无法提取此挂钩的交付”。{% comment %} https://github.com/github/authzd/pull/1181, https://github.com/github/authzd/pull/980 {% endcomment %}'
+ known_issues:
+ - '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪的文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '推送到命令行上的仓库时,不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-21/9.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-21/9.yml
new file mode 100644
index 0000000000..f0aefac3b8
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-21/9.yml
@@ -0,0 +1,29 @@
+date: '2020-10-09'
+sections:
+ security_fixes:
+ - '**LDAP** 目录用户名标准化为现有 GHES 帐户登录的用户可以验证现有帐户。{% comment %} https://github.com/github/github/pull/156517, https://github.com/github/github/pull/155512 {% endcomment %}'
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/22911, https://github.com/github/enterprise2/pull/22878 {% endcomment %}'
+ bugs:
+ - '管理控制台中的 NameID 格式下拉列表将在设置为“持久”之后重置为“未指定”。 {% comment %} https://github.com/github/enterprise2/pull/22402, https://github.com/github/enterprise2/pull/22331, https://github.com/github/enterprise2/issues/13446 {% endcomment %}'
+ - '通过[管理控制台](/admin/configuration/accessing-the-management-console) 保存设置将附加一个新行到 [TLS/SSL 证书和密钥](/admin/configuration/configuring-tls) 文件,这触发了某些服务的不必要重新加载。 {% comment %} https://github.com/github/enterprise2/pull/22608, https://github.com/github/enterprise2/pull/22540 {% endcomment %}'
+ - '依赖项关系图的系统日志没有轮换,允许无限存储增长。{% comment %} https://github.com/github/enterprise2/pull/22766, https://github.com/github/enterprise2/pull/22733 {% endcomment %}'
+ - '如果请求的工人覆盖设置在使用中,升级可能会失败。{% comment %} https://github.com/github/enterprise2/pull/22838, https://github.com/github/enterprise2/pull/22814 {% endcomment %}'
+ - '使用 `ghe-migrator` 导入仓库时,如果数据不一致,可能发生意外异常。{% comment %} https://github.com/github/github/pull/153849, https://github.com/github/github/pull/151552 {% endcomment %}'
+ - '到 GitHub 安全通告的链接将使用 GitHub Enterprise Server 实例主机名的 URL 而不是 GitHub.com,将用户引导到不存在的 URL。{% comment %} https://github.com/github/github/pull/153853, https://github.com/github/github/pull/151301 {% endcomment %}'
+ - '当使用的身份验证模式不支持内置双重身份验证时,企业帐户安全设置页面显示用于“双重身份验证”设置的“查看组织当前配置”链接。{% comment %} https://github.com/github/github/pull/153861 {% endcomment %}'
+ - '当使用 `ghe-migrator` 导入 PR 审核请求时,与删除用户相关的记录将产生外部数据库记录。 {% comment %} https://github.com/github/github/pull/154959, https://github.com/github/github/pull/153169 {% endcomment %}'
+ - '使用 "ghe-migrator" 导入用户时,如果系统生成的电子邮件地址超过 100 个字符,则会出现“电子邮件无效”的错误。{% comment %} https://github.com/github/github/pull/155110, https://github.com/github/github/pull/152418 {% endcomment %}'
+ - '记录 web 挂钩活动可能会使用大量的磁盘空间,并导致根盘变满。{% comment %} https://github.com/github/github/pull/155656, https://github.com/github/github/pull/154100 {% endcomment %}'
+ changes:
+ - '为 AWS EC2 实例类型 `m5.16xlarge` 添加了支持。{% comment %} https://github.com/github/enterprise2/pull/22501, https://github.com/github/enterprise2/pull/22473 {% endcomment %}'
+ - '删除 `ghe-migrator` 档案中 SSH 指纹的要求,因为它可以随时计算。{% comment %} https://github.com/github/github/pull/156945, https://github.com/github/github/pull/155387 {% endcomment %}'
+ - 'GitHub App 清单现在包含 `request_oauth_on_install` 字段。{% comment %} https://github.com/github/github/pull/156994, https://github.com/github/github/pull/155010, https://github.com/github/ecosystem-apps/issues/1055 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - 'Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '议题若是包含同一仓库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。 {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '推送到命令行上的仓库时,不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
+ - '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新于 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/0.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/0.yml
new file mode 100644
index 0000000000..8525a93483
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/0.yml
@@ -0,0 +1,143 @@
+intro: GitHub is excited to present GitHub Enterprise Server 2.22.0.
+date: '2020-09-23'
+sections:
+ features:
+ - heading: GitHub Actions Beta
+ notes:
+ - |
+ [GitHub Actions](https://github.com/features/actions) is a powerful, flexible solution for CI/CD and workflow automation. GitHub Actions on Enterprise Server includes tools to help you manage the service, including key metrics in the Management Console, audit logs and access controls to help you control the roll out.
+
+ You will need to provide your own [storage](https://docs.github.com/en/enterprise/2.22/admin/github-actions/enabling-github-actions-and-configuring-storage) and runners for GitHub Actions. AWS S3, Azure Blob Storage and MinIO are supported. Please review the [updated minimum requirements for your platform](https://docs.github.com/en/enterprise/2.22/admin/installation/setting-up-a-github-enterprise-server-instance) before you turn on GitHub Actions. To learn more, contact the GitHub Sales team or [sign up for the beta](https://resources.github.com/beta-signup/). {% comment %} https://github.com/github/releases/issues/775 {% endcomment %}
+
+ - heading: GitHub Packages Beta
+ notes:
+ - |
+ [GitHub Packages](https://github.com/features/packages) is a package hosting service, natively integrated with GitHub APIs, Actions, and webhooks. Create an [end-to-end DevOps workflow](https://docs.github.com/en/enterprise/2.22/admin/packages/configuring-packages-support-for-your-enterprise) that includes your code, continuous integration, and deployment solutions.
+
+ Supported storage back ends include AWS S3 and MinIO with support for Azure blob coming in a future release. Please note that the current Docker support will be replaced by a beta of the new GitHub Container Registry in the next release. Please review the [updated minimum requirements for your platform](https://docs.github.com/en/enterprise/2.22/admin/installation/setting-up-a-github-enterprise-server-instance) before you turn on GitHub Packages. To learn more, contact the GitHub Sales team or [sign up for the beta](https://resources.github.com/beta-signup/). {% comment %} https://github.com/github/releases/issues/773 {% endcomment %}
+
+ - heading: Advanced Security Code Scanning Beta
+ notes:
+ - |
+ [GitHub Advanced Security code scanning](https://github.com/features/security) is a developer-first, GitHub-native static application security testing (SAST). Easily find security vulnerabilities before they reach production, all powered by the world’s most powerful code analysis engine: CodeQL.
+
+ Administrators using GitHub Advanced Security can [sign up for](https://resources.github.com/beta-signup/) and [enable](https://docs.github.com/en/enterprise/2.22/admin/configuration/configuring-code-scanning-for-your-appliance) GitHub Advanced Security code scanning beta. Please review the [updated minimum requirements for your platform](https://docs.github.com/en/enterprise/2.22/admin/installation/setting-up-a-github-enterprise-server-instance) before you turn on GitHub Advanced Security code scanning. {% comment %} https://github.com/github/releases/issues/768 {% endcomment %}
+
+ - heading: Pull Request Retargeting
+ notes:
+ - |
+ When a [pull request's head branch](https://docs.github.com/en/enterprise/2.22/user/github/collaborating-with-issues-and-pull-requests/about-branches#working-with-branches) is merged and deleted, all other open pull requests in the same repository that target this branch are now retargeted to the merged pull request's base branch. Previously these pull requests were closed. {% comment %} https://github.com/github/releases/issues/801 {% endcomment %}
+
+ - heading: Suspend and Unsuspend an App Installation
+ notes:
+ - |
+ Administrators and users can [suspend any GitHub App’s access](https://docs.github.com/enterprise/2.22/user/rest/reference/apps#suspend-an-app-installation) for as long as needed, and [unsuspend the app](https://docs.github.com/enterprise/2.22/user/rest/reference/apps#unsuspend-an-app-installation) on command through Settings and the API. Suspended apps cannot access the GitHub API or webhook events. You can use this instead of uninstalling an application, which deauthorises every user. {% comment %} https://github.com/github/github/pull/138316 https://github.com/github/github/pull/150869 {% endcomment %}''
+
+ - heading: Improved Large Scale Performance
+ notes:
+ - |
+ We have revised the approach we take to scheduling network maintenance for repositories, ensuring large monorepos are able to avoid failure states. {% comment %} https://github.com/github/github/pull/146789, https://github.com/github/github/pull/147931, https://github.com/github/github/pull/146724, https://github.com/github/git-protocols/issues/94 {% endcomment %}''
+
+ Passive replicas are now [supported and configurable on GitHub Enterprise Server cluster deployments](https://docs.github.com/en/enterprise/2.22/admin/enterprise-management/configuring-high-availability-replication-for-a-cluster). These changes will enable faster failover, reducing RTO and RPO. {% comment %} https://github.com/github/releases/issues/905 {% endcomment %}
+
+ - heading: View All of Your Users
+ notes:
+ - |
+ For exceptionally large teams, administrators can [adjust the 1,500 default maximum for user lists](https://docs.github.com/en/enterprise/2.22/admin/configuration/command-line-utilities#ghe-config). {% comment %} https://github.com/github/github/pull/146508 {% endcomment %}''
+
+ changes:
+ - heading: Administration Changes
+ notes:
+ - Shared workers have been enabled to make live updates more resilient by sharing connections across tabs. {% comment %} https://github.com/github/releases/issues/914 {% endcomment %}
+ - The "Contact Support" link on `50x` error pages now links to the support email or link configured in the Management Console. {% comment %} https://github.com/github/github/pull/142123 {% endcomment %}
+ - It's now possible to [manage global announcements and expiration dates through the enterprise account settings](https://docs.github.com/en/enterprise/2.22/admin/installation/command-line-utilities#ghe-announce). {% comment %} https://github.com/github/releases/issues/945, https://github.com/github/github/pull/148475, https://github.com/github/github/pull/148494 {% endcomment %}
+ - You can now [exempt certain users from the default API rate limits configured in the management console](https://docs.github.com/en/enterprise/2.22/admin/configuration/configuring-rate-limits), if necessary. {% comment %} https://github.com/github/github/pull/148673 {% endcomment %}
+ - Repository administrators can now [set their repository to any available visibility option](https://docs.github.com/en/enterprise/2.22/user/github/administering-a-repository/setting-repository-visibility) from a single dialog in the repository's settings. Previously, you had to navigate separate sections, buttons, and dialog boxes for changing between public and private and between private and internal. {% comment %} https://github.com/github/releases/issues/882 {% endcomment %}
+ - A new Enterprise settings link on the user dropdown menu makes it easier to navigate to Enterprise Account Settings. {% comment %} https://github.com/github/releases/issues/946, https://github.com/github/github/pull/150595, https://github.com/github/github/pull/150520, https://github.com/github/github/pull/151121, https://github.com/github/hydro-schemas/pull/1244 {% endcomment %}
+ - The legacy "Admin Center" link on the /stafftools page has been removed. The "Enterprise" link is now the best way to navigate to the Enterprise Account from the /stafftools page. {% comment %} https://github.com/github/github/pull/147633 {% endcomment %}
+ - The Options sub-menu item in the Enterprise Account settings has been moved from the Settings section to the Policies section. {% comment %} https://github.com/github/releases/issues/944, https://github.com/github/github/pull/148477 {% endcomment %}
+ - '[Accessing resources by using a personal access token or SSH key now counts as user activity](https://docs.github.com/en/enterprise/2.22/admin/user-management/managing-dormant-users). This relieves administrators from the burden of filtering out certain users from the user dormancy reports and makes it safer to use the "Suspend all" button without accidentally suspending users who only accessed GitHub in a read-only way over the APIs with a Personal Access Token (PAT) or SSH key. {% comment %} https://github.com/github/github/pull/140433, https://github.com/github/help-docs/pull/14853, https://github.com/github/customer-feedback/issues/174, https://github.com/github/supportability/issues/14 {% endcomment %}'
+
+ - heading: Security Changes
+ notes:
+ - Two-factor recovery codes can no longer be used during the two-factor sign in process. One-Time-Passwords are the only acceptable values. {% comment %} https://github.com/github/github/pull/145016, https://github.com/github/github/pull/140208 {% endcomment %}
+ - When a user is signed into GitHub Enterprise Server through single sign-on, the [default repository visibility selection is Private](https://docs.github.com/en/enterprise/2.22/user/github/administering-a-repository/setting-repository-visibility). {% comment %} https://github.com/github/releases/issues/872 {% endcomment %}
+ - Owners of GitHub Apps can now choose to have their [user-to-server access tokens expire after 8 hours](https://developer.github.com/changes/2020-04-30-expiring-user-to-server-access-tokens-for-github-apps/), to help enforce regular token rotation and reduce the impact of a compromised token. {% comment %} https://github.com/github/releases/issues/966 {% endcomment %}
+
+ - heading: Developer Changes
+ notes:
+ - '[The GitHub UI has undergone a design refresh](https://github.blog/changelog/2020-06-23-design-updates-to-repositories-and-github-ui/), and the repositories homepage has been redesigned, including a responsive layout and improved mobile web experience. {% comment %} https://github.com/github/releases/issues/886 {% endcomment %}'
+ - In the "Clone with SSH" repository dropdown menu, users will now be notified if they do not have any keys setup. {% comment %} https://github.com/github/github/pull/149098 {% endcomment %}
+ - Commits are now ordered chronologically in the pull request timeline and commits tab. This new ordering is also reflected in the ["List commits on a pull request"](https://docs.github.com/en/enterprise/2.22/user/rest/reference/pulls#list-commits-on-a-pull-request) REST API and GraphQL ["PullRequest object"](https://docs.github.com/en/enterprise/2.22/user/graphql/reference/objects#pullrequest) timeline connection. {% comment %} https://github.com/github/releases/issues/867 {% endcomment %}
+ - Users can now [set a skin tone default for emoji autocomplete results](https://github.blog/changelog/2020-07-17-customizable-skin-tones-in-emoji-autocomplete/) in comment text areas. {% comment %} https://github.com/github/releases/issues/916 {% endcomment %}
+ - '[Tree-sitter](https://github.com/tree-sitter/tree-sitter) improves syntax highlighting and is now the default library used for language parsing. {% comment %} https://github.com/github/releases/issues/918, https://github.com/github/windrose/issues/44 {% endcomment %}'
+
+ - heading: Users and organizations can add Twitter usernames to their GitHub profiles
+ notes:
+ - '[Developers and organizations can now add their Twitter username to their profile](https://github.blog/changelog/2020-07-22-users-and-organizations-can-now-add-twitter-usernames-to-their-github-profiles/) {% comment %} https://github.com/github/github/pull/145127 {% endcomment %}'
+
+ - heading: API Changes
+ notes:
+ - |
+ #### Graduated Previews
+
+ The following previews are now an official part of the API:
+ * The GitHub Apps API and endpoints that returned the `performed_via_github_app` property no longer require the [`machine-man`](https://developer.github.com/changes/2020-08-20-graduate-machine-man-and-sailor-v-previews/) preview header. {% comment %} https://github.com/github/releases/issues/965 {% endcomment %}
+ * To add and view a lock reason to an issue, you no longer need to use the [`sailor-v`](https://developer.github.com/changes/2020-08-20-graduate-machine-man-and-sailor-v-previews/) preview header. {% comment %} https://github.com/github/github/pull/143676 {% endcomment %}
+
+ - |
+ #### GraphQL Schema Changes
+
+ * [The GraphQL schema changes](https://docs.github.com/enterprise/2.22/user/graphql/overview/changelog) include backwards-compatible changes, schema previews, and upcoming breaking changes.
+
+ - heading: VMware Network Driver Changes
+ notes:
+ - |
+ The GitHub Enterprise Server default network adapter type for VMware customers has been changed from E1000 to VMXNET3, starting with release 2.22.0. When upgrading from an earlier release to 2.22.0 or newer, if an E1000 network adapter is detected during the pre-upgrade check, the following message will be displayed at the command line:
+
+ ```
+ WARNING: Your virtual appliance is currently using an emulated Intel E1000 network adapter.
+ For optimal performance, please update the virtual machine configuration on your VMware host to use the VMXNET3 driver.
+ Proceed with installation? [y/N]
+ ```
+
+ The administrator can choose to update the network adapter type to VMXNET3 either before or after the GitHub Enterprise Server upgrade. The virtual appliance will need to be shutdown for this change. Customers should follow the VMware recommended steps for [changing the virtual machine network adapter configuration](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-3719A0BE-4B4A-44FF-8A21-290950918FBD.html) to VMXNET3. Please note that `VMXNET3` will not be an option if the OS version for the virtual appliance is set to `Other Linux (64-bit)`. In that case, the OS version would first need to be changed from `Other Linux (64-bit)` to `Other 2.6.x Linux (64-bit)` or if available, `Debian GNU/Linux 9` . We recommend testing these changes on a [staging instance](https://docs.github.com/en/enterprise-server@2.22/admin/installation/setting-up-a-staging-instance) before it is performed on a production GitHub Enterprise Server. {% comment %} https://github.com/github/ghes-infrastructure/issues/781 {% endcomment %}
+
+ bugs:
+ - The stafftools page for viewing pending collaborator showed a `500 Internal Server Error` when there was a pending email invite. {% comment %} https://github.com/github/github/pull/150836 {% endcomment %}
+ - The Repository Health Check in stafftools could give incorrect results on busy repositories. {% comment %} https://github.com/github/github/pull/151160 {% endcomment %}
+ - A logged in user trying to accept an email invitation could get a `404 Not Found` error. {% comment %} https://github.com/github/github/pull/150848 {% endcomment %}
+ - If a user navigated to a repository whose name started with "repositories.", they were redirected to the owner's "Repositories" tab instead of landing on the repository overview page. {% comment %} https://github.com/github/github/pull/149704 {% endcomment %}
+ - Labels in the dashboard timeline did not have enough contrast. {% comment %} https://github.com/github/github/pull/146749 {% endcomment %}
+
+ deprecations:
+ - heading: Upcoming Deprecation of GitHub Enterprise Server 2.19
+ notes:
+ - '**GitHub Enterprise Server 2.19 will be deprecated as of November 12, 2020** That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, [upgrade to the newest version of GitHub Enterprise Server](https://help.github.com/enterprise/admin/guides/installation/upgrading-github-enterprise/) as soon as possible.'
+ - heading: Deprecation of Legacy GitHub App Webhook Events
+ notes:
+ - Starting with GitHub Enterprise Server 2.21.0 two legacy GitHub Apps-related webhook events have been deprecated and will be removed in GitHub Enterprise Server 2.25.0. The deprecated events `integration_installation` and `integration_installation_repositories` have equivalent events which will be supported. More information is available in the [deprecation announcement blog post](https://developer.github.com/changes/2020-04-15-replacing-the-installation-and-installation-repositories-events/). {% comment %} https://github.com/github/enterprise-web/pull/6419#issuecomment-668303461 {% endcomment %}
+ - heading: Deprecation of Legacy GitHub Apps Endpoint
+ notes:
+ - Starting with GitHub Enterprise Server 2.21.0 the legacy GitHub Apps endpoint for creating installation access tokens was deprecated and will be removed in GitHub Enterprise Server 2.25.0. More information is available in the [deprecation announcement blog post](https://developer.github.com/changes/2020-04-15-replacing-create-installation-access-token-endpoint/). {% comment %} https://github.com/github/enterprise-web/pull/6419#issuecomment-668303461 {% endcomment %}
+ - heading: Deprecation of OAuth Application API
+ notes:
+ - GitHub no longer supports the OAuth application endpoints that contain `access_token` as a path parameter. We have introduced new endpoints that allow you to securely manage tokens for OAuth Apps by moving `access_token` to the request body. While deprecated, the endpoints are still accessible in this version. We intend to remove these endpoints on GitHub Enterprise Server 3.4. For more information, see the [deprecation announcement blog post](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/).
+
+ backups:
+ - GitHub Enterprise Server 2.22 requires at least [GitHub Enterprise Backup Utilities](https://github.com/github/backup-utils) 2.22.0 for [Backups and Disaster Recovery](https://help.github.com/enterprise/2.22/admin/guides/installation/backups-and-disaster-recovery/).
+
+ known_issues:
+ - On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}
+ - Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}
+ - The Name ID Format dropdown in the Management Console resets to "unspecified" after setting instance to "persistent". {% comment %} https://github.com/github/enterprise2/issues/13446 {% endcomment %}
+ - The repository Settings page of a repository for a user or organization GitHub Pages sites will fail with a "500 Internal Server Error". {% comment %} https://github.com/github/github/issues/156183 {% endcomment %}
+ - Users may experience slower Git clone and fetch performance on an instance with high availability replicas due to reads being forwarded to a different node. {% comment %} https://github.com/github/spokesd/issues/746 {% endcomment %}
+ - '[Creating a GitHub App from a manifest](https://docs.github.com/en/enterprise/2.22/user/developers/apps/creating-a-github-app-from-a-manifest) fails. To work around this issue, users can follow the manual instructions for [creating a GitHub App](https://docs.github.com/en/enterprise/2.22/user/developers/apps/creating-a-github-app). {% comment %} https://github.com/github/enterprise2/issues/22849 {% endcomment %}'
+ - GitHub usernames may change unintentionally when using SAML authentication, if the GitHub username does not match the value of the attribute mapped to the `username` field in the Management Console. (updated 2020-10-08) {% comment %} https://github.com/github/external-identities/issues/335 {% endcomment %}
+ - On a freshly set up 2.22.0 instance or after upgrading to 2.22.0, the activity feed on an organization's dashboard will no longer update. (updated 2020-10-27) {% comment %}https://github.com/github/enterprise2/issues/23050{% endcomment %}
+ - Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. (updated 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}
+ - When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/1.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/1.yml
new file mode 100644
index 0000000000..928b7fa41c
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/1.yml
@@ -0,0 +1,74 @@
+date: '2020-10-09'
+sections:
+ security_fixes:
+ - '**MEDIUM**: ImageMagick has been updated to address [DSA-4715-1](https://www.debian.org/security/2020/dsa-4715). {% comment %} https://github.com/github/enterprise2/pull/22623, https://github.com/github/enterprise2/pull/22610 {% endcomment %}'
+ - 'Requests from a GitHub App integration to refresh an OAuth access token would be accepted if sent with a different, valid OAuth client ID and client secret than was used to create the refresh token. {% comment %} https://github.com/github/github/pull/154921, https://github.com/github/github/pull/154423, https://github.com/github/ecosystem-apps/issues/1066 {% endcomment %}'
+ - 'A user whose LDAP directory username standardizes to an existing GHES account login could authenticate into the existing account. {% comment %} https://github.com/github/github/pull/156513, https://github.com/github/github/pull/155512 {% endcomment %}'
+ - 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/22912, https://github.com/github/enterprise2/pull/22878 {% endcomment %}'
+
+ bugs:
+ - |
+ The NameID Format dropdown in the Management Console would be reset to "unspecified" after setting it to "persistent". {% comment %} https://github.com/github/enterprise2/pull/22376, https://github.com/github/enterprise2/pull/22331, https://github.com/github/enterprise2/issues/13446 {% endcomment %}
+ - |
+ Upgrading using a hotpatch could fail with an error: `'libdbi1' was not found` {% comment %} https://github.com/github/enterprise2/pull/22557, https://github.com/github/enterprise2/pull/22552 {% endcomment %}
+ - |
+ Saving settings via the [management console](/admin/configuration/accessing-the-management-console) would append a newline to the [TLS/SSL certificate and key](/admin/configuration/configuring-tls) files which triggered unnecessary reloading of some services. {% comment %} https://github.com/github/enterprise2/pull/22570, https://github.com/github/enterprise2/pull/22540 {% endcomment %}
+ - |
+ System logs for Dependency Graph were not rotating, allowing unbounded storage growth. {% comment %} https://github.com/github/enterprise2/pull/22767, https://github.com/github/enterprise2/pull/22733 {% endcomment %}
+ - |
+ The MS SQL Server performance graph showed statistics from the primary instance even when a replica was selected. {% comment %} https://github.com/github/enterprise2/pull/22778, https://github.com/github/enterprise2/pull/22750 {% endcomment %}
+ - |
+ `ghe-actions-precheck` would silently exit without running the storage checks if Actions was not enabled. {% comment %} https://github.com/github/enterprise2/pull/22787, https://github.com/github/enterprise2/pull/22742 {% endcomment %}
+ - |
+ Upgrade could fail if the resqued workers override setting is in use. {% comment %} https://github.com/github/enterprise2/pull/22836, https://github.com/github/enterprise2/pull/22814 {% endcomment %}
+ - |
+ Some services running in containers were not sending logs to the journal. {% comment %} https://github.com/github/enterprise2/pull/22994, https://github.com/github/enterprise2/pull/22518 {% endcomment %}
+ - |
+ Links to GitHub Security Advisories would use a URL with the hostname of the GitHub Enterprise Server instance instead of GitHub.com, directing the user to a nonexistent URL. {% comment %} https://github.com/github/github/pull/153316, https://github.com/github/github/pull/151301 {% endcomment %}
+ - |
+ When importing a repository with `ghe-migrator`, an unexpected exception could occur when inconsistent data is present. {% comment %} https://github.com/github/github/pull/153850, https://github.com/github/github/pull/151552 {% endcomment %}
+ - |
+ The enterprise account security settings page showed a "View your organizations' current configurations" link for the "Two-factor authentication" setting when the authentication mode in use does not support built in two-factor authentication. {% comment %} https://github.com/github/github/pull/153860 {% endcomment %}
+ - |
+ OAuth refresh tokens would be removed prematurely. {% comment %} https://github.com/github/github/pull/154271, https://github.com/github/github/pull/153694 {% endcomment %}
+ - |
+ Search repair tasks would generate exceptions during the migration phase of configuration. {% comment %} https://github.com/github/github/pull/154573, https://github.com/github/github/pull/153392 {% endcomment %}
+ - |
+ On the settings page for GitHub Apps, the "Beta Features" tab was not visible in some circumstances. {% comment %} https://github.com/github/github/pull/154612, https://github.com/github/github/pull/154417 {% endcomment %}
+ - |
+ When using `ghe-migrator` to import PR review requests, records associated with deleted users would result in extraneous database records. {% comment %} https://github.com/github/github/pull/154960, https://github.com/github/github/pull/153169 {% endcomment %}
+ - |
+ When importing users with `ghe-migrator`, an error of "Emails is invalid" would occur if the system-generated email address were longer than 100 characters. {% comment %} https://github.com/github/github/pull/155109, https://github.com/github/github/pull/152418 {% endcomment %}
+ - |
+ Logging webhook activity could use large amounts of disk space and cause the root disk to become full. {% comment %} https://github.com/github/github/pull/155657, https://github.com/github/github/pull/154100 {% endcomment %}
+ - |
+ Users experienced slower Git clone and fetch performance on an instance with high availability replicas due to reads being forwarded to a different node. {% comment %} https://github.com/github/github/pull/156195, https://github.com/github/github/pull/156016, https://github.com/github/spokesd/issues/746 {% endcomment %}
+ - |
+ The repository Settings page of a repository for a user or organization GitHub Pages sites would fail with a "500 Internal Server Error". {% comment %} https://github.com/github/github/pull/156439, https://github.com/github/github/issues/156183 {% endcomment %}
+ - |
+ Repository network maintenance operations could become stuck in a `running` state. {% comment %} https://github.com/github/github/pull/156669, https://github.com/github/github/pull/156036 {% endcomment %}
+ - |
+ A repository being deleted immediately after uploading a code scanning result could cause a stall in the processing of code scanning results for all repositories. {% comment %} https://github.com/github/github/pull/157063, https://github.com/github/github/pull/156437 {% endcomment %}
+ - |
+ When a large number of code scanning results were submitted at the same time, processing of batches could time out resulting in a stall in processing of code scanning results. {% comment %} https://github.com/github/github/pull/157065, https://github.com/github/github/pull/156462 {% endcomment %}
+ - |
+ [Creating a GitHub App from a manifest](https://docs.github.com/en/enterprise/2.22/user/developers/apps/creating-a-github-app-from-a-manifest) would fail. {% comment %} https://github.com/github/github/pull/157133, https://github.com/github/github/pull/156904, https://github.com/github/enterprise2/issues/22849 {% endcomment %}
+ - |
+ GitHub usernames were changed unintentionally when using SAML authentication, when the GitHub username did not match the value of the attribute mapped to the `username` field in the Management Console. {% comment %} https://github.com/github/github/pull/158131, https://github.com/github/github/pull/157936, https://github.com/github/external-identities/issues/335 {% endcomment %}
+
+ changes:
+ - Support is added for the AWS EC2 instance type `m5.16xlarge`. {% comment %} https://github.com/github/enterprise2/pull/22502, https://github.com/github/enterprise2/pull/22473 {% endcomment %}
+ - Remove the requirement for SSH fingerprints in `ghe-migrator` archives as it can always be computed. {% comment %} https://github.com/github/github/pull/156946, https://github.com/github/github/pull/155387 {% endcomment %}
+ - GitHub App Manifests now include the `request_oauth_on_install` field. {% comment %} https://github.com/github/github/pull/156991, https://github.com/github/github/pull/155010, https://github.com/github/ecosystem-apps/issues/1055 {% endcomment %}
+
+ known_issues:
+ - On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}
+ - Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}
+ - Configuration updates will fail when restoring data to a GitHub Actions-enabled instance if the original backup source did not have the feature enabled. {% comment %} https://github.com/github/c2c-actions-runtime/issues/915 {% endcomment %}
+ - GitHub Actions can fail to start up successfully if it was previously enabled on an instance running 2.22.0 and is upgraded to 2.22.1. (updated 2020-10-23) {% comment %} https://github.com/github/c2c-actions/issues/1680 {% endcomment %}
+ - On a freshly set up 2.22.1 instance or after upgrading to 2.22.1, the activity feed on an organization's dashboard will no longer update. (updated 2020-10-27) {% comment %}https://github.com/github/enterprise2/issues/23050{% endcomment %}
+ - Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. (updated 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}
+ - When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/10.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/10.yml
new file mode 100644
index 0000000000..4fbde7ebaa
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/10.yml
@@ -0,0 +1,16 @@
+date: '2021-04-01'
+sections:
+ security_fixes:
+ - "**高:**在 GitHub Enterprise Server 中发现了一个不适当的访问控制漏洞,该漏洞允许根据 GitHub 应用的 [Web 身份验证流](https://docs.github.com/en/developers/apps/identifying-and-authorizing-users-for-github-apps#web-application-flow) 生成的访问令牌通过 REST API 读取专用存储库元数据,而无需获取适当的权限。若要攻击这个漏洞,攻击者需要在实例上创建 GitHub 应用,并让用户通过 Web 身份验证流对应用程序进行授权。返回的专用存储库元数据将仅限于令牌标识的用户拥有的存储库。此漏洞影响 GitHub Enterprise Server 3.0.4 之前的所有版本,并已在 3.0.4、2.22.10 和 2.21.18 版本中修复。此漏洞编号为 CVE-2021-22865,并通过 [GitHub Bug 赏金计划](https://bounty.github.com) 进行报告。"
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 某些默认为 UTC 时间的服务未使用在 GitHub Enterprise 11.10.x 或更早版本上设置的时区。
+ - 服务未作为日志轮换的一部分转换到新的日志文件,导致磁盘使用量增加。
+ - 内部存储库搜索结果上的标签显示为“专用”而不是“内部”。
+ known_issues:
+ - 在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
+ - 在升级期间不会维护自定义防火墙规则。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/12.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/12.yml
new file mode 100644
index 0000000000..5cc9632ff8
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/12.yml
@@ -0,0 +1,22 @@
+date: '2021-04-28'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 在升级过程中,进程将在 `cleanup nomad job` 之后无限期暂停。
+ - '`ghe-cluster-failover` 失败,出现错误消息 `Trilogy::Error: trilogy_connect`。'
+ - '`ghe-cluster-status-mysql` 将有关故障转移的警告显示为错误。'
+ - 在 MySQL 副本上运行的安装脚本可能导致数据库故障转移期间不必要的数据库重新播种。
+ - '由于不必要地调用 `rake db:migrate`,`config-apply` 可能需要更长的时间。'
+ - Orchestrator 可能已故障转移到 MySQL 副本,当主数据库无法连接时,它无法在播种阶段从主数据库复制。
+ - 出现错误的组织或项目阻止了迁移,无法排除。
+ - 由于选择了最完整的磁盘而不是空节点,存储主机超过三个的客户无法恢复到其灾难恢复群集。
+ changes:
+ - 默认情况下,预运行检查允许所有 AWS 实例类型。
+ known_issues:
+ - 在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。
+ - 在升级期间不会维护自定义防火墙规则。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/13.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/13.yml
new file mode 100644
index 0000000000..6b86c7620b
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/13.yml
@@ -0,0 +1,20 @@
+date: '2021-05-13'
+sections:
+ security_fixes:
+ - "**高:**在 GitHub Enterprise Server 中发现 UI 表述错误漏洞,在审批阶段,该问题会导致在 GitHub 应用用户授权 Web 流中授予超过 UI 显示的权限。要利用这个漏洞,攻击者需要在实例上创建 GitHub 应用,并让用户通过 Web 身份验证流对应用程序进行授权。所有被授予的权限将在第一次授权时正确显示,但在某些情况下,如果用户在 GitHub 应用已配置额外的用户级别权限后重新访问授权流,这些额外的权限可能不会显示,这样会导致授予可能超过用户初衷的权限。此漏洞影响 GitHub Enterprise Server 3.0.x 到 3.0.7 版本以及 2.22.x 到 2.22.13 版本。3.0.7 和 2.22.13 版本中修复了该问题。该漏洞编号为 CVE-2021-22866,通过 [GitHub Bug 赏金计划](https://bounty.github.com/) 报告。"
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 在配置应用阶段可以启用 Orchestrator 自动故障转移。
+ - 具有存储库维护员权限的用户会收到电子邮件验证警告,而不是在存储库 Pages 设置页面上构建成功的页面。
+ - 通配符规则的代码所有者将被错误地添加到代码所有者徽章的所有者列表中,即使该路径优先使用较新的规则。
+ - OpenAPI 文档引用了无效的标头。
+ changes:
+ - 添加了 HAProxy 重载时配置更改的日志记录。
+ - 添加了仓库创建的日志记录。
+ known_issues:
+ - 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
+ - 在升级期间不会维护自定义防火墙规则。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/14.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/14.yml
new file mode 100644
index 0000000000..bad192aca2
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/14.yml
@@ -0,0 +1,18 @@
+date: '2021-05-25'
+sections:
+ security_fixes:
+ - '**中:**在某些情况下,从团队或组织中删除的用户可以保留对已打开现有拉取请求的分支的写入权限。'
+ - 包已更新到最新的安全版本。
+ bugs:
+ - MSSQL 中的正常复制延迟会生成警告。
+ - 管理员使用“创建白名单条目”按钮添加的 IP 地址仍可能被锁定。
+ - '`spokesd` 创建了过多的日志条目,包括“修复位置已跳过”短语。'
+ changes:
+ - 超过 4 个月的检查注释将存档。
+ known_issues:
+ - 在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。
+ - 在升级期间不会维护自定义防火墙规则。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/16.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/16.yml
new file mode 100644
index 0000000000..b3ef760893
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/16.yml
@@ -0,0 +1,15 @@
+date: '2021-06-24'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - sshd 服务有时无法从 Google Cloud Platform 上运行的实例启动。
+ - 旧的升级文件将保留在用户磁盘上,有时会导致空间不足。
+ - 如果导出存档包含来自存档中不存在的团队的审查请求,则导出存档将无法导入拉取请求并且无提示。
+ known_issues:
+ - 在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
+ - 将在升级过程中删除自定义防火墙规则。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含指向同一存储库中 blob 文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/17.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/17.yml
new file mode 100644
index 0000000000..e344b6c696
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/17.yml
@@ -0,0 +1,20 @@
+date: '2021-07-14'
+sections:
+ security_fixes:
+ - '**高:**在 GitHub Enterprise Server 中发现了一个在构建 GitHub Pages 站点时可以利用的路径遍历漏洞。GitHub Pages 使用的用户控制配置选项没有受到足够的限制,因此可以读取 GitHub Enterprise Server 实例上的文件。要利用此漏洞,攻击者需要获得在 GitHub Enterprise Server 实例上创建和构建 GitHub Pages 站点的权限。此漏洞影响 3.1.3 之前的所有 GitHub Enterprise Server 版本,编号为 CVE-2021-22867。此漏洞通过 GitHub Bug 赏金计划报告。'
+ - 包已更新到最新的安全版本。
+ bugs:
+ - '如果启用了 HTTP 代理,则 `ghe-cluster-config-node-init` 会在群集设置期间失败。'
+ - Collectd 在初始启动后不会解析转发目标主机名。
+ - 如果其中部分存储库因受法律保护而无法被删除,则清除陈旧的已删除存储库的作业可能会失败。
+ - 在使用 LDAP 身份验证模式的实例的用户协调过程中,Git 推送可能导致 500 内部服务器错误。
+ - 如果未启用依赖项关系图,则每当用户访问存储库的 `/settings` 页时,都会记录大量 503 错误。
+ changes:
+ - 通过跳过未更改的 IP 允许防火墙规则,提高了配置应用效率,可在大型群集上节省大量时间。
+ known_issues:
+ - 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。
+ - 自定义防火墙规则在升级过程中被删除。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能会将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/18.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/18.yml
new file mode 100644
index 0000000000..8438662329
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/18.yml
@@ -0,0 +1,16 @@
+date: '2021-07-27'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 如果在未启用依赖项关系图但启用了内容分析的情况下尝试运行将漏洞与 GitHub.com 同步的计划作业,则会生成大量 503 错误。
+ - 对于使用 HTTP 代理的所有用户,不支持使用未经身份验证的 HTTP 代理来进行页面容器构建。
+ changes:
+ - "`babeld` 的日志现在包含一个用于 HTTP ref 广告请求的 `cmd` 字段,而不是仅在协商请求期间包含该字段。"
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/19.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/19.yml
new file mode 100644
index 0000000000..9da19f2fd0
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/19.yml
@@ -0,0 +1,13 @@
+date: '2021-08-10'
+sections:
+ bugs:
+ - 对“存储库创建”组织设置所做更改的审核日志条目不准确。
+ changes:
+ - 滥用速率限制现在称为辅助速率限制,因为它们限制的行为并不总是滥用。
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/2.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/2.yml
new file mode 100644
index 0000000000..42e92d228d
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/2.yml
@@ -0,0 +1,31 @@
+date: '2020-10-20'
+sections:
+ security_fixes:
+ - Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/23097, https://github.com/github/enterprise2/pull/23081 {% endcomment %}
+
+ bugs:
+ - |
+ If the storage account settings failed to validate while configuring GitHub Actions, running `ghe-actions-teardown` was required before making a new attempt. {% comment %} https://github.com/github/enterprise2/pull/23057, https://github.com/github/enterprise2/pull/22981 {% endcomment %}
+ - |
+ A custom proxy configuration could adversely affect the GitHub Actions environment. {% comment %} https://github.com/github/enterprise2/pull/23121, https://github.com/github/enterprise2/pull/23092, https://github.com/github/c2c-actions-platform/issues/2254 {% endcomment %}
+ - |
+ On a change of an address on eth0, Nomad and Consul could get unresponsive. {% comment %} https://github.com/github/enterprise2/pull/23227, https://github.com/github/enterprise2/pull/23153 {% endcomment %}
+ - |
+ When using self-signed certificates, GHES could have SSL validation exceptions upon configuring GitHub Actions. {% comment %} https://github.com/github/enterprise2/pull/23381 {% endcomment %}
+ - |
+ Using a GitHub Action from a branch name with a `+` or `/` character resulted in an error: `Unable to resolve action`. {% comment %} https://github.com/github/github/pull/157942, https://github.com/github/github/pull/157819, https://github.com/github/launch/pull/3463 {% endcomment %}
+ - |
+ The enterprise account "Confirm two-factor requirement policy" messaging was incorrect. {% comment %} https://github.com/github/github/pull/158735 {% endcomment %}
+ - |
+ On certain requests above 100MB, Kafka's buffer could be over-allocated. {% comment %} https://github.com/github/kafka-lite/pull/286, https://github.com/github/kafka-lite/pull/285 {% endcomment %}
+
+ known_issues:
+ - On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}
+ - Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}
+ - GitHub Actions can fail to start up successfully if it was previously enabled on an instance running 2.22.0 and is upgraded to 2.22.2. (updated 2020-10-23) {% comment %} https://github.com/github/c2c-actions/issues/1680 {% endcomment %}
+ - On a freshly set up 2.22.2 instance or after upgrading to 2.22.2, the activity feed on an organization's dashboard will no longer update. (updated 2020-10-27) {% comment %}https://github.com/github/enterprise2/issues/23050{% endcomment %}
+ - Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. (updated 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}
+ - When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/20.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/20.yml
new file mode 100644
index 0000000000..de294794b9
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/20.yml
@@ -0,0 +1,14 @@
+date: '2021-08-24'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 与自动更新相关的日志消息(`添加 h/m/s 随机时间。`)被记录到系统日志中。
+ - "导致请求失败的内部 API 的 Git 挂钩返回异常`未定义 \"success\":String 的方法主体(NoMethodError)`,而不是返回显式的 `nil`。"
+ known_issues:
+ - "在没有任何用户的新建 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被移除。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/21.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/21.yml
new file mode 100644
index 0000000000..fb986a4465
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/21.yml
@@ -0,0 +1,11 @@
+date: '2021-09-07'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可能创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能会将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/22.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/22.yml
new file mode 100644
index 0000000000..8132ad054a
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/22.yml
@@ -0,0 +1,14 @@
+date: '2021-09-24'
+sections:
+ security_fixes:
+ - '**HIGH:** A path traversal vulnerability was identified in {% data variables.product.prodname_ghe_server %} that could be exploited when building a {% data variables.product.prodname_pages %} site. User-controlled configuration options used by {% data variables.product.prodname_pages %} were not sufficiently restricted and made it possible to read files on the {% data variables.product.prodname_ghe_server %} instance. To exploit this vulnerability, an attacker would need permission to create and build a {% data variables.product.prodname_pages %} site on the {% data variables.product.prodname_ghe_server %} instance. This vulnerability affected all versions of {% data variables.product.prodname_ghe_server %} prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This is the result of an incomplete fix for CVE-2021-22867. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned CVE-2021-22868. {% comment %} https://github.com/github/pages/pull/3359, https://github.com/github/pages/pull/3357 {% endcomment %}'
+ bugs:
+ - 'The {% data variables.product.prodname_github_connect %} configuration of the source instance was always restored to new instances even when the `--config` option for `ghe-restore` was not used. This would lead to a conflict with the {% data variables.product.prodname_github_connect %} connection and license synchronization if both the source and destination instances were online at the same time. {% comment %} https://github.com/github/github/pull/192247, https://github.com/github/github/pull/191951, https://github.com/github/enterprise2/pull/26870, https://github.com/github/backup-utils/pull/770, https://github.com/github/connected-enterprise/issues/208 {% endcomment %}'
+ - 'Fixes {% data variables.product.prodname_pages %} builds so they take into account the NO_PROXY setting of the appliance. This is relevant to appliances configured with an HTTP proxy only. {% comment %} https://github.com/github/github/pull/192380 {% endcomment %}'
+ known_issues:
+ - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
+ - Custom firewall rules are removed during the upgrade process.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in GitHub.com search results.
+ - When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/3.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/3.yml
new file mode 100644
index 0000000000..83b8ebfa6a
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/3.yml
@@ -0,0 +1,25 @@
+date: '2020-11-03'
+sections:
+ security_fixes:
+ - |
+ **LOW:** High CPU usage could be triggered by a specially crafted request to the SVN bridge resulting in Denial of Service (DoS) on the SVN bridge service. (updated 2020-11-16) {% comment %} https://github.com/github/slumlord/pull/1005, https://github.com/github/slumlord/pull/1000 {% endcomment %}
+ - |
+ **LOW:** Incorrect token validation resulted in a reduced entropy for matching tokens during authentication. Analysis shows that in practice there's no significant security risk here. {% comment %} https://github.com/github/github/pull/159457, https://github.com/github/github/pull/159193 {% endcomment %}
+ - |
+ Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/23540, https://github.com/github/enterprise2/pull/23171, https://github.com/github/enterprise2/pull/23693, https://github.com/github/enterprise2/pull/23677 {% endcomment %}
+
+ bugs:
+ - GitHub Actions could fail to start up successfully if it was previously enabled on an instance running 2.22.0 and was upgraded to 2.22.1 or 2.22.2. {% comment %} https://github.com/github/enterprise2/pull/23622, https://github.com/github/enterprise2/pull/23490, https://github.com/github/c2c-actions/issues/1680 {% endcomment %}
+ - Configuration files for GitHub Actions were not copied to the replica when setting up high availability replicas potentially leading to errors during `ghe-repl-promote`. {% comment %} https://github.com/github/enterprise2/pull/23703, https://github.com/github/enterprise2/pull/23683 {% endcomment %}
+ - On a freshly set up 2.22.1 or 2.22.2 instance or after upgrading to 2.22.1 or 2.22.2, the activity feed on an organization's dashboard would not update. {% comment %} https://github.com/github/github/pull/159376, https://github.com/github/github/pull/159235, https://github.com/github/enterprise2/issues/23050 {% endcomment %}
+ - Editing issues templates with filenames containing non-ASCII characters would fail with a "500 Internal Server Error". {% comment %} https://github.com/github/github/pull/160588, https://github.com/github/github/pull/159747 {% endcomment %}
+ - A metric gathering method for background jobs increased CPU utilization. (updated 2020-11-03) {% comment %} https://github.com/github/github/pull/160109 {% endcomment %}
+
+ known_issues:
+ - On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}
+ - Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}
+ - Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}
+ - When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/4.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/4.yml
new file mode 100644
index 0000000000..89218b634d
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/4.yml
@@ -0,0 +1,18 @@
+date: '2020-11-17'
+sections:
+ security_fixes:
+ - "包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/23845, https://github.com/github/enterprise2/pull/23712 {% endcomment %}"
+
+ bugs:
+ - "babeld 日志在秒与微秒之间缺少分隔符。{% comment %} https://github.com/github/babeld/pull/1006, https://github.com/github/babeld/pull/1002 {% endcomment %}"
+ - "在使用热补丁升级 GHES 之后,`ghe-actions-precheck` 和 `ghe-packages-precheck` 命令将会失败,并显示错误“\"docker load\" 不接受参数”。{% comment %} https://github.com/github/enterprise2/pull/23760, https://github.com/github/enterprise2/pull/23745 {% endcomment %}"
+ - "当企业帐户“存储库可见性更改”策略设置为“启用”时,组织所有者无法更改组织内存储库的可见性。{% comment %} https://github.com/github/github/pull/160920, https://github.com/github/github/pull/160773 {% endcomment %}"
+ - "审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。{% comment %} https://github.com/github/github/pull/162438, https://github.com/github/github/pull/161215 {% endcomment %}"
+
+ known_issues:
+ - "在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}"
+ - "自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}"
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}"
+ - "问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}"
+ - "在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}"
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/5.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/5.yml
new file mode 100644
index 0000000000..a4e0915993
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/5.yml
@@ -0,0 +1,22 @@
+date: '2020-12-03'
+sections:
+ bugs:
+ - '由于启动时争用条件导致服务重新启动,因此检测到授权服务不正常。{% comment %} https://github.com/github/authzd/pull/1275, https://github.com/github/authzd/pull/1274 {% endcomment %}'
+ - 'Ghe-diagnattics 未捕获到 Elasticsearch 的升级过程。{% comment %} https://github.com/github/enterprise2/pull/23905, https://github.com/github/enterprise2/pull/23874 {% endcomment %}'
+ - '在升级的高可用性配置上启用 GitHub Actions 导致复制出错。{% comment %} https://github.com/github/enterprise2/pull/23979, https://github.com/github/c2c-actions-platform/issues/2479 {% endcomment %}'
+ - '在热补丁升级过程中,一种潜在的行为导致服务不可用。{% comment %} https://github.com/github/enterprise2/pull/24055 {% endcomment %}'
+ - '连接到活动副本的用户在连接到实时 Websocket 时出错。{% comment %} https://github.com/github/enterprise2/pull/24079, https://github.com/github/enterprise2/pull/24058 {% endcomment %}'
+ - '未正确应用部分日志转发 SSL 证书。{% comment %} https://github.com/github/enterprise2/pull/24114, https://github.com/github/enterprise2/pull/23981 {% endcomment %}'
+ - '发送电子邮件通知给已经从团队或组织中移除的已停用用户。{% comment %} https://github.com/github/github/pull/162973, https://github.com/github/github/pull/162742 {% endcomment %}'
+ - '组织和企业之间应用 SSH 证书的方式不一致。{% comment %} https://github.com/github/github/pull/163423, https://github.com/github/github/pull/159538, https://github.com/github/authentication/issues/115 {% endcomment %}'
+ - '当帐户因使用不正确的密码而受到速率限制时,可能被锁定长达 24 小时。{% comment %} https://github.com/github/github/pull/163433, https://github.com/github/github/pull/162938, https://github.com/github/github-ds/pull/51 {% endcomment %}'
+ - '在具有许多引用的存储库上进行拉取请求同步可能导致工作进程队列落后。{% comment %} https://github.com/github/github/pull/163573, https://github.com/github/github/pull/163142 {% endcomment %}'
+ - '在尝试访问特定页面后,当使用本地用户名和密码(内置身份验证)登录时,用户将进入到主页,而不是其预期页面。{% comment %} https://github.com/github/github/pull/163782, https://github.com/github/github/pull/163579, https://github.com/github/github/pull/154117, https://github.com/github/ecosystem-apps/issues/1076 {% endcomment %}'
+ - '对于使用内部 SAML 标识提供者的内置身份验证的 GHES 实例,没有关联电子邮件地址的用户无法从 Web 界面创建提交。{% comment %} https://github.com/github/github/pull/164009, https://github.com/github/github/pull/163530, https://github.com/github/github/issues/163524 {% endcomment %}'
+ known_issues:
+ - '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪的文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/6.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/6.yml
new file mode 100644
index 0000000000..7a16711fe3
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/6.yml
@@ -0,0 +1,18 @@
+date: '2020-12-17'
+sections:
+ security_fixes:
+ - '**低:**高 CPU 使用可能被特殊构建的 SVN 桥请求触发,导致 SVN 桥服务上的拒绝服务 (DoS)。{% comment %} https://github.com/github/slumlord/pull/1022, https://github.com/github/slumlord/pull/1017 {% endcomment %}'
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/24353, https://github.com/github/enterprise2/pull/23866 {% endcomment %}'
+ bugs:
+ - '对某些文件资源(如 zip 存档或原始文件)的请求可能会进入重定向循环。{% comment %} https://github.com/github/enterprise2/pull/24193, https://github.com/github/enterprise2/pull/24075 {% endcomment %}'
+ - '超时可能会阻止某些问题和拉取请求搜索提供完整的搜索结果。{% comment %} https://github.com/github/github/pull/164155, https://github.com/github/github/pull/163845 {% endcomment %}'
+ - '小屏幕上带有非字母字符的自定义选项卡未正确呈现。{% comment %} https://github.com/github/github/pull/164310, https://github.com/github/github/pull/164159 {% endcomment %}'
+ - '当将内容推送到启用 Git LFS 的仓库时,基本行为导致失败。{% comment %} https://github.com/github/github/pull/164663, https://github.com/github/github/pull/150179 {% endcomment %}'
+ - '在某些罕见情况下,通过 Web 界面访问时,问题可能会导致 500 错误。{% comment %} https://github.com/github/github/pull/165298, https://github.com/github/github/pull/159674 {% endcomment %}'
+ known_issues:
+ - '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
+ - '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
+ - '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
+ - '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
+ - '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
+ - '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/7.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/7.yml
new file mode 100644
index 0000000000..094ce031ed
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/7.yml
@@ -0,0 +1,57 @@
+date: '2021-03-02'
+sections:
+ security_fixes:
+ - '**HIGH:** An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability has been assigned CVE-2021-22861. This issue was reported via the [GitHub Bug Bounty Program](https://bounty.github.com).'
+ - '**HIGH:** An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability has been assigned CVE-2021-22863. This issue was reported via the [GitHub Bug Bounty Program](https://bounty.github.com).'
+ - '**HIGH:** A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability has been assigned CVE-2020-10519 and was reported via the [GitHub Bug Bounty Program](https://bounty.github.com).'
+ - '**MEDIUM:** GitHub Tokens from GitHub Pages builds could end up in logs.'
+ - '**LOW:** A specially crafted request to the SVN bridge could trigger a long wait before failure resulting in Denial of Service (DoS).'
+ - 'Packages have been updated to the latest security versions.'
+ bugs:
+ - 'The load-balancer health checks in some cases could cause the babeld logs to fill up with errors about the PROXY protocol.'
+ - 'An informational message was unintentionally logged as an error during GitHub Enterprise Backup Utilities snapshots, which resulted in unnecessary emails being sent when backups were scheduled by cron jobs that listen for output to stderr.'
+ - 'While restoring a large backup, exception logging related to Redis memory exhaustion could cause the restore to fail due to a full disk.'
+ - 'When first setting up a new instance, if you selected "Configure as Replica" you would be unable to start replication.'
+ - 'When GitHub Actions was enabled, disabling maintenance mode in the management console failed.'
+ - 'When editing a wiki page a user could experience a 500 error when clicking the Save button.'
+ - 'An S/MIME signed commit using a certificate with multiple names in the subject alternative name would incorrectly show as "Unverified" in the commit badge.'
+ - 'Suspended user was sent emails when added to a team.'
+ - 'User saw 500 error when executing git operations on an instance configured with LDAP authentication.'
+ - 'The `remove_org_member_package_access` background job was visible in the management console and would continually increase.'
+ - 'When a repository had a large number of manifests an error `You have reached the maximum number of allowed manifest files (20) for this repository.` was shown on the Insights -> Dependency graph tab. For more information, see [Visualization limits](https://docs.github.com/en/github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies#are-there-limits-which-affect-the-dependency-graph-data).'
+ - 'When uploading a new license file with a different number of seats from the previous license file, the seat difference was not correctly represented in the enterprise account Settings -> License page.'
+ - 'The "Prevent repository admins from changing anonymous Git read access" checkbox available in the enterprise account settings could not be successfully enabled or disabled.'
+ - 'When a GitHub Pages build failed, the email notification contained an incorrect link for support location.'
+ - 'During a leap year, the user was getting a 404 response when trying to view Contribution activity on a Monday.'
+ changes:
+ - 'Added support for [AWS EC2 r5b instance types](https://aws.amazon.com/about-aws/whats-new/2020/12/introducing-new-amazon-ec2-r5b-instances-featuring-60-gbps-of-ebs-bandwidth-and-260K-iops/).'
+ - 'Adjusted background queue prioritization to more evenly distribute jobs.'
+ known_issues:
+ - 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.'
+ - 'Custom firewall rules are not maintained during an upgrade.'
+ - 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.'
+ - 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.'
+ - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.'
+ - |
+ Users may experience assets such as avatars not loading, or a failure to push/pull code. This may be caused by a PID mismatch in the `haproxy-cluster-proxy` service. To determine if you have an affected instance:
+
+ **Single instance**
+
+ 1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
+
+ ```
+ if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi
+ ```
+
+ 2. If it shows that there is a mismatch, reboot the instance.
+
+ **Cluster or High Availability configuration**
+
+ 1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
+
+ ```
+ ghe-cluster-each -- 'if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi'
+ ```
+
+ 2. If it shows one or more nodes are affected, reboot the affected nodes.
+ - When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/8.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/8.yml
new file mode 100644
index 0000000000..cee7e07523
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/8.yml
@@ -0,0 +1,37 @@
+date: '2021-03-16'
+sections:
+ security_fixes:
+ - Packages have been updated to the latest security versions.
+ bugs:
+ - Systemd journal logs were duplicated in multiple places.
+ - A site admin could get a 500 error page while trying to view issues referenced from private repositories.
+ - Importing of repository archives from GitHub Enterprise Server that are missing repository files would fail with an error.
+ known_issues:
+ - On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
+ - Custom firewall rules are not maintained during an upgrade.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+ - |
+ Users may experience assets such as avatars not loading, or a failure to push/pull code. This may be caused by a PID mismatch in the `haproxy-cluster-proxy` service. To determine if you have an affected instance:
+
+ **Single instance**
+
+ 1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
+
+ ```
+ if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi
+ ```
+
+ 2. If it shows that there is a mismatch, reboot the instance.
+
+ **Cluster or High Availability configuration**
+
+ 1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
+
+ ```
+ ghe-cluster-each -- 'if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi'
+ ```
+
+ 2. If it shows one or more nodes are affected, reboot the affected nodes.
+ - When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/2-22/9.yml b/translations/zh-CN/data/release-notes/enterprise-server/2-22/9.yml
new file mode 100644
index 0000000000..a7186ca8df
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/2-22/9.yml
@@ -0,0 +1,33 @@
+date: '2021-03-23'
+intro: Downloads have been disabled due to a major bug affecting multiple customers. A fix will be available in the next patch.
+sections:
+ security_fixes:
+ - '**HIGH:** A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned CVE-2021-22864.'
+ - Packages have been updated to the latest security versions.
+ bugs:
+ - Running `ghe-cluster-config-init` could cause a cluster to become inoperable.
+ - Systemd could lose track of HAProxy's PID.
+ - The mysql-failover warning was displayed indefinitely after a successful failover.
+ - The `ghe-cluster-config-init` run was not fully accounting for the exit code of background jobs leading to improper handling of preflight checks.
+ - A Security & Analysis link did not appear in the left-side navigation on the Settings page for repositories.
+ - After disabling GitHub Packages, some organization pages would return an HTTP 500 error response.
+ changes:
+ - Improves reliability of nomad services by implementing the same restart policy introduced in GitHub Enterprise Server 3.0.
+ - Use a relative number for consul and nomad `bootstrap_expect` allowing for a cluster to bootstrap even if a handful of nodes are down.
+ - Logs will rotate based on size in addition to time.
+ - Added kafka-lite to the `ghe-cluster-status` command.
+ known_issues:
+ - On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
+ - Custom firewall rules are not maintained during an upgrade.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+ - |
+ Log rotation may fail to signal services to transition to new log files, leading to older log files continuing to be used, and eventual root disk space exhaustion.
+ To remedy and/or prevent this issue, run the following commands in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH), or contact [GitHub Enterprise Support](https://support.github.com/contact) for assistance:
+
+ ```
+ printf "PATH=/usr/local/sbin:/usr/local/bin:/usr/local/share/enterprise:/usr/sbin:/usr/bin:/sbin:/bin\n29,59 * * * * root /usr/sbin/logrotate /etc/logrotate.conf\n" | sudo sponge /etc/cron.d/logrotate
+ sudo /usr/sbin/logrotate -f /etc/logrotate.conf
+ ```
+ - 'When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/0-rc1.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/0-rc1.yml
new file mode 100644
index 0000000000..f6bc03f21e
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/0-rc1.yml
@@ -0,0 +1,25 @@
+date: '2021-01-12'
+release_candidate: true
+deprecated: true
+intro: "应在非生产环境中测试候选发布版。有关候选发布计划的更多信息,请参阅 [GitHub 博客](https://github.blog/2020-12-03-improving-the-ghes-release-process-release-candidates/)或“[关于升级到新版本](/admin/overview/about-upgrades-to-new-releases)”。"
+sections:
+ bugs:
+ - 已更改几个日志文件的格式,包括为不同的日志类型添加了一个 PID。此更改不会影响 GitHub Enterprise Support 使用支持包来解决问题的方法。
+ - 对 Web 挂钩配置 API 的 PATCH 请求不再清除 Web 挂钩机密。
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 候选发布版 1 不支持群集模式。
+ - 在升级期间不会维护自定义防火墙规则。
+ - "Git LFS 跟踪的文件[通过 Web 界面上传](https://github.blog/2016-02-18-upload-files-to-your-repositories/)被错误地直接添加到存储库。"
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - 在尝试设置 Actions 未成功后,如果禁用 Actions,你将无法创建第一个用户,也无法使用设备
+ - 未保存“必要消息已查看”审核日志事件
+ - '第一次设置时必须在副本上运行 `ghe-config-apply`,然后才可运行 `ghe-repl-setup` 以开始复制。'
+ - 备份工具可能会触发向管理员发送不必要的电子邮件
+ - 在“组织成员”视图页面中显示不正确的 Packages 设置
+ - 删除作为企业所有者的自己后,你将被重定向到 404 页面。操作成功。
+ - '`ghe-config-apply` 偶尔失败,并出现“错误: 等待 nomad 作业应用失败”,直到 Nomad 作业队列被清除。此问题目前需要以管理员身份删除 `/etc/nomad-jobs/queue`。'
+ - 在配置多个副本节点时,副本的状态可能会错误同步。
+ - 尝试将 3.0 备份还原到新实例的客户不应预先配置实例,因为它可能导致用户登录状态不佳。建议恢复到全新的未配置实例。
+ - GitHub Enterprise Server 3.0 候选发布版尚未在 Azure 市场中提供。要在过渡环境中测试候选发布版,请启动 2.21 或 2.22 实例,然后在下载页面上使用 Azure 升级软件包进行。
+ - 映像和升级包下载大小已增加。Internet 连接速度较慢的客户可能会发现下载软件包需要更长的时间。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/0-rc2.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/0-rc2.yml
new file mode 100644
index 0000000000..d3e33bd456
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/0-rc2.yml
@@ -0,0 +1,24 @@
+date: '2021-01-29'
+release_candidate: true
+deprecated: true
+intro: "应在非生产环境中测试候选发布版。有关候选发布计划的更多信息,请参阅 [GitHub 博客](https://github.blog/2020-12-03-improving-the-ghes-release-process-release-candidates/)或“[关于升级到新版本](/admin/overview/about-upgrades-to-new-releases)”。"
+sections:
+ bugs:
+ - heading: 修复候选发布 1 中的已知问题
+ notes:
+ - 如果在尝试设置 GitHub Actions 失败后禁用 GitHub Actions,则无法创建第一个用户,也无法使用该设备。
+ - 未保存“必要消息已查看”审核日志事件。
+ - '初次设置时,需要在副本上运行 `ghe-config-apply`,然后才可运行 `ghe-repl-setup` 以开始复制。'
+ - 删除作为企业所有者的自己将返回 404。
+ - heading: 其他问题的修复
+ notes:
+ - 迁移和升级到 3.0.0 的问题已修复。
+ - 备份实用程序版本控制现在适用于候选发布版本。
+ - 生成支持包导致业务流程协调程序日志中出现错误。
+ - 大型还原可能会导致 Redis 运行内存不足。
+ - 现在,使用任何身份验证方法都可以看到管理控制台中启用 GitHub Actions 的复选框。
+ - 仅在配置了所需存储时才可启用 GitHub Actions。
+ - '如果未配置 MSSQL 复制,`ghe-repl-status` 可能会失败而不出现提示。'
+
+ known_issues:
+ - 候选发布 1 的已知问题仍然适用,不包括列出的 Bug 修复。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/0.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/0.yml
new file mode 100644
index 0000000000..36d3d58fab
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/0.yml
@@ -0,0 +1,160 @@
+date: '2021-02-16'
+intro: The minimum infrastructure requirements have increased for {% data variables.product.prodname_ghe_server %} 3.0+. For more information, see "[About minimum requirements for GitHub Enterprise Server 3.0 and later](/admin/enterprise-management/upgrading-github-enterprise-server#about-minimum-requirements-for-github-enterprise-server-30-and-later)."
+sections:
+ security_fixes:
+ - '**HIGH:** A remote code execution vulnerability was identified in {% data variables.product.prodname_ghe_server %} that could be exploited when building a {% data variables.product.prodname_pages %} site. User-controlled configuration of the underlying parsers used by {% data variables.product.prodname_pages %} were not sufficiently restricted and made it possible to execute commands on the {% data variables.product.prodname_ghe_server %} instance. To exploit this vulnerability, an attacker would need permission to create and build a {% data variables.product.prodname_pages %} site on the {% data variables.product.prodname_ghe_server %} instance. This vulnerability has been assigned CVE-2020-10519 and was reported via the [GitHub Bug Bounty Program](https://bounty.github.com).'
+ features:
+ - heading: GitHub Actions
+ notes:
+ - |
+ [{% data variables.product.prodname_actions %}](https://github.com/features/actions) is now generally available on {% data variables.product.prodname_ghe_server %} 3.0+. Build, test, and deploy your code from {% data variables.product.prodname_dotcom %}. Submit code reviews, branch management, and issue triaging work the way you want.
+
+ This release includes several improvements from the beta of {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_server %}:
+
+ - Enterprise, organization, and repository admins can create security policies for access to {% data variables.product.prodname_actions %} on {% data variables.product.prodname_dotcom_the_website %}.
+ - Enterprise, organization, and repository admins can allow public repositories to use self-hosted runners.
+ - Enterprise, organization, and repository admins can now allow workflows to [run on pull requests raised from forks of private repositories](/enterprise-server@3.0/github/setting-up-and-managing-organizations-and-teams/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks).
+ - The `workflow_run` event is [now supported](/enterprise-server@3.0/actions/reference/events-that-trigger-workflows#workflow_run)
+ - Users now have the ability to [disable workflows and enable them at a later date](/enterprise-server@3.0/actions/managing-workflow-runs/disabling-and-enabling-a-workflow).
+ - Workflow logs have been enhanced for a [better user experience](/enterprise-server@3.0/actions/managing-workflow-runs/using-workflow-run-logs).
+ - Users can now use private images in container jobs and services.
+ - The max retention days for [artifacts and logs can now be customized](/enterprise-server@3.0/github/setting-up-and-managing-your-enterprise/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account).
+ - The runner group API now includes [labels](/enterprise-server@3.0/actions/hosting-your-own-runners/using-labels-with-self-hosted-runners).
+ - You can now create reusable actions using shell scripts with compose run steps.
+ - [Encrypted secrets for an organization](/enterprise-server@3.0/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-an-organization) allows you to consolidate secrets across repositories.
+ - [Workflow templates for an organization](/enterprise-server@3.0/actions/learn-github-actions/sharing-workflows-with-your-organization) streamlines and promotes best practices and consistency across your organization.
+
+ {% data variables.product.prodname_actions %} is not currently supported for enterprises using cluster configurations.
+
+ - heading: GitHub Packages
+ notes:
+ - |
+ [{% data variables.product.prodname_registry %}](https://github.com/features/packages) is a package hosting service, natively integrated with GitHub APIs, Actions, and webhooks. Create an [end-to-end DevOps workflow](/enterprise/3.0/admin/packages/configuring-packages-support-for-your-enterprise) that includes your code, continuous integration, and deployment solutions.
+
+ Supported storage back ends include AWS S3 and MinIO with support for Azure blob coming in a future release. Please note that the current Docker support will be replaced by a beta of the new GitHub Container Registry in the next release. Please review the [updated minimum requirements for your platform](/enterprise/3.0/admin/installation/setting-up-a-github-enterprise-server-instance) before you turn on {% data variables.product.prodname_registry %}.
+
+ When publishing packages to NuGet, users can now use the `--api-key` option to pass their authentication token instead of writing it into a file. For more information, see [Configuring dotnet CLI for use with GitHub Packages](/enterprise-server@3.0/packages/guides/configuring-dotnet-cli-for-use-with-github-packages#publishing-a-package)
+
+ {% data variables.product.prodname_registry %} is not currently supported for enterprises using cluster configurations.
+
+ - heading: GitHub Mobile beta
+ notes:
+ - |
+ [{% data variables.product.prodname_mobile %}](https://github.com/features/) beta allows you to triage notifications and manage issues and pull requests from your device. You can be simultaneously signed into mobile with one user account on {% data variables.product.prodname_dotcom_the_website %} and one user account on {% data variables.product.prodname_ghe_server %}.
+
+ {% data variables.product.prodname_mobile %} beta is now available for {% data variables.product.prodname_ghe_server %}. Sign in with our [Android](https://play.google.com/store/apps/details?id=com.github.android) and [iOS](https://apps.apple.com/app/github/id1477376905) apps to triage notifications and manage issues and pull requests on the go. Administrators can disable mobile support for their Enterprise using the management console or by running `ghe-config app.mobile.enabled false`.
+
+ - heading: Advanced Security Secret Scanning beta
+ notes:
+ - |
+ [Secret Scanning beta](https://github.com/features/security) scans public and private repositories for committed credentials, finds secrets, and notifies the secret provider or admin the moment they are committed into a repository.
+
+ Administrators using {% data variables.product.prodname_GH_advanced_security %} can [enable and configure](/enterprise-server@3.0/admin/configuration/configuring-secret-scanning-for-your-appliance) {% data variables.product.prodname_GH_advanced_security %} secret scanning. You can review the [updated minimum requirements for your platform](/enterprise/3.0/admin/installation/setting-up-a-github-enterprise-server-instance) before you turn on {% data variables.product.prodname_GH_advanced_security %} secret scanning.
+
+ - heading: Advanced Security Code Scanning
+ notes:
+ - |
+ [GitHub Advanced Security code scanning](https://github.com/features/security) is now generally available on GitHub Enterprise Server. Organizations who have purchased Advanced Security can use this capability to do static analysis security testing against their code, and prevent vulnerabilities from making it to their production code using CodeQL, our semantic analysis engine. For more information, see "[Configuring code scanning on your appliance](/en/enterprise-server@3.0/admin/configuration/configuring-code-scanning-for-your-appliance#running-code-scanning-using-github-actions)"
+
+ changes:
+ - heading: Administration Changes
+ notes:
+ - The webhook events delivery system has been rearchitected for higher throughput, faster deliveries, and fewer delayed messages. It also uses less CPU and memory in {% data variables.product.prodname_ghe_server %} 3.0+.
+ - Organization and Enterprise owners can now see when a team member has been promoted to or demoted from being a team maintainer in the audit log through the new `team.promote_maintainer` and `team.demote_maintainer` audit log events. For more information, see "[Audited actions](/enterprise-server@3.0/admin/user-management/audited-actions)."
+ - Repository maintainers with existing {% data variables.product.prodname_pages %} sites can [easily update their prior default branch name](/enterprise-server@3.0/github/working-with-github-pages/about-github-pages#publishing-sources-for-github-pages-sites).
+ - Additional hardware resources are required to run {% data variables.product.prodname_ghe_server %} with any of Actions, Packages or Advanced Security enabled. For more information on the minimum required resources for each supported platform, see "[Setting up a {% data variables.product.prodname_ghe_server %} instance](/enterprise-server@3.0/admin/installation/setting-up-a-github-enterprise-server-instance)."
+ - Administrators can now [publish a message](/enterprise-server@3.0/admin/user-management/customizing-user-messages-for-your-enterprise), which all users must accept. This can help to onboard new users and surface other organization-specific information and policies.
+
+ - heading: Security Changes
+ notes:
+ - Organization owners can now disable publication of {% data variables.product.prodname_pages %} sites from repositories in the organization. Disabling {% data variables.product.prodname_pages %} for the organization will prevent members from creating new Pages sites but will not unpublish existing sites. For more information, see "[Disabling publication of {% data variables.product.prodname_pages %} sites for your organization](/enterprise-server@3.0/github/setting-up-and-managing-organizations-and-teams/disabling-publication-of-github-pages-sites-for-your-organization)."
+ - A datacenter must be explicitly defined on all nodes before enabling an active replica.
+ - All usage of SSH fingerprints has been switched to use SHA256 fingerprints as they are used with OpenSSH since version 6.8 as well. This applies to the web interface and also the API where fingerprints are returned such as in GraphQL. The fingerprints follow the OpenSSH format.
+ - SHA-1 and SHA-256 signature headers (two headers) are sent on webhooks.
+
+ - heading: Developer Changes
+ notes:
+ - Majority of the services running in {% data variables.product.prodname_ghe_server %} 3.0+ are now on containers which internally enables GitHub to iterate fast and ship high quality releases
+ - The webhook events delivery system has been rearchitected for higher throughput, faster deliveries, and fewer delayed messages.
+
+ - heading: API Changes
+ notes:
+ - Administrators can now configure and manage the site-wide announcement banner via the REST API. For more information, see the endpoints for "[GitHub Enterprise administration](/enterprise-server@3.0/rest/reference/enterprise-admin#annoucements)."
+ - A new API endpoint enables the exchange of a user to server token for a user to server token scoped to specific repositories. For more information, see "[Apps](/enterprise-server@3.0/rest/reference/apps#create-a-scoped-access-token)" in the {% data variables.product.prodname_dotcom %} REST API documentation.
+
+ - heading: Default branch renaming
+ notes:
+ - |
+ Enterprise and organization administrators can now set the default branch name for new repositories. Enterprise administrators can also enforce their choice of default branch name across all organizations or allow individual organizations to choose their own.
+
+ Existing repositories are unaffected by these settings, and their default branch name will not be changed.
+
+ {% note %}
+
+ The default branch for newly-created repositories will be set to `main` in GHES 3.1, unless you opt out by setting the default branch setting at the enterprise level.
+
+ {% endnote %}
+
+ This change is one of many changes GitHub is making to support projects and maintainers that want to rename their default branch. To learn more about the changes we're making, see [github/renaming](https://github.com/github/renaming).
+
+ bugs:
+ - heading: Fixes for known issues from Release Candidates
+ notes:
+ - All known issues from Release Candidate 1 and Release Candidate 2 have been fixed, except those listed in the Known Issues section below.
+ - heading: Fixes for other issues
+ notes:
+ - Issues with migrations and upgrades to 3.0.0 have been fixed.
+ - Backup Utilities versioning now works for release candidate versions.
+ - Generating a support bundle resulted in an error in the orchestrator logs.
+ - A large restore could result in Redis running out of memory.
+ - The checkbox to enable GitHub Actions in the Management Console is now visible with any authentication method.
+ - GitHub Actions could be enabled if the required storage was also configured.
+ - '`ghe-repl-status` could silently fail if MSSQL replication was not configured.'
+ - The format of several log files have changed, including the addition of a PID for different log types. This does not affect how GitHub Enterprise Support uses support bundles to troubleshoot issues.
+ - A PATCH request to the webhook configuration API no longer erases the webhook secret.
+ - Certain types of pre-receive hooks were failing.
+ - 'The Packages NuGet service now normalizes semantic versions on publish. An invalid semantic version (for example: v1.0.0.0.0.0) is not downloadable by NuGet clients and therefore a NuGet service is expected to normalize those versions (for example: v1.0.0.0.0.0 --> v1.0.0). Any original, non-normalized, version will be available in the `verbatimVersion` field. No changes to client configurations are required.'
+
+ known_issues:
+ - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
+ - Custom firewall rules are not maintained during an upgrade.
+ - Git LFS tracked files [uploaded through the web interface](https://github.blog/2016-02-18-upload-files-to-your-repositories/) are incorrectly added directly to the repository.
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+ - When maintenance mode is enabled, some services continue to be listed as "active processes". The services identified are expected to run during maintenance mode. If you experience this issue and are unsure, contact {% data variables.contact.contact_ent_support %}.
+ - When GitHub Actions is enabled, use '`ghe-maintenance -u`' to unset maintenance mode.
+ - 'Duplicated logging to `/var/log/messages`, `/var/log/syslog`, and `/var/log/user.log` results in increased root volume utilization.'
+ - Users can dismiss a mandatory message without checking all checkboxes.
+ - '[Pre-receive hook scripts](/admin/policies/enforcing-policy-with-pre-receive-hooks) cannot write temporary files, which may cause script execution to fail. Users who use pre-receive hooks should test in a staging environment to see if scripts require write access.'
+ - Repository [deploy keys](/developers/overview/managing-deploy-keys) are unable to be used with repositories containing LFS objects.
+ - Jupyter Notebook rendering in the web UI may fail if the notebook includes non-ASCII UTF-8 characters.
+ - reStructuredText (RST) rendering in the web UI may fail and instead display raw RST markup text.
+ - Dependency graph fails to parse `setup.py` Python manifest files, resulting in HTTP 500 errors in logs. This, combined with the duplicated logging issue, results in increased root volume utilization.
+ - A race condition can cause dependency graph database migrations to appear to fail.
+ - Instances with a custom timezone that were upgraded from an earlier release of GitHub Enterprise Server may have incorrect timestamps in the web UI.
+ - Old builds of Pages are not cleaned up, which could fill up the user disk (`/data/user/`).
+ - When deleting a branch after merging a pull request, an error message appears although the branch deletion succeeds.
+ - When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
+ - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+
+ deprecations:
+ - heading: Deprecation of GitHub Enterprise Server 2.19
+ notes:
+ - '**{% data variables.product.prodname_ghe_server %} 2.19 is deprecated as of November 12, 2020**. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, [upgrade to the newest version of {% data variables.product.prodname_ghe_server %}](https://help.github.com/enterprise/admin/guides/installation/upgrading-github-enterprise/) as soon as possible.'
+ - heading: Deprecation of Legacy GitHub App Webhook Events
+ notes:
+ - Starting with {% data variables.product.prodname_ghe_server %} 2.21.0 two legacy GitHub Apps-related webhook events have been deprecated and will be removed in {% data variables.product.prodname_ghe_server %} 3.2.0. The deprecated events `integration_installation` and `integration_installation_repositories` have equivalent events which will be supported. More information is available in the [deprecation announcement blog post](https://developer.github.com/changes/2020-04-15-replacing-the-installation-and-installation-repositories-events/).
+ - heading: Deprecation of Legacy GitHub Apps Endpoint
+ notes:
+ - Starting with {% data variables.product.prodname_ghe_server %} 2.21.0 the legacy GitHub Apps endpoint for creating installation access tokens was deprecated and will be removed in {% data variables.product.prodname_ghe_server %} 3.2.0. More information is available in the [deprecation announcement blog post](https://developer.github.com/changes/2020-04-15-replacing-create-installation-access-token-endpoint/).
+ - heading: Deprecation of OAuth Application API
+ notes:
+ - GitHub no longer supports the OAuth application endpoints that contain `access_token` as a path parameter. We have introduced new endpoints that allow you to securely manage tokens for OAuth Apps by moving `access_token` to the request body. While deprecated, the endpoints are still accessible in this version. We intend to remove these endpoints on {% data variables.product.prodname_ghe_server %} 3.4. For more information, see the [deprecation announcement blog post](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/).
+ - heading: Deprecation of support for Semiotic
+ notes:
+ - The service supported a "Find by Symbol" experience in the pull request view that was not widely used.
+ - heading: Deprecation of workflow commands
+ notes:
+ - '{% data variables.product.prodname_actions %} `set-env` and `add-path` workflow commands have been deprecated. For more information, see the [changelog](https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/).'
+
+ backups:
+ - '{% data variables.product.prodname_ghe_server %} 3.0 requires at least [GitHub Enterprise Backup Utilities 3.0.0](https://github.com/github/backup-utils) for [Backups and Disaster Recovery](/enterprise-server@3.0/admin/configuration/configuring-backups-on-your-appliance).'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/1.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/1.yml
new file mode 100644
index 0000000000..b298260e62
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/1.yml
@@ -0,0 +1,71 @@
+date: '2021-03-02'
+intro: The minimum infrastructure requirements have increased for {% data variables.product.prodname_ghe_server %} 3.0+. For more information, see "[About minimum requirements for GitHub Enterprise Server 3.0 and later](/admin/enterprise-management/upgrading-github-enterprise-server#about-minimum-requirements-for-github-enterprise-server-30-and-later)."
+sections:
+ security_fixes:
+ - '**HIGH:** An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability has been assigned CVE-2021-22861. This issue was reported via the [GitHub Bug Bounty Program](https://bounty.github.com).'
+ - '**HIGH:** An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability has been assigned CVE-2021-22863. This issue was reported via the [GitHub Bug Bounty Program](https://bounty.github.com).'
+ - '**HIGH:** An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server versions 3.0.0, 3.0.0.rc2, and 3.0.0.rc1 and has been assigned CVE-2021-22862. This vulnerability was reported via the GitHub Bug Bounty program.'
+ - '**MEDIUM:** GitHub Tokens from GitHub Pages builds could end up in logs.'
+ - 'Packages have been updated to the latest security versions.'
+ bugs:
+ - 'The load-balancer health checks in some cases could cause the babeld logs to fill up with errors about the PROXY protocol.'
+ - 'The HTTP headers were not compliant with HTTP RFC standards in specific responses like 304 status for archives.'
+ - 'On instances that host Python repositories with the Dependency Graph feature enabled, the instance could become unresponsive due to the root disk filling with error logs.'
+ - 'An informational message was unintentionally logged as an error during GitHub Enterprise Backup Utilities snapshots, which resulted in unnecessary emails being sent when backups were scheduled by cron jobs that listen for output to stderr.'
+ - 'On VMWare ESX 6.7 the initial configuration could hang while creating host keys which left the instance inaccessible via SSH.'
+ - 'When GitHub Actions was enabled, disabling maintenance mode in the management console failed.'
+ - 'The Package creation setting was shown on the organization member settings page, though this feature is not yet available.'
+ - 'While enabling secret scanning on the Security & Analysis page the dialog incorrectly mentions private repositories.'
+ - 'When editing a wiki page a user could experience a 500 error when clicking the Save button.'
+ - 'An S/MIME signed commit using a certificate with multiple names in the subject alternative name would incorrectly show as "Unverified" in the commit badge.'
+ - 'User saw 500 error when executing git operations on an instance configured with LDAP authentication.'
+ - 'Suspended user was sent emails when added to a team.'
+ - 'When a repository had a large number of manifests an error `You have reached the maximum number of allowed manifest files (20) for this repository.` was shown on the Insights -> Dependency graph tab. For more information, see [Visualization limits](https://docs.github.com/en/github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies#are-there-limits-which-affect-the-dependency-graph-data).'
+ - 'Fixes users being shown the option to set up the Code Scanning CodeQL Action even if Actions was not enabled for their repository.'
+ - 'The "Prevent repository admins from changing anonymous Git read access" checkbox available in the enterprise account settings could not be successfully enabled or disabled.'
+ - 'The modal used to display a mandatory message contained no vertical scrollbar, meaning longer messages could not be viewed in full.'
+ - 'Redis would sometimes fail to start after a hard reboot or application crash.'
+ - 'Dependency graph fails to parse `setup.py` Python manifest files, resulting in HTTP 500 errors in logs. This, combined with the duplicated logging issue, results in increased root volume utilization.'
+ changes:
+ - 'Satisfy requests concurrently when multiple users are downloading the same archive, resulting in improved performance.'
+ known_issues:
+ - 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.'
+ - 'Custom firewall rules are not maintained during an upgrade.'
+ - 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.'
+ - 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.'
+ - 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.'
+ - 'When maintenance mode is enabled, some services continue to be listed as "active processes". The services identified are expected to run during maintenance mode. If you experience this issue and are unsure, contact [GitHub Enterprise Support](https://support.github.com/contact).'
+ - 'Duplicated logging to `/var/log/messages`, `/var/log/syslog`, and `/var/log/user.log` results in increased root volume utilization.'
+ - 'Users can dismiss a mandatory message without checking all checkboxes.'
+ - '[Pre-receive hook scripts](/admin/policies/enforcing-policy-with-pre-receive-hooks) cannot write temporary files, which may cause script execution to fail. Users who use pre-receive hooks should test in a staging environment to see if scripts require write access.'
+ - 'Repository [deploy keys](/developers/overview/managing-deploy-keys) are unable to be used with repositories containing LFS objects.'
+ - Jupyter Notebook rendering in the web UI may fail if the notebook includes non-ASCII UTF-8 characters.
+ - 'reStructuredText (RST) rendering in the web UI may fail and instead display raw RST markup text.'
+ - 'Dependency graph fails to parse `yarn.lock` Javascript manifest files, resulting in HTTP 500 errors in logs.'
+ - 'Instances with a custom timezone that were upgraded from an earlier release of GitHub Enterprise Server may have incorrect timestamps in the web UI.'
+ - 'Old builds of Pages are not cleaned up, which could fill up the user disk (`/data/user/`).'
+ - 'When deleting a branch after merging a pull request, an error message appears although the branch deletion succeeds.'
+ - |
+ Users may experience assets such as avatars not loading, or a failure to push/pull code. This may be caused by a PID mismatch in the `haproxy-cluster-proxy` service. To determine if you have an affected instance:
+
+ **Single instance**
+
+ 1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
+
+ ```
+ if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi
+ ```
+
+ 2. If it shows that there is a mismatch, reboot the instance.
+
+ **Cluster or High Availability configuration**
+
+ 1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
+
+ ```
+ ghe-cluster-each -- 'if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi'
+ ```
+
+ 2. If it shows one or more nodes are affected, reboot the affected nodes.
+ - 'When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.'
+ - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/10.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/10.yml
new file mode 100644
index 0000000000..1d7b2535a6
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/10.yml
@@ -0,0 +1,19 @@
+date: '2021-06-24'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 管理控制台中可能会积累大量 `gauge-dependency-graph-api-dispatch_dispatch` 指标。
+ - sshd 服务有时无法从 Google Cloud Platform 上运行的实例启动。
+ - 旧的升级文件将保留在用户磁盘上,有时会导致空间不足。
+ - 日志轮换有时会中断后台作业。
+ - '`gh-migrator` 显示其日志输出的路径不正确。'
+ - 如果导出存档包含来自不在存档中的团队的审查请求,则导出存档将无法导入。
+ known_issues:
+ - 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/11.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/11.yml
new file mode 100644
index 0000000000..7abc22b1f8
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/11.yml
@@ -0,0 +1,26 @@
+date: '2021-07-14'
+sections:
+ security_fixes:
+ - '**高:**在 GitHub Enterprise Server 中发现了一个在构建 GitHub Pages 站点时可以利用的路径遍历漏洞。GitHub Pages 使用的用户控制配置选项没有受到足够的限制,因此可以读取 GitHub Enterprise Server 实例上的文件。要利用此漏洞,攻击者需要获得在 GitHub Enterprise Server 实例上创建和构建 GitHub Pages 站点的权限。此漏洞影响 3.1.3 之前的所有 GitHub Enterprise Server 版本,编号为 CVE-2021-22867。此漏洞通过 GitHub Bug 悬赏计划报告。'
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 未配置 SAML 到期日期变量。
+ - 应用程序服务在配置应用期间的运行状况检查将失败,然后才能进入正常状态。
+ - '如果启用了 HTTP 代理,则 `ghe-cluster-config-node-init` 会在群集设置期间失败。'
+ - 预接收挂钩可能会遇到错误“未能解析当前可执行文件的完整路径”,因为 `/proc` 未装载至容器上。
+ - Collectd 在初始启动后不会解析转发目标主机名。
+ - 如果其中部分仓库因受法律保护而无法被清除,则清除陈旧的已删除仓库的作业可能会失败。
+ - 运行 `git nw-gc --pristine` 会导致错误。
+ - 后台作业将排入 `spam` 队列,这些作业不会得到处理。
+ - 当 PR 合并失败后重新尝试时,首选合并方法将被重置。
+ - 在使用 LDAP 身份验证模式的实例的用户协调过程中,Git 推送可能导致 500 内部服务器错误。
+ changes:
+ - 通过跳过未更改的 IP 允许防火墙规则,提高了配置应用效率,可在大型集群上节省大量时间。
+ known_issues:
+ - 在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/12.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/12.yml
new file mode 100644
index 0000000000..83ed9e4d38
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/12.yml
@@ -0,0 +1,21 @@
+date: '2021-07-27'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - '自定义预接收挂钩可能会导致这样的错误:“错误:/data/user/repositories/0/nw/12/34/56/7890/network.git/objects 对象目录不存在,请查看 .git/objects/info/alternates”。'
+ - 对于使用 HTTP 代理的所有用户,不支持使用未经身份验证的 HTTP 代理来进行页面容器构建。
+ - 如果未启用依赖项关系图,则每当用户访问存储库的 `/settings` 页时,都会记录大量 503 错误。
+ - 仅当用户通过团队或通过协作者状态与存储库有关联,或使用 `?type=internal` 参数查询时,才会返回内部存储库。
+ - 失败的后台作业有无限制的重试,这可能会导致大的队列深度。
+ - 如果在未启用依赖项关系图但启用了内容分析的情况下尝试运行将漏洞与 GitHub.com 同步的计划作业,则会生成大量 503 错误。
+ changes:
+ - "`babeld` 的日志现在包含一个用于 HTTP ref 广告请求的 `cmd` 字段,而不是仅在协商请求期间包含该字段。"
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/13.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/13.yml
new file mode 100644
index 0000000000..dbc8a9831c
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/13.yml
@@ -0,0 +1,17 @@
+date: '2021-08-10'
+sections:
+ bugs:
+ - 如果在不运行定期计划备份的情况下启用 GitHub Actions,则 MSSQL 事务日志可能会无限增长,并且会占用设备数据磁盘上的所有可用空间,从而可能导致中断。
+ - 对“存储库创建”组织设置所做更改的审核日志条目不准确。
+ - "过多记录 `ActionController::UnknownFormat` 异常会导致不必要的磁盘使用。"
+ - "LDAP `group_dn` 值超过 255 个字符将导致记录错误:`Data truncated for column 'group_dn' at row 1`。"
+ changes:
+ - 滥用速率限制现在称为辅助速率限制,因为它们限制的行为并不总是滥用。
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可能创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能会将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/14.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/14.yml
new file mode 100644
index 0000000000..152449a873
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/14.yml
@@ -0,0 +1,21 @@
+date: '2021-08-24'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 将非常大的图像或动态 GIF 附加到图像或拉取请求将会失败。
+ - 与自动更新相关的日志消息 (`Adding h/m/s random time.`) 被记录到系统日志中。
+ - '使用 bash 子 shell 的自定义预接收挂钩将返回错误:`No such file or directory`。'
+ - 创建命名管道 (FIFO) 的自定义预接收挂钩会崩溃或挂起,从而导致超时错误。
+ - 向审核日志高级搜索页面添加筛选器时,不会使用正确的 Facet 前缀和值来实时填充查询文本框。
+ - "导致请求失败的内部 API 的 Git 挂钩返回异常 `undefined method body for \"success\":String (NoMethodError)`,而不是返回显式的 `nil`。"
+ - 删除集成时,可能还会删除不相关的 OAuth 应用程序或集成。
+ - 添加包含表情符号字符的必填消息后,尝试查看或更改消息将返回 500 内部服务器错误。
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 将在升级过程中删除自定义防火墙规则。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含指向同一存储库中 blob 文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/15.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/15.yml
new file mode 100644
index 0000000000..73505c6421
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/15.yml
@@ -0,0 +1,17 @@
+date: '2021-09-07'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 如果未启动复制,则尝试通过使用 `ghe-repl-teardown` 为新添加的副本节点指定 UUID 来拆解该节点将失败,且不会报告错误。
+ - GitHub Pages 生成将通过外部代理(如果配置了外部代理)进行传递。
+ - 创建子进程的自定义预接收挂钩在其环境中缺少 `PATH` 变量,从而导致“无此类文件或目录”错误。
+ - 如果启用了 `mysql-auto-failover`,则 MySQL 可在升级期间进行故障转移。
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/16.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/16.yml
new file mode 100644
index 0000000000..cf2c76bcb0
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/16.yml
@@ -0,0 +1,18 @@
+date: '2021-09-24'
+sections:
+ security_fixes:
+ - '**高:**在 {% data variables.product.prodname_ghe_server %} 中发现了一个在构建 {% data variables.product.prodname_pages %} 站点时可以利用的路径遍历漏洞。{% data variables.product.prodname_pages %} 使用的用户控制配置选项没有受到足够的限制,因此可以读取 {% data variables.product.prodname_ghe_server %} 实例上的文件。要利用此漏洞,攻击者需要获得在 {% data variables.product.prodname_ghe_server %} 实例上创建和构建 {% data variables.product.prodname_pages %} 站点的权限。此漏洞影响 3.1.8 之前的所有 {% data variables.product.prodname_ghe_server %} 版本,并在 3.1.8、3.0.16 和 2.22.22 中修复。这是 CVE-2021-22867 修复不完整的结果。此漏洞通过 GitHub Bug 悬赏计划报告,编号为 CVE-2021-22868。{% comment %} https://github.com/github/pages/pull/3360, https://github.com/github/pages/pull/3357 {% endcomment %}'
+ - '**中:**{% data variables.product.prodname_ghe_server %} 中的不正确访问控制漏洞允许工作流作业在其不应访问的自承载运行器组中执行。这会影响使用自承载运行器组进行访问控制的客户。由于请求期间的身份验证检查不正确,有权访问一个企业运行器组的存储库可以访问组织内的所有企业运行器组。这可能会导致代码被不正确的运行器组无意运行。此漏洞影响 3.0.0-3.0.15 以及 3.1.0-3.1.7 的所有 {% data variables.product.prodname_ghe_server %} 版本,并在 3.0.16 和 3.1.8 中修复。其编号为 CVE-2021-22869。{% comment %} https://github.com/github/enterprise2/pull/27003 {% endcomment %}'
+ bugs:
+ - '在维护模式期间,Resque 工作进程计数显示不正确。{% comment %} https://github.com/github/enterprise2/pull/26898, https://github.com/github/enterprise2/pull/26883 {% endcomment %}'
+ - '在群集模式下,分配的 memcached 内存可能为零。{% comment %} https://github.com/github/enterprise2/pull/26927, https://github.com/github/enterprise2/pull/26832 {% endcomment %}'
+ - '请修复 {% data variables.product.prodname_pages %} 构建,以便考虑设备的 NO_PROXY 设置。这仅与配置了 HTTP 代理的设备有关。(更新时间:2021-09-30){% comment %} https://github.com/github/pages/pull/3360 {% endcomment %}'
+ - '即使不使用 `ghe-restore` 的 `--config` 选项,源实例的 GitHub Connect 配置也始终恢复到新实例。如果源实例和目标实例同时联机,这将导致与 GitHub Connect 连接和许可证同步发生冲突。该修复还需要将 backup-utils 更新到 3.2.0 或更高版本。[更新时间:2021-11-18]'
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/17.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/17.yml
new file mode 100644
index 0000000000..ce84c24a99
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/17.yml
@@ -0,0 +1,25 @@
+date: '2021-10-12'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/27034, https://github.com/github/enterprise2/pull/27010 {% endcomment %}'
+ bugs:
+ - '由于过于严格的虚拟内存或 CPU 时间限制,自定义预接收挂钩可能会失败。{% comment %} https://github.com/github/enterprise2/pull/26971, https://github.com/github/enterprise2/pull/26955 {% endcomment %}'
+ - '通过尝试使用 `ghe-cleanup-settings` 擦除所有现有配置设置,未能重启管理控制台服务。{% comment %} https://github.com/github/enterprise2/pull/26986, https://github.com/github/enterprise2/pull/26901 {% endcomment %}'
+ - '在通过 `ghe-repl-teardown` 拆解复制期间,Memcached 未能重启。{% comment %} https://github.com/github/enterprise2/pull/26992, https://github.com/github/enterprise2/pull/26983 {% endcomment %}'
+ - '在高负载期间,当上游服务未通过内部运行状况检查时,用户将收到 HTTP 503 状态代码。{% comment %} https://github.com/github/enterprise2/pull/27081, https://github.com/github/enterprise2/pull/26999 {% endcomment %}'
+ - '禁止预接收挂钩环境通过 Alpine 上的 BusyBox 调用 cat 命令。{% comment %} https://github.com/github/enterprise2/pull/27114, https://github.com/github/enterprise2/pull/27094 {% endcomment %}'
+ - '外部数据库密码以明文形式记录。{% comment %} https://github.com/github/enterprise2/pull/27172, https://github.com/github/enterprise2/pull/26413 {% endcomment %}'
+ - '运行 `ghe-config-apply` 时可能会显示错误的 `jq` 错误消息。{% comment %} https://github.com/github/enterprise2/pull/27203, https://github.com/github/enterprise2/pull/26784 {% endcomment %}'
+ - '从主群集数据中心故障转移到辅助群集数据中心成功,但随后故障转移回原始主群集数据中心时未能提升 Elasticsearch 索引。{% comment %} https://github.com/github/github/pull/193180, https://github.com/github/github/pull/192447 {% endcomment %}'
+ - '存储库自承载运行器的“站点管理员”页面返回 HTTP 500。{% comment %} https://github.com/github/github/pull/194205 {% endcomment %}'
+ - '在某些情况下,尝试查看“休眠用户”页面的 GitHub Enterprise 管理员会收到“502 网关错误”或“504 网关超时”响应。{% comment %} https://github.com/github/github/pull/194259, https://github.com/github/github/pull/193609 {% endcomment %}'
+ changes:
+ - '更有效地删除超出 Webhook 日志保留时段的 Webhook 日志。{% comment %} https://github.com/github/enterprise2/pull/27157 {% endcomment %}'
+ known_issues:
+ - "在没有任何用户的新建 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被移除。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/18.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/18.yml
new file mode 100644
index 0000000000..2eb40f01e6
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/18.yml
@@ -0,0 +1,15 @@
+date: '2021-10-28'
+sections:
+ security_fixes:
+ - '多个已知弱 SSH 公钥已添加到拒绝列表中,无法再进行注册。此外,已知会生成弱 SSH 密钥的 GitKraken 版本(7.6.x、7.7.x 和 8.0.0)已被阻止注册新的公钥。'
+ - '包已更新到最新的安全版本。'
+ bugs:
+ - '拥有许多组织的用户无法使用应用程序的多个部分。'
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/19.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/19.yml
new file mode 100644
index 0000000000..c474915c0c
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/19.yml
@@ -0,0 +1,23 @@
+date: '2021-11-09'
+sections:
+ security_fixes:
+ - "在 {% data variables.product.prodname_pages %} 中发现了一个在构建 {% data variables.product.prodname_ghe_server %} 时攻击者可利用来读取系统文件的路径遍历漏洞。要利用此漏洞,攻击者需要获得在 {% data variables.product.prodname_ghe_server %} 实例上创建和构建 {% data variables.product.prodname_pages %} 站点的权限。此漏洞影响 3.3 之前的所有 {% data variables.product.prodname_ghe_server %} 版本,并在 3.0.19、3.1.11 和 3.2.3 中修复。该漏洞通过 {% data variables.product.company_short %} Bug 悬赏计划报告,编号为 CVE-2021-22870。"
+ - 包已更新到最新的安全版本。
+ bugs:
+ - "部分 Git 操作在升级 {% data variables.product.prodname_ghe_server %} 3.x 群集后失败,原因在于 HAProxy 配置。"
+ - 在群集模式下,Unicorn 工作线程计数可能会设置错误。
+ - 在群集模式下,Resqued 工作线程计数可能会设置错误。
+ - 如果 Ubuntu 简单防火墙 (UFW) 状态为非活动状态,则客户端无法在日志中清楚地看到它。
+ - 某些页面和与 Git 相关的后台作业可能无法在具有某些群集配置的群集模式下运行。
+ - "企业审核日志页面不会显示 {% data variables.product.prodname_secret_scanning %} 的审核事件。"
+ - '在查看文件时,不会警告用户有潜在危险的双向 unicode 字符。有关详细信息,请参阅 {% data variables.product.prodname_blog %} 中的“[有关双向 Unicode 文本的警告](https://github.co/hiddenchars)”。'
+ - Hookshot Go 发送了 Collectd 无法处理的分布类型指标,这导致解析错误激增。
+ - "公共存储库显示来自 {% data variables.product.prodname_secret_scanning %} 的意外结果,类型为“未知令牌”。"
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/2.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/2.yml
new file mode 100644
index 0000000000..c50eeb2eb9
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/2.yml
@@ -0,0 +1,57 @@
+date: '2021-03-16'
+intro: The minimum infrastructure requirements have increased for {% data variables.product.prodname_ghe_server %} 3.0+. For more information, see "[About minimum requirements for GitHub Enterprise Server 3.0 and later](/admin/enterprise-management/upgrading-github-enterprise-server#about-minimum-requirements-for-github-enterprise-server-30-and-later)."
+sections:
+ security_fixes:
+ - Packages have been updated to the latest security versions.
+ bugs:
+ - During a backup an error "Warning: One or more storage objects were not found on the source appliance." was occurring when attempting to clean up purgeable storage objects.
+ - Dependency graph failed to parse `yarn.lock` JavaScript manifest files, resulting in HTTP 500 errors in logs.
+ - Disabling GitHub Actions would sometimes fail.
+ - Custom pre-receive hooks weren't allowed to write to `/tmp`, preventing some scripts from running correctly.
+ - Systemd journal logs were duplicated in multiple places.
+ - A timezone set on GitHub Enterprise 11.10.x or earlier was reset to UTC time after upgrading to 3.0 which caused timestamps to shift in some instances.
+ - Clicking "Publish your first package" in the packages sidebar on a repository would lead to an empty page.
+ - A site admin could get a 500 error page while trying to view issues referenced from private repositories.
+ - After disabling GitHub Packages, some organization pages would return an HTTP 500 error response.
+ - Importing of repository archives from GitHub Enterprise Server that are missing repository files would fail with an error.
+ - Repository [deploy keys](/developers/overview/managing-deploy-keys) were unable to be used with repositories containing LFS objects.
+ - In the packages sidebar of a repository, the Docker icon was gray and a tool tip displayed "This service is deprecated".
+ - Webhooks configured with a content type of `application/x-www-form-urlencoded` did not receive query parameters in the POST request body.
+ - Users could dismiss a mandatory message without checking all checkboxes.
+ - In some cases after upgrading from a 2.22.X instance, the web interface assets were missing and the page would not render correctly.
+ - Running `ghe-config-apply` could time out with `Failure waiting for nomad jobs to apply` due to `'job' stanza not found`.
+ known_issues:
+ - On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
+ - Custom firewall rules are not maintained during an upgrade.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+ - When maintenance mode is enabled, some services continue to be listed as "active processes". The services identified are expected to run during maintenance mode. If you experience this issue and are unsure, contact [GitHub Enterprise Support](https://support.github.com/contact).
+ - Jupyter Notebook rendering in the web UI may fail if the notebook includes non-ASCII UTF-8 characters.
+ - reStructuredText (RST) rendering in the web UI may fail and instead display raw RST markup text.
+ - Old builds of Pages are not cleaned up, which could fill up the user disk (`/data/user/`).
+ - When deleting a branch after merging a pull request, an error message appears although the branch deletion succeeds.
+ - |
+ Users may experience assets such as avatars not loading, or a failure to push/pull code. This may be caused by a PID mismatch in the `haproxy-cluster-proxy` service. To determine if you have an affected instance:
+
+ **Single instance**
+
+ 1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
+
+ ```
+ if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi
+ ```
+
+ 2. If it shows that there is a mismatch, reboot the instance.
+
+ **Cluster or High Availability configuration**
+
+ 1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
+
+ ```
+ ghe-cluster-each -- 'if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi'
+ ```
+
+ 2. If it shows one or more nodes are affected, reboot the affected nodes.
+ - When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
+ - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/20.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/20.yml
new file mode 100644
index 0000000000..1cc77e86b1
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/20.yml
@@ -0,0 +1,21 @@
+date: '2021-11-23'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 如果未定义 `PATH`,预接收挂钩会失败。
+ - '如果曾将实例配置为副本,运行 `ghe-repl-setup` 会返回错误:“无法创建目录 /data/user/elasticsearch:文件已存在”。'
+ - 在大型群集环境中,某部分前端节点可能无法使用身份验证后端。
+ - 在 GHES 群集的后端节点上,一些关键服务可能不可用。
+ changes:
+ - 在使用 `ghe-cluster-suport-bundle` 创建群集支持包时,现在会默认关闭额外一层的外部 `gzip` 压缩。使用 `ghe-cluster-suport-bundle -c` 命令行选项可以选择应用此外部压缩。
+ - 我们在管理控制台添加了额外的文本,以提醒用户移动应用的数据收集,目的是改善体验。
+ - "{% data variables.product.prodname_github_connect %} 数据连接记录现在会列出已启用的 {% data variables.product.prodname_github_connect %} 功能。[更新时间:2021-12-09]"
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/21.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/21.yml
new file mode 100644
index 0000000000..7300a26391
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/21.yml
@@ -0,0 +1,22 @@
+date: '2021-12-07'
+sections:
+ security_fixes:
+ - 支持包可以包含敏感文件,前提是它们满足一组特定条件。
+ - "在 GitHub Enterprise Server 中发现了一个 UI 虚假陈述漏洞,该漏洞允许在 GitHub 应用程序的用户授权 Web 流期间授予比在审批期间向用户显示的更多权限。此漏洞影响 GitHub Enterprise Server 3.3 之前的所有版本,已在 3.2.5、3.1.13 和 3.0.21 中修复。此漏洞通过 GitHub Bug 赏金计划报告,编号为 [CVE-2021-41598](https://www.cve.org/CVERecord?id=CVE-2021-41598)。"
+ - "在 GitHub Enterprise Server 中发现了一个在构建 GitHub Pages 站点时可以利用的远程代码执行漏洞。此漏洞影响 GitHub Enterprise Server 3.3 之前的所有版本,已在 3.0.21、3.1.13 和 3.2.5 中修复。此漏洞通过 GitHub Bug 赏金计划报告,编号为 [CVE-2021-41599](https://www.cve.org/CVERecord?id=CVE-2021-41599)。更新时间:2022 年 2 月 17 日。"
+ bugs:
+ - 由于 `/data/user/tmp/pages` 中存在权限问题,运行 `ghe-config-apply` 有时可能会失败。
+ - 管理控制台中的错误配置导致了调度错误。
+ - Docker 会在日志轮换后保持日志文件打开。
+ - GraphQL 请求未在预接收挂钩环境中设置 GITHUB_USER_IP 变量。
+ changes:
+ - 阐明了文档中对 Actions 路径样式的解释。
+ - 更新支持联系 URL 以使用当前支持站点 support.github.com。
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 将在升级过程中删除自定义防火墙规则。
+ - "Git LFS 跟踪的 [通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories) 文件被错误地直接添加到存储库。"
+ - 如果问题包含指向同一存储库中 Blob 的永久链接,且 Blob 的文件路径长度超过 255 个字符,则无法关闭问题。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/22.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/22.yml
new file mode 100644
index 0000000000..c2407b0ed8
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/22.yml
@@ -0,0 +1,13 @@
+date: '2021-12-13'
+sections:
+ security_fixes:
+ - '{% octicon "alert" aria-label="The alert icon" %} **严重:**在 Log4j 库中发现远程代码执行漏洞,该漏洞会影响 3.3.1 之前的所有 {% data variables.product.prodname_ghe_server %} 版本,漏洞编号为[CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228)。Log4j 库用于在 {% data variables.product.prodname_ghe_server %} 实例上运行的开源服务。已在 {% data variables.product.prodname_ghe_server %} 3.0.22、3.1.14、3.2.6 和 3.3.1 中修复该漏洞。 有关详细信息,请参阅 GitHub 博客[文章](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/)。'
+ - '**2021 年 12 月 17 日更新**:此版本中的修复也能缓解在该版本之后发布的 [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046)。无需再升级 {% data variables.product.prodname_ghe_server %},即可缓解 CVE-2021-44228 和 CVE-2021-45046。'
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/23.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/23.yml
new file mode 100644
index 0000000000..0ea086a5a9
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/23.yml
@@ -0,0 +1,19 @@
+date: '2022-01-18'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。在这些更新中,Log4j 已更新至版本 2.17.1。注意:以前在 3.3.1、3.2.6、3.1.14 和 3.0.22 中发布的缓解措施已经足够解决这些 GitHub Enterprise Server 版本中 CVE-2021-44228、CVE-2021-45046、CVE-2021-45105 和 CVE-2021-44832 的影响。'
+ - 清理生成的支持包中的更多机密
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 由于 `/data/user/tmp/pages` 中存在权限问题,`ghe-config-apply` 的运行有时可能会失败。
+ - 在低分辨率的浏览器中滚动,可能无法找到管理控制台中的保存按钮。
+ - Collectd 版本升级后,IOPS 和存储流量监视图未更新。
+ - 一些与 Webhook 相关的作业可能会产生大量的日志。
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/24.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/24.yml
new file mode 100644
index 0000000000..6023a57e4c
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/24.yml
@@ -0,0 +1,20 @@
+date: '2022-02-01'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 在 MySQL 机密轮换后,页面将不可用,直到手动重启 `nginx`。
+ - 使用 ISO 8601 日期设置维护计划时,由于时区未转换为 UTC,因此实际计划时间将不匹配。
+ - 使用 `ghe-cluster-each` 安装热补丁后,版本号将无法正确更新。
+ - 有关 `cloud-config.service` 的虚假错误消息将输出到控制台。
+ - 使用 CAS 身份验证并启用“重新激活暂停的用户”选项时,暂停的用户不会自动重新激活。
+ changes:
+ - GitHub Connect 数据连接记录现在包括活动和休眠用户数量计数以及配置的休眠期。
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/25.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/25.yml
new file mode 100644
index 0000000000..1a2d52c290
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/25.yml
@@ -0,0 +1,12 @@
+date: '2022-02-17'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ known_issues:
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 实例上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。"
+ - 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接,则议题无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/3.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/3.yml
new file mode 100644
index 0000000000..468174853d
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/3.yml
@@ -0,0 +1,42 @@
+date: '2021-03-23'
+intro: Downloads have been disabled due to a major bug affecting multiple customers. A fix will be available in the next patch.
+sections:
+ security_fixes:
+ - '**HIGH:** A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned CVE-2021-22864.'
+ - Packages have been updated to the latest security versions.
+ bugs:
+ - Running `ghe-cluster-config-init` could cause a cluster to become inoperable.
+ - Resolving merge conflicts in the GUI would fail when custom pre-receive hooks are configured on the repository.
+ - '`launch-deployer` and `launch-receiver` were logging at DEBUG level and filling logs with unnecessary information.'
+ - Systemd could lose track of HAProxy's PID.
+ - When Actions was configured to use S3 storage, the logs for an action would sometimes fail to load.
+ - The mysql-failover warning was displayed indefinitely after a successful failover.
+ - The `ghe-cluster-config-init` run was not fully accounting for the exit code of background jobs leading to improper handling of preflight checks.
+ - When enabling GitHub Actions, initialization could fail silently.
+ - When vulnerability alerting is enabled, upgrades to the 3.0 series would fail.
+ - Jobs related to Codespaces were being enqueued leading to an accumulation of unprocessed jobs.
+ changes:
+ - Use a relative number for consul and nomad `bootstrap_expect` allowing for a cluster to bootstrap even if a handful of nodes are down.
+ - Logs will rotate based on size in addition to time.
+ - Added kafka-lite to the `ghe-cluster-status` command.
+ known_issues:
+ - On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
+ - Custom firewall rules are not maintained during an upgrade.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+ - When maintenance mode is enabled, some services continue to be listed as "active processes". The services identified are expected to run during maintenance mode. If you experience this issue and are unsure, contact [GitHub Enterprise Support](https://support.github.com/contact).
+ - Jupyter Notebook rendering in the web UI may fail if the notebook includes non-ASCII UTF-8 characters.
+ - reStructuredText (RST) rendering in the web UI may fail and instead display raw RST markup text.
+ - Old builds of Pages are not cleaned up, which could fill up the user disk (`/data/user/`).
+ - When deleting a branch after merging a pull request, an error message appears although the branch deletion succeeds.
+ - |
+ Log rotation may fail to signal services to transition to new log files, leading to older log files continuing to be used, and eventual root disk space exhaustion.
+ To remedy and/or prevent this issue, run the following commands in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH), or contact [GitHub Enterprise Support](https://support.github.com/) for assistance:
+
+ ```
+ printf "PATH=/usr/local/sbin:/usr/local/bin:/usr/local/share/enterprise:/usr/sbin:/usr/bin:/sbin:/bin\n29,59 * * * * root /usr/sbin/logrotate /etc/logrotate.conf\n" | sudo sponge /etc/cron.d/logrotate
+ sudo /usr/sbin/logrotate -f /etc/logrotate.conf
+ ```
+ - When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
+ - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/4.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/4.yml
new file mode 100644
index 0000000000..15a89606aa
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/4.yml
@@ -0,0 +1,27 @@
+date: '2021-04-01'
+intro: "对于 {% data variables.product.prodname_ghe_server %} 3.0+,最低基础结构要求已经增加。有关详细信息,请参阅“[关于 GitHub Enterprise Server 3.0 及更高版本的最低要求](/admin/enterprise-management/upgrading-github-enterprise-server#about-minimum-requirements-for-github-enterprise-server-30-and-later)”。"
+sections:
+ security_fixes:
+ - "**高:**在 GitHub Enterprise Server 中发现了一个不适当的访问控制漏洞,该漏洞允许根据 GitHub 应用的 [Web 身份验证流](https://docs.github.com/en/developers/apps/identifying-and-authorizing-users-for-github-apps#web-application-flow)生成的访问令牌通过 REST API 读取专用存储库元数据,而无需获取适当的权限。若要利用这个漏洞,攻击者需要在实例上创建 GitHub 应用,并让用户通过 Web 身份验证流对应用程序进行授权。返回的专用存储库元数据将仅限于令牌标识的用户拥有的存储库。此漏洞影响 GitHub Enterprise Server 3.0.4 之前的所有版本,并在 3.0.4、2.22.10 和 2.21.18 版本中得到了修复。此漏洞编号为 CVE-2021-22865,并通过 [GitHub Bug 赏金计划](https://bounty.github.com)报告。"
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 启用维护模式时,尽管某些服务应该运行但不应列出,它们仍被列为“活动进程”。
+ - 在启用 GitHub Actions 的情况下从 2.22.x 升级到 3.0.x 后,自承载运行器版本没有更新,也没有自承载更新。
+ - 旧 GitHub Pages 版本未进行清理,导致磁盘使用量增加。
+ - '`memcached` 未在活动的副本上运行。'
+ - 在启用 GitHub Actions 的情况下更新文件权限时升级失败。
+ - 某些默认采用 UTC 时间的服务未使用在 GitHub Enterprise 11.10.x 或更早版本上设置的时区。
+ - 服务未在日志轮换过程中转换到新的日志文件,导致磁盘使用量增加。
+ - "`ghe-saml-mapping-csv` 命令行实用工具生成了一条警告消息。"
+ - 内部存储库搜索结果上的标签显示为“专用”而不是“内部”。
+ known_issues:
+ - 在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
+ - 在升级期间不会维护自定义防火墙规则。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - 如果笔记本包含非 ASCII UTF-8 字符,则 Web UI 中的 Jupyter Notebook 渲染可能会失败。
+ - Web UI 中的 reStructuredText (RST) 渲染可能会失败,并显示原始 RST 标记文本。
+ - 在合并拉取请求后删除分支时,尽管分支删除成功,但仍会出现错误消息。
+ - "当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/6.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/6.yml
new file mode 100644
index 0000000000..32d81e475c
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/6.yml
@@ -0,0 +1,31 @@
+date: '2021-04-28'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 在升级过程中,进程将在“清理 Nomad 作业”之后无限期暂停。
+ - '`ghe-cluster-failover` 失败,出现错误消息 `Trilogy::Error: trilogy_connect`。'
+ - '`ghe-cluster-status-mysql` 将有关故障转移的警告显示为错误。'
+ - 在 MySQL 副本上运行的安装脚本可能已导致数据库故障转移期间不必要的数据库重新播种。
+ - 升级未包括正确安装最新版本的 Actions 运行器。
+ - '`github-env` 配置可能导致僵停进程。'
+ - '由于不必要地调用 `rake db:migrate`,`config-apply` 可能需要更长的时间。'
+ - Orchestrator 可能已故障转移到 MySQL 副本,当主数据库无法连接时,它无法在播种阶段从主数据库复制。
+ - 出现错误的组织或项目阻止了迁移,无法排除。
+ - 对于所属组织超过 50 个的用户禁用了“创建存储库”按钮。
+ - 删除分支会临时闪烁一条错误消息,指示删除成功时出错。
+ - "`rms-packages` 索引显示在站点管理员仪表板中。"
+ - 由于表单上未显示正确的可见性选项,因此组织所有者无法创建内部存储库。
+ - 在操作启动工作流程配置错误的情况下,存储库操作选项卡显示 500。
+ - 由于选择了最完整的磁盘而不是空节点,存储主机超过三个的客户无法恢复到其灾难恢复群集。
+ - 应用热补丁后,代码扫描后端服务无法可靠启动。
+ changes:
+ - 默认情况下,预运行检查允许所有 AWS 实例类型。
+ known_issues:
+ - 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
+ - 在升级期间不会维护自定义防火墙规则。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/7.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/7.yml
new file mode 100644
index 0000000000..13f84f66fd
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/7.yml
@@ -0,0 +1,24 @@
+date: '2021-05-13'
+sections:
+ security_fixes:
+ - "**高:**在GitHub Enterprise Server 中发现 UI 表述错误漏洞,在审批阶段,该问题会导致在 GitHub 应用用户授权 Web 流中授予超过 UI 显示的权限。要利用这个漏洞,攻击者需要在实例上创建 GitHub 应用,并让用户通过 Web 身份验证流对应用程序进行授权。所有被授予的权限将在第一次授权时正确显示,但在某些情况下,如果用户在 GitHub 应用已配置额外的用户级别权限后重新访问授权流,这些额外的权限可能不会显示,这样会导致授予可能超过用户初衷的权限。此漏洞影响 GitHub Enterprise Server 3.0.x 到 3.0.7 版本以及 2.22.x 到 2.22.13 版本。3.0.7 和 2.22.13 版本中修复了该问题。该漏洞编号为 CVE-2021-22866,是通过[GitHub Bug 悬赏计划](https://bounty.github.com/) 报告的。"
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 操作或包存储配置中包含的引号可能会导致错误。
+ - 由于文件大小或打开文件数量的限制过于严格,自定义预接收挂钩可能会失败。
+ - 在配置应用阶段可以启用 Orchestrator 自动故障转移。
+ - 具有仓库维护员权限的用户会收到电子邮件验证警告,而不是在仓库 Pages 设置页面上构建成功的页面。
+ - 通配符规则的代码所有者将被错误地添加到代码所有者徽章的所有者列表中,即使该路径优先使用较新的规则。
+ - OpenAPI 文档引用了无效的标头。
+ - 在创建或编辑预接收挂钩时,用户界面中的竞争情况意味着在选择仓库后,仓库中的文件有时不会填充到文件下拉列表中。
+ changes:
+ - 添加了 HAProxy 重载时配置更改的日志记录。
+ - 添加了仓库创建的日志记录。
+ known_issues:
+ - 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
+ - 在升级期间不会维护自定义防火墙规则。
+ - "Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。"
+ - 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接,则议题无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/8.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/8.yml
new file mode 100644
index 0000000000..52ca8b7cac
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/8.yml
@@ -0,0 +1,27 @@
+date: '2021-05-25'
+sections:
+ security_fixes:
+ - '**中:**在某些情况下,从团队或组织中删除的用户可以保留对已打开现有拉取请求的分支的写入权限。'
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 在初始安装过程的“配置 Actions 和 Packages”页面,当管理员点击“测试域设置”按钮时,测试未完成。
+ - "运行 `ghe-btop` 失败,显示错误“找不到 'babeld' 容器”。"
+ - 升级后,由于内部和外部超时值不匹配,用户遇到服务不可用问题。
+ - MSSQL 中的正常复制延迟会生成警告。
+ - 管理控制台上的 GitHub Enterprise Clustering Guide 链接不正确。
+ - 管理员使用“创建白名单条目”按钮添加的 IP 地址仍可能被锁定。
+ - 对“依赖项关系图”和“Dependabot 警报”功能的引用显示在未启用它们的存储库中。
+ - 对 `/hooks` 端点的HTTP POST 请求可能会因为 `hookID` 设置不正确而失败,并出现 401 响应。
+ - "`build-server`进程未能清理进程,将它们留在 `defunct` 状态。"
+ - '`spokesd` 创建了过多的日志条目,包括“修复位置已跳过”短语。'
+ changes:
+ - 检查超过 4 个月的注释是否将存档。
+ known_issues:
+ - "使用 `ghe-repo /` 通过管理 shell 访问存储库时将被挂起。解决方法是使用 `ghe-repo / -c \"bash -i\"`,直到下一个版本提供修复为止。"
+ - 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。
+ - 在升级期间不会维护自定义防火墙规则。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能会将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-0/9.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-0/9.yml
new file mode 100644
index 0000000000..4a27a0b12c
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-0/9.yml
@@ -0,0 +1,24 @@
+date: '2021-06-10'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 升级 Actions 时,如果实例无法通过其配置的主机名自行提出请求,升级可能会失败。
+ - SVN 1.7 及以下客户端在使用 `svn co` 和 `svn export` 命令时出现错误。
+ - 使用 `ghe-repo /` 通过管理 shell 访问存储库会挂起。
+ - 升级后,由于服务重启过于频繁,用户在重度使用期间可用性降低。这可能是由于 nomad 配置和内部服务的超时不一致造成的。
+ - 在某些情况下,设置 GitHub Actions 后运行 `ghe-repl-status` 会产生错误,并且 `ghe-actions-teardown` 会失败。
+ - '`ghe-dbconsole` 在某些情况下会返回错误。'
+ - "从非 GitHub 源导入组织或存储库失败可能会生成 `undefined method '[]' for nil:NilClass` 错误。"
+ - 使用 SAML 身份验证时,如果 GitHub 配置文件名称不匹配管理控制台中映射到“全名”字段的属性值,GitHub 配置文件名称可能已无意中更改。
+ changes:
+ - "`firstPatchedVersion` 字段现在可以在 GraphQL API 中的 `SecurityVulability` 对象上使用。"
+ - GraphQL API 用户可在 `PullRequest` 对象上查询公共字段 `closingIssuesReferences`。该字段检索将在合并相关拉取请求时自动关闭的问题。这种方法还将允许将来迁移这些数据,作为更高保真度迁移过程的一部分。
+ known_issues:
+ - 在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/0-rc1.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/0-rc1.yml
new file mode 100644
index 0000000000..75612a7f7f
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/0-rc1.yml
@@ -0,0 +1,20 @@
+date: '2021-05-06'
+release_candidate: true
+deprecated: true
+intro: "如果 {% data variables.product.product_location %} 正在运行候选发布版本,则无法使用热补丁升级。建议仅在测试环境中运行候选发布版本。"
+sections:
+ security_fixes:
+ - '**中** 在某些情况下,从团队或组织中删除的用户可以保留对现有拉取请求打开的分支的写入权限。'
+ - 包已更新到最新的安全版本。
+ bugs:
+ - '按计划执行的清理作业在具有很大的 `check_annotations` 表格的实例中会造成性能降级。'
+ changes:
+ - 超过 4 个月的检查注释将存档。
+ - '`firstPatchedVersion` 字段现在可以在 GraphQL API 中的 `SecurityVulability` 对象上使用。'
+ known_issues:
+ - GitHub 包 npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分,我们继续拥有返回时间值所需的所有数据,并将在我们解决现有性能问题后恢复返回这个值。
+ - 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
+ - 在升级期间不会维护自定义防火墙规则。
+ - "Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。"
+ - 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接,则议题无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/1.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/1.yml
new file mode 100644
index 0000000000..81341e76c4
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/1.yml
@@ -0,0 +1,30 @@
+date: '2021-06-10'
+sections:
+ security_fixes:
+ - Packages have been updated to the latest security versions.
+ bugs:
+ - SVN 1.7 and older clients showed an error when using the `svn co` and `svn export` commands.
+ - Accessing a repository through the administrative shell using `ghe-repo /` would hang.
+ - After upgrading, users experienced reduced availability during heavy usage, because services restarted too frequently. This would occur due to timeout mismatches between the nomad configuration and that of the internal services.
+ - In some instances, running `ghe-repl-status` after setting up GitHub Actions would produce an error and `ghe-actions-teardown` would fail.
+ - '`ghe-dbconsole` would return errors under some circumstances.'
+ - Import failures of organizations or repositories from non-GitHub sources could produce an `undefined method '[]' for nil:NilClass` error.
+ - GitHub profile names might have changed unintentionally when using SAML authentication, if the GitHub profile name did not match the value of the attribute mapped to the `Full name` field in the Management Console.
+ - Upgrading an instance that had previously ran a 2.13 release, but not a 2.14 release, resulted in a database migration error relating to the `AddRepositoryIdToCheckRuns` data transition.
+ changes:
+ - Users of the GraphQL API can query the public field `closingIssuesReferences` on the `PullRequest` object. This field retrieves issues that will be automatically closed when the related pull request is merged. This approach will also allow this data to be migrated in future, as part of a higher fidelity migration process.
+ known_issues:
+ - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+ - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
+ - Custom firewall rules are removed during the upgrade process.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+ - |
+ After upgrading from 3.0.x to 3.1.x, in some cases GitHub Actions can fail with an error: `An unexpected error occurred when executing this workflow.` To workaround this problem, connect to the administrative shell (ssh) and run:
+ ```
+ ghe-actions-console -s actions -c "Queue-ServiceJob -JobId 4DB1F4CF-19FD-40E0-A253-91288813DE8B"
+ ```
+ - When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
+ - If {% data variables.product.prodname_actions %} is enabled for {% data variables.product.prodname_ghe_server %}, teardown of a replica node with `ghe-repl-teardown` will succeed, but may return `ERROR:Running migrations`.
+ - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/10.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/10.yml
new file mode 100644
index 0000000000..0856cb8115
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/10.yml
@@ -0,0 +1,21 @@
+date: '2021-10-28'
+sections:
+ security_fixes:
+ - '明文密码可能会出现在某些日志文件中。'
+ - '多个已知弱 SSH 公钥已添加到拒绝列表中,无法再进行注册。此外,已知会生成弱 SSH 密钥的 GitKraken 版本(7.6.x、7.7.x 和 8.0.0)已被阻止注册新的公钥。'
+ - '包已更新到最新的安全版本。'
+ bugs:
+ - '如果业务流程协调程序运行不正常,企业服务器在群集模式下的还原可能会失败。'
+ - '拥有许多组织的用户无法使用应用程序的多个部分。'
+ - '修复了 https://docs.github.com 链接。'
+ changes:
+ - '具有多个引用的存储库的浏览和作业性能优化。'
+ known_issues:
+ - "{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅提高性能。我们继续拥有将时间值作为元数据响应的一部分返回所需的所有数据,并将在解决现有性能问题后恢复返回该值。"
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可能创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "如果为 {% data variables.product.prodname_ghe_server %} 启用 {% data variables.product.prodname_actions %},将能使用 `ghe-repl-teardown` 成功拆解副本节点,但是可能会返回 `ERROR:Running migrations`。"
+ - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/11.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/11.yml
new file mode 100644
index 0000000000..50d70b18c8
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/11.yml
@@ -0,0 +1,28 @@
+date: '2021-11-09'
+sections:
+ security_fixes:
+ - "在 {% data variables.product.prodname_ghe_server %} 中发现了在构建 {% data variables.product.prodname_pages %} 时出现的路径遍历漏洞,攻击者可利用该漏洞读取系统文件。要利用此漏洞,攻击者需要获得在 {% data variables.product.prodname_ghe_server %} 实例上创建和构建 {% data variables.product.prodname_pages %} 站点的权限。此漏洞影响 3.3 之前的所有 {% data variables.product.prodname_ghe_server %} 版本,并在 3.0.19、3.1.11 和 3.2.3 中修复。该漏洞通过 {% data variables.product.company_short %} Bug 悬赏计划报告,编号为 CVE-2021-22870。"
+ - 包已更新到最新的安全版本。
+ bugs:
+ - "部分 Git 操作在升级 {% data variables.product.prodname_ghe_server %} 3.x 群集后失败,原因在于 HAProxy 配置。"
+ - 在群集模式下,Unicorn 辅助角色计数可能会设置错误。
+ - 在群集模式下,Resqued 辅助角色计数可能会设置错误。
+ - 如果 Ubuntu Uncomplicated Firewall (UFW) 处于不活动状态,客户端可能无法在日志中清楚地看到它。
+ - "当 LDAP 配置中存在 UTF8 字符时,从 {% data variables.product.prodname_ghe_server %} 2.x 到 3.x 的升级会失败。"
+ - 某些页面和与 Git 相关的后台作业可能无法在具有某些群集配置的群集模式下运行。
+ - "创建新标记时,[推送](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push) webhook 有效负载不显示正确的 `head_commit` 对象。现在,创建新标记时,推送 webhook 有效负载始终包括 `head_commit` 对象,其中包含新标签指向的提交数据。所以 `head_commit` 对象将始终包含有效负载 `after` 提交的提交数据。"
+ - "企业审核日志页面不会显示 {% data variables.product.prodname_secret_scanning %} 的审核事件。"
+ - 副本修复的作业超时时间不足。
+ - '在查看文件时,不会警告用户有潜在危险的双向 unicode 字符。有关详细信息,请参阅 {% data variables.product.prodname_blog %} 中的“[有关双向 Unicode 文本的警告](https://github.co/hiddenchars)”。'
+ - Hookshot Go 发送了 Collectd 无法处理的分布类型指标,这导致解析错误激增。
+ changes:
+ - 已添加 Kafka 配置改进。删除仓库时,现在会立即从存储帐户中删除包文件以释放空间。`DestroyDeletedPackageVersionsJob` 现在从存储帐户中删除过期包的包文件以及元数据记录。
+ known_issues:
+ - "{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分,我们继续拥有返回时间值所需的所有数据,并将在我们解决现有性能问题后恢复返回这个值。"
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。"
+ - 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接,则议题无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。
+ - "如果为 {% data variables.product.prodname_ghe_server %} 启用 {% data variables.product.prodname_actions %},将能使用 `ghe-repl-teardown` 成功拆解副本节点,但是可能会返回 `ERROR:Running migrations`。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/12.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/12.yml
new file mode 100644
index 0000000000..fea487a964
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/12.yml
@@ -0,0 +1,24 @@
+date: '2021-11-23'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 如果已启用 GitHub Actions,运行 `ghe-repl-start` 或 `ghe-repl-status` 可能会在连接到数据库时返回错误。
+ - 如果未定义 `PATH`,预接收挂钩会失败。
+ - '如果曾将实例配置为副本,运行 `ghe-repl-setup` 会返回错误:“无法创建目录 /data/user/elasticsearch:文件已存在”。'
+ - '设置高可用性副本后,`ghe-repl-status` 在输出中包含错误:“命令中未关闭的意外操作”。'
+ - 在大型群集环境中,某部分前端节点可能无法使用身份验证后端。
+ - 在 GHES 群集的后端节点上,一些关键服务可能不可用。
+ changes:
+ - 在使用 `ghe-cluster-suport-bundle` 创建群集支持包时,现在会默认关闭额外一层的外部 `gzip` 压缩。使用 `ghe-cluster-suport-bundle -c` 命令行选项可以选择应用此外部压缩。
+ - 我们在管理控制台添加了额外的文本,以提醒用户移动应用的数据收集,目的是改善体验。
+ - "{% data variables.product.prodname_github_connect %} 数据连接记录现在会列出已启用的 {% data variables.product.prodname_github_connect %} 功能。[更新日期:2021 年 12 月 9 日]"
+ known_issues:
+ - "{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分,我们继续拥有返回时间值所需的所有数据,并将在我们解决现有性能问题后恢复返回这个值。"
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。"
+ - 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接,则议题无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。
+ - "如果为 {% data variables.product.prodname_ghe_server %} 启用 {% data variables.product.prodname_actions %},将能使用 `ghe-repl-teardown` 成功拆解副本节点,但是可能会返回 `ERROR:Running migrations`。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/14.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/14.yml
new file mode 100644
index 0000000000..d820e279f0
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/14.yml
@@ -0,0 +1,14 @@
+date: '2021-12-13'
+sections:
+ security_fixes:
+ - '{% octicon "alert" aria-label="The alert icon" %} **严重:**在 Log4j 库中发现远程代码执行漏洞,该漏洞会影响 3.3.1 之前的所有 {% data variables.product.prodname_ghe_server %} 版本,漏洞编号为[CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228)。Log4j 库用于在 {% data variables.product.prodname_ghe_server %} 实例上运行的开源服务。已在 {% data variables.product.prodname_ghe_server %} 3.0.22、3.1.14、3.2.6 和 3.3.1 中修复该漏洞。 有关详细信息,请参阅 GitHub 博客[文章](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/)。'
+ - '**2021 年 12 月 17 日更新**:此版本中的修复也能缓解在该版本之后发布的 [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046)。无需再升级 {% data variables.product.prodname_ghe_server %},即可缓解 CVE-2021-44228 和 CVE-2021-45046。'
+ known_issues:
+ - "{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分,我们继续拥有返回时间值所需的所有数据,并将在我们解决现有性能问题后恢复返回这个值。"
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。"
+ - 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接,则议题无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。
+ - "如果为 {% data variables.product.prodname_ghe_server %} 启用 {% data variables.product.prodname_actions %},将能使用 `ghe-repl-teardown` 成功拆解副本节点,但是可能会返回 `ERROR:Running migrations`。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/15.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/15.yml
new file mode 100644
index 0000000000..70c45870a6
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/15.yml
@@ -0,0 +1,21 @@
+date: '2022-01-18'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。在这些更新中,Log4j 已更新至版本 2.17.1。注意:以前在 3.3.1、3.2.6、3.1.14 和 3.0.22 中发布的缓解措施已经足够解决这些 GitHub Enterprise Server 版本中 CVE-2021-44228、CVE-2021-45046、CVE-2021-45105 和 CVE-2021-44832 的影响。'
+ - 清理生成的支持包中的更多机密
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 由于 `/data/user/tmp/pages` 中存在权限问题,`ghe-config-apply` 的运行有时可能会失败。
+ - 在低分辨率的浏览器中滚动,可能无法找到管理控制台中的保存按钮。
+ - Collectd 版本升级后,IOPS 和存储流量监控图未更新。
+ - 一些与 Webhook 相关的作业可能会产生大量的日志。
+ - "`/repos` API返回给用户的仓库权限不会返回完整的列表。"
+ known_issues:
+ - "{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分,我们继续拥有返回时间值所需的所有数据,并将在我们解决现有性能问题后恢复返回这个值。"
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。"
+ - 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接,则议题无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。
+ - "如果为 {% data variables.product.prodname_ghe_server %} 启用 {% data variables.product.prodname_actions %},将能使用 `ghe-repl-teardown` 成功拆解副本节点,但是可能会返回 `ERROR:Running migrations`。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/16.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/16.yml
new file mode 100644
index 0000000000..d69a0d05f4
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/16.yml
@@ -0,0 +1,24 @@
+date: '2022-02-01'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 在 MySQL 机密轮换后,页面将不可用,直到手动重启 `nginx`。
+ - 使用 ISO 8601 日期设置维护计划时,由于时区未转换为 UTC,因此实际计划时间将不匹配。
+ - 有关 `cloud-config.service` 的虚假错误消息将输出到控制台。
+ - 使用 `ghe-cluster-each` 安装热补丁后,版本号将无法正确更新。
+ - Webhook 表清理作业可能同时运行,导致资源争用并且作业运行时间增加。
+ - 使用 CAS 身份验证并启用“重新激活暂停的用户”选项时,暂停的用户不会自动重新激活。
+ - 将基于电子邮件的通知限制为在经过验证或批准的域上具有电子邮件的用户的功能无法正常工作。
+ - 多个文档链接导致“404 找不到”错误。
+ changes:
+ - GitHub Connect 数据连接记录现在包括活动和休眠用户数量以及配置的休眠期的计数。
+ known_issues:
+ - "{% data variables.product.prodname_registry %} npm 注册表不再在元数据响应中返回时间值。这样做是为了大幅改善性能。作为元数据响应的一部分,我们继续拥有返回时间值所需的全部数据,并将在我们解决现有性能问题后恢复返回这个值。"
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "如果为 {% data variables.product.prodname_ghe_server %} 启用 {% data variables.product.prodname_actions %},将能使用 `ghe-repl-teardown` 成功拆解副本节点,但是可能会返回 `ERROR:Running migrations`。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/17.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/17.yml
new file mode 100644
index 0000000000..5f85dbc002
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/17.yml
@@ -0,0 +1,15 @@
+date: '2022-02-17'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 修复从 memcached 获取超过 2^16 个密钥时的 SystemStackError(堆栈太深)。
+ known_issues:
+ - "{% data variables.product.prodname_registry %} npm 注册表不再在元数据响应中返回时间值。这样做是为了大幅改善性能。作为元数据响应的一部分,我们继续拥有返回时间值所需的所有数据,并将在我们解决现有性能问题后恢复返回这个值。"
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 实例上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "如果为 {% data variables.product.prodname_ghe_server %} 启用 {% data variables.product.prodname_actions %},将能使用 `ghe-repl-teardown` 成功拆解副本节点,但是可能会返回 `ERROR:Running migrations`。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/18.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/18.yml
new file mode 100644
index 0000000000..d75b2f7a06
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/18.yml
@@ -0,0 +1,16 @@
+date: '2022-03-01'
+sections:
+ security_fixes:
+ - "高:在 GitHub 的 Markdown 分析程序中发现了可能会导致信息泄漏和 RCE 的整数溢出漏洞。该漏洞由 Google Project Zero 的成员 Felix Wilhelm 通过 GitHub Bug 悬赏计划报告,编号为 CVE-2022-24724。"
+ bugs:
+ - 如果高可用性副本的时钟与主要副本不同步,升级有时会失败。
+ - "在 2020 年 9 月 1 日之后创建的 OAuth 应用程序无法使用[检查授权](https://docs.github.com/en/enterprise-server@3.1/rest/reference/apps#check-an-authorization) API 终结点。"
+ known_issues:
+ - "{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分,我们继续拥有返回时间值所需的所有数据,并将在我们解决现有性能问题后恢复返回这个值。"
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 实例上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。"
+ - 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接,则议题无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。
+ - "如果为 {% data variables.product.prodname_ghe_server %} 启用 {% data variables.product.prodname_actions %},将能使用 `ghe-repl-teardown` 成功拆解副本节点,但是可能会返回 `ERROR:Running migrations`。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/19.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/19.yml
new file mode 100644
index 0000000000..cdd6e15a9e
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/19.yml
@@ -0,0 +1,41 @@
+date: '2022-04-04'
+sections:
+ security_fixes:
+ - '中:在 {% data variables.product.prodname_ghe_server %} 管理控制台中发现了一个允许绕过 CSRF 保护的路径遍历漏洞。此漏洞影响 3.5 之前的所有 {% data variables.product.prodname_ghe_server %} 版本,并在 3.1.19、3.2.11、3.3.6 和 3.4.1 中得到了修复。此漏洞通过 {% data variables.product.prodname_dotcom %} Bug 赏金计划报告,编号为 CVE-2022-23732。'
+ - '中:在 `yajil` 的 1.x 分支和 2.x 分支中发现了一个整数溢出漏洞,在处理大型 (~2GB) 输入时,该漏洞会导致随后出现堆内存损坏。此漏洞是内部报告的,编号为 CVE-2022-24795。'
+ - "如果启用了 {% data variables.product.prodname_actions %},支持包可能包含敏感文件。"
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 显示了用于在管理控制台的“隐私”设置中启用 `TLS 1.0` 和 `TLS 1.1` 的选项,尽管在早期版本中移除了这些协议版本。
+ - "在 HA 环境中,首次启用 {% data variables.product.prodname_actions %} 后,可能需要执行额外的手动步骤才能配置 MSSQL 复制。"
+ - 经过热补丁,内部配置文件的子集更新会更可靠。
+ - "`ghe-run-migrations` 脚本有时无法正确生成临时证书名称。"
+ - 在群集环境中,Git LFS 操作可能会因跨多个 web 节点的内部 API 调用失败而失败。
+ - 由于 `syscall` 权限不足,使用 `gpg --import` 的预接收挂钩超时。
+ - 在某些群集拓扑中,Webhook 交付信息不可用。
+ - "在 HA 配置中,如果先前已启用 {% data variables.product.prodname_actions %},副本拆解操作将失败。"
+ - 运行迁移时,Elasticsearch 运行状况检查不允许出现黄色群集状态。
+ - 由于用户将其用户帐户转换为组织而创建的组织未添加到全局企业帐户中。
+ - "使用 `ghe-migrator` 或从 {% data variables.product.prodname_dotcom_the_website %} 导出时,如果在导出过程中删除数据,则长时间运行的导出将失败。"
+ - 无法访问的页面链接已被移除。
+ - 将团队添加为拉取请求的审阅者时,有时会显示不正确的团队成员数量。
+ - "大量休眠用户可能会导致 {% data variables.product.prodname_github_connect %} 配置失败。"
+ - 站点管理员 Web UI 中的“功能和 Beta 版本注册”页面无法正确使用。
+ - 单击站点页脚中的“站点管理员模式”链接时,其状态未发生更改。
+ changes:
+ - 增加了 Memcached 连接上限,可更好地适应大型群集拓扑。
+ - 更有效地识别和删除超出 Webhook 日志保留时段的 Webhook 日志。
+ - 依赖项关系图 API 以前使用静态定义的端口运行。
+ - 已更新与群集相关的 Elasticsearch 分片设置的默认分片计数。
+ - “会审”和“维护”团队角色在存储库迁移期间保留。
+ - '出现了不必要的 `NotProcessedError` 异常。'
+ - 企业所有者提出的 Web 请求的性能已得到改进。
+ known_issues:
+ - "{% data variables.product.prodname_registry %} npm 注册表在元数据响应中不再返回时间值。这样做是为了大幅改善性能。我们继续拥有将时间值作为元数据响应的一部分返回所需的所有数据,并将在以后解决现有性能问题后恢复返回该值。"
+ - "在没有任何用户的新建 {% data variables.product.prodname_ghe_server %} 实例上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被移除。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - "对 {% data variables.product.prodname_github_connect %} 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 {% data variables.product.prodname_dotcom_the_website %} 搜索结果中。"
+ - "如果为 {% data variables.product.prodname_ghe_server %} 启用 {% data variables.product.prodname_actions %},就可以使用 `ghe-repl-teardown` 成功拆解副本节点,但是可能会返回 `ERROR:Running migrations`。"
+ - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/2.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/2.yml
new file mode 100644
index 0000000000..015a7300ab
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/2.yml
@@ -0,0 +1,26 @@
+date: '2021-06-24'
+sections:
+ security_fixes:
+ - Packages have been updated to the latest security versions.
+ bugs:
+ - A large number of `gauge-dependency-graph-api-dispatch_dispatch` metrics could accumulate in the Management Console.
+ - The sshd service would sometimes fail to start on instances running on Google Cloud Platform.
+ - Old upgrade files would persist on the user disk, sometimes resulting in out of space conditions.
+ - '`gh-migrator` displayed an incorrect path to its log output.'
+ - An export archive would silently fail to import pull requests if they contained review requests from teams not present in the archive.
+ changes:
+ - Update the {% data variables.product.prodname_actions %} Runner version in GHES 3.1 to [v2.278.0](https://github.com/actions/runner/releases/tag/v2.278.0)
+ known_issues:
+ - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+ - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
+ - Custom firewall rules are removed during the upgrade process.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+ - |
+ After upgrading from 3.0.x to 3.1.x, in some cases GitHub Actions can fail with an error: `An unexpected error occurred when executing this workflow.` To workaround this problem, connect to the administrative shell (ssh) and run:
+ ```
+ ghe-actions-console -s actions -c "Queue-ServiceJob -JobId 4DB1F4CF-19FD-40E0-A253-91288813DE8B"
+ ```
+ - If {% data variables.product.prodname_actions %} is enabled for {% data variables.product.prodname_ghe_server %}, teardown of a replica node with `ghe-repl-teardown` will succeed, but may return `ERROR:Running migrations`.
+ - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/20.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/20.yml
new file mode 100644
index 0000000000..98df6f6beb
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/20.yml
@@ -0,0 +1,22 @@
+date: '2022-04-20'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 在某些情况下,使用升级包升级高可用性对中的节点可能会导致 Elasticsearch 进入不一致状态。
+ - 在某些群集拓扑中,命令行实用程序 `ghe-spokesctl` 和 `ghe-btop` 无法运行。
+ - 由于 `elasticsearch-upgrade` 服务并行运行多次,因此 Elasticsearch 索引可能会在包升级期间重复。
+ - "`maint_host_low` 作业队列未处理,导致某些维护任务无法运行。"
+ - "将用户帐户转换为组织帐户时,如果用户帐户是 {% data variables.product.prodname_ghe_server %} 企业帐户的所有者,则转换后的组织将无法正确显示在企业所有者列表中。"
+ - 当与 OAuth 应用程序 ID 匹配的集成已存在时,使用企业管理 REST API 创建模拟 OAuth 令牌会导致错误。
+ changes:
+ - 尝试缓存大于 Memcached 中允许的最大值的值时,会引发错误,但不会报告密钥。
+ known_issues:
+ - "{% data variables.product.prodname_registry %} npm 注册表不再在元数据响应中返回时间值。这样做是为了大幅改善性能。作为元数据响应的一部分,我们继续拥有返回时间值所需的所有数据,并将在我们解决现有性能问题后恢复返回这个值。"
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 实例上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - "对 {% data variables.product.prodname_github_connect %} 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 {% data variables.product.prodname_dotcom_the_website %} 搜索结果中。"
+ - "如果为 {% data variables.product.prodname_ghe_server %} 启用 {% data variables.product.prodname_actions %},将能使用 `ghe-repl-teardown` 成功拆解副本节点,但是可能会返回 `ERROR:Running migrations`。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/3.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/3.yml
new file mode 100644
index 0000000000..13b74382da
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/3.yml
@@ -0,0 +1,27 @@
+date: '2021-07-14'
+sections:
+ security_fixes:
+ - '**高:**在 GitHub Enterprise Server 中发现了一个在构建 GitHub Pages 站点时可以利用的路径遍历漏洞。GitHub Pages 使用的用户控制配置选项没有受到足够的限制,因此可以在 GitHub Enterprise Server 实例上读取文件。要利用此漏洞,攻击者需要获得在 GitHub Enterprise Server 实例上创建和构建 GitHub Pages 站点的权限。此漏洞影响 3.1.3 之前的所有 GitHub Enterprise Server 版本,编号为 CVE-2021-22867。此漏洞通过 GitHub Bug 悬赏计划报告。'
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 未配置 SAML 到期日期变量。
+ - 应用程序服务在配置应用期间的运行状况检查将失败,然后才能进入正常状态。
+ - '如果启用了 HTTP 代理,则 `ghe-cluster-config-node-init` 会在群集设置期间失败。'
+ - 预接收挂钩可能会遇到错误“未能解析当前可执行文件的完整路径”,因为 `/proc` 未装载至容器上。
+ - Collectd 在初始启动后不会解析转发目标主机名。
+ - 如果其中部分仓库因受法律保护而无法被清除,则清除陈旧的已删除仓库的作业可能会失败。
+ - 后台作业将排入 `spam` 队列,这些作业不会得到处理。
+ - 当 PR 合并失败后重新尝试时,首选合并方法将被重置。
+ - 在使用 LDAP 身份验证模式的实例的用户协调过程中,Git 推送可能导致500 内部服务器错误。
+ - '在从 3.0.x 升级到 3.1.x后,GitHub Actions 可能会失败,错误为:“执行此工作流程时发生意外错误。”'
+ changes:
+ - 通过跳过未更改的 IP 允许防火墙规则,提高了配置应用效率,可在大型群集上节省大量时间。
+ known_issues:
+ - "{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分,我们继续拥有返回时间值所需的所有数据,并将在我们解决现有性能问题后恢复返回这个值。"
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。"
+ - 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接,则议题无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。
+ - "如果为 {% data variables.product.prodname_ghe_server %} 启用 {% data variables.product.prodname_actions %},将能使用 `ghe-repl-teardown` 成功拆解副本节点,但是可能会返回 `ERROR:Running migrations`。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/4.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/4.yml
new file mode 100644
index 0000000000..4846e1652c
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/4.yml
@@ -0,0 +1,36 @@
+date: '2021-07-27'
+sections:
+ security_fixes:
+ - Packages have been updated to the latest security versions.
+ bugs:
+ - The counts on packages pages were not being incremented when a package was downloaded.
+ - '`ghe-config-apply` would timeout, ask for a prompt or fail for a customer that had {% data variables.product.prodname_secret_scanning %} enabled, and had either disabled or never enabled {% data variables.product.prodname_actions %} on their instance.'
+ - Log files were not reopened after rotation in some cases leading to high disk space usage on instances with high uptime.
+ - Upgrade could fail from older version of {% data variables.product.prodname_ghe_server %} due to a missing job in {% data variables.product.prodname_actions %}.
+ - 'Custom pre-receive hooks could lead to an error like `error: object directory /data/user/repositories/0/nw/12/34/56/7890/network.git/objects does not exist; check .git/objects/info/alternates`.'
+ - Unauthenticated HTTP proxy for the pages containers build was not supported for any users that use HTTP proxies.
+ - A significant number of 503 errors were logged every time a user visited a repository's `/settings` page if the dependency graph was not enabled.
+ - Internal repositories were only returned when a user had affiliations with the repository through a team or through collaborator status, or queried with the `?type=internal` parameter.
+ - Failed background jobs had unlimited retries which could cause large queue depths.
+ - A significant number of 503 errors were being created if the scheduled job to sync vulnerabilities with GitHub.com attempted to run when dependency graph was not enabled and content analysis was enabled.
+ - |
+ When {% data variables.product.prodname_actions %} is enabled without running regular scheduled backups, the MSSQL transaction log could grow unbounded and can consume all available space on the appliance's data disk, causing a possible outage.
+
+ If you have configured regularly scheduled MSSQL backups, no further actions is required. Otherwise, if you have {% data variables.product.prodname_actions %} previously enabled, run the following commands after installing this patch.
+
+ ```
+ ghe-actions-console -s Mps -c 'Update-Service -Force'
+ ghe-actions-console -s Token -c 'Update-Service -Force'
+ ghe-actions-console -s Actions -c 'Update-Service -Force'
+ ```
+ changes:
+ - The logs for `babeld` now include a `cmd` field for HTTP ref advertisement requests instead of only including it during the negotiation requests.
+ known_issues:
+ - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+ - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
+ - Custom firewall rules are removed during the upgrade process.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+ - If {% data variables.product.prodname_actions %} is enabled for {% data variables.product.prodname_ghe_server %}, teardown of a replica node with `ghe-repl-teardown` will succeed, but may return `ERROR:Running migrations`.
+ - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/6.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/6.yml
new file mode 100644
index 0000000000..9890f3ea58
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/6.yml
@@ -0,0 +1,23 @@
+date: '2021-08-24'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 将非常大的图像或动态 GIF 附加到图像或拉取请求将失败。
+ - 与自动更新相关的日志消息(`添加 h/m/s 随机时间。`)被记录到系统日志中。
+ - 创建命名管道 (FIFO) 的自定义预接收挂钩会崩溃或挂起,从而导致超时错误。
+ - 向审核日志高级搜索页面添加筛选器不会使用正确的 facet 前缀和值实时填充查询文本框。
+ - "导致请求失败的内部 API 的 Git 挂钩返回异常 `undefined method body for \"success\":String (NoMethodError)`,而不是返回显式的 `nil`。"
+ - 删除集成后,可能还会删除不相关的 OAuth 应用程序或集成。
+ - 添加包含表情符号字符的必填消息后,尝试查看或更改消息将返回 500 内部服务器错误。
+ changes:
+ - 将 `triage` 和 `maintain` 添加到 REST API 返回的权限列表中。
+ known_issues:
+ - "{% data variables.product.prodname_registry %} npm 注册表不再在元数据响应中返回时间值。这样做是为了大幅改善性能。作为元数据响应的一部分,我们继续拥有返回时间值所需的全部数据,并将在我们解决现有性能问题后恢复返回这个值。"
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
+ - 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "如果为 {% data variables.product.prodname_ghe_server %} 启用 {% data variables.product.prodname_actions %},将能使用 `ghe-repl-teardown` 成功拆解副本节点,但是可能会返回 `ERROR:Running migrations`。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/7.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/7.yml
new file mode 100644
index 0000000000..452ff2faa7
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/7.yml
@@ -0,0 +1,18 @@
+date: '2021-09-07'
+sections:
+ security_fixes:
+ - 包已更新到最新的安全版本。
+ bugs:
+ - 如果未启动复制,则尝试通过使用 `ghe-repl-teardown` 指定新添加副本节点的 UUID 来拆除该节点将失败,且不会报告错误。
+ - GitHub Pages 内部版本正通过外部代理(如果已配置)进行传递。
+ - 创建子进程的自定义预接收挂钩在其环境中缺少 `PATH` 变量,从而导致“没有此类文件或目录”错误。
+ - 如果启用了 `mysql-auto-failover`,则 MySQL 可在升级期间进行故障转移。
+ known_issues:
+ - "{% data variables.product.prodname_registry %} npm 注册表不再在元数据响应中返回时间值。这样可以大幅改善性能。作为元数据响应的一部分,我们继续拥有返回时间值所需的所有数据,并将在我们解决现有性能问题后恢复返回这个值。"
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 将在升级过程中删除自定义防火墙规则。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含指向同一存储库中 blob 文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "如果为 {% data variables.product.prodname_ghe_server %} 启用 {% data variables.product.prodname_actions %},将会使用 `ghe-repl-teardown` 成功拆解副本节点,但是可能会返回 `ERROR:Running migrations`。"
+ - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/8.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/8.yml
new file mode 100644
index 0000000000..a388d49cbe
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/8.yml
@@ -0,0 +1,20 @@
+date: '2021-09-24'
+sections:
+ security_fixes:
+ - '**高:**在 {% data variables.product.prodname_ghe_server %} 中发现了一个在构建 {% data variables.product.prodname_pages %} 站点时可以利用的路径遍历漏洞。{% data variables.product.prodname_pages %} 使用的用户控制配置选项没有受到足够的限制,因此可以读取 {% data variables.product.prodname_ghe_server %} 实例上的文件。要利用此漏洞,攻击者需要获得在 {% data variables.product.prodname_ghe_server %} 实例上创建和构建 {% data variables.product.prodname_pages %} 站点的权限。此漏洞影响 3.1.8 之前的所有 {% data variables.product.prodname_ghe_server %} 版本,在 3.1.8、3.0.16 和 2.22.22 中得到了修复。这是 CVE-2021-22867 修复不完整的结果。此漏洞通过 GitHub Bug 赏金计划报告,编号为 CVE-2021-22868。{% comment %} https://github.com/github/pages/pull/3361, https://github.com/github/pages/pull/3357 {% endcomment %}'
+ - '**中:**{% data variables.product.prodname_ghe_server %} 中的不正确访问控制漏洞允许工作流作业在其不应访问的自承载运行器组中执行。这会影响使用自承载运行器组进行访问控制的客户。由于请求期间的身份验证检查不正确,有权访问一个企业运行器组的存储库可以访问组织内的所有企业运行器组。这可能会导致代码被不正确的运行器组无意运行。此漏洞影响 3.0.0-3.0.15 以及 3.1.0-3.1.7 的所有 {% data variables.product.prodname_ghe_server %} 版本,在 3.0.16 和 3.1.8 中得到了修复。其编号为 CVE-2021-22869。{% comment %} https://github.com/github/enterprise2/pull/27013 {% endcomment %}'
+ bugs:
+ - '在维护模式期间,Resque 工作进程计数显示不正确。{% comment %} https://github.com/github/enterprise2/pull/26899, https://github.com/github/enterprise2/pull/26883 {% endcomment %}'
+ - '在群集模式下,分配的 memcached 内存可能为零。{% comment %} https://github.com/github/enterprise2/pull/26928, https://github.com/github/enterprise2/pull/26832 {% endcomment %}'
+ - '非空二进制文件在拉取请求“文件”选项卡上显示了不正确的文件类型和大小。{% comment %} https://github.com/github/github/pull/192810, https://github.com/github/github/pull/172284, https://github.com/github/coding/issues/694 {% endcomment %}'
+ - '修复了 {% data variables.product.prodname_pages %} 构建,以便考虑设备的 NO_PROXY 设置。这仅与配置了 HTTP 代理的设备有关。(更新时间:2021-09-30){% comment %} https://github.com/github/pages/pull/3360 {% endcomment %}'
+ - '即使不使用 `ghe-restore` 的 `--config` 选项,源实例的 GitHub Connect 配置也始终恢复到新实例。如果源实例和目标实例同时联机,这将导致与 GitHub Connect 连接和许可证同步发生冲突。该修复还需要将 backup-utils 更新到 3.2.0 或更高版本。[更新时间:2021-11-18]'
+ known_issues:
+ - "{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅提高性能。我们继续拥有将时间值作为元数据响应的一部分返回所需的所有数据,并将在解决现有性能问题后恢复返回该值。"
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可能创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
+ - 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
+ - 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "如果为 {% data variables.product.prodname_ghe_server %} 启用 {% data variables.product.prodname_actions %},将能使用 `ghe-repl-teardown` 成功拆解副本节点,但是可能会返回 `ERROR:Running migrations`。"
+ - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-1/9.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-1/9.yml
new file mode 100644
index 0000000000..9a68debc63
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-1/9.yml
@@ -0,0 +1,28 @@
+date: '2021-10-12'
+sections:
+ security_fixes:
+ - '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/27035, https://github.com/github/enterprise2/pull/27010 {% endcomment %}'
+ bugs:
+ - '由于过于严格的虚拟内存或 CPU 时间限制,自定义预接收挂钩可能会失败。{% comment %} https://github.com/github/enterprise2/pull/26972, https://github.com/github/enterprise2/pull/26955 {% endcomment %}'
+ - '尝试使用 `ghe-cleanup-settings` 擦除所有现有配置设置无法重启管理控制台服务。{% comment %} https://github.com/github/enterprise2/pull/26987, https://github.com/github/enterprise2/pull/26901 {% endcomment %}'
+ - '在通过“ghe-repl-teardown”进行复制拆除期间,Memcached 未能重启。{% comment %} https://github.com/github/enterprise2/pull/26993, https://github.com/github/enterprise2/pull/26983 {% endcomment %}'
+ - '在高负载期间,当上游服务未通过内部运行状况检查时,用户将收到 HTTP 503 状态代码。{% comment %} https://github.com/github/enterprise2/pull/27082, https://github.com/github/enterprise2/pull/26999 {% endcomment %}'
+ - '配置 Actions 后,从 GitHub Enterprise 备份实用工具快照还原后,MSSQL 复制将失败。{% comment %} https://github.com/github/enterprise2/pull/27097, https://github.com/github/enterprise2/pull/26254 {% endcomment %}'
+ - '运行 `ghe-config-apply` 时可能会显示错误的 `jq` 错误消息。{% comment %} https://github.com/github/enterprise2/pull/27194, https://github.com/github/enterprise2/pull/26784 {% endcomment %}'
+ - '预接收挂钩环境被禁止通过 Alpine 上的 BusyBox 调用 cat 命令。{% comment %} https://github.com/github/enterprise2/pull/27115, https://github.com/github/enterprise2/pull/27094 {% endcomment %}'
+ - '外部数据库密码以明文形式记录。{% comment %} https://github.com/github/enterprise2/pull/27173, https://github.com/github/enterprise2/pull/26413 {% endcomment %}'
+ - '从主群集数据中心故障转移到辅助群集数据中心成功,但随后故障转移回原始主群集数据中心时未能提升 Elasticsearch 索引。{% comment %} https://github.com/github/github/pull/193181, https://github.com/github/github/pull/192447 {% endcomment %}'
+ - '组织的“团队”页面上的“导入团队”按钮返回了 HTTP 404。{% comment %} https://github.com/github/github/pull/193302 {% endcomment %}'
+ - '在某些情况下,尝试查看“休眠用户”页面的 GitHub Enterprise 管理员会收到“502 网关错误”或“504 网关超时”响应。{% comment %} https://github.com/github/github/pull/194260, https://github.com/github/github/pull/193609 {% endcomment %}'
+ - '由于“SynchronizePullRequestJob”作业数量的增加,在某些高负载情况下,性能会受到负面影响。{% comment %} https://github.com/github/github/pull/195253, https://github.com/github/github/pull/194591 {% endcomment %}'
+ changes:
+ - '更有效地删除超出 Webhook 日志保留时段的 Webhook 日志。{% comment %} https://github.com/github/enterprise2/pull/27158 {% endcomment %}'
+ known_issues:
+ - "{% data variables.product.prodname_registry %} npm 注册表不再在元数据响应中返回时间值。这样做是为了大幅改善性能。作为元数据响应的一部分,我们继续拥有返回时间值所需的所有数据,并将在我们解决现有性能问题后恢复返回这个值。"
+ - "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
+ - 自定义防火墙规则在升级过程中被删除。
+ - "Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)被错误地直接添加到存储库。"
+ - 如果问题包含文件路径长于 255 个字符的同一存储库中 blob 的永久链接,则问题无法关闭。
+ - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
+ - "如果为 {% data variables.product.prodname_ghe_server %} 启用 {% data variables.product.prodname_actions %},将能使用 `ghe-repl-teardown` 成功拆解副本节点,但是可能会返回 `ERROR:Running migrations`。"
+ - 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-2/0-rc1.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-2/0-rc1.yml
new file mode 100644
index 0000000000..0213319af5
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-2/0-rc1.yml
@@ -0,0 +1,309 @@
+date: '2021-09-09'
+release_candidate: true
+deprecated: true
+intro: If {% data variables.product.product_location %} is running a release candidate build, you can't upgrade with a hotpatch. We recommend only running release candidates on test environments.
+sections:
+ features:
+ - heading: Custom patterns for secret scanning
+ notes:
+ # https://github.com/github/releases/issues/1426
+ - |
+ {% data variables.product.prodname_GH_advanced_security %} customers can now specify custom patterns for secret scanning. When a new pattern is specified, secret scanning searches a repository's entire Git history for the pattern, as well as any new commits.
+
+ User defined patterns are in beta for {% data variables.product.prodname_ghe_server %} 3.2. They can be defined at the repository, organization, and enterprise levels. For more information, see "[Defining custom patterns for secret scanning](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
+
+ - heading: Security overview for Advanced Security (beta)
+ notes:
+ # https://github.com/github/releases/issues/1381
+ - |
+ {% data variables.product.prodname_GH_advanced_security %} customers now have an organization-level view of the application security risks detected by {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_dependabot %}, and {% data variables.product.prodname_secret_scanning %}. The security overview shows the enablement status of security features on each repository, as well as the number of alerts detected.
+
+ In addition, the security overview lists all {% data variables.product.prodname_secret_scanning %} alerts at the organization level. Similar views for {% data variables.product.prodname_dependabot %} and {% data variables.product.prodname_code_scanning %} alerts are coming in future releases. For more information, see "[About the security overview](/code-security/security-overview/about-the-security-overview)."
+
+ 
+
+ - heading: Dependency review (beta)
+ notes:
+ # https://github.com/github/releases/issues/1364
+ - |
+ {% data variables.product.prodname_GH_advanced_security %} customers can now see a rich diff of the dependencies changed in a pull request. Dependency review provides an easy-to-understand view of dependency changes and their security impact in the "Files changed" tab of pull requests. It informs you of which dependencies were added, removed, or updated, along with vulnerability information for these dependencies. For more information, see "[Reviewing dependency changes in a pull request](/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)."
+
+ - heading: GitHub Actions environments
+ notes:
+ # https://github.com/github/releases/issues/1308
+ - |
+ Environments, environment protection rules, and environment secrets are now generally available for {% data variables.product.prodname_actions %} on {% data variables.product.product_name %}. For more information, see "[Environments](/actions/reference/environments)."
+
+ 
+
+ - heading: SSH authentication with security keys
+ notes:
+ # https://github.com/github/releases/issues/1276
+ - |
+ SSH authentication using a FIDO2 security key is now supported when you add a `sk-ecdsa-sha2-nistp256@openssh.com` or `sk-ssh-ed25519@openssh.com` SSH key to your account. SSH security keys store secret key material on a separate hardware device that requires verification, such as a tap, to operate. For more information, see "[Generating a new SSH key and adding it to the ssh-agent](/github/authenticating-to-github/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key-for-a-hardware-security-key)."
+
+ - heading: 'Dark and dark dimmed themes'
+ notes:
+ # https://github.com/github/releases/issues/1260
+ - |
+ Dark and dark dimmed themes are now available for the web UI. {% data variables.product.product_name %} will match your system preferences when you haven't set theme preferences in {% data variables.product.product_name %}. You can also choose which themes are active during the day and night. For more information, see "[Managing your theme settings](/github/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-your-theme-settings)."
+
+ 
+
+ - heading: 'Approving unverified domains for email notifications'
+ notes:
+ # https://github.com/github/releases/issues/1244
+ - Domains that are not able to be verified can now be approved for email notification routing. Enterprise and organization owners will be able to approve domains and immediately augment their email notification restriction policy, allowing notifications to be sent to collaborators, consultants, acquisitions, or other partners. For more information, see "[Verifying or approving a domain for your enterprise](/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise#about-approval-of-domains)" and "[Restricting email notifications for your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise#restricting-email-notifications-for-your-enterprise-account)."
+
+ - heading: 'Git Credential Manager (GCM) secure credential storage and multi-factor authentication support'
+ notes:
+ # https://github.com/github/releases/issues/1406
+ - |
+ Git Credential Manager (GCM) versions 2.0.452 and later now provide security-hardened credential storage and multi-factor authentication support for {% data variables.product.product_name %}.
+
+ GCM with support for {% data variables.product.product_name %} is included with [Git for Windows](https://gitforwindows.org) versions 2.32 and later. GCM is not included with Git for macOS or Linux, but can be installed separately. For more information, see the [latest release](https://github.com/GitCredentialManager/git-credential-manager/releases/) and [installation instructions](https://github.com/GitCredentialManager/git-credential-manager/releases/) in the `GitCredentialManager/git-credential-manager` repository.
+
+ changes:
+ - heading: Administration Changes
+ notes:
+ # https://github.com/github/releases/issues/1309
+ - A 'User Agent Referrer Policy' setting has been added to the enterprise settings. This allows an admin to set a stricter `Referrer-Policy` to hide the hostname of a {% data variables.product.prodname_ghe_server %} installation from external sites. The setting is disabled by default and is tracked by audit log events for staff and enterprise owners when enabled or disabled. For more information, see "[Configuring Referrer Policy for your enterprise](/admin/configuration/configuring-your-enterprise/configuring-the-referrer-policy-for-your-enterprise)."
+
+ # https://github.com/github/releases/issues/1515
+ - The MySQL health check was changed to use `mysqladmin ping` instead of TCP checks, which removes some unnecessary noise in the MySQL error log. Also, Orchestrator failover checks were improved to prevent unnecessary MySQL failovers when applying cluster config changes.
+
+ # https://github.com/github/releases/issues/1287
+ - The Resque service, which supports background job processing, has been replaced with Aqueduct Lite. This change makes the job system easier to manage and should not affect the user experience. For the new administration and debugging commands for Aqueduct, see "[Command-line utilities](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-aqueduct)."
+
+ - heading: Token Changes
+ notes:
+ # https://github.com/github/releases/issues/1235
+ - |
+ The format of authentication tokens for {% data variables.product.product_name %} has changed. The change affects the format of personal access tokens and access tokens for {% data variables.product.prodname_oauth_apps %}, as well as user-to-server, server-to-server, and refresh tokens for {% data variables.product.prodname_github_apps %}.
+
+ The different token types now have unique identifiable prefixes, which allows for secret scanning to detect the tokens so that you can mitigate the impact of someone accidentally committing a token to a repository. {% data variables.product.company_short %} recommends updating existing tokens as soon as possible. For more information, see "[About authentication to {% data variables.product.prodname_dotcom %}](/github/authenticating-to-github/keeping-your-account-and-data-secure/about-authentication-to-github#githubs-token-formats)" and "[About {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/about-secret-scanning)."
+
+ - heading: 'Repositories changes'
+ notes:
+ # https://github.com/github/releases/issues/1295
+ - Repositories on user profiles and organization profiles now support sorting by star count.
+
+ # https://github.com/github/releases/issues/1327
+ - When viewing the commit history of a single file, you can now click {% octicon "file-code" aria-label="The code icon" %} to view that file at the selected point in history.
+
+ # https://github.com/github/releases/issues/1254
+ - When a submodule is defined with a relative path in {% data variables.product.product_location %}, the submodule is now clickable in the web UI. Clicking the submodule in the web UI will take you to the linked repository. Previously, only submodules with absolute URLs were clickable. This is supported for relative paths for repositories with the same owner that follow the pattern ../REPOSITORY or relative paths for repositories with a different owner that follow the pattern ../OWNER/REPOSITORY. For more information about working with submodules, see [Working with submodules](https://github.blog/2016-02-01-working-with-submodules/) on {% data variables.product.prodname_blog %}.
+
+ # https://github.com/github/releases/issues/1250
+ - The web UI can now be used to synchronize an out-of-date branch of a fork with the fork's upstream branch. If there are no merge conflicts between the branches, the branch is updated either by fast-forwarding or by merging from upstream. If there are conflicts, you will be prompted to create a pull request to resolve the conflicts. For more information, see "[Syncing a fork](/github/collaborating-with-pull-requests/working-with-forks/syncing-a-fork#syncing-a-fork-from-the-web-ui)."
+
+ - heading: 'Markdown changes'
+ notes:
+ # https://github.com/github/releases/issues/1477
+ - The markdown editor used when creating or editing a release in a repository now has a text-editing toolbar. For more information, see "[Managing releases in a repository](/github/administering-a-repository/releasing-projects-on-github/managing-releases-in-a-repository#creating-a-release)."
+
+ # https://github.com/github/releases/issues/1169
+ - Uploading video files is now supported everywhere you write Markdown on {% data variables.product.product_name %}. Share demos, reproduction steps, and more in your issue and pull request comments, as well as in Markdown files within repositories, such as READMEs. For more information, see "[Attaching files](/github/writing-on-github/working-with-advanced-formatting/attaching-files)."
+
+ # https://github.com/github/releases/issues/1269
+ - Markdown files will now automatically generate a table of contents in the header when there are 2 or more headings. The table of contents is interactive and links to the selected section. All 6 Markdown heading levels are supported.
+
+ # https://github.com/github/releases/issues/1294
+ - 'There is a new keyboard shortcut, `cmd+e` on macOS or `ctrl+e` on Windows, to insert codeblocks in Markdown files, issues, pull requests, and comments.'
+
+ # https://github.com/github/releases/issues/1474
+ - Appending `?plain=1` to the URL for any Markdown file will now display the file without rendering and with line numbers. The plain view can be used to link other users to specific lines. For example, appending `?plain=1#L52` will highlight line 52 of a plain text Markdown file. For more information, "[Creating a permanent link to a code snippet](/github/writing-on-github/working-with-advanced-formatting/creating-a-permanent-link-to-a-code-snippet#linking-to-markdown)."
+
+ - heading: 'Issues and pull requests changes'
+ notes:
+ # https://github.com/github/releases/issues/1413
+ - With the [latest version of Octicons](https://github.com/primer/octicons/releases), the states of issues and pull requests are now more visually distinct so you can scan their status more easily. For more information, see [{% data variables.product.prodname_blog %}](https://github.blog/changelog/2021-06-08-new-issue-and-pull-request-state-icons/).
+
+ # https://github.com/github/releases/issues/1419
+ - A new "Require conversation resolution before merging" branch protection rule and "Conversations" menu is now available. Easily discover your pull request comments from the "Files changed" tab, and require that all your pull request conversations are resolved before merging. For more information, see "[About pull request reviews](/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews#discovering-and-navigating-conversations)" and "[About protected branches](/github/administering-a-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-conversation-resolution-before-merging)."
+
+ # https://github.com/github/releases/issues/1279
+ - To prevent the merge of unexpected changes after auto-merge is enabled for a pull request, auto-merge is now disabled automatically when new changes are pushed by a user without write access to the repository. Users without write access can still update the pull request with changes from the base branch when auto-merge is enabled. To prevent a malicious user from using a merge conflict to introduce unexpected changes to the pull request, auto-merge for the pull request is disabled if the update causes a merge conflict. For more information about auto-merge, see "[Automatically merging a pull request](/github/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request)."
+
+ # https://github.com/github/releases/issues/1550
+ - People with maintain permissions can now manage the repository-level "Allow auto-merge" setting. This setting, which is off by default, controls whether auto-merge is available on pull requests in the repository. Previously, only people with admin permissions could manage this setting. Additionally, this setting can now by controlled using the "[Create a repository](/rest/reference/repos#create-an-organization-repository)" and "[Update a repository](/rest/reference/repos#update-a-repository)" REST APIs. For more information, see "[Managing auto-merge for pull requests in your repository](/github/administering-a-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository)."
+
+ # https://github.com/github/releases/issues/1201
+ - The assignees selection for issues and pull requests now supports type ahead searching so you can find users in your organization faster. Additionally, search result rankings have been updated to prefer matches at the start of a person's username or profile name.
+
+ # https://github.com/github/releases/issues/1430
+ - When a review is requested from a team of more than 100 people, developers are now shown a confirmation dialog box in order to prevent unnecessary notifications for large teams.
+
+ # https://github.com/github/releases/issues/1293
+ - Back-tick `code blocks` are now supported in issue titles, pull request titles, and in any place issue and pull request titles are referenced in {% data variables.product.prodname_ghe_server %}.
+
+ # https://github.com/github/releases/issues/1300
+ - Events for pull requests and pull request reviews are now included in the audit log for both [enterprises](/admin/user-management/managing-users-in-your-enterprise/auditing-users-across-your-enterprise) and [organizations](/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization). These events help admins better monitor pull request activity and help ensure security and compliance requirements are being met. Events can be viewed from the web UI, exported as CSV or JSON, or accessed via REST API. You can also search the audit log for specific pull request events. For more information, see "[Reviewing the audit log for your organization](/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization#pull_request-category-actions)."
+
+ - heading: 'Branches changes'
+ notes:
+ # https://github.com/github/releases/issues/885
+ - |
+ The default branch name for new repositories is now `main`. Existing repositories are not impacted by this change. If users, organization owners, or enterprise owners have previously specified a default branch for new repositories, they are also not impacted.
+
+ If you want to set a different default branch name, you can do so in the [user](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-the-default-branch-name-for-your-repositories), [organization](/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization), or [enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-on-the-default-branch-name) settings.
+
+ # https://github.com/github/releases/issues/981
+ - |
+ Branches, including the default branch, can now be renamed using the the {% data variables.product.product_name %} web UI. When a branch is renamed, any open pull requests and draft releases targeting the renamed branch will be retargeted automatically, and branch protection rules that explicitly reference the renamed branch will be updated.
+
+ Admin permissions are required to rename the default branch, but write permissions are sufficient to rename other branches.
+
+ To help make the change as seamless as possible for users:
+
+ * A notice is shown to contributors, maintainers, and admins on the repository homepage with instructions for updating their local repository.
+ * Web requests to the old branch will be redirected.
+ * A "moved permanently" HTTP response will be returned to REST API calls.
+ * An informational message is displayed to Git command line users that push to the old branch.
+
+ For more information, see "[Renaming a branch](/github/administering-a-repository/managing-branches-in-your-repository/renaming-a-branch)."
+
+ - heading: 'GitHub Actions changes'
+ notes:
+ # https://github.com/github/releases/issues/1227
+ - '{% data variables.product.prodname_actions %} now lets you control the permissions granted to the `GITHUB_TOKEN` secret. The `GITHUB_TOKEN` is an automatically-generated secret that lets you make authenticated calls to the API for {% data variables.product.product_name %} in your workflow runs. {% data variables.product.prodname_actions %} generates a new token for each job and expires the token when a job completes. The token usually has `write` permissions to a number of [API endpoints](/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token), except in the case of pull requests from forks, which are always `read`. These new settings allow you to follow a principle of least privilege in your workflows. For more information, see "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow#modifying-the-permissions-for-the-github_token)."'
+
+ # https://github.com/github/releases/issues/1280
+ - '{% data variables.product.prodname_cli %} 1.9 and later allows you to work with {% data variables.product.prodname_actions %} in your terminal. For more information, see the [{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-04-15-github-cli-1-9-enables-you-to-work-with-github-actions-from-your-terminal/).'
+
+ # https://github.com/github/releases/issues/1157
+ - The audit log now includes events associated with {% data variables.product.prodname_actions %} workflow runs. This data provides administrators with a greatly expanded data set for security and compliance audits. For more information, see "[Reviewing the audit log for your organization](/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization#workflows-category-actions)."
+
+ # https://github.com/github/releases/issues/1587
+ - Performance improvements have been made to {% data variables.product.prodname_actions %}, which may result in higher maximum job throughput. For more information on job throughput with internally-tested CPU and memory configurations, see "[Getting started with {% data variables.product.prodname_actions %} for {% data variables.product.prodname_ghe_server %}](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server#review-hardware-considerations)."
+
+ - heading: 'GitHub Packages changes'
+ notes:
+ # https://github.com/github/releases/issues/1088
+ - Any package or package version for {% data variables.product.prodname_registry %} can now be deleted from {% data variables.product.product_name %}'s web UI. You can also undo the deletion of any package or package version within 30 days. For more information, see "[Deleting and restoring a package](/packages/learn-github-packages/deleting-and-restoring-a-package)".
+
+ - heading: 'Dependabot and Dependency graph changes'
+ notes:
+ # https://github.com/github/releases/issues/1537
+ - The dependency graph can now be enabled using the Management Console, rather than needing to run a command in the administrative shell. For more information, see "[Enabling alerts for vulnerable dependencies {% data variables.product.prodname_ghe_server %}](/admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server#enabling-the-dependency-graph-and-dependabot-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."
+
+ # https://github.com/github/releases/issues/1153
+ - Notifications for multiple {% data variables.product.prodname_dependabot_alerts %} are now grouped together if they're discovered at the same time. This significantly reduces the volume of {% data variables.product.prodname_dependabot %} alert notifications that users receive. For more information, see the [{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-03-18-grouped-dependabot-alert-notifications/).
+
+ # https://github.com/github/releases/issues/1371
+ - Dependency graph and {% data variables.product.prodname_dependabot_alerts %} now support Go modules. {% data variables.product.prodname_ghe_server %} analyzes a repository's `go.mod` files to understand the repository’s dependencies. Along with security advisories, the dependency graph provides the information needed to alert developers to vulnerable dependencies. For more information about enabling the dependency graph on private repositories, see "[Securing your repository](/code-security/getting-started/securing-your-repository#managing-the-dependency-graph)."
+
+ # https://github.com/github/releases/issues/1538
+ - The default notification settings for security alerts have changed. Previously, if you had permission to view security alerts in a repository, you would receive notifications for that repository as long as your settings allowed for security alert notifications. Now, you must opt in to security alert notifications by watching the repository. You will be notified if you select `All Activity` or configure `Custom` to include `Security alerts`. All existing repositories will be automatically migrated to these new settings and you will continue to receive notifications; however, any new repositories will require opting-in by watching the repository. For more information see "[Configuring notifications for {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts)" and "[Managing alerts from secret scanning](/code-security/secret-security/managing-alerts-from-secret-scanning)."
+
+ - heading: 'Code scanning and secret scanning changes'
+ notes:
+ # https://github.com/github/releases/issues/1352
+ - '{% data variables.product.prodname_code_scanning_capc %} with {% data variables.product.prodname_codeql %} now generates diagnostic information for all supported languages. This helps check the state of the created database to understand the status and quality of performed analysis. The diagnostic information is available starting in [version 2.5.6](https://github.com/github/codeql-cli-binaries/releases) of the [{% data variables.product.prodname_codeql_cli %}](https://codeql.github.com/docs/codeql-cli/). You can see the detailed diagnostic information in the {% data variables.product.prodname_actions %} logs for {% data variables.product.prodname_codeql %}. For more information, see "[Viewing code scanning logs](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/viewing-code-scanning-logs)."'
+
+ # https://github.com/github/releases/issues/1360
+ - '{% data variables.product.prodname_code_scanning_capc %} with {% data variables.product.prodname_codeql_cli %} now supports analyzing several languages during a single build. This makes it easier to run code analysis to use CI/CD systems other than {% data variables.product.prodname_actions %}. The new mode of the `codeql database create` command is available starting [version 2.5.6](https://github.com/github/codeql-cli-binaries/releases) of the [{% data variables.product.prodname_codeql_cli %}](https://codeql.github.com/docs/codeql-cli/). For more information about setting this up, see "[Installing {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-cli-in-your-ci-system)."'
+
+ # https://github.com/github/releases/issues/1160
+ - '{% data variables.product.prodname_code_scanning_capc %} alerts from all enabled tools are now shown in one consolidated list, so that you can easily prioritize across all alerts. You can view alerts from a specific tool by using the "Tool" filter, and the "Rule" and "Tag" filters will dynamically update based on your "Tool" selection.'
+
+ # https://github.com/github/releases/issues/1454
+ - '{% data variables.product.prodname_code_scanning_capc %} with {% data variables.product.prodname_codeql %} now includes beta support for analyzing C++20 code. This is only available when building codebases with GCC on Linux. C++20 modules are not supported yet.'
+
+ # https://github.com/github/releases/issues/1375
+ - The depth of {% data variables.product.prodname_codeql %}'s analysis has been improved by adding support for more [libraries and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) and increasing the coverage of our existing library and framework models for several languages ([C++](https://github.com/github/codeql/tree/main/cpp), [JavaScript](https://github.com/github/codeql/tree/main/javascript), [Python](https://github.com/github/codeql/tree/main/python), and [Java](https://github.com/github/codeql/tree/main/java)). As a result, {% data variables.product.prodname_codeql %} can now detect even more potential sources of untrusted user data, review the steps through which that data flows, and identify potentially dangerous sinks in which this data could end up. This results in an overall improvement of the quality of the {% data variables.product.prodname_code_scanning %} alerts. For more information, see the [{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-07-01-codeql-code-scanning-now-recognizes-more-sources-and-uses-of-untrusted-user-data/).
+
+ # https://github.com/github/releases/issues/1335
+ # https://github.com/github/releases/issues/1314
+ - |
+ {% data variables.product.prodname_code_scanning_capc %} now shows `security-severity` levels for CodeQL security alerts. You can configure which `security-severity` levels will cause a check failure for a pull request. The severity level of security alerts can be `critical`, `high`, `medium`, or `low`. By default, any {% data variables.product.prodname_code_scanning %} alerts with a `security-severity` of `critical` or `high` will cause a pull request check failure.
+
+ Additionally, you can now also configure which severity levels will cause a pull request check to fail for non-security alerts. You can configure this behavior at the repository level, and define whether alerts with the severity `error`, `warning`, or `note` will cause a pull request check to fail. By default, non-security {% data variables.product.prodname_code_scanning %} alerts with a severity of `error` will cause a pull request check failure.
+
+ For more information see "[Defining which alert severity levels cause pull request check failure](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#defining-the-severities-causing-pull-request-check-failure)."
+
+ 
+
+ # https://github.com/github/releases/issues/1324
+ - |
+ Improvements to the branch filter for {% data variables.product.prodname_code_scanning %} alerts make it clearer which {% data variables.product.prodname_code_scanning %} alerts are being displayed on the alerts page. By default, {% data variables.product.prodname_code_scanning %} alerts are filtered to show alerts for the default branch of the repository only. You can use the branch filter to display the alerts on any of the non-default branches. Any branch filter that has been applied is shown in the search bar.
+
+ The search syntax has also been simplified to `branch:`. This syntax can be used multiple times in the search bar to filter on multiple branches. The previous syntax, `ref:refs/heads/`, is still supported, so any saved URLs will continue to work.
+
+ # https://github.com/github/releases/issues/1313
+ - |
+ Free text search is now available for code scanning alerts. You can search code scanning results to quickly find specific alerts without having to know exact search terms. The search is applied across the alert's name, description, and help text. The syntax is:
+
+ - A single word returns all matches.
+ - Multiple search words returns matches to either word.
+ - Words in double quotes returns exact matches.
+ - The keyword 'AND' returns matches to multiple words.
+
+ - '{% data variables.product.prodname_secret_scanning_caps %} added patterns for 23 new service providers. For the updated list of supported secrets, see "[About secret scanning](/code-security/secret-scanning/about-secret-scanning)."'
+
+ - heading: API Changes
+ notes:
+ # https://github.com/github/releases/issues/1253
+ - Pagination support has been added to the Repositories REST API's "compare two commits" endpoint, which returns a list of commits reachable from one commit or branch, but unreachable from another. The API can also now return the results for comparisons over 250 commits. For more information, see the "[Commits](/rest/reference/commits#compare-two-commits)" REST API documentation and "[Traversing with pagination](/rest/guides/traversing-with-pagination)."
+
+ # https://github.com/github/releases/issues/969
+ - The REST API can now be used to programmatically resend or check the status of webhooks. For more information, see "[Webhooks](/rest/reference/webhooks)," "[Organizations](/rest/reference/orgs#webhooks)," and "[Apps](/rest/reference/apps#webhooks)" in the REST API documentation.
+
+ # https://github.com/github/releases/issues/1349
+ - |
+ Improvements have been made to the code scanning and {% data variables.product.prodname_GH_advanced_security %} APIs:
+
+ - The code scanning API now returns the CodeQL query version used for an analysis. This can be used to reproduce results or confirm that an analysis used the latest query. For more information, see "[Code scanning](/rest/reference/code-scanning#list-code-scanning-alerts-for-a-repository)" in the REST API documentation.
+ - Admin users can now use the REST API to enable or disable {% data variables.product.prodname_GH_advanced_security %} for repositories, using the `security_and_analysis` object on `repos/{org}/{repo}`. In addition, admin users can check whether {% data variables.product.prodname_advanced_security %} is currently enabled for a repository by using a `GET /repos/{owner}/{repo}` request. These changes help you manage {% data variables.product.prodname_advanced_security %} repository access at scale. For more information, see "[Repositories](/rest/reference/repos#update-a-repository)" in the REST API documentation.
+
+ # No security/bug fixes for the RC release
+ # security_fixes:
+ # - PLACEHOLDER
+
+ # bugs:
+ # - PLACEHOLDER
+
+ known_issues:
+ - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
+ - Custom firewall rules are removed during the upgrade process.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+ - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+ - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+
+ deprecations:
+ - heading: Deprecation of GitHub Enterprise Server 2.21
+ notes:
+ - '**{% data variables.product.prodname_ghe_server %} 2.21 was discontinued on June 6, 2021**. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, [upgrade to the newest version of {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.2/admin/enterprise-management/upgrading-github-enterprise-server) as soon as possible.'
+ - heading: Deprecation of GitHub Enterprise Server 2.22
+ notes:
+ - '**{% data variables.product.prodname_ghe_server %} 2.22 will be discontinued on September 23, 2021**. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, [upgrade to the newest version of {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.2/admin/enterprise-management/upgrading-github-enterprise-server) as soon as possible.'
+ - heading: Deprecation of XenServer Hypervisor support
+ notes:
+ # https://github.com/github/docs-content/issues/4439
+ - Beginning in {% data variables.product.prodname_ghe_server %} 3.1, we will begin discontinuing support for Xen Hypervisor. The complete deprecation is scheduled for {% data variables.product.prodname_ghe_server %} 3.3, following the standard one year deprecation window. Please contact [GitHub Support](https://support.github.com/contact) with questions or concerns.
+ - heading: Removal of Legacy GitHub Services
+ notes:
+ # https://github.com/github/releases/issues/1506
+ - '{% data variables.product.prodname_ghe_server %} 3.2 removes unused GitHub Service database records. More information is available in the [deprecation announcement post](https://developer.github.com/changes/2018-04-25-github-services-deprecation/).'
+ - heading: Deprecation of OAuth Application API endpoints and API authentication via query parameters
+ notes:
+ # https://github.com/github/releases/issues/1316
+ - |
+ To prevent accidental logging or exposure of `access_tokens`, we discourage the use of OAuth Application API endpoints and the use of API auth via query params. Visit the following posts to see the proposed replacements:
+
+ * [Replacement OAuth Application API endpoints](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/#changes-to-make)
+ * [Replacement auth via headers instead of query param](https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make)
+
+ These endpoints and auth route are planned to be removed from {% data variables.product.prodname_ghe_server %} in {% data variables.product.prodname_ghe_server %} 3.4.
+ - heading: Removal of legacy GitHub App webhook events and endpoints
+ notes:
+ # https://github.com/github/releases/issues/965
+ - |
+ Two legacy GitHub Apps-related webhook events have been removed: `integration_installation` and `integration_installation_repositories`. You should instead be listening to the `installation` and `installation_repositories` events.
+ - |
+ The following REST API endpoint has been removed: `POST /installations/{installation_id}/access_tokens`. You should instead be using the namespaced equivalent `POST /app/installations/{installation_id}/access_tokens`.
+
+ backups:
+ - '{% data variables.product.prodname_ghe_server %} 3.2 requires at least [GitHub Enterprise Backup Utilities 3.2.0](https://github.com/github/backup-utils) for [Backups and Disaster Recovery](/enterprise-server@3.2/admin/configuration/configuring-backups-on-your-appliance).'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-3/0-rc1.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-3/0-rc1.yml
new file mode 100644
index 0000000000..eaa5046942
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-3/0-rc1.yml
@@ -0,0 +1,299 @@
+date: '2021-11-09'
+release_candidate: true
+deprecated: true
+intro: |
+ {% note %}
+
+ **Note:** If {% data variables.product.product_location %} is running a release candidate build, you can't upgrade with a hotpatch. We recommend only running release candidates on test environments.
+
+ {% endnote %}
+
+ For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
+sections:
+ features:
+ - heading: Security Manager role
+ notes:
+ # https://github.com/github/releases/issues/1610
+ - |
+ Organization owners can now grant teams the access to manage security alerts and settings on their repositories. The "security manager" role can be applied to any team and grants the team's members the following access:
+
+ - Read access on all repositories in the organization.
+ - Write access on all security alerts in the organization.
+ - Access to the organization-level security tab.
+ - Write access on security settings at the organization level.
+ - Write access on security settings at the repository level.
+
+ For more information, see "[Managing security managers in your organization](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization)."
+
+ - heading: 'Ephemeral self-hosted runners for GitHub Actions & new webhooks for auto-scaling'
+ notes:
+ # https://github.com/github/releases/issues/1378
+ - |
+ {% data variables.product.prodname_actions %} now supports ephemeral (single job) self-hosted runners and a new [`workflow_job`](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job) webhook to make autoscaling runners easier.
+
+ Ephemeral runners are good for self-managed environments where each job is required to run on a clean image. After a job is run, ephemeral runners are automatically unregistered from {% data variables.product.product_location %}, allowing you to perform any post-job management.
+
+ You can combine ephemeral runners with the new `workflow_job` webhook to automatically scale self-hosted runners in response to {% data variables.product.prodname_actions %} job requests.
+
+ For more information, see "[Autoscaling with self-hosted runners](/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners)" and "[Webhook events and payloads](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job)."
+
+ - heading: 'Dark high contrast theme'
+ notes:
+ # https://github.com/github/releases/issues/1539
+ - |
+ A dark high contrast theme, with greater contrast between foreground and background elements, is now available on {% data variables.product.prodname_ghe_server %} 3.3. This release also includes improvements to the color system across all {% data variables.product.company_short %} themes.
+
+ 
+
+ For more information about changing your theme, see "[Managing your theme settings](/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-your-theme-settings)."
+
+ changes:
+ - heading: Administration Changes
+ notes:
+ # https://github.com/github/releases/issues/1666
+ - '{% data variables.product.prodname_ghe_server %} 3.3 includes improvements to the maintenance of repositories, especially for repositories that contain many unreachable objects. Note that the first maintenance cycle after upgrading to {% data variables.product.prodname_ghe_server %} 3.3 may take longer than usual to complete.'
+
+ # https://github.com/github/releases/issues/1533
+ - '{% data variables.product.prodname_ghe_server %} 3.3 includes the public beta of a repository cache for geographically-distributed teams and CI infrastructure. The repository cache keeps a read-only copy of your repositories available in additional geographies, which prevents clients from downloading duplicate Git content from your primary instance. For more information, see "[About repository caching](/admin/enterprise-management/caching-repositories/about-repository-caching)."'
+
+ # https://github.com/github/releases/issues/1616
+ - '{% data variables.product.prodname_ghe_server %} 3.3 includes improvements to the user impersonation process. An impersonation session now requires a justification for the impersonation, actions are recorded in the audit log as being performed as an impersonated user, and the user who is impersonated will receive an email notification that they have been impersonated by an enterprise administrator. For more information, see "[Impersonating a user](/enterprise-server@3.3/admin/user-management/managing-users-in-your-enterprise/impersonating-a-user)."'
+
+ # https://github.com/github/releases/issues/1609
+ - A new stream processing service has been added to facilitate the growing set of events that are published to the audit log, including events associated with Git and {% data variables.product.prodname_actions %} activity.
+
+ - heading: Token Changes
+ notes:
+ # https://github.com/github/releases/issues/1390
+ - |
+ An expiration date can now be set for new and existing personal access tokens. Setting an expiration date on personal access tokens is highly recommended to prevent older tokens from leaking and compromising security. Token owners will receive an email when it's time to renew a token that's about to expire. Tokens that have expired can be regenerated, giving users a duplicate token with the same properties as the original.
+
+ When using a personal access token with the {% data variables.product.company_short %} API, a new `GitHub-Authentication-Token-Expiration` header is included in the response, which indicates the token's expiration date. For more information, see "[Creating a personal access token](/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
+
+ - heading: 'Notifications changes'
+ notes:
+ # https://github.com/github/releases/issues/1625
+ - 'Notification emails from discussions now include `(Discussion #xx)` in the subject, so you can recognize and filter emails that reference discussions.'
+
+ - heading: 'Repositories changes'
+ notes:
+ # https://github.com/github/releases/issues/1735
+ - Public repositories now have a `Public` label next to their names like private and internal repositories. This change makes it easier to identify public repositories and avoid accidentally committing private code.
+
+ # https://github.com/github/releases/issues/1733
+ - If you specify the exact name of a branch when using the branch selector menu, the result now appears at the top of the list of matching branches. Previously, exact branch name matches could appear at the bottom of the list.
+
+ # https://github.com/github/releases/issues/1673
+ - When viewing a branch that has a corresponding open pull request, {% data variables.product.prodname_ghe_server %} now links directly to the pull request. Previously, there would be a prompt to contribute using branch comparison or to open a new pull request.
+
+ # https://github.com/github/releases/issues/1670
+ - You can now click a button to copy the full raw contents of a file to the clipboard. Previously, you would need to open the raw file, select all, and then copy. To copy the contents of a file, navigate to the file and click {% octicon "copy" aria-label="The copy icon" %} in the toolbar. Note that this feature is currently only available in some browsers.
+
+ # https://github.com/github/releases/issues/1571
+ - When creating a new release, you can now select or create the tag using a dropdown selector, rather than specifying the tag in a text field. For more information, see "[Managing releases in a repository](/repositories/releasing-projects-on-github/managing-releases-in-a-repository)."
+
+ # https://github.com/github/releases/issues/1752
+ - A warning is now displayed when viewing a file that contains bidirectional Unicode text. Bidirectional Unicode text can be interpreted or compiled differently than it appears in a user interface. For example, hidden bidirectional Unicode characters can be used to swap segments of text in a file. For more information about replacing these characters, see the [{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-10-31-warning-about-bidirectional-unicode-text/).
+
+ # https://github.com/github/releases/issues/1416
+ - You can now use `CITATION.cff` files to let others know how you would like them to cite your work. `CITATION.cff` files are plain text files with human- and machine-readable citation information. {% data variables.product.prodname_ghe_server %} parses this information into common citation formats such as [APA](https://apastyle.apa.org) and [BibTeX](https://en.wikipedia.org/wiki/BibTeX). For more information, see "[About CITATION files](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-citation-files)."
+
+ - heading: 'Markdown changes'
+ notes:
+ # https://github.com/github/releases/issues/1645
+ - |
+ You can use new keyboard shortcuts for quotes and lists in Markdown files, issues, pull requests, and comments.
+
+ * To add quotes, use cmd shift . on Mac, or ctrl shift . on Windows and Linux.
+ * To add an ordered list, use cmd shift 7 on Mac, or ctrl shift 7 on Windows and Linux.
+ * To add an unordered list, use cmd shift 8 on Mac, or ctrl shift 8 on Windows and Linux.
+
+ See "[Keyboard shortcuts](/get-started/using-github/keyboard-shortcuts)" for a full list of available shortcuts.
+
+ # https://github.com/github/releases/issues/1684
+ - You can now use footnote syntax in any Markdown field. Footnotes are displayed as superscript links that you can click to jump to the referenced information, which is displayed in a new section at the bottom of the document. For more information about the syntax, see "[Basic writing and formatting syntax](/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#footnotes)."
+
+ # https://github.com/github/releases/issues/1647
+ - When viewing Markdown files, you can now click {% octicon "code" aria-label="The code icon" %} in the toolbar to view the source of a Markdown file. Previously, you needed to use the blame view to link to specific line numbers in the source of a Markdown file.
+
+ # https://github.com/github/releases/issues/1600
+ - You can now add images and videos to Markdown files in gists by pasting them into the Markdown body or selecting them from the dialog at the bottom of the Markdown file. For information about supported file types, see "[Attaching files](https://docs.github.com/en/github/writing-on-github/working-with-advanced-formatting/attaching-files)."
+
+ # https://github.com/github/releases/issues/1523
+ - '{% data variables.product.prodname_ghe_server %} now automatically generates a table of contents for Wikis, based on headings.'
+
+ # https://github.com/github/releases/issues/1626
+ - When dragging and dropping files into a Markdown editor, such as images and videos, {% data variables.product.prodname_ghe_server %} now uses the mouse pointer location instead of the cursor location when placing the file.
+
+ - heading: 'Issues and pull requests changes'
+ notes:
+ # https://github.com/github/releases/issues/1504
+ - You can now search issues by label using a logical OR operator. To filter issues using logical OR, use the comma syntax. For example, `label:"good first issue","bug"` will list all issues with a label of `good first issue` or `bug`. For more information, see "[Filtering and searching issues and pull requests](/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests#about-search-terms)."
+
+ # https://github.com/github/releases/issues/1685
+ - |
+ Improvements have been made to help teams manage code review assignments. You can now:
+
+ - Limit assignment to only direct members of the team.
+ - Continue with automatic assignment even if one or more members of the team are already requested.
+ - Keep a team assigned to review even if one or more members is newly assigned.
+
+ The timeline and reviewers sidebar on the pull request page now indicate if a review request was automatically assigned to one or more team members.
+
+ For more information, see the [{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-09-29-new-code-review-assignment-settings-and-team-filtering-improvements/).
+ - You can now filter pull request searches to only include pull requests you are directly requested to review.
+ # https://github.com/github/releases/issues/1683
+ - Filtered files in pull requests are now completely hidden from view, and are no longer shown as collapsed in the "Files Changed" tab. The "File Filter" menu has also been simplified. For more information, see "[Filtering files in a pull request](/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/filtering-files-in-a-pull-request)."
+
+ - heading: 'GitHub Actions changes'
+ notes:
+ # https://github.com/github/releases/issues/1593
+ - You can now create "composite actions" which combine multiple workflow steps into one action, and includes the ability to reference other actions. This makes it easier to reduce duplication in workflows. Previously, an action could only use scripts in its YAML definition. For more information, see "[Creating a composite action](/actions/creating-actions/creating-a-composite-action)."
+
+ # https://github.com/github/releases/issues/1694
+ - Managing self-hosted runners at the enterprise level no longer requires using personal access tokens with the `admin:enterprise` scope. You can instead use the new `manage_runners:enterprise` scope to restrict the permissions on your tokens. Tokens with this scope can authenticate to [many REST API endpoints](/rest/reference/enterprise-admin#list-self-hosted-runner-groups-for-an-enterprise) to manage your enterprise's self-hosted runners.
+
+ # https://github.com/github/releases/issues/1157
+ - |
+ The audit log now includes additional events for {% data variables.product.prodname_actions %}. Audit log entries are now recorded for the following events:
+
+ * A self-hosted runner is registered or removed.
+ * A self-hosted runner is added to a runner group, or removed from a runner group.
+ * A runner group is created or removed.
+ * A workflow run is created or completed.
+ * A workflow job is prepared. Importantly, this log includes the list of secrets that were provided to the runner.
+
+ For more information, see "[Security hardening for {% data variables.product.prodname_actions %}](/actions/security-guides/security-hardening-for-github-actions#auditing-github-actions-events)."
+
+ # https://github.com/github/releases/issues/1588
+ - Performance improvements have been made to {% data variables.product.prodname_actions %}, which may result in higher maximum job concurrency.
+
+ - heading: 'GitHub Packages changes'
+ notes:
+ # https://github.com/github/docs-content/issues/5554
+ - When a repository is deleted, any associated package files are now immediately deleted from your {% data variables.product.prodname_registry %} external storage.
+
+ - heading: 'Dependabot and Dependency graph changes'
+ notes:
+ # https://github.com/github/releases/issues/1141
+ - Dependency review is out of beta and is now generally available for {% data variables.product.prodname_GH_advanced_security %} customers. Dependency review provides an easy-to-understand view of dependency changes and their security impact in the "Files changed" tab of pull requests. It informs you of which dependencies were added, removed, or updated, along with vulnerability information. For more information, see "[Reviewing dependency changes in a pull request](/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request)."
+
+ # https://github.com/github/releases/issues/1630
+ - '{% data variables.product.prodname_dependabot %} is now available as a private beta, offering both version updates and security updates for several popular ecosystems. {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_ghe_server %} requires {% data variables.product.prodname_actions %} and a pool of self-hosted runners configured for {% data variables.product.prodname_dependabot %} use. {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_ghe_server %} also requires {% data variables.product.prodname_github_connect %} to be enabled. To learn more and sign up for the beta, contact the GitHub Sales team.'
+
+ - heading: 'Code scanning and secret scanning changes'
+ notes:
+ # https://github.com/github/releases/issues/1724
+ - The depth of {% data variables.product.prodname_codeql %}'s analysis has been improved by adding support for more [libraries and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) and increasing the coverage of our existing library and framework models. [JavaScript](https://github.com/github/codeql/tree/main/javascript) analysis now supports most common templating languages, and [Java](https://github.com/github/codeql/tree/main/java) now covers more than three times the endpoints of previous {% data variables.product.prodname_codeql %} versions. As a result, {% data variables.product.prodname_codeql %} can now detect even more potential sources of untrusted user data, steps through which that data flows, and potentially dangerous sinks where the data could end up. This results in an overall improvement of the quality of {% data variables.product.prodname_code_scanning %} alerts.
+
+ # https://github.com/github/releases/issues/1639
+ - '{% data variables.product.prodname_codeql %} now supports scanning standard language features in Java 16, such as records and pattern matching. {% data variables.product.prodname_codeql %} is able to analyze code written in Java version 7 through 16. For more information about supported languages and frameworks, see the [{% data variables.product.prodname_codeql %} documentation](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/#id5).'
+
+ # https://github.com/github/releases/issues/1655
+ - |
+ Improvements have been made to the {% data variables.product.prodname_code_scanning %} `on:push` trigger when code is pushed to a pull request. If an `on:push` scan returns results that are associated with a pull request, {% data variables.product.prodname_code_scanning %} will now show these alerts on the pull request.
+
+ Some other CI/CD systems can be exclusively configured to trigger a pipeline when code is pushed to a branch, or even exclusively for every commit. Whenever such an analysis pipeline is triggered and results are uploaded to the SARIF API, {% data variables.product.prodname_code_scanning %} will also try to match the analysis results to an open pull request. If an open pull request is found, the results will be published as described above. For more information, see the [{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-09-27-showing-code-scanning-alerts-on-pull-requests/).
+
+ # https://github.com/github/releases/issues/1546
+ - You can now use the new pull request filter on the {% data variables.product.prodname_code_scanning %} alerts page to find all the {% data variables.product.prodname_code_scanning %} alerts associated with a pull request. A new "View all branch alerts" link on the pull request "Checks" tab allows you to directly view {% data variables.product.prodname_code_scanning %} alerts with the specific pull request filter already applied. For more information, see the [{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-08-23-pull-request-filter-for-code-scanning-alerts/).
+
+ # https://github.com/github/releases/issues/1562
+ - User defined patterns for {% data variables.product.prodname_secret_scanning %} is out of beta and is now generally available for {% data variables.product.prodname_GH_advanced_security %} customers. Also new in this release is the ability to edit custom patterns defined at the repository, organization, and enterprise levels. After editing and saving a pattern, {% data variables.product.prodname_secret_scanning %} searches for matches both in a repository's entire Git history and in any new commits. Editing a pattern will close alerts previously associated with the pattern if they no longer match the updated version. Other improvements, such as dry-runs, are planned in future releases. For more information, see "[Defining custom patterns for secret scanning](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
+
+ - heading: API and webhook changes
+ notes:
+ # https://github.com/github/releases/issues/1744
+ - Most REST API previews have graduated and are now an official part of the API. Preview headers are no longer required for most REST API endpoints, but will still function as expected if you specify a graduated preview in the `Accept` header of a request. For previews that still require specifying the preview in the `Accept` header of a request, see "[API previews](/rest/overview/api-previews)."
+
+ # https://github.com/github/releases/issues/1513
+ - You can now use the REST API to configure custom autolinks to external resources. The REST API now provides beta `GET`/`POST`/`DELETE` endpoints which you can use to view, add, or delete custom autolinks associated with a repository. For more information, see "[Autolinks](/rest/reference/repos#autolinks)."
+
+ # https://github.com/github/releases/issues/1578
+ - You can now use the REST API to sync a forked repository with its upstream repository. For more information, see "[Branches](/rest/reference/branches#sync-a-fork-branch-with-the-upstream-repository)" in the REST API documentation.
+
+ # https://github.com/github/releases/issues/1527
+ - Enterprise administrators on GitHub Enterprise Server can now use the REST API to enable or disable Git LFS for a repository. For more information, see "[Repositories](/rest/reference/repos#git-lfs)."
+
+ # https://github.com/github/releases/issues/1476
+ - You can now use the REST API to query the audit log for an enterprise. While audit log forwarding provides the ability to retain and analyze data with your own toolkit and determine patterns over time, the new endpoint can help you perform limited analysis on recent events. For more information, see "[{% data variables.product.prodname_enterprise %} administration](/rest/reference/enterprise-admin#get-the-audit-log-for-an-enterprise)" in the REST API documentation.
+
+ # https://github.com/github/releases/issues/1485
+ - GitHub App user-to-server API requests can now read public resources using the REST API. This includes, for example, the ability to list a public repository's issues and pull requests, and to access a public repository's comments and content.
+
+ # https://github.com/github/releases/issues/1734
+ - When creating or updating a repository, you can now configure whether forking is allowed using the REST and GraphQL APIs. Previously, APIs for creating and updating repositories didn't include the fields `allow_forking` (REST) or `forkingAllowed` (GraphQL). For more information, see "[Repositories](/rest/reference/repos)" in the REST API documentation and "[Repositories](/graphql/reference/objects#repository)" in the GraphQL API documentation.
+
+ # https://github.com/github/releases/issues/1637
+ - |
+ A new GraphQL mutation [`createCommitOnBranch`](/graphql/reference/mutations#createcommitonbranch) makes it easier to add, update, and delete files in a branch of a repository. Compared to the REST API, you do not need to manually create blobs and trees before creating the commit. This allows you to add, update, or delete multiple files in a single API call.
+
+ Commits authored using the new API are automatically GPG signed and are [marked as verified](/github/authenticating-to-github/managing-commit-signature-verification/about-commit-signature-verification) in the {% data variables.product.prodname_ghe_server %} UI. GitHub Apps can use the mutation to author commits directly or [on behalf of users](/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps#user-to-server-requests).
+
+ # https://github.com/github/releases/issues/1665
+ - When a new tag is created, the [push](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push) webhook payload now always includes a `head_commit` object that contains the data of the commit that the new tag points to. As a result, the `head_commit` object will always contain the commit data of the payload's `after` commit.
+
+ - heading: 'Performance Changes'
+ notes:
+ # https://github.com/github/releases/issues/1823
+ - Page loads and jobs are now significantly faster for repositories with many Git refs.
+
+ # No security/bug fixes for the RC release
+ # security_fixes:
+ # - PLACEHOLDER
+
+ # bugs:
+ # - PLACEHOLDER
+
+ known_issues:
+ - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+ - Custom firewall rules are removed during the upgrade process.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+ - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+ - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+
+ deprecations:
+ - heading: Deprecation of GitHub Enterprise Server 2.22
+ notes:
+ - '**{% data variables.product.prodname_ghe_server %} 2.22 was discontinued on September 23, 2021**. This means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, [upgrade to the newest version of {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.3/admin/enterprise-management/upgrading-github-enterprise-server) as soon as possible.'
+ - heading: Deprecation of GitHub Enterprise Server 3.0
+ notes:
+ - '**{% data variables.product.prodname_ghe_server %} 3.0 will be discontinued on February 16, 2022**. This means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, [upgrade to the newest version of {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.3/admin/enterprise-management/upgrading-github-enterprise-server) as soon as possible.'
+
+ - heading: Deprecation of XenServer Hypervisor support
+ notes:
+ # https://github.com/github/docs-content/issues/4439
+ - Starting with {% data variables.product.prodname_ghe_server %} 3.3, {% data variables.product.prodname_ghe_server %} on XenServer is deprecated and is no longer supported. Please contact [GitHub Support](https://support.github.com) with questions or concerns.
+
+ - heading: Deprecation of OAuth Application API endpoints and API authentication using query parameters
+ notes:
+ # https://github.com/github/releases/issues/1316
+ - |
+ To prevent accidental logging or exposure of `access_tokens`, we discourage the use of OAuth Application API endpoints and the use of API authentication using query parameters. View the following posts to see the proposed replacements:
+
+ * [Replacement OAuth Application API endpoints](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/#changes-to-make)
+ * [Replacement authentication using headers instead of query param](https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make)
+
+ These endpoints and authentication route are planned to be removed from {% data variables.product.prodname_ghe_server %} in {% data variables.product.prodname_ghe_server %} 3.4.
+
+ - heading: Deprecation of the CodeQL runner
+ notes:
+ # https://github.com/github/releases/issues/1632
+ - The {% data variables.product.prodname_codeql %} runner is being deprecated. {% data variables.product.prodname_ghe_server %} 3.3 will be the final release series that supports the {% data variables.product.prodname_codeql %} runner. Starting with {% data variables.product.prodname_ghe_server %} 3.4, the {% data variables.product.prodname_codeql %} runner will be removed and no longer supported. The {% data variables.product.prodname_codeql %} CLI version 2.6.2 or greater is a feature-complete replacement for the {% data variables.product.prodname_codeql %} runner. For more information, see the [{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-09-21-codeql-runner-deprecation/).
+
+ - heading: Deprecation of custom bit-cache extensions
+ notes:
+ # https://github.com/github/releases/issues/1415
+ - |
+ Starting in {% data variables.product.prodname_ghe_server %} 3.1, support for {% data variables.product.company_short %}'s proprietary bit-cache extensions began to be phased out. These extensions are now deprecated in {% data variables.product.prodname_ghe_server %} 3.3.
+
+ Any repositories that were already present and active on {% data variables.product.product_location %} running version 3.1 or 3.2 will have been automatically updated.
+
+ Repositories which were not present and active before upgrading to {% data variables.product.prodname_ghe_server %} 3.3 may not perform optimally until a repository maintenance task is run and has successfully completed.
+
+ To start a repository maintenance task manually, browse to `https:///stafftools/repositories///network` for each affected repository and click the **Schedule** button.
+
+ backups:
+ - '{% data variables.product.prodname_ghe_server %} 3.3 requires at least [GitHub Enterprise Backup Utilities 3.3.0](https://github.com/github/backup-utils) for [Backups and Disaster Recovery](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance).'
diff --git a/translations/zh-CN/data/release-notes/enterprise-server/3-4/0-rc1.yml b/translations/zh-CN/data/release-notes/enterprise-server/3-4/0-rc1.yml
new file mode 100644
index 0000000000..f49bb7d8e3
--- /dev/null
+++ b/translations/zh-CN/data/release-notes/enterprise-server/3-4/0-rc1.yml
@@ -0,0 +1,286 @@
+date: '2022-02-15'
+release_candidate: true
+deprecated: true
+intro: |
+ {% note %}
+
+ **Note:** If {% data variables.product.product_location %} is running a release candidate build, you can't upgrade with a hotpatch. We recommend only running release candidates on test environments.
+
+ {% endnote %}
+
+ For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
+
+ > This release is dedicated to our colleague and friend John, a Hubber who was always there to help. You will be greatly missed.
+ >
+ > **John "Ralph" Wiebalk 1986–2021**
+
+sections:
+ features:
+ - heading: Secret scanning REST API now returns locations
+ notes:
+ # https://github.com/github/releases/issues/1642
+ - |
+ {% data variables.product.prodname_GH_advanced_security %} customers can now use the REST API to retrieve commit details of secrets detected in private repository scans. The new endpoint returns details of a secret's first detection within a file, including the secret's location and commit SHA. For more information, see "[Secret scanning](/rest/reference/secret-scanning)" in the REST API documentation.
+
+ - heading: Export license data of committer-based billing for GitHub Advanced Security
+ notes:
+ # https://github.com/github/releases/issues/1757
+ - |
+ Enterprise and organization owners can now export their {% data variables.product.prodname_GH_advanced_security %} license usage data to a CSV file. The {% data variables.product.prodname_advanced_security %} billing data can also be retrieved via billing endpoints in the REST API. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-11-export-github-advanced-security-license-usage-data/)."
+
+ - heading: GitHub Actions reusable workflows in public beta
+ notes:
+ # https://github.com/github/releases/issues/1541
+ - |
+ You can now reuse entire workflows as if they were an action. This feature is available in public beta. Instead of copying and pasting workflow definitions across repositories, you can now reference an existing workflow with a single line of configuration. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-10-05-github-actions-dry-your-github-actions-configuration-by-reusing-workflows/)."
+
+ - heading: Dependabot security and version updates in public beta
+ notes:
+ # https://github.com/github/releases/issues/2004
+ - |
+ {% data variables.product.prodname_dependabot %} is now available in {% data variables.product.prodname_ghe_server %} 3.4 as a public beta, offering both version updates and security updates for several popular ecosystems. {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_ghe_server %} requires {% data variables.product.prodname_actions %} and a pool of self-hosted runners configured for {% data variables.product.prodname_dependabot %} use. {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_ghe_server %} also requires {% data variables.product.prodname_github_connect %} and {% data variables.product.prodname_dependabot %} to be enabled by an administrator. Beta feedback and suggestions can be shared in the [{% data variables.product.prodname_dependabot %} Feedback GitHub discussion](https://github.com/community/community/discussions/categories/dependabot). For more information and to try the beta, see "[Setting up {% data variables.product.prodname_dependabot %} security and version updates on your enterprise](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/setting-up-dependabot-updates)."
+
+ changes:
+ - heading: Administration Changes
+ notes:
+ # https://github.com/github/releases/issues/1657
+ - Users can now choose the number of spaces a tab is equal to, by setting their preferred tab size in the "Appearance" settings of their user account. All code with a tab indent will render using the preferred tab size.
+
+ # https://github.com/github/releases/issues/2062
+ - The {% data variables.product.prodname_github_connect %} data connection record now includes a count of the number of active and dormant users and the configured dormancy period.
+
+ - heading: Performance Changes
+ notes:
+ # https://github.com/github/releases/issues/2031
+ - WireGuard, used to secure communication between {% data variables.product.prodname_ghe_server %} instances in a High Availability configuration, has been migrated to the Kernel implementation.
+
+ - heading: Notification Changes
+ notes:
+ # https://github.com/github/releases/issues/1801
+ - Organization owners can now unsubscribe from email notifications when new deploy keys are added to repositories belonging to their organizations. For more information, see "[Configuring notifications](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications)."
+
+ # https://github.com/github/releases/issues/1714
+ - 'Notification emails from newly created issues and pull requests now include `(Issue #xx)` or `(PR #xx)` in the email subject, so you can recognize and filter emails that reference these types of issues.'
+
+ - heading: Organization Changes
+ notes:
+ # https://github.com/github/releases/issues/1509
+ - Organizations can now display a `README.md` file on their profile Overview. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-09-14-readmes-for-organization-profiles/)."
+
+ # https://github.com/github/releases/issues/1883
+ - Members of organizations can now view a list of their enterprise owners under the organization's "People" tab. The enterprise owners list is also now accessible using the GraphQL API. For more information, see the "[`enterpriseOwners`](/graphql/reference/objects#organization)" field under the Organization object in the GraphQL API documentation.
+
+ - heading: Repositories changes
+ notes:
+ # https://github.com/github/releases/issues/1944
+ - |
+ A "Manage Access" section is now shown on the "Collaborators and teams" page in your repository settings. The new section makes it easier for repository administrators to see and manage who has access to their repository, and the level of access granted to each user. Administrators can now:
+
+ * Search all members, teams and collaborators who have access to the repository.
+ * View when members have mixed role assignments, granted to them directly as individuals or indirectly via a team. This is visualized through a new "mixed roles" warning, which displays the highest level role the user is granted if their permission level is higher than their assigned role.
+ * Manage access to popular repositories reliably, with page pagination and fewer timeouts when large groups of users have access.
+
+ # https://github.com/github/releases/issues/1748
+ - '{% data variables.product.prodname_ghe_server %} 3.4 includes improvements to the repository invitation experience, such as notifications for private repository invites, a UI prompt when visiting a private repository you have a pending invitation for, and a banner on a public repository overview page when there is an pending invitation.'
+
+ # https://github.com/github/releases/issues/1739
+ - You can now use single-character prefixes for custom autolinks. Autolink prefixes also now allow `.`, `-`, `_`, `+`, `=`, `:`, `/`, and `#` characters, as well as alphanumerics. For more information about custom autolinks, see "[Configuring autolinks to reference external resources](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-autolinks-to-reference-external-resources)."
+
+ # https://github.com/github/releases/issues/1776
+ - A `CODE_OF_CONDUCT.md` file in the root of a repository is now highlighted in the "About" sidebar on the repository overview page.
+
+ - heading: 'Releases changes'
+ notes:
+ # https://github.com/github/releases/issues/1723
+ - '{% data variables.product.prodname_ghe_server %} 3.4 includes improvements to the Releases UI, such as automatically generated release notes which display a summary of all the pull requests for a given release. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-10-20-improvements-to-github-releases-generally-available/)."'
+
+ # https://github.com/github/releases/issues/1606
+ - When a release is published, an avatar list is now displayed at the bottom of the release. Avatars for all user accounts mentioned in the release notes are shown. For more information, see "[Managing releases in a repository](/repositories/releasing-projects-on-github/managing-releases-in-a-repository)."
+
+ - heading: 'Markdown changes'
+ notes:
+ # https://github.com/github/releases/issues/1779
+ - You can now use the new "Accessibility" settings page to manage your keyboard shortcuts. You can choose to disable keyboard shortcuts that only use single characters like S, G C, and . (the period key). For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-16-managing-keyboard-shortcuts-using-accessibility-settings/)."
+
+ # https://github.com/github/releases/issues/1727
+ - You can now choose to use a fixed-width font in Markdown-enabled fields, like issue comments and pull request descriptions. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-10-12-fixed-width-font-support-in-markdown-enabled-fields/)."
+
+ # https://github.com/github/releases/issues/1761
+ - You can now paste a URL on selected text to quickly create a Markdown link. This works in all Markdown-enabled fields, such as issue comments and pull request descriptions. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-10-linkify-selected-text-on-url-paste/)."
+
+ # https://github.com/github/releases/issues/1758
+ - An image URL can now be appended with a theme context, such as `#gh-dark-mode-only`, to define how the Markdown image is displayed to a viewer. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-24-specify-theme-context-for-images-in-markdown/)."
+
+ # https://github.com/github/releases/issues/1686
+ - When creating or editing a gist file with the Markdown (`.md`) file extension, you can now use the "Preview" or "Preview Changes" tab to display a Markdown rendering of the file contents. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-17-preview-the-markdown-rendering-of-gists/)."
+
+ # https://github.com/github/releases/issues/1754
+ - When typing the name of a {% data variables.product.prodname_dotcom %} user in issues, pull requests and discussions, the @mention suggester now ranks existing participants higher than other {% data variables.product.prodname_dotcom %} users, so that it's more likely the user you're looking for will be listed.
+
+ # https://github.com/github/releases/issues/1636
+ - Right-to-left languages are now supported natively in Markdown files, issues, pull requests, discussions, and comments.
+
+ - heading: 'Issues and pull requests changes'
+ notes:
+ # https://github.com/github/releases/issues/1731
+ - The diff setting to hide whitespace changes in the pull request "Files changed" tab is now retained for your user account for that pull request. The setting you have chosen is automatically reapplied if you navigate away from the page and then revisit the "Files changed" tab of the same pull request.
+
+ # https://github.com/github/releases/issues/1663
+ - When using auto assignment for pull request code reviews, you can now choose to only notify requested team members independently of your auto assignment settings. This setting is useful in scenarios where many users are auto assigned but not all users require notification. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-10-team-member-pull-request-review-notifications-can-be-configured-independently-of-auto-assignment/)."
+
+ - heading: 'Branches changes'
+ notes:
+ # https://github.com/github/releases/issues/1526
+ - Organization and repository administrators can now trigger webhooks to listen for changes to branch protection rules on their repositories. For more information, see the "[branch_protection_rule](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#branch_protection_rule)" event in the webhooks events and payloads documentation.
+
+ # https://github.com/github/releases/issues/1759
+ - When configuring protected branches, you can now enforce that a required status check is provided by a specific {% data variables.product.prodname_github_app %}. If a status is then provided by a different application, or by a user via a commit status, merging is prevented. This ensures all changes are validated by the intended application. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-12-01-ensure-required-status-checks-provided-by-the-intended-app/)."
+
+ # https://github.com/github/releases/issues/1911
+ - Only users with administrator permissions are now able to rename protected branches and modify branch protection rules. Previously, with the exception of the default branch, a collaborator could rename a branch and consequently any non-wildcard branch protection rules that applied to that branch were also renamed. For more information, see "[Renaming a branch](/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch)" and "[Managing a branch protection rule](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/managing-a-branch-protection-rule)."
+
+ # https://github.com/github/releases/issues/1845
+ - Administrators can now allow only specific users and teams to bypass pull request requirements. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-19-allow-bypassing-required-pull-requests/)."
+
+ # https://github.com/github/releases/issues/1850
+ - Administrators can now allow only specific users and teams to force push to a repository. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-12-21-specify-who-can-force-push-to-a-repository/)."
+
+ # https://github.com/github/releases/issues/1796
+ - When requiring pull requests for all changes to a protected branch, administrators can now choose if approved reviews are also a requirement. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-10-require-pull-requests-without-requiring-reviews/)."
+
+ - heading: 'GitHub Actions changes'
+ notes:
+ # https://github.com/github/releases/issues/1906
+ - '{% data variables.product.prodname_actions %} workflows triggered by {% data variables.product.prodname_dependabot %} for the `create`, `deployment`, and `deployment_status` events now always receive a read-only token and no secrets. Similarly, workflows triggered by {% data variables.product.prodname_dependabot %} for the `pull_request_target` event on pull requests where the base ref was created by {% data variables.product.prodname_dependabot %}, now always receive a read-only token and no secrets. These changes are designed to prevent potentially malicious code from executing in a privileged workflow. For more information, see "[Automating {% data variables.product.prodname_dependabot %} with {% data variables.product.prodname_actions %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions)."'
+
+ # https://github.com/github/releases/issues/1667
+ - Workflow runs on `push` and `pull_request` events triggered by {% data variables.product.prodname_dependabot %} will now respect the permissions specified in your workflows, allowing you to control how you manage automatic dependency updates. The default token permissions will remain read-only. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-10-06-github-actions-workflows-triggered-by-dependabot-prs-will-respect-permissions-key-in-workflows/)."
+
+ # https://github.com/github/releases/issues/1668
+ - '{% data variables.product.prodname_actions %} workflows triggered by {% data variables.product.prodname_dependabot %} will now be sent the {% data variables.product.prodname_dependabot %} secrets. You can now pull from private package registries in your CI using the same secrets you have configured for {% data variables.product.prodname_dependabot %} to use, improving how {% data variables.product.prodname_actions %} and {% data variables.product.prodname_dependabot %} work together. For more information, see "[Automating {% data variables.product.prodname_dependabot %} with {% data variables.product.prodname_actions %}](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions)."'
+
+ # https://github.com/github/releases/issues/1615
+ - You can now manage runner groups and see the status of your self-hosted runners using new Runners and Runner Groups pages in the UI. The Actions settings page for your repository or organization now shows a summary view of your runners, and allows you to deep dive into a specific runner to edit it or see what job it may be currently running. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-09-20-github-actions-experience-refresh-for-the-management-of-self-hosted-runners/)."
+
+ # https://github.com/github/releases/issues/1785
+ - 'Actions authors can now have their action run in Node.js 16 by specifying [`runs.using` as `node16` in the action''s `action.yml`](/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions). This is in addition to the existing Node.js 12 support; actions can continue to specify `runs.using: node12` to use the Node.js 12 runtime.'
+
+ # https://github.com/github/releases/issues/1799
+ - 'For manually triggered workflows, {% data variables.product.prodname_actions %} now supports the `choice`, `boolean`, and `environment` input types in addition to the default `string` type. For more information, see "[`on.workflow_dispatch.inputs`](/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatchinputs)."'
+
+ # https://github.com/github/releases/issues/1782
+ - Actions written in YAML, also known as composite actions, now support `if` conditionals. This lets you prevent specific steps from executing unless a condition has been met. Like steps defined in workflows, you can use any supported context and expression to create a conditional.
+
+ # https://github.com/github/releases/issues/1919
+ - The search order behavior for self-hosted runners has now changed, so that the first available matching runner at any level will run the job in all cases. This allows jobs to be sent to self-hosted runners much faster, especially for organizations and enterprises with lots of self-hosted runners. Previously, when running a job that required a self-hosted runner, {% data variables.product.prodname_actions %} would look for self-hosted runners in the repository, organization, and enterprise, in that order.
+
+ # https://github.com/github/releases/issues/1753
+ - Runner labels for {% data variables.product.prodname_actions %} self-hosted runners can now be listed, added and removed using the REST API. For more information about using the new APIs at a repository, organization, or enterprise level, see "[Repositories](/rest/reference/actions#list-labels-for-a-self-hosted-runner-for-a-repository)", "[Organizations](/rest/reference/actions#add-custom-labels-to-a-self-hosted-runner-for-an-organization)", and "[Enterprises](/rest/reference/enterprise-admin#list-labels-for-a-self-hosted-runner-for-an-enterprise)" in the REST API documentation.
+
+ - heading: 'Dependabot and Dependency graph changes'
+ notes:
+ # https://github.com/github/releases/issues/1520
+ - Dependency graph now supports detecting Python dependencies in repositories that use the Poetry package manager. Dependencies will be detected from both `pyproject.toml` and `poetry.lock` manifest files.
+
+ # https://github.com/github/releases/issues/1921
+ - When configuring {% data variables.product.prodname_dependabot %} security and version updates on GitHub Enterprise Server, we recommend you also enable {% data variables.product.prodname_dependabot %} in {% data variables.product.prodname_github_connect %}. This will allow {% data variables.product.prodname_dependabot %} to retrieve an updated list of dependencies and vulnerabilities from {% data variables.product.prodname_dotcom_the_website %}, by querying for information such as the changelogs of the public releases of open source code that you depend upon. For more information, see "[Enabling the dependency graph and Dependabot alerts for your enterprise](/admin/configuration/configuring-github-connect/enabling-the-dependency-graph-and-dependabot-alerts-for-your-enterprise)."
+
+ # https://github.com/github/releases/issues/1717
+ - '{% data variables.product.prodname_dependabot_alerts %} alerts can now be dismissed using the GraphQL API. For more information, see the "[dismissRepositoryVulnerabilityAlert](/graphql/reference/mutations#dismissrepositoryvulnerabilityalert)" mutation in the GraphQL API documentation.'
+
+ - heading: 'Code scanning and secret scanning changes'
+ notes:
+ # https://github.com/github/releases/issues/1802
+ - The {% data variables.product.prodname_codeql %} CLI now supports including markdown-rendered query help in SARIF files, so that the help text can be viewed in the {% data variables.product.prodname_code_scanning %} UI when the query generates an alert. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-23-display-help-text-for-your-custom-codeql-queries-in-code-scanning/)."
+
+ # https://github.com/github/releases/issues/1790
+ - The {% data variables.product.prodname_codeql %} CLI and {% data variables.product.prodname_vscode %} extension now support building databases and analyzing code on machines powered by Apple Silicon, such as Apple M1. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-10-codeql-now-supports-apple-silicon-m1/)."
+
+ # https://github.com/github/releases/issues/1732
+ - |
+ The depth of {% data variables.product.prodname_codeql %}'s analysis has been improved by adding support for more [libraries and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) from the Python ecosystem. As a result, {% data variables.product.prodname_codeql %} can now detect even more potential sources of untrusted user data, steps through which that data flows, and potentially dangerous sinks where the data could end up. This results in an overall improvement of the quality of {% data variables.product.prodname_code_scanning %} alerts. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-11-24-codeql-code-scanning-now-recognizes-more-python-libraries-and-frameworks/)."
+
+ # https://github.com/github/releases/issues/1567
+ - Code scanning with {% data variables.product.prodname_codeql %} now includes beta support for analyzing code in all common Ruby versions, up to and including 3.02. For more information, see the "[{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-10-27-codeql-code-scanning-adds-beta-support-for-ruby/)."
+
+ # https://github.com/github/releases/issues/1764
+ - |
+ Several improvements have been made to the {% data variables.product.prodname_code_scanning %} API:
+
+ * The `fixed_at` timestamp has been added to alerts. This timestamp is the first time that the alert was not detected in an analysis.
+ * Alert results can now be sorted using `sort` and `direction` on either `created`, `updated` or `number`. For more information, see "[List code scanning alerts for a repository](/rest/reference/code-scanning#list-code-scanning-alerts-for-a-repository)."
+ * A `Last-Modified` header has been added to the alerts and alert endpoint response. For more information, see [`Last-Modified`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Last-Modified) in the Mozilla documentation.
+ * The `relatedLocations` field has been added to the SARIF response when you request a code scanning analysis. The field may contain locations which are not the primary location of the alert. See an example in the [SARIF spec](https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html#_Toc16012616) and for more information see "[Get a code scanning analysis for a repository](/rest/reference/code-scanning#get-a-code-scanning-analysis-for-a-repository)."
+ * Both `help` and `tags` data have been added to the webhook response alert rule object. For more information, see "[Code scanning alert webhooks events and payloads](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#code_scanning_alert)."
+ * Personal access tokens with the `public_repo` scope now have write access for code scanning endpoints on public repos, if the user has permission.
+
+ For more information, see "[Code scanning](/rest/reference/code-scanning)" in the REST API documentation.
+
+ # https://github.com/github/releases/issues/1943
+ - '{% data variables.product.prodname_GH_advanced_security %} customers can now use the REST API to retrieve private repository secret scanning results at the enterprise level. The new endpoint supplements the existing repository-level and organization-level endpoints. For more information, see "[Secret scanning](/rest/reference/secret-scanning)" in the REST API documentation.'
+
+ # No security/bug fixes for the RC release
+ # security_fixes:
+ # - PLACEHOLDER
+
+ # bugs:
+ # - PLACEHOLDER
+
+ known_issues:
+ - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+ - Custom firewall rules are removed during the upgrade process.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+ - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+ - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+ - Actions services needs to be restarted after restoring appliance from backup taken on a different host.
+
+ deprecations:
+ - heading: Deprecation of GitHub Enterprise Server 3.0
+ notes:
+ - '**{% data variables.product.prodname_ghe_server %} 3.0 was discontinued on February 16, 2022**. This means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, [upgrade to the newest version of {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.4/admin/enterprise-management/upgrading-github-enterprise-server) as soon as possible.'
+ - heading: Deprecation of GitHub Enterprise Server 3.1
+ notes:
+ - '**{% data variables.product.prodname_ghe_server %} 3.1 will be discontinued on June 3, 2022**. This means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, [upgrade to the newest version of {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.4/admin/enterprise-management/upgrading-github-enterprise-server) as soon as possible.'
+
+ - heading: Deprecation of XenServer Hypervisor support
+ notes:
+ # https://github.com/github/docs-content/issues/4439
+ - Starting in {% data variables.product.prodname_ghe_server %} 3.3, {% data variables.product.prodname_ghe_server %} on XenServer was deprecated and is no longer supported. Please contact [GitHub Support](https://support.github.com) with questions or concerns.
+
+ - heading: Deprecation of the Content Attachments API preview
+ notes:
+ #
+ - Due to low usage, we have deprecated the Content References API preview in {% data variables.product.prodname_ghe_server %} 3.4. The API was previously accessible with the `corsair-preview` header. Users can continue to navigate to external URLs without this API. Any registered usages of the Content References API will no longer receive a webhook notification for URLs from your registered domain(s) and we no longer return valid response codes for attempted updates to existing content attachments.
+
+ - heading: Deprecation of the Codes of Conduct API preview
+ notes:
+ # https://github.com/github/releases/issues/1708
+ - 'The Codes of Conduct API preview, which was accessible with the `scarlet-witch-preview` header, is deprecated and no longer accessible in {% data variables.product.prodname_ghe_server %} 3.4. We instead recommend using the "[Get community profile metrics](/rest/reference/repos#get-community-profile-metrics)" endpoint to retrieve information about a repository''s code of conduct. For more information, see the "[Deprecation Notice: Codes of Conduct API preview](https://github.blog/changelog/2021-10-06-deprecation-notice-codes-of-conduct-api-preview/)" in the {% data variables.product.prodname_dotcom %} changelog.'
+
+ - heading: Deprecation of OAuth Application API endpoints and API authentication using query parameters
+ notes:
+ # https://github.com/github/releases/issues/1316
+ - |
+ Starting with {% data variables.product.prodname_ghe_server %} 3.4, the [deprecated version of the OAuth Application API endpoints](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/#endpoints-affected) have been removed. If you encounter 404 error messages on these endpoints, convert your code to the versions of the OAuth Application API that do not have `access_tokens` in the URL. We've also disabled the use of API authentication using query parameters. We instead recommend using [API authentication in the request header](https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make).
+
+ - heading: Deprecation of the CodeQL runner
+ notes:
+ # https://github.com/github/releases/issues/1632
+ - The {% data variables.product.prodname_codeql %} runner is deprecated in {% data variables.product.prodname_ghe_server %} 3.4 and is no longer supported. The deprecation only affects users who use {% data variables.product.prodname_codeql %} code scanning in third party CI/CD systems; {% data variables.product.prodname_actions %} users are not affected. We strongly recommend that customers migrate to the {% data variables.product.prodname_codeql %} CLI, which is a feature-complete replacement for the {% data variables.product.prodname_codeql %} runner. For more information, see the [{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-09-21-codeql-runner-deprecation/).
+
+ - heading: Deprecation of custom bit-cache extensions
+ notes:
+ # https://github.com/github/releases/issues/1415
+ - |
+ Starting in {% data variables.product.prodname_ghe_server %} 3.1, support for {% data variables.product.company_short %}'s proprietary bit-cache extensions began to be phased out. These extensions are deprecated in {% data variables.product.prodname_ghe_server %} 3.3 onwards.
+
+ Any repositories that were already present and active on {% data variables.product.product_location %} running version 3.1 or 3.2 will have been automatically updated.
+
+ Repositories which were not present and active before upgrading to {% data variables.product.prodname_ghe_server %} 3.3 may not perform optimally until a repository maintenance task is run and has successfully completed.
+
+ To start a repository maintenance task manually, browse to `https:///stafftools/repositories///network` for each affected repository and click the Schedule button.
+
+ backups:
+ - '{% data variables.product.prodname_ghe_server %} 3.4 requires at least [GitHub Enterprise Backup Utilities 3.4.0](https://github.com/github/backup-utils) for [Backups and Disaster Recovery](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance).'
diff --git a/translations/zh-CN/data/release-notes/github-ae/2021-03/2021-03-03.yml b/translations/zh-CN/data/release-notes/github-ae/2021-03/2021-03-03.yml
index 0fc9945dd8..3132c98a89 100644
--- a/translations/zh-CN/data/release-notes/github-ae/2021-03/2021-03-03.yml
+++ b/translations/zh-CN/data/release-notes/github-ae/2021-03/2021-03-03.yml
@@ -1,64 +1,81 @@
-ms.openlocfilehash: '01df352308991febc092c8a0831413d68c956de1'
-ms.sourcegitcommit: 'ea9a577cff7ec16ded25ed57417c83ec04816428'
-ms.translationtype: 'HT'
-ms.contentlocale: 'zh-CN'
-ms.lasthandoff: '04/07/2022'
-ms.locfileid: '141508745'
date: '2021-03-03'
friendlyDate: 'March 3, 2021'
-title: '2021 年 3 月 3 日当周'
+title: 'Week of March 3, 2021'
currentWeek: false
sections:
features:
- heading: 'GitHub Actions beta'
notes:
- - "[{% data variables.product.prodname_actions %}](https://github.com/features/actions) is a powerful, flexible solution for CI/CD and workflow automation. For more information, see \"[Introduction to {% data variables.product.prodname_actions %}](/actions/learn-github-actions/introduction-to-github-actions).\"\n\nPlease note that when {% data variables.product.prodname_actions %} is enabled during this upgrade, two organizations named \"GitHub Actions\" (@**actions** and @**github**) will appear in {% data variables.product.product_location %}. These organizations are required by {% data variables.product.prodname_actions %}. Users named @**ghost** and @**actions** appear as the actors for creation of these organizations in the audit log.\n"
+ - |
+ [{% data variables.product.prodname_actions %}](https://github.com/features/actions) is a powerful, flexible solution for CI/CD and workflow automation. For more information, see "[Introduction to {% data variables.product.prodname_actions %}](/actions/learn-github-actions/introduction-to-github-actions)."
+
+ Please note that when {% data variables.product.prodname_actions %} is enabled during this upgrade, two organizations named "GitHub Actions" (@**actions** and @**github**) will appear in {% data variables.product.product_location %}. These organizations are required by {% data variables.product.prodname_actions %}. Users named @**ghost** and @**actions** appear as the actors for creation of these organizations in the audit log.
- heading: 'GitHub Packages beta'
notes:
- - "[{% data variables.product.prodname_registry %}](https://github.com/features/packages) is a package hosting service, natively integrated with {% data variables.product.prodname_actions %}, APIs, and webhooks. Create an [end-to-end DevOps workflow](/github-ae@latest/packages/quickstart) that includes your code, continuous integration, and deployment solutions. During this beta, {% data variables.product.prodname_registry %} is offered free of charge to {% data variables.product.product_name %} customers.\n"
+ - |
+ [{% data variables.product.prodname_registry %}](https://github.com/features/packages) is a package hosting service, natively integrated with {% data variables.product.prodname_actions %}, APIs, and webhooks. Create an [end-to-end DevOps workflow](/github-ae@latest/packages/quickstart) that includes your code, continuous integration, and deployment solutions. During this beta, {% data variables.product.prodname_registry %} is offered free of charge to {% data variables.product.product_name %} customers.
- heading: 'GitHub Advanced Security beta'
notes:
- - "{% data variables.product.prodname_GH_advanced_security %} is available in beta and includes both code scanning and secret scanning. During this beta, {% data variables.product.prodname_GH_advanced_security %} features are being offered free of charge to {% data variables.product.product_name %} customers. Repository and organization administrators can opt-in to use {% data variables.product.prodname_GH_advanced_security %} in the Security and Analysis tab under settings.\n\nLearn more about {% data variables.product.prodname_GH_advanced_security %} [code scanning](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning) and [secret scanning](/github/administering-a-repository/about-secret-scanning) on {% data variables.product.prodname_ghe_managed %}.\n"
- - heading: 'Manage teams from your identity provider (IdP)'
+ - |
+ {% data variables.product.prodname_GH_advanced_security %} is available in beta and includes both code scanning and secret scanning. During this beta, {% data variables.product.prodname_GH_advanced_security %} features are being offered free of charge to {% data variables.product.product_name %} customers. Repository and organization administrators can opt-in to use {% data variables.product.prodname_GH_advanced_security %} in the Security and Analysis tab under settings.
+
+ Learn more about {% data variables.product.prodname_GH_advanced_security %} [code scanning](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning) and [secret scanning](/github/administering-a-repository/about-secret-scanning) on {% data variables.product.prodname_ghe_managed %}.
+
+ - heading: Manage teams from your identity provider (IdP)
notes:
- - "Customers using SCIM (System for Cross-domain Identity Management) can now sync security groups in Azure Active Directory with {% data variables.product.company_short %} teams. Once a team has been linked to a security group, membership will be automatically updated in {% data variables.product.product_name %} when a user is added or removed from their assigned security group.\n"
- - heading: 'IP allow lists beta'
+ - |
+ Customers using SCIM (System for Cross-domain Identity Management) can now sync security groups in Azure Active Directory with {% data variables.product.company_short %} teams. Once a team has been linked to a security group, membership will be automatically updated in {% data variables.product.product_name %} when a user is added or removed from their assigned security group.
+
+ - heading: IP allow lists beta
notes:
- - "[{% data variables.product.company_short %} IP allow lists](/admin/configuration/restricting-network-traffic-to-your-enterprise) provide the ability to filter traffic from administrator-specified IP ranges, defined by CIDR notation. The allow list is defined at the enterprise or organization account level in Security > Settings. All traffic that attempts to reach resources within the enterprise account and organizations are filtered by the IP allow lists. This functionality is provided in addition to the ability to request network security group changes that filter traffic to the entirety of the GHAE tenant.\n"
+ - |
+ [{% data variables.product.company_short %} IP allow lists](/admin/configuration/restricting-network-traffic-to-your-enterprise) provide the ability to filter traffic from administrator-specified IP ranges, defined by CIDR notation. The allow list is defined at the enterprise or organization account level in Security > Settings. All traffic that attempts to reach resources within the enterprise account and organizations are filtered by the IP allow lists. This functionality is provided in addition to the ability to request network security group changes that filter traffic to the entirety of the GHAE tenant.
+
changes:
- - heading: 'Developer Changes'
+ - heading: Developer Changes
notes:
- - "[Organization owners can now disable publication](/github/setting-up-and-managing-organizations-and-teams/managing-the-publication-of-github-pages-sites-for-your-organization) of {% data variables.product.prodname_pages %} sites from repositories in the organization. This will not unpublish existing sites.\n"
- - 'Repositories that use {% data variables.product.prodname_pages %} can now [build and deploy from any branch](/github/working-with-github-pages/about-github-pages#publishing-sources-for-github-pages-sites).'
- - 'When writing an issue or pull request, the list syntax for bullets, numbers, and tasks will now be autocompleted after you press `return` or `enter`.'
- - 'You can now delete a directory in a repository from the repository page. When navigating to a directory, a new kebab button next to the "Add file" button gives the option to delete the directory.'
- - 'It''s now easier and faster to [reference issues or pull requests](/github/writing-on-github/basic-writing-and-formatting-syntax#referencing-issues-and-pull-requests), with search across multiple words after the "#".'
- - heading: 'Administration changes'
+ - |
+ [Organization owners can now disable publication](/github/setting-up-and-managing-organizations-and-teams/managing-the-publication-of-github-pages-sites-for-your-organization) of {% data variables.product.prodname_pages %} sites from repositories in the organization. This will not unpublish existing sites.
+ - Repositories that use {% data variables.product.prodname_pages %} can now [build and deploy from any branch](/github/working-with-github-pages/about-github-pages#publishing-sources-for-github-pages-sites).
+ - When writing an issue or pull request, the list syntax for bullets, numbers, and tasks will now be autocompleted after you press `return` or `enter`.
+ - You can now delete a directory in a repository from the repository page. When navigating to a directory, a new kebab button next to the "Add file" button gives the option to delete the directory.
+ - It's now easier and faster to [reference issues or pull requests](/github/writing-on-github/basic-writing-and-formatting-syntax#referencing-issues-and-pull-requests), with search across multiple words after the "#".
+
+ - heading: Administration changes
notes:
- - 'Enterprise owners can now publish a mandatory message. The message is shown to all users and they must acknowledge it. This can be used to display important information, terms of service or policies.'
- - 'The {% data variables.product.prodname_github_app%} single file path permission can now [support up to ten files](/developers/apps/creating-a-github-app-using-url-parameters).'
- - 'When configuring a {% data variables.product.prodname_github_app%}, the authorization callback URL is a required field. Now we will permit the integrator to specify multiple callback URLs. {% data variables.product.product_name %} denies authorization if the callback URL from the request is not listed.'
- - 'A [new API endpoint](/rest/reference/apps#create-a-scoped-access-token) enables the exchange of a user to server token for a user to server token scoped to specific repositories.'
- - 'Events are now logged in the audit log on [promoting a team member to be a team maintainer and on demoting a team maintainer to be a team member](/admin/user-management/audited-actions#teams).'
- - 'The [OAuth device authorization flow](/developers/apps/authorizing-oauth-apps#device-flow) is now supported. This allows any CLI client or developer tool to authenticate using a secondary system.'
- - 'A user can no longer delete their account if SCIM provisioning is enabled.'
- - heading: 'Default branch renaming'
+ - Enterprise owners can now publish a mandatory message. The message is shown to all users and they must acknowledge it. This can be used to display important information, terms of service or policies.
+ - The {% data variables.product.prodname_github_app%} single file path permission can now [support up to ten files](/developers/apps/creating-a-github-app-using-url-parameters).
+ - When configuring a {% data variables.product.prodname_github_app%}, the authorization callback URL is a required field. Now we will permit the integrator to specify multiple callback URLs. {% data variables.product.product_name %} denies authorization if the callback URL from the request is not listed.
+ - A [new API endpoint](/rest/reference/apps#create-a-scoped-access-token) enables the exchange of a user to server token for a user to server token scoped to specific repositories.
+ - Events are now logged in the audit log on [promoting a team member to be a team maintainer and on demoting a team maintainer to be a team member](/admin/user-management/audited-actions#teams).
+ - The [OAuth device authorization flow](/developers/apps/authorizing-oauth-apps#device-flow) is now supported. This allows any CLI client or developer tool to authenticate using a secondary system.
+ - A user can no longer delete their account if SCIM provisioning is enabled.
+
+ - heading: Default branch renaming
notes:
- - "Enterprise and organization owners can now set the default branch name for new repositories. Enterprise owners can also enforce their choice of default branch name across all organizations or allow individual organizations to choose their own.\n\nExisting repositories are unaffected by these settings, and their default branch name will not be changed.\n\nThis change is one of many changes {% data variables.product.company_short %} is making to support projects and maintainers that want to rename their default branch. To learn more, see [github/renaming](https://github.com/github/renaming).\n"
+ - |
+ Enterprise and organization owners can now set the default branch name for new repositories. Enterprise owners can also enforce their choice of default branch name across all organizations or allow individual organizations to choose their own.
+
+ Existing repositories are unaffected by these settings, and their default branch name will not be changed.
+
+ This change is one of many changes {% data variables.product.company_short %} is making to support projects and maintainers that want to rename their default branch. To learn more, see [github/renaming](https://github.com/github/renaming).
+
bugs:
- - heading: 'Bug fixes'
+ - heading: Bug fixes
notes:
- - 'Users can no longer set a backup email address on their profile. Their email address is set through the IdP only.'
- - 'You can no longer enable two-factor authentication after configuring authentication through your IdP.'
- - "{% data variables.product.product_name %} can now connect to Azure Boards.\n"
- - 'Version headers were missing from the APIs, and have now been set to "GitHub AE."'
- - 'Links to documentation have been fixed.'
- - 'Configuration of audit log forwarding within the enterprise''s settings was failing.'
- - 'Navigating to gists could result in a 500 error.'
- - 'The Support email or URL was failing to save. It now saves after a period of a few minutes.'
- - 'Organization level pull request templates were not being applied to all pull requests in the organization.'
+ - Users can no longer set a backup email address on their profile. Their email address is set through the IdP only.
+ - You can no longer enable two-factor authentication after configuring authentication through your IdP.
+ - |
+ {% data variables.product.product_name %} can now connect to Azure Boards.
+ - Version headers were missing from the APIs, and have now been set to "GitHub AE."
+ - Links to documentation have been fixed.
+ - Configuration of audit log forwarding within the enterprise's settings was failing.
+ - Navigating to gists could result in a 500 error.
+ - The Support email or URL was failing to save. It now saves after a period of a few minutes.
+ - Organization level pull request templates were not being applied to all pull requests in the organization.
+
known_issues:
- - heading: 'Known issues'
+ - heading: Known issues
notes:
- - 'Geographic location data is not shown in the audit log. Location information can otherwise be discerned from the IP address associated with each event.'
- - 'The link to {% data variables.product.prodname_registry %} from a repository page shows an incorrect search page when that repository does not have any packages.'
+ - Geographic location data is not shown in the audit log. Location information can otherwise be discerned from the IP address associated with each event.
+ - The link to {% data variables.product.prodname_registry %} from a repository page shows an incorrect search page when that repository does not have any packages.
diff --git a/translations/zh-CN/data/variables/desktop.yml b/translations/zh-CN/data/variables/desktop.yml
new file mode 100644
index 0000000000..748c42e70b
--- /dev/null
+++ b/translations/zh-CN/data/variables/desktop.yml
@@ -0,0 +1,5 @@
+# Supported platforms
+
+mac-osx-versions: MacOS 10.12 或更高版本
+
+windows-versions: Windows 7 64 位或更高版本
diff --git a/translations/zh-CN/data/variables/enterprise.yml b/translations/zh-CN/data/variables/enterprise.yml
new file mode 100644
index 0000000000..086b6f76ed
--- /dev/null
+++ b/translations/zh-CN/data/variables/enterprise.yml
@@ -0,0 +1,3 @@
+management_console: '管理控制台'
+# https://support.github.com/enterprise/server-upgrade
+upgrade_assistant: '升级助手'
diff --git a/translations/zh-CN/data/variables/explore.yml b/translations/zh-CN/data/variables/explore.yml
new file mode 100644
index 0000000000..0e1edfb117
--- /dev/null
+++ b/translations/zh-CN/data/variables/explore.yml
@@ -0,0 +1,6 @@
+explore_github: >-
+ {% ifversion fpt or ghec %}[探索 GitHub](https://github.com/explore){% else %}探索 GitHub (`https://[hostname]/explore`){% endif %}
+your_stars_page: >-
+ {% ifversion fpt or ghec %}[星级页面](https://github.com/stars){% else %}星级页面 (`https://[hostname]/stars`){% endif %}
+trending_page: >-
+ {% ifversion fpt or ghec %}[趋势页面](https://github.com/trending){% else %}趋势页面 (`https://[hostname]/trending`){% endif %}
diff --git a/translations/zh-CN/data/variables/gists.yml b/translations/zh-CN/data/variables/gists.yml
new file mode 100644
index 0000000000..f511ed9935
--- /dev/null
+++ b/translations/zh-CN/data/variables/gists.yml
@@ -0,0 +1,6 @@
+gist_homepage: >-
+ {% ifversion fpt or ghec %}[Gist 主页](https://gist.github.com/){% elsif ghae %}Gist 主页, `http(s)://gist.[hostname]`{% else %}Gist 主页, `http(s)://[hostname]/gist` 或 `http(s)://gist.[hostname]`(如果启用了子域){% endif %}
+gist_search_url: >-
+ {% ifversion fpt or ghec %}[Gist 搜索](https://gist.github.com/search){% elsif ghae %}Gist 搜索, `http(s)://gist.[hostname]/search`{% else %}搜索, `http(s)://[hostname]/gist/search` 或 `http(s)://gist.[hostname]/search`(如果启用了子域){% endif %}
+discover_url: >-
+ {% ifversion fpt or ghec %}[发现](https://gist.github.com/discover){% elsif ghae %}发现, `http(s)://gist.[hostname]/discover`{% else %}发现, `http(s)://[hostname]/gist/discover` 或 `http(s)://gist.[hostname]/discover`(如果启用了子域){% endif %}
diff --git a/translations/zh-CN/data/variables/migrations.yml b/translations/zh-CN/data/variables/migrations.yml
new file mode 100644
index 0000000000..c289f377b0
--- /dev/null
+++ b/translations/zh-CN/data/variables/migrations.yml
@@ -0,0 +1,6 @@
+user_migrations_intro: >-
+ 可以使用此 API 审查、备份或迁移存储在 {% data variables.product.product_name %}.com 上的用户数据。
+organization_migrations_intro: >-
+ 使用组织迁移 API,可以将仓库从 {% data variables.product.prodname_dotcom_the_website %} 移动至 {% data variables.product.prodname_ghe_server %}。有关详细信息,请参阅 {% data variables.product.prodname_ghe_server %} 文档中的“[从 GitHub.com 导出迁移数据](/enterprise-server@latest/admin/user-management/migrating-data-to-and-from-your-enterprise/exporting-migration-data-from-githubcom)”。
+source_imports_intro: >-
+ 使用源导入 API,可以从 Git、Subversion、Mercurial 或 Team Foundation版本控制源仓库启动导入。这与 {% data variables.product.prodname_dotcom %} 导入工具的作用一样。有关详细信息,请参阅“[使用 {% data variables.product.prodname_dotcom %} 导入工具导入仓库](/github/importing-your-projects-to-github/importing-a-repository-with-github-importer)”。
diff --git a/translations/zh-CN/data/variables/search.yml b/translations/zh-CN/data/variables/search.yml
new file mode 100644
index 0000000000..c004d39c20
--- /dev/null
+++ b/translations/zh-CN/data/variables/search.yml
@@ -0,0 +1,4 @@
+advanced_url: >-
+ {% ifversion fpt or ghec %}[高级搜索](https://github.com/search/advanced)页面{% else %}高级搜索页面 (`https://[hostname]/search/advanced`){% endif %}
+search_page_url: >-
+ {% ifversion fpt or ghec %}[搜索](https://github.com/search)页面{% else %}搜索页面 (`https://[hostname]/search`){% endif %}