Remove GHES 3.8 data and markup (#49930)

Co-authored-by: Laura Coursen <lecoursen@github.com>
2025-12-19 18:10:59 -05:00 · 2024-04-01 09:52:59 -07:00
parent 55b3c90f44
commit a123b01ae1
84 changed files with 80 additions and 823268 deletions
--- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/index.md
+++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/index.md
@@ -4,7 +4,7 @@ shortTitle: Actions Runner Controller
 intro: You can host your own runners to run workflows in a highly customizable environment.
 versions:
  fpt: '*'
-  ghes: '>=3.9'
+  ghes: '*'
  ghec: '*'
 topics:
  - Actions Runner Controller
--- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners.md
+++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners.md
@@ -21,9 +21,7 @@ You can automatically increase or decrease the number of self-hosted runners in

 {% data variables.product.prodname_dotcom %} recommends using [actions/actions-runner-controller](https://github.com/actions/actions-runner-controller) for autoscaling your runners.

-{%- ifversion fpt or ghec or ghes > 3.8 %}
 For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller)."
-{% endif %}

 ## Using ephemeral runners for autoscaling

--- a/content/actions/learn-github-actions/variables.md
+++ b/content/actions/learn-github-actions/variables.md
@@ -153,7 +153,6 @@ The following rules apply to configuration variable names:
 ### Limits for configuration variables

 {% ifversion ghes %}
-{% ifversion ghes > 3.8 %}

 Individual variables are limited to 48 KB in size.

@@ -170,18 +169,6 @@ A workflow created in a repository can access the following number of variables:
 **Note**: Environment-level variables do not count toward the 10 MB total size limit. If you exceed the combined size limit for repository and organization variables and still need additional variables, you can use an environment and define additional variables in the environment.

 {% endnote %}
-{% elsif ghes < 3.9 %}
-
-Individual variables are limited to 48 KB in size.
-
-You can store up to 1,000 organization variables, 100 variables per repository, and 100 variables per environment.
-
-A workflow created in a repository can access the following number of variables:
-
- All 100 repository variables.
- If the repository is assigned access to more than 100 organization variables, the workflow can only use the first 100 organization variables (sorted alphabetically by variable name).
- All 100 environment-level variables.
-{% endif %}

 {% else %}

--- a/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md
+++ b/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md
@@ -303,14 +303,7 @@ To output a CSV file containing a list of all user SAML `NameID` mappings on the
 ghe-saml-mapping-csv -d
 ```

-{% ifversion ghes < 3.9 %}
-
-After output completes, the utility displays the path to the file. The default path for output depends on the patch release of {% data variables.product.product_name %} {% ifversion ghes = 3.7%}3.7{% endif %} your instance is running.
-
- In version 3.{% ifversion ghes = 3.8 %}8.0{% endif %}, the utility writes the file to `/tmp`.
- In version 3.{% ifversion ghes = 3.8 %}8.1{% endif %} and later,
-
-{%- elsif ghes > 3.8 %}By default,{% endif %} the utility writes the file to `/data/user/tmp`.
+By default, the utility writes the file to `/data/user/tmp`.

 If you plan to update mappings, to ensure that the utility can access the file, we recommend that you keep the file in the default location.

@@ -707,7 +700,7 @@ ssh -p 122 admin@HOSTNAME -- 'ghe-cluster-support-bundle -o' > cluster-support-b
 To create a standard bundle including data from the last 2 days:

 ```shell
-ssh -p 122 admin@HOSTNAME -- "ghe-cluster-support-bundle -p {% ifversion bundle-cli-syntax-no-quotes %}2days {% elsif ghes < 3.9 %}'2 days' {% endif %} -o" > support-bundle.tgz
+ssh -p 122 admin@HOSTNAME -- "ghe-cluster-support-bundle -p {% ifversion bundle-cli-syntax-no-quotes %}2days {% endif %} -o" > support-bundle.tgz
 ```

 To create an extended bundle including data from the last 8 days:
@@ -950,16 +943,6 @@ This utility manually repackages a repository network to optimize pack storage.

 You can add the optional `--prune` argument to remove unreachable Git objects that aren't referenced from a branch, tag, or any other ref. This is particularly useful for immediately removing [previously expunged sensitive information](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository).

-{% ifversion ghes < 3.9 %}
-
-{% warning %}
-
-**Warning**: Before using the `--prune` argument to remove unreachable Git objects, put {% data variables.location.product_location %} into maintenance mode, or ensure all repositories within the same repository network are locked. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)" and "[AUTOTITLE](/admin/user-management/managing-repositories-in-your-enterprise/locking-a-repository)."
-
-{% endwarning %}
-
-{% endif %}
-
 ```shell
 ghe-repo-gc USERNAME/REPONAME
 ```
@@ -1187,7 +1170,7 @@ ssh -p 122 admin@HOSTNAME -- 'ghe-support-bundle -o' > support-bundle.tgz
 To create a standard bundle including data from the last 2 days:

 ```shell
-ssh -p 122 admin@HOSTNAME -- "ghe-support-bundle -p {% ifversion bundle-cli-syntax-no-quotes %}2days {% elsif ghes < 3.9 %}'2 days' {% endif %} -o" > support-bundle.tgz
+ssh -p 122 admin@HOSTNAME -- "ghe-support-bundle -p {% ifversion bundle-cli-syntax-no-quotes %}2days {% endif %} -o" > support-bundle.tgz
 ```

 To create an extended bundle including data from the last 8 days:
@@ -1237,7 +1220,7 @@ During an upgrade to a feature release, this utility displays the status of back
 {% ifversion ghes < 3.12 %}
 {% note %}

-**Note:** To use `ghe-check-background-upgrade-jobs` with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
+**Note:** To use `ghe-check-background-upgrade-jobs` with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.

 {% endnote %}
 {% endif %}
--- a/content/admin/backing-up-and-restoring-your-instance/known-issues-with-backups-for-your-instance.md
+++ b/content/admin/backing-up-and-restoring-your-instance/known-issues-with-backups-for-your-instance.md
@@ -23,22 +23,22 @@ redirect_from:

 {% note %}

-**Note:** This known issue has been fixed in {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.8.1{% elsif ghes = 3.9 %}3.9.1{% endif %}.
+**Note:** This known issue has been fixed in {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9 %}3.9.1{% endif %}.

 {% endnote %}

-If you used {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.7.0 or 3.8.0{% elsif ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %} to back up an instance running any release in the {% data variables.product.product_name %} 3.7{% ifversion ghes = 3.8 or ghes = 3.9 %} or 3.8{% endif %} series, after you restore the backup to a new instance, users cannot sign in. Though users cannot sign in, the backup itself is unaffected and all data is intact.
+If you used {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %} to back up an instance running any release in the {% data variables.product.product_name %} 3.7{% ifversion ghes = 3.9 %} or 3.8{% endif %} series, after you restore the backup to a new instance, users cannot sign in. Though users cannot sign in, the backup itself is unaffected and all data is intact.

 After you restore an existing backup affected by this issue, you can resolve the issue by modifying the configuration on the new instance.

 ### Restoring from an existing backup

-If you've restored an existing backup from {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.8.0{% elsif ghes = 3.9%}3.7.0, 3.8.0, or 3.9.0{% endif %} to a new instance and users cannot sign in, you must output configuration data from the source {% data variables.product.product_name %} instance and adjust the configuration on the target instance.
+If you've restored an existing backup from {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9%}3.7.0, 3.8.0, or 3.9.0{% endif %} to a new instance and users cannot sign in, you must output configuration data from the source {% data variables.product.product_name %} instance and adjust the configuration on the target instance.

 To ensure users can sign into the new target instance, ensure that your environment meets the following requirements.

 - The source {% data variables.product.product_name %} instance must be running and accessible via SSH.
- You must have an existing backup from {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.7.0 or 3.8.0{% elsif ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %}.
+- You must have an existing backup from {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %}.
 - You must have provisioned a new target {% data variables.product.product_name %} instance and restored the backup. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance)" and "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-instance)."

 1. SSH into the source {% data variables.product.product_name %} instance that you backed up. If your instance comprises multiple nodes, for example if high availability or geo-replication are configured, SSH into the primary node. If you use a cluster, you can SSH into any node. Replace HOSTNAME with the actual hostname of your instance. For more information about SSH access, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
@@ -47,7 +47,7 @@ To ensure users can sign into the new target instance, ensure that your environm
   ssh -p 122 admin@HOSTNAME
   ```

-{%- ifversion ghes = 3.8 or ghes = 3.9 %}
+{%- ifversion ghes = 3.9 %}
 1. To display a list of decryption keys, run the following command.

   ```shell copy
@@ -70,16 +70,16 @@ To ensure users can sign into the new target instance, ensure that your environm
   ```

 1. Enable maintenance mode. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode#enabling-maintenance-mode-immediately-or-scheduling-a-maintenance-window-for-a-later-time)."
-1. To verify that the destination instance is ready for configuration, run the following {% ifversion ghes = 3.8 or ghes = 3.9 %}commands{% endif %}. There should be no output displayed.
+1. To verify that the destination instance is ready for configuration, run the following {% ifversion ghes = 3.9 %}commands{% endif %}. There should be no output displayed.

   ```shell copy
   ghe-config secrets.github.encrypted-column-keying-material
-   {%- ifversion ghes = 3.8 or ghes = 3.9 %}
+   {%- ifversion ghes = 3.9 %}
   ghe-config secrets.github.encrypted-column-current-encryption-key
   {%- endif %}
   ```

-{%- ifversion ghes = 3.8 or ghes = 3.9 %}
+{%- ifversion ghes = 3.9 %}
 1. To update the decryption keys on the destination instance, run the following command. Replace DECRYPTION-KEY-LIST with the output from step 1.

   ```shell copy
@@ -100,11 +100,11 @@ To ensure users can sign into the new target instance, ensure that your environm
    ```

 1. Wait for the configuration run to complete.
-1. To ensure that the target instance's configuration contains the keys, run the following {% ifversion ghes = 3.8 or ghes = 3.9 %}commands{% endif %} and verify that the output matches step 1{% ifversion ghes = 3.8 or ghes = 3.9 %} and step 4{% endif %}.
+1. To ensure that the target instance's configuration contains the keys, run the following {% ifversion ghes = 3.9 %}commands{% endif %} and verify that the output matches step 1{% ifversion ghes = 3.9 %} and step 4{% endif %}.

   ```shell copy
   ghe-config secrets.github.encrypted-column-keying-material
-   {%- ifversion ghes = 3.8 or ghes = 3.9 %}
+   {%- ifversion ghes = 3.9 %}
   ghe-config secrets.github.encrypted-column-current-encryption-key
   {%- endif %}
   ```
--- a/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md
+++ b/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md
@@ -31,7 +31,7 @@ Before configuring {% data variables.product.prodname_dependabot %}, install Doc

   Each release of {% data variables.product.product_name %} includes an updated `containers.json` file at: `https://HOSTNAME/github/dependabot-action/blob/ghes-VERSION/docker/containers.json`. You can see the {% data variables.product.prodname_dotcom_the_website %} version of the file at: [containers.json](https://github.com/github/dependabot-action/blob/main/docker/containers.json).

-1. Preload all the container images from the {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_container_registry %} onto the {% data variables.product.prodname_dependabot %} runner using the `docker pull` command. {% ifversion ghes > 3.8 %}Alternatively, preload the `dependabot-proxy` image and then preload only the container images for the ecosystems you require.
+1. Preload all the container images from the {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_container_registry %} onto the {% data variables.product.prodname_dependabot %} runner using the `docker pull` command. {% ifversion ghes %}Alternatively, preload the `dependabot-proxy` image and then preload only the container images for the ecosystems you require.

   For example, to support npm and {% data variables.product.prodname_actions %} you could use the following commands, copying details of the images to load from the `containers.json` file to ensure that you have the correct version and SHA for each image.

--- a/content/admin/configuration/configuring-network-settings/configuring-an-outbound-web-proxy-server.md
+++ b/content/admin/configuration/configuring-network-settings/configuring-an-outbound-web-proxy-server.md
@@ -34,7 +34,7 @@ When a proxy server is enabled for {% data variables.location.product_location %

 You can configure an outbound proxy server {% data variables.location.product_location %}, and you can configure exceptions for connections to specific domains.

-{% ifversion ghes > 3.8 %}
+{% ifversion ghes %}

 Your instance validates the hostnames for proxy exclusion using the list of IANA's registered top-level domains (TLDs). For more information, see the [list of TLDs](https://data.iana.org/TLD/tlds-alpha-by-domain.txt) on the IANA website.

@@ -47,7 +47,7 @@ Your instance validates the hostnames for proxy exclusion using the list of IANA
 1. Optionally, under **HTTP Proxy Exclusion**, type any hosts that do not require proxy access, separating hosts with commas. The following rules apply to top-level domains (TLDs) and IP addresses that you exclude from the proxy.

   - When you exclude a TLD, you can exclude all hosts in a domain from requiring proxy access using `.` as a wildcard prefix, such as `.octo-org.tentacle`.
-   - {% ifversion ghes < 3.9 %}In {% data variables.product.product_name %} 3.{% ifversion ghes = 3.7%}7.8{% elsif ghes = 3.8 %}8.1{% endif %} and later, your{% else %}Your{% endif %} instance validates the hostnames you exclude using the list of IANA's registered TLDs. For more information, see the [list of TLDs](https://data.iana.org/TLD/tlds-alpha-by-domain.txt) on the IANA website. If you want to exclude an unregistered TLD, see "[Excluding additional unregistered TLDs from the proxy](#excluding-additional-unregistered-tlds-from-the-proxy)."
+   - Your instance validates the hostnames you exclude using the list of IANA's registered TLDs. For more information, see the [list of TLDs](https://data.iana.org/TLD/tlds-alpha-by-domain.txt) on the IANA website. If you want to exclude an unregistered TLD, see "[Excluding additional unregistered TLDs from the proxy](#excluding-additional-unregistered-tlds-from-the-proxy)."
   - You can exclude a full, valid IPv4 or IPv6 address.
   - You cannot exclude an IPv4 or IPv6 address using a preceding or trailing dot as a wildcard.

@@ -55,7 +55,7 @@ Your instance validates the hostnames for proxy exclusion using the list of IANA

 ## Excluding additional unregistered TLDs from the proxy

-{% ifversion ghes < 3.9 %}In {% data variables.product.product_name %} 3.{% ifversion ghes = 3.7%}7.8{% elsif ghes = 3.8 %}8.1{% endif %} and later, you{% elsif ghes > 3.8 %}You{% endif %} can configure your instance's proxy settings to exclude unregistered TLDs that aren't specified in the [list of TLDs](https://data.iana.org/TLD/tlds-alpha-by-domain.txt) on the IANA website.
+You can configure your instance's proxy settings to exclude unregistered TLDs that aren't specified in the [list of TLDs](https://data.iana.org/TLD/tlds-alpha-by-domain.txt) on the IANA website.

 When you exclude additional unregistered TLDs, you must use `.` as a wildcard prefix. If the TLD is `tentacle`, you must exclude `.tentacle`. You cannot exclude an unregistered TLD without the preceding `.`.

--- a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md
+++ b/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md
@@ -21,7 +21,7 @@ To enable interactive maps, you must provide authentication credentials for Azur

 {% warning %}

-**Warning**: Authentication with Azure Maps using an API token is deprecated in {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} and later. If you upgrade to the latest release of {% data variables.product.product_name %} on an instance already configured to authenticate with an API token, interactive maps will be disabled. You must reconfigure authentication using role-based access control (RBAC) for an application on a Microsoft Entra ID (previously known as Azure AD) tenant. {% data reusables.enterprise.azure-maps-auth-deprecation-link %}
+**Warning**: Authentication with Azure Maps using an API token is deprecated in {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} and later. If you upgrade to the latest release of {% data variables.product.product_name %} on an instance already configured to authenticate with an API token, interactive maps will be disabled. You must reconfigure authentication using role-based access control (RBAC) for an application on a Microsoft Entra ID (previously known as Azure AD) tenant. {% data reusables.enterprise.azure-maps-auth-deprecation-link %}

 {% endwarning %}

@@ -34,7 +34,7 @@ To enable interactive maps, you must provide authentication credentials for Azur

 {% ifversion ghes < 3.12 %}

-The following prerequisites apply if your instance runs {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
+The following prerequisites apply if your instance runs {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.

 {% endif %}

@@ -48,7 +48,7 @@ The following prerequisites apply if your instance runs {% data variables.produc

 {% ifversion ghes < 3.12 %}

-If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.product_name %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.product_name %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}11{% elsif ghes = 3.9 %}6{% elsif ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, you must provide an API token for Azure Maps instead.
+If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.product_name %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.product_name %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}6{% elsif ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, you must provide an API token for Azure Maps instead.

 {% data reusables.enterprise.azure-maps-auth-warning %}

@@ -60,7 +60,7 @@ If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.

 {% ifversion ghes < 3.12 %}

-To configure authentication for Azure Maps using RBAC, your instance must run {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
+To configure authentication for Azure Maps using RBAC, your instance must run {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.

 {% endif %}

@@ -109,10 +109,10 @@ After you create an application on your Entra ID tenant and generate a secret fo
 1. {% ifversion ghes > 3.11 %}Below the headings, type or paste{% else %}Enter{% endif %} your authentication details for Azure Maps.

   {%- ifversion ghes < 3.11 %}
-   - If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.product_name %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.product_name %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}11{% elsif ghes = 3.9 %}6{% elsif ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, below "Azure Maps API Token", type or paste your token.
+   - If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.product_name %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.product_name %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}6{% elsif ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, below "Azure Maps API Token", type or paste your token.

     {% data reusables.enterprise.azure-maps-auth-warning %}
-   - If your instance runs {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later, below the headings, type or paste the following information.
+   - If your instance runs {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later, below the headings, type or paste the following information.

     {%- endif %}
     - Optionally, to change the style of rendered maps, under "Basemap ID", type the ID for the style you'd like to use.
--- a/content/admin/configuration/hardening-security-for-your-enterprise/enabling-subdomain-isolation.md
+++ b/content/admin/configuration/hardening-security-for-your-enterprise/enabling-subdomain-isolation.md
@@ -24,8 +24,6 @@ Subdomain isolation mitigates cross-site scripting and other related vulnerabili

 When subdomain isolation is enabled, {% data variables.product.prodname_ghe_server %} replaces several paths with subdomains. After enabling subdomain isolation, attempts to access the previous paths for some user-supplied content, such as `http(s)://HOSTNAME/raw/`, may return `404` errors.

-{% data reusables.enterprise_site_admin_settings.3-7-new-subdomains %}
-
 | Path without subdomain isolation  | Path with subdomain isolation   |
 | --- | --- |
 | `http(s)://HOSTNAME/` | `http(s)://docker.HOSTNAME/` |
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md
+++ b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md
@@ -20,7 +20,7 @@ topics:

 ## About problems with SAML authentication

-{% data variables.product.product_name %} logs error messages for failed SAML authentication in the {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}systemd journal logs{% elsif ghes < 3.9 %}authentication log at{% endif %} {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}for the `github-unicorn` container{% elsif ghes < 3.9 %}_/var/log/github/auth.log_{% endif %}. You can review responses in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}this log{% elsif ghes < 3.9 %}this log file{% endif %}, and you can also configure more verbose logging.
+{% data variables.product.product_name %} logs error messages for failed SAML authentication in the {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}systemd journal logs{% endif %} {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}for the `github-unicorn` container{% endif %}. You can review responses in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}this log{% endif %}, and you can also configure more verbose logging.

 For more information about SAML response requirements, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/saml-configuration-reference#saml-response-requirements)."

@@ -32,7 +32,7 @@ You can configure {% data variables.product.product_name %} to write verbose deb

 **Warnings**:

- Only enable SAML debugging temporarily, and disable debugging immediately after you finish troubleshooting. If you leave debugging enabled, the size of the {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}logs{% elsif ghes < 3.9 %}file{% endif %} increases much faster than usual, which can negatively impact the performance of {% data variables.product.product_name %}.
+- Only enable SAML debugging temporarily, and disable debugging immediately after you finish troubleshooting. If you leave debugging enabled, the size of the {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}logs{% endif %} increases much faster than usual, which can negatively impact the performance of {% data variables.product.product_name %}.
 - Test new authentication settings for {% data variables.location.product_location %} in a staging environment before you apply the settings in your production environment. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)."

 {% endwarning %}
@@ -42,12 +42,12 @@ You can configure {% data variables.product.product_name %} to write verbose deb
 {% data reusables.enterprise-accounts.options-tab %}
 1. Under "SAML debugging", select the drop-down and click **Enabled**.
 1. Attempt to sign into {% data variables.location.product_location %} through your SAML IdP.
-1. Review the debug output in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}the systemd journal for `github-unicorn`{% elsif ghes < 3.9 %}_/var/log/github/auth.log_{% endif %} on {% data variables.location.product_location %}. {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal-for-github-enterprise-server)."{% endif %}
+1. Review the debug output in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}the systemd journal for `github-unicorn`{% endif %} on {% data variables.location.product_location %}. {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal-for-github-enterprise-server)."{% endif %}
 1. When you're done troubleshooting, select the drop-down and click **Disabled**.

 ## Decoding responses

-Some output in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}the systemd journal for `github-unicorn`{% elsif ghes < 3.9 %}_/var/log/github/auth.log_{% endif %} may be Base64-encoded. You can access the administrative shell and use the `base64` utility on {% data variables.location.product_location %} to decode these responses. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
+Some output in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}the systemd journal for `github-unicorn`{% endif %} may be Base64-encoded. You can access the administrative shell and use the `base64` utility on {% data variables.location.product_location %} to decode these responses. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."

 To decode the output, run the following command, replacing ENCODED_OUTPUT with the encoded output from the log.

--- a/content/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics.md
+++ b/content/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics.md
@@ -167,10 +167,6 @@ DF |`packages_stats.ecosystems.containers.daily_update_count` | Number of contai
 DG |`packages_stats.ecosystems.containers.daily_delete_count` | Number of container images deleted
 DH | `packages_stats.ecosystems.containers.daily_create_count` | Number of container images created | {% endif %}

-{% ifversion ghes = 3.8 %}
-Optionally, you can include additional data about {% data variables.product.prodname_actions %}. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/including-data-about-github-actions-in-server-statistics)."
-{% endif %}
-
 ## {% data variables.product.prodname_server_statistics %} data examples

 To see an example of the headings included in the CSV export for {% data variables.product.prodname_server_statistics %}, download the [{% data variables.product.prodname_server_statistics %} CSV example](/assets/server-statistics-csv-example.csv).
--- a/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs.md
+++ b/content/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs.md
@@ -39,9 +39,6 @@ In addition to reviewing your system logs, you can monitor activity on your inst

 {% data variables.product.product_name %} writes several categories of system logs to the instance's disk in plain text. People with administrative SSH access to the instance can parse these files using Linux command-line tools such as `cat`, `tail`, `head`, `less`, and `more`.

-{%- ifversion ghes < 3.9 %}
- [Log files for authentication](#log-files-for-authentication)
-{%- endif %}
 - [Log files for databases](#log-files-for-databases)
 - [Log files for the {% data variables.product.prodname_dotcom %} application](#log-files-for-the-github-application)
 - [Log files for the HTTP server](#log-files-for-the-http-server)
@@ -50,20 +47,6 @@ In addition to reviewing your system logs, you can monitor activity on your inst
 - [Log files for search](#log-files-for-search)
 - [Log files for system services](#log-files-for-system-services)

-{% ifversion ghes < 3.9 %}
-
-### Log files for authentication
-
-The following log files contain events from services that provide authentication functionality for your instance.
-
-| Path | Description |
-| :- | :- |
-| <pre>/var/log/github/auth.log</pre> | Records authentication requests to the {% data variables.product.prodname_dotcom %} application on your instance. |
-| <pre>/var/log/github/ldap-sync.log</pre> | If LDAP is configured for the instance and LDAP Sync is enabled, records events associated with LDAP sync. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync)." |
-| <pre>/var/log/github/ldap.log</pre> | If LDAP is configured for the instance, records events associated with LDAP. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap)." |
-
-{% endif %}
-
 ### Log files for databases

 The following log files record events from database services on your instance.
--- a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrade-requirements.md
+++ b/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrade-requirements.md
@@ -30,7 +30,7 @@ topics:
 - If you’re several versions behind, upgrade {% data variables.location.product_location %} as far forward as possible with each step of your upgrade process. Using the latest version possible on each upgrade allows you to take advantage of performance improvements and bug fixes. For example, you could upgrade from {% data variables.product.prodname_enterprise %} 2.7 to 2.8 to 2.10, but upgrading from {% data variables.product.prodname_enterprise %} 2.7 to 2.9 to 2.10 uses a later version in the second step.
 - Use the latest patch release when upgrading. {% data reusables.enterprise_installation.enterprise-download-upgrade-pkg %}
 - Use a staging instance to test the upgrade steps. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)."
- When running multiple upgrades, {% ifversion ghes-upgrade-complete-indicator %}ensure data migrations and upgrade tasks running in the background are fully complete before proceeding to the next feature upgrade. To check the status of these processes, you can use the `ghe-migrations` and `ghe-check-background-upgrade-jobs` command-line utilities. {% ifversion ghes < 3.12 %} To use `ghe-check-background-upgrade-jobs` with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later. {% endif %}For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#upgrading-github-enterprise-server)."{% else %}wait at least 24 hours between feature upgrades to allow data migrations and upgrade tasks running in the background to fully complete.{% endif %}
+- When running multiple upgrades, {% ifversion ghes-upgrade-complete-indicator %}ensure data migrations and upgrade tasks running in the background are fully complete before proceeding to the next feature upgrade. To check the status of these processes, you can use the `ghe-migrations` and `ghe-check-background-upgrade-jobs` command-line utilities. {% ifversion ghes < 3.12 %} To use `ghe-check-background-upgrade-jobs` with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later. {% endif %}For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#upgrading-github-enterprise-server)."{% else %}wait at least 24 hours between feature upgrades to allow data migrations and upgrade tasks running in the background to fully complete.{% endif %}
 - Take a snapshot before upgrading your virtual machine. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#taking-a-snapshot)."
 - Ensure you have a recent, successful backup of your instance. For more information, see the [{% data variables.product.prodname_enterprise_backup_utilities %} README.md file](https://github.com/github/backup-utils#readme).

--- a/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server.md
+++ b/content/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server.md
@@ -221,7 +221,7 @@ While you can use a hotpatch to upgrade to the latest patch release within a fea
   {% ifversion ghes-upgrade-complete-indicator %}
   To check the status of background jobs, use the `ghe-check-background-upgrade-jobs` utility. If you're running back-to-back upgrades, you must ensure background jobs are complete before proceeding with the following upgrade to a feature release.

-   {%- ifversion ghes < 3.12 %} To use this utility with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.{% endif %}{%- endif %} For more information{% ifversion ghes < 3.12 %} about the utility{% endif %}, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-check-background-upgrade-jobs)."
+   {%- ifversion ghes < 3.12 %} To use this utility with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.{% endif %}{%- endif %} For more information{% ifversion ghes < 3.12 %} about the utility{% endif %}, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-check-background-upgrade-jobs)."

   To monitor progress of the configuration run, read the output in `/data/user/common/ghe-config.log`. For example, you can tail the log by running the following command:

--- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md
+++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md
@@ -58,7 +58,7 @@ A time-based one-time password (TOTP) application automatically generates an aut

 {% tip %}

-**Tip**: To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time or save the {% ifversion fpt or ghec or ghes > 3.8 %}"setup key"{% else %}"text code"{% endif %}, which is the TOTP secret. If 2FA is already enabled and you want to add another device, you must re-configure your TOTP app from your security settings.
+**Tip**: To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time or save the "setup key", which is the TOTP secret. If 2FA is already enabled and you want to add another device, you must re-configure your TOTP app from your security settings.

 {% endtip %}

@@ -136,7 +136,6 @@ Registering a security key for your account is available after enabling 2FA with
 1. Type a nickname for the security key, then click **Add**.
 1. Following your security key's documentation, activate your security key.
 1. Confirm that you've downloaded and can access your recovery codes. If you haven't already, or if you'd like to generate another set of codes, download your codes and save them in a safe place. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods#downloading-your-two-factor-authentication-recovery-codes)."
-{% ifversion ghes < 3.9 %}{% data reusables.two_fa.test_2fa_immediately %}{% endif %}

 {% ifversion fpt or ghec %}

--- a/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md
+++ b/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md
@@ -121,7 +121,7 @@ You can download the {% data variables.product.prodname_advanced_security %} lic

   ![Screenshot of the "Manage" dropdown in the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "Download Report" button is highlighted with an orange outline.](/assets/images/help/enterprises/ghas-download-report.png)

-{%- elsif ghes > 3.8 %}
+{%- elsif ghes %}
 1. Under "{% data variables.product.prodname_GH_advanced_security %}," click {% octicon "download" aria-hidden="true" %} **CSV report** in the header of the "Committers" table.

   ![Screenshot of the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "CSV Report" button is highlighted with an orange outline.](/assets/images/enterprise/ghas/download-csv-report-ghes-3.9.png)
--- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md
+++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md
@@ -50,14 +50,10 @@ The basic {% data variables.code-scanning.codeql_workflow %} uses the `autobuild

 {% endif %}

-{% ifversion ghes < 3.10 and ghes > 3.8 %}
+{% ifversion ghes < 3.10 %}

 In {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, default setup does not support any compiled languages, so you must use advanced setup. Advanced setup generates a workflow file you can edit. The starter workflow files use `autobuild` to analyze compiled languages. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-advanced-setup-for-code-scanning-with-codeql)."

-{% elsif ghes < 3.9 %}
-
-You set up {% data variables.product.prodname_dotcom %} to run {% data variables.product.prodname_code_scanning %} for your repository by adding a {% data variables.product.prodname_actions %} workflow to the repository. For {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you add the {% data variables.code-scanning.codeql_workflow %}. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-code-scanning-using-the-codeql-action)."
-
 {% endif %}

 {% ifversion codeql-no-build %}
--- a/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql.md
+++ b/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql.md
@@ -64,7 +64,7 @@ For information about {% data variables.product.prodname_code_scanning %} alerts

 ## About {% data variables.product.prodname_codeql %} queries

-{% data variables.product.company_short %} experts, security researchers, and community contributors write and maintain the default {% data variables.product.prodname_codeql %} queries used for {% data variables.product.prodname_code_scanning %}. The queries are regularly updated to improve analysis and reduce any false positive results.{% ifversion ghes > 3.8 %} For details of the queries available in the default and extended packs, see "[Queries included in the default and security-extended query suites](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#queries-included-in-the-default-and-security-extended-query-suites)."{% endif %}
+{% data variables.product.company_short %} experts, security researchers, and community contributors write and maintain the default {% data variables.product.prodname_codeql %} queries used for {% data variables.product.prodname_code_scanning %}. The queries are regularly updated to improve analysis and reduce any false positive results.{% ifversion ghes %} For details of the queries available in the default and extended packs, see "[Queries included in the default and security-extended query suites](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#queries-included-in-the-default-and-security-extended-query-suites)."{% endif %}

 ### Writing your own queries

--- a/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md
@@ -31,11 +31,8 @@ Each alert highlights a problem with the code and the name of the tool that iden

 {% data reusables.code-scanning.alert-default-branch %}

-{% ifversion fpt or ghec or ghes > 3.8 %}
 ![Screenshot showing the elements of a {% data variables.product.prodname_code_scanning %} alert, including the title of the alert and relevant lines of code at left and the severity level, affected branches, and weaknesses at right. ](/assets/images/help/repository/code-scanning-alert.png)
-{% else %}
-![Screenshot showing the elements of a {% data variables.product.prodname_code_scanning %} alert, including the title of the alert and relevant lines of code at left and the severity level, affected branches, and weaknesses at right.](/assets/images/enterprise/code-security/code-scanning-alert.png)
-{% endif %}
+
 If you configure {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, you can also find data-flow problems in your code. Data-flow analysis finds potential security issues in code, such as: using data insecurely, passing dangerous arguments to functions, and leaking sensitive information.

 When {% data variables.product.prodname_code_scanning %} reports data-flow alerts, {% data variables.product.prodname_dotcom %} shows you how data moves through the code. {% data variables.product.prodname_code_scanning_caps %} allows you to identify the areas of your code that leak sensitive information, and that could be the entry point for attacks by malicious users.
--- a/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md
@@ -58,11 +58,7 @@ For all configurations of {% data variables.product.prodname_code_scanning %}, t

 To see the full set of alerts for the analyzed branch, click **View all branch alerts**. This opens the full alert view where you can filter all the alerts on the branch by type, severity, tag, etc. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#filtering-and-searching-for-code-scanning-alerts)."

-{% ifversion fpt or ghec or ghes > 3.9 %}
 ![Screenshot of the {% data variables.product.prodname_code_scanning_caps %} results check on a pull request. The "View all branch alerts" link is highlighted with a dark orange outline.](/assets/images/help/repository/code-scanning-results-check.png)
-{% else %}
-![Screenshot of the {% data variables.product.prodname_code_scanning_caps %} results check on a pull request. The "View all branch alerts" link is emphasised.](/assets/images/enterprise/code-security/code-scanning-results-check.png)
-{% endif %}

 ### {% data variables.product.prodname_code_scanning_caps %} results check failures

--- a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md
+++ b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md
@@ -27,7 +27,7 @@ topics:
 You can enable or disable {% data variables.product.prodname_dependabot_alerts %} for:
 - Your personal account
 - Your repository
- Your organization{% ifversion dependabot-alerts-enterprise-enablement or ghes > 3.8 %}
+- Your organization{% ifversion dependabot-alerts-enterprise-enablement or ghes %}
 - Your enterprise{% endif %}

 {% ifversion dependabot-auto-triage-rules %}
@@ -65,7 +65,7 @@ When you enable {% data variables.product.prodname_dependabot_alerts %} for exis

 ## Managing {% data variables.product.prodname_dependabot_alerts %} for your repository

-{% ifversion fpt or ghec or ghes > 3.8 %}You can manage {% data variables.product.prodname_dependabot_alerts %} for your public, private or internal repository.{% endif %}
+You can manage {% data variables.product.prodname_dependabot_alerts %} for your public, private or internal repository.

 By default, we notify people with {% ifversion dependabot-alerts-permissions-write-maintain %}write, maintain, or {% endif %}admin permissions in the affected repositories about new {% data variables.product.prodname_dependabot_alerts %}. {% data variables.product.product_name %} never publicly discloses insecure dependencies for any repository. You can also make {% data variables.product.prodname_dependabot_alerts %} visible to additional people or teams working on repositories that you own or have admin permissions for.

@@ -74,8 +74,6 @@ By default, we notify people with {% ifversion dependabot-alerts-permissions-wri
 {% ifversion dependabot-alerts-ghes-enablement %}
 An enterprise owner must first set up {% data variables.product.prodname_dependabot %} for your enterprise before you can manage {% data variables.product.prodname_dependabot_alerts %} for your repository. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."{% endif %}

-{% ifversion fpt or ghec or ghes > 3.8 %}
-
 ### Enabling or disabling {% data variables.product.prodname_dependabot_alerts %} for a repository

 {% data reusables.repositories.navigate-to-repo %}
@@ -83,16 +81,9 @@ An enterprise owner must first set up {% data variables.product.prodname_dependa
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
 1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Enable** to enable alerts or **Disable** to disable alerts.

-{% endif %}
-{% ifversion ghes < 3.9 %}
-
-{% data variables.product.prodname_dependabot_alerts %} for your repository can be enabled or disabled by your enterprise owner. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
-
-{% endif %}
-
 ## Managing {% data variables.product.prodname_dependabot_alerts %} for your organization

-{% ifversion fpt or ghec or ghes > 3.8 %}You can enable or disable {% data variables.product.prodname_dependabot_alerts %} for some or all repositories owned by your organization. {% data reusables.security.note-securing-your-org %}
+You can enable or disable {% data variables.product.prodname_dependabot_alerts %} for some or all repositories owned by your organization. {% data reusables.security.note-securing-your-org %}

 {% ifversion dependabot-alerts-ghes-enablement %}
 An enterprise owner must first set up {% data variables.product.prodname_dependabot %} for your enterprise before you can manage {% data variables.product.prodname_dependabot_alerts %} for your repository. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."{% endif %}
@@ -113,13 +104,8 @@ You can use the organization settings page for "Code security and analysis" to e
 1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**.
 1. Optionally, to enable {% data variables.product.prodname_dependabot_alerts %} by default for new repositories in your organization, in the dialog box, select "Enable by default for new repositories".
 1. Click **Disable {% data variables.product.prodname_dependabot_alerts %}** or **Enable {% data variables.product.prodname_dependabot_alerts %}** to disable or enable {% data variables.product.prodname_dependabot_alerts %} for all the repositories in your organization.
-{% endif %}

-{% ifversion ghes < 3.9 %}
-{% data variables.product.prodname_dependabot_alerts %} for your organization can be enabled or disabled by your enterprise owner. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
-{% endif %}
-
-{% ifversion dependabot-alerts-enterprise-enablement or ghes > 3.8 %}
+{% ifversion dependabot-alerts-enterprise-enablement or ghes %}

 ## Managing {% data variables.product.prodname_dependabot_alerts %} for your enterprise

@@ -135,7 +121,7 @@ You can enable or disable {% data variables.product.prodname_dependabot_alerts %
 {% endnote%}
 {% endif %}

-{% ifversion dependabot-alerts-enterprise-enablement or ghes > 3.8 %}
+{% ifversion dependabot-alerts-enterprise-enablement or ghes %}
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 1. In the left sidebar, click **Code security and analysis**.
--- a/content/code-security/secret-scanning/secret-scanning-patterns.md
+++ b/content/code-security/secret-scanning/secret-scanning-patterns.md
@@ -106,7 +106,7 @@ This table lists the secrets supported by {% data variables.product.prodname_sec
  **Note:** {% data reusables.secret-scanning.push-protection-older-tokens %} For more information about push protection limitations, see "[AUTOTITLE](/code-security/secret-scanning/troubleshooting-secret-scanning#push-protection-and-pattern-versions)."

  {% endnote %}{% endif %}{% ifversion secret-scanning-validity-check %}
- **Validity check**—token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see "[{% data variables.product.prodname_advanced_security %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security)" in the Site Policy documentation.{% else %} {% ifversion ghes > 3.8 %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %} {% ifversion fpt %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens, and not shown in the table. For more information about validity check support see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}{% endif %}{% endif %}
+- **Validity check**—token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see "[{% data variables.product.prodname_advanced_security %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security)" in the Site Policy documentation.{% else %} {% ifversion ghes %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %} {% ifversion fpt %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens, and not shown in the table. For more information about validity check support see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}{% endif %}{% endif %}

 {% ifversion secret-scanning-non-provider-patterns %}

@@ -152,19 +152,8 @@ Push protection and validity checks are not supported for non-provider patterns.
 {%- endfor %}
 {% endif %}

-<!-- GHES 3.5 to GHES 3.8 table -->
-{% ifversion ghes = 3.8 %}
-
-| Provider | Token | {% data variables.product.prodname_secret_scanning_caps %} alert | Push protection |
-|----|:----|:----:|:----:|
-{%- for entry in secretScanningData %}
-| {{ entry.provider }} | {{ entry.secretType }} | {% if entry.isPrivateWithGhas %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} | {% if entry.hasPushProtection %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} |
-{%- endfor %}
-
-{% endif %}
-
 <!-- GHES 3.9+ table -->
-{% ifversion ghes > 3.8 %}
+{% ifversion ghes %}

 | Provider | Token | {% data variables.product.prodname_secret_scanning_caps %} alert | Push protection | Validity check |
 |----|:----|:----:|:----:|:----:|
--- a/content/code-security/security-overview/filtering-alerts-in-security-overview.md
+++ b/content/code-security/security-overview/filtering-alerts-in-security-overview.md
@@ -69,7 +69,7 @@ The organization-level "Security coverage" view includes extra filters.
 {% data reusables.security-overview.beta-org-risk-coverage %}

 | Qualifier | Description |
-| -------- | -------- | {% ifversion ghec or ghes > 3.8 %}
+| -------- | -------- | {% ifversion ghec or ghes %}
 | `advanced-security:enabled` | Display repositories that have enabled {% data variables.product.prodname_GH_advanced_security %}. | {% endif %}
 | `code-scanning-pull-request-alerts:enabled`| Display repositories that have configured {% data variables.product.prodname_code_scanning %} to run on pull requests. |
 | `dependabot-security-updates:enabled` | Display repositories that have enabled {% data variables.product.prodname_dependabot_security_updates %}.  |
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md
@@ -83,7 +83,7 @@ The recommended formats explicitly define which versions are used for all direct
 {%- ifversion github-actions-in-dependency-graph %}
 | {% data variables.product.prodname_actions %} workflows | YAML | `.yml`, `.yaml` | `.yml`, `.yaml` |
 {%- endif %}
-| Go modules | Go | `go.mod`| `go.mod`{% ifversion ghes < 3.9 %}, `go.sum`{% endif %} |
+| Go modules | Go | `go.mod`| `go.mod` |
 | Maven | Java, Scala |  `pom.xml`  | `pom.xml`  |
 | npm | JavaScript |            `package-lock.json` | `package-lock.json`, `package.json`|
 | pip             | Python                    | `requirements.txt`, `pipfile.lock` | `requirements.txt`, `pipfile`, `pipfile.lock`, `setup.py` |
--- a/content/get-started/using-git/dealing-with-special-characters-in-branch-and-tag-names.md
+++ b/content/get-started/using-git/dealing-with-special-characters-in-branch-and-tag-names.md
@@ -47,13 +47,9 @@ If possible, create branch and tag names that don't contain special characters,

 To avoid confusion, you should start branch names with a letter.

-{% ifversion fpt or ghec or ghes > 3.8 %}
-
 ## Restrictions on names in {% data variables.product.prodname_dotcom %}

 {% data variables.product.prodname_dotcom %} restricts a small number of branch and tag names from being pushed up.
 Those restrictions are:
 - No names which look like Git object IDs (40 characters containing only 0-9 and A-F), to prevent confusion with actual Git object IDs.
 - No names beginning with `refs/`, to prevent confusion with the full name of Git refs. For more information about refs, see "[Git References](https://git-scm.com/book/en/v2/Git-Internals-Git-References)" in the Git documentation.
-
-{% endif %}
--- a/content/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically.md
+++ b/content/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically.md
@@ -1,13 +1,13 @@
 ---
 title: Adding items automatically
-intro: You can configure your project's built-in workflows to automatically add items from {% ifversion projects-v2-duplicate-auto-add %}repositories{% else%}a repository{% endif %} that match a filter.
+intro: 'You can configure your project''s built-in workflows to automatically add items from {% ifversion projects-v2-duplicate-auto-add %}repositories{% else%}a repository{% endif %} that match a filter.'
 versions:
  feature: projects-v2-auto-add
 type: tutorial
 topics:
  - Projects
 ---
-{% ifversion ghes > 3.8 %}
+{% ifversion ghes %}

 {% data reusables.projects.enable_enterprise_workflows %}

--- a/content/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically.md
+++ b/content/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically.md
@@ -9,7 +9,7 @@ topics:
  - Projects
 ---

-{% ifversion ghes > 3.8 %}
+{% ifversion ghes %}

 {% data reusables.projects.enable_enterprise_workflows %}

--- a/content/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations.md
+++ b/content/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations.md
@@ -10,7 +10,7 @@ topics:
 ---


-{% ifversion ghes > 3.8 %}
+{% ifversion ghes %}

 {% data reusables.projects.enable_enterprise_workflows %}

--- a/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/filtering-projects.md
+++ b/content/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/filtering-projects.md
@@ -29,7 +29,7 @@ The same filters are available for charts you create using insights for {% data

 When you filter a view and then add an item, the filtered metadata will be applied to new item. For example, if you're filtering by `status:"In progress"` and you add an item, the new item will have its status set to "In progress."

-You can use filters to produce views for very specific purposes. For example, you{% ifversion fpt or ghec or ghes > 3.8 %} could use `assignee:@me status:todo last-updated:5days` to create a view of all work assigned to the current user, with the "todo" status, that hasn't been updated in the last five days. You{% endif %} could create a triage view by using a negative filter, such as `no:label no:assignee repo:octocat/game`, which would show items without a label and without an assignee that are located in the `octocat/game` repository.
+You can use filters to produce views for very specific purposes. For example, you could use `assignee:@me status:todo last-updated:5days` to create a view of all work assigned to the current user, with the "todo" status, that hasn't been updated in the last five days. You could create a triage view by using a negative filter, such as `no:label no:assignee repo:octocat/game`, which would show items without a label and without an assignee that are located in the `octocat/game` repository.

 ## Filtering for fields

@@ -138,8 +138,6 @@ You can filter for issues that are tracked by another issue in a tasklist. For m

 {% endif %}

-{% ifversion fpt or ghec or ghes > 3.8 %}
-
 ## Filtering for when an item was last updated

 You can use the `{number}days` syntax to filter for when items were last updated.
@@ -152,8 +150,6 @@ You can use the `{number}days` syntax to filter for when items were last updated

 {% data reusables.projects.last-updated-explanation %}

-{% endif %}
-
 ## Filtering number, date, and iteration fields

 You can use `>`, `>=`, `<`, and `<=` to compare number, date, and iteration fields. Dates should be provided in the `YYYY-MM-DD` format.
--- a/content/issues/planning-and-tracking-with-projects/learning-about-projects/best-practices-for-projects.md
+++ b/content/issues/planning-and-tracking-with-projects/learning-about-projects/best-practices-for-projects.md
@@ -19,7 +19,7 @@ You can use {% data variables.product.prodname_projects_v2 %} to manage your wor

 Breaking a large issue into smaller issues makes the work more manageable and enables team members to work in parallel. It also leads to smaller pull requests, which are easier to review.

-To track how smaller issues fit into the larger goal, use {% ifversion task-lists-v1 %}task lists, milestones, or labels.{% else %} milestones or labels.{% endif %} For more information, see {% ifversion projects-v2-tasklists %}"[AUTOTITLE](/issues/tracking-your-work-with-issues/about-tasklists)"{% endif %}{% ifversion ghes > 3.8 %}"[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists)"{% endif %}, "[AUTOTITLE](/issues/using-labels-and-milestones-to-track-work/about-milestones)", and "[AUTOTITLE](/issues/using-labels-and-milestones-to-track-work/managing-labels)."
+To track how smaller issues fit into the larger goal, use {% ifversion task-lists-v1 %}task lists, milestones, or labels.{% else %} milestones or labels.{% endif %} For more information, see {% ifversion projects-v2-tasklists %}"[AUTOTITLE](/issues/tracking-your-work-with-issues/about-tasklists)"{% endif %}{% ifversion ghes %}"[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists)"{% endif %}, "[AUTOTITLE](/issues/using-labels-and-milestones-to-track-work/about-milestones)", and "[AUTOTITLE](/issues/using-labels-and-milestones-to-track-work/managing-labels)."

 ## Communicate

--- a/content/repositories/working-with-files/managing-files/renaming-a-file.md
+++ b/content/repositories/working-with-files/managing-files/renaming-a-file.md
@@ -32,9 +32,8 @@ Renaming a file also gives you the opportunity to [move the file to a new locati

 1. In your repository, browse to the file you want to rename.
 {% data reusables.repositories.edit-file-button %}
-1. In the filename field, change the name of the file to the new filename you want. You can also update the contents of your file at the same time. {% ifversion fpt or ghec or ghes > 3.8 %}
-![Screenshot showing a repository file open for editing in the web browser. The file name field is active and highlighted with a dark orange outline.](/assets/images/help/repository/changing-file-name.png) {% elsif ghes < 3.9 %}
-![Screenshot showing a repository file open for editing in the web browser. The file name field is active and shown in the foreground.](/assets/images/enterprise/repository/changing-file-name.png) {% endif %}
+1. In the filename field, change the name of the file to the new filename you want. You can also update the contents of your file at the same time.
+![Screenshot showing a repository file open for editing in the web browser. The file name field is active and highlighted with a dark orange outline.](/assets/images/help/repository/changing-file-name.png)
 {% data reusables.files.write_commit_message %}
 {% data reusables.files.choose_commit_branch %}
 {% data reusables.files.propose_file_change %}
--- a/content/rest/dependency-graph/sboms.md
+++ b/content/rest/dependency-graph/sboms.md
@@ -1,10 +1,8 @@
 ---
 title: REST API endpoints for software bill of materials (SBOM)
 shortTitle: Software bill of materials (SBOM)
-intro: >-
-  Use the REST API to export the software bill of materials (SBOM) for a
-  repository.
-versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
+intro: Use the REST API to export the software bill of materials (SBOM) for a repository.
+versions:
  fpt: '*'
  ghec: '*'
  ghes: '*'
--- a/content/rest/enterprise-admin/scim.md
+++ b/content/rest/enterprise-admin/scim.md
@@ -3,7 +3,7 @@ title: REST API endpoints for SCIM
 shortTitle: SCIM
 allowTitleToDifferFromFilename: true
 intro: Use the REST API to automate user creation and team memberships with SCIM.
-versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
+versions:
  ghec: '*'
  ghes: '*'
 topics:
@@ -126,7 +126,7 @@ To authenticate API requests, the person who configures SCIM on the IdP must use

 {% note %}

-**Note:** Enterprise owners must generate and use a {% data variables.product.pat_v1 %} for authentication of requests to endpoints in this category. {% ifversion ghes > 3.8 %}{% data variables.product.pat_v2_caps %} and {% endif %}GitHub app callers are not supported at this time.
+**Note:** Enterprise owners must generate and use a {% data variables.product.pat_v1 %} for authentication of requests to endpoints in this category. {% ifversion ghes %}{% data variables.product.pat_v2_caps %} and {% endif %}GitHub app callers are not supported at this time.

 {% endnote %}

--- a/content/rest/packages/index.md
+++ b/content/rest/packages/index.md
@@ -2,13 +2,11 @@
 title: REST API endpoints for packages
 shortTitle: Packages
 allowTitleToDifferFromFilename: true
-intro: >-
-  Use the REST API to interact with {% data variables.product.prodname_registry
-  %}.
+intro: 'Use the REST API to interact with {% data variables.product.prodname_registry %}.'
 versions:
  fpt: '*'
  ghec: '*'
-  ghes: '>=3.9'
+  ghes: '*'
 topics:
  - API
 children:
--- a/content/rest/packages/packages.md
+++ b/content/rest/packages/packages.md
@@ -2,10 +2,8 @@
 title: REST API endpoints for packages
 shortTitle: Packages
 allowTitleToDifferFromFilename: true
-intro: >-
-  Use the REST API to interact with {% data variables.product.prodname_registry
-  %}.
-versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
+intro: 'Use the REST API to interact with {% data variables.product.prodname_registry %}.'
+versions:
  fpt: '*'
  ghec: '*'
  ghes: '*'
--- a/content/rest/users/social-accounts.md
+++ b/content/rest/users/social-accounts.md
@@ -3,7 +3,7 @@ title: REST API endpoints for social accounts
 shortTitle: Social accounts
 allowTitleToDifferFromFilename: true
 intro: Use the REST API to manage social accounts of authenticated users.
-versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
+versions:
  fpt: '*'
  ghec: '*'
  ghes: '*'
--- a/content/support/learning-about-github-support/about-ticket-priority.md
+++ b/content/support/learning-about-github-support/about-ticket-priority.md
@@ -55,7 +55,7 @@ Ticket priority helps to ensure that support requests are handled in order, and
 | {% data variables.product.support_ticket_priority_normal %} | {% data variables.product.prodname_advanced_security %} is functioning inconsistently, causing impaired end user usage and productivity. |
 | {% data variables.product.support_ticket_priority_low %} | {% data variables.product.prodname_advanced_security %} is functioning consistently, but the end user requests minor changes in the software, such as documentation updates, cosmetic defects, or enhancements.|

-{% ifversion ghes != 3.8 %}
+{% ifversion ghes %}

 ## Ticket priorities for {% data variables.product.prodname_actions_runner_controller %}  (ARC)

--- a/data/graphql/ghes-3.8/graphql_previews.enterprise.yml
+++ b/data/graphql/ghes-3.8/graphql_previews.enterprise.yml
@@ -1,138 +0,0 @@
- title: Access to package version deletion
-  description: >-
-    This preview adds support for the DeletePackageVersion mutation which
-    enables deletion of private package versions.
-  toggled_by: ':package-deletes-preview'
-  announcement: null
-  updates: null
-  toggled_on:
-    - Mutation.deletePackageVersion
-  owning_teams:
-    - '@github/pe-package-registry'
- title: Deployments
-  description: >-
-    This preview adds support for deployments mutations and new deployments
-    features.
-  toggled_by: ':flash-preview'
-  announcement: null
-  updates: null
-  toggled_on:
-    - DeploymentStatus.environment
-    - Mutation.createDeploymentStatus
-    - CreateDeploymentStatusInput
-    - CreateDeploymentStatusPayload
-    - Mutation.createDeployment
-    - CreateDeploymentInput
-    - CreateDeploymentPayload
-  owning_teams:
-    - '@github/c2c-actions-service'
- title: >-
-    MergeInfoPreview - More detailed information about a pull request's merge
-    state.
-  description: >-
-    This preview adds support for accessing fields that provide more detailed
-    information about a pull request's merge state.
-  toggled_by: ':merge-info-preview'
-  announcement: null
-  updates: null
-  toggled_on:
-    - PullRequest.canBeRebased
-    - PullRequest.mergeStateStatus
-  owning_teams:
-    - '@github/pe-pull-requests'
- title: UpdateRefsPreview - Update multiple refs in a single operation.
-  description: This preview adds support for updating multiple refs in a single operation.
-  toggled_by: ':update-refs-preview'
-  announcement: null
-  updates: null
-  toggled_on:
-    - Mutation.updateRefs
-    - GitRefname
-    - RefUpdate
-    - UpdateRefsInput
-    - UpdateRefsPayload
-  owning_teams:
-    - '@github/reponauts'
- title: Access to a Repository's Dependency Graph
-  description: This preview adds support for reading a dependency graph for a repository.
-  toggled_by: ':hawkgirl-preview'
-  announcement: null
-  updates: null
-  toggled_on:
-    - DependencyGraphManifest
-    - Repository.dependencyGraphManifests
-    - DependencyGraphManifestEdge
-    - DependencyGraphManifestConnection
-    - DependencyGraphDependency
-    - DependencyGraphDependencyEdge
-    - DependencyGraphDependencyConnection
-    - DependencyGraphPackageRelease.dependencies
-  owning_teams:
-    - '@github/dependency-graph'
- title: Project Event Details
-  description: >-
-    This preview adds project, project card, and project column details to
-    project-related issue events.
-  toggled_by: ':starfox-preview'
-  announcement: null
-  updates: null
-  toggled_on:
-    - AddedToProjectEvent.project
-    - AddedToProjectEvent.projectCard
-    - AddedToProjectEvent.projectColumnName
-    - ConvertedNoteToIssueEvent.project
-    - ConvertedNoteToIssueEvent.projectCard
-    - ConvertedNoteToIssueEvent.projectColumnName
-    - MovedColumnsInProjectEvent.project
-    - MovedColumnsInProjectEvent.projectCard
-    - MovedColumnsInProjectEvent.projectColumnName
-    - MovedColumnsInProjectEvent.previousProjectColumnName
-    - RemovedFromProjectEvent.project
-    - RemovedFromProjectEvent.projectColumnName
-  owning_teams:
-    - '@github/github-projects'
- title: Labels Preview
-  description: >-
-    This preview adds support for adding, updating, creating and deleting
-    labels.
-  toggled_by: ':bane-preview'
-  announcement: null
-  updates: null
-  toggled_on:
-    - Mutation.createLabel
-    - CreateLabelPayload
-    - CreateLabelInput
-    - Mutation.deleteLabel
-    - DeleteLabelPayload
-    - DeleteLabelInput
-    - Mutation.updateLabel
-    - UpdateLabelPayload
-    - UpdateLabelInput
-  owning_teams:
-    - '@github/pe-pull-requests'
- title: Import Project
-  description: This preview adds support for importing projects.
-  toggled_by: ':slothette-preview'
-  announcement: null
-  updates: null
-  toggled_on:
-    - Mutation.importProject
-  owning_teams:
-    - '@github/pe-issues-projects'
- title: Team Review Assignments Preview
-  description: >-
-    This preview adds support for updating the settings for team review
-    assignment.
-  toggled_by: ':stone-crop-preview'
-  announcement: null
-  updates: null
-  toggled_on:
-    - Mutation.updateTeamReviewAssignment
-    - UpdateTeamReviewAssignmentInput
-    - TeamReviewAssignmentAlgorithm
-    - Team.reviewRequestDelegationEnabled
-    - Team.reviewRequestDelegationAlgorithm
-    - Team.reviewRequestDelegationMemberCount
-    - Team.reviewRequestDelegationNotifyTeam
-  owning_teams:
-    - '@github/pe-pull-requests'
--- a/data/graphql/ghes-3.8/graphql_upcoming_changes.public-enterprise.yml
+++ b/data/graphql/ghes-3.8/graphql_upcoming_changes.public-enterprise.yml
@@ -1,283 +0,0 @@
---
-upcoming_changes:
-  - location: LegacyMigration.uploadUrlTemplate
-    description: '`uploadUrlTemplate` will be removed. Use `uploadUrl` instead.'
-    reason:
-      '`uploadUrlTemplate` is being removed because it is not a standard URL and
-      adds an extra user step.'
-    date: '2019-04-01T00:00:00+00:00'
-    criticality: breaking
-    owner: tambling
-  - location: AssignedEvent.user
-    description: '`user` will be removed. Use the `assignee` field instead.'
-    reason: Assignees can now be mannequins.
-    date: '2020-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: tambling
-  - location: UnassignedEvent.user
-    description: '`user` will be removed. Use the `assignee` field instead.'
-    reason: Assignees can now be mannequins.
-    date: '2020-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: tambling
-  - location: Issue.timeline
-    description: '`timeline` will be removed. Use Issue.timelineItems instead.'
-    reason: '`timeline` will be removed'
-    date: '2020-10-01T00:00:00+00:00'
-    criticality: breaking
-    owner: mikesea
-  - location: PullRequest.timeline
-    description: '`timeline` will be removed. Use PullRequest.timelineItems instead.'
-    reason: '`timeline` will be removed'
-    date: '2020-10-01T00:00:00+00:00'
-    criticality: breaking
-    owner: mikesea
-  - location: MergeStateStatus.DRAFT
-    description: '`DRAFT` will be removed. Use PullRequest.isDraft instead.'
-    reason:
-      DRAFT state will be removed from this enum and `isDraft` should be used
-      instead
-    date: '2021-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: nplasterer
-  - location: PackageType.DOCKER
-    description: '`DOCKER` will be removed.'
-    reason:
-      DOCKER will be removed from this enum as this type will be migrated to only
-      be used by the Packages REST API.
-    date: '2021-06-21'
-    criticality: breaking
-    owner: reybard
-  - location: ReactionGroup.users
-    description: '`users` will be removed. Use the `reactors` field instead.'
-    reason: Reactors can now be mannequins, bots, and organizations.
-    date: '2021-10-01T00:00:00+00:00'
-    criticality: breaking
-    owner: synthead
-  - location: AddPullRequestToMergeQueueInput.branch
-    description: '`branch` will be removed.'
-    reason:
-      PRs are added to the merge queue for the base branch, the `branch` argument
-      is now a no-op
-    date: '2022-07-01T00:00:00+00:00'
-    criticality: breaking
-    owner: jhunschejones
-  - location: DependencyGraphDependency.packageLabel
-    description:
-      '`packageLabel` will be removed. Use normalized `packageName` field
-      instead.'
-    reason: '`packageLabel` will be removed.'
-    date: '2022-10-01T00:00:00+00:00'
-    criticality: breaking
-    owner: github/dependency_graph
-  - location: RemovePullRequestFromMergeQueueInput.branch
-    description: '`branch` will be removed.'
-    reason:
-      PRs are removed from the merge queue for the base branch, the `branch` argument
-      is now a no-op
-    date: '2022-10-01T00:00:00+00:00'
-    criticality: breaking
-    owner: jhunschejones
-  - location: RepositoryVulnerabilityAlert.fixReason
-    description: '`fixReason` will be removed.'
-    reason:
-      The `fixReason` field is being removed. You can still use `fixedAt` and
-      `dismissReason`.
-    date: '2022-10-01T00:00:00+00:00'
-    criticality: breaking
-    owner: jamestran201
-  - location: Commit.changedFiles
-    description: '`changedFiles` will be removed. Use `changedFilesIfAvailable` instead.'
-    reason: '`changedFiles` will be removed.'
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: adamshwert
-  - location: ProjectNextFieldType.ASSIGNEES
-    description:
-      '`ASSIGNEES` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
-      to find a suitable replacement.'
-    reason:
-      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
-      API.
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: lukewar
-  - location: ProjectNextFieldType.DATE
-    description:
-      '`DATE` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
-      to find a suitable replacement.'
-    reason:
-      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
-      API.
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: lukewar
-  - location: ProjectNextFieldType.ITERATION
-    description:
-      '`ITERATION` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
-      to find a suitable replacement.'
-    reason:
-      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
-      API.
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: lukewar
-  - location: ProjectNextFieldType.LABELS
-    description:
-      '`LABELS` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
-      to find a suitable replacement.'
-    reason:
-      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
-      API.
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: lukewar
-  - location: ProjectNextFieldType.LINKED_PULL_REQUESTS
-    description:
-      '`LINKED_PULL_REQUESTS` will be removed. Follow the ProjectV2 guide
-      at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
-      to find a suitable replacement.'
-    reason:
-      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
-      API.
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: lukewar
-  - location: ProjectNextFieldType.MILESTONE
-    description:
-      '`MILESTONE` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
-      to find a suitable replacement.'
-    reason:
-      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
-      API.
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: lukewar
-  - location: ProjectNextFieldType.NUMBER
-    description:
-      '`NUMBER` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
-      to find a suitable replacement.'
-    reason:
-      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
-      API.
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: lukewar
-  - location: ProjectNextFieldType.REPOSITORY
-    description:
-      '`REPOSITORY` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
-      to find a suitable replacement.'
-    reason:
-      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
-      API.
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: lukewar
-  - location: ProjectNextFieldType.REVIEWERS
-    description:
-      '`REVIEWERS` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
-      to find a suitable replacement.'
-    reason:
-      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
-      API.
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: lukewar
-  - location: ProjectNextFieldType.SINGLE_SELECT
-    description:
-      '`SINGLE_SELECT` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
-      to find a suitable replacement.'
-    reason:
-      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
-      API.
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: lukewar
-  - location: ProjectNextFieldType.TEXT
-    description:
-      '`TEXT` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
-      to find a suitable replacement.'
-    reason:
-      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
-      API.
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: lukewar
-  - location: ProjectNextFieldType.TITLE
-    description:
-      '`TITLE` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
-      to find a suitable replacement.'
-    reason:
-      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
-      API.
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: lukewar
-  - location: ProjectNextFieldType.TRACKED_BY
-    description:
-      '`TRACKED_BY` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
-      to find a suitable replacement.'
-    reason:
-      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
-      API.
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: lukewar
-  - location: ProjectNextFieldType.TRACKS
-    description:
-      '`TRACKS` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
-      to find a suitable replacement.'
-    reason:
-      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
-      API.
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: lukewar
-  - location: ProjectV2View.visibleFields
-    description:
-      '`visibleFields` will be removed. Check out the `ProjectV2View#fields`
-      API as an example for the more capable alternative.'
-    reason:
-      The `ProjectV2View#visibleFields` API is deprecated in favour of the more
-      capable `ProjectV2View#fields` API.
-    date: '2023-01-01T00:00:00+00:00'
-    criticality: breaking
-    owner: mattruggio
-  - location: ProjectV2View.groupBy
-    description:
-      '`groupBy` will be removed. Check out the `ProjectV2View#group_by_fields`
-      API as an example for the more capable alternative.'
-    reason:
-      The `ProjectV2View#order_by` API is deprecated in favour of the more capable
-      `ProjectV2View#group_by_field` API.
-    date: '2023-04-01T00:00:00+00:00'
-    criticality: breaking
-    owner: alcere
-  - location: ProjectV2View.sortBy
-    description:
-      '`sortBy` will be removed. Check out the `ProjectV2View#sort_by_fields`
-      API as an example for the more capable alternative.'
-    reason:
-      The `ProjectV2View#sort_by` API is deprecated in favour of the more capable
-      `ProjectV2View#sort_by_fields` API.
-    date: '2023-04-01T00:00:00+00:00'
-    criticality: breaking
-    owner: traumverloren
-  - location: ProjectV2View.verticalGroupBy
-    description:
-      '`verticalGroupBy` will be removed. Check out the `ProjectV2View#vertical_group_by_fields`
-      API as an example for the more capable alternative.'
-    reason:
-      The `ProjectV2View#vertical_group_by` API is deprecated in favour of the
-      more capable `ProjectV2View#vertical_group_by_fields` API.
-    date: '2023-04-01T00:00:00+00:00'
-    criticality: breaking
-    owner: traumverloren
-  - location: Repository.squashPrTitleUsedAsDefault
-    description:
-      '`squashPrTitleUsedAsDefault` will be removed. Use `Repository.squashMergeCommitTitle`
-      instead.'
-    reason: '`squashPrTitleUsedAsDefault` will be removed.'
-    date: '2023-04-01T00:00:00+00:00'
-    criticality: breaking
-    owner: github/pull_requests
--- a/data/graphql/ghes-3.8/schema.docs-enterprise.graphql
+++ b/data/graphql/ghes-3.8/schema.docs-enterprise.graphql
--- a/data/learning-tracks/code-security.yml
+++ b/data/learning-tracks/code-security.yml
@@ -45,9 +45,7 @@ dependabot_alerts:
  guides:
    - /code-security/dependabot/dependabot-alerts/about-dependabot-alerts
    - >-
-      {% ifversion fpt or ghec or ghes
-      %}/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository{%
-      endif %}
+      /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository
    - >-
      /code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts
    - >-
@@ -71,19 +69,13 @@ dependabot_security_updates:
    - >-
      /code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates
    - >-
-      {% ifversion fpt or ghec or ghes
-      %}/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts{%
-      endif %}
+      /code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts
    - >-
-      {% ifversion fpt or ghec or ghes
-      %}/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository{%
-      endif %}
+      /repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository
    - >-
      /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates
    - >-
-      {% ifversion fpt or ghec or ghes
-      %}/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies{%
-      endif %}
+      /code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies
 dependency_version_updates:
  title: Keep your dependencies up-to-date
  description: >-
--- a/data/release-notes/enterprise-server/3-8/0-rc1.yml
+++ b/data/release-notes/enterprise-server/3-8/0-rc1.yml
@@ -1,480 +0,0 @@
-date: '2023-02-07'
-release_candidate: true
-deprecated: true
-intro: |
-  {% note %}
-
-  **Note:** If {% data variables.location.product_location %} is running a release candidate build, you can't upgrade with a hotpatch. We recommend that you only run release candidates in a test environment.
-
-  {% endnote %}
-
-  For upgrade instructions, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
-
-sections:
-  features:
-    - heading: Projects beta
-      notes:
-        # https://github.com/github/docs-content/issues/8857
-        - |
-          Projects, the flexible tool for planning and tracking work on GitHub Enterprise Server, is now available as a beta. A project is an adaptable spreadsheet that integrates issues and pull requests to help users plan and track work effectively. Users can create and customize multiple views, and each view can filter, sort, and group issues and pull requests. Users can also define custom fields to track the unique metadata for a team or project, allowing customization for any needs or processes. This feature is subject to change. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects)."
-
-    - heading: Instance administration
-      notes:
-        # https://github.com/github/releases/issues/2701
-        - |
-          Site administrators can improve the security of an instance by creating dedicated user accounts for the Management Console. Only the root site administrator can create user accounts. To control access for the user accounts, assign either the editor or operator role. Operators can manage administrative SSH access for the instance. For more information, see "[Managing access to the Management Console](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console)."
-
-        # https://github.com/github/releases/issues/2759
-        - |
-          To establish or comply with internal policies, site administrators can use the Management Console to configure an instance's policy for retention of data related to checks, including checks data generated by GitHub Actions and the Statuses API. Administrators can enable or disable retention, set a custom retention threshold, or set a custom hard-delete threshold.
-          For more information, see "[Configuring applications](/admin/configuration/configuring-your-enterprise/configuring-applications)" [Updated: 2023-03-02]
-
-
-        # https://github.com/github/releases/issues/2814
-        - |
-          When generating support bundles using the `ghe-support-bundle` command-line utility, site administrators can specify the exact duration to use for collection of data in the bundle. For more information, see "[Command-line utilities](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-support-bundle)."
-
-    - heading: Identity and access management
-      notes:
-        # https://github.com/github/releases/issues/2681
-        - |
-          Users can review and revoke both browser and GitHub Mobile sessions for a GitHub Enterprise Server instance. For more information, see "[Viewing and managing your sessions](/authentication/keeping-your-account-and-data-secure/viewing-and-managing-your-sessions)."
-
-    - heading: Policies
-      notes:
-        # https://github.com/github/docs-content/issues/7661
-        - |
-          Enterprise owners can configure whether repository administrators can enable or disable Dependabot alerts. On instances with a GitHub Advanced Security license, enterprise owners can also set policies to control whether repository administrators can enable GitHub Advanced Security features or secret scanning. For more information, see "[Enforcing policies for code security and analysis for your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)."
-
-    - heading: Audit logs
-      notes:
-        # https://github.com/github/releases/issues/2665
-        - |
-          Enterprise and organization owners can support adherance to the principle of least privilege by granting access to audit log endpoints without providing full administrative privileges. To provide this access, {% data variables.product.pat_generic_plural %} and OAuth apps now support the `read:audit_log` scope. For more information, see "[Using the audit log API for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise)."
-
-        # https://github.com/github/releases/issues/2676
-        - |
-          Enterprise owners can more easily detect and trace activity associated with authentication tokens by viewing token data in audit log events. For more information, see "[Identifying audit log events performed by an access token](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/identifying-audit-log-events-performed-by-an-access-token)."
-
-        # https://github.com/github/releases/issues/2587
-        - |
-          Enterprise owners can configure audit log streaming to a Datadog endpoint. For more information, see "[Streaming the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-datadog)."
-
-    - heading: GitHub Advanced Security
-      notes:
-        # https://github.com/github/releases/issues/2644
-        - |
-          Enterprise owners on an instance with a GitHub Advanced Security license can view changes to GitHub Advanced Security, secret scanning, and push protection enablement in the audit log. Organization owners can view changes to custom messages for push protection in the audit log. For more information, see the following documentation.
-
-          - "[`business_secret_scanning` category actions](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#business_secret_scanning-category-actions)," "[`business_secret_scanning_push_protection` category actions](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#business_secret_scanning_push_protection-category-actions)," and "[`business_secret_scanning_push_protection_custom_message` category actions](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#business_secret_scanning_push_protection_custom_message-category-actions)" in "Audit log events for your enterprise"
-          - "[Reviewing the audit log for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#org-category-actions)"
-
-        # https://github.com/github/releases/issues/2647
-        - |
-          Enterprise owners on an instance with a GitHub Advanced Security license can ensure compliance and simplify the rollout of secret scanning and push protection to all organizations on the instance using the REST API. This endpoint supplements the existing web UI, as well as the endpoints for repositories and organizations. For more information, see "[Code security and analysis](/rest/enterprise-admin/code-security-and-analysis?apiVersion=2022-11-28)" in the REST API documentation.
-
-        # https://github.com/github/releases/issues/2647
-        # https://github.com/github/releases/issues/2669
-        - |
-          Enterprise and organization owners who use secret scanning on an instance with a GitHub Advanced Security license can use the REST API to specify a custom link to display when push protection blocks a push containing a secret. For more information, see "[Code security and analysis](/rest/enterprise-admin/code-security-and-analysis?apiVersion=2022-11-28)" or "[Organizations](/rest/orgs/orgs?apiVersion=2022-11-28#update-an-organization)" in the REST API documentation.
-
-        # https://github.com/github/releases/issues/2386
-        - |
-          Users on an instance with a GitHub Advanced Security license who dismiss a secret scanning alert can help other users understand the reason for dismissal by providing an optional comment using the web UI or REST API. For more information, see the following documentation.
-
-          - "[Managing alerts from secret scanning](/code-security/secret-scanning/managing-alerts-from-secret-scanning)"
-          - "[Secret scanning](/rest/secret-scanning?apiVersion=2022-11-28#update-a-secret-scanning-alert)" in the REST API documentation
-
-        # https://github.com/github/releases/issues/2777
-        - |
-          Users on an instance with a GitHub Advanced Security license can filter results from the Code Scanning API based on alert severity at either the repository or organization levels. Use the `severity` parameter to return only code scanning alerts with a specific severity. For more information, see "[Code Scanning](/rest/code-scanning?apiVersion=2022-11-28#list-code-scanning-alerts-for-a-repository)" in the REST API documentation.
-
-        # https://github.com/github/releases/issues/2509
-        # https://github.com/github/releases/issues/2703
-        - |
-          Users on an instance with a GitHub Advanced Security license can analyze two additional languages for vulnerabilities and errors using CodeQL code scanning. Support for Ruby is generally available, and support for Kotlin is in beta and subject to change.
-
-          - Ruby analysis can detect more than twice the number of common weaknesses (CWEs) it could detect during beta. A total of 30 rules can identify a range of vulnerabilities, including cross-site scripting (XSS), regular expression denial-of-service (ReDoS), SQL injection, and more. Additional library and framework coverage for Ruby-on-Rails ensures that web service developers get even more precise results. GitHub Enterprise Server supports all common Ruby versions, up to and including 3.1.
-          - Kotlin support is an extension of existing Java support, and benefits from the [existing CodeQL queries for Java](https://codeql.github.com/codeql-query-help/java/), which apply to both mobile and server-side applications. GitHub has also improved and added a range of mobile-specific queries, covering issues such as handling of Intents, Webview validation problems, fragment injection, and more.
-
-          For more information about code scanning, see "[About code scanning with CodeQL](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql)."
-
-        # https://github.com/github/docs-content/issues/8424
-        - |
-          Users on an instance with a GitHub Advanced Security license who use CodeQL code scanning can customize the build configuration for Go analysis within the GitHub Actions workflow file. Existing CodeQL workflows for Go analysis require no changes, and will continue to be supported. For more information, see "[Configuring the CodeQL workflow for compiled languages](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
-
-    - heading: Dependabot
-      notes:
-        # https://github.com/github/releases/issues/2738
-        # https://github.com/github/releases/issues/2739
-        - |
-          To improve code security and simplify the process of updating vulnerable dependencies, more users can receive automatic pull requests with dependency updates.
-
-          - GitHub Actions authors can automatically update dependencies within workflow files.
-          - Dart or Flutter developers who use Pub can automatically update dependencies within their projects.
-
-          For more information, see "[About Dependabot security updates](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)."
-
-        # https://github.com/github/releases/issues/2438
-        # https://github.com/github/releases/issues/2553
-        - |
-          Dart and JavaScript developers on an instance with the dependency graph enabled can receive Dependabot alerts for known vulnerabilities within a project's dependencies.
-
-          - For Dart, the dependency graph detects `pubspec.lock` and `pubspec.yaml` files.
-          - JavaScript developers who use Node.js and npm can receive alerts for known vulnerabilities within Yarn v2 and v3 manifests. This supplements the existing support for v1 manifests. The dependency graph detects `package.json`, and `yarn.lock` files.
-
-          For more information, see the following articles.
-
-          - "[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)"
-          - "[Browsing security advisories in the GitHub Advisory Database](/code-security/security-advisories/global-security-advisories/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)"
-          - "[About Dependabot alerts](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)"
-
-        # https://github.com/github/releases/issues/2554
-        - |
-          Python developers who use supported package managers on an instance with the dependency graph enabled can receive Dependabot alerts for dependencies within `pyproject.toml` files that follow the [PEP 621 standard](https://peps.python.org/pep-0621/). For more information, see "[About Dependabot version updates](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)."
-
-        # https://github.com/github/releases/issues/2645
-        - |
-          Python developers who receive Dependabot alerts can reduce the number of version updates when a current dependency requirement is already satisfied by a new version. To configure this behavior, use the `increase-if-necessary` versioning strategy. For more information, see "[Configuration options for the dependabot.yml file](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy)."
-
-        # https://github.com/github/releases/issues/2591
-        - |
-          Enterprise owners can retrieve Dependabot alerts for the instance using the REST API. This endpoint is in beta and subject to change. For more information, see "[Dependabot alerts](/rest/dependabot/alerts?apiVersion=2022-11-28)" in the REST API documentation.
-
-        # https://github.com/github/releases/issues/2590
-        - |
-          Organization owners can retrieve Dependabot alerts for the organization using the REST API. This endpoint is in beta and subject to change. For more information, see "[Dependabot alerts](/rest/dependabot/alerts?apiVersion=2022-11-28)."
-
-        # https://github.com/github/releases/issues/2323
-        - |
-          Users can programmatically view and act on Dependabot alerts using the REST API. New endpoints to view, list, and update Dependabot alerts are available in beta. These endpoints are subject to change. For more information, see "[Dependabot alerts](/rest/dependabot/alerts?apiVersion=2022-11-28)" in the REST API documentation.
-
-    - heading: Code security
-      notes:
-        # https://github.com/github/releases/issues/2706
-        # https://github.com/github/releases/issues/2768
-        # https://github.com/github/releases/issues/2770
-        - |
-          To increase visibility into security posture and improve risk analysis, users can access coverage and risk views within the security overview. The coverage view shows enablement across repositories, while the risk view surfaces alerts across repositories. Organization owners, security managers, and repository administrators on an instance with a GitHub Advanced Security license can enable security features from the security overview's coverage view. The views replace the "Overview" page, and are in public beta and subject to change. For more information, see "[About the security overview](/code-security/security-overview/about-the-security-overview)."
-
-        # https://github.com/github/releases/issues/2713
-        - |
-          Contributors can define a repository's security policy by creating a `SECURITY.md` file. To increase the policy's visibility, GitHub Enterprise Server will link to the policy from the repository's {% octicon "code" aria-label="The code icon" %} **Code** tab. For more information, see "[Adding a security policy to your repository](/code-security/getting-started/adding-a-security-policy-to-your-repository)."
-
-        # https://github.com/github/releases/issues/2440
-        - |
-          The Dependency review API is generally available, and the associated GitHub Action now allows users to reference a local or external configuration file. For more information, see the following documentation.
-
-          - "[Dependency review](/rest/dependency-graph/dependency-review?apiVersion=2022-11-28)" in the REST API documentation
-          - "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#about-configuring-the-dependency-review-action)"
-
-        # https://github.com/github/releases/issues/2787
-        - |
-          The GraphQL API provides access to a repository's dependency graph. This feature is in preview and subject to change. For more information, see "[Objects](/graphql/reference/objects#dependencygraphdependency)" in the GraphQL API documentation.
-
-    - heading: GitHub Actions
-      notes:
-        # https://github.com/github/releases/issues/2730
-        - |
-          During configuration of storage for GitHub Actions, site administrators can avoid risks associated with the input of sensitive secrets and access keys by using OIDC to connect to object storage providers. GitHub Actions on GitHub Enterprise Server supports OIDC for connections to AWS, Azure, and Google Cloud Platform. This feature is in beta and subject to change. For more information, see "[Enabling GitHub Actions for GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server)."
-
-        # https://github.com/github/releases/issues/2618
-        - |
-          To prevent untrusted logging of data from the `set-state` and `set-output` workflow commands, action authors can use environment files for the management of state and output.
-
-          - To use this feature, the runner application must be version 2.297.0 or later. Versions 2.298.2 and later will warn users who use the `save-state` or `set-output` commands. These commands will be fully disabled in a future release.
-          - To use the updated `saveState` and `setOutput` functions, workflows using the GitHub Actions Toolkit must call `@actions/core` v1.10.0 or later.
-
-          For more information, see "[Workflow commands for GitHub Actions](/actions/using-workflows/workflow-commands-for-github-actions#environment-files)."
-
-        # https://github.com/github/releases/issues/2293
-        - |
-          The ability to share actions and reusable workflows from private repositories is generally available. Users can share workflows in a private repository with other private repositories owned by the same organization or user account, or with all private repositories on the instance. For more information, see the following documentation.
-
-          - "[Managing GitHub Actions settings for a repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-access-to-components-in-a-private-repository)"
-          - "[GitHub Actions Permissions](/rest/actions/permissions?apiVersion=2022-11-28#get-the-level-of-access-for-workflows-outside-of-the-repository)" in the REST API documentation
-
-        # https://github.com/github/releases/issues/2694
-        - |
-          Users can improve workflow readability and avoid the need to store non-sensitive configuration data as encrypted secrets by defining configuration variables, which allow reuse across workflows in a repository or organization. This feature is in beta and subject to change. For more information, see "[Variables](/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows)."
-
-        # https://github.com/github/releases/issues/2517
-        - |
-          Users can dynamically name workflow runs. `run-name` accepts expressions, and the dynamic name appears in the list of workflow runs. For more information, see "[Workflow syntax for GitHub Actions](/actions/using-workflows/workflow-syntax-for-github-actions#run-name)."
-
-        # https://github.com/github/releases/issues/2616
-        - |
-          Users can prevent a job from running on a runner outside the intended group by defining the names of the intended runner groups for a workflow within the `runs-on` key.
-
-          ```yaml
-          runs-on:
-            group: my-group
-            labels: [ self-hosted, label-1 ]
-          ```
-
-          Additionally, GitHub Enterprise Server will no longer allow the creation of runner groups with identical names at the organization and enterprise level. A warning banner will appear for any runner groups within an organization that share a name with a runner group for the enterprise.
-
-        # https://github.com/github/releases/issues/2693
-        - |
-          Users can enforce standard CI/CD practices across all of an organization's repositories by defining required workflows. These workflows are triggered as required status checks for all pull requests that target repositories' default branch, which blocks merging until the check passes. This feature is in beta and subject to change. For more information, see "[Required workflows](/actions/using-workflows/required-workflows)."
-
-        # https://github.com/github/releases/issues/2655
-        - |
-          To enable standardization of OIDC configurations across cloud deployment workflows, organization owners and repository administrators can configure the `subject` claim format within OIDC tokens by defining a custom template. For more information, see "[About security hardening with OpenID Connect](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-subject-claims-for-an-organization-or-repository)."
-
-        # https://github.com/github/releases/issues/2571
-        - |
-          To enable more transparency and control over cache usage within repositories, users who cache dependencies and other reused files with `actions/cache` can manage caches from the instance's web UI. For more information, see "[Caching dependencies to speed up workflows](/actions/using-workflows/caching-dependencies-to-speed-up-workflows#managing-caches)."
-
-    - heading: Community experience
-      notes:
-        # https://github.com/github/releases/issues/2536
-        - |
-          Users can set expectations surrounding availability by displaying a local timezone within their profiles. People who view the user's profile or hovercard will see the timezone, as well as how many hours behind or ahead they are of the user's local time. For more information, see "[Personalizing your profile](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-your-location-and-time-zone)."
-
-    - heading: GitHub Discussions
-      notes:
-        # https://github.com/github/releases/issues/2672
-        - |
-          To improve discoverability, GitHub Discussions features the following improvements.
-
-          - Repository owners can pin discussions to a specific category.
-          - Category titles and descriptions are displayed on the category's page.
-
-    - heading: Organizations
-      notes:
-        # https://github.com/github/releases/issues/2418
-        - |
-          To manage how organization members fork repositories, organization owners can set a dedicated forking policy for any organization. This policy must be stricter than an a forking policy set for the enterprise. For more information, see "[Managing the forking policy for your organization](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization)."
-
-        # https://github.com/github/releases/issues/2539
-        - |
-          Organization owners can improve organization security by preventing outside collaborators from requesting the installation of GitHub and OAuth apps. For more information, see "[Limiting OAuth App and GitHub App access requests](/organizations/managing-organization-settings/limiting-oauth-app-and-github-app-access-requests)."
-
-    - heading: Repositories
-      notes:
-        # https://github.com/github/releases/issues/2175
-        - |
-          To avoid providing full administrative access to a repository when unnecessary, repository administrators can create a custom role that allows users to bypass branch protections. To enforce branch protections for all users with administrative access or bypass permissions, administrators can enable **Do not allow bypassing the above settings**. For more information, see "[Managing custom repository roles for an organization](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization#repository)" and "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#do-not-allow-bypassing-the-above-settings)."
-
-        # https://github.com/github/releases/issues/2626
-        - |
-          Repository administrators can ensure the security and stability of branches by locking the branch. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch)." [Updated: 2023-04-28]
-
-        # https://github.com/github/releases/issues/2666
-        - |
-          In scenarios where someone should review code within a GitHub Actions workflow before the workflow runs, repository administrators can require approval from a user with write access to the repository before a workflow run can be triggered from a private fork. For more information, see "[Managing GitHub Actions settings for a repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories)."
-
-    - heading: Issues
-      notes:
-        # https://github.com/github/releases/issues/2018
-        - |
-          The GraphQL API supports creation and removal of the link between a branch and an issue. For more information, see the following documentation.
-
-          - "[Creating a branch to work on an issue](/issues/tracking-your-work-with-issues/creating-a-branch-for-an-issue)"
-          - "[createLinkedBranch](/graphql/reference/mutations#createlinkedbranch)" and "[deleteLinkedBranch](/graphql/reference/mutations#deletelinkedbranch)" in the "Mutations" GraphQL API documentation
-          - "[Objects](/graphql/reference/objects#issue)" in the GraphQL API documentation
-
-    - heading: Pull requests
-      notes:
-        # https://github.com/github/releases/issues/2511
-        - |
-          Users with multiple email addresses associated with their accounts can better ensure that Git commits created by squash-merging are associated with the correct email address. When merging the pull request, a drop-down menu will appear, allowing the user to select the email address to use as the commit's author.
-
-    - heading: Releases
-      notes:
-        # https://github.com/github/releases/issues/2584
-        - |
-          Users can mark a specific release within a repository as the latest release using the web UI, REST API, or GraphQL API. For more information, see the following documentation.
-
-          - "[Managing releases in a repository](/repositories/releasing-projects-on-github/managing-releases-in-a-repository)"
-          - "[Releases](/rest/releases/releases?apiVersion=2022-11-28#create-a-release)" in the REST API documentation
-          - "[Objects](/graphql/reference/objects#release)" in the GraphQL API documentation
-
-    - heading: Integrations
-      notes:
-        # https://github.com/github/releases/issues/2625
-        - |
-          Users can save time and switch context less often by receiving and acting on real-time updates about GitHub Enterprise Server activity directly within Slack or Microsoft Teams. GitHub's integrations for these services are now generally available. For more information, see "[GitHub extensions and integrations](/get-started/customizing-your-github-workflow/exploring-integrations/github-extensions-and-integrations)."
-
-  changes:
-    # https://github.com/github/releases/issues/2702
-    - |
-      When a site administrator runs a command using administrative SSH access, the command is now logged. To help GitHub Support troubleshoot and debug, support bundles include a log containing these commands.
-
-    # https://github.com/github/releases/issues/2538
-    - |
-      To simplify the discovery of events within enterprise, organization, or user audit logs, the search bar now displays a list of available filters.
-
-    # https://github.com/github/releases/issues/2815
-    - |
-      Before a site administrator can migrate away from GitHub Enterprise Server using the [GitHub Enterprise Importer CLI](https://github.com/github/gh-gei), the [startRepositoryMigration](/graphql/reference/mutations#startrepositorymigration) GraphQL API, or the [Start an organization migration](/rest/migrations/orgs?apiVersion=2022-11-28#start-an-organization-migration) REST API, the administrator must use the Management Console to configure a blob storage provider for the storage of migration archives. Supported provides include Amazon S3 and Azure Blob Storage. Previously, blob storage was not required and could optionally be configured using `gh gei`. This change adds support for migrations where the Git source or metadata is larger than 1 GB.
-
-    # https://github.com/github/releases/issues/2705
-    - |
-      To help users on an instance with a GitHub Advanced Security license better understand detected secrets and take action, secret scanning alerts concerning third-party API keys now include a link to the provider's documentation. For more information, see "[About secret scanning](/code-security/secret-scanning/about-secret-scanning)."
-
-    # https://github.com/github/releases/issues/2386
-    - |
-      Users on an instance with a GitHub Advanced Security license will now see the actions that users took on a secret scanning alert directly within the alert's timeline, including when a contributor bypassed push protection for a secret.
-
-    # https://github.com/github/releases/issues/2387
-    - |
-      Instances with a GitHub Advanced Security license will regularly run a historical scan to detect newly added secret types on repositories with GitHub Advanced Security and secret scanning enabled. Previously, users needed to manually run a historical scan.
-
-    # https://github.com/github/releases/issues/2640
-    - |
-      On instances with a GitHub Advanced Security license, to ensure that future releases of GitHub Enterprise Server can always display a preview of a detected secret in the APIs or web UI, the detected secrets are now stored separately from source code. Detected secrets are stored using symmetric encryption. [Updated: 2023-02-15]
-
-    # https://github.com/github/releases/issues/2696
-    - |
-      When using private registries for Dependabot updates, GitHub Enterprise Server behaves more securely. If a private registry is configured for any of the following ecosystems, the instance will no longer make any package requests to public registries.
-
-      - Bundler
-      - Docker
-      - Gradle
-      - Maven
-      - npm
-      - Nuget
-      - Python
-      - Yarn
-
-      For more information, see "[Configuration options for the dependabot.yml file](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#configuration-options-for-private-registries)."
-
-    # https://github.com/github/releases/issues/2750
-    - |
-      Elixir developers who use [self-hosted Hex repositories](https://hex.pm/docs/self_hosting) can configure a private registry for Dependabot version updates on GitHub Enterprise Server. For more information, see "[Configuration options for the dependabot.yml file](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#configuration-options-for-private-registries)."
-
-    # https://github.com/github/releases/issues/2598
-    - |
-      Dependabot alerts features the following usability improvements.
-
-      - The page for an alert refreshes automatically after Dependabot attempts to create a pull request for an update.
-      - Alerts are more accurately mapped to pull requests from Dependabot updates.
-      - To improve the alert for the community, users can suggest improvements to alerts directly in the GitHub Advisory Database.
-
-    # https://github.com/github/releases/issues/2744
-    - |
-      Users can more easily mention **@dependabot**. When mentioning users, the Dependabot user account now appears as an autocomplete suggestion.
-
-    # https://github.com/github/releases/issues/2631
-    - |
-      In repositories with vulnerable dependencies, Dependabot will no longer display a yellow banner. To notify contributors of vulnerable dependencies, the **Security** tab displays an alert counter.
-
-    # https://github.com/github/releases/issues/2602
-    - |
-      If a user forks a repository with an existing Dependabot configuration in `dependabot.yml`, Dependabot updates will be disabled in the fork by default. To enable updates in the fork, the user must visit the repository's code security and analysis settings. For more information, see "[Configuring Dependabot version updates](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)."
-
-    # https://github.com/github/releases/issues/2621
-    - |
-      Integrators who wish to receive a webhook for Dependabot alerts must use the new `dependabot_alert` webhook. This webhook replaces the `repository_vulnerability_alert` webhook. For more information, see "[Webhook events and payloads](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#dependabot_alert)."
-
-    # https://github.com/github/releases/issues/2704
-    - |
-      To improve readability of GitHub Actions workflows that reference other actions by commit SHA, action authors often write a comment including the corresponding semantic version on the line that calls the action. To save time, pull requests for Dependabot version updates will now automatically update the semantic version in these comments.
-
-    # https://github.com/github/releases/issues/2294
-    - |
-      JavaScript developers who use Node.js, npm, and Dependabot security updates can save time when updating npm projects with transitive dependencies.
-
-      - Dependabot can update both parent and child dependencies together. Previously, Dependabot would not update transitive dependencies when the parent required an incompatible specific version range, requiring manual upgrades.
-      - Dependabot can create pull requests that resolve alerts where an update to a direct dependency would remove the vulnerable transitive dependency from the tree.
-
-      For more information, see "[About Dependabot security updates](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)."
-
-    # https://github.com/github/releases/issues/2700
-    - |
-      For people who use Dependabot for version updates in the Docker ecosystem, Dependabot will proactively update Docker image tags in Kubernetes manifests. For more information, see "[Configuring Dependabot version updates](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)" and "[Configuration options for the dependabot.yml file](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem)."
-
-    # https://github.com/github/releases/issues/2461
-    - |
-      A number of improvements are available to users who contribute to security advisories on GitHub.com, including the following changes.
-
-      - To ensure faster review, GitHub prompts users to add a reason for the change.
-      - To ensure that the contribution matches the user's intent, GitHub will not reorder reference links in the diff.
-
-    # https://github.com/github/releases/issues/2492
-    - |
-      GitHub Actions features the following discoverability and accessibility improvements.
-
-      - The navigation experience for searching workflows and workflow runs is improved.
-      - Added structure better represents the hierarchy between caller and called reusable workflows.
-      - The mobile browsing experience is more consistent, and supports multiple viewport sizes.
-
-    # https://github.com/github/releases/issues/2524
-    - |
-      GitHub Actions workflows will no longer trigger endlessly when using `GITHUB_TOKEN` with `workflow_dispatch` and `repository_dispatch` events. Prior to this change, events triggered by `GITHUB_TOKEN` would not create a new workflow run. For more information, see "[Triggering a workflow](/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow)."
-
-    # https://github.com/github/releases/issues/2543
-    - |
-      For scheduled runs of GitHub Actions workflows, users will see additional information about the repository, organization, and enterprise within the payload for `github.event`.
-
-    # https://github.com/github/releases/issues/2727
-    - |
-      Users of GitHub Actions have better insight into the progress of a job when using environment protection rules. The `workflow_job` webhook supports a new `waiting` state whenever a job is awaiting an environment protection rule. Also, when a job refers to an `environment` key in its YAML definition, the `workflow_job` webhook payload will also include a new property, `deployment`. `deployment` contains metadata about the deployment that the check run created. For more information, see "[Using environments for deployment](/actions/deployment/targeting-different-environments/using-environments-for-deployment)."
-
-    # https://github.com/github/releases/issues/2515
-    # https://github.com/github/releases/issues/2743
-    - |
-      Organization owners can find more meaningful context within audit log events.
-
-      - `business.sso_response` and `org.sso_response` events appear in the REST API and payloads for audit log streaming.
-      - `repo.rename`, `project.rename`, and `protected_branch.update_name` events include the current and past names for these renamed within the `old_name` field.
-      - Events for Dependabot alerts contain `alert_number`, `ghsa_id`, `dismiss_reason`, and `dismiss_comment` fields, in addition to a link back to the alert and an accurate timestamp.
-
-    # https://github.com/github/releases/issues/2537
-    - |
-      Users can view a list that contains all of an organization's followers from the organization's profile.
-
-    # https://github.com/github/releases/issues/2717
-    - |
-      The banner displayed atop an archived repository in the web UI now includes the repository's archival date.
-
-    # https://github.com/github/releases/issues/2286
-    - |
-      The **Conversations** and **Files** tabs in pull requests now load more quickly due to deferred syntax highlighting.
-
-    # https://github.com/github/releases/issues/2561
-    - |
-      To provide a more consistent experience between the web UI and users' workstations, and to speed up the process of checking whether users can merge a pull request automatically, GitHub Enterprise Server now uses the `merge-ort` strategy. For more information, see [Merge strategies](https://git-scm.com/docs/merge-strategies#Documentation/merge-strategies.txt-ort) in the Git documentation.
-
-    # https://github.com/github/releases/issues/2496
-    - |
-      To improve the display of the initial comment in pull requests that contain one commit, GitHub Enterprise Server now automatically reformats detailed commit messages to adhere to GitHub's Markdown conventions.
-
-    # https://github.com/github/releases/issues/2511
-    - |
-      When squash-merging a pull request, the author of the Git commit is displayed before merging. Previously, the commit author was only displayed when merging with a merge commit.
-
-  known_issues:
-    - |
-      During configuration of high availability, after you run `ghe-maintenance -s` in step 12 of [this documentation](/admin/enterprise-management/configuring-high-availability/creating-a-high-availability-replica#creating-a-high-availability-replica), the following error appears and maintenance mode is not enabled.
-
-      ```shell
-      unable to access '/data/user/common/cluster.conf': Permission denied
-      ```
-
-      You can ignore the error and proceed to the next step. The issue will be resolved in GitHub Enterprise Server 3.8.1. [Updated: 2023-03-06]
-    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
-    - Custom firewall rules are removed during the upgrade process.
-    - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
-
-    - Actions services need to be restarted after restoring an instance from a backup taken on a different host.
-    - In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
-    - During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - '{% data reusables.release-notes.stuck-discussion-conversion-issue %}'
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
-
-  deprecations:
-    - heading: Unsecure algorithms disabled for administrative SSH connections
-      notes:
-        # https://github.com/github/enterprise-releases/issues/3217
-        - |
-          GitHub has disabled the use of unsecure algorithms for SSH connections to the administrative shell.
-
-    - heading: Deprecation of the repository_vulnerability_alert webhook
-      notes:
-        # https://github.com/github/releases/issues/2621
-        - |
-          For integrators who wish to receive webhooks for Dependabot alerts activity, the `dependabot_alert` webhook replaces the `repository_vulnerability_alert` webhook. For more information, see "[Webhook events and payloads](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#dependabot_alert)."
--- a/data/release-notes/enterprise-server/3-8/0.yml
+++ b/data/release-notes/enterprise-server/3-8/0.yml
@@ -1,502 +0,0 @@
-date: '2023-03-07'
-release_candidate: false
-deprecated: false
-intro: |
-  For upgrade instructions, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
-
-sections:
-  features:
-    - heading: Projects beta
-      notes:
-        # https://github.com/github/docs-content/issues/8857
-        - |
-          Projects, the flexible tool for planning and tracking work on GitHub Enterprise Server, is now available as a beta. A project is an adaptable spreadsheet that integrates issues and pull requests to help users plan and track work effectively. Users can create and customize multiple views, and each view can filter, sort, and group issues and pull requests. Users can also define custom fields to track the unique metadata for a team or project, allowing customization for any needs or processes. This feature is subject to change. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects)."
-
-    - heading: Instance administration
-      notes:
-        # https://github.com/github/releases/issues/2701
-        - |
-          Site administrators can improve the security of an instance by creating dedicated user accounts for the Management Console. Only the root site administrator can create user accounts. To control access for the user accounts, assign either the editor or operator role. Operators can manage administrative SSH access for the instance. For more information, see "[Managing access to the Management Console](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console)."
-
-        # https://github.com/github/releases/issues/2759
-        - |
-          To establish or comply with internal policies, site administrators can use the Management Console to configure an instance's policy for retention of data related to checks, including checks data generated by GitHub Actions and the Statuses API. Administrators can enable or disable retention, set a custom retention threshold, or set a custom hard-delete threshold.
-          For more information, see "[Configuring applications](/admin/configuration/configuring-your-enterprise/configuring-applications)" [Updated: 2023-03-02]
-
-
-        # https://github.com/github/releases/issues/2814
-        - |
-          When generating support bundles using the `ghe-support-bundle` command-line utility, site administrators can specify the exact duration to use for collection of data in the bundle. For more information, see "[Command-line utilities](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-support-bundle)."
-
-    - heading: Identity and access management
-      notes:
-        # https://github.com/github/releases/issues/2681
-        - |
-          Users can review and revoke both browser and GitHub Mobile sessions for a GitHub Enterprise Server instance. For more information, see "[Viewing and managing your sessions](/authentication/keeping-your-account-and-data-secure/viewing-and-managing-your-sessions)."
-
-    - heading: Policies
-      notes:
-        # https://github.com/github/docs-content/issues/7661
-        - |
-          Enterprise owners can configure whether repository administrators can enable or disable Dependabot alerts. On instances with a GitHub Advanced Security license, enterprise owners can also set policies to control whether repository administrators can enable GitHub Advanced Security features or secret scanning. For more information, see "[Enforcing policies for code security and analysis for your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)."
-
-    - heading: Audit logs
-      notes:
-        # https://github.com/github/releases/issues/2665
-        - |
-          Enterprise and organization owners can support adherance to the principle of least privilege by granting access to audit log endpoints without providing full administrative privileges. To provide this access, {% data variables.product.pat_generic_plural %} and OAuth apps now support the `read:audit_log` scope. For more information, see "[Using the audit log API for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise)."
-
-        # https://github.com/github/releases/issues/2676
-        - |
-          Enterprise owners can more easily detect and trace activity associated with authentication tokens by viewing token data in audit log events. For more information, see "[Identifying audit log events performed by an access token](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/identifying-audit-log-events-performed-by-an-access-token)."
-
-        # https://github.com/github/releases/issues/2587
-        - |
-          Enterprise owners can configure audit log streaming to a Datadog endpoint. For more information, see "[Streaming the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-datadog)."
-
-    - heading: GitHub Advanced Security
-      notes:
-        # https://github.com/github/releases/issues/2644
-        - |
-          Enterprise owners on an instance with a GitHub Advanced Security license can view changes to GitHub Advanced Security, secret scanning, and push protection enablement in the audit log. Organization owners can view changes to custom messages for push protection in the audit log. For more information, see the following documentation.
-
-          - "[`business_secret_scanning` category actions](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#business_secret_scanning-category-actions)," "[`business_secret_scanning_push_protection` category actions](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#business_secret_scanning_push_protection-category-actions)," and "[`business_secret_scanning_push_protection_custom_message` category actions](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#business_secret_scanning_push_protection_custom_message-category-actions)" in "Audit log events for your enterprise"
-          - "[Reviewing the audit log for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#org-category-actions)"
-
-        # https://github.com/github/releases/issues/2647
-        - |
-          Enterprise owners on an instance with a GitHub Advanced Security license can ensure compliance and simplify the rollout of secret scanning and push protection to all organizations on the instance using the REST API. This endpoint supplements the existing web UI, as well as the endpoints for repositories and organizations. For more information, see "[Code security and analysis](/rest/enterprise-admin/code-security-and-analysis?apiVersion=2022-11-28)" in the REST API documentation.
-
-        # https://github.com/github/releases/issues/2647
-        # https://github.com/github/releases/issues/2669
-        - |
-          Enterprise and organization owners who use secret scanning on an instance with a GitHub Advanced Security license can use the REST API to specify a custom link to display when push protection blocks a push containing a secret. For more information, see "[Code security and analysis](/rest/enterprise-admin/code-security-and-analysis?apiVersion=2022-11-28)" or "[Organizations](/rest/orgs/orgs?apiVersion=2022-11-28#update-an-organization)" in the REST API documentation.
-
-        # https://github.com/github/releases/issues/2386
-        - |
-          Users on an instance with a GitHub Advanced Security license who dismiss a secret scanning alert can help other users understand the reason for dismissal by providing an optional comment using the web UI or REST API. For more information, see the following documentation.
-
-          - "[Managing alerts from secret scanning](/code-security/secret-scanning/managing-alerts-from-secret-scanning)"
-          - "[Secret scanning](/rest/secret-scanning?apiVersion=2022-11-28#update-a-secret-scanning-alert)" in the REST API documentation
-
-        # https://github.com/github/releases/issues/2777
-        - |
-          Users on an instance with a GitHub Advanced Security license can filter results from the Code Scanning API based on alert severity at either the repository or organization levels. Use the `severity` parameter to return only code scanning alerts with a specific severity. For more information, see "[Code Scanning](/rest/code-scanning?apiVersion=2022-11-28#list-code-scanning-alerts-for-a-repository)" in the REST API documentation.
-
-        # https://github.com/github/releases/issues/2509
-        # https://github.com/github/releases/issues/2703
-        - |
-          Users on an instance with a GitHub Advanced Security license can analyze two additional languages for vulnerabilities and errors using CodeQL code scanning. Support for Ruby is generally available, and support for Kotlin is in beta and subject to change.
-
-          - Ruby analysis can detect more than twice the number of common weaknesses (CWEs) it could detect during beta. A total of 30 rules can identify a range of vulnerabilities, including cross-site scripting (XSS), regular expression denial-of-service (ReDoS), SQL injection, and more. Additional library and framework coverage for Ruby-on-Rails ensures that web service developers get even more precise results. GitHub Enterprise Server supports all common Ruby versions, up to and including 3.1.
-          - Kotlin support is an extension of existing Java support, and benefits from the [existing CodeQL queries for Java](https://codeql.github.com/codeql-query-help/java/), which apply to both mobile and server-side applications. GitHub has also improved and added a range of mobile-specific queries, covering issues such as handling of Intents, Webview validation problems, fragment injection, and more.
-
-          For more information about code scanning, see "[About code scanning with CodeQL](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql)."
-
-        # https://github.com/github/docs-content/issues/8424
-        - |
-          Users on an instance with a GitHub Advanced Security license who use CodeQL code scanning can customize the build configuration for Go analysis within the GitHub Actions workflow file. Existing CodeQL workflows for Go analysis require no changes, and will continue to be supported. For more information, see "[Configuring the CodeQL workflow for compiled languages](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
-
-    - heading: Dependabot
-      notes:
-        # https://github.com/github/releases/issues/2738
-        # https://github.com/github/releases/issues/2739
-        - |
-          To improve code security and simplify the process of updating vulnerable dependencies, more users can receive automatic pull requests with dependency updates.
-
-          - GitHub Actions authors can automatically update dependencies within workflow files.
-          - Dart or Flutter developers who use Pub can automatically update dependencies within their projects.
-
-          For more information, see "[About Dependabot security updates](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)."
-
-        # https://github.com/github/releases/issues/2438
-        # https://github.com/github/releases/issues/2553
-        - |
-          Dart and JavaScript developers on an instance with the dependency graph enabled can receive Dependabot alerts for known vulnerabilities within a project's dependencies.
-
-          - For Dart, the dependency graph detects `pubspec.lock` and `pubspec.yaml` files.
-          - JavaScript developers who use Node.js and npm can receive alerts for known vulnerabilities within Yarn v2 and v3 manifests. This supplements the existing support for v1 manifests. The dependency graph detects `package.json`, and `yarn.lock` files.
-
-          For more information, see the following articles.
-
-          - "[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)"
-          - "[Browsing security advisories in the GitHub Advisory Database](/code-security/security-advisories/global-security-advisories/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)"
-          - "[About Dependabot alerts](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)"
-
-        # https://github.com/github/releases/issues/2554
-        - |
-          Python developers who use supported package managers on an instance with the dependency graph enabled can receive Dependabot alerts for dependencies within `pyproject.toml` files that follow the [PEP 621 standard](https://peps.python.org/pep-0621/). For more information, see "[About Dependabot version updates](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)."
-
-        # https://github.com/github/releases/issues/2645
-        - |
-          Python developers who receive Dependabot alerts can reduce the number of version updates when a current dependency requirement is already satisfied by a new version. To configure this behavior, use the `increase-if-necessary` versioning strategy. For more information, see "[Configuration options for the dependabot.yml file](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy)."
-
-        # https://github.com/github/releases/issues/2591
-        - |
-          Enterprise owners can retrieve Dependabot alerts for the instance using the REST API. This endpoint is in beta and subject to change. For more information, see "[Dependabot alerts](/rest/dependabot/alerts?apiVersion=2022-11-28)" in the REST API documentation.
-
-        # https://github.com/github/releases/issues/2590
-        - |
-          Organization owners can retrieve Dependabot alerts for the organization using the REST API. This endpoint is in beta and subject to change. For more information, see "[Dependabot alerts](/rest/dependabot/alerts?apiVersion=2022-11-28)."
-
-        # https://github.com/github/releases/issues/2323
-        - |
-          Users can programmatically view and act on Dependabot alerts using the REST API. New endpoints to view, list, and update Dependabot alerts are available in beta. These endpoints are subject to change. For more information, see "[Dependabot alerts](/rest/dependabot/alerts?apiVersion=2022-11-28)" in the REST API documentation.
-
-    - heading: Code security
-      notes:
-        # https://github.com/github/releases/issues/2706
-        # https://github.com/github/releases/issues/2768
-        # https://github.com/github/releases/issues/2770
-        - |
-          To increase visibility into security posture and improve risk analysis, users can access coverage and risk views within the security overview. The coverage view shows enablement across repositories, while the risk view surfaces alerts across repositories. Organization owners, security managers, and repository administrators on an instance with a GitHub Advanced Security license can enable security features from the security overview's coverage view. The views replace the "Overview" page, and are in public beta and subject to change. For more information, see "[About the security overview](/code-security/security-overview/about-the-security-overview)."
-
-        # https://github.com/github/releases/issues/2713
-        - |
-          Contributors can define a repository's security policy by creating a `SECURITY.md` file. To increase the policy's visibility, GitHub Enterprise Server will link to the policy from the repository's {% octicon "code" aria-label="The code icon" %} **Code** tab. For more information, see "[Adding a security policy to your repository](/code-security/getting-started/adding-a-security-policy-to-your-repository)."
-
-        # https://github.com/github/releases/issues/2440
-        - |
-          The Dependency review API is generally available, and the associated GitHub Action now allows users to reference a local or external configuration file. For more information, see the following documentation.
-
-          - "[Dependency review](/rest/dependency-graph/dependency-review?apiVersion=2022-11-28)" in the REST API documentation
-          - "[Configuring dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#about-configuring-the-dependency-review-action)"
-
-        # https://github.com/github/releases/issues/2787
-        - |
-          The GraphQL API provides access to a repository's dependency graph. This feature is in preview and subject to change. For more information, see "[Objects](/graphql/reference/objects#dependencygraphdependency)" in the GraphQL API documentation.
-
-    - heading: GitHub Actions
-      notes:
-        # https://github.com/github/releases/issues/2730
-        - |
-          During configuration of storage for GitHub Actions, site administrators can avoid risks associated with the input of sensitive secrets and access keys by using OIDC to connect to object storage providers. GitHub Actions on GitHub Enterprise Server supports OIDC for connections to AWS, Azure, and Google Cloud Platform. This feature is in beta and subject to change. For more information, see "[Enabling GitHub Actions for GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server)."
-
-        # https://github.com/github/releases/issues/2618
-        - |
-          To prevent untrusted logging of data from the `set-state` and `set-output` workflow commands, action authors can use environment files for the management of state and output.
-
-          - To use this feature, the runner application must be version 2.297.0 or later. Versions 2.298.2 and later will warn users who use the `save-state` or `set-output` commands. These commands will be fully disabled in a future release.
-          - To use the updated `saveState` and `setOutput` functions, workflows using the GitHub Actions Toolkit must call `@actions/core` v1.10.0 or later.
-
-          For more information, see "[Workflow commands for GitHub Actions](/actions/using-workflows/workflow-commands-for-github-actions#environment-files)."
-
-        # https://github.com/github/releases/issues/2293
-        - |
-          The ability to share actions and reusable workflows from private repositories is generally available. Users can share workflows in a private repository with other private repositories owned by the same organization or user account, or with all private repositories on the instance. For more information, see the following documentation.
-
-          - "[Managing GitHub Actions settings for a repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-access-to-components-in-a-private-repository)"
-          - "[GitHub Actions Permissions](/rest/actions/permissions?apiVersion=2022-11-28#get-the-level-of-access-for-workflows-outside-of-the-repository)" in the REST API documentation
-
-        # https://github.com/github/releases/issues/2694
-        - |
-          Users can improve workflow readability and avoid the need to store non-sensitive configuration data as encrypted secrets by defining configuration variables, which allow reuse across workflows in a repository or organization. This feature is in beta and subject to change. For more information, see "[Variables](/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows)."
-
-        # https://github.com/github/releases/issues/2517
-        - |
-          Users can dynamically name workflow runs. `run-name` accepts expressions, and the dynamic name appears in the list of workflow runs. For more information, see "[Workflow syntax for GitHub Actions](/actions/using-workflows/workflow-syntax-for-github-actions#run-name)."
-
-        # https://github.com/github/releases/issues/2616
-        - |
-          Users can prevent a job from running on a runner outside the intended group by defining the names of the intended runner groups for a workflow within the `runs-on` key.
-
-          ```yaml
-          runs-on:
-            group: my-group
-            labels: [ self-hosted, label-1 ]
-          ```
-
-          Additionally, GitHub Enterprise Server will no longer allow the creation of runner groups with identical names at the organization and enterprise level. A warning banner will appear for any runner groups within an organization that share a name with a runner group for the enterprise.
-
-        # https://github.com/github/releases/issues/2693
-        - |
-          Users can enforce standard CI/CD practices across all of an organization's repositories by defining required workflows. These workflows are triggered as required status checks for all pull requests that target repositories' default branch, which blocks merging until the check passes. This feature is in beta and subject to change. For more information, see "[Required workflows](/actions/using-workflows/required-workflows)."
-
-        # https://github.com/github/releases/issues/2655
-        - |
-          To enable standardization of OIDC configurations across cloud deployment workflows, organization owners and repository administrators can configure the `subject` claim format within OIDC tokens by defining a custom template. For more information, see "[About security hardening with OpenID Connect](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-subject-claims-for-an-organization-or-repository)."
-
-        # https://github.com/github/releases/issues/2571
-        - |
-          To enable more transparency and control over cache usage within repositories, users who cache dependencies and other reused files with `actions/cache` can manage caches from the instance's web UI. For more information, see "[Caching dependencies to speed up workflows](/actions/using-workflows/caching-dependencies-to-speed-up-workflows#managing-caches)."
-
-    - heading: Community experience
-      notes:
-        # https://github.com/github/releases/issues/2536
-        - |
-          Users can set expectations surrounding availability by displaying a local timezone within their profiles. People who view the user's profile or hovercard will see the timezone, as well as how many hours behind or ahead they are of the user's local time. For more information, see "[Personalizing your profile](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-your-location-and-time-zone)."
-
-    - heading: GitHub Discussions
-      notes:
-        # https://github.com/github/releases/issues/2672
-        - |
-          To improve discoverability, GitHub Discussions features the following improvements.
-
-          - Repository owners can pin discussions to a specific category.
-          - Category titles and descriptions are displayed on the category's page.
-
-    - heading: Organizations
-      notes:
-        # https://github.com/github/releases/issues/2418
-        - |
-          To manage how organization members fork repositories, organization owners can set a dedicated forking policy for any organization. This policy must be stricter than an a forking policy set for the enterprise. For more information, see "[Managing the forking policy for your organization](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization)."
-
-        # https://github.com/github/releases/issues/2539
-        - |
-          Organization owners can improve organization security by preventing outside collaborators from requesting the installation of GitHub and OAuth apps. For more information, see "[Limiting OAuth App and GitHub App access requests](/organizations/managing-organization-settings/limiting-oauth-app-and-github-app-access-requests)."
-
-    - heading: Repositories
-      notes:
-        # https://github.com/github/releases/issues/2175
-        - |
-          To avoid providing full administrative access to a repository when unnecessary, repository administrators can create a custom role that allows users to bypass branch protections. To enforce branch protections for all users with administrative access or bypass permissions, administrators can enable **Do not allow bypassing the above settings**. For more information, see "[Managing custom repository roles for an organization](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization#repository)" and "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#do-not-allow-bypassing-the-above-settings)."
-
-        # https://github.com/github/releases/issues/2626
-        - |
-          Repository administrators can ensure the security and stability of branches by locking the branch. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#lock-branch)."
-
-        # https://github.com/github/releases/issues/2666
-        - |
-          In scenarios where someone should review code within a GitHub Actions workflow before the workflow runs, repository administrators can require approval from a user with write access to the repository before a workflow run can be triggered from a private fork. For more information, see "[Managing GitHub Actions settings for a repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories)."
-
-    - heading: Issues
-      notes:
-        # https://github.com/github/releases/issues/2018
-        - |
-          The GraphQL API supports creation and removal of the link between a branch and an issue. For more information, see the following documentation.
-
-          - "[Creating a branch to work on an issue](/issues/tracking-your-work-with-issues/creating-a-branch-for-an-issue)"
-          - "[createLinkedBranch](/graphql/reference/mutations#createlinkedbranch)" and "[deleteLinkedBranch](/graphql/reference/mutations#deletelinkedbranch)" in the "Mutations" GraphQL API documentation
-          - "[Objects](/graphql/reference/objects#issue)" in the GraphQL API documentation
-
-    - heading: Releases
-      notes:
-        # https://github.com/github/releases/issues/2584
-        - |
-          Users can mark a specific release within a repository as the latest release using the web UI, REST API, or GraphQL API. For more information, see the following documentation.
-
-          - "[Managing releases in a repository](/repositories/releasing-projects-on-github/managing-releases-in-a-repository)"
-          - "[Releases](/rest/releases/releases?apiVersion=2022-11-28#create-a-release)" in the REST API documentation
-          - "[Objects](/graphql/reference/objects#release)" in the GraphQL API documentation
-
-    - heading: Integrations
-      notes:
-        # https://github.com/github/releases/issues/2625
-        - |
-          Users can save time and switch context less often by receiving and acting on real-time updates about GitHub Enterprise Server activity directly within Slack or Microsoft Teams. GitHub's integrations for these services are now generally available. For more information, see "[GitHub extensions and integrations](/get-started/customizing-your-github-workflow/exploring-integrations/github-extensions-and-integrations)."
-
-  changes:
-    # https://github.com/github/releases/issues/2702
-    - |
-      When a site administrator runs a command using administrative SSH access, the command is now logged. To help GitHub Support troubleshoot and debug, support bundles include a log containing these commands.
-
-    # https://github.com/github/releases/issues/2538
-    - |
-      To simplify the discovery of events within enterprise, organization, or user audit logs, the search bar now displays a list of available filters.
-
-    # https://github.com/github/releases/issues/2815
-    - |
-      Before a site administrator can migrate away from GitHub Enterprise Server using the [GitHub Enterprise Importer CLI](https://github.com/github/gh-gei), the [startRepositoryMigration](/graphql/reference/mutations#startrepositorymigration) GraphQL API, or the [Start an organization migration](/rest/migrations/orgs?apiVersion=2022-11-28#start-an-organization-migration) REST API, the administrator must use the Management Console to configure a blob storage provider for the storage of migration archives. Supported provides include Amazon S3 and Azure Blob Storage. Previously, blob storage was not required and could optionally be configured using `gh gei`. This change adds support for migrations where the Git source or metadata is larger than 1 GB.
-
-    # https://github.com/github/releases/issues/2705
-    - |
-      To help users on an instance with a GitHub Advanced Security license better understand detected secrets and take action, secret scanning alerts concerning third-party API keys now include a link to the provider's documentation. For more information, see "[About secret scanning](/code-security/secret-scanning/about-secret-scanning)."
-
-    # https://github.com/github/releases/issues/2386
-    - |
-      Users on an instance with a GitHub Advanced Security license will now see the actions that users took on a secret scanning alert directly within the alert's timeline, including when a contributor bypassed push protection for a secret.
-
-    # https://github.com/github/releases/issues/2387
-    - |
-      Instances with a GitHub Advanced Security license will regularly run a historical scan to detect newly added secret types on repositories with GitHub Advanced Security and secret scanning enabled. Previously, users needed to manually run a historical scan.
-
-    # https://github.com/github/releases/issues/2640
-    - |
-      On instances with a GitHub Advanced Security license, to ensure that future releases of GitHub Enterprise Server can always display a preview of a detected secret in the APIs or web UI, the detected secrets are now stored separately from source code. Detected secrets are stored using symmetric encryption. [Updated: 2023-02-15]
-
-    # https://github.com/github/releases/issues/2696
-    - |
-      When using private registries for Dependabot updates, GitHub Enterprise Server behaves more securely. If a private registry is configured for any of the following ecosystems, the instance will no longer make any package requests to public registries.
-
-      - Bundler
-      - Docker
-      - Gradle
-      - Maven
-      - npm
-      - Nuget
-      - Python
-      - Yarn
-
-      For more information, see "[Configuration options for the dependabot.yml file](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#configuration-options-for-private-registries)."
-
-    # https://github.com/github/releases/issues/2750
-    - |
-      Elixir developers who use [self-hosted Hex repositories](https://hex.pm/docs/self_hosting) can configure a private registry for Dependabot version updates on GitHub Enterprise Server. For more information, see "[Configuration options for the dependabot.yml file](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#configuration-options-for-private-registries)."
-
-    # https://github.com/github/releases/issues/2598
-    - |
-      Dependabot alerts features the following usability improvements.
-
-      - The page for an alert refreshes automatically after Dependabot attempts to create a pull request for an update.
-      - Alerts are more accurately mapped to pull requests from Dependabot updates.
-      - To improve the alert for the community, users can suggest improvements to alerts directly in the GitHub Advisory Database.
-
-    # https://github.com/github/releases/issues/2744
-    - |
-      Users can more easily mention **@dependabot**. When mentioning users, the Dependabot user account now appears as an autocomplete suggestion.
-
-    # https://github.com/github/releases/issues/2631
-    - |
-      In repositories with vulnerable dependencies, Dependabot will no longer display a yellow banner. To notify contributors of vulnerable dependencies, the **Security** tab displays an alert counter.
-
-    # https://github.com/github/releases/issues/2602
-    - |
-      If a user forks a repository with an existing Dependabot configuration in `dependabot.yml`, Dependabot updates will be disabled in the fork by default. To enable updates in the fork, the user must visit the repository's code security and analysis settings. For more information, see "[Configuring Dependabot version updates](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)."
-
-    # https://github.com/github/releases/issues/2621
-    - |
-      Integrators who wish to receive a webhook for Dependabot alerts must use the new `dependabot_alert` webhook. This webhook replaces the `repository_vulnerability_alert` webhook. For more information, see "[Webhook events and payloads](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#dependabot_alert)."
-
-    # https://github.com/github/releases/issues/2704
-    - |
-      To improve readability of GitHub Actions workflows that reference other actions by commit SHA, action authors often write a comment including the corresponding semantic version on the line that calls the action. To save time, pull requests for Dependabot version updates will now automatically update the semantic version in these comments.
-
-    # https://github.com/github/releases/issues/2294
-    - |
-      JavaScript developers who use Node.js, npm, and Dependabot security updates can save time when updating npm projects with transitive dependencies.
-
-      - Dependabot can update both parent and child dependencies together. Previously, Dependabot would not update transitive dependencies when the parent required an incompatible specific version range, requiring manual upgrades.
-      - Dependabot can create pull requests that resolve alerts where an update to a direct dependency would remove the vulnerable transitive dependency from the tree.
-
-      For more information, see "[About Dependabot security updates](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)."
-
-    # https://github.com/github/releases/issues/2700
-    - |
-      For people who use Dependabot for version updates in the Docker ecosystem, Dependabot will proactively update Docker image tags in Kubernetes manifests. For more information, see "[Configuring Dependabot version updates](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)" and "[Configuration options for the dependabot.yml file](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem)."
-
-    # https://github.com/github/releases/issues/2461
-    - |
-      A number of improvements are available to users who contribute to security advisories on GitHub.com, including the following changes.
-
-      - To ensure faster review, GitHub prompts users to add a reason for the change.
-      - To ensure that the contribution matches the user's intent, GitHub will not reorder reference links in the diff.
-
-    # https://github.com/github/releases/issues/2492
-    - |
-      GitHub Actions features the following discoverability and accessibility improvements.
-
-      - The navigation experience for searching workflows and workflow runs is improved.
-      - Added structure better represents the hierarchy between caller and called reusable workflows.
-      - The mobile browsing experience is more consistent, and supports multiple viewport sizes.
-
-    # https://github.com/github/releases/issues/2524
-    - |
-      GitHub Actions workflows will no longer trigger endlessly when using `GITHUB_TOKEN` with `workflow_dispatch` and `repository_dispatch` events. Prior to this change, events triggered by `GITHUB_TOKEN` would not create a new workflow run. For more information, see "[Triggering a workflow](/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow)."
-
-    # https://github.com/github/releases/issues/2543
-    - |
-      For scheduled runs of GitHub Actions workflows, users will see additional information about the repository, organization, and enterprise within the payload for `github.event`.
-
-    # https://github.com/github/releases/issues/2727
-    - |
-      Users of GitHub Actions have better insight into the progress of a job when using environment protection rules. The `workflow_job` webhook supports a new `waiting` state whenever a job is awaiting an environment protection rule. Also, when a job refers to an `environment` key in its YAML definition, the `workflow_job` webhook payload will also include a new property, `deployment`. `deployment` contains metadata about the deployment that the check run created. For more information, see "[Using environments for deployment](/actions/deployment/targeting-different-environments/using-environments-for-deployment)."
-
-    # https://github.com/github/releases/issues/2515
-    # https://github.com/github/releases/issues/2743
-    - |
-      Organization owners can find more meaningful context within audit log events.
-
-      - `business.sso_response` and `org.sso_response` events appear in the REST API and payloads for audit log streaming.
-      - `repo.rename`, `project.rename`, and `protected_branch.update_name` events include the current and past names for these renamed within the `old_name` field.
-      - Events for Dependabot alerts contain `alert_number`, `ghsa_id`, `dismiss_reason`, and `dismiss_comment` fields, in addition to a link back to the alert and an accurate timestamp.
-
-    # https://github.com/github/releases/issues/2537
-    - |
-      Users can view a list that contains all of an organization's followers from the organization's profile.
-
-    # https://github.com/github/releases/issues/2717
-    - |
-      The banner displayed atop an archived repository in the web UI now includes the repository's archival date.
-
-    # https://github.com/github/releases/issues/2286
-    - |
-      The **Conversations** and **Files** tabs in pull requests now load more quickly due to deferred syntax highlighting.
-
-    # https://github.com/github/releases/issues/2561
-    - |
-      To provide a more consistent experience between the web UI and users' workstations, and to speed up the process of checking whether users can merge a pull request automatically, GitHub Enterprise Server now uses the `merge-ort` strategy. For more information, see [Merge strategies](https://git-scm.com/docs/merge-strategies#Documentation/merge-strategies.txt-ort) in the Git documentation.
-
-    # https://github.com/github/releases/issues/2496
-    - |
-      To improve the display of the initial comment in pull requests that contain one commit, GitHub Enterprise Server now automatically reformats detailed commit messages to adhere to GitHub's Markdown conventions.
-
-    # https://github.com/github/releases/issues/2511
-    - |
-      Before squash-merging a pull request, the web UI displays the email address of the commit's author. Previously, the commit author was only displayed when merging with a merge commit.
-
-  known_issues:
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
-    - |
-      {% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
-    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
-    - Custom firewall rules are removed during the upgrade process.
-    - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
-
-    - Actions services need to be restarted after restoring an instance from a backup taken on a different host.
-    - In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
-    - During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - '{% data reusables.release-notes.stuck-discussion-conversion-issue %}'
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
-    - '{% data reusables.release-notes.ghe-cluster-config-apply-error %}'
-    - |
-      After upgrading to GitHub Enterprise Server 3.8.0, commands run via SSH on any of the instance's nodes will not be logged in `/var/log/ssh-console-audit.log`. To resolve this issue, SSH into the affected node and run the following command.
-
-      ```shell
-      source /etc/bash.bashrc
-      ```
-    - '{% data reusables.release-notes.git-push-known-issue %} [Updated: 2023-03-17]'
-    - '{% data reusables.release-notes.replication-commands-in-maintenance-mode-known-issue %} [Updated: 2023-03-17]'
-    - |
-      Use of the search API may cause subsequent requests to other interfaces to fail. When this issue occurs, impacted API or web UI users will receive HTTP 5xx responses and this `NoMethodError` exception will be logged:
-
-      ```shell
-      NoMethodError (undefined method `starts_with?' for [:ok, "refs/heads/main"]:Array):
-      ```
-    - |
-      On an instance with a GitHub Advanced Security license where secret scanning is enabled, excessive logging in `/var/log` may cause user-facing errors and degraded system performance if logs consume all free space on the volume. To prevent this issue from impacting users, monitor free space on your instance's root volume. For more information, see "[Configuring secret scanning for your appliance](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance)" and "[Monitoring your appliance](/admin/enterprise-management/monitoring-your-appliance)." If you suspect that this issue is affecting your instance and you need help, [contact GitHub Support](https://support.github.com/contact). [Updated: 2023-05-03]
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
-    - |
-      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
-    - |
-      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
-
-  deprecations:
-    - heading: Unsecure algorithms disabled for administrative SSH connections
-      notes:
-        # https://github.com/github/enterprise-releases/issues/3217
-        - |
-          GitHub has disabled the use of unsecure algorithms for SSH connections to the administrative shell.
-
-    - heading: Deprecation of the repository_vulnerability_alert webhook
-      notes:
-        # https://github.com/github/releases/issues/2621
-        - |
-          For integrators who wish to receive webhooks for Dependabot alerts activity, the `dependabot_alert` webhook replaces the `repository_vulnerability_alert` webhook. For more information, see "[Webhook events and payloads](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#dependabot_alert)."
-
-  errata:
-    - '{% data reusables.release-notes.github-actions-secrets-encryption-docs %} [Updated: 2023-06-01]'
-
-    # https://github.com/github/releases/issues/2626
-    - |
-      "[Repositories](#3.8.0-repositories)" incorrectly indicated that repository administrators can require pull request approval by someone other than the last pusher. This feature is unavailable in GitHub Enterprise Server 3.8, and is available in GitHub Enterprise Server 3.10. For more information, see "[AUTOTITLE](/enterprise-server@3.10/admin/release-notes#repositories)." [Updated 2023-08-07]
--- a/data/release-notes/enterprise-server/3-8/1.yml
+++ b/data/release-notes/enterprise-server/3-8/1.yml
@@ -1,76 +0,0 @@
-date: '2023-03-23'
-sections:
-  security_fixes:
-    - |
-      **HIGH**: Addressed an improper authentication vulnerability that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23761](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23761). [Updated: 2023-04-07]
-    - |
-      **MEDIUM**: Addressed an incorrect comparison vulnerability that allowed commit smuggling by displaying an incorrect diff. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23762). [Updated: 2023-04-07]
-  bugs:
-    - On an instance with GitHub Actions enabled, a workflow job for GitHub Actions would not start if a matching runner group was unavailable when the job was initially queued, even if a matching runner group became available after the job entered the queue.
-    - On an instance with GitHub Actions enabled, GitHub Actions will now properly execute after restoration of a deleted repository.
-    - |
-      On an instance with GitHub Actions enabled, nested calls to reusable workflows within a reusable workflow job with a matrix correctly evaluate contexts within expressions, like `strategy: ${% raw %}{{ inputs.strategies }}{% endraw %}`.
-    - "In some cases, graphs on the Management Console's monitor dashboard failed to render."
-    - After an administrator used the `/setup/api/start` REST API endpoint to upload a license, the configuration run failed with a `Connection refused` error during the migrations phase.
-    - On an instance in a cluster configuration, when a site administrator set maintenance mode using `ghe-maintenance -s`, a `Permission denied` error appeared when the utility tried to access `/data/user/common/cluster.conf`.
-    - On an instance in a high availability configuration, if an administrator tore down replication from a replica node using `ghe-repl-teardown` immediately after running `ghe-repl-setup`, but before `ghe-repl-start`, an error indicated that the script `cannot launch /usr/local/bin/ghe-single-config-apply - run is locked`. `ghe-repl-teardown` now displays an informational alert and continues the teardown.
-    - During configuration of high availability, if a site administrator interrupted the `ghe-repl-start` utility, the utility erroneously reported that replication was configured, and the instance would not perform expected clean-up operations.
-    - Commands that site administrators ran via SSH on any of the instances nodes were not logged in `/var/log/ssh-console-audit.log`.
-    - "On instances configured to use the private beta of SCIM for GitHub Enterprise Server, users' authentication with SSH keys and {% data variables.product.pat_generic_plural %} failed due to an erroneous requirement for authorization."
-    - |
-      After a user imported a repository with push protection enabled, the repository was not immediately visible in the security overview's "Security Coverage" view.
-    - Responses from the `/repositories` REST API endpoint erroneously included deleted repositories.
-    - When a site administrator used `ghe-migrator` to migrate data to GitHub Enterprise Server, in some cases, nested team relationships would not persist after teams were imported.
-    - If a repository contained a `CODEOWNERS` file with check annotations, pull requests "Files changed" tab returned a `500` error and displayed "Oops, something went wrong" in the "Unchanged files with check annotations" section.
-    - On an instance with GitHub Actions enabled, if a user manually triggered a workflow using the REST API but did not specify values for optional booleans, the API failed to validate the request and returned a `422` error.
-    - When users searched for gists, the text in the search field was not visible in some cases because the texts color was identical to the color of the fields background.
-    - In some cases on an instance with multiple nodes, GitHub Enterprise Server erroneously stopped writing to replica fileservers, causing repository data to fall out of sync.
-    - On an instance with GitHub Connect enabled, if "Users can search GitHub.com" was enabled, users would not see issues in private and internal repositories in search results for GitHub.com.
-    - |
-      An enterprise owner could not enable two-factor authentication (2FA) for an instance if any enterprise owners had not enabled 2FA for their user accounts. [Updated: 2023-04-17]
-    - |
-      On an instance with GitHub Packages enabled, after users pushed to the Container registry, the instance erroneously responded with a `429 Too Many Requests` error in cases when the instance could accommodate the request. The limits have been raised, and users should receive this message less often. [Updated: 2023-05-30]
-
-  changes:
-    - When a site administrator configures an outbound web proxy server for GitHub Enterprise Server, the instance now validates top-level domains (TLDs) excluded from the proxy configuration. By default, you can exclude public TLDs that the IANA specifies. Site administrators can specify a list of unregistered TLDs to exclude using `ghe-config`. The `.` prefix is required for any public TLDs. For example, `.example.com` is valid, but `example.com` is invalid. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-an-outbound-web-proxy-server)."
-    - To avoid intermittent issues with the success of Git operations on an instance with multiple nodes, GitHub Enterprise Server checks the status of the MySQL container before attempting a SQL query. The timeout duration has also been reduced.
-    - The default path for output from `ghe-saml-mapping-csv -d` is `/data/user/tmp` instead of `/tmp`. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-saml-mapping-csv)."
-    - On an instance with a GitHub Advanced Security license, users who author custom patterns for secret scanning can provide expressions that must or must not match that are up to 2,000 characters. This limit is an increase from 1,000 characters.
-  known_issues:
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
-    - |
-      {% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
-    - |
-      On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
-    - |
-      Custom firewall rules are removed during the upgrade process.
-
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      {% data reusables.release-notes.ghe-cluster-config-apply-error %}
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
-    - |
-      Use of the search API may cause subsequent requests to other interfaces to fail. When this issue occurs, impacted API or web UI users will receive HTTP 5xx responses and this `NoMethodError` exception will be logged:
-
-      ```shell
-      NoMethodError (undefined method `starts_with?' for [:ok, "refs/heads/main"]:Array):
-      ```
-    - |
-      On an instance with a GitHub Advanced Security license where secret scanning is enabled, excessive logging in `/var/log` may cause user-facing errors and degraded system performance if logs consume all free space on the volume. To prevent this issue from impacting users, monitor free space on your instance's root volume. For more information, see "[Configuring secret scanning for your appliance](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance)" and "[Monitoring your appliance](/admin/enterprise-management/monitoring-your-appliance)." If you suspect that this issue is affecting your instance and you need help, [contact GitHub Support](https://support.github.com/contact). [Updated: 2023-05-03]
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
-    - |
-      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
-    - |
-      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
--- a/data/release-notes/enterprise-server/3-8/10.yml
+++ b/data/release-notes/enterprise-server/3-8/10.yml
@@ -1,51 +0,0 @@
-date: '2023-09-21'
-sections:
-  security_fixes:
-    - HTTP Strict Transport Security (HSTS) is enabled within the Management Console.
-    - To prevent commits from a detached repository from syncing to prior forks that are now in a separate repository network, GitHub Enterprise Server closes pull requests between repositories during detachment.
-    - Packages have been updated to the latest security versions.
-  bugs:
-    - When displaying a list of subdomains in the Management Console, the list included the outdated `render` subdomain, and excluded the newer `containers`, `docker`, `notebook`, and `viewscreen` subdomains.
-    - On an instance in a cluster configuration, the Cluster-Balance daemon would run against jobs not specified in the configuration.
-    - On an instance with a GitHub Advanced Security license and secret scanning enabled, and when using Safari, changing additional match requirements for a custom pattern did not retrigger custom pattern evaluation against a user submitted test string.
-    - When viewing git blame data, the reviewer menu was loaded even when the suggested reviewer calculation timed out.
-    - When uploading migration archives to blob storage, the GitHub Enterprise Server instance's outbound web proxy server was not used.
-    - Duplicated intermediate commit trailers won't appear in pull request squash messages.
-    - On an enterprise with the policy setting that disallows repository admins from enabling/disabling secret scanning, transferring a repository to a new organization that automatically enabled secret scanning wouldn't result in the transferred repository being automatically enabled for secret scanning.
-    - When migrating a repository from a GitHub Enterprise Server instance to another location, the `ghe-migrator target_url` command allows you to record the repository's new location. The new URL is displayed when you visit the main page of the repository in the web interface.
-    - On an instance with subdomain isolation disabled, a notebook could not be loaded due to incorrect asset paths.
-    - On an instance with subdomain isolation disabled, a notebook could not be loaded due to an extra `/` character in the URL path.
-    - On an instance with a GitHub Advanced Security license and secret scanning enabled, in some cases, custom patterns would erroneously show no results for a dry run.
-    - '{% data reusables.release-notes.mermaid-rendering-known-issue %}'
-  changes:
-    - Site administrators can see improved diagnostic information about repositories that have been deleted.
-    - When providing data to GitHub Support, GitHub Enterprise Server displays a notice describing how support data is used before uploading the support files.
-    - On an instance with multiple nodes, internal tooling to repair repositories now attempts to resolve problems within the entire repository network.
-  known_issues:
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
-    - |
-      Custom firewall rules are removed during the upgrade process.
-
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
-    - |
-      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
-    - |
-      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
--- a/data/release-notes/enterprise-server/3-8/11.yml
+++ b/data/release-notes/enterprise-server/3-8/11.yml
@@ -1,63 +0,0 @@
-date: '2023-10-24'
-sections:
-  security_fixes:
-    - |
-      **LOW:** Due to an incorrect permission assignment for some configuration files, an attacker with access to a local operating system user account could read MySQL connection details including the MySQL password. [Updated: 2023-11-13]
-    - |
-      Packages have been updated to the latest security versions.
-  bugs:
-    - |
-      When a site administrator ran `ghe-btop` via SSH, the command did not run and a `/usr/bin/env: python3: No such file or directory` error occurred.
-    - |
-      Multiple lines in babeld logs could run together, making it unclear to administrators if the operations were related.
-    - |
-      `/var/log/lastlog` was not copied over as a sparse file during `ghe-upgrade`, which could cause issues by using additional disk space.
-    - |
-      On an instance in a cluster configuration, when managing maintenance mode using `ghe-cluster-maintenance`, an erroneous warning appeared that read "Warning: Maintenance mode set on primary, please make sure to set it on any active replica if needed".
-    - |
-      `ghe-repl-status` did not identify Git replicas in certain incomplete states and incorrectly suggested that a failover could be performed safely. In some cases, this led to data loss during failover.
-    - |
-      Repository exports using `ghe-migrator` or the REST API's operation for organization migrations could fail when a large number of commit comments or long commit comments were present.
-    - |
-      On an instance with a GitHub Advanced Security license and secret scanning enabled, secret scanning suggested incorrect filters when viewing both open and closed alerts.
-    - |
-      On an instance with multiple nodes, `ghe-spokes status` did not identify Git replicas in certain incomplete states, causing a false report that replication was in sync and leading to data loss or replication issues during failover.
-    - |
-      On an instance with a GitHub Advanced Security license and secret scanning enabled, dry runs sometimes incorrectly reported no results for custom patterns.
-  changes:
-    - |
-      Instructions in the "Migrations" section of the Management Console clarify that only standard AWS S3 endpoints are supported when configuring AWS S3 as a blob storage provider for migrations.
-    - |
-      On an instance in a cluster configuration, administrators can identify the repository networks or gists that are common across a specified set of storage nodes using the `spokesctl find-on-replicas` command.
-    - |
-      As a security measure, GitHub Pages does not build sites that contain symbolic links except when using custom GitHub Actions workflows. This change strengthens GitHub Pages's symbolic link detection.
-  known_issues:
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
-    - |
-      Custom firewall rules are removed during the upgrade process.
-
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
-    - |
-      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      {% data reusables.release-notes.mermaid-rendering-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %}
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
-    - |
-      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2024-02-22]
--- a/data/release-notes/enterprise-server/3-8/12.yml
+++ b/data/release-notes/enterprise-server/3-8/12.yml
@@ -1,131 +0,0 @@
-date: '2023-12-21'
-sections:
-  security_fixes:
-    - |
-      **HIGH**: An attacker with access to a Management Console user account with the editor role could escalate privileges by making requests to the endpoint used for bootstrapping the instance, and then reset the root site administrator password. GitHub has requested CVE ID [CVE-2023-46647](https://www.cve.org/cverecord?id=CVE-2023-46647) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **HIGH**: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-46645](https://www.cve.org/cverecord?id=CVE-2023-46645).
-    - |
-      **MEDIUM**: An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server backend service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server instance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. GitHub has requested CVE ID [CVE-2023-6746](https://www.cve.org/cverecord?id=CVE-2023-6746) for this vulnerability.
-    - |
-      **MEDIUM**: Due to an insufficient entropy vulnerability, an attacker could brute force a user invitation to the Management Console. To exploit this vulnerability, an attacker would have needed knowledge that a user invitation was pending. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-46648](https://www.cve.org/CVERecord?id=CVE-2023-46648).
-    - |
-      **MEDIUM**: An attacker could maintain admin access via a race condition when an organization was converted from a user. GitHub has requested CVE ID [CVE-2023-46649](https://www.cve.org/cverecord?id=CVE-2023-46649) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **MEDIUM**: Due to an improper access control, an attacker could view private repository names by enumerating check run IDs with the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content other than the name. GitHub has requested CVE ID [CVE-2023-46646](https://www.cve.org/cverecord?id=CVE-2023-46646) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **MEDIUM**: An attacker could maintain admin access to a transferred repository in a race condition by making a GraphQL mutation to alter repository permissions during the transfer. GitHub has requested CVE ID [CVE-2023-6690](https://www.cve.org/cverecord?id=CVE-2023-6690) for this vulnerability, which reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **MEDIUM**: An insertion of sensitive information into log file in the Audit Log in GitHub Enterprise Server was identified that that could allow an attacker to gain access to the Management Console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server instance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. GitHub has requested CVE ID [CVE-2023-6802](https://www.cve.org/CVERecord?id=CVE-2023-6802) for this vulnerability.
-    - |
-      **MEDIUM**: A race condition in GitHub Enterprise Server allowed an outside collaborator to be added while a repository is being transferred. GitHub has requested CVE ID [CVE-2023-6803](https://www.cve.org/cverecord?id=CVE-2023-6803) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **MEDIUM**: Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped {% data variables.product.pat_generic %}. To exploit this, a workflow must have already existed in the target repo. GitHub has requested CVE ID [CVE-2023-6804](https://www.cve.org/cverecord?id=CVE-2023-6804) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required `contents.write` and `issues.read` permissions. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51379](https://www.cve.org/CVERecord?id=CVE-2023-51379).
-    - |
-      **MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be read with an improperly scoped token. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51380](https://www.cve.org/CVERecord?id=CVE-2023-51380).
-    - |
-      **LOW:** Pre-receive hooks have been further hardened against shell command injections.
-    - |
-      **LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)."
-    - |
-      To address scenarios that could lead to denial of service, HAProxy has been upgraded to version 2.8.4. [Updated 2024-01-03]
-    - |
-      Packages have been updated to the latest security versions.
-  bugs:
-    - |
-      In rare cases, on an instance with GitHub Actions enabled, a failed check on a deleted repository could cause upgrades to a new version of GitHub Enterprise Server to fail.
-    - |
-      When an administrator ran the `ghe-support-bundle` or `ghe-cluster-support-bundle` command, the `-p` flag did not produce bundles with log durations as specified. The duration period can now only be specified in `days`. Additionally, unnecessary files were sanitized by the commands.
-    - |
-      On an instance in a cluster configuration, upgrades could fail due to a background job running during database migration.
-    - |
-      On an instance in a high availability configuration, the `ghe-repl-teardown` command failed when provided with a UUID.
-    - |
-      In some environments, stale `.backup` log files could accumulate in the system.
-    - |
-      On an instance hosted on AWS, when configuring GitHub Packages, virtual-hosted-style AWS S3 URLs would default to path-style URLs if a `region-code` was included. For more information, see [Virtual hosting of buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html) in the AWS documentation.
-    - |
-      Because the `|` character was not permitted, administrators could not add an SMTP username to authenticate with the Azure Communication Service.
-    - |
-      On an instance with a GitHub Advanced Security license and secret scanning enabled, site administrators using the `ghe-secret-scanning` command would not see a relevant error message if their input was invalid.
-    - |
-      On an instance with a GitHub Advanced Security license, users with the security manager role could not update custom links for push protection using the REST API.
-    - |
-      On an instance with the dependency graph enabled, some security products were not automatically enabled for new public repositories.
-    - |
-      Pull request review threads at the file level, rather than the individual line level, were not included in exports from `ghe-migrator` or the Organization Migrations API.
-    - |
-      After importing a migration archive using `ghe-migrator` or REST API endpoints for organization migrations, in some cases, some review comments within pull requests were not associated with lines of code.
-    - |
-      On an instance with a GitHub Advanced Security license and secret scanning enabled, secret scanning alert emails were sent to organization owners even if their email address did not comply with domain restrictions.
-    - |
-      After a user started a repository transfer, if another user viewed the repository before the transfer finished, the repository overview rendered incorrectly.
-    - |
-      A missing executable on the PATH caused the `ghe-spokesctl ssh` command to fail.
-    - |
-      On an instance with GitHub Actions enabled, users occasionally got a 500 error when viewing a job with a pending deployment.
-    - |
-      An administrator could enable GitHub Connect on an instance with a license that does not support GitHub Connect.
-    - |
-      On an instance with GitHub Connect enabled, some system users were incorrectly counted as consuming a license following license sync.
-    - |
-      A user in the process of being converted into an organization could be added as a collaborator on a repository. This resulted in the new organizations owners unexpectedly receiving access to the repository.
-    - |
-      On an instance with a GitHub Advanced Security license and secret scanning enabled, dry runs sometimes incorrectly reported no results for custom patterns.
-    - |
-      On an instance with a GitHub Advanced Security license and secret scanning enabled, webhooks for alert locations did not contain information about push protection bypasses.
-  changes:
-    - |
-      On an instance with Dependabot updates enabled, Dependabot relies on the node installation provided by the actions runner instead of dynamically downloading.
-    - |
-      When adding a node to an instance, performance is improved during initial database replication.
-    - |
-      An administrator can run the new `ghe-check-background-upgrade-jobs` command to ensure all upgrade jobs that run in the background have finished. This allows the administrator to know when they can start the next upgrade to their GitHub Enterprise Server instance.
-    - |
-      To avoid negative effects on disk utilization, `babeld` log files have a maximum size of 15 GB.
-    - |
-      To improve reliability of release uploads in low-bandwidth environments, the time-to-live (TTL) value of the token for uploading release assets has increased from 1 hour to 3 hours.
-    - |
-      When using `ghe-migrator prepare` to import an archive, a missing `schema.json` file results in an `UnsupportedArchive` error rather than an `UnsupportedSchemaVersion` error.
-    - |
-      The audit log now tracks all failed password attempts individually. Previously, duplicate failed password attempts in sequence within the same day would be grouped into one failed password attempt, with a `count` field.
-    - |
-      As a security measure, GitHub Pages does not build sites that contain symbolic links except when using custom GitHub Actions workflows. When the page builder encounters a symbolic link, the build will fail with an error indicating that the symbolic link should be dereferenced. Custom workflows for GitHub Pages are available in GitHub Enterprise Server 3.7 and later.
-  known_issues:
-    - |
-      Custom firewall rules are removed during the upgrade process.
-    - |
-      The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      {% data reusables.release-notes.mermaid-rendering-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      On an instance hosted in AWS, system time may lose synchronization with Amazon's servers after an administrator reboots the instance.
-    - |
-      On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
-    - |
-      Restoring backups with `ghe-restore` on a GHES cluster will exit prematurely if `redis` has not restarted properly.
-    - |
-      {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %} [Updated 2024-01-03]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2024-02-22]
-  deprecations:
-    - heading: Interactive maps in the web UI no longer allow authentication using an Azure Maps API key
-      notes:
-        - |
-          To allow users to render interactive maps in an instance's web UI by writing GeoJSON or TopoJSON syntax, GitHub Enterprise Server previously required a potentially unsecure API key for authentication with Azure Maps. If an administrator previously enabled interactive maps on an instance, the feature is disabled upon upgrade to this release.
-
-          To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)" and the security fixes for this release.
--- a/data/release-notes/enterprise-server/3-8/13.yml
+++ b/data/release-notes/enterprise-server/3-8/13.yml
@@ -1,46 +0,0 @@
-date: '2024-01-16'
-sections:
-  security_fixes:
-    - |
-      **HIGH**: An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. GitHub has requested CVE ID [CVE-2024-0507](https://www.cve.org/cverecord?id=CVE-2024-0507) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **HIGH**: An attacker could leverage an unsafe reflection vulnerability in GitHub Enterprise Server (GHES) that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the [organization owner role](/enterprise-server@latest/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#organization-owners). GitHub has requested CVE ID [CVE-2024-0200](https://www.cve.org/cverecord?id=CVE-2024-0200) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      Packages have been updated to the latest security versions.
-  bugs:
-    - During periods of high load, users would see intermittent interruptions to services when upstream services failed internal health checks.
-    - When creating a new custom pattern for secret scanning, the "More options" section of the custom pattern form automatically collapsed when a user entered an invalid regex in the post processing expressions (before/after secret match or additional secret requirements).
-    - On an instance with a GitHub Advanced Security license and secret scanning enabled, users could experience a `500` error when viewing a secret scanning alert page in cases where the alerted commits belonged to the user and one or more commits could not be found.
-    - Members of an enterprise were incorrectly allowed access to the REST API endpoints for Enterprise licensing.
-  changes:
-    - The branch protection setting to require PR approval of the most recent reviewable push is included in exports from `ghe-migrator` or the Organization Migrations API.
-  known_issues:
-    - |
-      Custom firewall rules are removed during the upgrade process.
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      {% data reusables.release-notes.mermaid-rendering-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      On an instance hosted in AWS, system time may lose synchronization with Amazon's servers after an administrator reboots the instance.
-    - |
-      On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
-    - |
-      Restoring backups with `ghe-restore` on a GHES cluster will exit prematurely if `redis` has not restarted properly.
-    - |
-      {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2024-02-22]
-  errata:
-    - |
-      These release notes previously indicated that GitHub Enterprise Server 3.8.13 contained a fix for an incorrect authorization vulnerability that affected issue comments, [CVE-2023-51380](https://www.cve.org/CVERecord?id=CVE-2023-51380). This fix was included in GitHub Enterprise Server [3.8.12](/admin/release-notes#3.8.12-security-fixes).
--- a/data/release-notes/enterprise-server/3-8/14.yml
+++ b/data/release-notes/enterprise-server/3-8/14.yml
@@ -1,32 +0,0 @@
-date: '2024-01-30'
-sections:
-  bugs:
-    - |
-      When starting up an instance using NVME storage in a cloud other than AWS, the attached data disk was not properly detected.
-  known_issues:
-    - |
-      Custom firewall rules are removed during the upgrade process.
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      {% data reusables.release-notes.mermaid-rendering-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %}
-    - |
-      On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
-    - |
-      Restoring backups with `ghe-restore` on a GHES cluster will exit prematurely if `redis` has not restarted properly.
-    - |
-      {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
-    - |
-      {% data reusables.release-notes.2024-02-pages-deployment-error %} [Updated: 2024-03-07]
--- a/data/release-notes/enterprise-server/3-8/15.yml
+++ b/data/release-notes/enterprise-server/3-8/15.yml
@@ -1,64 +0,0 @@
-date: '2024-02-13'
-sections:
-  security_fixes:
-      - |
-        **HIGH:** An attacker could gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. GitHub has requested CVE ID [CVE-2024-1082](https://www.cve.org/cverecord?id=CVE-2024-1082) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-      - |
-        **HIGH:** An attacker with an editor role in the Management Console could gain admin SSH access to the appliance by command injection when configuring SAML settings. GitHub has requested CVE ID [CVE-2024-1372](https://www.cve.org/cverecord?id=CVE-2024-1372) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-      - |
-        **HIGH:** An attacker with an editor role in the Management Console could gain admin SSH access to the appliance by command injection when setting an HTTP proxy. GitHub has requested CVE ID [CVE-2024-1359](https://www.cve.org/cverecord?id=CVE-2024-1359) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-      - |
-        **HIGH:** An attacker with an editor role in the Management Console could gain admin SSH access to the appliance by command injection into nomad templates when configuring SMTP options. GitHub has requested CVE ID [CVE-2024-1378](https://www.cve.org/cverecord?id=CVE-2024-1378) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-      - |
-        **HIGH:** An attacker with an editor role in the Management Console could gain admin SSH access to the appliance by command injection in the `actions-console` docker container while setting a service URL. GitHub has requested CVE ID [CVE-2024-1355](https://www.cve.org/cverecord?id=CVE-2024-1355) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-      - |
-        **HIGH:** An attacker with an editor role in the Management Console could gain admin SSH access to the appliance by command injection in the `syslog-ng` configuration file. GitHub has requested CVE ID [CVE-2024-1354](https://www.cve.org/cverecord?id=CVE-2024-1354) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-      - |
-        **HIGH:** An attacker with an editor role in the Management Console could gain admin SSH access to the appliance by command injection when setting the username and password for `collectd` configurations. GitHub has requested CVE ID [CVE-2024-1369](https://www.cve.org/cverecord?id=CVE-2024-1369) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-      - |
-        **HIGH:** An attacker with an editor role in the Management Console could gain admin SSH access to the appliance by command injection into nomad templates when configuring audit log forwarding. GitHub has requested CVE ID [CVE-2024-1374](https://www.cve.org/cverecord?id=CVE-2024-1374) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-      - |
-        **MEDIUM:** An attacker could make changes to a user account by taking advantage of a Cross-site Scripting vulnerability in the tag name pattern field in the tag protections UI. Exploitation of this vulnerability required user interaction with malicious javascript on a website along with further social engineering. GitHub has requested CVE ID [CVE-2024-1084](https://www.cve.org/cverecord?id=CVE-2024-1084) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-      - |
-        **LOW:** An attacker could decrypt the user section of the enterprise user license list JSON file by using an exposed private key. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
-      - |
-        Packages have been updated to the latest versions.
-  bugs:
-      - |
-        On startup, Elasticsearch logged an innocuous JMX MBeans registration error.
-      - |
-        Hunk headers in C# files did not correctly display changed functions.
-      - |
-        Users could not use integrations to mark a pull request as ready for review.
-      - |
-        During Git data server maintenance, a process that was ran on unsupported GitHub Enterprise Server topologies created a significant amount of system logs but did not perform any repair work.
-  changes:
-      - |
-        The default 30 second webhook delivery HTTP timeout can be configured.
-  known_issues:
-    - |
-      Custom firewall rules are removed during the upgrade process.
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      {% data reusables.release-notes.mermaid-rendering-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %}
-    - |
-      On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
-    - |
-      {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
-    - |
-      {% data reusables.release-notes.2024-02-pages-deployment-error %} [Updated: 2024-03-07]
--- a/data/release-notes/enterprise-server/3-8/16.yml
+++ b/data/release-notes/enterprise-server/3-8/16.yml
@@ -1,34 +0,0 @@
-date: '2024-02-29'
-sections:
-  security_fixes:
-    - |
-      **HIGH**: On an instance with GitHub Connect enabled and non-default settings for GitHub Connect configured, an attacker could use an enterprise GitHub Actions download token to fetch private repository data. This token is only accessible to users on the GitHub Enterprise Server instance. To fix this vulnerability, the Actions download token will now be a permissionless token. GitHub has requested CVE ID [CVE-2024-1908](https://www.cve.org/cverecord?id=CVE-2024-1908) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      Packages have been updated to the latest security versions. 
-  known_issues:
-    - |
-      Custom firewall rules are removed during the upgrade process.
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      {% data reusables.release-notes.mermaid-rendering-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %}
-    - |
-      On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
-    - |
-      {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
-    - |
-      {% data reusables.release-notes.2024-02-pages-deployment-error %}
--- a/data/release-notes/enterprise-server/3-8/17.yml
+++ b/data/release-notes/enterprise-server/3-8/17.yml
@@ -1,62 +0,0 @@
-date: '2024-03-20'
-sections:
-  security_fixes:
-    - |
-      **HIGH:** An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. GitHub has requested CVE ID [CVE-2024-2469](https://www.cve.org/cverecord?id=CVE-2024-2469) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **HIGH:** An attacker with an editor role in the Management Console could gain SSH access to the instance by command injection when configuring GeoJSON settings. GitHub has requested CVE ID [CVE-2024-2443](https://www.cve.org/cverecord?id=CVE-2024-2443) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      Packages have been updated to the latest security versions.
-  bugs:
-    - |
-      In some cases, storage initialization on a new instance launch could cause EBS-backed data volumes to not be detected correctly.
-    - |
-      On an instance with GitHub Actions enabled, GitHub Actions workflows that deployed GitHub Pages sites failed with the following error: `Error: Deployment failed, try again later.`
-    - |
-      Organizations using projects (classic) returned an error log about a soon-to-be deprecated MySQL feature when viewing a project.
-    - |
-      On an instance with a GitHub Advanced Security license, viewing a secret scanning alert as a user without the security manager role would return a `500` error if the alert was generated from a Git tag instead of a normal commit.
-    - |
-      Some API endpoints for projects did not properly filter target repositories based on the users access.
-    - |
-      During a configuration run prompted by the delayed restart of the `notebooks` service, a container validation warning appeared in system logs.
-    - |
-      In some cases, manual repository maintenance using `ghe-spokesctl` would fail with the following error: `panic: runtime error: invalid memory address or nil pointer dereference`.
-    - |
-      On an instance with a GitHub Advanced Security license, in some cases, when a user deleted a custom pattern for secret scanning, GitHub Enterprise Server failed to close or delete the patterns alerts.
-  changes:
-    - |
-      To avoid leaking secrets, the logging of all parameters is disabled for events related to the Management Console in an instance's enterprise audit log.
-    - |
-      People deploying a GitHub Enterprise Server instance in AWS can now deploy in an environment that uses Instance Metadata Service Version 2 (IMDSv2).
-    - |
-      On an instance in a cluster configuration, MySQL replica nodes can be configured to skip database seeding.
-    - |
-      The payload for the `push` webhook event is now limited to 2,048 commits. If there are more than 2,048 commits in a push, the webhook payload for that push will not contain any commits. If you need to fetch commit information, you can use the Commits endpoints of the REST API. For more information, see "[AUTOTITLE](/webhooks/webhook-events-and-payloads#push)" and "[AUTOTITLE](/rest/commits)."
-  known_issues:
-    - |
-      Custom firewall rules are removed during the upgrade process.
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      {% data reusables.release-notes.mermaid-rendering-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %}
-    - |
-      On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
-    - |
-      {% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
-    - |
-      {% data reusables.release-notes.2024-02-pages-deployment-error %}
--- a/data/release-notes/enterprise-server/3-8/2.yml
+++ b/data/release-notes/enterprise-server/3-8/2.yml
@@ -1,57 +0,0 @@
-date: '2023-04-18'
-sections:
-  security_fixes:
-    - |
-      **MEDIUM**: An attacker with write access to a repository could craft a pull request that would hide commits made in its source branch. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23764](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23764). [Updated: 2023-07-26]
-  bugs:
-    - |
-      On an instance with GitHub Actions enabled, nested calls to reusable workflows within a reusable workflow job with a matrix correctly evaluate contexts within expressions, like `strategy: {% raw %}${{ inputs.strategies }}{% endraw %}`.
-    - Download requests for Git LFS objects did not complete until reporting the final download size, which affected the latency of these requests, particularly on an instance with nodes functioning as repository caches.
-    - On an instance in a high availability configuration, a `git push` operation could fail if GitHub Enterprise Server was simultaneously creating the repository on a replica node.
-    - |
-      When a site administrator ran `ghe-btop` via SSH, the command did not run and a `/usr/bin/env: python3: No such file or directory` error occurred.
-    - Site administrators who prepared to enable GitHub Actions could not run the `ghe-actions-precheck` utility because the scripts file was not executable.
-    - In some cases on an instance with a GitHub Advanced Security license, users could not load the security analysis page and saw a `500` error.
-    - On an instance with GitHub Connect enabled, if "Users can search GitHub.com" was enabled, issues in private and internal repositories were not included in users search results for GitHub.com.
-    - After restoration of a deleted organization, the organization did not appear in the instance's list of organizations.
-    - |
-      After a site administrator exported a migration archive to AWS S3 using GitHub Enterprise Importer's `gh-migrator` utility, the URL for the archive was inaccessible.
-    - |
-      If a site administrator exported a migration archive to a bucket in AWS S3s us-east-1 region using GitHub Enterprise Importer's `gh-migrator` utility, the archive was inaccessible.
-    - |
-      Collectd logs could grow rapidly in size due to the inclusion of `kredz.*` metrics, which can't be parsed by StatsD and resulted in error messages.
-  changes:
-    - If a site administrator provides an invalid configuration for blob storage for GitHub Actions or GitHub Packages on an instance, the preflight checks page displays details and troubleshooting information.
-    - |
-      After a site administrator exports a migration archive using GitHub Enterprise Importer's `gh-migrator` utility, the link to the archive remains accessible for 48 hours instead of one hour.
-    - On an instance with a GitHub Advanced Security license, users who author custom patterns for secret scanning can provide expressions that must or must not match that are up to 2,000 characters. This limit is an increase from 1,000 characters.
-  known_issues:
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
-    - |
-      {% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
-    - |
-      Custom firewall rules are removed during the upgrade process.
-
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      {% data reusables.release-notes.ghe-cluster-config-apply-error %}
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
-    - |
-      On an instance with a GitHub Advanced Security license where secret scanning is enabled, excessive logging in `/var/log` may cause user-facing errors and degraded system performance if logs consume all free space on the volume. To prevent this issue from impacting users, monitor free space on your instance's root volume. For more information, see "[Configuring secret scanning for your appliance](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance)" and "[Monitoring your appliance](/admin/enterprise-management/monitoring-your-appliance)." If you suspect that this issue is affecting your instance and you need help, [contact GitHub Support](https://support.github.com/contact). [Updated: 2023-05-03]
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
-    - |
-      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
-    - |
-      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
--- a/data/release-notes/enterprise-server/3-8/3.yml
+++ b/data/release-notes/enterprise-server/3-8/3.yml
@@ -1,68 +0,0 @@
-date: '2023-05-09'
-sections:
-  security_fixes:
-    - |
-      **MEDIUM**: Updated Git to include fixes from 2.40.1. For more information, see [Git security vulnerabilities announced](https://github.blog/2023-04-25-git-security-vulnerabilities-announced-4/) on the GitHub Blog. [Updated: 2023-07-24]
-  bugs:
-    - Users were unable to upload GIF files as attachments within a comment in an issue or pull request.
-    - |
-      A site administrator could not bypass a proxy for a top-level domain (TLD) from the instance's exception list or IANAs registered top-level domains (TLDs).
-    - |
-      On some platforms, after someone with administrative SSH access ran `ghe-diagnostics`, the command's output included a cosmetic `SG_IO` error.
-    - When a site administrator used GitHub Enterprise Importer to import data from GitHub Enterprise Cloud, migrations failed during the import of file-level comments. This failure no longer prevents the import from proceeding.
-    - On an instance with a GitHub Advanced Security license, users with the security manager role for an organization could not view GitHub Advanced Security settings for the organization.
-    - On an instance with a large number of organizations, enterprise owners who navigated to the "Security and analysis" settings page for the enterprise could return a `500` error.
-    - From GitHub Enterprise Server 3.8 onwards, using the GitHub Enterprise Importer CLI, the `startRepositoryMigration` GraphQL API, or the “Start an organization migration” REST API requires a blob storage provider to be configured in the Management Console. When using Azure Blob Storage, storage containers were incorrectly configured to be publicly accessible. Azure Blob Storage containers will now be configured to be private, and we have introduced a check that explicitly fails exports if the storage container is public.
-    - When a site administrator used GitHub Enterprise Importer, import of a repository failed if a project column in the repository contained 2,500 or more archived cards.
-    - In some situations on an instance with multiple nodes, Git replication failed to fully replicate repositories that had previously been deleted, which resulted in a warning in `ghe-repl-status` output.
-    - On an instance with Dependabot alerts enabled, alerts were erroneously hidden when different vulnerabilities were detected by multiple build-time submission detectors.
-    - GitHub Enterprise Server published distribution metrics that cannot be processed by collectd. The metrics included `pre_receive.lfsintegrity.dist.referenced_oids`, `pre_receive.lfsintegrity.dist.unknown_oids`, and `git.hooks.runtime`.
-    - In some cases, on an instance with GitHub Actions enabled, deployment of GitHub Pages site using a GitHub Actions workflow failed with a status of `deployment_lost`.
-    - On an instance with a GitHub Advanced Security license that was also configured for a timezone greater than UTC, the list of secret scanning alerts displayed a "Loading secrets failed" error if a user sorted secrets by date in descending order.
-    - On an instance with a GitHub Advanced Security license where secret scanning is enabled, excessive logging in `/var/log` could cause user-facing errors and degrade system performance if logs consumed all free space on the volume.
-  changes:
-    - On an instance with the dependency graph enabled, background services can handle more traffic.
-    - |
-      People with administrative SSH access who generate a support bundle using the `ghe-support-bundle` or `ghe-cluster-support-bundle` utilities can specify the period of time to gather data with `-p` or `--period` without using spaces or quotes. For example, in addition to `'-p 5 days'` or `-p '4 days 10 hours'`,  `-p 5days` or `-p 4days10hours` are valid.
-    - After a site administrator exports a migration archive using GitHub Enterprise Importers `gh-migrator` utility, the link to the archive remains accessible for 48 hours instead of one hour.
-  known_issues:
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
-    - |
-      {% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
-    - |
-      Custom firewall rules are removed during the upgrade process.
-
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      {% data reusables.release-notes.ghe-cluster-config-apply-error %}
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
-    - |
-      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
-    - |
-      When using an outbound web proxy server, the `ghe-btop` command may fail in some circumstances with the error "Error querying allocation: Unexpected response code: 401".
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    # https://github.com/github/driftwood/issues/2746
-    - |
-      On an instance with audit log streaming enabled, the `driftwood` service does not start, preventing the normal operation of audit log streaming. [Updated: 2023-06-06]
-    - |
-      {% data reusables.release-notes.mermaid-rendering-known-issue %} [Updated: 2023-08-18]
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
-    - |
-      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
-    - |
-      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
--- a/data/release-notes/enterprise-server/3-8/4.yml
+++ b/data/release-notes/enterprise-server/3-8/4.yml
@@ -1,55 +0,0 @@
-date: '2023-05-30'
-sections:
-  security_fixes:
-    - |
-      **MEDIUM**: Scoped installation tokens for a GitHub App kept approved permissions after the permissions on the integration installation were downgraded or removed. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
-    - Packages have been updated to the latest security versions.
-  bugs:
-    - On an instance in a cluster configuration, when upgrading the MySQL master node, the post-upgrade configuration run would take 600 seconds longer than required due to incorrect detection of unhealthy nodes.
-    - On an instance with a GitHub Advanced Security license and secret scanning enabled, rotation of the key used to encrypt secrets discovered by secret scanning would fail.
-    - In some situations on an instance with multiple nodes, Git replication failed to fully replicate repositories that had previously been deleted, which resulted in a warning in `ghe-repl-status` output.
-    - |
-      If a user made a request to the Collaborators API's Add a repository collaborator endpoint specifying a `permission` of `read` or `write`, the instance returned a `500` error.
-    - On an instance with the dependency graph enabled, the correct path appears for manifests that originate from build-time submission snapshots.
-    - The `spokesctl` command-line utility accepts more input formats.
-    - |
-      On an instance with a GitHub Advanced Security license and code scanning enabled, CodeQL analysis created a SARIF file that failed processing, which the API showed as pending due to an internal exception. [Updated: 2023-12-12]
-
-  changes:
-    - People with administrative SSH access to an instance can configure the maximum memory usage in gigabytes for Redis using `ghe-config redis.max-memory-gb VALUE`.
-  known_issues:
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
-    - |
-      {% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
-    - |
-      Custom firewall rules are removed during the upgrade process.
-
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
-    - |
-      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
-    - |
-      When using an outbound web proxy server, the `ghe-btop` command may fail in some circumstances with the error "Error querying allocation: Unexpected response code: 401".
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      {% data reusables.release-notes.mermaid-rendering-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
-    - |
-      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
-    - |
-      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
--- a/data/release-notes/enterprise-server/3-8/5.yml
+++ b/data/release-notes/enterprise-server/3-8/5.yml
@@ -1,55 +0,0 @@
-date: '2023-06-20'
-sections:
-  security_fixes:
-    - |
-      **MEDIUM**: Scoped installation tokens for a GitHub App kept approved permissions after the permissions on the integration installation were downgraded or removed. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
-    - |
-      If a user's request to the instance's API included authentication credentials within a URL parameter, administrators could see the credentials in JSON within the instance's audit log.
-    - Packages have been updated to the latest security versions.
-  bugs:
-    - |
-      If an administrator updated the instance's TLS certificate using the Management Console API's [Set settings](/rest/enterprise-admin/management-console) endpoint, sending the certificate and key data as a URL query parameter resulted in the data appearing unmasked in system logs.
-    - Determining suggested reviewers on a pull request could time out or be very slow.
-    - After an enterprise owner set a permanent rate limit for a users GitHub App at `http(s)://HOSTNAME/stafftools/users/USERNAME/installations`, the instance did not respect the rate limit.
-    - On an instance with multiple nodes, when using the `spokesctl` command-line utility to manage repositories with replicas that failed to fully create, the utility would spuriously attempt to repair healthy replicas.
-    - On an instance with a GitHub Advanced Security license and code scanning enabled, code scanning could not process some SARIF files produced by newer versions of CodeQL.
-  changes:
-    - If a configuration runs fails due to Elasticsearch errors, `ghe-config-apply` displays a more actionable error message.
-  known_issues:
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
-    - |
-      {% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
-    - |
-      Custom firewall rules are removed during the upgrade process.
-
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
-    - |
-      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
-    - |
-      When using an outbound web proxy server, the `ghe-btop` command may fail in some circumstances with the error "Error querying allocation: Unexpected response code: 401".
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      {% data reusables.release-notes.mermaid-rendering-known-issue %}
-    - |
-      Organization owners cannot register a new SSH certificate authorities (CAs) due to an erroneous suggestion to start a trial. Organization SSH CAs configured before an upgrade to an affected version are still usable after the upgrade. Enterprise owners can can still register SSH CAs for all organizations.
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
-    - |
-      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
-    - |
-      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
--- a/data/release-notes/enterprise-server/3-8/6.yml
+++ b/data/release-notes/enterprise-server/3-8/6.yml
@@ -1,115 +0,0 @@
-date: '2023-07-18'
-sections:
-  security_fixes:
-    - |
-      An attacker with access to the password hash of the root site administrator user for the instance's Management Console could make requests to the password API endpoint from outside of the instance.
-    - |
-      Packages have been updated to the latest security versions.
-    - |
-      **LOW:**  An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and was assigned [CVE-2023-23765](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23765).
-  bugs:
-    - |
-      If MinIO was configured for external blob storage on an instance with GitHub Actions enabled and MinIO was configured for bucket replication, the instance's credential validation with MinIO would occasionally fail.
-    - |
-      Customers who use Azure Blob store as the remote blob provider to back GitHub Packages would have validation errors if the `EndpointSuffix` part of their Connection string was anything other than `core.windows.net`.  Now all valid `EndpointSuffix` are accepted.
-    - |
-      When a user viewed a Jupyter notebook, GitHub Enterprise Server returned a `500` error code if the instance was configured with a self-signed TLS certificate.
-    - |
-      After creation of a blob object from the web UI, pre-receive hook events were missing from the instance's audit log.
-    - |
-      On an instance in a high availability configuration, on some platforms, replication could perform poorly over links with very high latency.
-    - |
-      On an instance with custom firewall rules defined, a configuration run with `ghe-config-apply` could take longer than expected.
-    - |
-      On an instance with an outbound web proxy server configured, the proxy interfered with internal operations that used `nomad alloc exec`.
-    - |
-      On an instance in a cluster configuration, the `ghe-cluster-balance` behaved inconsistently when displaying status or managing jobs with more than one task group.
-    - |
-      On an instance configured for LDAP authentication, if the LDAP server sent an empty string for the `sshPublicKey` attribute, LDAP user sync would fail.
-    - |
-      When an administrator updated an instance's TLS certificate via the API as a query parameter instead of in the request body, the certificate and key appeared in `unicorn.log`.
-    - |
-      Jobs that performed daily clean-up tasks failed to run, so old data was not removed from the MySQL database.
-    - |
-      After creation of a new Management Console user, the Management Console did not display the button to copy the new users invitation.
-    - |
-      `ghe-service-list` erroneously reported errors because the utility looked for systemd services that have been migrated to Nomad.
-    - |
-      On an instance in a high availability configuration, when adding a new node, connection checks between existing nodes would fail.
-    - |
-      On an instance with Dependabot enabled, in some situations, Dependabot alerts were not updated when a user pushed to a repository.
-    - |
-      In rare circumstances, Git commits signed with SSH keys using the RSA algorithm would incorrectly indicate the signature was invalid.
-    - |
-      After a migration using GitHub Enterprise Importer, some repository autolink references were created with an incorrect format.
-    - |
-      In some cases on an instance without a GitHub Advanced Security license, Redis exceeded the maximum default memory allocation, causing `500` errors for the instance's users.
-    - |
-      On an instance with many organizations, the enterprise security overview page returned a `500` error.
-    - |
-      On an instance that was not configured to deliver email notifications using SMTP, background jobs to deliver email were enqueued unnecessarily.
-    - |
-      Users were unable to configure a SSH certificate authority for an organization.
-    - |
-      An erroneous "Blocked Copilot Repositories" link was visible in site admin pages for organizations.
-    - |
-      Events related to repository notifications did not appear in the audit log.
-    - |
-      On an instance with a GitHub Advanced Security license and secret scanning enabled, in some cases, a committer would not receive an email notification for a secret scanning alert where push protections were bypassed.
-    - |
-      On an instance with a GitHub Advanced Security license, if a user filtered by a custom pattern on an organizations "Code & security analysis" page using an invalid query, the entire GitHub Advanced Security disappeared and an error reading "Sorry, something went wrong loading GitHub Advanced Security settings" appeared.
-    - |
-      On an instance with a GitHub Advanced Security license and secret scanning enabled, output from Git for a push blocked by push protection always included an `http://` link.
-    - |
-      Querying the audit log for `hashed_token` returned no results.
-    - |
-      The audit log reported the incorrect target repository for pre-receive hook failures.
-    - |
-      Links to wiki pages in Markdown headers did not point to the correct path, resulting in a `404 Not Found` error.
-    - |
-      GitHub Actions will now properly execute after restoring a deleted repository.
-    - |
-      On an instance with multiple nodes, when using the `spokesctl` command-line utility to manage repositories with replicas that failed to fully create, the utility would spuriously attempt to repair healthy replicas.
-  changes:
-    - |
-      On an instance in a cluster configuration, the `ghe-cluster-config-check` command-line utility will return an affirmative message when no warnings or errors are detected. The affirmative message is "Configuration validation complete. No errors found."
-    - |
-      During initialization of a cluster configuration, output from the `ghe-cluster-config-init` command-line utility is improved and simplified.
-    - |
-      The Management Console displays a warning about unexpected consequences that may result from modification of the instance's hostname after initial configuration.
-  known_issues:
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
-    - |
-      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
-    - |
-      Custom firewall rules are removed during the upgrade process.
-
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
-    - |
-      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      {% data reusables.release-notes.mermaid-rendering-known-issue %}
-    - |
-      {% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
-    - |
-      {% data reusables.release-notes.migrations-missing-section-known-issue %} [Updated: 2023-08-18]
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
-    - |
-      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
-    - |
-      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
--- a/data/release-notes/enterprise-server/3-8/7.yml
+++ b/data/release-notes/enterprise-server/3-8/7.yml
@@ -1,42 +0,0 @@
-date: '2023-07-28'
-sections:
-  known_issues:
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
-    - |
-      Custom firewall rules are removed during the upgrade process.
-
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
-    - |
-      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
-    - |
-      On an instance that is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles uploaded by a site administrator using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      {% data reusables.release-notes.mermaid-rendering-known-issue %}
-    - |
-      {% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
-    - |
-      {% data reusables.release-notes.migrations-missing-section-known-issue %} [Updated: 2023-08-18]
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
-    - |
-      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
-    - |
-      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
-  bugs:
-    - |
-      On an instance configured to use an outbound web proxy server, an administrator could not exclude private domains in [this list](https://github.com/weppos/publicsuffix-ruby/blob/main/data/list.txt) from the proxy configuration. [Updated: 2023-11-27]
-  changes:
-    - |
-      Adjusted the timeout threshold for shutting down MySQL to prevent premature termination when upgrading to GHES 3.9.
--- a/data/release-notes/enterprise-server/3-8/8.yml
+++ b/data/release-notes/enterprise-server/3-8/8.yml
@@ -1,65 +0,0 @@
-date: '2023-08-10'
-sections:
-  security_fixes:
-    - |
-      **LOW:** An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a reopened pull request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com/) and was assigned [CVE-2023-23766](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23766). [Updated: 2023-09-22]
-    - |
-      Packages have been updated to the latest security versions.
-  bugs:
-    - |
-      API results were incomplete, and ordering of results was incorrect if `asc` or `desc` appeared in lowercase within the API query.
-    - |
-      The checks in the merge box for a pull request did not always match the the checks for the most recent commit in the pull request.
-    - |
-      When a site administrator used GitHub Enterprise Importer on versions 3.7 and below to migrate repositories from GitHub Enterprise Server, the system backup size would increase after running many migrations due to storage files not being cleaned up.
-    - |
-      A collaborator with the "Set the social preview" permission inherited from the "Read" role couldnt upload the social preview image of a repository.
-    - |
-      When running the `ghe-migrator`, certain error messages contained an invalid link to import documentation.
-    - |
-      In some cases, on an instance with GitHub Actions enabled, deployment of GitHub Pages site using a GitHub Actions workflow failed with a status of `deployment_lost`.
-    - |
-      On an instance in a high availability configuration, existing nodes with out-of-sync repositories prevented new nodes from replicating those repositories.
-    - |
-      GitHub Enterprise Server was queuing zip jobs unnecessarily.
-  changes:
-    - |
-      The description of the `ghe-cluster-balance` command line utility clarifies that it can be used to balance jobs other than `github-unicorn`.
-    - |
-      On GitHub Enterprise Server 3.8 and above, a blob storage provider must be configured in the Management Console in order to use the GitHub Enterprise Importer CLI, "startRepositoryMigration" GraphQL API, or "Start an organization migration" REST API. The "Migrations" section in the Management Console was mistakenly removed and has been added back.
-    - |
-      Administrators can display all repositories in a network with `spokesctl` by using the `repositories` subcommand.
-    - |
-      The secondary abuse rate limits of the GraphQL API are now configurable in the Management Console. [Updated: 2023-09-01]
-  known_issues:
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
-    - |
-      Custom firewall rules are removed during the upgrade process.
-
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
-    - |
-      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      {% data reusables.release-notes.mermaid-rendering-known-issue %}
-    - |
-      {% data reusables.release-notes.migrations-blob-storage-unconfigurable-known-issue %} [Updated: 2023-08-18]
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
-    - |
-      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
-    - |
-      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
--- a/data/release-notes/enterprise-server/3-8/9.yml
+++ b/data/release-notes/enterprise-server/3-8/9.yml
@@ -1,47 +0,0 @@
-date: '2023-08-24'
-sections:
-  security_fixes:
-    - Packages have been updated to the latest security versions.
-    - |
-      An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after the fork's visibility was changed to private. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and assigned [CVE-2023-23763](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23763). [Updated: 2023-09-01]
-  bugs:
-    - When an administrator tried to validate blob storage connection settings for GitHub Enterprise Importer in the Management Console using the **Test storage settings** button, the operation failed.
-    - syslog-ng configurations for containerized services caused errors for log forwarding services. The configurations have been removed.
-    - When an instance exhausted available memory, in some cases, the system's out-of-memory killer (OOMK) killed the process for `dockerd`, causing Nomad to fail to recover after systemd restarted Docker.
-    - When running the ghe-migrator, certain error messages contained an invalid link to import documentation.
-    - On an instance with GitHub Actions enabled, due to mismatched values, users could not easily associate workflow job run IDs from the GitHub Enterprise Server APIs or webhooks with a job in the UI. Workflow job runs now use a new URL pattern of `...actions/runs/job/{job_id}`, and `job_id` matches values from APIs and webhook payloads.
-    - On an instance with a GitHub Advanced Security license and secret scanning enabled, in some cases, custom patterns would erroneously show no results for a dry run.
-    - |
-      Administrators could not use the "Migrations" section in an instance's Management Console to configure blob storage for GitHub Enterprise Importer. [Updated: 2023-08-31]
-  changes:
-    - Administrators with SSH access to an instance can view the version of GitHub Enterprise Server on the instance by using the `-v` flag with the `ghe-version` utility.
-  known_issues:
-    - |
-      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
-    - |
-      Custom firewall rules are removed during the upgrade process.
-
-    - |
-      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
-    - |
-      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
-    - |
-      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
-    - |
-      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
-    - |
-      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
-    - |
-      {% data reusables.release-notes.mermaid-rendering-known-issue %}
-    - |
-      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-09-04]
-    - |
-      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
-    - |
-      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
-    - |
-      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
-    - |
-      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
-    - |
-      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
--- a/data/reusables/code-scanning/sarif-limits.md
+++ b/data/reusables/code-scanning/sarif-limits.md
@@ -1,5 +1,3 @@
-{% ifversion fpt or ghec or ghes > 3.8 %}
-
 {% rowheaders %}

 | **SARIF data** | **Maximum values** | **Display limits** |
@@ -13,35 +11,3 @@
 | Tags per rule |  20 | Only 10 tags will be included. |

 {% endrowheaders %}
-
-{% elsif ghes < 3.9 %}
-
-{% rowheaders %}
-
-| **SARIF data** | **Maximum values** | **Display limits** |
-|----------------|:------------------:|-----------------------|
-| Runs per file | 15 |  None |
-| Results per run | 25,000 | Only the top 5,000 results will be included, prioritized by severity. |
-| Rules per run | 25,000 | None |
-| Tool extensions per run | 100 | None |
-| Thread Flow Locations per result | 10,000 | Only the top 1,000 Thread Flow Locations will be included, using prioritization. |
-| Location per result | 1,000 | Only 100 locations will be included. |
-| Tags per rule | 20 | Only 10 tags will be included. |
-
-{% endrowheaders %}
-
-{% else %}
-
-{% rowheaders %}
-
-| **SARIF data** | **Maximum values** | **Display limits** |
-|----------------|:------------------:|-----------------------|
-| Runs per file | 15 | None |
-| Results per run | 25,000 | Only the top 5,000 results will be included, prioritized by severity. |
-| Rules per run | 25,000  | None |
-| Thread Flow Locations per result | 10,000 | Only the top 1,000 Thread Flow Locations will be included, using prioritization. |
-| Location per result |  1,000 | Only 100 locations will be included. | None |
-
-{% endrowheaders %}
-
-{% endif %}
--- a/data/reusables/dependabot/dependabot-alerts-dependency-scope.md
+++ b/data/reusables/dependabot/dependabot-alerts-dependency-scope.md
@@ -7,9 +7,6 @@ The table below summarizes whether dependency scope is supported for various eco
 | Dart | pub | pubspec.lock |  {% octicon "check" aria-label="Supported" %} |
 {%- endif %}
 | Go | Go modules | go.mod | No, defaults to runtime |
-{%- ifversion ghes < 3.9 %}
-| Go | Go modules | go.sum | No, defaults to runtime |
-{%- endif %}
 | Java | Maven | pom.xml | {% octicon "check" aria-label="Supported" %} `test` maps to development, else scope defaults to runtime |
 | JavaScript | npm | package.json | {% octicon "check" aria-label="Supported" %} |
 | JavaScript | npm | package-lock.json | {% octicon "check" aria-label="Supported" %} |
--- a/data/reusables/enterprise/azure-maps-auth-deprecation-link.md
+++ b/data/reusables/enterprise/azure-maps-auth-deprecation-link.md
@@ -1 +1 @@
-For more information, see the "[Deprecations](/admin/release-notes#{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %}-deprecations)" section in the release notes.
+For more information, see the "[Deprecations](/admin/release-notes#{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %}-deprecations)" section in the release notes.
--- a/data/reusables/enterprise_backup_utilities/enterprise-backup-utils-encryption-keys.md
+++ b/data/reusables/enterprise_backup_utilities/enterprise-backup-utils-encryption-keys.md
@@ -1 +1 @@
-After restoration of a backup created using {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.7.0 or 3.8.0{% elsif ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %}, users may not be able to sign into the instance. To fix this issue, plus a bug that was preventing secret scanning encryption keys from being backed up, upgrade your backup host to use {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.8.1{% elsif ghes = 3.9 %}3.9.1{% endif %} and generate a new full backup using `ghe-backup`. For more information about using an existing backup, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/known-issues-with-backups-for-your-instance#users-cannot-sign-in-after-restoration-of-a-backup)."
+After restoration of a backup created using {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %}, users may not be able to sign into the instance. To fix this issue, plus a bug that was preventing secret scanning encryption keys from being backed up, upgrade your backup host to use {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9 %}3.9.1{% endif %} and generate a new full backup using `ghe-backup`. For more information about using an existing backup, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/known-issues-with-backups-for-your-instance#users-cannot-sign-in-after-restoration-of-a-backup)."
--- a/data/reusables/enterprise_site_admin_settings/3-7-new-subdomains.md
+++ b/data/reusables/enterprise_site_admin_settings/3-7-new-subdomains.md
@@ -1,13 +0,0 @@
-{% ifversion ghes = 3.8 %}
-
-{% note %}
-
-{%- ifversion ghes = 3.8 %}
-
-**Note**: The `http(s)://notebooks.HOSTNAME` or `http(s)://viewscreen.HOSTNAME` subdomains are new in {% data variables.product.product_name %} 3.7 and later, and replace `http(s)://render.HOSTNAME`. After you upgrade to 3.7 or later, your TLS certificate must cover the subdomain for the replacement services, `http(s)://notebooks.HOSTNAME` and `http(s)://viewscreen.HOSTNAME`.
-
-{%- endif %}
-
-{% endnote %}
-
-{% endif %}
--- a/data/reusables/projects/projects-beta.md
+++ b/data/reusables/projects/projects-beta.md
@@ -1,4 +1,4 @@
-{% ifversion ghes = 3.8 or ghes = 3.9 %}
+{% ifversion ghes = 3.9 %}

 {% note %}

--- a/data/reusables/release-notes/2024-01-haproxy-upgrade-causing-increased-errors.md
+++ b/data/reusables/release-notes/2024-01-haproxy-upgrade-causing-increased-errors.md
@@ -3,12 +3,10 @@ is upgraded as part of a hotpatch upgrade to a {% data variables.product.prodnam
 These elevated error rates should resolve within 5 minutes of the hotpatch being applied.

 Please note, when performing a hotpatch upgrade to
-{% ifversion ghes = 3.8 %} {% data variables.product.prodname_ghe_server %} version 3.8.12 or higher
-{% elsif ghes = 3.9 %} {% data variables.product.prodname_ghe_server %} version 3.9.7 or higher
+{% ifversion ghes = 3.9 %} {% data variables.product.prodname_ghe_server %} version 3.9.7 or higher
 {% elsif ghes = 3.10 %} {% data variables.product.prodname_ghe_server %} version 3.10.4 or higher
 {% elsif ghes = 3.11 %} {% data variables.product.prodname_ghe_server %} version 3.11.1 or higher
 {% endif %} you will encounter this known issue only if you are hotpatching from
-{% ifversion ghes = 3.8 %} {% data variables.product.prodname_ghe_server %} version 3.8.11 or lower
-{% elsif ghes = 3.9 %} {% data variables.product.prodname_ghe_server %} version 3.9.6 or lower
+{% ifversion ghes = 3.9 %} {% data variables.product.prodname_ghe_server %} version 3.9.6 or lower
 {% elsif ghes = 3.10 %} {% data variables.product.prodname_ghe_server %} version 3.10.3 or lower
 {% elsif ghes = 3.11 %} {% data variables.product.prodname_ghe_server %} version 3.11.0{% endif %}.
--- a/data/reusables/release-notes/enterprise-backup-utils-encryption-keys.md
+++ b/data/reusables/release-notes/enterprise-backup-utils-encryption-keys.md
@@ -1 +1 @@
-After restoration of a backup created using {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.7.0 or 3.8.0{% elsif ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %}, users may not be able to sign into the instance. To fix this issue, plus a bug that was preventing secret scanning encryption keys from being backed up, upgrade your backup host to use {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.8.1{% elsif ghes = 3.9 %}3.9.1{% endif %} and generate a new full backup using `ghe-backup`. For more information on using an existing backup, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/known-issues-with-backups-for-your-instance#users-cannot-sign-in-after-restoration-of-a-backup)."
+After restoration of a backup created using {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %}, users may not be able to sign into the instance. To fix this issue, plus a bug that was preventing secret scanning encryption keys from being backed up, upgrade your backup host to use {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.9 %}3.9.1{% endif %} and generate a new full backup using `ghe-backup`. For more information on using an existing backup, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/known-issues-with-backups-for-your-instance#users-cannot-sign-in-after-restoration-of-a-backup)."
--- a/data/reusables/ssh/key-type-support.md
+++ b/data/reusables/ssh/key-type-support.md
@@ -8,21 +8,4 @@ As of that date, DSA keys (`ssh-dss`) are no longer supported. You cannot add ne
 RSA keys (`ssh-rsa`) with a `valid_after` before November 2, 2021 may continue to use any signature algorithm. RSA keys generated after that date must use a SHA-2 signature algorithm. Some older clients may need to be upgraded in order to use SHA-2 signatures.

 {% endnote %}
-
-{% elsif ghes = 3.8 %}
-
-{% note %}
-
-**Note**: By default with {% data variables.product.product_name %} 3.6 and later, as of the cutoff date of midnight UTC on August 1, 2022, SSH connections that satisfy **both** of the following conditions will fail.
-
-<br/>
-
-{% data reusables.ssh.rsa-sha-1-connection-failure-criteria %}
-
-{% data variables.product.product_name %} 3.6 and later also does not support SSH connections that use DSA, HMAC-SHA-1, or CBC ciphers. RSA SSH keys uploaded before the cutoff date can continue to authenticate using the SHA-1 hash function as long as the key remains valid. For more information about finding the version of {% data variables.product.product_name %} that you use, see "[AUTOTITLE](/get-started/learning-about-github/about-versions-of-github-docs#github-enterprise-server)."
-
-Your site administrator can adjust the cutoff date for connections using RSA-SHA-1, and may block all connections using RSA-SHA-1. For more information, contact your site administrator or see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-ssh-connections-to-your-instance)."
-
-{% endnote %}
-
 {% endif %}
--- a/data/reusables/two_fa/enable-totp-app-method.md
+++ b/data/reusables/two_fa/enable-totp-app-method.md
@@ -1,4 +1,3 @@
-{%- ifversion fpt or ghec or ghes > 3.8 %}
 1. Under "Scan the QR code", do one of the following:

    - Scan the QR code with your mobile device's app. After scanning, the app displays a six-digit code that you can enter on {% data variables.product.product_name %}.
@@ -7,16 +6,3 @@
   ![Screenshot of the "Setup authenticator app" section of the 2FA settings. A link, labeled "setup key", is highlighted in orange.](/assets/images/help/2fa/ghes-3.8-and-higher-2fa-wizard-app-click-code.png)

 1. The TOTP application saves your account on {% data variables.location.product_location %} and generates a new authentication code every few seconds. On {% data variables.product.product_name %}, type the code into the field under "Verify the code from the app".
-{%- else %}
-1. Under "Two-factor authentication", select **Set up using an app** and click **Continue**.
-1. Under "Authentication verification", do one of the following:
-
-    - Scan the QR code with your mobile device's app. After scanning, the app displays a six-digit code that you can enter on {% data variables.product.product_name %}.
-    - If you can't scan the QR code, click **enter this text code** to see a code that you can manually enter in your TOTP app instead.
-
-    ![Screenshot of the 2FA enablement page. A link with the text "enter this text code" is highlighted in orange.](/assets/images/help/2fa/2fa-wizard-app-click-code.png)
-
-1. The TOTP application saves your account on {% data variables.location.product_location %} and generates a new authentication code every few seconds. On {% data variables.product.product_name %}, type the code into the field under "Enter the six-digit code from the application".
-{%- endif %}
-
-{% ifversion ghes < 3.9 %}{% data reusables.two_fa.test_2fa_immediately %}{% endif %}
--- a/data/reusables/two_fa/manual-totp-app-setup.md
+++ b/data/reusables/two_fa/manual-totp-app-setup.md
@@ -2,7 +2,7 @@ If you are unable to scan the setup QR code or wish to setup a TOTP app manually

 - Type: `TOTP`
 - Label: `GitHub:<username>` where `<username>` is your handle on {% data variables.product.prodname_dotcom %}, for example `monalisa`
- Secret: This is the encoded setup key, shown if you click {%- ifversion fpt or ghec or ghes > 3.8 %} "Setup key" {%- else %} "Enter this text code" {%- endif %} during configuration
+- Secret: This is the encoded setup key, shown if you click "Setup key"  during configuration
 - Issuer: `GitHub`
 - Algorithm: The default of SHA1 is used
 - Digits: The default of 6 is used
--- a/data/variables/code-scanning.yml
+++ b/data/variables/code-scanning.yml
@@ -13,4 +13,4 @@ no_build_support: 'Java'
 compiled_languages: 'C/C++, C#, {% ifversion codeql-go-autobuild %} Go,{% endif %} {% ifversion codeql-swift-beta %} Java, and Swift{% else %} and Java{% endif %}'

 # List of languages where the libraries support expansion using CodeQL model packs at the repository level.
-codeql_model_packs_support: 'Java/Kotlin{% ifversion fpt or ghec or ghes > 3.12 %} and C#{% endif %}'
+codeql_model_packs_support: 'Java/Kotlin and C#'
--- a/data/variables/product.yml
+++ b/data/variables/product.yml
@@ -93,7 +93,7 @@ codeql_cli_ghes_recommended_version: >-
  {% ifversion ghes < 3.10 %}2.12.7{% elsif ghes < 3.11 %}2.13.5{% elsif ghes < 3.12 %}2.14.6{% elsif ghes < 3.13 %}2.15.5{% elsif ghes < 3.14 %}2.16.6{% endif %}

 # Projects v2
-prodname_projects_v2: '{% ifversion ghes = 3.8 or ghes = 3.9 %}Projects (beta){% else %}Projects{% endif %}'
+prodname_projects_v2: '{% ifversion ghes = 3.9 %}Projects (beta){% else %}Projects{% endif %}'
 prodname_projects_v1: >-
  projects (classic)
 prodname_projects_v1_caps: >-
--- a/data/variables/projects.yml
+++ b/data/variables/projects.yml
@@ -4,13 +4,13 @@ project_v2: 'project'
 project_v2_caps: 'Project'

 projects_v1_board: >-
-  {% ifversion ghes < 3.8 %}project board{% else %}project (classic){% endif %}
+  project (classic)
 projects_v1_board_caps: >-
-  {% ifversion ghes < 3.8 %}Project board{% else %}Project (classic){% endif %}
+  Project (classic)
 projects_v1_boards: >-
-  {% ifversion ghes < 3.8 %}project boards{% else %}projects (classic){% endif %}
+  projects (classic)
 projects_v1_boards_caps: >-
-  {% ifversion ghes < 3.8 %}Project boards{% else %}Projects (classic){% endif %}
+  Projects (classic)

 command-palette-shortcut: '<kbd>Command</kbd>+<kbd>K</kbd> (Mac) or <kbd>Ctrl</kbd>+<kbd>K</kbd> (Windows/Linux)'

--- a/src/github-apps/data/ghes-3.8/fine-grained-pat-permissions.json
+++ b/src/github-apps/data/ghes-3.8/fine-grained-pat-permissions.json
--- a/src/github-apps/data/ghes-3.8/fine-grained-pat.json
+++ b/src/github-apps/data/ghes-3.8/fine-grained-pat.json
--- a/src/github-apps/data/ghes-3.8/server-to-server-permissions.json
+++ b/src/github-apps/data/ghes-3.8/server-to-server-permissions.json
--- a/src/github-apps/data/ghes-3.8/server-to-server-rest.json
+++ b/src/github-apps/data/ghes-3.8/server-to-server-rest.json
--- a/src/github-apps/data/ghes-3.8/user-to-server-rest.json
+++ b/src/github-apps/data/ghes-3.8/user-to-server-rest.json
--- a/src/graphql/data/ghes-3.8/previews.json
+++ b/src/graphql/data/ghes-3.8/previews.json
@@ -1,149 +0,0 @@
-[
-  {
-    "title": "Access to package version deletion preview",
-    "description": "This preview adds support for the DeletePackageVersion mutation which enables deletion of private package versions.",
-    "toggled_by": "package-deletes-preview",
-    "toggled_on": [
-      "Mutation.deletePackageVersion"
-    ],
-    "owning_teams": [
-      "@github/pe-package-registry"
-    ],
-    "accept_header": "application/vnd.github.package-deletes-preview+json",
-    "href": "/graphql/overview/schema-previews#access-to-package-version-deletion-preview"
-  },
-  {
-    "title": "Deployments preview",
-    "description": "This preview adds support for deployments mutations and new deployments features.",
-    "toggled_by": "flash-preview",
-    "toggled_on": [
-      "DeploymentStatus.environment",
-      "Mutation.createDeploymentStatus",
-      "Mutation.createDeployment"
-    ],
-    "owning_teams": [
-      "@github/c2c-actions-service"
-    ],
-    "accept_header": "application/vnd.github.flash-preview+json",
-    "href": "/graphql/overview/schema-previews#deployments-preview"
-  },
-  {
-    "title": "Merge info preview more detailed information about a pull request's merge state preview",
-    "description": "This preview adds support for accessing fields that provide more detailed information about a pull request's merge state.",
-    "toggled_by": "merge-info-preview",
-    "toggled_on": [
-      "PullRequest.canBeRebased",
-      "PullRequest.mergeStateStatus"
-    ],
-    "owning_teams": [
-      "@github/pe-pull-requests"
-    ],
-    "accept_header": "application/vnd.github.merge-info-preview+json",
-    "href": "/graphql/overview/schema-previews#merge-info-preview-more-detailed-information-about-a-pull-requests-merge-state-preview"
-  },
-  {
-    "title": "Update refs preview update multiple refs in a single operation preview",
-    "description": "This preview adds support for updating multiple refs in a single operation.",
-    "toggled_by": "update-refs-preview",
-    "toggled_on": [
-      "Mutation.updateRefs",
-      "GitRefname",
-      "RefUpdate"
-    ],
-    "owning_teams": [
-      "@github/reponauts"
-    ],
-    "accept_header": "application/vnd.github.update-refs-preview+json",
-    "href": "/graphql/overview/schema-previews#update-refs-preview-update-multiple-refs-in-a-single-operation-preview"
-  },
-  {
-    "title": "Access to a repository's dependency graph preview",
-    "description": "This preview adds support for reading a dependency graph for a repository.",
-    "toggled_by": "hawkgirl-preview",
-    "toggled_on": [
-      "DependencyGraphManifest",
-      "Repository.dependencyGraphManifests",
-      "DependencyGraphManifestEdge",
-      "DependencyGraphManifestConnection",
-      "DependencyGraphDependency",
-      "DependencyGraphDependencyEdge",
-      "DependencyGraphDependencyConnection",
-      "DependencyGraphPackageRelease.dependencies"
-    ],
-    "owning_teams": [
-      "@github/dependency-graph"
-    ],
-    "accept_header": "application/vnd.github.hawkgirl-preview+json",
-    "href": "/graphql/overview/schema-previews#access-to-a-repositorys-dependency-graph-preview"
-  },
-  {
-    "title": "Project event details preview",
-    "description": "This preview adds project, project card, and project column details to project-related issue events.",
-    "toggled_by": "starfox-preview",
-    "toggled_on": [
-      "AddedToProjectEvent.project",
-      "AddedToProjectEvent.projectCard",
-      "AddedToProjectEvent.projectColumnName",
-      "ConvertedNoteToIssueEvent.project",
-      "ConvertedNoteToIssueEvent.projectCard",
-      "ConvertedNoteToIssueEvent.projectColumnName",
-      "MovedColumnsInProjectEvent.project",
-      "MovedColumnsInProjectEvent.projectCard",
-      "MovedColumnsInProjectEvent.projectColumnName",
-      "MovedColumnsInProjectEvent.previousProjectColumnName",
-      "RemovedFromProjectEvent.project",
-      "RemovedFromProjectEvent.projectColumnName"
-    ],
-    "owning_teams": [
-      "@github/github-projects"
-    ],
-    "accept_header": "application/vnd.github.starfox-preview+json",
-    "href": "/graphql/overview/schema-previews#project-event-details-preview"
-  },
-  {
-    "title": "Labels preview",
-    "description": "This preview adds support for adding, updating, creating and deleting labels.",
-    "toggled_by": "bane-preview",
-    "toggled_on": [
-      "Mutation.createLabel",
-      "Mutation.deleteLabel",
-      "Mutation.updateLabel"
-    ],
-    "owning_teams": [
-      "@github/pe-pull-requests"
-    ],
-    "accept_header": "application/vnd.github.bane-preview+json",
-    "href": "/graphql/overview/schema-previews#labels-preview"
-  },
-  {
-    "title": "Import project preview",
-    "description": "This preview adds support for importing projects.",
-    "toggled_by": "slothette-preview",
-    "toggled_on": [
-      "Mutation.importProject"
-    ],
-    "owning_teams": [
-      "@github/pe-issues-projects"
-    ],
-    "accept_header": "application/vnd.github.slothette-preview+json",
-    "href": "/graphql/overview/schema-previews#import-project-preview"
-  },
-  {
-    "title": "Team review assignments preview",
-    "description": "This preview adds support for updating the settings for team review assignment.",
-    "toggled_by": "stone-crop-preview",
-    "toggled_on": [
-      "Mutation.updateTeamReviewAssignment",
-      "TeamReviewAssignmentAlgorithm",
-      "Team.reviewRequestDelegationEnabled",
-      "Team.reviewRequestDelegationAlgorithm",
-      "Team.reviewRequestDelegationMemberCount",
-      "Team.reviewRequestDelegationNotifyTeam"
-    ],
-    "owning_teams": [
-      "@github/pe-pull-requests"
-    ],
-    "accept_header": "application/vnd.github.stone-crop-preview+json",
-    "href": "/graphql/overview/schema-previews#team-review-assignments-preview"
-  }
-]
--- a/src/graphql/data/ghes-3.8/schema.json
+++ b/src/graphql/data/ghes-3.8/schema.json
--- a/src/graphql/data/ghes-3.8/upcoming-changes.json
+++ b/src/graphql/data/ghes-3.8/upcoming-changes.json
@@ -1,278 +0,0 @@
-{
-  "2023-04-01": [
-    {
-      "location": "Repository.squashPrTitleUsedAsDefault",
-      "description": "<p><code>squashPrTitleUsedAsDefault</code> will be removed. Use <code>Repository.squashMergeCommitTitle</code> instead.</p>",
-      "reason": "<p><code>squashPrTitleUsedAsDefault</code> will be removed.</p>",
-      "date": "2023-04-01",
-      "criticality": "breaking",
-      "owner": "github/pull_requests"
-    },
-    {
-      "location": "ProjectV2View.verticalGroupBy",
-      "description": "<p><code>verticalGroupBy</code> will be removed. Check out the <code>ProjectV2View#vertical_group_by_fields</code> API as an example for the more capable alternative.</p>",
-      "reason": "<p>The <code>ProjectV2View#vertical_group_by</code> API is deprecated in favour of the more capable <code>ProjectV2View#vertical_group_by_fields</code> API.</p>",
-      "date": "2023-04-01",
-      "criticality": "breaking",
-      "owner": "traumverloren"
-    },
-    {
-      "location": "ProjectV2View.sortBy",
-      "description": "<p><code>sortBy</code> will be removed. Check out the <code>ProjectV2View#sort_by_fields</code> API as an example for the more capable alternative.</p>",
-      "reason": "<p>The <code>ProjectV2View#sort_by</code> API is deprecated in favour of the more capable <code>ProjectV2View#sort_by_fields</code> API.</p>",
-      "date": "2023-04-01",
-      "criticality": "breaking",
-      "owner": "traumverloren"
-    },
-    {
-      "location": "ProjectV2View.groupBy",
-      "description": "<p><code>groupBy</code> will be removed. Check out the <code>ProjectV2View#group_by_fields</code> API as an example for the more capable alternative.</p>",
-      "reason": "<p>The <code>ProjectV2View#order_by</code> API is deprecated in favour of the more capable <code>ProjectV2View#group_by_field</code> API.</p>",
-      "date": "2023-04-01",
-      "criticality": "breaking",
-      "owner": "alcere"
-    }
-  ],
-  "2023-01-01": [
-    {
-      "location": "ProjectV2View.visibleFields",
-      "description": "<p><code>visibleFields</code> will be removed. Check out the <code>ProjectV2View#fields</code> API as an example for the more capable alternative.</p>",
-      "reason": "<p>The <code>ProjectV2View#visibleFields</code> API is deprecated in favour of the more capable <code>ProjectV2View#fields</code> API.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "mattruggio"
-    },
-    {
-      "location": "ProjectNextFieldType.TRACKS",
-      "description": "<p><code>TRACKS</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
-      "reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "lukewar"
-    },
-    {
-      "location": "ProjectNextFieldType.TRACKED_BY",
-      "description": "<p><code>TRACKED_BY</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
-      "reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "lukewar"
-    },
-    {
-      "location": "ProjectNextFieldType.TITLE",
-      "description": "<p><code>TITLE</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
-      "reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "lukewar"
-    },
-    {
-      "location": "ProjectNextFieldType.TEXT",
-      "description": "<p><code>TEXT</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
-      "reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "lukewar"
-    },
-    {
-      "location": "ProjectNextFieldType.SINGLE_SELECT",
-      "description": "<p><code>SINGLE_SELECT</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
-      "reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "lukewar"
-    },
-    {
-      "location": "ProjectNextFieldType.REVIEWERS",
-      "description": "<p><code>REVIEWERS</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
-      "reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "lukewar"
-    },
-    {
-      "location": "ProjectNextFieldType.REPOSITORY",
-      "description": "<p><code>REPOSITORY</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
-      "reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "lukewar"
-    },
-    {
-      "location": "ProjectNextFieldType.NUMBER",
-      "description": "<p><code>NUMBER</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
-      "reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "lukewar"
-    },
-    {
-      "location": "ProjectNextFieldType.MILESTONE",
-      "description": "<p><code>MILESTONE</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
-      "reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "lukewar"
-    },
-    {
-      "location": "ProjectNextFieldType.LINKED_PULL_REQUESTS",
-      "description": "<p><code>LINKED_PULL_REQUESTS</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
-      "reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "lukewar"
-    },
-    {
-      "location": "ProjectNextFieldType.LABELS",
-      "description": "<p><code>LABELS</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
-      "reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "lukewar"
-    },
-    {
-      "location": "ProjectNextFieldType.ITERATION",
-      "description": "<p><code>ITERATION</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
-      "reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "lukewar"
-    },
-    {
-      "location": "ProjectNextFieldType.DATE",
-      "description": "<p><code>DATE</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
-      "reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "lukewar"
-    },
-    {
-      "location": "ProjectNextFieldType.ASSIGNEES",
-      "description": "<p><code>ASSIGNEES</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
-      "reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "lukewar"
-    },
-    {
-      "location": "Commit.changedFiles",
-      "description": "<p><code>changedFiles</code> will be removed. Use <code>changedFilesIfAvailable</code> instead.</p>",
-      "reason": "<p><code>changedFiles</code> will be removed.</p>",
-      "date": "2023-01-01",
-      "criticality": "breaking",
-      "owner": "adamshwert"
-    }
-  ],
-  "2022-10-01": [
-    {
-      "location": "RepositoryVulnerabilityAlert.fixReason",
-      "description": "<p><code>fixReason</code> will be removed.</p>",
-      "reason": "<p>The <code>fixReason</code> field is being removed. You can still use <code>fixedAt</code> and <code>dismissReason</code>.</p>",
-      "date": "2022-10-01",
-      "criticality": "breaking",
-      "owner": "jamestran201"
-    },
-    {
-      "location": "RemovePullRequestFromMergeQueueInput.branch",
-      "description": "<p><code>branch</code> will be removed.</p>",
-      "reason": "<p>PRs are removed from the merge queue for the base branch, the <code>branch</code> argument is now a no-op</p>",
-      "date": "2022-10-01",
-      "criticality": "breaking",
-      "owner": "jhunschejones"
-    },
-    {
-      "location": "DependencyGraphDependency.packageLabel",
-      "description": "<p><code>packageLabel</code> will be removed. Use normalized <code>packageName</code> field instead.</p>",
-      "reason": "<p><code>packageLabel</code> will be removed.</p>",
-      "date": "2022-10-01",
-      "criticality": "breaking",
-      "owner": "github/dependency_graph"
-    }
-  ],
-  "2022-07-01": [
-    {
-      "location": "AddPullRequestToMergeQueueInput.branch",
-      "description": "<p><code>branch</code> will be removed.</p>",
-      "reason": "<p>PRs are added to the merge queue for the base branch, the <code>branch</code> argument is now a no-op</p>",
-      "date": "2022-07-01",
-      "criticality": "breaking",
-      "owner": "jhunschejones"
-    }
-  ],
-  "2021-10-01": [
-    {
-      "location": "ReactionGroup.users",
-      "description": "<p><code>users</code> will be removed. Use the <code>reactors</code> field instead.</p>",
-      "reason": "<p>Reactors can now be mannequins, bots, and organizations.</p>",
-      "date": "2021-10-01",
-      "criticality": "breaking",
-      "owner": "synthead"
-    }
-  ],
-  "2021-06-21": [
-    {
-      "location": "PackageType.DOCKER",
-      "description": "<p><code>DOCKER</code> will be removed.</p>",
-      "reason": "<p>DOCKER will be removed from this enum as this type will be migrated to only be used by the Packages REST API.</p>",
-      "date": "2021-06-21",
-      "criticality": "breaking",
-      "owner": "reybard"
-    }
-  ],
-  "2021-01-01": [
-    {
-      "location": "MergeStateStatus.DRAFT",
-      "description": "<p><code>DRAFT</code> will be removed. Use PullRequest.isDraft instead.</p>",
-      "reason": "<p>DRAFT state will be removed from this enum and <code>isDraft</code> should be used instead</p>",
-      "date": "2021-01-01",
-      "criticality": "breaking",
-      "owner": "nplasterer"
-    }
-  ],
-  "2020-10-01": [
-    {
-      "location": "PullRequest.timeline",
-      "description": "<p><code>timeline</code> will be removed. Use PullRequest.timelineItems instead.</p>",
-      "reason": "<p><code>timeline</code> will be removed</p>",
-      "date": "2020-10-01",
-      "criticality": "breaking",
-      "owner": "mikesea"
-    },
-    {
-      "location": "Issue.timeline",
-      "description": "<p><code>timeline</code> will be removed. Use Issue.timelineItems instead.</p>",
-      "reason": "<p><code>timeline</code> will be removed</p>",
-      "date": "2020-10-01",
-      "criticality": "breaking",
-      "owner": "mikesea"
-    }
-  ],
-  "2020-01-01": [
-    {
-      "location": "UnassignedEvent.user",
-      "description": "<p><code>user</code> will be removed. Use the <code>assignee</code> field instead.</p>",
-      "reason": "<p>Assignees can now be mannequins.</p>",
-      "date": "2020-01-01",
-      "criticality": "breaking",
-      "owner": "tambling"
-    },
-    {
-      "location": "AssignedEvent.user",
-      "description": "<p><code>user</code> will be removed. Use the <code>assignee</code> field instead.</p>",
-      "reason": "<p>Assignees can now be mannequins.</p>",
-      "date": "2020-01-01",
-      "criticality": "breaking",
-      "owner": "tambling"
-    }
-  ],
-  "2019-04-01": [
-    {
-      "location": "LegacyMigration.uploadUrlTemplate",
-      "description": "<p><code>uploadUrlTemplate</code> will be removed. Use <code>uploadUrl</code> instead.</p>",
-      "reason": "<p><code>uploadUrlTemplate</code> is being removed because it is not a standard URL and adds an extra user step.</p>",
-      "date": "2019-04-01",
-      "criticality": "breaking",
-      "owner": "tambling"
-    }
-  ]
-}
--- a/src/rest/data/ghes-3.8/schema.json
+++ b/src/rest/data/ghes-3.8/schema.json
--- a/src/webhooks/data/ghes-3.8/schema.json
+++ b/src/webhooks/data/ghes-3.8/schema.json