diff --git a/content/admin/configuration/configuring-network-settings/enabling-subdomain-isolation.md b/content/admin/configuration/configuring-network-settings/enabling-subdomain-isolation.md index 98a84270fb..1e67bc7da9 100644 --- a/content/admin/configuration/configuring-network-settings/enabling-subdomain-isolation.md +++ b/content/admin/configuration/configuring-network-settings/enabling-subdomain-isolation.md @@ -23,29 +23,36 @@ Subdomain isolation mitigates cross-site scripting and other related vulnerabili When subdomain isolation is enabled, {% data variables.product.prodname_ghe_server %} replaces several paths with subdomains. After enabling subdomain isolation, attempts to access the previous paths for some user-supplied content, such as `http(s)://HOSTNAME/raw/`, may return `404` errors. +{% data reusables.enterprise_site_admin_settings.3-7-new-subdomains %} + | Path without subdomain isolation | Path with subdomain isolation | | --- | --- | -| `http(s)://HOSTNAME/assets/` | `http(s)://assets.HOSTNAME/` | -| `http(s)://HOSTNAME/avatars/` | `http(s)://avatars.HOSTNAME/` | -| `http(s)://HOSTNAME/codeload/` | `http(s)://codeload.HOSTNAME/` | -| `http(s)://HOSTNAME/gist/` | `http(s)://gist.HOSTNAME/` | -| `http(s)://HOSTNAME/media/` | `http(s)://media.HOSTNAME/` | -| `http(s)://HOSTNAME/pages/` | `http(s)://pages.HOSTNAME/` | -| `http(s)://HOSTNAME/raw/` | `http(s)://raw.HOSTNAME/` | +| `http(s)://HOSTNAME/` | `http(s)://docker.HOSTNAME/` | +| `http(s)://HOSTNAME/_registry/npm/` | `https://npm.HOSTNAME/` | +| `http(s)://HOSTNAME/_registry/rubygems/` | `https://rubygems.HOSTNAME/` | +| `http(s)://HOSTNAME/_registry/maven/` | `https://maven.HOSTNAME/` | +| `http(s)://HOSTNAME/_registry/nuget/` | `https://nuget.HOSTNAME/` | +| `http(s)://HOSTNAME/assets/` | `http(s)://assets.HOSTNAME/` | +| `http(s)://HOSTNAME/avatars/` | `http(s)://avatars.HOSTNAME/` | +| `http(s)://HOSTNAME/codeload/` | `http(s)://codeload.HOSTNAME/` | +| `http(s)://HOSTNAME/gist/` | `http(s)://gist.HOSTNAME/` | +| `http(s)://HOSTNAME/media/` | `http(s)://media.HOSTNAME/` | {%- ifversion viewscreen-and-notebooks %} -| `http(s)://HOSTNAME/viewscreen/` | `http(s)://viewscreen.HOSTNAME/` | -| `http(s)://HOSTNAME/notebooks/` | `http(s)://notebooks.HOSTNAME/` | -{%- else %} -| `http(s)://HOSTNAME/render/` | `http(s)://render.HOSTNAME/` | +| `http(s)://HOSTNAME/notebooks/` | `http(s)://notebooks.HOSTNAME/` | +{%- endif %} +| `http(s)://HOSTNAME/pages/` | `http(s)://pages.HOSTNAME/` | +| `http(s)://HOSTNAME/raw/` | `http(s)://raw.HOSTNAME/` | +{%- ifversion ghes < 3.7 %} +| `http(s)://HOSTNAME/render/` | `http(s)://render.HOSTNAME/` | +{%- endif %} +| `http(s)://HOSTNAME/reply/` | `http(s)://reply.HOSTNAME/` | +| `http(s)://HOSTNAME/uploads/` | `http(s)://uploads.HOSTNAME/` | +{%- ifversion viewscreen-and-notebooks %} +| `http(s)://HOSTNAME/viewscreen/` | `http(s)://viewscreen.HOSTNAME/` | +{%- endif %} +{%- ifversion ghes > 3.4 %} +| Not supported | `https://containers.HOSTNAME/` | {%- endif %} -| `http(s)://HOSTNAME/reply/` | `http(s)://reply.HOSTNAME/` | -| `http(s)://HOSTNAME/uploads/` | `http(s)://uploads.HOSTNAME/` | {% ifversion ghes %} -| `https://HOSTNAME/` | `http(s)://docker.HOSTNAME/`{% endif %}{% ifversion ghes %} -| `https://HOSTNAME/_registry/npm/` | `https://npm.HOSTNAME/` -| `https://HOSTNAME/_registry/rubygems/` | `https://rubygems.HOSTNAME/` -| `https://HOSTNAME/_registry/maven/` | `https://maven.HOSTNAME/` -| `https://HOSTNAME/_registry/nuget/` | `https://nuget.HOSTNAME/`{% endif %}{% ifversion ghes > 3.4 %} -| Not supported | `https://containers.HOSTNAME/` |{% endif %} ## Prerequisites diff --git a/data/release-notes/enterprise-server/3-5/0.yml b/data/release-notes/enterprise-server/3-5/0.yml index 7a9f8dfafb..31d781ad7e 100644 --- a/data/release-notes/enterprise-server/3-5/0.yml +++ b/data/release-notes/enterprise-server/3-5/0.yml @@ -445,4 +445,5 @@ sections: - Light high contrast theme - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}' - | - GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] \ No newline at end of file + GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' \ No newline at end of file diff --git a/data/release-notes/enterprise-server/3-5/1.yml b/data/release-notes/enterprise-server/3-5/1.yml index 07512f34c9..7d7bc4bd8f 100644 --- a/data/release-notes/enterprise-server/3-5/1.yml +++ b/data/release-notes/enterprise-server/3-5/1.yml @@ -42,4 +42,5 @@ sections: - Light high contrast theme - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}' - | - GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] \ No newline at end of file + GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' \ No newline at end of file diff --git a/data/release-notes/enterprise-server/3-5/2.yml b/data/release-notes/enterprise-server/3-5/2.yml index 2f1a3e3576..42d29a7331 100644 --- a/data/release-notes/enterprise-server/3-5/2.yml +++ b/data/release-notes/enterprise-server/3-5/2.yml @@ -43,4 +43,5 @@ sections: - Light high contrast theme - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}' - | - GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] \ No newline at end of file + GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' \ No newline at end of file diff --git a/data/release-notes/enterprise-server/3-5/3.yml b/data/release-notes/enterprise-server/3-5/3.yml index 6faf407516..8e9c83d1c4 100644 --- a/data/release-notes/enterprise-server/3-5/3.yml +++ b/data/release-notes/enterprise-server/3-5/3.yml @@ -42,4 +42,5 @@ sections: - Light high contrast theme - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}' - | - GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] \ No newline at end of file + GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' \ No newline at end of file diff --git a/data/release-notes/enterprise-server/3-5/4.yml b/data/release-notes/enterprise-server/3-5/4.yml index 028b8750b6..2d4ef88879 100644 --- a/data/release-notes/enterprise-server/3-5/4.yml +++ b/data/release-notes/enterprise-server/3-5/4.yml @@ -29,4 +29,5 @@ sections: - Actions services need to be restarted after restoring an appliance from a backup taken on a different host. - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}' - | - GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] \ No newline at end of file + GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' \ No newline at end of file diff --git a/data/release-notes/enterprise-server/3-5/5.yml b/data/release-notes/enterprise-server/3-5/5.yml index 2793dc12a5..05de05ac2b 100644 --- a/data/release-notes/enterprise-server/3-5/5.yml +++ b/data/release-notes/enterprise-server/3-5/5.yml @@ -26,4 +26,5 @@ sections: - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail. - Actions services need to be restarted after restoring an appliance from a backup taken on a different host. - | - GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] \ No newline at end of file + GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' \ No newline at end of file diff --git a/data/release-notes/enterprise-server/3-5/6.yml b/data/release-notes/enterprise-server/3-5/6.yml index 1c8d6de7ad..ce89ba7d43 100644 --- a/data/release-notes/enterprise-server/3-5/6.yml +++ b/data/release-notes/enterprise-server/3-5/6.yml @@ -40,4 +40,5 @@ sections: - Actions services need to be restarted after restoring an appliance from a backup taken on a different host. - '{% data reusables.release-notes.2022-09-hotpatch-issue %}' - | - GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] \ No newline at end of file + GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' \ No newline at end of file diff --git a/data/release-notes/enterprise-server/3-5/7.yml b/data/release-notes/enterprise-server/3-5/7.yml index 05331bdea6..09708993a8 100644 --- a/data/release-notes/enterprise-server/3-5/7.yml +++ b/data/release-notes/enterprise-server/3-5/7.yml @@ -48,3 +48,4 @@ sections: - '{% data reusables.release-notes.2022-09-hotpatch-issue %}' - | GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' diff --git a/data/release-notes/enterprise-server/3-5/8.yml b/data/release-notes/enterprise-server/3-5/8.yml index db6cc1c1f1..f0306cd529 100644 --- a/data/release-notes/enterprise-server/3-5/8.yml +++ b/data/release-notes/enterprise-server/3-5/8.yml @@ -29,3 +29,4 @@ sections: - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail. - Actions services need to be restarted after restoring an appliance from a backup taken on a different host. - '{% data reusables.release-notes.2022-09-hotpatch-issue %}' + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' \ No newline at end of file diff --git a/data/release-notes/enterprise-server/3-6/0.yml b/data/release-notes/enterprise-server/3-6/0.yml index b82187c6dc..9286815981 100644 --- a/data/release-notes/enterprise-server/3-6/0.yml +++ b/data/release-notes/enterprise-server/3-6/0.yml @@ -301,4 +301,5 @@ sections: - | After upgrading a replica node to GitHub Enterprise Server 3.6.0 or later and restarting replication, Git replication may stop progressing and continue to show `WARNING: git replication is behind the primary …`. If you encounter this known issue, [contact {% data variables.contact.enterprise_support %}](https://docs.github.com/en/enterprise-server@3.6/support/contacting-github-support/creating-a-support-ticket). [Updated: 2022-10-03] - | - GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] \ No newline at end of file + GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' \ No newline at end of file diff --git a/data/release-notes/enterprise-server/3-6/1.yml b/data/release-notes/enterprise-server/3-6/1.yml index 88712dc69c..6e638df146 100644 --- a/data/release-notes/enterprise-server/3-6/1.yml +++ b/data/release-notes/enterprise-server/3-6/1.yml @@ -34,4 +34,5 @@ sections: - | After upgrading a replica node to GitHub Enterprise Server 3.6.0 or later and restarting replication, in some situations Git replication may stop progressing and continue to show `WARNING: git replication is behind the primary …`. If you encounter this known issue contact GitHub Support. For more information, see "[Creating a support ticket](https://docs.github.com/en/enterprise-server@3.6/support/contacting-github-support/creating-a-support-ticket)." [Updated: 2022-10-03] - | - GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] \ No newline at end of file + GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' \ No newline at end of file diff --git a/data/release-notes/enterprise-server/3-6/2.yml b/data/release-notes/enterprise-server/3-6/2.yml index e6100e9fad..72290dbacb 100644 --- a/data/release-notes/enterprise-server/3-6/2.yml +++ b/data/release-notes/enterprise-server/3-6/2.yml @@ -44,4 +44,5 @@ sections: After upgrading a replica node to GitHub Enterprise Server 3.6.0 or later and restarting replication, in some situations Git replication may stop progressing and continue to show `WARNING: git replication is behind the primary …`. If you encounter this known issue contact GitHub Support. For more information, see "[Creating a support ticket](https://docs.github.com/en/enterprise-server@3.6/support/contacting-github-support/creating-a-support-ticket)." [Updated: 2022-10-03] - '{% data reusables.release-notes.2022-09-hotpatch-issue %}' - | - GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] \ No newline at end of file + GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' \ No newline at end of file diff --git a/data/release-notes/enterprise-server/3-6/3.yml b/data/release-notes/enterprise-server/3-6/3.yml index 5f6be8ce23..f776f6c8bf 100644 --- a/data/release-notes/enterprise-server/3-6/3.yml +++ b/data/release-notes/enterprise-server/3-6/3.yml @@ -55,3 +55,4 @@ sections: - '{% data reusables.release-notes.2022-09-hotpatch-issue %}' - | GitHub Pages builds may time out on instances in AWS that are configured for high availability. [Updated: 2022-11-28] + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' \ No newline at end of file diff --git a/data/release-notes/enterprise-server/3-6/4.yml b/data/release-notes/enterprise-server/3-6/4.yml index 888e55b564..7e68168892 100644 --- a/data/release-notes/enterprise-server/3-6/4.yml +++ b/data/release-notes/enterprise-server/3-6/4.yml @@ -41,3 +41,4 @@ sections: Following an upgrade to GitHub Enterprise Server 3.6 or later, existing inconsistencies in a repository such as broken refs or missing objects, may now be reported as errors like `invalid sha1 pointer 0000000000000000000000000000000000000000`, `Zero-length loose reference file`, or `Zero-length loose object file`. Previously, these indicators of repository corruption may have been silently ignored. GitHub Enterprise Server now uses an updated Git version with more diligent error reporting enabled. For more information, see this [upstream commit](https://github.com/git/git/commit/968f12fdac) in the Git project. If you suspect a problem like this exists in one of your repositories, you can run `git-crash-fix analyze` in the repository on your GitHub Enterprise Server instance. If `git-crash-fix analyze` reports problems, [contact GitHub Enterprise Support](/support/contacting-github-support/creating-a-support-ticket) for assistance, and include the command output in your support request. + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' \ No newline at end of file diff --git a/data/release-notes/enterprise-server/3-7/0.yml b/data/release-notes/enterprise-server/3-7/0.yml index 47953ecbc8..a02aa97e0a 100644 --- a/data/release-notes/enterprise-server/3-7/0.yml +++ b/data/release-notes/enterprise-server/3-7/0.yml @@ -295,6 +295,10 @@ sections: In Markdown, users can write LaTeX-style syntax to render math expressions inline using `$` delimiters, or in blocks using `$$` delimiters. For more information, see "[Writing mathematical expressions](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions)." changes: + # https://github.com/github/releases/issues/2344 + - | + To improve stability, the service for rendering GeoJSON, Jupyter Notebook, PDF, PSD, SVG, SolidWorks, and other binary formats has been replaced. If TLS and subdomain isolation are configured for your instance and your certificate is not a wildcard certificate, you must generate a new certificate that includes the additional subdomains for these services, `notebooks.HOSTNAME` and `viewscreen.HOSTNAME`. For more information, see "[Enabling subdomain isolation](/admin/configuration/configuring-network-settings/enabling-subdomain-isolation)." [Updated: 2022-12-02] + - Secret scanning no longer supports custom patterns that use `.*` as an end delimiter in the "After secret" field, as the pattern syntax would cause scan problems and inconsistencies. # https://github.com/github/releases/issues/2535 @@ -309,9 +313,6 @@ sections: # https://github.com/github/releases/issues/2534 - The size of the search field for user, organization, and enterprise audit logs has increased. - # https://github.com/github/releases/issues/2344 - - To improve stability, the service for rendering GeoJSON, Jupyter Notebook, PDF, PSD, SVG, SolidWorks, and other binary formats has been replaced. - known_issues: - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user. - Custom firewall rules are removed during the upgrade process. @@ -343,6 +344,7 @@ sections: nomad status github-gitauth ``` We are currently investigating a permanent fix for a future hot patch [Updated: 2022-11-24]. + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' deprecations: # https://github.com/github/enterprise-releases/issues/3217 diff --git a/data/release-notes/enterprise-server/3-7/1.yml b/data/release-notes/enterprise-server/3-7/1.yml index 0c57c98784..c161f853bc 100644 --- a/data/release-notes/enterprise-server/3-7/1.yml +++ b/data/release-notes/enterprise-server/3-7/1.yml @@ -42,6 +42,7 @@ sections: Following an upgrade to GitHub Enterprise Server 3.6 or later, existing inconsistencies in a repository such as broken refs or missing objects, may now be reported as errors like `invalid sha1 pointer 0000000000000000000000000000000000000000`, `Zero-length loose reference file`, or `Zero-length loose object file`. Previously, these indicators of repository corruption may have been silently ignored. GitHub Enterprise Server now uses an updated Git version with more diligent error reporting enabled. For more information, see this [upstream commit](https://github.com/git/git/commit/968f12fdac) in the Git project. If you suspect a problem like this exists in one of your repositories, you can run `git-crash-fix analyze` in the repository on your GitHub Enterprise Server instance. If `git-crash-fix analyze` reports problems, [contact GitHub Enterprise Support](/support/contacting-github-support/creating-a-support-ticket) for assistance, and include the command output in your support request. + - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}' deprecations: # https://github.com/github/enterprise-releases/issues/3217 - | diff --git a/data/reusables/enterprise_site_admin_settings/3-7-new-subdomains.md b/data/reusables/enterprise_site_admin_settings/3-7-new-subdomains.md new file mode 100644 index 0000000000..ba602ec304 --- /dev/null +++ b/data/reusables/enterprise_site_admin_settings/3-7-new-subdomains.md @@ -0,0 +1,17 @@ +{% ifversion ghes = 3.5 or ghes = 3.6 or ghes = 3.7 or ghes = 3.8 %} + +{% note %} + +{%- ifversion ghes = 3.5 or ghes = 3.6 %} + +**Note**: The `http(s)://render.HOSTNAME` subdomain is deprecated in {% data variables.product.product_name %} 3.7 and later. After you upgrade to 3.7 or later, ensure that your TLS certificate covers the subdomains for the replacement services, `http(s)://notebook.HOSTNAME` and `http(s)://viewscreen.HOSTNAME`. + +{%- elsif ghes = 3.7 or ghes = 3.8 %} + +**Note**: The `http(s)://notebook.HOSTNAME` or `http(s)://viewscreen.HOSTNAME` subdomains are new in {% data variables.product.product_name %} 3.7 and later, and replace `http(s)://render.HOSTNAME`. After you upgrade to 3.7 or later, your TLS certificate must cover the subdomain for the replacement services, `http(s)://notebook.HOSTNAME` and `http(s)://viewscreen.HOSTNAME`. + +{%- endif %} + +{% endnote %} + +{% endif %} diff --git a/data/reusables/release-notes/babeld-max-threads-performance-issue.md b/data/reusables/release-notes/babeld-max-threads-performance-issue.md new file mode 100644 index 0000000000..d0bfea58eb --- /dev/null +++ b/data/reusables/release-notes/babeld-max-threads-performance-issue.md @@ -0,0 +1 @@ +Instances experiencing a high sustained number of concurrent Git requests may experience performance issues. If you suspect that this issue is affecting your instance, contact {% data variables.contact.contact_support %}. [Updated: 2022-12-02]