Merge branch 'main' into mc-dependabot-advisory-db
This commit is contained in:
mc
@@ -1,4 +1,5 @@
|
||||
date: '2021-03-02'
|
||||
intro: The minimum infrastructure requirements have increased for {% data variables.product.prodname_ghe_server %} 3.0+. For more information, see "[About minimum requirements for GitHub Enterprise Server 3.0 and later](/admin/enterprise-management/upgrading-github-enterprise-server#about-minimum-requirements-for-github-enterprise-server-30-and-later)."
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**HIGH:** An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability has been assigned CVE-2021-22861. This issue was reported via the [GitHub Bug Bounty Program](https://bounty.github.com).'
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
date: '2021-03-16'
|
||||
intro: The minimum infrastructure requirements have increased for {% data variables.product.prodname_ghe_server %} 3.0+. For more information, see "[About minimum requirements for GitHub Enterprise Server 3.0 and later](/admin/enterprise-management/upgrading-github-enterprise-server#about-minimum-requirements-for-github-enterprise-server-30-and-later)."
|
||||
sections:
|
||||
security_fixes:
|
||||
- Packages have been updated to the latest security versions.
|
||||
@@ -18,6 +19,7 @@ sections:
|
||||
- Webhooks configured with a content type of `application/x-www-form-urlencoded` did not receive query parameters in the POST request body.
|
||||
- Users could dismiss a mandatory message without checking all checkboxes.
|
||||
- In some cases after upgrading from a 2.22.X instance, the web interface assets were missing and the page would not render correctly.
|
||||
- Running `ghe-config-apply` could time out with `Failure waiting for nomad jobs to apply` due to `'job' stanza not found`.
|
||||
known_issues:
|
||||
- On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are not maintained during an upgrade.
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
{% data variables.product.company_short %} bills for {% data variables.product.prodname_advanced_security %} on a per-committer basis. {% if currentVersion == "free-pro-team@latest" %}For more information, see "[Managing licensing for {% data variables.product.prodname_GH_advanced_security %}](/github/setting-up-and-managing-billing-and-payments-on-github/managing-licensing-for-github-advanced-security)."{% endif %}
|
||||
|
||||
You can enforce a policy that controls whether repository administrators are allowed to enable features for {% data variables.product.prodname_advanced_security %} in an organization's repositories. You can configure a policy for all organizations owned by your enterprise account, or for individual organizations that you choose.
|
||||
|
||||
Disallowing {% data variables.product.prodname_advanced_security %} for an organization prevents repository administrators from enabling {% data variables.product.prodname_advanced_security %} features for additional repositories, but does not disable the features for repositories where the features are already enabled. For more information about configuration of {% data variables.product.prodname_advanced_security %} features, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)" or "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."
|
||||
@@ -0,0 +1 @@
|
||||
{% data variables.product.prodname_GH_advanced_security %} helps developers improve and maintain the security and quality of code. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/github/getting-started-with-github/about-github-advanced-security)."
|
||||
@@ -0,0 +1 @@
|
||||
For more information, see "{% if currentVersion == "free-pro-team@latest" %}[Enforcing policies for {% data variables.product.prodname_advanced_security %} in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise-account){% elsif currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next" %}[Enforcing policies for {% data variables.product.prodname_advanced_security %} in your enterprise](/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise){% endif %}."
|
||||
@@ -1 +1,7 @@
|
||||
You can optionally choose a template repository as starter code for the assignment. The template repository must belong to your organization or be a public repository on {% data variables.product.product_name %}.
|
||||
You can optionally choose a template repository as starter code for the assignment. For more information about template repositories, see "[Creating a template repository](/github/creating-cloning-and-archiving-repositories/creating-a-template-repository)."
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** The template repository must belong to your organization or be a public repository on {% data variables.product.product_name %}.
|
||||
|
||||
{% endnote %}
|
||||
@@ -0,0 +1,2 @@
|
||||
1. Optionally, if you chose **Allow for selected organizations**, to the right of an organization, select the drop-down menu to allow or disallow {% data variables.product.prodname_advanced_security %} for the organization.
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
1. Under "GitHub Advanced Security", select the drop-down menu and click a policy for the organizations owned by your enterprise.
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
1. Under {% octicon "law" aria-label="The law icon" %} **Policies**, click "Advanced Security."
|
||||
|
||||
@@ -49,6 +49,7 @@ Proctorio | Proctorio Linkage Key | proctorio_linkage_key
|
||||
Proctorio | Proctorio Registration Key | proctorio_registration_key
|
||||
Proctorio | Proctorio Secret Key | proctorio_secret_key
|
||||
Pulumi | Pulumi Access Token | pulumi_access_token
|
||||
PyPI | PyPI API Token | pypi_api_token
|
||||
Samsara | Samsara API Token | samsara_api_token
|
||||
Samsara | Samsara OAuth Access Token | samsara_oauth_access_token
|
||||
SendGrid | SendGrid API Key | sendgrid_api_key
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
Partner | Supported secret
|
||||
--- | ---
|
||||
Partner | Supported secret
|
||||
--- | ---
|
||||
Adafruit IO | Adafruit IO Key
|
||||
Alibaba Cloud | Alibaba Cloud Access Key ID and Access Key Secret pair
|
||||
Amazon Web Services (AWS) | Amazon AWS Access Key ID and Secret Access Key pair
|
||||
@@ -11,8 +11,8 @@ Azure | Azure Service Management Certificate | azure_management_certificate
|
||||
Azure | Azure SQL Connection String | azure_sql_connection_string
|
||||
Azure | Azure Storage Account Key | azure_storage_account_key
|
||||
Clojars | Clojars Deploy Token
|
||||
CloudBees CodeShip | CloudBees CodeShip Credential
|
||||
Databricks | Databricks Access Token
|
||||
CloudBees CodeShip | CloudBees CodeShip Credential
|
||||
Databricks | Databricks Access Token
|
||||
Datadog | Datadog API Key
|
||||
Discord | Discord Bot Token
|
||||
Doppler | Doppler Personal Token
|
||||
@@ -25,15 +25,15 @@ Dynatrace | Dynatrace Access Token
|
||||
Dynatrace | Dynatrace Internal Token
|
||||
Finicity | Finicity App Key
|
||||
Frame.io | Frame.io JSON Web Token
|
||||
Frame.io| Frame.io Developer Token
|
||||
Frame.io| Frame.io Developer Token
|
||||
GitHub | GitHub SSH Private Key
|
||||
GitHub | GitHub Personal Access Token
|
||||
GitHub | GitHub App Installation Access Token
|
||||
GoCardless | GoCardless Live Access Token
|
||||
GoCardless | GoCardless Live Access Token
|
||||
GoCardless | GoCardless Sandbox Access Token
|
||||
Google Cloud | Google API Key
|
||||
Google Cloud | Google Cloud Private Key ID
|
||||
Hashicorp Terraform | Terraform Cloud / Enterprise API Token
|
||||
Hashicorp Terraform | Terraform Cloud / Enterprise API Token
|
||||
Hubspot | Hubspot API Key
|
||||
Mailchimp | Mailchimp API Key
|
||||
Mailchimp | Mandrill API Key
|
||||
@@ -49,6 +49,7 @@ Proctorio | Proctorio Linkage Key
|
||||
Proctorio | Proctorio Registration Key
|
||||
Proctorio | Proctorio Secret Key
|
||||
Pulumi | Pulumi Access Token
|
||||
PyPI | PyPI API Token
|
||||
Samsara | Samsara API Token
|
||||
Samsara | Samsara OAuth Access Token
|
||||
Shopify | Shopify App Shared Secret
|
||||
|
||||
@@ -18,6 +18,10 @@ header:
|
||||
please visit our
|
||||
<a id="to-english-doc" href="/en">English documentation</a>.
|
||||
early_access: 📣 Please <b>do not share</b> this URL publicly. This page contains content about an early access feature.
|
||||
ghes_release_notes_use_latest: Please use the latest release for the latest security, performance, and bug fixes.
|
||||
ghes_release_notes_upgrade_patch_only: 📣 This is not the <a href="#{{ latestPatch }}">latest patch release</a> of Enterprise Server. {% data ui.header.notices.ghes_release_notes_use_latest %}
|
||||
ghes_release_notes_upgrade_release_only: 📣 This is not the <a href="/enterprise-server@{{ latestRelease }}/admin/release-notes">latest release</a> of Enterprise Server. {% data ui.header.notices.ghes_release_notes_use_latest %}
|
||||
ghes_release_notes_upgrade_patch_and_release: 📣 This is not the <a href="#{{ latestPatch }}">latest patch release</a> of this release series, and this is not the <a href="/enterprise-server@{{ latestRelease }}/admin/release-notes">latest release</a> of Enterprise Server. {% data ui.header.notices.ghes_release_notes_use_latest %}
|
||||
search:
|
||||
need_help: Need help?
|
||||
placeholder: Search topics, products...
|
||||
|
||||
Reference in New Issue
Block a user