Deprecate ghes 3.10 (#54410)

Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com>

content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller.md

@@ -6,7 +6,7 @@ layout: inline
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '>= 3.9'
+  ghes: '*'
 type: overview
 topics:
   - Actions Runner Controller

content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md

@@ -5,7 +5,7 @@ shortTitle: About Support for ARC
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '>= 3.9'
+  ghes: '*'
 topics:
   - Actions Runner Controller
   - Support

content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api.md

@@ -5,7 +5,7 @@ intro: 'Learn how to authenticate to the {% data variables.product.company_short
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '>= 3.9'
+  ghes: '*'
 type: overview
 topics:
   - Actions Runner Controller

content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md

@@ -5,7 +5,7 @@ intro: 'Learn how to deploy runner scale sets with {% data variables.product.pro
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '>= 3.9'
+  ghes: '*'
 type: overview
 topics:
   - Actions Runner Controller
@@ -892,12 +892,8 @@ The following table shows the metrics emitted by the controller-manager and list
 | listener           | gha_idle_runners                              | gauge     | Number of registered runners not running a job                                                              |
 | listener           | gha_started_jobs_total                        | counter   | Total number of jobs started since the listener became ready [1]                                            |
 | listener           | gha_completed_jobs_total                      | counter   | Total number of jobs completed since the listener became ready [1]                                          |
-| {% ifversion fpt or ghec or ghes > 3.10 %} |
 | listener           | gha_job_startup_duration_seconds              | histogram | Number of seconds spent waiting for workflow job to get started on the runner owned by the runner scale set |
-| {% endif %} |
-| {% ifversion fpt or ghec or ghes > 3.10 %} |
 | listener           | gha_job_execution_duration_seconds            | histogram | Number of seconds spent executing workflow jobs by the runner scale set                                     |
-| {% endif %} |
 
 [1]: Listener metrics that have the counter type are reset when the listener pod restarts.
 

content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller.md

@@ -5,7 +5,7 @@ intro: 'Try out {% data variables.product.prodname_actions_runner_controller %}
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '>= 3.9'
+  ghes: '*'
 type: quick_start
 topics:
   - Actions Runner Controller

content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors.md

@@ -5,7 +5,7 @@ intro: 'Learn how to troubleshoot {% data variables.product.prodname_actions_run
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '>= 3.9'
+  ghes: '*'
 type: how_to
 topics:
   - Actions Runner Controller

content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/using-actions-runner-controller-runners-in-a-workflow.md

@@ -5,7 +5,7 @@ intro: 'You can use {% data variables.product.prodname_actions_runner_controller
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '>= 3.9'
+  ghes: '*'
 type: overview
 topics:
   - Actions Runner Controller

content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md

@@ -1302,7 +1302,7 @@ During an upgrade to a feature release, this utility displays the status of back
 {% ifversion ghes < 3.12 %}
 
 > [!NOTE]
-> To use `ghe-check-background-upgrade-jobs` with {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
+> To use `ghe-check-background-upgrade-jobs` with {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.1 or later.
 
 {% endif %}
 

content/admin/configuring-packages/configuring-package-ecosystem-support-for-your-enterprise.md

@@ -33,10 +33,10 @@ To prevent new packages from being uploaded, you can set an ecosystem you previo
 {% data reusables.enterprise_site_admin_settings.management-console %}
 {% data reusables.enterprise_site_admin_settings.packages-tab %}
 1. Under "Ecosystem Toggles", for each package type, select **Enabled**, **Read-Only**, or **Disabled**.
-   {%- ifversion ghes %}
+
    > [!NOTE]
    > Subdomain isolation must be enabled to toggle the {% data variables.product.prodname_container_registry %} options.
-   {%- endif %}
+
    ![Screenshot of the "Ecosystem toggles" section on the Settings page of the Management Console.](/assets/images/enterprise/site-admin-settings/ecosystem-toggles.png)
 
 {% data reusables.enterprise_management_console.save-settings %}

content/admin/configuring-packages/enabling-github-packages-with-aws.md

@@ -38,7 +38,6 @@ Ensure your AWS access key ID and secret have the following permissions:
 {% data reusables.enterprise_site_admin_settings.management-console %}
 {% data reusables.enterprise_site_admin_settings.packages-tab %}
 {% data reusables.package_registry.enable-enterprise-github-packages %}
-{% ifversion ghes -%}
 1. Under "Packages Storage", select **Amazon S3** and enter your storage bucket's details:
     * **AWS Service URL:** The service URL for your bucket. For example, if your S3 bucket was created in the `us-west-2 region`, this value should be `https://s3.us-west-2.amazonaws.com`.
 
@@ -48,7 +47,6 @@ Ensure your AWS access key ID and secret have the following permissions:
     * **AWS S3 Access Key** and **AWS S3 Secret Key:** The AWS access key ID and secret key to access your bucket.
 
       For more information on managing AWS access keys, see the [AWS Identity and Access Management Documentation](https://docs.aws.amazon.com/iam/index.html).
-{%- endif %}
 {% data reusables.enterprise_management_console.save-settings %}
 
 ## Next steps

content/admin/configuring-packages/enabling-github-packages-with-minio.md

@@ -40,13 +40,11 @@ Although MinIO does not currently appear in the user interface under "Package St
 {% data reusables.enterprise_site_admin_settings.management-console %}
 {% data reusables.enterprise_site_admin_settings.packages-tab %}
 {% data reusables.package_registry.enable-enterprise-github-packages %}
-{% ifversion ghes -%}
 1. Under "Packages Storage", select **Amazon S3**.
 1. Enter your MinIO storage bucket's details in the AWS storage settings.
     * **AWS Service URL:** The hosting URL for your MinIO bucket.
     * **AWS S3 Bucket:** The name of your S3-compatible MinIO bucket dedicated to {% data variables.product.prodname_registry %}.
     * **AWS S3 Access Key** and **AWS S3 Secret Key:** Enter the MinIO access key ID and secret key to access your bucket.
-{%- endif %}
 {% data reusables.enterprise_management_console.save-settings %}
 
 ## Next steps

content/admin/configuring-packages/getting-started-with-github-packages-for-your-enterprise.md

@@ -46,13 +46,13 @@ For more information about adjusting resources for an existing instance, see [AU
 After enabling {% data variables.product.prodname_registry %} for {% data variables.location.product_location %}, you'll need to prepare your third-party storage bucket. The amount of storage required depends on your usage of {% data variables.product.prodname_registry %}, and the setup guidelines can vary by storage provider.
 
 Supported external storage providers
-* Amazon Web Services (AWS) S3 {% ifversion ghes %}
+* Amazon Web Services (AWS) S3
-* Azure Blob Storage {% endif %}
+* Azure Blob Storage
 * MinIO
 
 To enable {% data variables.product.prodname_registry %} and configure third-party storage, see:
-* [AUTOTITLE](/admin/packages/enabling-github-packages-with-aws){% ifversion ghes %}
+* [AUTOTITLE](/admin/packages/enabling-github-packages-with-aws)
-* [AUTOTITLE](/admin/packages/enabling-github-packages-with-azure-blob-storage){% endif %}
+* [AUTOTITLE](/admin/packages/enabling-github-packages-with-azure-blob-storage)
 * [AUTOTITLE](/admin/packages/enabling-github-packages-with-minio)
 
 ## Step 4: Specify the package ecosystems to support on your instance

content/admin/configuring-packages/index.md

@@ -20,5 +20,4 @@ children:
 shortTitle: Packages
 ---
 {% data reusables.package_registry.packages-ghes-release-stage %}
-  {% ifversion ghes %}
+  
-  {% endif %}

content/admin/configuring-packages/migrating-your-enterprise-to-the-container-registry-from-the-docker-registry.md

@@ -26,12 +26,8 @@ For more information about configuring {% data variables.product.prodname_regist
 
 {% data reusables.package_registry.container-registry-replaces-docker-registry %} If the Docker registry on {% data variables.location.product_location %} contains images, you must manually migrate the images to the {% data variables.product.prodname_container_registry %}.
 
-{% ifversion ghes %}
-
 >[!NOTE] {% data reusables.package_registry.container-registry-ghes-migration-availability %}
 
-{% endif %}
-
 {% data reusables.package_registry.container-registry-migration-namespaces %} For more information about the impact of migration to the {% data variables.product.prodname_container_registry %}, see [AUTOTITLE](/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry#about-migration-from-the-docker-registry).
 
 ## Migrating organizations to the {% data variables.product.prodname_container_registry %}

content/admin/configuring-settings/configuring-github-connect/about-github-connect.md

@@ -53,16 +53,15 @@ When {% data variables.product.prodname_github_connect %} is enabled, a record o
 ### Data transmitted when {% data variables.product.prodname_github_connect %} is enabled
 
 When you enable {% data variables.product.prodname_github_connect %} or specific {% data variables.product.prodname_github_connect %} features, a record on {% data variables.product.prodname_ghe_cloud %} stores the following information about the connection.
-{% ifversion ghes %}
 * The public key portion of your {% data variables.product.prodname_ghe_server %} license
 * A hash of your {% data variables.product.prodname_ghe_server %} license
 * The customer name on your {% data variables.product.prodname_ghe_server %} license
-* The version of {% data variables.location.product_location_enterprise %}{% endif %}
+* The version of {% data variables.location.product_location_enterprise %}
 * The hostname of {% data variables.location.product_location %}
 * The enterprise account on {% data variables.product.prodname_ghe_cloud %} that's connected to {% data variables.location.product_location %}
 * The authentication token that's used by {% data variables.location.product_location %} to make requests to {% data variables.product.prodname_ghe_cloud %}
-* If Transport Layer Security (TLS) is enabled and configured on {% data variables.location.product_location %}{% ifversion ghes %}
+* If Transport Layer Security (TLS) is enabled and configured on {% data variables.location.product_location %}
-* The {% data variables.product.prodname_github_connect %} features that are enabled on {% data variables.location.product_location %}, and the date and time of enablement{% endif %}
+* The {% data variables.product.prodname_github_connect %} features that are enabled on {% data variables.location.product_location %}, and the date and time of enablement
 * The dormancy threshold for your enterprise
 * The number of dormant users for your enterprise
 * A count of {% ifversion enterprise-licensing-language %}consumed licenses{% else %}license-consuming seats{% endif %}, which does not include suspended users
@@ -75,12 +74,8 @@ Additional data is transmitted if you enable individual features of {% data vari
 
 | Feature | Data | Which way does the data flow? | Where is the data used? |
 | ------- | ---- | --------- | ------ |
-| {% ifversion ghes %} |
 | Automatic user license sync | Each {% data variables.product.prodname_ghe_server %} user's user ID and email addresses{% ifversion ghas-in-license-sync %}, and whether the user consumes a license for {% data variables.product.prodname_GH_advanced_security %}{% endif %} | From {% data variables.product.prodname_ghe_server %} to {% data variables.product.prodname_ghe_cloud %} | {% data variables.product.prodname_ghe_cloud %} |
-| {% endif %} |
-| {% ifversion ghes %} |
 | {% data variables.product.prodname_dependabot_alerts %} | Vulnerability alerts | From {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.prodname_ghe_server %} | {% data variables.product.prodname_ghe_server %} |
-| {% endif %} |
 | {% data variables.product.prodname_dependabot_updates %} | Dependencies and the metadata for each dependency's repository<br><br>If a dependency is stored in a private repository on {% data variables.product.prodname_dotcom_the_website %}, data will only be transmitted if {% data variables.product.prodname_dependabot %} is configured and authorized to access that repository. | From {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.prodname_ghe_server %} | {% data variables.product.prodname_ghe_server %} |
 | {% data variables.product.prodname_dotcom_the_website %} actions | Name of action, action (YAML file from {% data variables.product.prodname_marketplace %}) | From {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.prodname_ghe_server %}<br><br>From {% data variables.product.prodname_ghe_server %} to {% data variables.product.prodname_dotcom_the_website %} | {% data variables.product.prodname_ghe_server %} |
 | {% data variables.product.prodname_server_statistics %} | Aggregate metrics about your usage of {% data variables.product.prodname_ghe_server %}. For the complete list of metrics, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics#server-statistics-data-collected). | From {% data variables.product.prodname_ghe_server %} to {% data variables.product.prodname_ghe_cloud %} | {% data variables.product.prodname_ghe_cloud %} |

content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md

@@ -25,14 +25,12 @@ topics:
 
 ## About {% data variables.product.prodname_dependabot %} for {% data variables.product.prodname_ghe_server %}
 
-{% data variables.product.prodname_dependabot %} helps users find and fix vulnerabilities in their dependencies.{% ifversion ghes %} You {% ifversion dependabot-alerts-ghes-enablement %} must first set up {% data variables.product.prodname_dependabot %} for your enterprise, and then you {% endif %} can enable {% data variables.product.prodname_dependabot_alerts %} to notify users about vulnerable dependencies and {% data variables.product.prodname_dependabot_updates %} to fix the vulnerabilities and keep dependencies updated to the latest version.
+{% data variables.product.prodname_dependabot %} helps users find and fix vulnerabilities in their dependencies. You {% ifversion dependabot-alerts-ghes-enablement %} must first set up {% data variables.product.prodname_dependabot %} for your enterprise, and then you {% endif %} can enable {% data variables.product.prodname_dependabot_alerts %} to notify users about vulnerable dependencies and {% data variables.product.prodname_dependabot_updates %} to fix the vulnerabilities and keep dependencies updated to the latest version.
 
 {% data variables.product.prodname_dependabot %} is just one of many features available to harden supply chain security for {% data variables.product.prodname_dotcom %}. For more information about the other features, see [AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise).
 
 ### About {% data variables.product.prodname_dependabot_alerts %}
 
-{% endif %}
-
 With {% data variables.product.prodname_dependabot_alerts %}, {% data variables.product.prodname_dotcom %} identifies insecure dependencies in repositories and creates alerts on {% data variables.product.prodname_ghe_server %}, using data from the {% data variables.product.prodname_advisory_database %} and the dependency graph service.
 
 {% data reusables.repositories.tracks-vulnerabilities %}

content/admin/configuring-settings/configuring-network-settings/configuring-an-outbound-web-proxy-server.md

@@ -32,12 +32,8 @@ When a proxy server is enabled for {% data variables.location.product_location %
 
 You can configure an outbound proxy server {% data variables.location.product_location %}, and you can configure exceptions for connections to specific domains.
 
-{% ifversion ghes %}
-
 Your instance validates the hostnames for proxy exclusion using the list of IANA's registered top-level domains (TLDs). For more information, see the [list of TLDs](https://data.iana.org/TLD/tlds-alpha-by-domain.txt) on the IANA website.
 
-{% endif %}
-
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
 {% data reusables.enterprise_management_console.privacy %}

content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md

@@ -21,7 +21,7 @@ To enable interactive maps, you must provide authentication credentials for Azur
 {% ifversion ghes < 3.13 %}
 
 > [!WARNING]
-> Authentication with Azure Maps using an API token is {% data variables.release-phases.retired %} in {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} and later. If you upgrade to the latest release of {% data variables.product.prodname_ghe_server %} on an instance already configured to authenticate with an API token, interactive maps will be disabled. You must reconfigure authentication using role-based access control (RBAC) for an application on a Microsoft Entra ID (previously known as Azure AD) tenant. {% data reusables.enterprise.azure-maps-auth-deprecation-link %}
+> Authentication with Azure Maps using an API token is {% data variables.release-phases.retired %} in {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.11 %}1{% endif %} and later. If you upgrade to the latest release of {% data variables.product.prodname_ghe_server %} on an instance already configured to authenticate with an API token, interactive maps will be disabled. You must reconfigure authentication using role-based access control (RBAC) for an application on a Microsoft Entra ID (previously known as Azure AD) tenant. {% data reusables.enterprise.azure-maps-auth-deprecation-link %}
 
 {% endif %}
 
@@ -29,7 +29,7 @@ To enable interactive maps, you must provide authentication credentials for Azur
 
 {% ifversion ghes < 3.12 %}
 
-The following prerequisites apply if your instance runs {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
+The following prerequisites apply if your instance runs {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}.1 or later.
 
 {% endif %}
 
@@ -41,7 +41,7 @@ The following prerequisites apply if your instance runs {% data variables.produc
 
 {% ifversion ghes < 3.12 %}
 
-If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.prodname_ghe_server %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.prodname_ghe_server %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, you must provide an API token for Azure Maps instead.
+If your instance runs {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}.0, you must provide an API token for Azure Maps instead.
 
 {% data reusables.enterprise.azure-maps-auth-warning %}
 
@@ -51,7 +51,7 @@ If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.
 
 {% ifversion ghes < 3.12 %}
 
-To configure authentication for Azure Maps using RBAC, your instance must run {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
+To configure authentication for Azure Maps using RBAC, your instance must run {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}.1 or later.
 
 {% endif %}
 
@@ -92,12 +92,9 @@ After you create an application on your Entra ID tenant and generate a secret fo
    Store the string in a secure location that you can reference in the next step.
 1. {% ifversion ghes > 3.11 %}Below the headings, type or paste{% else %}Enter{% endif %} your authentication details for Azure Maps.
 
-   {%- ifversion ghes < 3.11 %}
+   * If your instance runs {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.11 %}0{% endif %}, below "Azure Maps API Token", type or paste your token.
-   * If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.prodname_ghe_server %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.prodname_ghe_server %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, below "Azure Maps API Token", type or paste your token.
+ %}
-
+   * If your instance runs {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.11 %}1{% endif %} or later, below the headings, type or paste the following information.
-     {% data reusables.enterprise.azure-maps-auth-warning %}
-   * If your instance runs {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later, below the headings, type or paste the following information.
-   {%- endif %}
 
      * Optionally, to change the style of rendered maps, under "Basemap ID", type the ID for the style you'd like to use.
      * Under the headings, type or paste your authentication details.

content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits.md

@@ -29,9 +29,7 @@ You can also configure rate limits for authentication attempts to the {% data va
 
 Excessive numbers of requests to the {% data variables.product.prodname_enterprise_api %} can affect the availability and performance of your instance. For more information about how rate limits for the API affect your users, see [AUTOTITLE](/rest/overview/rate-limits-for-the-rest-api).
 
-{% ifversion ghes %}
 You can exempt a list of users from API rate limits using the `ghe-config` utility in the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-config).
-{% endif %}
 
 > [!NOTE]
 > The {% data variables.enterprise.management_console %} lists the time period (per minute or per hour) for each rate limit.
@@ -48,11 +46,7 @@ Setting secondary rate limits protects the overall level of service on {% data v
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
-{%- ifversion ghes %}
 1. Under "Rate Limiting", select **Enable Secondary Rate Limiting**.
-{%- else %}
-1. Under "Rate Limiting", select **Enable Abuse Rate Limiting**.
-{%- endif %}
 1. Type limits for Total Requests, CPU Limit, and CPU Limit for Searching, or accept the pre-filled default limits.
 {% data reusables.enterprise_management_console.save-settings %}
 
@@ -70,8 +64,6 @@ If a member of {% data variables.product.company_short %}'s staff has recommende
 1. Under "User ID Limit", type a limit for each user ID.
 {% data reusables.enterprise_management_console.save-settings %}
 
-{% ifversion ghes %}
-
 ## Configuring rate limits for {% data variables.product.prodname_actions %}
 
 You can apply a rate limit to {% data variables.product.prodname_actions %} workflow runs. For more information about {% data variables.product.prodname_actions %}, see [AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises).
@@ -111,5 +103,3 @@ By default, the rate limit for {% data variables.product.prodname_actions %} is
    ```
 
 1. Wait for the configuration run to complete.
-
-{% endif %}

content/admin/configuring-settings/hardening-security-for-your-enterprise/enabling-subdomain-isolation.md

@@ -43,9 +43,7 @@ When subdomain isolation is enabled, {% data variables.product.prodname_ghe_serv
 | `http(s)://HOSTNAME/reply/` | `http(s)://reply.HOSTNAME/` |
 | `http(s)://HOSTNAME/uploads/` | `http(s)://uploads.HOSTNAME/` |
 | `http(s)://HOSTNAME/viewscreen/` | `http(s)://viewscreen.HOSTNAME/` |
-| {%- ifversion ghes %} |
 | Not supported | `https://containers.HOSTNAME/` |
-| {%- endif %} |
 
 ## Prerequisites
 

content/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md

@@ -23,16 +23,10 @@ redirect_from:
 
 By default, authorized users can access your enterprise's resources from any IP address. You can restrict access to your enterprise's private resources by configuring a list that allows or denies access from specific IP addresses. {% data reusables.identity-and-permissions.ip-allow-lists-example-and-restrictions %}
 
-{% ifversion ghec %}
-
 If your enterprise uses {% data variables.product.prodname_emus %} with Microsoft Entra ID (previously known as Azure AD) and OIDC, you can choose whether to use {% data variables.product.company_short %}'s IP allow list feature or to use the allow list restrictions for your identity provider (IdP). If your enterprise does not use {% data variables.product.prodname_emus %} with Azure and OIDC, you can use {% data variables.product.company_short %}'s allow list feature.
 
-{% endif %}
-
 {% data reusables.identity-and-permissions.ip-allow-lists-which-resources-are-protected %}
 
-{% ifversion ghec %}
-
 ## About {% data variables.product.company_short %}'s IP allow list
 
 You can use {% data variables.product.company_short %}'s IP allow list to control access to your enterprise and assets owned by organizations in your enterprise.
@@ -129,8 +123,6 @@ To ensure seamless use of the OIDC CAP while still applying the policy to OAuth
 1. Optionally, to allow installed {% data variables.product.company_short %} and {% data variables.product.prodname_oauth_apps %} to access your enterprise from any IP address, select **Skip IdP check for applications**.
 1. Click **Save**.
 
-{% endif %}
-
 ## Using {% data variables.product.prodname_actions %} with an IP allow list
 
 {% data reusables.actions.ip-allow-list-self-hosted-runners %}

content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md

@@ -157,8 +157,6 @@ You can control how users can run workflows on `pull_request` events in private
 
 If a policy is enabled for an enterprise, the policy can be selectively disabled in individual organizations or repositories. If a policy is disabled for an enterprise, individual organizations or repositories cannot enable it.
 
-{% ifversion ghec or ghes %}
-
 ## Workflow permissions
 
 In the "Workflow permissions" section, you can set the **default** permissions granted to the `GITHUB_TOKEN`.
@@ -169,5 +167,3 @@ In the "Workflow permissions" section, you can set the **default** permissions g
 Anyone with write access to a repository can still modify the permissions granted to the `GITHUB_TOKEN` for a specific workflow, by editing the `permissions` key in the workflow file.
 
 **Allow GitHub Actions to create and approve pull requests** is disabled by default. If you enable this setting, `GITHUB_TOKEN` can create and approve pull requests.
-
-{% endif %}

content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md

@@ -30,7 +30,7 @@ If you're an organization owner, you can enable {% data variables.product.prodna
 ## Enabling or disabling {% data variables.product.prodname_github_codespaces %} in your enterprise
 
 > [!NOTE]
-> If you remove a user's access to {% data variables.product.prodname_github_codespaces %}, the user will immediately be unable to open existing codespaces they have created from an organization's private {% ifversion ghec %}and internal {% endif %}repositories. For more information, see [AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization#about-changing-your-settings).
+> If you remove a user's access to {% data variables.product.prodname_github_codespaces %}, the user will immediately be unable to open existing codespaces they have created from an organization's private and internal repositories. For more information, see [AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization#about-changing-your-settings).
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}

content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md

@@ -26,8 +26,6 @@ shortTitle: Policies for security settings
 
 You can enforce policies to control the security settings for organizations owned by your enterprise. By default, organization owners can manage security settings.
 
-{% ifversion ghec or ghes %}
-
 ## Requiring two-factor authentication for organizations in your enterprise
 
 {% ifversion mandatory-2fa-dotcom-contributors %}
@@ -74,7 +72,6 @@ Before you require secure methods of two-factor authentication, we recommend not
 {% data reusables.organizations.secure_two_factor_authentication_confirm %}
 1. Optionally, if any outside collaborators are removed from the organizations owned by your enterprise, we recommend sending them an invitation to reinstate their former privileges and access to your organization. Each person must enable 2FA with a secure method before they can accept your invitation.
 
-{% endif %}
 {% endif %}
 
 ## Managing SSH certificate authorities for your enterprise

content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md

@@ -139,5 +139,5 @@ Both primary and replica instances should be assigned separate EIPs in productio
 
 ## Further reading
 
-* [AUTOTITLE](/admin/overview/system-overview){% ifversion ghes %}
+* [AUTOTITLE](/admin/overview/system-overview)
-* [AUTOTITLE](/admin/overview/about-upgrades-to-new-releases){% endif %}
+* [AUTOTITLE](/admin/overview/about-upgrades-to-new-releases)

content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md

@@ -110,5 +110,5 @@ Because {% data variables.product.prodname_ghe_server %} runs a customized Linux
 
 ## Further reading
 
-* [AUTOTITLE](/admin/overview/system-overview){% ifversion ghes %}
+* [AUTOTITLE](/admin/overview/system-overview)
-* [AUTOTITLE](/admin/overview/about-upgrades-to-new-releases){% endif %}
+* [AUTOTITLE](/admin/overview/about-upgrades-to-new-releases)

content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-google-cloud-platform.md

@@ -109,5 +109,5 @@ To create the {% data variables.product.prodname_ghe_server %} instance, you'll
 
 ## Further reading
 
-* [AUTOTITLE](/admin/overview/system-overview){% ifversion ghes %}
+* [AUTOTITLE](/admin/overview/system-overview)
-* [AUTOTITLE](/admin/overview/about-upgrades-to-new-releases){% endif %}
+* [AUTOTITLE](/admin/overview/about-upgrades-to-new-releases)

content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-hyper-v.md

@@ -91,5 +91,5 @@ We also recommend that the ESXi Power Management Setting be configured to "High
 
 ## Further reading
 
-* [AUTOTITLE](/admin/overview/system-overview){% ifversion ghes %}
+* [AUTOTITLE](/admin/overview/system-overview)
-* [AUTOTITLE](/admin/overview/about-upgrades-to-new-releases){% endif %}
+* [AUTOTITLE](/admin/overview/about-upgrades-to-new-releases)

content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-openstack-kvm.md

@@ -58,5 +58,5 @@ shortTitle: Install on OpenStack
 
 ## Further reading
 
-* [AUTOTITLE](/admin/overview/system-overview){% ifversion ghes %}
+* [AUTOTITLE](/admin/overview/system-overview)
-* [AUTOTITLE](/admin/overview/about-upgrades-to-new-releases){% endif %}
+* [AUTOTITLE](/admin/overview/about-upgrades-to-new-releases)

content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware.md

@@ -59,5 +59,5 @@ shortTitle: Install on VMware
 
 ## Further reading
 
-* [AUTOTITLE](/admin/overview/system-overview){% ifversion ghes %}
+* [AUTOTITLE](/admin/overview/system-overview)
-* [AUTOTITLE](/admin/overview/about-upgrades-to-new-releases){% endif %}
+* [AUTOTITLE](/admin/overview/about-upgrades-to-new-releases)

content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md

@@ -149,7 +149,7 @@ To apply the configuration from the {% data variables.enterprise.management_cons
 
 You may want to power off a staging instance to save costs and power it back on when needed.
 
-An instance can stay offline for {% ifversion ghes = 3.10 %}7 days{% elsif ghes < 3.14 %}60 days as of the latest patch release of this version, increased from 7 days{% else %}60 days{% endif %}.
+An instance can stay offline for {% ifversion ghes < 3.14 %}60 days as of the latest patch release of this version, increased from 7 days{% else %}60 days{% endif %}.
 
 If you bring the instance back online within the allowed offline time period, {% data variables.product.prodname_ghe_server %} instantiates successfully. If the instance stays offline for longer than the allowed period, {% data variables.product.prodname_ghe_server %} fails to instantiate successfully, and an error message with the text `server has been offline for more than the configured server_rejoin_age_max` may appear in the system logs. See [AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs).
 

content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/configuring-visibility-for-organization-membership.md

@@ -14,18 +14,12 @@ topics:
   - User account
 shortTitle: Set membership visibility
 ---
-{% ifversion ghes %}
 You can also enforce your default setting on all current organization members in your instance using a command-line utility. For example, if you'd like to require every organization member's visibility to be public, you can set the default to public and enforce the default for all new members in the admin settings, and then use the command-line utility to enforce the public setting on existing members.
-{% endif %}
 
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% ifversion ghes %}
 {% data reusables.enterprise-accounts.policies-tab %}
-{% else %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% endif %}
 {% data reusables.enterprise-accounts.options-tab %}
 1. Under "Default organization membership visibility", select the drop-down menu, and click **Private** or **Public**.
 1. Optionally, to prevent members from changing their membership visibility from the default, select **Enforce for all enterprise members**.
-   ![Screenshot of the "Default organization membership visibility" section. The "Enforce for all enterprise members" checkbox is outlined.](/assets/images/enterprise/site-admin-settings/enforce-default-org-membership-visibility-setting.png){% ifversion ghes %}
+   ![Screenshot of the "Default organization membership visibility" section. The "Enforce for all enterprise members" checkbox is outlined.](/assets/images/enterprise/site-admin-settings/enforce-default-org-membership-visibility-setting.png)
-1. If you'd like to enforce your new visibility setting on all existing members, use the `ghe-org-membership-update` command-line utility. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-org-membership-update).{% endif %}
+1. If you'd like to enforce your new visibility setting on all existing members, use the `ghe-org-membership-update` command-line utility. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-org-membership-update).

content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/preventing-users-from-creating-organizations.md

@@ -17,10 +17,6 @@ topics:
 shortTitle: Prevent organization creation
 ---
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% ifversion ghes %}
 {% data reusables.enterprise-accounts.policies-tab %}
-{% else %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% endif %}
 {% data reusables.enterprise-accounts.options-tab %}
 1. Under "Users can create organizations", use the drop-down menu and click **Enabled** or **Disabled**.

content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/configuring-git-large-file-storage-for-your-enterprise.md

@@ -39,11 +39,7 @@ For more information, see [AUTOTITLE](/repositories/working-with-files/managing-
 ## Configuring {% data variables.large_files.product_name_long %} for your enterprise
 
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% ifversion ghes %}
 {% data reusables.enterprise-accounts.policies-tab %}
-{% else %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% endif %}
 {% data reusables.enterprise-accounts.options-tab %}
 1. Under "{% data variables.large_files.product_name_short %} access", select the drop-down menu, and click **Enabled** or **Disabled**.
 
@@ -67,8 +63,6 @@ For more information, see [AUTOTITLE](/repositories/working-with-files/managing-
 {% data reusables.enterprise_site_admin_settings.admin-tab %}
 {% data reusables.enterprise_site_admin_settings.git-lfs-toggle %}
 
-{% ifversion ghes %}
-
 ## Configuring Git Large File Storage to use a third party server
 
 {% data reusables.large_files.storage_assets_location %}
@@ -146,8 +140,6 @@ Before migrating to a different {% data variables.large_files.product_name_long
    > Git LFS: (16 of 16 files) 48.00 MB / 48.85 MB, 879.10 KB skipped
    ```
 
-{% endif %}
-
 ## Further reading
 
 * [{% data variables.large_files.product_name_long %} project site](https://git-lfs.com/)

content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/disabling-git-ssh-access-on-your-enterprise.md

@@ -52,11 +52,7 @@ shortTitle: Disable SSH for Git
 ## Disabling Git SSH access to all repositories in your enterprise
 
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% ifversion ghes %}
 {% data reusables.enterprise-accounts.policies-tab %}
-{% else %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% endif %}
 {% data reusables.enterprise-accounts.options-tab %}
 1. Under "Git SSH access", select the drop-down menu, and click **Disabled**.
 1. Select **Enforce on all repositories**.

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/auditing-ssh-keys.md

@@ -39,12 +39,8 @@ When they follow the link, they're asked to approve the keys on their account. A
 
 ## Adding an SSH key
 
-{% ifversion ghes %}
-
 When a new user adds an SSH key to an account, to confirm the user's access, {% data variables.product.prodname_ghe_server %} will prompt for authentication. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/sudo-mode).
 
-{% endif %}
-
 When a user adds a key, they'll receive a notification email that will look something like this:
 
     The following SSH key was added to your account:

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/best-practices-for-user-security.md

@@ -14,14 +14,12 @@ topics:
   - User account
 shortTitle: User security best practices
 ---
-{% ifversion ghes %}
 
 ## Enabling two-factor authentication
 
 Two-factor authentication (2FA) is a way of logging in to websites and services that requires a second factor beyond a password for authentication. In {% data variables.product.prodname_ghe_server %}'s case, this second factor is a one time authentication code generated by an application on a user's smartphone. We strongly recommend requiring your users to enable two-factor authentication on their accounts. With two-factor authentication, both a user's password and their smartphone would have to be compromised to allow the account itself to be compromised.
 
 For more information on configuring two-factor authentication, see [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication).
-{% endif %}
 
 ## Requiring a password manager
 

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise.md

@@ -65,14 +65,9 @@ If the administrator you want to remove is a member of any organizations owned b
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.people-tab %}
 {% data reusables.enterprise-accounts.administrators-tab %}
-{%- ifversion ghec or ghes %}
 1. Next to the username of the person you'd like to remove, select the {% octicon "kebab-horizontal" aria-label="Administrator settings" %} dropdown menu, then click **Convert to member**{% ifversion ghec %} or **Remove from enterprise**{% endif %}.
    ![Screenshot of a user in the enterprise administrators list. A dropdown menu, labeled with a kebab icon, is highlighted with an orange outline.](/assets/images/help/business-accounts/administrator-settings.png)
 1. Read the confirmation, then click **Yes, convert USERNAME to member**{% ifversion ghec %} or **Yes, remove USERNAME**{% endif %}.
-{%- else %}
-1. Next to the username of the person you'd like to remove, select the {% octicon "gear" aria-label="Administrator settings" %} dropdown menu, then click **Remove owner**.
-1. Read the confirmation, then click **Remove owner**.
-{%- endif %}
 
 ## Further reading
 

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/promoting-or-demoting-a-site-administrator.md

@@ -42,13 +42,9 @@ If you use certain external authentication features, you may not be able to mana
 {% data reusables.enterprise-accounts.people-tab %}
 {% data reusables.enterprise-accounts.administrators-tab %}
 1. In the upper-left corner of the page, in the "Find an administrator" search field, type the username of the person you want to demote.
-{%- ifversion ghes %}
 1. In the search results, find the username of the person you want to demote, then select the {% octicon "kebab-horizontal" aria-label="Administrator settings" %} dropdown menu and click **Convert to member**.
 
    ![Screenshot of a user in the enterprise administrators list. A dropdown menu, labeled with a kebab icon, is highlighted with an orange outline.](/assets/images/help/business-accounts/administrator-settings.png)
-{%- else %}
-1. In the search results, find the username of the person you want to demote, then use the {% octicon "gear" %} drop-down menu, and select **Remove owner**.
-{%- endif %}
 
 ## Promoting a user from the command line
 

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md

@@ -203,8 +203,6 @@ If you use SAML authentication and SCIM provisioning, you can filter members bas
 
 {% endif %}
 
-{% ifversion ghec or ghes %}
-
 ## Viewing members without an email address from a verified domain
 
 You can view a list of members in your enterprise who don't have an email address from a verified domain associated with their user account.
@@ -213,7 +211,6 @@ You can view a list of members in your enterprise who don't have an email addres
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.verified-domains-tab %}
 1. Under "Notification preferences", click the **{% octicon "eye" aria-hidden="true" %} View enterprise members without an approved or verified domain email** link.
-{% endif %}
 
 ## Viewing whether members in your enterprise have 2FA enabled
 

content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md

@@ -27,7 +27,7 @@ Some additional features, such as license checks, blocking of pull requests, and
 
 ## Prerequisites for dependency review
 
-* A license for {% data variables.product.prodname_GH_advanced_security %}{% ifversion ghes %} (see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)).{% endif %}
+* A license for {% data variables.product.prodname_GH_advanced_security %} (see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)).
 
 * The dependency graph enabled for the instance. Site administrators can enable the dependency graph via the management console or the administrative shell (see [AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)).
 

content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance.md

@@ -29,7 +29,7 @@ If someone checks a secret with a known pattern into a repository, {% data varia
 
 * The SSSE3 (Supplemental Streaming SIMD Extensions 3) CPU flag needs to be enabled on the VM/KVM that runs {% data variables.product.prodname_ghe_server %}. For more information about SSSE3, see [Intel 64 and IA-32 Architectures Optimization Reference Manual](https://cdrdv2-public.intel.com/671488/248966-Software-Optimization-Manual-R047.pdf) in the Intel documentation.
 
-* A license for {% data variables.product.prodname_GH_advanced_security %}{% ifversion ghes %} (see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)){% endif %}
+* A license for {% data variables.product.prodname_GH_advanced_security %} (see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security))
 
 * {% data variables.product.prodname_secret_scanning_caps %} enabled in the management console (see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise))
 

content/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise.md

@@ -18,6 +18,6 @@ You can allow users to identify their projects' dependencies by enabling the dep
 
 {% data reusables.dependency-review.dependency-review-enabled-ghes %}
 
-You can also allow users to find and fix vulnerabilities in their code dependencies by enabling {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}. For more information, see [AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise).
+You can also allow users to find and fix vulnerabilities in their code dependencies by enabling {% data variables.product.prodname_dependabot_alerts %} and {% data variables.product.prodname_dependabot_updates %}. For more information, see [AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise).
 
 After you enable {% data variables.product.prodname_dependabot_alerts %}, you can view vulnerability data from the {% data variables.product.prodname_advisory_database %} on {% data variables.product.prodname_ghe_server %} and manually sync the data. For more information, see [AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise).

content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md

@@ -33,7 +33,7 @@ You can create your own unique automations, or you can use and adapt workflows f
 
 {% ifversion ghec %}You can enjoy the convenience of {% data variables.product.company_short %}-hosted runners, which are maintained and upgraded by {% data variables.product.company_short %}, or you{% else %}You{% endif %} can control your own private CI/CD infrastructure by using self-hosted runners. Self-hosted runners allow you to determine the exact environment and resources that complete your builds, testing, and deployments, without exposing your software development cycle to the internet. For more information, see {% ifversion ghec %}[AUTOTITLE](/actions/using-github-hosted-runners/about-github-hosted-runners) and{% endif %} [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners).
 
-{% data variables.product.prodname_actions %} provides greater control over deployments. For example, you can use environments to require approval for a job to proceed, restrict which branches can trigger a workflow, or limit access to secrets.{% ifversion ghec or ghes %} If your workflows need to access resources from a cloud provider that supports OpenID Connect (OIDC), you can configure your workflows to authenticate directly to the cloud provider. OIDC provides security benefits such as eliminating the need to store credentials as long-lived secrets. For more information, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect).{% endif %}
+{% data variables.product.prodname_actions %} provides greater control over deployments. For example, you can use environments to require approval for a job to proceed, restrict which branches can trigger a workflow, or limit access to secrets. If your workflows need to access resources from a cloud provider that supports OpenID Connect (OIDC), you can configure your workflows to authenticate directly to the cloud provider. OIDC provides security benefits such as eliminating the need to store credentials as long-lived secrets. For more information, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect).
 
 {% data variables.product.prodname_actions %} also includes tools to govern your enterprise's software development cycle and meet compliance obligations. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise).
 

content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md

@@ -61,12 +61,8 @@ For more information about minimum hardware requirements for {% data variables.l
 
 {% data reusables.enterprise_installation.about-adjusting-resources %}
 
-{% ifversion ghes %}
-
 Optionally, you can limit resource consumption on {% data variables.location.product_location %} by configuring a rate limit for {% data variables.product.prodname_actions %}. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-rate-limits#configuring-rate-limits-for-github-actions).
 
-{% endif %}
-
 ## External storage requirements
 
 To enable {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_server %}, you must have access to external blob storage.
@@ -91,8 +87,6 @@ All other {% data variables.product.prodname_actions %} data, such as the workfl
 
 {% data reusables.actions.proxy-considerations %} For more information about using a proxy with {% data variables.product.prodname_ghe_server %}, see [AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-an-outbound-web-proxy-server).
 
-{% ifversion ghes %}
-
 ## Enabling {% data variables.product.prodname_actions %} with your storage provider
 
 Follow one of the procedures below to enable {% data variables.product.prodname_actions %} with your chosen storage provider:
@@ -120,8 +114,6 @@ For more information, see [AUTOTITLE](/admin/github-actions/managing-access-to-a
 
 {% data reusables.actions.general-security-hardening %}
 
-{% endif %}
-
 ## Reserved names
 
 When you enable {% data variables.product.prodname_actions %} for your enterprise, two organizations are created: `github` and `actions`. If your enterprise already uses the `github` organization name, `github-org` (or `github-github-org` if `github-org` is also in use) will be used instead. If your enterprise already uses the `actions` organization name, `github-actions` (or `github-actions-org` if `github-actions` is also in use) will be used instead. Once actions is enabled, you won't be able to use these names anymore.

content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md

@@ -78,7 +78,6 @@ You can create a runner group to manage access to the runner that you added to y
 1. To choose a policy for organization access, under "Organization access", select the **Organization access** drop-down, and click **Selected organizations**.
 1. To the right of the drop-down with the organization access policy, click {% octicon "gear" aria-label="Configure organizations" %}.
 1. Select the organizations you'd like to grant access to the runner group.
-{%- ifversion ghec or ghes %}
 1. Optionally, to allow public repositories in the selected organizations to use runners in the group, select **Allow public repositories**.
 
    > [!WARNING]
@@ -86,7 +85,6 @@ You can create a runner group to manage access to the runner that you added to y
    >
    > For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories).
 
-{%- endif %}
 {% data reusables.actions.create-runner-group %}
 1. Click the "Runners" tab.
 1. In the list of runners, click the runner that you deployed in the previous section.

content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md

@@ -98,9 +98,7 @@ If you want more control over the networking policies for your runners, use self
 
 You also have to decide where to add each runner. You can add a self-hosted runner to an individual repository, or you can make the runner available to an entire organization or your entire enterprise. Adding runners at the organization or enterprise levels allows sharing of runners, which might reduce the size of your runner infrastructure. You can use policies to limit access to self-hosted runners at the organization and enterprise levels by assigning groups of runners to specific repositories or organizations. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners) and [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups). You can also use policies to prevent people using repository-level self-hosted runners. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#disabling-repository-level-self-hosted-runners).
 
-{% ifversion ghec or ghes %}
 You should consider using autoscaling to automatically increase or decrease the number of available self-hosted runners. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners).
-{% endif %}
 
 Finally, you should consider security hardening for self-hosted runners. For more information, see [AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners).
 
@@ -113,12 +111,8 @@ Finally, you should consider security hardening for self-hosted runners. For mor
 You must configure external blob storage for workflow artifacts, caches, and other workflow logs. Decide which supported storage provider your enterprise will use. For more information, see [AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server#external-storage-requirements).
 {% endif %}
 
-{% ifversion ghec or ghes %}
-
 You can use policy settings for {% data variables.product.prodname_actions %} to customize the storage of workflow artifacts, caches, and log retention. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise).
 
-{% endif %}
-
 {% ifversion ghec %}
 Some storage is included in your subscription, but additional storage will affect your bill. You should plan for this cost. For more information, see [AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions).
 {% endif %}

content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md

@@ -24,7 +24,7 @@ shortTitle: About actions in your enterprise
 
 {% data reusables.actions.enterprise-no-internet-actions %} You can restrict your developers to using actions that are stored on {% data variables.location.product_location %}, which includes most official {% data variables.product.company_short %}-authored actions, as well as any actions your developers create. Alternatively, to allow your developers to benefit from the full ecosystem of actions built by industry leaders and the open source community, you can configure access to other actions from {% data variables.product.prodname_dotcom_the_website %}.
 
-We recommend allowing automatic access to all actions from {% data variables.product.prodname_dotcom_the_website %}. {% ifversion ghes %}However, this does require {% data variables.product.prodname_ghe_server %} to make outbound connections to {% data variables.product.prodname_dotcom_the_website %}. If you don't want to allow these connections, or{% else %}If{% endif %} you want to have greater control over which actions are used on your enterprise, you can manually sync specific actions from {% data variables.product.prodname_dotcom_the_website %}.
+We recommend allowing automatic access to all actions from {% data variables.product.prodname_dotcom_the_website %}. However, this does require {% data variables.product.prodname_ghe_server %} to make outbound connections to {% data variables.product.prodname_dotcom_the_website %}. If you don't want to allow these connections, or you want to have greater control over which actions are used on your enterprise, you can manually sync specific actions from {% data variables.product.prodname_dotcom_the_website %}.
 
 ## Official actions bundled with your enterprise instance
 

content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md

@@ -34,9 +34,9 @@ If a user has already created an organization and repository in your enterprise
 
 ## Enabling automatic access to public {% data variables.product.prodname_dotcom_the_website %} actions
 
-Before enabling access to public actions from {% data variables.product.prodname_dotcom_the_website %} for your enterprise, you must{% ifversion ghes %}:
+Before enabling access to public actions from {% data variables.product.prodname_dotcom_the_website %} for your enterprise, you must:
 * Configure {% data variables.location.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see [AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server).
-* Enable{% else %} enable{% endif %} {% data variables.product.prodname_github_connect %}. For more information, see [AUTOTITLE](/admin/configuration/configuring-github-connect/managing-github-connect).
+* Enable {% data variables.product.prodname_github_connect %}. For more information, see [AUTOTITLE](/admin/configuration/configuring-github-connect/managing-github-connect).
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.github-connect-tab %}

content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md

@@ -18,11 +18,9 @@ shortTitle: Manually sync actions
 
 {% data reusables.actions.enterprise-no-internet-actions %}
 
-{% ifversion ghes %}
-
 We recommend enabling automatic access to all actions by using {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.prodname_ghe_server %} with {% data variables.product.prodname_ghe_cloud %}. See [AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect).
 
-If you want stricter control over which actions are allowed in your enterprise, you{% else %}You{% endif %} can follow this guide to use our open source [`actions-sync`](https://github.com/actions/actions-sync) tool to sync individual action repositories from {% data variables.product.prodname_dotcom_the_website %} to your enterprise.
+If you want stricter control over which actions are allowed in your enterprise, you can follow this guide to use our open source [`actions-sync`](https://github.com/actions/actions-sync) tool to sync individual action repositories from {% data variables.product.prodname_dotcom_the_website %} to your enterprise.
 
 When you upgrade {% data variables.product.prodname_ghe_server %}, bundled actions are automatically replaced with the default versions in the upgrade package. These may not be the latest available version. As a best practice, if you use `actions-sync` to update actions, you should always rerun `actions-sync` after any {% data variables.product.prodname_ghe_server %} upgrade (major or minor) to ensure that the actions remain up to date.
 
@@ -40,7 +38,7 @@ The `actions-sync` tool can only download actions from {% data variables.product
 ## Prerequisites
 
 * Before using the `actions-sync` tool, you must ensure that all destination organizations already exist in your enterprise. The following example demonstrates how to sync actions to an organization named `synced-actions`. See [AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch).
-* You must create a {% data variables.product.pat_generic %} on your enterprise that can create and write to repositories in the destination organizations. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token).{% ifversion ghes %}
+* You must create a {% data variables.product.pat_generic %} on your enterprise that can create and write to repositories in the destination organizations. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token).
 * If you want to sync the bundled actions in the `actions` organization on {% data variables.location.product_location %}, you must be an owner of the `actions` organization.
 
   > [!NOTE]
@@ -50,7 +48,7 @@ The `actions-sync` tool can only download actions from {% data variables.product
 
   ```shell
   ghe-org-admin-promote -u USERNAME -o actions
-  ```{% endif %}
+  ```
 
 ## Example: Using the `actions-sync` tool
 

content/admin/managing-iam/iam-configuration-reference/saml-configuration-reference.md

@@ -83,7 +83,7 @@ The following SAML attributes are available for {% data variables.product.github
 | `username` | {% octicon "x" aria-label="Optional" %} | The username for {% data variables.location.product_location %}. |
 | {% endif %} |
 | `full_name` | {% octicon "x" aria-label="Optional" %} | {% ifversion ghec %}If you configure SAML SSO for an enterprise and you use {% data variables.product.prodname_emus %}, the{% else %}The{% endif %} full name of the user to display on the user's profile page. |
-| `emails` | {% octicon "x" aria-label="Optional" %} | The email addresses for the user.{% ifversion ghes %} You can specify more than one address.{% endif %}{% ifversion ghec or ghes %} If you sync license usage between {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %}, {% data variables.product.prodname_github_connect %} uses `emails` to identify unique users across products. For more information, see [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud).{% endif %} |
+| `emails` | {% octicon "x" aria-label="Optional" %} | The email addresses for the user.{% ifversion ghes %} You can specify more than one address.{% endif %} If you sync license usage between {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %}, {% data variables.product.prodname_github_connect %} uses `emails` to identify unique users across products. For more information, see [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud). |
 | `public_keys` | {% octicon "x" aria-label="Optional" %} | {% ifversion ghec %}If you configure SAML SSO for an enterprise and you use {% data variables.product.prodname_emus %}, the{% else %}The{% endif %} public SSH keys for the user. You can specify more than one key. |
 | `gpg_keys` | {% octicon "x" aria-label="Optional" %} | {% ifversion ghec %}If you configure SAML SSO for an enterprise and you use {% data variables.product.prodname_emus %}, the{% else %}The{% endif %} GPG keys for the user. You can specify more than one key. |
 

content/admin/managing-iam/understanding-iam-for-enterprises/about-identity-and-access-management.md

@@ -32,12 +32,8 @@ Administrators who configure a {% data variables.product.prodname_ghe_server %}
 
 {% endif %}
 
-{% ifversion ghec or ghes %}
-
 ## Authentication methods
 
-{% endif %}
-
 {% ifversion ghec %}
 
 When you create an enterprise on {% data variables.product.github %}, you can decide how people authenticate to access your resources and who controls the user accounts.
@@ -85,12 +81,8 @@ If you choose to use external authentication, you can also configure fallback au
 
 {% endif %}
 
-{% ifversion ghec or ghes %}
-
 ## About provisioning
 
-{% endif %}
-
 {% ifversion ghec %}
 
 If you use [authentication through {% data variables.location.product_location %} with additional SAML access restriction](#authentication-through-githubcom-with-additional-saml-access-restriction), people create personal accounts on {% data variables.product.prodname_dotcom_the_website %}, and you can grant those personal accounts access to resources in your enterprise. You do not provision accounts.

content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md

@@ -139,8 +139,6 @@ You can enable or disable SAML authentication for {% data variables.location.pro
 
 {% endif %}
 
-{% ifversion ghec or ghes %}
-
 ## Further reading
 
 {%- ifversion ghec %}
@@ -149,5 +147,3 @@ You can enable or disable SAML authentication for {% data variables.location.pro
 {%- ifversion ghes %}
 * [AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/promoting-or-demoting-a-site-administrator)
 {%- endif %}
-
-{% endif %}

content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/viewing-push-logs.md

@@ -27,10 +27,8 @@ Push log entries show:
 * The Git client used to push
 * The SHA hashes from before and after the operation
 
-{% ifversion repository-activity-view %}
 {% data reusables.repositories.activity-view %}
 For more information, see [AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/using-the-activity-view-to-see-changes-to-a-repository).
-{% endif %}
 
 ## Viewing a repository's push logs
 
@@ -40,8 +38,6 @@ For more information, see [AUTOTITLE](/repositories/viewing-activity-and-data-fo
 {% data reusables.enterprise_site_admin_settings.security-tab %}
 1. In the left sidebar, click **Push Log**.
 
-{% ifversion ghes %}
-
 ## Viewing a repository's push logs on the command-line
 
 {% data reusables.enterprise_installation.ssh-into-instance %}
@@ -50,5 +46,3 @@ For more information, see [AUTOTITLE](/repositories/viewing-activity-and-data-fo
    ```shell
    ghe-repo OWNER/REPOSITORY -c "cat audit_log"
    ```
-
-{% endif %}

content/admin/monitoring-and-managing-your-instance/caching-repositories/about-repository-caching.md

@@ -15,7 +15,7 @@ If you have teams and CI farms located around the world, you may experience redu
 
 A repository cache eliminates the need for {% data variables.product.prodname_ghe_server %} to transmit the same Git data over a long-haul network link multiple times to serve multiple clients, by serving your repository data close to CI farms and distributed teams. For instance, if your primary instance is in North America and you also have a large presence in Asia, you will benefit from setting up the repository cache in Asia for use by CI runners there.
 
-The repository cache listens to the primary instance, whether that's a single instance or a geo-replicated set of instances, for changes to Git data. CI farms and other read-heavy consumers clone and fetch from the repository cache instead of the primary instance. Changes are propagated across the network, at periodic intervals, once per cache instance rather than once per client. Git data will typically be visible on the repository cache within several minutes after the data is pushed to the primary instance.{% ifversion ghes %} The [`cache_sync` webhook](/webhooks-and-events/webhooks/webhook-events-and-payloads#cache_sync) can be used by CI systems to react to data being available in the cache.{% endif %}
+The repository cache listens to the primary instance, whether that's a single instance or a geo-replicated set of instances, for changes to Git data. CI farms and other read-heavy consumers clone and fetch from the repository cache instead of the primary instance. Changes are propagated across the network, at periodic intervals, once per cache instance rather than once per client. Git data will typically be visible on the repository cache within several minutes after the data is pushed to the primary instance. The [`cache_sync` webhook](/webhooks-and-events/webhooks/webhook-events-and-payloads#cache_sync) can be used by CI systems to react to data being available in the cache.
 
 {% data variables.product.prodname_ghe_server %} caches both Git and {% data variables.large_files.product_name_long %} ({% data variables.large_files.product_name_short %}) data.
 

content/admin/monitoring-and-managing-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster.md

@@ -6,7 +6,7 @@ redirect_from:
   - /admin/enterprise-management/configuring-high-availability-replication-for-a-cluster
   - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster
 versions:
-  ghes: '>= 3.9'
+  ghes: '*'
 type: how_to
 topics:
   - Clustering

content/admin/monitoring-and-managing-your-instance/configuring-clustering/deferring-database-seeding.md

@@ -18,7 +18,7 @@ redirect_from:
 >The ability to defer database seeding{% ifversion ghes < 3.13 %} was added in patch release
 {%- ifversion ghes = 3.12 %} 3.12.1{%- endif %}
 {%- ifversion ghes = 3.11 %} 3.11.7{%- endif %}
-{%- ifversion ghes = 3.10 %} 3.10.10{%- endif %}
+
  and{% endif %} is available as a {% data variables.release-phases.public_preview %}.
 
 Adding a new MySQL replica node to your cluster when your primary node has more than seven days of data will normally trigger database seeding which can take several hours depending on the amount of data. You can choose to defer database seeding, allowing the config apply run to complete sooner, resulting in being able to open your appliance to traffic sooner.

content/admin/monitoring-and-managing-your-instance/configuring-clustering/initiating-a-failover-to-your-replica-cluster.md

@@ -6,7 +6,7 @@ redirect_from:
   - /admin/enterprise-management/initiating-a-failover-to-your-replica-cluster
   - /admin/monitoring-managing-and-updating-your-instance/configuring-clustering/initiating-a-failover-to-your-replica-cluster
 versions:
-  ghes: '>= 3.9'
+  ghes: '*'
 type: how_to
 topics:
   - Clustering

content/admin/monitoring-and-managing-your-instance/configuring-clustering/upgrading-a-cluster.md

@@ -68,7 +68,7 @@ Use an upgrade package to upgrade a {% data variables.product.prodname_ghe_serve
 ### Upgrading the cluster nodes
 
 1. Enable maintenance mode according to your scheduled window by connecting to the administrative shell of any cluster node and running `ghe-cluster-maintenance -s`.
-{% ifversion ghes > 3.10 and ghes < 3.15 %}
+{% ifversion ghes < 3.15 %}
 1. If you're upgrading from version 3.11 or 3.12 to version 3.13 or later, Elasticsearch will be upgraded as part of the upgrade to your cluster. For more information, see [AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/preparing-for-the-elasticsearch-upgrade).
 
    Before upgrading, you will need to run a script to prepare your cluster for an upgrade to 3.13 or 3.14.

content/admin/monitoring-and-managing-your-instance/configuring-high-availability/removing-a-high-availability-replica.md

@@ -47,9 +47,5 @@ shortTitle: Remove a HA replica
    ghe-repl-teardown
    ```
 
-  {% ifversion ghes %}
-
   > [!NOTE]
   > If you have {% data variables.product.prodname_actions %} enabled, you should decommission the former replica server or update its {% data variables.product.prodname_actions %} configuration to use different external storage. For more information, see [AUTOTITLE](/admin/github-actions/advanced-configuration-and-troubleshooting/high-availability-for-github-actions#high-availability-replicas).
-
-  {% endif %}

content/admin/overview/best-practices-for-enterprises.md

@@ -24,7 +24,7 @@ For help identifying the type of enterprise that will best meet your needs, see
 
 ## Assign multiple owners
 
-{% data reusables.organizations.ent-ownership-recommendation %} {% ifversion ghec or ghes %}For more information, see [AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise).{% endif %}
+{% data reusables.organizations.ent-ownership-recommendation %} For more information, see [AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise).
 
 ## Use policies
 

content/admin/overview/system-overview.md

@@ -83,9 +83,9 @@ For more information, see [AUTOTITLE](/admin/configuration/configuring-your-ente
 
 {% data variables.product.prodname_ghe_server %} runs a customized Linux operating system with only the necessary applications and services. {% data variables.product.company_short %} distributes patches for the instance's core operating system as part of its standard product release cycle. Patches address functionality, stability, and non-critical security issues for {% data variables.product.prodname_ghe_server %}. {% data variables.product.company_short %} also provides critical security patches as needed outside of the regular release cycle.
 
-{% data variables.product.prodname_ghe_server %} is provided as an appliance, and many of the operating system packages are modified compared to the usual {% ifversion ghes > 3.10 %}Ubuntu{% else %}Debian{% endif %} distribution. We do not support modifying the underlying operating system for this reason (including operating system upgrades), which is aligned with the [{% data variables.product.prodname_ghe_server %} license and support agreement](https://enterprise.github.com/license), under section 11.3 Exclusions.
+{% data variables.product.prodname_ghe_server %} is provided as an appliance, and many of the operating system packages are modified compared to the usual Ubuntu distribution. We do not support modifying the underlying operating system for this reason (including operating system upgrades), which is aligned with the [{% data variables.product.prodname_ghe_server %} license and support agreement](https://enterprise.github.com/license), under section 11.3 Exclusions.
 
-Currently, the base operating system for {% data variables.product.prodname_ghe_server %} is {% ifversion ghes > 3.10 %}Ubuntu 20 (Focal Fossa){% else %}Debian 10 (Buster), which receives support under the Debian Long Term Support program{% endif %}.
+Currently, the base operating system for {% data variables.product.prodname_ghe_server %} is Ubuntu 20 (Focal Fossa).
 
 Regular patch updates are released on the {% data variables.product.prodname_ghe_server %} [releases](https://enterprise.github.com/releases) page, and the [release notes](/admin/release-notes) page provides more information. These patches typically contain upstream vendor and project security patches after they've been tested and quality approved by our engineering team. There can be a slight time delay from when the upstream update is released to when it's tested and bundled in an upcoming {% data variables.product.prodname_ghe_server %} patch release.
 

content/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package.md

@@ -52,7 +52,7 @@ While you can use a hotpatch to upgrade to the latest patch release within a fea
 
    To check the status of background jobs, use the `ghe-check-background-upgrade-jobs` utility. If you're running back-to-back upgrades, you must ensure background jobs are complete before proceeding with the following upgrade to a feature release.
 
-   {%- ifversion ghes < 3.12 %} To use this utility with {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.{% endif %} See [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-check-background-upgrade-jobs).
+   {%- ifversion ghes < 3.12 %} To use this utility with {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.1 or later.{% endif %} See [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-check-background-upgrade-jobs).
 
    To monitor progress of the configuration run, read the output in `/data/user/common/ghe-config.log`. For example, you can tail the log by running the following command:
 

content/admin/upgrading-your-instance/preparing-to-upgrade/upgrade-requirements.md

@@ -29,7 +29,7 @@ topics:
 * If you’re several versions behind, upgrade {% data variables.location.product_location %} as far forward as possible with each step of your upgrade process. Using the latest version possible on each upgrade allows you to take advantage of performance improvements and bug fixes. For example, you could upgrade from {% data variables.product.prodname_enterprise %} 2.7 to 2.8 to 2.10, but upgrading from {% data variables.product.prodname_enterprise %} 2.7 to 2.9 to 2.10 uses a later version in the second step.
 * Use the latest patch release when upgrading. {% data reusables.enterprise_installation.enterprise-download-upgrade-pkg %}
 * Use a staging instance to test the upgrade steps. For more information, see [AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance).
-* When running multiple upgrades, ensure data migrations and upgrade tasks running in the background are fully complete before proceeding to the next feature upgrade. To check the status of these processes, you can use the `ghe-migrations` and `ghe-check-background-upgrade-jobs` command-line utilities. {% ifversion ghes < 3.12 %} To use `ghe-check-background-upgrade-jobs` with {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later. {% endif %}For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#upgrading-github-enterprise-server).
+* When running multiple upgrades, ensure data migrations and upgrade tasks running in the background are fully complete before proceeding to the next feature upgrade. To check the status of these processes, you can use the `ghe-migrations` and `ghe-check-background-upgrade-jobs` command-line utilities. {% ifversion ghes < 3.12 %} To use `ghe-check-background-upgrade-jobs` with {% data variables.product.prodname_ghe_server %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.1 or later. {% endif %}For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#upgrading-github-enterprise-server).
 * Take a snapshot before upgrading your virtual machine. For more information, see [AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/taking-a-snapshot).
 * Ensure you have a recent, successful backup of your instance. For more information, see the [{% data variables.product.prodname_enterprise_backup_utilities %} README.md file](https://github.com/github/backup-utils#readme).
 
@@ -51,14 +51,6 @@ Use the number to estimate the amount of disk space the MySQL audit logs will ne
 
 {% data reusables.enterprise_installation.preflight-checks %}
 
-{% ifversion ghes = 3.10 %}
-
-## Known issues
-
-Review known issues that may apply to your upgrade. For more information, see [AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance).
-
-{% endif %}
-
 ## Next steps
 
 After reviewing these recommendations and requirements, you can upgrade {% data variables.product.prodname_ghe_server %}. For more information, see [AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process).

content/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance.md

@@ -21,179 +21,7 @@ redirect_from:
 
 {% data variables.product.company_short %} strongly recommends regular backups of your instance's configuration and data. Before you proceed with any upgrade, back up your instance, then validate the backup in a staging environment. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance) and [AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance).
 
-{% ifversion ghes = 3.10 %}
+{% ifversion ghes < 3.13 %}
-
-## Increased I/O utilization from MySQL 8 upgrade in {% data variables.product.prodname_ghe_server %} 3.9 or later
-
-If you upgrade from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9 or later, an upgrade to the database software on your instance will increase I/O utilization. In some cases, this may affect your instance's performance.
-
-{% data variables.product.prodname_ghe_server %} includes a MySQL database server supported by the InnoDB storage engine. {% data variables.product.prodname_ghe_server %} 3.8 and earlier use MySQL 5.7. In October 2023, Oracle will end extended support for MySQL 5.7. For more information, see [Oracle Lifetime Support Policy](https://www.oracle.com/us/support/library/lifetime-support-technology-069183.pdf) on the Oracle Support website.
-
-To future-proof {% data variables.product.prodname_ghe_server %} and provide the latest security updates, bug fixes, and performance improvements, {% data variables.product.prodname_ghe_server %} 3.9 and later use MySQL 8.0. MySQL 8.0 achieves a higher number of queries per second (QPS) due to a redesigned REDO log. For more information, see [MySQL Performance: 8.0 re-designed REDO log & ReadWrite Workloads Scalability](http://dimitrik.free.fr/blog/archives/2017/10/mysql-performance-80-redesigned-redo-log-readwrite-workloads-scalability.html) on DimitriK's (dim) Weblog.
-
-After the upgrade to {% data variables.product.prodname_ghe_server %} 3.9, if you experience unacceptable degradation in the performance of your instance, you can collect data from your instance's monitor dashboard to confirm the impact. You can attempt to mitigate the issue, and you can provide the data to {% data variables.contact.github_support %} to help profile and communicate the real-world impact of this change.
-
-> [!WARNING]
-> Due to the nature of this upgrade, back up your instance's configuration and data before proceeding. Validate the backup in a staging environment. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance) and [AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance).
-
-### Collecting baseline I/O utilization data before the MySQL upgrade
-
-Collect the baseline data before upgrading to {% data variables.product.prodname_ghe_server %} 3.9 or later. To collect baseline data, {% data variables.product.company_short %} recommends that you set up a staging instance of {% data variables.product.prodname_ghe_server %} running 3.7 or 3.8 and restore data from your production instance using {% data variables.product.prodname_enterprise_backup_utilities %}. For more information, see [AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance) and [AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance).
-
-You may not be able to simulate the load that your instance experiences in a production environment. However, it's useful if you can collect baseline data while simulating patterns of usage from your production environment on the staging instance.
-
-1. Browse to your instance's monitor dashboard. For more information, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-the-monitor-dashboards).
-1. From the monitor dashboard, monitor relevant graphs.
-
-   * Under "Processes", monitor the graphs for "I/O operations (Read IOPS)" and "I/O operations (Write IOPS)", filtering for `mysqld`. These graphs display I/O operations for all of the node's services.
-   * Under "Storage", monitor the graph for "Disk utilization (Data Device DEVICE-ID)". This graph displays the amount of time spent on all of the node's I/O operations.
-
-### Reviewing I/O utilization data after the MySQL upgrade
-
-After the upgrade to {% data variables.product.prodname_ghe_server %} 3.9, review the instance's I/O utilization. {% data variables.product.company_short %} recommends that you upgrade a staging instance of {% data variables.product.prodname_ghe_server %} running 3.7 or 3.8 that includes restored data from your production instance, or that you restore data from your production instance to a new staging instance running 3.9. For more information, see [AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance) and [AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance).
-
-1. Browse to your instance's monitor dashboard. For more information, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-the-monitor-dashboards).
-1. From the monitor dashboard, monitor relevant graphs.
-
-   * Under "Processes", monitor the graphs for "I/O operations (Read IOPS)" and "I/O operations (Write IOPS)", filtering for `mysqld`. These graphs display I/O operations for all of the node's services.
-   * Under "Storage", monitor the graphs for "Disk utilization (Data Device DEVICE ID)" and "Disk Latency (Data Device DEVICE-ID)". These graph display the amount of time spent on all of the node's I/O operations, as well as overall disk latency.
-     * Significant increases to disk latency could indicate that your instance is forcing disk IOPS to wait to complete.
-     * You can corroborate an observation of increased latency by reviewing the graph for "Disk pending operations (Data Device DEVICE-ID)", which could indicate that the disk cannot sufficiently address all operations.
-
-### Mitigating impact of the MySQL upgrade
-
-To address unacceptable degradation of performance, {% data variables.product.company_short %} recommends the following solutions.
-
-Before you test any mitigation procedure in a production environment, back up your instance, validate the backup, then test the procedure in a staging environment. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance) and [AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance).
-* [Adjust InnoDB's flushing method](#adjust-innodbs-flushing-method)
-* [Upgrade your instance's storage](#upgrade-your-instances-storage)
-
-#### Adjust InnoDB's flushing method
-
-To attempt to mitigate the performance impact, you can adjust InnoDB's flushing method to skip the `fsync()` system call after each write operation. For more information, see [`innodb_flush_method`](https://dev.mysql.com/doc/refman/8.0/en/innodb-parameters.html#sysvar_innodb_flush_method) in the MySQL 8.0 Reference Manual.
-
-The following instructions are only intended for {% data variables.product.prodname_ghe_server %} 3.9 and later.
-
-> [!WARNING]
-> Adjustment of the flushing method requires that your instance's storage device has a battery-backed cache. If the device's cache is not battery-backed, you risk data loss.
->
-> * If you host your instance using a virtualization hypervisor within an on-premises datacenter, review your storage specifications to confirm.
-> * If you host your instance in a public cloud service, consult your provider's documentation or support team to confirm.
-
-{% data reusables.enterprise_installation.ssh-into-instance %}
-1. To validate the current flushing method for InnoDB, run the following command.
-
-   ```shell copy
-   ghe-config mysql.innodb-flush-no-fsync
-   ```
-
-   By default, the command returns `false`, indicating that your instance performs an `fsync()` system call after each write operation.
-1. To configure InnoDB to skip the `fsync()` system call after each write operation, run the following command.
-
-   ```shell copy
-   ghe-config mysql.innodb-flush-no-fsync true
-   ```
-
-{% data reusables.enterprise.apply-configuration %}
-
-#### Upgrade your instance's storage
-
-You can reduce pending operations, increase IOPS, and improve performance by provisioning faster storage for your instance's nodes. To upgrade your instance's storage, back up your instance and restore the backup to a new replacement instance. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance).
-
-### Sharing data with {% data variables.product.company_short %}
-
-Finally, if you're willing to help {% data variables.product.company_short %} understand the real-world impact of the upgrade to MySQL 8, you can provide the data you've collected to {% data variables.contact.github_support %}. Provide the baseline and post-upgrade observations from the monitor dashboard, along with a support bundle that covers the period when you collected data. For more information, see [AUTOTITLE](/support/learning-about-github-support/about-github-support) and [AUTOTITLE](/support/contacting-github-support/providing-data-to-github-support).
-
-The data you submit helps {% data variables.product.company_short %} continue to provide a performant product, but {% data variables.product.company_short %} does not guarantee any additional mitigation steps or changes to the product as a result of the data you provide.
-
-## MySQL does not start after upgrade to {% data variables.product.prodname_ghe_server %} 3.9 or 3.10
-
-During an upgrade to {% data variables.product.prodname_ghe_server %} 3.9 (from 3.7 or 3.8) or 3.10 (from 3.8 only), if MySQL did not gracefully shut down during the shutdown of the {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 instance, MySQL will attempt to go through crash recovery when the {% data variables.product.prodname_ghe_server %} 3.9 or 3.10 instance starts up. Since {% data variables.product.prodname_ghe_server %} 3.7 and 3.8 uses MySQL 5.7 and {% data variables.product.prodname_ghe_server %} 3.9 and 3.10 have been upgraded to MySQL 8.0, MySQL will not be able to complete crash recovery.
-
-If you are upgrading from {% data variables.product.prodname_ghe_server %} 3.9 to 3.10 then you will not be affected by this issue, as MySQL has already been upgraded from 5.7 to 8.0 on your instance.
-
-If you experience this problem, the following error will be in the mysql error log (`/var/log/mysql/mysql.err`):
-
-```shell copy
-[ERROR] [MY-012526] [InnoDB] Upgrade after a crash is not supported. This redo log was created with MySQL 5.7.40. Please follow the instructions at http://dev.mysql.com/doc/refman/8.0/en/upgrading.html
-```
-
-### Avoiding this issue
-
-We strongly recommend you upgrade your {% data variables.product.prodname_ghe_server %} instance to the latest patch version (3.7.14 or higher, or 3.8.7 or higher) before you upgrade to 3.9 or 3.10. These versions contain a fix for the upgrade issue.
-
-If you cannot upgrade {% data variables.location.product_location %}, then you can avoid the issue by updating the nomad timeout for MySQL before starting an upgrade to {% data variables.product.prodname_ghe_server %} 3.9 (from 3.7 or 3.8) or 3.10 (from 3.8 only).
-
-1. Put your instance into maintenance mode:
-
-   ```shell copy
-   ghe-maintenance -s
-   ```
-
-1. Update consul template for nomad:
-
-   ```shell copy
-   sudo sed -i.bak '/kill_signal/i \      kill_timeout = "10m"' /etc/consul-templates/etc/nomad-jobs/mysql/mysql.hcl.ctmpl
-   ```
-
-1. Render consul template for nomad:
-
-   ```shell copy
-   sudo consul-template -once -template /etc/consul-templates/etc/nomad-jobs/mysql/mysql.hcl.ctmpl:/etc/nomad-jobs/mysql/mysql.hcl
-   ```
-
-1. Verify current `kill_timeout` setting:
-
-   ```shell copy
-   nomad job inspect mysql | grep KillTimeout
-   ```
-
-   Expected response:
-
-   ```shell copy
-   "KillTimeout": 5000000000
-   ```
-
-1. Stop MySQL:
-
-   ```shell copy
-   nomad job stop mysql
-   ```
-
-1. Run new MySQL job:
-
-   ```shell copy
-   nomad job run /etc/nomad-jobs/mysql/mysql.hcl
-   ```
-
-1. Verify kill_timeout has been updated:
-
-   ```shell copy
-   nomad job inspect mysql | grep KillTimeout
-   ```
-
-   Expected response:
-
-   ```shell copy
-   "KillTimeout": 600000000000,
-   ```
-
-1. Take instance out of maintenance mode:
-
-   ```shell copy
-   ghe-maintenance -u
-   ```
-
-Now that the nomad timeout for MySQL has been updated you can upgrade your {% data variables.product.prodname_ghe_server %} instance to 3.9.
-
-### Mitigating a failed restart of MySQL
-
-If you're affected by this problem, restore your {% data variables.product.prodname_ghe_server %} instance to the state it was in prior to the upgrade attempt, and then follow the steps from the previous section.
-
-For more information about restoring from a failed upgrade, see [AUTOTITLE](/admin/upgrading-your-instance/troubleshooting-upgrades/restoring-from-a-failed-upgrade).
-
-{% endif %}
-{% ifversion ghes > 3.10 and ghes < 3.13 %}
 
 ## Recommendations for server resources
 

content/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on.md

@@ -13,8 +13,6 @@ shortTitle: SAML single sign-on
 ---
 ## About authentication with SAML SSO
 
-{% ifversion ghec %}
-
 {% data reusables.saml.dotcom-saml-explanation %} Organization owners can invite your personal account on {% data variables.product.prodname_dotcom %} to join their organization that uses SAML SSO, which allows you to contribute to the organization and retain your existing identity and contributions on {% data variables.product.prodname_dotcom %}.
 
 If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}, you will instead use a new account that is provisioned for you and controlled by your enterprise. {% data reusables.enterprise-accounts.emu-more-info-account %}
@@ -55,8 +53,6 @@ To see the {% data variables.product.prodname_oauth_apps %} you've authorized, v
 
 For more information, see [AUTOTITLE](/apps/using-github-apps/saml-and-github-apps).
 
-{% endif %}
-
 ## Further reading
 
-{% ifversion ghec %}- [AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on){% endif %}
+* [AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on)

content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security.md

@@ -29,7 +29,7 @@ There are a few ways to trial {% data variables.product.prodname_GH_advanced_sec
 
 * If you are **an existing {% data variables.product.prodname_ghe_cloud %} customer** paying by credit card or PayPal, and you have not yet purchased {% data variables.product.prodname_GH_advanced_security %} or participated in a trial, you can start a trial of {% data variables.product.prodname_GH_advanced_security %} at any time. For more information, see [Setting up your trial of {% data variables.product.prodname_GH_advanced_security %}](#setting-up-your-trial-of-github-advanced-security).
 * If you are **a new {% data variables.product.prodname_ghe_cloud %} customer**, you can start a trial of {% data variables.product.prodname_ghe_cloud %}, which includes {% data variables.product.prodname_GH_advanced_security %}. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud).
-* {% ifversion ghec %}If you **pay by invoice**, contact {% data variables.contact.contact_enterprise_sales %} to discuss trialing {% data variables.product.prodname_GH_advanced_security %} for your enterprise.{% endif %}
+* If you **pay by invoice**, contact {% data variables.contact.contact_enterprise_sales %} to discuss trialing {% data variables.product.prodname_GH_advanced_security %} for your enterprise.
 
 During a trial of {% data variables.product.prodname_GH_advanced_security %} in a {% data variables.product.prodname_ghe_cloud %} account with a paid subscription, you can add any number of committers and enable {% data variables.product.prodname_GH_advanced_security %} for any number of organizations. During a trial of {% data variables.product.prodname_ghe_cloud %}, you can enable {% data variables.product.prodname_GH_advanced_security %} for your whole enterprise.
 

content/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud.md

@@ -32,7 +32,6 @@ When you synchronize license usage, only the user ID and email addresses for eac
 
 You can use {% data variables.product.prodname_github_connect %} to automatically synchronize user license count and usage between {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %} weekly. For more information, see [Enabling automatic user license sync for your enterprise]({% ifversion ghec %}/enterprise-server@latest{% endif %}/admin/configuration/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise){% ifversion ghec %} in the {% data variables.product.prodname_ghe_server %} documentation.{% elsif ghes %}.{% endif %}
 
-{% ifversion ghec or ghes %}
 After you enable {% data variables.product.prodname_github_connect %}, license data will be automatically synchronized weekly. You can also manually synchronize your license data at any time, by triggering a license sync job.
 
 ### Triggering a license sync job
@@ -43,8 +42,6 @@ After you enable {% data variables.product.prodname_github_connect %}, license d
 {% data reusables.enterprise-accounts.license-tab %}
 1. Under "License sync", click **{% octicon "sync" aria-hidden="true" %} Sync now**.
 
-{% endif %}
-
 ## Manually uploading GitHub Enterprise Server license usage
 
 You can download a JSON file from {% data variables.product.prodname_ghe_server %} and upload the file to {% data variables.product.prodname_ghe_cloud %} to manually sync user license usage between the two deployments.

content/billing/using-the-billing-platform/about-billing-for-your-enterprise.md

@@ -20,8 +20,6 @@ shortTitle: Billing for your enterprise
 
 ## About billing for your enterprise
 
-{% ifversion ghec or ghes %}
-
 {% ifversion ghec %}
 
 When you use an enterprise account on {% data variables.product.prodname_dotcom %}, the enterprise account is the central point for all billing within your enterprise, including the organizations that your enterprise owns.
@@ -54,8 +52,6 @@ Administrators for your enterprise account on {% data variables.product.prodname
 {% data reusables.billing.ghes-with-no-enterprise-account %}
 {% endif %}
 
-{% endif %}
-
 {% ifversion enhanced-billing-platform %}
 
 ## How do I know which billing platform I'm using?

content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md

@@ -30,7 +30,7 @@ versions:
 
 Default setup for {% data variables.product.prodname_code_scanning %} is the quickest, easiest, most low-maintenance way to enable {% data variables.product.prodname_code_scanning %} for your repository. Based on the code in your repository, default setup will automatically create a custom {% data variables.product.prodname_code_scanning %} configuration. After enabling default setup, the code written in {% data variables.product.prodname_codeql %}-supported languages in your repository will be scanned:
 * On each push to the repository's default branch, or any protected branch. For more information on protected branches, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches).
-* When creating or committing to a pull request based against the repository's default branch, or any protected branch, excluding pull requests from forks.{% ifversion default-setup-scan-on-schedule %}
+* When creating or committing to a pull request based against the repository's default branch, or any protected branch, excluding pull requests from forks.
 * On a weekly schedule.
 
 {% ifversion code-scanning-default-setup-exclude-dormant-repos %}
@@ -38,7 +38,6 @@ Default setup for {% data variables.product.prodname_code_scanning %} is the qui
 > [!NOTE]
 > If no pushes and pull requests have occurred in a repository with default setup enabled for 6 months, the weekly schedule will be disabled to save your {% data variables.product.prodname_actions %} minutes.
 
-{% endif %}
 {% endif %}
 
 You can also enable default setup for multiple or all repositories in an organization at the same time. For information on bulk enablement, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale).
@@ -50,7 +49,7 @@ If you need more granular control over your {% data variables.product.prodname_c
 Your repository is eligible for default setup for {% data variables.product.prodname_code_scanning %} if:{% ifversion default-setup-pre-enablement %}
 <!-- No restrictions on languages. Can be set up before CodeQL supported languages are added. -->
 {% else %}
-* It includes at least one {% data variables.product.prodname_codeql %}-supported language{% ifversion ghes = 3.10 %} aside from Swift{% endif %}.{% endif %}
+* It includes at least one {% data variables.product.prodname_codeql %}-supported language.{% endif %}
 * {% data variables.product.prodname_actions %} are enabled.{% ifversion fpt %}
 * It is publicly visible.{%- elsif ghec %}
 * It is publicly visible, or {% data variables.product.prodname_GH_advanced_security %} is enabled.{%- elsif ghes %}
@@ -62,7 +61,7 @@ Your repository is eligible for default setup for {% data variables.product.prod
 If your repository includes at least one {% data variables.product.prodname_codeql %}-supported language, you can use default setup even if your repository also includes languages that aren't supported by {% data variables.product.prodname_codeql %}, such as R. Unsupported languages will not be scanned by default setup. For more information on {% data variables.product.prodname_codeql %}-supported languages, see [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql).
 {% endif %}
 
-You can use default setup for all {% data variables.product.prodname_codeql %}-supported languages{% ifversion ghes = 3.10 %} except Swift{% endif %} for self-hosted runners or {% data variables.product.prodname_dotcom %}-hosted runners. See [Assigning labels to runners](#assigning-labels-to-runners), later in this article.
+You can use default setup for all {% data variables.product.prodname_codeql %}-supported languages for self-hosted runners or {% data variables.product.prodname_dotcom %}-hosted runners. See [Assigning labels to runners](#assigning-labels-to-runners), later in this article.
 
 {% ifversion codeql-no-build %}Default setup uses the `none` build mode for {% data variables.code-scanning.no_build_support %} and uses the `autobuild` build mode for other compiled languages. You should configure your self-hosted runners to make sure they can run all the necessary commands for C/C++, C#, and Swift analysis. Analysis of JavaScript/TypeScript, Go, Ruby, Python, and Kotlin code does not currently require special configuration.{% else %}Default setup runs the `autobuild` action, so you should configure your self-hosted runners to make sure they can run all the necessary commands for {% data variables.code-scanning.compiled_languages %} analysis. Analysis of JavaScript/TypeScript, Go, Ruby, Python, and Kotlin code does not currently require special configuration.{% endif %}
 
@@ -72,13 +71,11 @@ We recommend that you start using {% data variables.product.prodname_code_scanni
 
 {% ifversion code-scanning-default-setup-recommended-languages %}
 
-### About adding {% ifversion code-scanning-default-setup-automatic-311 %}non-compiled and {% endif %}compiled languages to your default setup
+### About adding non-compiled and compiled languages to your default setup
 
-{% ifversion code-scanning-default-setup-automatic-311 %}
 If the code in a repository changes to include Go, JavaScript/TypeScript, Python, or Ruby, {% data variables.product.prodname_dotcom %} will automatically update the {% data variables.product.prodname_code_scanning %} configuration to include the new language. If {% data variables.product.prodname_code_scanning %} fails with the new configuration, {% data variables.product.prodname_dotcom %} will resume the previous configuration automatically so the repository does not lose {% data variables.product.prodname_code_scanning %} coverage.
-{% endif %}
 
-Compiled languages are not automatically included in default setup configuration because they often require more advanced configuration, but you can manually select any {% data variables.product.prodname_codeql %}-supported compiled language{% ifversion ghes = 3.10 %} other than Swift{% endif %} for analysis.
+Compiled languages are not automatically included in default setup configuration because they often require more advanced configuration, but you can manually select any {% data variables.product.prodname_codeql %}-supported compiled language for analysis.
 
 {% endif %}
 

content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql.md

@@ -51,14 +51,10 @@ For information about {% data variables.product.prodname_code_scanning %} alerts
 
 {% data reusables.code-scanning.beta-actions-analysis %}
 
-{% ifversion fpt or ghec or ghes > 3.10 %}
-
 ## Modeling custom or niche frameworks
 
 {% data variables.product.github %} experts, security researchers, and community contributors write libraries to model the flow of data in popular frameworks and libraries. If you use custom dependencies that aren't modeled, then you can use the {% data variables.product.prodname_codeql %} extension for {% data variables.product.prodname_vscode %} to create models for these dependencies and use them to extend your analysis. For more information, see [AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor).
 
-{% endif %}
-
 ## {% data variables.product.prodname_codeql %} queries
 
 {% data variables.product.github %} experts, security researchers, and community contributors write and maintain the default {% data variables.product.prodname_codeql %} queries used for {% data variables.product.prodname_code_scanning %}. The queries are regularly updated to improve analysis and reduce any false positive results.{% ifversion ghes %} For details of the queries available in the default and extended packs, see [Queries included in the default and security-extended query suites](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#queries-included-in-the-default-and-security-extended-query-suites).{% endif %}

content/code-security/secret-scanning/introduction/about-secret-scanning.md

@@ -24,7 +24,7 @@ shortTitle: Secret scanning
 
 {% data variables.product.prodname_secret_scanning_caps %} is a security feature that helps detect and prevent the accidental inclusion of sensitive information such as API keys, passwords, tokens, and other secrets in your repository. When enabled, {% data variables.product.prodname_secret_scanning %} scans commits in repositories for known types of secrets and alerts repository administrators upon detection.
 
-{% data variables.product.prodname_secret_scanning_caps %} scans your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repository for secrets{% ifversion ghec or ghes %}, even if the repository is archived{% endif %}.{% ifversion ghes < 3.11 %} {% data variables.product.prodname_secret_scanning_caps %} does not scan issues.{% endif %} {% data variables.product.prodname_dotcom %} will also periodically run a full Git history scan for new secret types in existing content in {% ifversion fpt %}public{% else %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} repositories where {% data variables.product.prodname_secret_scanning %} is enabled when new supported secret types are added.
+{% data variables.product.prodname_secret_scanning_caps %} scans your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repository for secrets{% ifversion ghec or ghes %}, even if the repository is archived{% endif %}. {% data variables.product.prodname_dotcom %} will also periodically run a full Git history scan for new secret types in existing content in {% ifversion fpt %}public{% else %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} repositories where {% data variables.product.prodname_secret_scanning %} is enabled when new supported secret types are added.
 
 {% data reusables.secret-scanning.what-is-scanned %}
 

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md

@@ -42,9 +42,7 @@ When you remove a custom pattern, {% data variables.product.prodname_dotcom %} g
 
 ## Enabling push protection for a custom pattern
 
-You can enable {% data variables.product.prodname_secret_scanning %} as a push protection for custom patterns stored at {% ifversion ghec or ghes %}the enterprise, organization, or repository level{% else %} the organization or repository level{% endif %}.
+You can enable {% data variables.product.prodname_secret_scanning %} as a push protection for custom patterns stored at the enterprise, organization, or repository level.
-
-{% ifversion ghec or ghes %}
 
 ### Enabling push protection for a custom pattern stored in an enterprise
 
@@ -66,8 +64,6 @@ Before enabling push protection for a custom pattern at enterprise level, you mu
 
    ![Screenshot of the custom pattern page with the button to enable push protection highlighted with a dark orange outline.](/assets/images/help/repository/secret-scanning-custom-pattern-enable-push-protection.png)
 
-{% endif %}
-
 ### Enabling {% data variables.product.prodname_secret_scanning %} as a push protection in an organization for a custom pattern
 
 Before enabling push protection for a custom pattern at organization level, you must ensure that you enable {% data variables.product.prodname_secret_scanning %} for the repositories that you want to scan in your organization. To enable {% data variables.product.prodname_secret_scanning %} on all repositories in your organization, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization).

content/codespaces/managing-codespaces-for-your-organization/managing-development-environment-secrets-for-your-repository-or-organization.md

@@ -19,11 +19,11 @@ product: 'Development environment secrets are available in all public repositori
 
 ## About secrets
 
-Development environment secrets are {% ifversion fpt or ghec %}encrypted {% endif %}environment variables that you create in the {% data variables.product.prodname_github_codespaces %} settings for an organization, a repository, or a personal account. This article explains how to manage organization secrets and repository secrets. For information on creating user-specific secrets, see [AUTOTITLE](/codespaces/managing-your-codespaces/managing-your-account-specific-secrets-for-github-codespaces).
+Development environment secrets are encrypted environment variables that you create in the {% data variables.product.prodname_github_codespaces %} settings for an organization, a repository, or a personal account. This article explains how to manage organization secrets and repository secrets. For information on creating user-specific secrets, see [AUTOTITLE](/codespaces/managing-your-codespaces/managing-your-account-specific-secrets-for-github-codespaces).
 
-The development environment secrets that you create are available to use in {% data variables.product.prodname_github_codespaces %}. {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %} uses a [libsodium sealed box](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes) to encrypt secrets before they reach {% data variables.product.prodname_dotcom %} and only decrypts them when you use them in a codespace.
+The development environment secrets that you create are available to use in {% data variables.product.prodname_github_codespaces %}. {% data variables.product.prodname_dotcom %} uses a [libsodium sealed box](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes) to encrypt secrets before they reach {% data variables.product.prodname_dotcom %} and only decrypts them when you use them in a codespace.
 
-{% endif %}Organization secrets let you share secrets between multiple repositories, which reduces the need to create duplicate secrets. You can use access policies to control which repositories can use organization secrets.
+Organization secrets let you share secrets between multiple repositories, which reduces the need to create duplicate secrets. You can use access policies to control which repositories can use organization secrets.
 
 {% data reusables.codespaces.secrets-on-start %}
 

content/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam.md

@@ -88,6 +88,6 @@ If reported content is enabled for a public repository, you can also report cont
 
 * [AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions)
 * [AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests)
-* [AUTOTITLE](/communities/moderating-comments-and-conversations/managing-disruptive-comments){% ifversion fpt or ghec %}
+* [AUTOTITLE](/communities/moderating-comments-and-conversations/managing-disruptive-comments)
-* [AUTOTITLE](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository){% endif %}
+* [AUTOTITLE](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository)
 * [AUTOTITLE](/communities/moderating-comments-and-conversations/tracking-changes-in-a-comment)

content/get-started/learning-about-github/githubs-plans.md

@@ -122,7 +122,7 @@ In addition to the features available with {% data variables.product.prodname_te
 * Deployment protection rules with {% data variables.product.prodname_actions %} for private or internal repositories
 * {% data variables.product.prodname_github_connect %}
 * The option to purchase {% data variables.product.prodname_GH_advanced_security %}. For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
-* Additional features such as internal repositories{% ifversion repo-rules %}, security overview, and repository rules{% else %} and security overview{% endif %}.
+* Additional features such as internal repositories, security overview, and repository rules.
 
 {% data variables.product.prodname_ghe_cloud %} specifically includes:
 * 50,000 {% data variables.product.prodname_actions %} minutes per month

content/get-started/onboarding/getting-started-with-github-enterprise-server.md

@@ -104,19 +104,13 @@ You can also require two-factor authentication for each of your organizations. F
 
 You can implement required status checks and commit verifications to enforce your organization's compliance standards and automate compliance workflows. You can also use the audit log for your organization to review actions performed by your team. For more information, see [AUTOTITLE](/admin/policies/enforcing-policy-with-pre-receive-hooks) and [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise).
 
-{% ifversion ghes %}
-
 ### 3. Configuring security features for your organizations
 
 {% data reusables.getting-started.configuring-security-features %}
-{% endif %}
-
-{% ifversion ghes %}
 
 ### 4. Enabling {% data variables.product.prodname_GH_advanced_security %} features
 
 You can upgrade your  {% data variables.product.prodname_ghe_server %} license to include {% data variables.product.prodname_GH_advanced_security %}. This provides extra features that help users find and fix security problems in their code, such as code and secret scanning. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise).
-{% endif %}
 
 ## Part 4: Customizing and automating your enterprise's work on {% data variables.product.github %}
 
@@ -130,8 +124,6 @@ You can build integrations with the {% data variables.product.prodname_ghe_serve
 
 {% data reusables.getting-started.api %}
 
-{% ifversion ghes %}
-
 ### 3. Building {% data variables.product.prodname_actions %}
 
 {% data reusables.getting-started.actions %}
@@ -143,7 +135,6 @@ For more information on enabling and configuring {% data variables.product.prodn
 {% data reusables.getting-started.packages %}
 
 For more information on enabling and configuring {% data variables.product.prodname_registry %} for {% data variables.location.product_location %}, see [AUTOTITLE](/admin/packages/getting-started-with-github-packages-for-your-enterprise).
-{% endif %}
 
 ### 5. Using {% data variables.product.prodname_pages %}
 

content/get-started/onboarding/getting-started-with-github-team.md

@@ -91,7 +91,7 @@ You can help to make your organization more secure by recommending or requiring
 
 {% data reusables.getting-started.marketplace %}
 
-### 2. Using the {% ifversion fpt or ghec %}{% data variables.product.github %}{% else %}{% data variables.product.prodname_ghe_server %}{% endif %} API
+### 2. Using the {% data variables.product.github %} API
 
 {% data reusables.getting-started.api %}
 

content/issues/planning-and-tracking-with-projects/managing-your-project/exporting-your-projects-data.md

@@ -19,4 +19,4 @@ You can download a view as a _.tsv_ (tab-separated) file.
 
 {% data reusables.projects.open-view-menu %}
 
-1. Click {% ifversion ghes < 3.11 %}**Download**{% else %}**Export view data**{% endif %}.
+1. Click **Export view data**.

content/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization.md

@@ -68,5 +68,5 @@ When available, the entry will include SCIM data. For more information, see [AUT
 
 ## Further reading
 
-* [AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on){% ifversion ghec %}
+* [AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on)
-* [AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise){% endif %}
+* [AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise)

content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization.md

@@ -19,14 +19,10 @@ By default, authorized users can access your organization's resources from any I
 
 {% data reusables.identity-and-permissions.ip-allow-lists-cidr-notation %}
 
-{% ifversion ghec %}
-
 > [!NOTE]
 > * Only organizations that use {% data variables.product.prodname_ghe_cloud %} can use IP allow lists. {% data reusables.enterprise.link-to-ghec-trial %}
 > * If you configure an IP allow list for your organization you won't be able to use {% data variables.product.prodname_github_codespaces %} for repositories owned by the organization.
 
-{% endif %}
-
 {% data reusables.identity-and-permissions.ip-allow-lists-which-resources-are-protected %}
 
 ## About IP allow list management

content/organizations/managing-membership-in-your-organization/can-i-create-accounts-for-people-in-my-organization.md

@@ -18,11 +18,9 @@ shortTitle: Create accounts for people
 
 Because you access an organization by logging in to a personal account, each of your team members needs to create their own personal account. After you have usernames for each person you'd like to add to your organization, you can add the users to teams.
 
-{% ifversion fpt or ghec %}
 {% ifversion fpt %}Organizations that use {% data variables.product.prodname_ghe_cloud %}{% else %}You{% endif %} can use SAML single sign-on to centrally manage the access that personal accounts have to the organization's resources through an identity provider (IdP). For more information, see [AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}.{% endif %}
 
 You can also consider {% data variables.product.prodname_emus %}. {% data reusables.enterprise-accounts.emu-short-summary %}
-{% endif %}
 
 ## Adding users to your organization
 

content/organizations/managing-membership-in-your-organization/canceling-or-editing-an-invitation-to-join-your-organization.md

@@ -31,7 +31,5 @@ shortTitle: Cancel or edit invitation
 
 ## Further reading
 
-{% ifversion fpt or ghec %}
 * [AUTOTITLE](/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)
-{% endif %}
 * [AUTOTITLE](/organizations/organizing-members-into-teams/adding-organization-members-to-a-team)

content/organizations/managing-organization-settings/changing-the-visibility-of-your-organizations-dependency-insights.md

@@ -14,9 +14,7 @@ shortTitle: Change insight visibility
 
 Organization owners can set limitations for viewing organization dependency insights. All members of an organization can view organization dependency insights by default.
 
-{% ifversion ghec %}
 Enterprise owners can set limitations for viewing organization dependency insights on all organizations in your enterprise account. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise#enforcing-a-policy-for-visibility-of-dependency-insights).
-{% endif %}
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}

content/organizations/managing-organization-settings/integrating-jira-with-your-organization-project-board.md

@@ -10,17 +10,10 @@ shortTitle: Integrate Jira
 allowTitleToDifferFromFilename: true
 ---
 
-{% ifversion ghes %}
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
 1. In the left sidebar, select **{% octicon "code" aria-hidden="true" %} Developer settings**, then click **OAuth Apps**.
 1. Click **New OAuth App**.
-{% else %}
-{% data reusables.user-settings.access_settings %}
-1. In the left sidebar under **Organization settings**, click the name of your organization.
-1. In the left sidebar under **Developer settings**, click **OAuth applications**.
-1. Click **Register a new application**.
-{% endif %}
 1. Under **Application name**, type "Jira".
 1. Under **Homepage URL**, type the full URL to your Jira instance.
 1. Under **Authorization callback URL**, type the full URL to your Jira instance.

content/repositories/working-with-files/managing-large-files/about-storage-and-bandwidth-usage.md

@@ -23,9 +23,7 @@ For example:
 * If you download a 500 MB file that's tracked with LFS, you'll use 500 MB of the repository owner's allotted bandwidth. If a collaborator pushes a change to the file and you pull the new version to your local repository, you'll use another 500 MB of bandwidth, bringing the total usage for these two downloads to 1 GB of bandwidth.
 * If {% data variables.product.prodname_actions %} downloads a 500 MB file that is tracked with LFS, it will use 500 MB of the repository owner's allotted bandwidth.
 
-{% ifversion fpt or ghec %}
 If {% data variables.large_files.product_name_long %} ({% data variables.large_files.product_name_short %}) objects are included in [source code archives](/repositories/working-with-files/using-files/downloading-source-code-archives) for your repository, downloads of those archives will count towards bandwidth usage for the repository. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-git-lfs-objects-in-archives-of-your-repository).
-{% endif %}
 
 > [!TIP]
 > * {% data reusables.large_files.owner_quota_only %}

content/rest/enterprise-admin/management-console.md

@@ -18,7 +18,7 @@ The full functionality of the Management Console endpoints was added to the [Man
 
 {% ifversion management-console-manage-ghes-parity %}
 
-To help you migrate, the mapping table below shows the equivalent Manage GHES operation for each Management Console operation.{% ifversion ghes < 3.15 %} Please migrate to the Manage GHES API endpoints as soon as possible.{% endif %}
+To help you migrate, the mapping table below shows the equivalent Manage GHES operation for each Management Console operation. Please migrate to the Manage GHES API endpoints as soon as possible.
 
 | Purpose | Management Console API operation | Manage GHES API operation |
 | ------------- | ------------- | - |

data/features/codeql-swift-advanced-setup.yml

@@ -1,4 +0,0 @@
-# Reference: #11179
-# "Code scanning default setup is available for Swift - [GA]"
-versions:
-  ghes: '< 3.11'

data/features/mysql-8-upgrade.yml

@@ -1,5 +0,0 @@
-# Reference: #10286
-# MySQL 8 upgrade for GHES
-
-versions:
-  ghes: '>=3.7 <=3.10'

data/release-notes/enterprise-server/3-10/0-rc1.yml

@@ -1,296 +0,0 @@
-date: '2023-08-08'
-release_candidate: true
-deprecated: true
-intro: |
-  {% note %}
-
-  **Note:** Release candidate (RC) builds are intended solely for use in a test environment. If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch.
-
-  {% endnote %}
-
-  For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server).
-sections:
-  # Remove section heading if the section contains no notes.
-
-  features:
-    # Remove a sub-section heading if the heading contains no notes. If sections
-    # that regularly recur are missing, add placeholders to this template.
-
-    - heading: Instance administration
-      notes:
-        # https://github.com/github/releases/issues/3360
-        - |
-          To monitor the status of migrations in more detail, users with administrative SSH access to an instance can use the `ghe-migrations` utility to see the progress of individual migration groups. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations).
-
-        # https://github.com/github/releases/issues/3359
-        - |
-          Site administrators can set a custom message for their users to see during a maintenance window. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode).
-
-        # https://github.com/github/releases/issues/3378
-        - |
-          Site administrators can use the Manage GitHub Enterprise Server API to view and manage the maintenance status of an instance, including setting an IP exception list and modifying the message displayed to  users during a maintenance window. For more information, see [AUTOTITLE](/rest/enterprise-admin/manage-ghes) in the REST API documentation.
-
-    - heading: Authentication
-      notes:
-        # https://github.com/github/releases/issues/2998
-        - |
-          To help users access resources more securely, {% data variables.product.pat_v2_plural %} are available in public beta. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#about-personal-access-tokens).
-          - Users can create {% data variables.product.pat_v2_plural %} with access to their personal repositories or, if permitted, organization-owned repositories.
-          - Organization and enterprise owners can enable or disable the use of {% data variables.product.pat_v2_plural %} in organization-owned repositories, and can use the REST API or GraphQL API to manage tokens in their organizations.
-          - Users creating {% data variables.product.pat_v2_plural %} for an organization can add the `pre-receive hooks` permission to allow managing pre-receive hooks. For more information, see [AUTOTITLE](/admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance).
-
-    - heading: GitHub Advanced Security
-      notes:
-        # https://github.com/github/releases/issues/2798
-        - |
-          To find vulnerabilities in specific parts of a project, users with write access to a repository can filter code scanning alerts by language or by file path by using the search queries `language:` and `path:`. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository).
-
-        # https://github.com/github/releases/issues/2844
-        - |
-          To help repository administrators and security managers quickly enable automatic code scanning without needing to configure a workflow, default setup for code scanning supports compiled languages including Go, Java, and C. Default setup is now available for all languages supported by CodeQL, except Swift. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages) and [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation.
-
-        # https://github.com/github/releases/issues/2843
-        - |
-          Repository administrators and security managers can choose which languages to include or exclude in default setup for code scanning. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning).
-
-        # https://github.com/github/releases/issues/2928
-        - |
-          To improve analysis of C# code, the release of CodeQL included with GitHub Enterprise Server 3.10
-          can scan projects that include features from C# 11. For more information, see [What's new in C# 11](https://learn.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-11) in the Microsoft documentation. Support for C# 11 is in beta and subject to change. CodeQL can scan projects built with C# 11 features, but does not analyse the code used for C# 11 features themselves.
-
-        # https://github.com/github/releases/issues/3315
-        - |
-          To help users find vulnerabilities in projects for Swift libraries and Apple apps,
-          the release of CodeQL included with GitHub Enterprise Server 3.10 includes support for Swift, up to version 5.8.1, and Xcode, up to version 14.3.1. Support for Swift is in beta and subject to change. Swift analysis is not supported in default setup for code scanning, and requires the advanced setup. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning).
-
-        # https://github.com/github/releases/issues/2869
-        - |
-          To help identify steps to remediate leaked secrets, repository administrators and security managers can view metadata such as the secret owner, expiration date, and access rights for any active GitHub token leaked in a repository. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#reviewing-github-token-metadata).
-
-        # https://github.com/github/blog/pull/4506/files
-        - |
-          Repository administrators, security managers, and organization and enterprise owners can view metrics for alerts generated by a specific custom pattern for secret scanning. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning).
-
-    - heading: Dependabot
-      notes:
-        # https://github.com/github/releases/issues/3099
-        - |
-          Dependabot can automatically update the version of Node.js dependencies managed in the pnpm package manager. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems).
-
-        # https://github.com/github/releases/issues/3142
-        - |
-          To avoid unnecessary compute cost, Dependabot updates are automatically paused in repositories where there has been no activity on pull requests created by Dependabot for 90 days. For more information about the criteria for Dependabot updates being paused, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates) and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates).
-
-        # https://github.com/github/releases/issues/3070
-        - |
-          To avoid unnecessary compute cost, Dependabot stops automatically rebasing a pull request for version or security updates if the pull request has been open for 30 days.
-
-    - heading: Code security
-      notes:
-
-        # https://github.com/github/releases/issues/2303
-        - |
-          In the [GitHub Advisory Database](https://github.com/advisories), users can search for any historical vulnerability recognized by the National Vulnerability Database. The "Unreviewed advisories" category has been backfilled to include vulnerabilities from previous years. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database).
-
-        # https://github.com/github/releases/issues/2295
-        - |
-          In the [GitHub Advisory Database](https://github.com/advisories), users can search for malware advisories by using the query `type:malware`. Dependabot does not send alerts for malware advisories. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database).
-
-        # https://github.com/github/releases/issues/2042
-        - |
-          In the [GitHub Advisory Database](https://github.com/advisories), users can search for advisories for the Hex package manager, including Elixir, Erlang, and more. Dependabot does not send alerts for Hex advisories. For more information, see [Browsing security advisories in the GitHub Advisory Database](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database).
-
-        # https://github.com/github/releases/issues/2890
-        - |
-          Organization owners, security managers, and users with admin access to a repository can quickly enable or disable security features for a filtered selection of repositories from the "Security coverage" view in an organization's security overview. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories).
-
-         # https://github.com/github/releases/issues/3162
-        - |
-          Enterprise owners, organization owners, and security managers can quickly assess adoption of security features and exposure to security vulnerabilities across their enterprise. The enterprise-level "Security coverage" and "Security risk" views in security overview display data for repositories in each organization where the viewer is an organization owner or security manager. These views replace the "Overview" page in the "Code Security" tab for an enterprise. The `risk` metric for filtering the "Overview" page is no longer available. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-enterprises).
-
-        # https://github.com/github/releases/issues/3112
-        - |
-          Users can find curated security advisories for the Swift ecosystem in the GitHub Advisory Database. For more information, see [AUTOTITLE](/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database). [Updated: 2023-08-24]
-
-    - heading: GitHub Actions
-      notes:
-        # https://github.com/github/releases/issues/3136
-        - |
-          Organization owners can increase instance security by preventing members from creating self-hosted runners at the repository level. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization).
-
-        # https://github.com/github/releases/issues/2901
-        - |
-          Users with admin access to a repository can allow external systems and third-party services to approve or reject deployments across organizations, repositories, and environments by enabling custom deployment protection rules. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#custom-deployment-protection-rules).
-
-        # https://github.com/github/releases/issues/3184
-        - |
-          The option to execute custom scripts on a self-hosted runner is no longer is beta. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job#about-pre--and-post-job-scripts).
-
-        # https://github.com/github/releases/issues/3248
-        - |
-          To prevent unnecessary transfer of OIDC tokens between workflows, to fetch an OIDC token generated within a reusable workflow that is outside their enterprise or organization, users must set the `id-token` permission to `write` in the workflow or specific job where the reusable workflow is called. For more information, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings).
-
-        # https://github.com/github/docs-content/issues/9102
-        - |
-          Repository administrators, organization owners, and users with the `manage_runners:enterprise` scope for enterprises can use the REST API to create ephemeral, just-in-time (JIT) runners that can perform at most one job before being automatically removed from the repository, organization, or enterprise. For more information, see [AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-just-in-time-runners).
-
-    - heading: Community experience
-      notes:
-        # https://github.com/github/releases/issues/2673
-        - |
-          To improve the accuracy of marked answers in discussions, and reduce the burden on users to duplicate their text to get their answer marked as correct, users can mark threaded replies as the answer to a question.
-
-        # https://github.com/github/releases/issues/2951
-        - |
-          To improve content organization and topic discoverability, GitHub Discussions maintainers can group discussion categories into sections.
-
-    - heading: Repositories
-      notes:
-        # https://github.com/github/releases/issues/3226
-        - |
-          To prevent unnecessary repository removal, the API for managing the repositories accessible by a GitHub App in your organization has been updated to fail early if the application is currently granted access to `all` repositories in the organization. This API can only be used to remove a repository when the application has been granted access to an explicit list of repositories. For more information, see [AUTOTITLE](/rest/apps/installations#remove-a-repository-from-an-app-installation).
-
-        # https://github.com/github/releases/issues/2610
-        - |
-          Repository administrators can ensure the security and stability of branches by requiring pull request approval by someone other than the last pusher. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging).
-
-    - heading: Projects
-      notes:
-        # https://github.com/github/releases/issues/2250
-        - |
-          Projects is no longer in public beta, and is now considered generally available. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects).
-
-        # https://github.com/github/releases/issues/3207
-        - |
-          To control the amount of work in progress and promote focus, on a board layout, users with admin access to a project can set a recommended limit on the number of items in a column. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#setting-a-limit-on-the-number-of-items-in-a-column).
-
-        # https://github.com/github/releases/issues/3133
-        - |
-          To determine the default access rights organization members have to projects where they haven't been granted individual access, organization owners can set a base role for projects. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-access-to-your-projects#managing-access-for-organization-level-projects).
-
-        # https://github.com/github/releases/issues/2929
-        - |
-          To share a pre-configured project with other people in an organization, users with admin access to a project can set the project as a template. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization).
-
-        # https://github.com/github/releases/issues/3061
-        - |
-          In a table layout, users can select and update multiple cells at once by clicking and dragging or using the <kbd>Shift</kbd> or <kbd>Ctrl</kbd>/<kbd>Command</kbd> key.
-
-    - heading: Commits
-      notes:
-        # https://github.com/github/releases/issues/3137
-        - |
-          When editing a file in the user interface, users with permission to bypass branch protection rules receive a note if their commit will bypass a rule, with the option to create a new branch instead of committing directly to the protected branch. Previously, the commit was added to the protected branch directly, without indication that a rule was being bypassed.
-
-        # https://github.com/github/releases/issues/3079
-        - |
-          When using `git push` from the command line, users with permission to bypass branch protection rules receive a note if they have pushed a commit that bypasses a rule. Previously there was no indication after a Git push that branch rules had been bypassed.
-
-    - heading: Markdown
-      notes:
-        # https://github.com/github/releases/issues/3118
-        - |
-          Users can include mathematical expressions within Markdown by using LaTeX syntax delimited by `$` characters and backticks. For more information, see [AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions#writing-inline-expressions).
-
-    - heading: Accessibility
-      notes:
-        # https://github.com/github/releases/issues/3071
-        - |
-          To make GitHub inclusive to all developers, GitHub has improved color contrast of the default light and dark themes, making them accessible to all users. These changes were made to Primer, [GitHub's Design System](https://primer.style/). For more information, see [GitHub Accessibility](https://accessibility.github.com/).
-
-  changes:
-    # https://github.com/github/releases/issues/3398
-    - |
-      Field names for some service logs on GitHub Enterprise Server have changed as part of GitHub's gradual migration to internal semantic conventions for [OpenTelemetry](https://opentelemetry.io/). Additional field names were changed in GitHub Enterprise Server 3.9. If any tooling or processes in your environment rely on specific field names within logs, or log entries in specific files, the following changes may affect you.
-
-      - `level` is now `SeverityText`.
-      - `log_message`, `msg`, or `message` is now `Body`.
-      - `now` is now `Timestamp`.
-      - Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names.
-      - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job.
-
-      For a full list of mappings, download the [OpenTelemetry attribute mapping CSV for GitHub Enterprise Server 3.9](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv) and the [OpenTelemetry attribute mapping CSV for GitHub Enterprise Server 3.10](/assets/ghes-3.10-opentelemetry-attribute-mappings.csv).
-    # https://github.com/github/releases/issues/3134
-    - |
-      Users who use pull requests with protected branches may be affected by the following security measures.
-
-      - Merge commits created locally and pushed to a protected branch are rejected if the contents of the commit differ from the merge commit predicted by GitHub.
-      - If the branch protection rule for dismissing stale reviews is active, an approving review is dismissed if the merge base changes after the review was submitted. The merge base is the commit that is the latest common ancestor of the pull request branch and the protected branch.
-      - A pull request approval only counts towards the pull request it was submitted for. Previously, approvals were gathered across multiple independent pull requests if the pull request branches pointed to the same commit and targeted the same base branch.
-
-    # https://github.com/github/releases/issues/3233
-    - |
-      The `PUT` and `DELETE` operations on the `/installations/{installation_id}/repositories/{repository_id}` endpoint are no longer functional for the management of GitHub App installations. You can add or remove a repository from an app installation using the documented APIs instead. For more information, see [AUTOTITLE](/rest/apps/installations).
-
-    # https://github.com/github/releases/issues/2870
-    - |
-      On an instance with a GitHub Advanced Security license, to make it easier to assess vulnerabilities to exposed secrets, enterprise owners and organization owners receive a single email with the results of the historical scan for secrets that is performed when secret scanning is first enabled in an organization or enterprise. Previously, secret scanning sent an email for each repository where secrets were detected. For more information, see [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users).
-
-    # https://github.com/github/releases/issues/2805
-    - |
-      On an instance with a GitHub Advanced Security license, in the "Files changed" view of pull requests, GitHub only displays code scanning alerts for vulnerabilities detected in lines that a pull request has changed. Previously, code scanning displayed all alerts unique to the pull request branch, even if they were unrelated to the changes the pull request introduced.
-
-  backups:
-    # https://github.com/github/releases/issues/3361
-    - |
-      To generate backups of an instance more quickly, in GitHub Enterprise Server Backup Utilities 3.10.0 and later, the job for pruning snapshots is no longer performed as part of the `ghe-backup` tool. Site administrators can prune snapshots manually or on a schedule by running the `ghe-prune-snapshots` job. For more information, see [Scheduling backups](https://github.com/github/backup-utils/blob/master/docs/scheduling-backups.md) in the `github/backup-utils` repository.
-
-    # https://github.com/github/releases/issues/3365
-    - |
-      To reduce the data transfer required to regularly back up an instance, GitHub Enterprise Server Backup Utilities 3.10.0 and later allows administrators to perform incremental backups of a MySQL 8 database. For more information, see [Making a Differential or Incremental Backup](https://dev.mysql.com/doc/mysql-enterprise-backup/8.0/en/mysqlbackup.incremental.html) in the MySQL documentation.
-
-  known_issues:
-    # INCLUDE NOTES FOR RELEASE FROM "GHES Release Note Tracking" PROJECT'S "Known Issues" TAB
-    # https://github.com/github/ghes/issues/6877 - this will be resolved before GA; @davidjarzebowski will create a separate PR to remove it
-    - |
-      When promoting a replica with `ghe-repl-promote`, applying the configuration fails at `Configuration phase 3`. This will be fixed when version 3.10.0 becomes generally available.
-    # https://github.com/github/ghes/issues/7048 - this will be resolved before GA; @davidjarzebowski will create a separate PR to remove it
-    - |
-      Instances running GitHub Enterprise Server 3.9.0 or 3.9.1 cannot upgrade to the 3.10.0 release candidate. The workaround to this issue is to first upgrade to the 3.9.2 patch before upgrading to the 3.10.0 release candidate. This will be fixed when version 3.10.0 becomes generally available, so that instances running 3.9.0 or 3.9.1 can upgrade to 3.10.0.
-    # https://github.com/github/mEAO/issues/1276 - this will be resolved before GA; @davidjarzebowski will create a separate PR to remove it
-    - |
-      On an instance with GitHub Connect and unified search enabled, users will receive a `500` error after performing a GitHub.com search then selecting Advanced search. This will be fixed when version 3.10.0 becomes generally available.
-    - |
-      After an administrator upgrades from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9 or 3.10, I/O utilization will increase, and in some cases the instance's performance will be impacted. Reduced performance is due to the database server being upgraded from MySQL 5.7 to MySQL 8.0. For more information, see [AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance).
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
-    - |
-      When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
-    - |
-      On an instance in a cluster configuration, after you upgrade nodes other than the primary MySQL node and before you upgrade the primary MySQL node, the following output may appear multiple times after you run `ghe-config-apply`.
-
-      ```shell
-      Error response from daemon: conflict: unable to delete IMAGE_ID (cannot be forced) - image is being used by running container CONTAINER_ID
-      ```
-
-      You can safely ignore this message.
-    - |
-      Custom firewall rules are removed during the upgrade process.
-
-    - |
-      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
-    - |
-      The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
-    - |
-      When using an outbound web proxy server, the `ghe-btop` command may fail in some circumstances with the error "Error querying allocation: Unexpected response code: 401".
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-    - |
-      {% data reusables.release-notes.large-adoc-files-issue %} [Updated: 2023-10-31]
-
-  deprecations:
-    # https://github.com/github/releases/issues/2605
-    - heading: Upcoming deprecation of team discussions
-      notes:
-        - |
-          GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.12. In GitHub Enterprise Server 3.10, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see [AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions) and [AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions).

data/release-notes/enterprise-server/3-10/0.yml

@@ -1,324 +0,0 @@
-date: '2023-08-29'
-release_candidate: false
-deprecated: false
-intro: |
-  For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server).
-
-  {% warning %}
-
-  **Warnings**:
-
-  - This release contains a known issue that may lead to replication issues on an instance in a high-availability, geo-replication, or repository cache configuration. The issue is resolved in {% data variables.product.prodname_ghe_server %} 3.10.2 and later. For more information, see the [Known issues](#3.10.0-known-issues) section of these release notes.
-  - A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.0-known-issues) section of these release notes.
-
-  {% endwarning %}
-sections:
-  # Remove section heading if the section contains no notes.
-
-  features:
-    # Remove a sub-section heading if the heading contains no notes. If sections
-    # that regularly recur are missing, add placeholders to this template.
-
-    - heading: Instance administration
-      notes:
-        # https://github.com/github/releases/issues/3360
-        - |
-          To monitor the status of migrations in more detail, users with administrative SSH access to an instance can use the `ghe-migrations` utility to see the progress of individual migration groups. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations).
-
-        # https://github.com/github/releases/issues/3359
-        - |
-          Site administrators can set a custom message for their users to see during a maintenance window. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode).
-
-        # https://github.com/github/releases/issues/3378
-        - |
-          Site administrators can use the Manage GitHub Enterprise Server API to view and manage the maintenance status of an instance, including setting an IP exception list and modifying the message displayed to users during a maintenance window. For more information, see [AUTOTITLE](/rest/enterprise-admin/manage-ghes) in the REST API documentation.
-
-        # https://github.com/github/releases/issues/3251
-        - |
-          Site administrators can use the Manage GitHub Enterprise Server API to change the `site admin` password and to make changes to [management console users](/enterprise-server@3.10/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#management-console-user). For more information, see [AUTOTITLE](/rest/enterprise-admin/manage-ghes) in the REST API documentation.
-
-    - heading: Authentication
-      notes:
-        # https://github.com/github/releases/issues/2998
-        - |
-          To help users access resources more securely, {% data variables.product.pat_v2_plural %} are available in public beta. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#about-personal-access-tokens).
-          - Users can create {% data variables.product.pat_v2_plural %} with access to their personal repositories or, if permitted, organization-owned repositories.
-          - Organization and enterprise owners can enable or disable the use of {% data variables.product.pat_v2_plural %} in organization-owned repositories, and can use the REST API or GraphQL API to manage tokens in their organizations.
-          - Users creating fine-grained tokens for an organization can add the `pre-receive hooks` permission to allow managing pre-receive hooks. For more information, see [AUTOTITLE](/admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance).
-
-    - heading: GitHub Advanced Security
-      notes:
-        # https://github.com/github/releases/issues/2798
-        - |
-          To find vulnerabilities in specific parts of a project, users with write access to a repository can filter code scanning alerts by language or by file path by using the search queries `language:` and `path:`. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository).
-
-        # https://github.com/github/releases/issues/2844
-        - |
-          To help repository administrators and security managers quickly enable automatic code scanning without needing to configure a workflow, default setup for code scanning supports compiled languages including Go, Java, and C. Default setup is now available for all languages supported by CodeQL, except Swift. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages) and [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation.
-
-        # https://github.com/github/releases/issues/2843
-        - |
-          Repository administrators and security managers can choose which languages to include or exclude in default setup for code scanning. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning).
-
-        # https://github.com/github/releases/issues/2928
-        - |
-          To improve analysis of C# code, the release of CodeQL included with GitHub Enterprise Server 3.10
-          can scan projects that include features from C# 11. For more information, see [What's new in C# 11](https://learn.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-11) in the Microsoft documentation. Support for C# 11 is in beta and subject to change. CodeQL can scan projects built with C# 11 features, but does not analyse the code used for C# 11 features themselves.
-
-        # https://github.com/github/releases/issues/3315
-        - |
-          To help users find vulnerabilities in projects for Swift libraries and Apple apps,
-          the release of CodeQL included with GitHub Enterprise Server 3.10 includes support for Swift, up to version 5.8.1, and Xcode, up to version 14.3.1. Support for Swift is in beta and subject to change. Swift analysis is not supported in default setup for code scanning, and requires the advanced setup. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning).
-
-        # https://github.com/github/releases/issues/2869
-        - |
-          To help identify steps to remediate leaked secrets, repository administrators and security managers can view metadata such as the secret owner, expiration date, and access rights for any active GitHub token leaked in a repository. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#reviewing-github-token-metadata).
-
-        # https://github.com/github/blog/pull/4506/files
-        - |
-          Repository administrators, security managers, and organization and enterprise owners can view metrics for alerts generated by a specific custom pattern for secret scanning. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning).
-
-    - heading: Dependabot
-      notes:
-        # https://github.com/github/releases/issues/3099
-        - |
-          Dependabot can automatically update the version of Node.js dependencies managed in the pnpm package manager. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems).
-
-        # https://github.com/github/releases/issues/3142
-        - |
-          To avoid unnecessary compute cost, Dependabot updates are automatically paused in repositories where there has been no activity on pull requests created by Dependabot for 90 days. For more information about the criteria for Dependabot updates being paused, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates) and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates).
-
-        # https://github.com/github/releases/issues/3070
-        - |
-          To avoid unnecessary compute cost, Dependabot stops automatically rebasing a pull request for version or security updates if the pull request has been open for 30 days.
-
-    - heading: Code security
-      notes:
-
-        # https://github.com/github/releases/issues/2303
-        - |
-          In the [GitHub Advisory Database](https://github.com/advisories), users can search for any historical vulnerability recognized by the National Vulnerability Database. The "Unreviewed advisories" category has been backfilled to include vulnerabilities from previous years. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database).
-
-        # https://github.com/github/releases/issues/2295
-        - |
-          In the [GitHub Advisory Database](https://github.com/advisories), users can search for malware advisories by using the query `type:malware`. Dependabot does not send alerts for malware advisories. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database).
-
-        # https://github.com/github/releases/issues/2042
-        - |
-          In the [GitHub Advisory Database](https://github.com/advisories), users can search for advisories for the Hex package manager, including Elixir, Erlang, and more. Dependabot does not send alerts for Hex advisories. For more information, see [Browsing security advisories in the GitHub Advisory Database](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database).
-
-        # https://github.com/github/releases/issues/2890
-        - |
-          Organization owners, security managers, and users with admin access to a repository can quickly enable or disable security features for a filtered selection of repositories from the "Security coverage" view in an organization's security overview. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories).
-
-         # https://github.com/github/releases/issues/3162
-        - |
-          Enterprise owners, organization owners, and security managers can quickly assess adoption of security features and exposure to security vulnerabilities across their enterprise. The enterprise-level "Security coverage" and "Security risk" views in security overview display data for repositories in each organization where the viewer is an organization owner or security manager. These views replace the "Overview" page in the "Code Security" tab for an enterprise. The `risk` metric for filtering the "Overview" page is no longer available. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-enterprises).
-
-        # https://github.com/github/releases/issues/3112
-        - |
-          Users can find curated security advisories for the Swift ecosystem in the GitHub Advisory Database. For more information, see [AUTOTITLE](/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database).
-
-    - heading: GitHub Actions
-      notes:
-        # Required Actions Runner version
-        - |
-          {% data reusables.actions.actions-runner-release-note %} [Updated: 2024-04-25]
-        # https://github.com/github/releases/issues/3136
-        - |
-          Organization owners can increase instance security by preventing members from creating self-hosted runners at the repository level. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization).
-
-        # https://github.com/github/releases/issues/2901
-        - |
-          Users with admin access to a repository can allow external systems and third-party services to approve or reject deployments across organizations, repositories, and environments by enabling custom deployment protection rules. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#custom-deployment-protection-rules).
-
-        # https://github.com/github/releases/issues/3184
-        - |
-          The option to execute custom scripts on a self-hosted runner is no longer is beta. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job#about-pre--and-post-job-scripts).
-
-        # https://github.com/github/releases/issues/3248
-        - |
-          To prevent unnecessary transfer of OIDC tokens between workflows, to fetch an OIDC token generated within a reusable workflow that is outside their enterprise or organization, users must set the `id-token` permission to `write` in the workflow or specific job where the reusable workflow is called. For more information, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings).
-
-        # https://github.com/github/docs-content/issues/9102
-        - |
-          Repository administrators, organization owners, and users with the `manage_runners:enterprise` scope for enterprises can use the REST API to create ephemeral, just-in-time (JIT) runners that can perform at most one job before being automatically removed from the repository, organization, or enterprise. For more information, see [AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-just-in-time-runners).
-
-    - heading: Community experience
-      notes:
-        # https://github.com/github/releases/issues/2673
-        - |
-          To improve the accuracy of marked answers in discussions, and reduce the burden on users to duplicate their text to get their answer marked as correct, users can mark threaded replies as the answer to a question.
-
-        # https://github.com/github/releases/issues/2951
-        - |
-          To improve content organization and topic discoverability, GitHub Discussions maintainers can group discussion categories into sections.
-
-    - heading: Repositories
-      notes:
-        # https://github.com/github/releases/issues/3226
-        - |
-          To prevent unnecessary repository removal, the API for managing the repositories accessible by a GitHub App in your organization has been updated to fail early if the application is currently granted access to `all` repositories in the organization. This API can only be used to remove a repository when the application has been granted access to an explicit list of repositories. For more information, see [AUTOTITLE](/rest/apps/installations#remove-a-repository-from-an-app-installation).
-
-        # https://github.com/github/releases/issues/2610
-        - |
-          Repository administrators can ensure the security and stability of branches by requiring pull request approval by someone other than the last pusher. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging).
-
-    - heading: Projects
-      notes:
-        # https://github.com/github/releases/issues/2250
-        - |
-          Projects is no longer in public beta, and is now considered generally available. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects).
-
-        # https://github.com/github/releases/issues/3207
-        - |
-          To control the amount of work in progress and promote focus, on a board layout, users with admin access to a project can set a recommended limit on the number of items in a column. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#setting-a-limit-on-the-number-of-items-in-a-column).
-
-        # https://github.com/github/releases/issues/3133
-        - |
-          To determine the default access rights organization members have to projects where they haven't been granted individual access, organization owners can set a base role for projects. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-access-to-your-projects#managing-access-for-organization-level-projects).
-
-        # https://github.com/github/releases/issues/2929
-        - |
-          To share a pre-configured project with other people in an organization, users with admin access to a project can set the project as a template. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization).
-
-        # https://github.com/github/releases/issues/3061
-        - |
-          In a table layout, users can select and update multiple cells at once by clicking and dragging or using the <kbd>Shift</kbd> or <kbd>Ctrl</kbd>/<kbd>Command</kbd> key.
-
-    - heading: Commits
-      notes:
-        # https://github.com/github/releases/issues/3137
-        - |
-          When editing a file in the user interface, users with permission to bypass branch protection rules receive a note if their commit will bypass a rule, with the option to create a new branch instead of committing directly to the protected branch. Previously, the commit was added to the protected branch directly, without indication that a rule was being bypassed.
-
-        # https://github.com/github/releases/issues/3079
-        - |
-          When using `git push` from the command line, users with permission to bypass branch protection rules receive a note if they have pushed a commit that bypasses a rule. Previously there was no indication after a Git push that branch rules had been bypassed.
-
-    - heading: Markdown
-      notes:
-        # https://github.com/github/releases/issues/3118
-        - |
-          Users can include mathematical expressions within Markdown by using LaTeX syntax delimited by `$` characters and backticks. For more information, see [AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions#writing-inline-expressions).
-
-    - heading: Accessibility
-      notes:
-        # https://github.com/github/releases/issues/3071
-        - |
-          To make GitHub inclusive to all developers, GitHub has improved color contrast of the default light and dark themes, making them accessible to all users. These changes were made to Primer, [GitHub's Design System](https://primer.style/). For more information, see [GitHub Accessibility](https://accessibility.github.com/).
-
-  changes:
-    # https://github.com/github/releases/issues/3398
-    - |
-      Field names and destinations for some service logs on GitHub Enterprise Server have changed in this release and the prior release. If any tooling or processes in your environment rely on specific field names within logs, or log entries in specific files, the following changes may affect you.
-
-      - `level` is now `SeverityText`.
-      - `log_message`, `msg`, or `message` is now `Body`.
-      - `now` is now `Timestamp`.
-      - Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names.
-      - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal).
-
-      For a full list of field mappings, download the [OpenTelemetry attribute mapping CSV for GitHub Enterprise Server 3.9](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv) and the [OpenTelemetry attribute mapping CSV for GitHub Enterprise Server 3.10](/assets/ghes-3.10-opentelemetry-attribute-mappings.csv). This change is part of GitHub's gradual migration to internal semantic conventions for [OpenTelemetry](https://opentelemetry.io/), and additional field names will change in upcoming releases.
-
-    # https://github.com/github/releases/issues/3134
-    - |
-      Users who use pull requests with protected branches may be affected by the following security measures.
-
-      - Merge commits created locally and pushed to a protected branch are rejected if the contents of the commit differ from the merge commit predicted by GitHub.
-      - If the branch protection rule for dismissing stale reviews is active, an approving review is dismissed if the merge base changes after the review was submitted. The merge base is the commit that is the latest common ancestor of the pull request branch and the protected branch.
-      - A pull request approval only counts towards the pull request it was submitted for. Previously, approvals were gathered across multiple independent pull requests if the pull request branches pointed to the same commit and targeted the same base branch.
-
-    # https://github.com/github/releases/issues/3233
-    - |
-      The `PUT` and `DELETE` operations on the `/installations/{installation_id}/repositories/{repository_id}` endpoint are no longer functional for the management of GitHub App installations. You can add or remove a repository from an app installation using the documented APIs instead. For more information, see [AUTOTITLE](/rest/apps/installations).
-
-    # https://github.com/github/releases/issues/2870
-    - |
-      On an instance with a GitHub Advanced Security license, to make it easier to assess vulnerabilities to exposed secrets, enterprise owners and organization owners receive a single email with the results of the historical scan for secrets that is performed when secret scanning is first enabled in an organization or enterprise. Previously, secret scanning sent an email for each repository where secrets were detected. For more information, see [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users).
-
-    # https://github.com/github/releases/issues/2805
-    - |
-      On an instance with a GitHub Advanced Security license, in the "Files changed" view of pull requests, GitHub only displays code scanning alerts for vulnerabilities detected in lines that a pull request has changed. Previously, code scanning displayed all alerts unique to the pull request branch, even if they were unrelated to the changes the pull request introduced.
-
-  backups:
-    # https://github.com/github/releases/issues/3361
-    - |
-      To generate backups of an instance more quickly, in GitHub Enterprise Server Backup Utilities 3.10.0 and later, the job for pruning snapshots is no longer performed as part of the `ghe-backup` tool. Site administrators can prune snapshots manually or on a schedule by running the `ghe-prune-snapshots` job. For more information, see [Scheduling backups](https://github.com/github/backup-utils/blob/master/docs/scheduling-backups.md) in the `github/backup-utils` repository.
-
-    # https://github.com/github/releases/issues/3365
-    - |
-      To reduce the data transfer required to regularly back up an instance, GitHub Enterprise Server Backup Utilities 3.10.0 and later allows administrators to perform incremental backups of a MySQL 8 database. For more information, see [Making a Differential or Incremental Backup](https://dev.mysql.com/doc/mysql-enterprise-backup/8.0/en/mysqlbackup.incremental.html) in the MySQL documentation.
-
-  known_issues:
-    # INCLUDE NOTES FOR RELEASE FROM "GHES Release Note Tracking" PROJECT'S "Known Issues" TAB
-    - |
-      After an administrator upgrades from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9 or 3.10, I/O utilization will increase, and in some cases the instance's performance will be impacted. Reduced performance is due to the database server being upgraded from MySQL 5.7 to MySQL 8.0. For more information, see [AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance).
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
-    - |
-      When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
-    - |
-      On an instance in a cluster configuration, after you upgrade nodes other than the primary MySQL node and before you upgrade the primary MySQL node, the following output may appear multiple times after you run `ghe-config-apply`.
-
-      ```shell
-      Error response from daemon: conflict: unable to delete IMAGE_ID (cannot be forced) - image is being used by running container CONTAINER_ID
-      ```
-
-      You can safely ignore this message.
-    - |
-      Custom firewall rules are removed during the upgrade process.
-
-    - |
-      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
-    - |
-      The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
-    - |
-      When using an outbound web proxy server, the `ghe-btop` command may fail in some circumstances with the error "Error querying allocation: Unexpected response code: 401".
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-09-04]
-    - |
-      After an administrator enables maintenance mode from the instance's Management Console UI using Firefox, the administrator is redirected to the Settings page, but maintenance mode is not enabled. To work around this issue, use a different browser. [Updated: 2023-09-19]
-    - |
-      {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %} [Updated: 2023-09-21]
-    - |
-      {% data reusables.release-notes.cache-replica-servers-known-issue %} [Updated: 2023-09-26]
-    - |
-      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-    - |
-      {% data reusables.release-notes.2023-10-resource-activity-queue-not-processed %} [Updated: 2023-10-26]
-    - |
-      {% data reusables.release-notes.2023-10-actions-upgrade-bug %} [Updated: 2023-12-04]
-    - |
-      {% data reusables.release-notes.large-adoc-files-issue %} [Updated: 2023-10-31]
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
-    - |
-      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
-    - |
-      {% data reusables.release-notes.2024-01-ha-proxy-out-of-memory %} [Updated 2024-01-23]
-    - |
-      {% data reusables.release-notes.2024-03-increased-log-volume-in-syslog %} [Updated: 2024-03-08]
-    - |
-      {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
-
-  deprecations:
-    # https://github.com/github/releases/issues/2605
-    - heading: Upcoming deprecation of team discussions
-      notes:
-        - |
-          GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.10, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see [AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions) and [AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions). [Updated: 2024-03-04]

data/release-notes/enterprise-server/3-10/1.yml

@@ -1,83 +0,0 @@
-date: '2023-09-21'
-intro: |
-  {% warning %}
-
-  **Warnings**:
-
-  - This release contains a known issue that may lead to replication issues on an instance in a high-availability, geo-replication, or repository cache configuration. Upgrade to {% data variables.product.prodname_ghe_server %} 3.10.2 or later instead of this release. For more information, see the [Known issues](#3.10.1-known-issues) section of these release notes.
-  - A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.1-known-issues) section of these release notes.
-
-  {% endwarning %}
-sections:
-  security_fixes:
-    - HTTP Strict Transport Security (HSTS) is enabled within the Management Console.
-    - Packages have been updated to the latest security versions.
-    - |
-      **LOW:** An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a reopened pull request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com/) and was assigned [CVE-2023-23766](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23766). [Updated: 2023-09-22]
-
-  bugs:
-    - On an instance with GitHub Actions enabled, scale sets configured at the enterprise level did not appear for use within the instance's organizations or repositories.
-    - On an instance with a GitHub Advanced Security license and secret scanning enabled, secret scanning alerts could fail to show an error message in the UI when a failure occurred closing or reopening the alert.
-    - On an instance with a GitHub Advanced Security license and secret scanning enabled, and when using Safari, changing additional match requirements for a custom pattern did not retrigger custom pattern evaluation against a user submitted test string.
-    - On an instance with a GitHub Advanced Security license and secret scanning enabled, organization access for a leaked GitHub tokens was not shown to commit authors when viewing the alert.
-    - On an instance with a GitHub Advanced Security license and secret scanning enabled, when token location(s) included a commit that introduced a large change, the page for viewing the alert would load slowly.
-    - When uploading migration archives to blob storage, the GitHub Enterprise Server instance's outbound web proxy server was not used.
-    - On an enterprise with the policy setting that disallows repository admins from enabling/disabling secret scanning, transferring a repository to a new organization that automatically enabled secret scanning wouldn't result in the transferred repository being automatically enabled for secret scanning.
-    - When migrating a repository from a GitHub Enterprise Server instance to another location, the `ghe-migrator target_url` command allows you to record the repository's new location. The new URL is displayed when you visit the main page of the repository in the web interface.
-    - On an instance with subdomain isolation disabled, a notebook could not be loaded due to incorrect asset paths.
-    - On an instance with a GitHub Advanced Security license and secret scanning enabled, in some cases, custom patterns would erroneously show no results for a dry run.
-  changes:
-    - When GitHub Enterprise checks for a new upgrade or hotpatch package, if the check fails the failure details are output to the `ghe-update-check` log, and the Management Console UI provides a "Check Again" button to rerun the check.
-    - When providing data to GitHub Support, GitHub Enterprise Server displays a notice describing how support data is used before uploading the support files.
-  known_issues:
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
-    - |
-      Custom firewall rules are removed during the upgrade process.
-
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). [Updated: 2023-02-23]
-    - |
-      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
-    - |
-      After an administrator enables maintenance mode from the instance's Management Console UI using Firefox, the administrator is redirected to the Settings page, but maintenance mode is not enabled. To work around this issue, use a different browser.
-    - |
-      {% data reusables.release-notes.cache-replica-servers-known-issue %} [Updated: 2023-09-26]
-    - |
-      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-    - |
-      {% data reusables.release-notes.2023-10-resource-activity-queue-not-processed %} [Updated: 2023-10-26]
-    - |
-      {% data reusables.release-notes.2023-10-actions-upgrade-bug %} [Updated: 2023-12-04]
-    - |
-      {% data reusables.release-notes.large-adoc-files-issue %} [Updated: 2023-10-31]
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
-    - |
-      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
-    - |
-      {% data reusables.release-notes.2024-01-ha-proxy-out-of-memory %} [Updated 2024-01-23]
-    - |
-      {% data reusables.release-notes.2024-03-increased-log-volume-in-syslog %} [Updated: 2024-03-08]
-    - |
-      {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]

data/release-notes/enterprise-server/3-10/10.yml

@@ -1,92 +0,0 @@
-date: '2024-04-18'
-intro: |
-  {% warning %}
-
-  **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.10-known-issues) section of these release notes.
-
-  {% endwarning %}
-sections:
-  security_fixes:
-    - |
-      **HIGH**: An attacker with the editor role in the Management Console could gain administrative SSH access to the appliance by command injection when configuring the chat integration. GitHub has requested CVE ID [CVE-2024-3646](https://www.cve.org/cverecord?id=CVE-2024-3646) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). The editor role has been deprecated. For more information, see the "Changes" section of these release notes.
-    - |
-      **HIGH**: An attacker with an editor role in the Management Console could gain SSH access to the instance by command injection when configuring Artifact & Logs and Migrations Storage. GitHub has requested CVE ID [CVE-2024-3684](https://nvd.nist.gov/vuln/detail/CVE-2024-3684) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **MEDIUM**: An attacker could maintain admin access to a detached repository in a race condition by making a GraphQL mutation to alter repository permissions while the repository is detached. GitHub has requested CVE ID [CVE-2024-2440](https://nvd.nist.gov/vuln/detail/CVE-2024-2440) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      A GraphQL endpoint was disabled as part of a previous security fix, causing errors with the "Auto-add to project" workflow and with issue creation from within a project. To resolve these errors, a security patch has been applied and the affected GraphQL endpoint has been re-enabled.
-    - |
-      Packages have been updated to the latest security versions.
-  bugs:
-    - |
-      When configuring audit log streaming to Datadog or Splunk on an instance with custom CA certificates, the connection failed with the error `There was an error trying to connect`.
-    - |
-      Disk usage, utilization, and latency for data devices could render incorrectly in Grafana.
-    - |
-      On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover. The `ghe-cluster-failover` command has been updated to block access from the old cluster, and four new command-line utilities have been introduced to manually block IP addresses: `ghe-cluster-block-ips`, `ghe-cluster-block-ip`, `ghe-cluster-unblock-ips`, and `ghe-cluster-unblock-ip`. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-failover). [Updated: 2024-05-01]
-    - |
-      The `ghe-update-check` command did not clean up .tmp files in `/var/lib/ghe-updates/`, which could lead to full disk issues.
-    - |
-      On an instance that failed a configuration run, when attempting to repeat the restore step of a backup, the audit log restore step returned error lines even though audit logs were being fully restored.
-    - |
-      In some cases, Treelights timeouts caused pull requests to return a 500 error.
-    - |
-      The web UI presented inapplicable fine-grained permissions for assignment to custom repository roles. The permissions were also displayed as implicitly included in certain base roles.
-    - |
-      On an instance with a GitHub Advanced Security license, some searches for secret scanning alerts resulted in a `500` error.
-    - |
-      The profile settings for organizations displayed a warning about profile images that does not apply to organizations on a GitHub Enterprise Server instance.
-    - |
-      Administrators could get a 500 error when trying to access the "File storage" section of the site admin dashboard.
-    - |
-      Setting a maintenance message failed if the message contained a multibyte character.
-    - |
-      On an instance with a GitHub Advanced Security license, metrics for custom patterns alerts incorrectly included tokens in ignored locations.
-    - |
-      On an instance with code scanning enabled, on the tool status page for code scanning, outdated upload errors were still displayed after a successful upload.
-    - |
-      On an instance where user avatars had been deleted directly from the database, an identicon avatar was not correctly displayed for affected users, and administrators may have observed a relatively high number of application exceptions.
-  changes:
-    - |
-      On an instance hosted on Azure, administrators can set and reset SSH keys and passwords via the Azure Agent.
-    - |
-      As a result of a security vulnerability, the editor role for a Management Console user has been deprecated. For details, see the "Security fixes" section of these release notes. Existing users with the editor role will be unable to log in to the Management Console, and should contact their site administrator requesting that access be reinstated by updating the user to the operator role if appropriate.
-    - |
-      Administrators can improve the performance of "Create a new repository" and "Create a new fork" pages by running this command: `ghe-config app.github.create-repo-perf true && ghe-config-apply`.
-  known_issues:
-    - |
-      Custom firewall rules are removed during the upgrade process.
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
-    - |
-      After an administrator enables maintenance mode from the instance's Management Console UI using Firefox, the administrator is redirected to the Settings page, but maintenance mode is not enabled. To work around this issue, use a different browser.
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %}
-    - |
-      On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
-    - |
-      {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
-    - |
-      {% data reusables.release-notes.large-adoc-files-issue %}
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
-    - |
-      {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
-    - |
-      {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]

data/release-notes/enterprise-server/3-10/11.yml

@@ -1,64 +0,0 @@
-date: '2024-05-08'
-intro: |
-  {% warning %}
-
-  **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.11-known-issues) section of these release notes.
-
-  {% endwarning %}
-sections:
-  security_fixes:
-    - |
-      As a result of a security vulnerability, the editor role for a Management Console user has been deprecated in the Manage GitHub Enterprise Server API.
-    - |
-      Packages have been updated to the latest security versions.
-  bugs:
-    - |
-      Running `ghe-repl-node -d` did not validate value length in order to prevent values longer than 20 characters.
-    - |
-      For an instance in a cluster configuration, during the migration phase of a configuration run, the process of copying configuration updates to all nodes would fail.
-    - |
-      External collaborators with read-only access were able to run workflows on their pull requests from private forks without approval.
-    - |
-      On an instance with a GitHub Advanced Security license, custom pattern matches were incorrectly filtered during post-scan filtering.
-  changes:
-    - |
-      To aid in understanding the CPU/memory utilization of secret scanning processes, the binary names of nomad workers were updated to differentiate between the different types of secret scanning jobs.
-    - |
-      A more specific error message is shown when the `ghe-repl-node` command is run on an instance not configured for high availability.
-  known_issues:
-    - |
-      Custom firewall rules are removed during the upgrade process.
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
-    - |
-      After an administrator enables maintenance mode from the instance's Management Console UI using Firefox, the administrator is redirected to the Settings page, but maintenance mode is not enabled. To work around this issue, use a different browser.
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %}
-    - |
-      On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
-    - |
-      {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
-    - |
-      {% data reusables.release-notes.large-adoc-files-issue %}
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
-    - |
-      {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
-    - |
-      {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]

data/release-notes/enterprise-server/3-10/12.yml

@@ -1,52 +0,0 @@
-date: '2024-05-20'
-intro: |
-  {% warning %}
-
-  **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.12-known-issues) section of these release notes.
-
-  {% endwarning %}
-sections:
-  security_fixes:
-    - |
-      **CRITICAL**: On instances that use SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, an attacker could forge a SAML response to provision and/or gain access to a user with administrator privileges.
-
-      Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO or utilizing SAML SSO authentication without encrypted assertions are not impacted. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. GitHub has requested CVE ID [CVE-2024-4985](https://nvd.nist.gov/vuln/detail/CVE-2024-4985) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-
-      For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise) and [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions).
-  known_issues:
-    - |
-      Custom firewall rules are removed during the upgrade process.
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
-    - |
-      After an administrator enables maintenance mode from the instance's Management Console UI using Firefox, the administrator is redirected to the Settings page, but maintenance mode is not enabled. To work around this issue, use a different browser.
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %}
-    - |
-      On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
-    - |
-      {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
-    - |
-      {% data reusables.release-notes.large-adoc-files-issue %}
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
-    - |
-      {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
-    - |
-      {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]

data/release-notes/enterprise-server/3-10/13.yml

@@ -1,61 +0,0 @@
-date: '2024-06-19'
-intro: |
-  {% warning %}
-
-  **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.13-known-issues) section of these release notes.
-
-  {% endwarning %}
-sections:
-  security_fixes:
-    - |
-      **HIGH**: An attacker with the site administrator role could gain arbitrary code execution capability on the GitHub Enterprise Server appliance when configuring audit log streaming. GitHub has requested CVE ID [CVE-2024-5746](https://www.cve.org/cverecord?id=CVE-2024-5746) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      Packages have been updated to the latest security versions.
-  bugs:
-    - |
-      On an instance with GitHub Actions and External MySQL enabled, a validation step in the config apply could fail.
-  known_issues:
-    - |
-      Custom firewall rules are removed during the upgrade process.
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
-    - |
-      After an administrator enables maintenance mode from the instance's Management Console UI using Firefox, the administrator is redirected to the Settings page, but maintenance mode is not enabled. To work around this issue, use a different browser.
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %}
-    - |
-      On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
-    - |
-      {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
-    - |
-      {% data reusables.release-notes.large-adoc-files-issue %}
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
-    - |
-      {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
-    - |
-      When enabling [log forwarding](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/log-forwarding#enabling-log-forwarding), specific services logs (babeld and some more) are duplicated.
-    - |
-      The reply.[hostname] subdomain is falsely always displaying as having no SSL and DNS record, when testing the domain settings via management console without subdomain isolation.
-    - |
-      When log forwarding is enabled, some forwarded log entries may be duplicated.
-    - |
-      Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised.
-    - |
-      If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected.

data/release-notes/enterprise-server/3-10/15.yml

@@ -1,139 +0,0 @@
-date: '2024-07-19'
-intro: |
-
-  >[!NOTE] Due to a bug that caused hotpatch upgrades to fail for instances on Microsoft Azure, the previous patch release in this series (**3.10.14**) is not available for download. The following release notes include the updates introduced in that release.
-
-  {% warning %}
-
-  **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.14-known-issues) section of these release notes.
-
-  {% endwarning %}
-sections:
-  security_fixes:
-    - |
-      **HIGH**: An attacker could cause unbounded resource exhaustion on the instance by sending a large payload to the Git server. To mitigate this issue, GitHub has limited the count of "have" and "want" lines for Git read operations. GitHub has requested CVE ID [CVE-2024-5795](https://www.cve.org/cverecord?id=CVE-2024-5795) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
-    - |
-      **MEDIUM:** An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related {% data variables.product.pat_generic %}. GitHub has requested CVE ID [CVE-2024-5566](https://www.cve.org/cverecord?id=CVE-2024-5566) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
-    - |
-      **MEDIUM:** An attacker could have unauthorized access in a public repository using a suspended GitHub App via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. GitHub has requested CVE ID [CVE-2024-5816](https://www.cve.org/cverecord?id=CVE-2024-5816) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
-    - |
-      **MEDIUM:** An attacker could execute a Cross Site Request Forgery (CSRF) attack to perform write operations on a victim-owned repository in GitHub Enterprise Server by exploiting incorrect request types. A mitigating factor is that the attacker has to be a trusted user and the victim has to visit a tag in the attacker's fork of their own repository. GitHub has requested CVE ID [CVE-2024-5815](https://nvd.nist.gov/vuln/detail/CVE-2024-5815) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **MEDIUM:** An attacker could disclose the name of a private repository on the GitHub Enterprise Server appliance when the private repository has a deploy key associated to it. GitHub has requested CVE ID [CVE-2024-6395](https://www.cve.org/cverecord?id=CVE-2024-6395) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **LOW:** Instance administrators could see fine-grained {% data variables.product.pat_generic_plural %} in plaintext in the babeld and gitauth logs.
-    - |
-      **LOW:** An attacker with read access to a project could use the REST API to view a list of all members in an organization, including members who had made their membership private. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
-    - |
-      **LOW:** An attacker could include MathJax syntax in Markdown to bypass GitHubs normal restrictions on CSS properties in Markdown. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
-    - |
-      **MEDIUM:** An attacker could disclose sensitive information from a private repository exploiting organization ruleset features. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. GitHub has requested CVE ID [CVE-2024-6336](https://www.cve.org/cverecord?id=CVE-2024-6336) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
-    - |
-      **MEDIUM:** An attacker could have unauthorized read access to issue content inside an internal repository via GitHub projects. This attack required attacker access to the corresponding project board. GitHub has requested CVE ID [CVE-2024-5817](https://nvd.nist.gov/vuln/detail/CVE-2024-5817) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      Firewall port 9199, which linked to a static maintenance page used when enabling maintenance mode with an IP exception list, was opened unnecessarily.
-    - |
-      Packages have been updated to the latest security versions.
-  bugs:
-    - |
-      When an instance hosted on Azure was upgraded with a hotpatch, the upgrade failed with an `rsync` error.
-    - |
-      On an instance with GitHub Actions enabled, remote blob storage could fill up with large amounts of data because cleanup jobs were skipped on old hosts.
-    - |
-      In some cases, commands run in an administrative SSH shell were not written to the audit log.
-    - |
-      When an administrator submitted support data to GitHub Support, spokesd keys were incorrectly sanitized.
-    - |
-      When log forwarding was enabled, some specific service logs, including babeld, gitauth, unicorn, and resqued, were duplicated.
-    - |
-      During the initial boot of an instance, a data disk attached as `/dev/sdb` may not have been recognized as an available disk.
-    - |
-      In some cases, the HAProxy `kill_timeout` setting caused service outages during upgrades or large transactions.
-    - |
-      The `ssh-audit-log.sh` script did not effectively log SSH commands, and the `ghe-sanitize-log.psed` script inadequately sanitized password-related logs.
-    - |
-      The default MSSQL timeout of 8 seconds sometimes caused issues during administrator activities. The default timeout has been increased to 30 seconds.
-    - |
-      For an instance running on Microsoft Azure, the user disk service failed to start because the attached volume could not be found.
-    - |
-      Establishing a new GitHub Connect connection could fail with a 500 error.
-    - |
-      When using `ghe-migrator` to migrate a repository, the links for pull requests merge commits were not imported.
-    - |
-      In some cases, reading data from repositories with a large number of objects would result in timeout or error.
-    - |
-      When a user used the REST API endpoints that returned secret scanning alerts at the repository or organization level with non-cursor-based pagination (for example, without `before` or `after` query parameters), the REST API endpoints for secret scanning returned incorrect `Link` headers.
-    - |
-      On instances with SAML authentication configured, users were unable to sign out and became stuck in an infinite SAML SSO loop.
-    - |
-      Deleting a branch that was targeted by many pull requests could result in delayed job processing and increased system memory usage.
-    - |
-      On an instance that restricts emails to verified domains, secret scanning emails would sometimes be sent to an unverified domain.
-    - |
-      In some cases, on the "Files" tab of a pull request, a comment on the first line did not render.
-    - |
-      Some organizations were not recognized as part of an instance's enterprise account.
-    - |
-      Some users would encounter an error when navigating to their personal security settings page at `https://HOSTNAME/settings/security`.
-    - |
-      On the "Code scanning" page of a repository, the branch filter did not correctly display all branches.
-    - |
-      Users viewing the alerts index page experienced inconsistencies in rendering the closed alert state.
-    - |
-      Organizations named "C" were incorrectly routed to the GitHub Enterprise Server contact page instead of their organization page.
-    - |
-      When servers responded with unsupported characters, webhook deliveries were not displayed in the UI.
-    - |
-      Chat integrations required frequent reauthentication, as a result of new app installations overwriting previous ones.
-    - |
-      On an instance in a cluster configuration, the `ghe-spokesctl ssh` command did not select the correct Nomad container when running a command within a git repository.
-    - |
-      On an instance with a GitHub Advanced Security license, disabling and re-enabling GitHub Advanced Security for an organization resulted in redundant scans of some repositories.
-  changes:
-    - |
-      The timeout for requests made to the REST API endpoints for secret scanning has been extended.
-    - |
-      When a user changes a repository's visibility to public, the user is now warned that previous Actions history and logs will become public as well.
-    - |
-      When using the `ghe-webhook-logs` utility, webhook delivery logs can be filtered by event and action. Users can use `ghe-webhook-logs --event issues` to filter by event, or `ghe-webhook-logs --event issues.opened` to filter by event and action.
-  known_issues:
-    - |
-      Custom firewall rules are removed during the upgrade process.
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
-    - |
-      After an administrator enables maintenance mode from the instance's Management Console UI using Firefox, the administrator is redirected to the Settings page, but maintenance mode is not enabled. To work around this issue, use a different browser.
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %}
-    - |
-      On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
-    - |
-      {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
-    - |
-      {% data reusables.release-notes.large-adoc-files-issue %}
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
-    - |
-      {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
-    - |
-      The reply.[hostname] subdomain is falsely always displaying as having no ssl and dns record, when testing the domain settings via management console **without subdomain isolation**.
-    - |
-      _Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised._
-    - |
-      If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected.

data/release-notes/enterprise-server/3-10/16.yml

@@ -1,97 +0,0 @@
-date: '2024-08-20'
-intro: |
-  {% warning %}
-
-  **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.16-known-issues) section of these release notes.
-
-  {% endwarning %}
-sections:
-  features:
-    - |
-      Users can view the app state of gists, networks, and wikis in the `spokesctl info` output, enhancing visibility into the status of these elements. Additionally, `spokesctl check` can diagnose and, in most cases, fix empty repository networks, improving network management.
-  security_fixes:
-    - |
-      **CRITICAL:** On GitHub Enterprise Server instances that use SAML single sign-on (SSO) authentication with specific IdPs utilizing publicly exposed signed federation metadata XML, an attacker could forge a SAML response to provision and/or gain access to a user account with site administrator privileges. GitHub has requested CVE ID [CVE-2024-6800](https://www.cve.org/cverecord?id=CVE-2024-6800) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **MEDIUM:** An attacker could disclose the issue contents from a private repository using a GitHub App with only `contents: read` and `pull requests: write` permissions. This was only exploitable via user access token, and installation access tokens were not impacted. GitHub has requested CVE ID [CVE-2024-6337](https://www.cve.org/cverecord?id=CVE-2024-6337) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      Packages have been updated to the latest security versions.
-  bugs:
-    - |
-      On an instance with GitHub Actions enabled, during a hotpatch upgrade, a race condition could block various upgrade activities.
-    - |
-      The `ghe-config-apply` process made an unnecessary number of connections to Redis.
-    - |
-      Instances installed on Google Cloud Platform (GCP) could have their hostname overwritten by GCP when a hotpatch was applied.
-    - |
-      The minimum password requirements for Management Console users and the root site administrator required an upper case character when providing a password with a minimum of 8 characters, contradicting the documentation and password hint.
-    - |
-      On an instance with subdomain isolation enabled, configuration runs created subdomains for ChatOps services, such as `slack.HOSTNAME` and `teams.HOSTNAME`, regardless of whether the service was enabled.
-    - |
-      On an instance with GitHub Actions enabled, due to an insufficient wait time, MS SQL and MySQL replication could fail with the error message `Failed to start nomad service!`.
-    - |
-      Some users were unable to delete project views.
-    - |
-      Due to a regression introduced in a previous patch, for enterprises that use encrypted SAML assertions, SSO attempts failed with a digest mismatch error if the entire SAML response was signed, rather than just the assertions.
-    - |
-      Running `go get` for a Golang repository with a directory structure that overlaps with GitHub UI routes failed
-    - |
-      The `github-stream-processor` service could get into a state where it would continually fail to process messages with a `TRILOGY_CLOSED_CONNECTION` error.
-    - |
-      A corrupted entry in the Git audit log could cause out of memory errors.
-    - |
-      Fixes and improvements for the git core module.
-  changes:
-    - |
-      Actions KPI logs are disabled by default to reduce log size.
-    - |
-      Audit log events related to audit log streaming are available in the enterprise audit log page, and via audit log streaming.
-  known_issues:
-    - |
-      Custom firewall rules are removed during the upgrade process.
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
-    - |
-      After an administrator enables maintenance mode from the instance's Management Console UI using Firefox, the administrator is redirected to the Settings page, but maintenance mode is not enabled. To work around this issue, use a different browser.
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %}
-    - |
-      On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
-    - |
-      {% data reusables.release-notes.2023-10-actions-upgrade-bug %}
-    - |
-      {% data reusables.release-notes.large-adoc-files-issue %}
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
-    - |
-      {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
-    - |
-      The `reply.HOSTNAME` subdomain is falsely displayed as having no SSL and DNS record, when testing the domain settings via the Management Console without subdomain isolation.
-    - |
-      Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised.
-    - |
-      If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected.
-    - |
-      When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed.
-    - |
-      Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run.
-  errata:
-    - |
-      These release notes previously indicated as a known issue that on GitHub Enterprise Server 3.10.16 when log forwarding is enabled, some forwarded log entries may be duplicated.
-      The fix for this problem was already included in GitHub Enterprise Server [3.10.15](/admin/release-notes#3.10.15-bugs). [Updated: 2024-09-16]

data/release-notes/enterprise-server/3-10/17.yml

@@ -1,74 +0,0 @@
-date: '2024-09-23'
-sections:
-  security_fixes:
-    - |
-      **MEDIUM:** An attacker could steal sensitive information by exploiting a Cross-Site Scripting vulnerability in the repository transfer feature. This exploitation would require social engineering. GitHub has requested CVE ID [CVE-2024-8770](https://www.cve.org/cverecord?id=CVE-2024-8770) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **MEDIUM:** An attacker could push a commit with changes to a workflow using a PAT or OAuth app that lacks the appropriate `workflow` scope by pushing a triple-nested tag pointing at the associated commit. GitHub has requested CVE ID [CVE-2024-8263](https://www.cve.org/cverecord?id=CVE-2024-8263) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **HIGH:** A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. GitHub has requested [CVE ID CVE-2024-8810](https://www.cve.org/cverecord?id=CVE-2024-8810) for this vulnerability, which was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/). [Updated: 2024-11-07]
-  bugs:
-    - |
-      For instances deployed on AWS with IMDSv2 enforced, fallback to private IPs was not successful.
-    - |
-      A config apply run may not have been properly applied due to calls being made to Nomad before it was ready to accept connections. When this occurred, the `Error querying agent info: failed querying self endpoint: Get "http://127.0.0.1:4646/v1/agent/self"` error was written to the `/data/user/common/ghe-config.log` file.
-    - |
-      When configuring a high availability replica and during the database seeding of a MySQL replica node, restarting the `nomad` service could time out. Consequently, when MySQL replication attempted to start an error was reported, and setting up replication failed.
-    - |
-      When importing using `ghe-migrator`, team URLs containing dots were imported as-is, leading to 404s when attempting to view the imported teams. Dots in imported team URLs are now escaped to dashes.
-    - |
-      On an instance in a cluster configuration, the `ghe-cluster-status` command returned an error if a soft-deleted repository had a checksum mismatch.
-    - |
-      Some repositories could miss spokes information after restoring in a clustering topology due to unrescued exceptions.
-    - |
-      Fixes and improvements for the git core module.
-    - |
-      The `CommandPalette` component no longer displays repository information on `404` pages, preventing the leakage of private repository information for users without access.
-    - |
-      Custom links to other repositories displayed incorrect breadcrumbs.
-    - |
-      When a GitHub App installation had all repositories installed individually, it was not possible to remove the repositories from the selection.
-    - |
-      After an administrator enabled maintenance mode from an instance's Management Console UI using Firefox, the administrator was redirected to the Settings page, but maintenance mode was not enabled.
-    - |
-      Some custom pattern matches were incorrectly filtered during post-scan filtering. You may want to edit and republish your custom patterns. You can manually republish custom patterns with the following command: `ghe-secret-scanning jobs queue custom-patterns republish --custom-pattern-id=?`. Outdated alerts caused by edits during custom pattern backfills have been fixed in version 3.13 and above.
-  changes:
-    - |
-      For instances deployed on Amazon Web Services (AWS), site administrators can configure regional AWS STS endpoints for OIDC from the Management Console.
-  known_issues:
-    - |
-      Custom firewall rules are removed during the upgrade process.
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
-    - |
-      The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %}
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %}
-    - |
-      On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as `127.0.0.1`.
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
-    - |
-      {% data reusables.release-notes.large-adoc-files-issue %}
-    - |
-      {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
-    - |
-      The `reply.[hostname]` subdomain is falsely always displaying as having no SSL and DNS record, when testing the domain settings via management console without subdomain isolation.
-    - |
-      Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised.
-    - |
-      {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %}
-    - |
-      When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed.
-    - |
-      Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run.

data/release-notes/enterprise-server/3-10/2.yml

@@ -1,60 +0,0 @@
-date: '2023-09-22'
-intro: |
-  {% warning %}
-
-  **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.2-known-issues) section of these release notes.
-
-  {% endwarning %}
-sections:
-  bugs:
-    - On an instance in a high-availability, geo-replication, or repository cache configuration, prolonged replication issues could occur on replica nodes due to failure of `SpokesRepairRepoReplicaJob` and `SpokesSyncCacheReplicaJob` jobs.
-  known_issues:
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
-    - |
-      Custom firewall rules are removed during the upgrade process.
-
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). [Updated: 2023-02-23]
-    - |
-      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
-    - |
-      After an administrator enables maintenance mode from the instance's Management Console UI using Firefox, the administrator is redirected to the Settings page, but maintenance mode is not enabled. To work around this issue, use a different browser.
-    - |
-      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-    - |
-      {% data reusables.release-notes.2023-10-resource-activity-queue-not-processed %} [Updated: 2023-10-26]
-    - |
-      {% data reusables.release-notes.2023-10-actions-upgrade-bug %} [Updated: 2023-12-04]
-    - |
-      {% data reusables.release-notes.large-adoc-files-issue %} [Updated: 2023-10-31]
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
-    - |
-      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
-    - |
-      {% data reusables.release-notes.2024-01-ha-proxy-out-of-memory %} [Updated 2024-01-23]
-    - |
-      {% data reusables.release-notes.2024-03-increased-log-volume-in-syslog %} [Updated: 2024-03-08]
-    - |
-      {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]