From 9370ccb901b59927fa10174cb959be37f01f2cc3 Mon Sep 17 00:00:00 2001 From: Chris Queitzsch Date: Tue, 18 Jan 2022 23:26:53 -0800 Subject: [PATCH] fixing quotes and release date --- .../enterprise-server/3-0/23.yml | 16 ++++----- .../enterprise-server/3-1/15.yml | 18 +++++----- .../release-notes/enterprise-server/3-2/7.yml | 22 ++++++------ .../release-notes/enterprise-server/3-3/2.yml | 35 +++++++++---------- 4 files changed, 45 insertions(+), 46 deletions(-) diff --git a/data/release-notes/enterprise-server/3-0/23.yml b/data/release-notes/enterprise-server/3-0/23.yml index 93a4adc5fe..557f85290c 100644 --- a/data/release-notes/enterprise-server/3-0/23.yml +++ b/data/release-notes/enterprise-server/3-0/23.yml @@ -1,14 +1,14 @@ -date: '2022-01-12' +date: '2022-01-18' sections: security_fixes: - - Packages have been updated to the latest security versions. In these updates, Log4j has been updated to version 2.17.1. Note: previous mitigations released in 3.3.1, 3.2.6, 3.1.14, and 3.0.22 are sufficient to address the impact of CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 in these versions of GitHub Enterprise Server. - - Sanitize more secrets in the generated support bundles - - Packages have been updated to the latest security versions. + - 'Packages have been updated to the latest security versions. In these updates, Log4j has been updated to version 2.17.1. Note: previous mitigations released in 3.3.1, 3.2.6, 3.1.14, and 3.0.22 are sufficient to address the impact of CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 in these versions of GitHub Enterprise Server.' + - Sanitize more secrets in the generated support bundles + - Packages have been updated to the latest security versions. bugs: - - Running `ghe-config-apply` could sometimes fail because of permission issues in `/data/user/tmp/pages`. - - The save button in management console was unreachable by scrolling in lower resolution browsers. - - IOPS and Storage Traffic monitoring graphs were not updating after collectd version upgrade. - - Some webhook related jobs could generated large amount of logs. + - Running `ghe-config-apply` could sometimes fail because of permission issues in `/data/user/tmp/pages`. + - The save button in management console was unreachable by scrolling in lower resolution browsers. + - IOPS and Storage Traffic monitoring graphs were not updating after collectd version upgrade. + - Some webhook related jobs could generated large amount of logs. known_issues: - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user. - Custom firewall rules are removed during the upgrade process. diff --git a/data/release-notes/enterprise-server/3-1/15.yml b/data/release-notes/enterprise-server/3-1/15.yml index 57235b59f3..533cd364d8 100644 --- a/data/release-notes/enterprise-server/3-1/15.yml +++ b/data/release-notes/enterprise-server/3-1/15.yml @@ -1,15 +1,15 @@ -date: '2022-01-12' +date: '2022-01-18' sections: security_fixes: - - Packages have been updated to the latest security versions. In these updates, Log4j has been updated to version 2.17.1. Note: previous mitigations released in 3.3.1, 3.2.6, 3.1.14, and 3.0.22 are sufficient to address the impact of CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 in these versions of GitHub Enterprise Server. - - Sanitize more secrets in the generated support bundles - - Packages have been updated to the latest security versions. + - 'Packages have been updated to the latest security versions. In these updates, Log4j has been updated to version 2.17.1. Note: previous mitigations released in 3.3.1, 3.2.6, 3.1.14, and 3.0.22 are sufficient to address the impact of CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 in these versions of GitHub Enterprise Server.' + - Sanitize more secrets in the generated support bundles + - Packages have been updated to the latest security versions. bugs: - - Running `ghe-config-apply` could sometimes fail because of permission issues in `/data/user/tmp/pages`. - - The save button in management console was unreachable by scrolling in lower resolution browsers. - - IOPS and Storage Traffic monitoring graphs were not updating after collectd version upgrade. - - Some webhook related jobs could generated large amount of logs. - - The repository permissions to the user returned by the `/repos` API would not return the full list. + - Running `ghe-config-apply` could sometimes fail because of permission issues in `/data/user/tmp/pages`. + - The save button in management console was unreachable by scrolling in lower resolution browsers. + - IOPS and Storage Traffic monitoring graphs were not updating after collectd version upgrade. + - Some webhook related jobs could generated large amount of logs. + - The repository permissions to the user returned by the `/repos` API would not return the full list. known_issues: - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues. - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user. diff --git a/data/release-notes/enterprise-server/3-2/7.yml b/data/release-notes/enterprise-server/3-2/7.yml index 54ae349ca5..0781b380fb 100644 --- a/data/release-notes/enterprise-server/3-2/7.yml +++ b/data/release-notes/enterprise-server/3-2/7.yml @@ -1,17 +1,17 @@ -date: '2022-01-12' +date: '2022-01-18' sections: security_fixes: - - Packages have been updated to the latest security versions. In these updates, Log4j has been updated to version 2.17.1. Note: previous mitigations released in 3.3.1, 3.2.6, 3.1.14, and 3.0.22 are sufficient to address the impact of CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 in these versions of GitHub Enterprise Server. - - Sanitize more secrets in the generated support bundles - - Packages have been updated to the latest security versions. + - 'Packages have been updated to the latest security versions. In these updates, Log4j has been updated to version 2.17.1. Note: previous mitigations released in 3.3.1, 3.2.6, 3.1.14, and 3.0.22 are sufficient to address the impact of CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 in these versions of GitHub Enterprise Server.' + - Sanitize more secrets in the generated support bundles + - Packages have been updated to the latest security versions. bugs: - - Actions self hosted runners would fail to self-update or run new jobs after upgrading from an older GHES installation. - - Storage settings could not be validated when configuring MinIO as blob storage for GitHub Packages. - - Running `ghe-config-apply` could sometimes fail because of permission issues in `/data/user/tmp/pages`. - - The save button in management console was unreachable by scrolling in lower resolution browsers. - - IOPS and Storage Traffic monitoring graphs were not updating after collectd version upgrade. - - Some webhook related jobs could generated large amount of logs. - - Several documentation links resulted in a 404 Not Found error. + - Actions self hosted runners would fail to self-update or run new jobs after upgrading from an older GHES installation. + - Storage settings could not be validated when configuring MinIO as blob storage for GitHub Packages. + - Running `ghe-config-apply` could sometimes fail because of permission issues in `/data/user/tmp/pages`. + - The save button in management console was unreachable by scrolling in lower resolution browsers. + - IOPS and Storage Traffic monitoring graphs were not updating after collectd version upgrade. + - Some webhook related jobs could generated large amount of logs. + - Several documentation links resulted in a 404 Not Found error. known_issues: - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user. - Custom firewall rules are removed during the upgrade process. diff --git a/data/release-notes/enterprise-server/3-3/2.yml b/data/release-notes/enterprise-server/3-3/2.yml index b272db47ed..7830403f13 100644 --- a/data/release-notes/enterprise-server/3-3/2.yml +++ b/data/release-notes/enterprise-server/3-3/2.yml @@ -1,23 +1,23 @@ -date: '2022-01-12' +date: '2022-01-18' sections: security_fixes: - - Packages have been updated to the latest security versions. In these updates, Log4j has been updated to version 2.17.1. Note: previous mitigations released in 3.3.1, 3.2.6, 3.1.14, and 3.0.22 are sufficient to address the impact of CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 in these versions of GitHub Enterprise Server. - - Sanitize more secrets in the generated support bundles - - Users on teams with the Security Manger role will now be notified about security alerts for repositories they are watching. - - The security managers component will show a less-aggressive warning once the maximum number of teams has been reached. - - The repository manage access page should return 403 when attempting to remove a security manager team from the repository. - - Packages have been updated to the latest security versions. + - 'Packages have been updated to the latest security versions. In these updates, Log4j has been updated to version 2.17.1. Note: previous mitigations released in 3.3.1, 3.2.6, 3.1.14, and 3.0.22 are sufficient to address the impact of CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 in these versions of GitHub Enterprise Server.' + - Sanitize more secrets in the generated support bundles + - Users on teams with the Security Manger role will now be notified about security alerts for repositories they are watching. + - The security managers component will show a less-aggressive warning once the maximum number of teams has been reached. + - The repository manage access page should return 403 when attempting to remove a security manager team from the repository. + - Packages have been updated to the latest security versions. bugs: - - Actions self hosted runners would fail to self-update or run new jobs after upgrading from an older GHES installation. - - Storage settings could not be validated when configuring MinIO as blob storage for GitHub Packages. - - GitHub Actions storage settings could not be validated and saved in the Management Console when "Force Path Style" was selected. - - Actions would be left in a stopped state after an update with maintenance mode set. - - Running `ghe-config-apply` could sometimes fail because of permission issues in `/data/user/tmp/pages`. - - The save button in management console was unreachable by scrolling in lower resolution browsers. - - IOPS and Storage Traffic monitoring graphs were not updating after collectd version upgrade. - - Some webhook related jobs could generated large amount of logs. - - A Billing navigation item was visible in the site admin pages. - - Several documentation links resulted in a 404 Not Found error. + - Actions self hosted runners would fail to self-update or run new jobs after upgrading from an older GHES installation. + - Storage settings could not be validated when configuring MinIO as blob storage for GitHub Packages. + - GitHub Actions storage settings could not be validated and saved in the Management Console when "Force Path Style" was selected. + - Actions would be left in a stopped state after an update with maintenance mode set. + - Running `ghe-config-apply` could sometimes fail because of permission issues in `/data/user/tmp/pages`. + - The save button in management console was unreachable by scrolling in lower resolution browsers. + - IOPS and Storage Traffic monitoring graphs were not updating after collectd version upgrade. + - Some webhook related jobs could generated large amount of logs. + - A Billing navigation item was visible in the site admin pages. + - Several documentation links resulted in a 404 Not Found error. known_issues: - After upgrading to {% data variables.product.prodname_ghe_server %} 3.3, {% data variables.product.prodname_actions %} may fail to start automatically. To resolve this issue, connect to the appliance via SSH and run the `ghe-actions-start` command. - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user. @@ -28,4 +28,3 @@ sections: - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues. - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail. - '{% data variables.product.prodname_actions %} storage settings cannot be validated and saved in the {% data variables.enterprise.management_console %} when "Force Path Style" is selected, and must instead be configured with the `ghe-actions-precheck` command line utility.' -