jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-09 06:03:09 -05:00
Code Issues Projects Releases Wiki Activity

Merge pull request #31062 from github/repo-sync

Browse Source 
Repo sync
This commit is contained in:
docs-bot
2024-01-11 12:03:12 -08:00
committed by GitHub
parent 8676fc5e9c 82306c2664
commit c3ad87fe2f
80 changed files with 63 additions and 834309 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md
View File

@@ -307,8 +307,8 @@ ghe-saml-mapping-csv -d
After output completes, the utility displays the path to the file. The default path for output depends on the patch release of {% data variables.product.product_name %} {% ifversion ghes = 3.7%}3.7{% endif %} your instance is running.
- In version 3.{% ifversion ghes = 3.7%}7.7{% elsif ghes = 3.8 %}8.0{% endif %}{% ifversion ghes < 3.8 %} and earlier{% endif %}, the utility writes the file to `/tmp`.
- In version 3.{% ifversion ghes = 3.7%}7.8{% elsif ghes = 3.8 %}8.1{% endif %} and later,
- In version 3.{% ifversion ghes = 3.8 %}8.0{% endif %}, the utility writes the file to `/tmp`.
- In version 3.{% ifversion ghes = 3.8 %}8.1{% endif %} and later,
{%- elsif ghes > 3.8 %}By default,{% endif %} the utility writes the file to `/data/user/tmp`.
@@ -672,8 +672,6 @@ This utility creates a support bundle tarball containing important logs from eac
By default, the command creates the tarball in _/tmp_, but you can also have it `cat` the tarball to `STDOUT` for easy streaming over SSH. This is helpful in the case where the web UI is unresponsive or downloading a support bundle from _/setup/support_ doesn't work. You must use this command if you want to generate an _extended_ bundle, containing older logs. You can also use this command to upload the cluster support bundle directly to {% data variables.product.prodname_enterprise %} support.
{% data reusables.enterprise.bundle-utility-period-argument-availability-note %}
To create a standard bundle:
```shell
@@ -1127,8 +1125,6 @@ This utility creates a support bundle tarball containing important logs from you
By default, the command creates the tarball in _/tmp_, but you can also have it `cat` the tarball to `STDOUT` for easy streaming over SSH. This is helpful in the case where the web UI is unresponsive or downloading a support bundle from _/setup/support_ doesn't work. You must use this command if you want to generate an _extended_ bundle, containing older logs. You can also use this command to upload the support bundle directly to {% data variables.product.prodname_enterprise %} support.
{% data reusables.enterprise.bundle-utility-period-argument-availability-note %}
To create a standard bundle:
```shell

2
content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/accessing-the-management-console.md
View File

@@ -1,7 +1,7 @@
---
title: Accessing the Management Console
shortTitle: Access Management Console
intro: 'You can access the {% data variables.enterprise.management_console %} {% ifversion ghes < 3.8 %}using the {% data variables.enterprise.management_console %} password{% elsif enterprise-management-console-multi-user-auth %}as the root site administrator or a {% data variables.enterprise.management_console %} user{% endif %}.'
intro: 'You can access the {% data variables.enterprise.management_console %} as the root site administrator or a {% data variables.enterprise.management_console %} user.'
redirect_from:
- /admin/configuration/administering-your-instance-from-the-management-console/accessing-the-management-console
versions:

30
content/admin/backing-up-and-restoring-your-instance/known-issues-with-backups-for-your-instance.md
View File

@@ -23,22 +23,22 @@ redirect_from:
{% note %}
**Note:** This known issue has been fixed in {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.7 %}3.7.1{% elsif ghes = 3.8 %}3.8.1{% elsif ghes = 3.9 %}3.9.1{% endif %}.
**Note:** This known issue has been fixed in {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.8.1{% elsif ghes = 3.9 %}3.9.1{% endif %}.
{% endnote %}
If you used {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.7 %}3.7.0{% elsif ghes = 3.8 %}3.7.0 or 3.8.0{% elsif ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %} to back up an instance running any release in the {% data variables.product.product_name %} 3.7{% ifversion ghes = 3.8 or ghes = 3.9 %} or 3.8{% endif %} series, after you restore the backup to a new instance, users cannot sign in. Though users cannot sign in, the backup itself is unaffected and all data is intact.
If you used {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.7.0 or 3.8.0{% elsif ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %} to back up an instance running any release in the {% data variables.product.product_name %} 3.7{% ifversion ghes = 3.8 or ghes = 3.9 %} or 3.8{% endif %} series, after you restore the backup to a new instance, users cannot sign in. Though users cannot sign in, the backup itself is unaffected and all data is intact.
After you restore an existing backup affected by this issue, you can resolve the issue by modifying the configuration on the new instance.
### Restoring from an existing backup
If you've restored an existing backup from {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.7 %}3.7.0{% elsif ghes = 3.8 %}3.8.0{% elsif ghes = 3.9%}3.7.0, 3.8.0, or 3.9.0{% endif %} to a new instance and users cannot sign in, you must output configuration data from the source {% data variables.product.product_name %} instance and adjust the configuration on the target instance.
If you've restored an existing backup from {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.8.0{% elsif ghes = 3.9%}3.7.0, 3.8.0, or 3.9.0{% endif %} to a new instance and users cannot sign in, you must output configuration data from the source {% data variables.product.product_name %} instance and adjust the configuration on the target instance.
To ensure users can sign into the new target instance, ensure that your environment meets the following requirements.
- The source {% data variables.product.product_name %} instance must be running and accessible via SSH.
- You must have an existing backup from {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.7 %}3.7.0{% elsif ghes = 3.8 %}3.7.0 or 3.8.0{% elsif ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %}.
- You must have an existing backup from {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.7.0 or 3.8.0{% elsif ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %}.
- You must have provisioned a new target {% data variables.product.product_name %} instance and restored the backup. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance)" and "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-instance)."
1. SSH into the source {% data variables.product.product_name %} instance that you backed up. If your instance comprises multiple nodes, for example if high availability or geo-replication are configured, SSH into the primary node. If you use a cluster, you can SSH into any node. Replace HOSTNAME with the actual hostname of your instance. For more information about SSH access, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
@@ -47,14 +47,7 @@ To ensure users can sign into the new target instance, ensure that your environm
ssh -p 122 admin@HOSTNAME
```
{%- ifversion ghes = 3.7 %}
1. To display a list of encryption and decryption keys, run the following command.
```shell copy
ghe-config secrets.github.encrypted-column-keying-material
```
{%- elsif ghes = 3.8 or ghes = 3.9 %}
{%- ifversion ghes = 3.8 or ghes = 3.9 %}
1. To display a list of decryption keys, run the following command.
```shell copy
@@ -77,7 +70,7 @@ To ensure users can sign into the new target instance, ensure that your environm
```
1. Enable maintenance mode. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode#enabling-maintenance-mode-immediately-or-scheduling-a-maintenance-window-for-a-later-time)."
1. To verify that the destination instance is ready for configuration, run the following {% ifversion ghes = 3.7 %}command{% elsif ghes = 3.8 or ghes = 3.9 %}commands{% endif %}. There should be no output displayed.
1. To verify that the destination instance is ready for configuration, run the following {% ifversion ghes = 3.8 or ghes = 3.9 %}commands{% endif %}. There should be no output displayed.
```shell copy
ghe-config secrets.github.encrypted-column-keying-material
@@ -86,14 +79,7 @@ To ensure users can sign into the new target instance, ensure that your environm
{%- endif %}
```
{%- ifversion ghes = 3.7 %}
1. To update the list of keys on the destination instance, run the following command. Replace KEY-LIST with the output from step 1.
```shell copy
ghe-config secrets.github.encrypted-column-keying-material "KEY-LIST"
```
{%- elsif ghes = 3.8 or ghes = 3.9 %}
{%- ifversion ghes = 3.8 or ghes = 3.9 %}
1. To update the decryption keys on the destination instance, run the following command. Replace DECRYPTION-KEY-LIST with the output from step 1.
```shell copy
@@ -114,7 +100,7 @@ To ensure users can sign into the new target instance, ensure that your environm
```
1. Wait for the configuration run to complete.
1. To ensure that the target instance's configuration contains the keys, run the following {% ifversion ghes = 3.7 %}command{% elsif ghes = 3.8 or ghes = 3.9 %}commands{% endif %} and verify that the output matches step 1{% ifversion ghes = 3.8 or ghes = 3.9 %} and step 4{% endif %}.
1. To ensure that the target instance's configuration contains the keys, run the following {% ifversion ghes = 3.8 or ghes = 3.9 %}commands{% endif %} and verify that the output matches step 1{% ifversion ghes = 3.8 or ghes = 3.9 %} and step 4{% endif %}.
```shell copy
ghe-config secrets.github.encrypted-column-keying-material

4
content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md
View File

@@ -1,5 +1,5 @@
---
title: "{% ifversion ghes %}Configuring code scanning for your appliance{% elsif default-setup-self-hosted-runners-GHEC %}Configuring self-hosted runners for code scanning in your enterprise{% endif %}"
title: '{% ifversion ghes %}Configuring code scanning for your appliance{% elsif default-setup-self-hosted-runners-GHEC %}Configuring self-hosted runners for code scanning in your enterprise{% endif %}'
shortTitle: Configuring code scanning
intro: 'You can enable, configure, and disable {% data variables.product.prodname_code_scanning %} for {% data variables.product.product_name %}{% ifversion default-setup-self-hosted-runners-GHEC %} without {% data variables.product.prodname_dotcom %}-hosted runners{% endif %}. {% data variables.product.prodname_code_scanning_caps %} allows users to scan code for vulnerabilities and errors.'
allowTitleToDifferFromFilename: true
@@ -74,7 +74,7 @@ If you are using default setup for {% data variables.product.prodname_code_scann
You must ensure that Git is in the PATH variable on any self-hosted runners you use to run {% data variables.product.prodname_codeql %} actions.
{% ifversion default-setup-self-hosted-runners-GHEC or ghes > 3.7 or ghae > 3.7 %}
{% ifversion default-setup-self-hosted-runners-GHEC or ghes or ghae > 3.7 %}
{% note %}
**Note:** If you use {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} to analyze code written in Python in your enterprise, you must make sure that your self-hosted runner has Python 3 installed.

14
content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md
View File

@@ -2,7 +2,7 @@
title: Configuring interactive maps
intro: 'You can enable the display of interactive maps in the web interface for {% data variables.location.product_location %}.'
shortTitle: Configure interactive maps
permissions: "People with access to the {% data variables.enterprise.management_console %} can configure interactive maps."
permissions: 'People with access to the {% data variables.enterprise.management_console %} can configure interactive maps.'
versions:
feature: azure-maps
type: how_to
@@ -21,7 +21,7 @@ To enable interactive maps, you must provide authentication credentials for Azur
{% warning %}
**Warning**: Authentication with Azure Maps using an API token is deprecated in {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.7 %}19{% elsif ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} and later. If you upgrade to the latest release of {% data variables.product.product_name %} on an instance already configured to authenticate with an API token, interactive maps will be disabled. You must reconfigure authentication using role-based access control (RBAC) for an application on an Entra ID tenant. {% data reusables.enterprise.azure-maps-auth-deprecation-link %}
**Warning**: Authentication with Azure Maps using an API token is deprecated in {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} and later. If you upgrade to the latest release of {% data variables.product.product_name %} on an instance already configured to authenticate with an API token, interactive maps will be disabled. You must reconfigure authentication using role-based access control (RBAC) for an application on an Entra ID tenant. {% data reusables.enterprise.azure-maps-auth-deprecation-link %}
{% endwarning %}
@@ -34,7 +34,7 @@ To enable interactive maps, you must provide authentication credentials for Azur
{% ifversion ghes < 3.12 %}
The following prerequisites apply if your instance runs {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.7 %}19{% elsif ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
The following prerequisites apply if your instance runs {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
{% endif %}
@@ -48,7 +48,7 @@ The following prerequisites apply if your instance runs {% data variables.produc
{% ifversion ghes < 3.12 %}
If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.product_name %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.product_name %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.7 %}18{% elsif ghes = 3.8 %}11{% elsif ghes = 3.9 %}6{% elsif ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, you must provide an API token for Azure Maps instead.
If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.product_name %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.product_name %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}11{% elsif ghes = 3.9 %}6{% elsif ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, you must provide an API token for Azure Maps instead.
{% data reusables.enterprise.azure-maps-auth-warning %}
@@ -60,7 +60,7 @@ If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.
{% ifversion ghes < 3.12 %}
To configure authentication for Azure Maps using RBAC, your instance must run {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.7 %}19{% elsif ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
To configure authentication for Azure Maps using RBAC, your instance must run {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later.
{% endif %}
@@ -109,10 +109,10 @@ After you create an application on your Entra ID tenant and generate a secret fo
1. {% ifversion ghes > 3.11 %}Below the headings, type or paste{% else %}Enter{% endif %} your authentication details for Azure Maps.
{%- ifversion ghes < 3.11 %}
- If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.product_name %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.product_name %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.7 %}18{% elsif ghes = 3.8 %}11{% elsif ghes = 3.9 %}6{% elsif ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, below "Azure Maps API Token", type or paste your token.
- If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.product_name %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.product_name %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}11{% elsif ghes = 3.9 %}6{% elsif ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, below "Azure Maps API Token", type or paste your token.
{% data reusables.enterprise.azure-maps-auth-warning %}
- If your instance runs {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.7 %}19{% elsif ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later, below the headings, type or paste the following information.
- If your instance runs {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later, below the headings, type or paste the following information.
{%- endif %}
- Optionally, to change the style of rendered maps, under "Basemap ID", type the ID for the style you'd like to use.

2
content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise.md
View File

@@ -53,7 +53,7 @@ If there is no existing account with a matching username on the instance, the us
{% ifversion scim-for-ghes %}
During SAML authentication, some environments may use a value other than `NameID` as the unique identifying claim. If your environment does not use `NameID` to identify users, a site administrator can configure custom user attributes for the instance. {% data variables.product.product_name %} will respect this mapping when SCIM is configured. {% ifversion ghes = 3.7 %} Custom mappings are supported in {% data variables.product.product_name %} 3.6.5 or 3.7.2 and later.{% endif %} For more information about mapping user attributes, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise#configuring-saml-sso)."
During SAML authentication, some environments may use a value other than `NameID` as the unique identifying claim. If your environment does not use `NameID` to identify users, a site administrator can configure custom user attributes for the instance. {% data variables.product.product_name %} will respect this mapping when SCIM is configured. For more information about mapping user attributes, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise#configuring-saml-sso)."
{% endif %}

10
content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md
View File

@@ -187,15 +187,5 @@ However, you can set an enterprise policy to customize both the default total ca
1. In the "Artifact, log, and cache settings" section, under **Maximum cache size limit**, enter a value, then click **Save** to apply the setting.
1. In the "Artifact, log, and cache settings" section, under **Default cache size limit**, enter a value, then click **Save** to apply the setting.
{% elsif ghes < 3.8 %}
The policy settings for {% data variables.product.prodname_actions %} cache storage can currently only be modified using the REST API:
- To view the current enterprise policy settings, see "[AUTOTITLE](/rest/actions/cache#get-github-actions-cache-usage-policy-for-an-enterprise)."
- To change the enterprise policy settings, see "[AUTOTITLE](/rest/actions/cache#get-github-actions-cache-usage-policy-for-an-enterprise)."
{% data reusables.actions.cache-no-org-policy %}
{% endif %}
{% endif %}

21
content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md
View File

@@ -287,26 +287,7 @@ If you have [enabled private mode](/admin/configuration/configuring-your-enterpr
Enabling anonymous Git read access allows users to bypass authentication for custom tools on your enterprise. When you or a repository administrator enable this access setting for a repository, unauthenticated Git operations (and anyone with network access to {% data variables.product.product_name %}) will have read access to the repository without authentication.
Anonymous Git read access is disabled by default.{% ifversion ghes = 3.7 %} When you upgrade to {% data variables.product.product_name %} 3.6 or later, anonymous Git read access is automatically disabled at the application level, and `git://` connections on port 9418 will return the following error.
```text
The unauthenticated git protocol on port 9418 is no longer supported.
```
{% ifversion ghes %}
If you wish to support the unauthenticated Git protocol in your environment, you must manually re-enable the feature. Run the following commands after your upgrade:
```shell
sudo ghe-config app.gitauth.git-protocol true
sudo ghe-config-apply
```
{% endif %}
Anonymous Git read access will be entirely removed in a future release of {% data variables.product.prodname_ghe_server %}. {% data variables.product.company_short %} recommends using SSH instead of the Git protocol. For more information about this change, see [{% data variables.product.prodname_blog %}](https://github.blog/2022-06-28-improving-git-protocol-security-on-github-enterprise-server).
{% endif %}
Anonymous Git read access is disabled by default.
If necessary, you can prevent repository administrators from changing anonymous Git access settings for repositories on your enterprise by locking the repository's access settings. After you lock a repository's Git read access setting, only a site administrator can change the setting.

2
content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md
View File

@@ -49,7 +49,7 @@ You can configure notification settings for yourself or your organization from t
{% data reusables.notifications.vulnerable-dependency-notification-options %}
{% ifversion update-notification-settings-22 %}
![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}. A dropdown menu, showing notification frequency options, is highlighted with an orange outline.](/assets/images/help/dependabot/dependabot-notification-frequency.png){% endif %}{% ifversion ghes > 3.7 or ghae > 3.7 %}
![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}. A dropdown menu, showing notification frequency options, is highlighted with an orange outline.](/assets/images/help/dependabot/dependabot-notification-frequency.png){% endif %}{% ifversion ghes or ghae > 3.7 %}
![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}.](/assets/images/help/enterprises/dependabot-alerts-options-no-ui.png){% endif %}
{% note %}

4
content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md
View File

@@ -273,7 +273,7 @@ Supported options
{% note %}
**Note:** The `prefix` and the `prefix-development` options have a {% ifversion fpt or ghec or ghes > 3.7 or ghae > 3.7 %}50{% elsif ghes < 3.8 or ghae < 3.8 %}15{% endif %} character limit.
**Note:** The `prefix` and the `prefix-development` options have a {% ifversion fpt or ghec or ghes or ghae > 3.7 %}50{% elsif ghae < 3.8 %}15{% endif %} character limit.
{% endnote %}
@@ -886,7 +886,7 @@ updates:
The top-level `registries` key is optional. It allows you to specify authentication details that {% data variables.product.prodname_dependabot %} can use to access private package registries.
You can give {% data variables.product.prodname_dependabot %} access to private package registries hosted by GitLab or Bitbucket by specifying a `type` of `git`. For more information, see [`git`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#git).
{% ifversion ghes > 3.7 %}
{% ifversion ghes %}
{% note %}
**Note:** Private registries behind firewalls on private networks are supported for the following ecosystems:

2
content/code-security/secret-scanning/about-secret-scanning.md
View File

@@ -84,7 +84,7 @@ If you're a repository administrator, you can enable {% data variables.secret-sc
You can also define custom {% data variables.product.prodname_secret_scanning %} patterns for a repository, organization, or enterprise. For more information, see "[AUTOTITLE]({% ifversion fpt %}/enterprise-cloud@latest{% endif %}/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
{% ifversion secret-scanning-store-tokens %}
{% data variables.product.company_short %} stores detected secrets using symmetric encryption, both in transit and at rest.{% endif %}{% ifversion ghes > 3.7 %} To rotate the encryption keys used for storing the detected secrets, you can contact us by visiting {% data variables.contact.contact_ent_support %}.{% endif %}
{% data variables.product.company_short %} stores detected secrets using symmetric encryption, both in transit and at rest.{% endif %}{% ifversion ghes %} To rotate the encryption keys used for storing the detected secrets, you can contact us by visiting {% data variables.contact.contact_ent_support %}.{% endif %}
### Accessing {% data variables.secret-scanning.alerts %}

2
content/code-security/secret-scanning/secret-scanning-patterns.md
View File

@@ -155,7 +155,7 @@ Push protection and validity checks are not supported for non-provider patterns.
{% endif %}
<!-- GHES 3.5 to GHES 3.8 table -->
{% ifversion ghes = 3.7 or ghes = 3.8 %}
{% ifversion ghes = 3.8 %}
| Provider | Token | {% data variables.product.prodname_secret_scanning_caps %} alert | Push protection |
|----|:----|:----:|:----:|

2
content/code-security/security-overview/about-security-overview.md
View File

@@ -115,7 +115,7 @@ For information about permissions, see "[Permission to view data in security ove
{% endif %}
{% ifversion ghes < 3.8 or ghae < 3.8 %}
{% ifversion ghae < 3.8 %}
## About security overview for teams

2
content/get-started/exploring-integrations/about-using-integrations.md
View File

@@ -23,7 +23,7 @@ Integrations are tools that extend {% data variables.product.company_short %}'s
You can discover many integrations in [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace). {% data variables.product.prodname_marketplace %} includes {% data variables.product.prodname_github_apps %}, {% data variables.product.prodname_oauth_apps %}, and custom actions that you can use in {% data variables.product.prodname_actions %} workflows. You can also get integrations directly from the integration creator.
{% ifversion fpt or ghec or ghes > 3.7 %} For a list of featured {% data variables.product.company_short %} integrations, see "[AUTOTITLE](/get-started/exploring-integrations/github-extensions-and-integrations)."{% endif %}
{% ifversion fpt or ghec or ghes %} For a list of featured {% data variables.product.company_short %} integrations, see "[AUTOTITLE](/get-started/exploring-integrations/github-extensions-and-integrations)."{% endif %}
{% ifversion ghes %}

2
content/get-started/exploring-integrations/featured-github-integrations.md
View File

@@ -11,7 +11,7 @@ redirect_from:
versions:
fpt: '*'
ghec: '*'
ghes: '>3.7'
ghes: '*'
shortTitle: Featured integrations
---

2
content/graphql/reference/enums.md
View File

@@ -22,6 +22,4 @@ For example, the [`Issue`](/graphql/reference/objects#issue) object has a field
For more information, see "[AUTOTITLE](/graphql/guides/introduction-to-graphql)."
{% data reusables.projects.graphql-ghes %}
<!-- Content after this section is automatically generated -->

2
content/graphql/reference/input-objects.md
View File

@@ -22,6 +22,4 @@ For example, [`CommitAuthor`](/graphql/reference/input-objects#commitauthor) tak
For more information, see "[AUTOTITLE](/graphql/guides/forming-calls-with-graphql#about-mutations)."
{% data reusables.projects.graphql-ghes %}
<!-- Content after this section is automatically generated -->

2
content/graphql/reference/interfaces.md
View File

@@ -22,6 +22,4 @@ For example, [`Lockable`](/graphql/reference/interfaces#lockable) is an interfac
For more information, see "[AUTOTITLE](/graphql/guides/introduction-to-graphql#implementation)."
{% data reusables.projects.graphql-ghes %}
<!-- Content after this section is automatically generated -->

2
content/graphql/reference/mutations.md
View File

@@ -20,6 +20,4 @@ Every GraphQL schema has a root type for both queries and mutations. The [mutati
For more information, see "[AUTOTITLE](/graphql/guides/forming-calls-with-graphql#about-mutations)."
{% data reusables.projects.graphql-ghes %}
<!-- Content after this section is automatically generated -->

2
content/graphql/reference/objects.md
View File

@@ -22,6 +22,4 @@ For example, the [`Repository`](/graphql/reference/objects#repository) object ha
For more information, see "[AUTOTITLE](/graphql/guides/introduction-to-graphql)."
{% data reusables.projects.graphql-ghes %}
<!-- Content after this section is automatically generated -->

2
content/graphql/reference/unions.md
View File

@@ -22,6 +22,4 @@ For example, a field marked as an [`ProjectCardItem`](/graphql/reference/unions#
For more information, see "[AUTOTITLE](/graphql/guides/introduction-to-graphql)."
{% data reusables.projects.graphql-ghes %}
<!-- Content after this section is automatically generated -->

8
content/organizations/managing-organization-settings/disabling-project-boards-in-your-organization.md
View File

@@ -30,9 +30,9 @@ When {% data variables.projects.projects_v1_boards %} are disabled, you will no
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
1. In the "Code planning, and automation" section of the sidebar, click **{% octicon "table" aria-label="The table icon" %} Projects**.
1. Decide whether to disable {% data variables.projects.projects_v2_and_v1 %} in your organization. Then, under **Projects{% ifversion ghes = 3.7 %} (classic){% endif %}**:
- To disable {% data variables.projects.projects_v2_and_v1 %}, unselect **Enable Projects{% ifversion ghes = 3.7 %} (classic){% endif %} for the organization**.
- To enable {% data variables.projects.projects_v2_and_v1 %} in the organization, select **Enable Projects{% ifversion ghes = 3.7 %} (classic){% endif %} for the organization**.
1. Decide whether to disable {% data variables.projects.projects_v2_and_v1 %} in your organization. Then, under **Projects**:
- To disable {% data variables.projects.projects_v2_and_v1 %}, unselect **Enable Projects for the organization**.
- To enable {% data variables.projects.projects_v2_and_v1 %} in the organization, select **Enable Projects for the organization**.
1. Click **Save**.
If you decide to re-enable {% data variables.projects.projects_v2_and_v1 %}, any {% data variables.projects.projects_v2_and_v1 %} that were previously added will be available.
@@ -46,7 +46,7 @@ You can control whether organization members can create {% data variables.projec
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
1. In the "Code planning, and automation" section of the sidebar, click **{% octicon "table" aria-label="The table icon" %} Projects**.
1. Decide whether to allow members to create {% data variables.projects.projects_v1_boards %} in repositories in your organization. Then, under **{%ifversion ghes > 3.7 or ghae > 3.7 or ghec or fpt %}Projects (classic) only{% elsif ghes = 3.7 %}Repository projects{% else %}Projects{% endif %}**:
1. Decide whether to allow members to create {% data variables.projects.projects_v1_boards %} in repositories in your organization. Then, under **Projects (classic) only**:
- To enable project boards in repositories, select **Allow members to enable Projects (classic) for all repositories**.
- To disable project boards in repositories, unselect **Allow members to enable Projects (classic) for all repositories**.
1. Click **Save**.

4
content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles.md
View File

@@ -27,10 +27,6 @@ After you create a custom role, anyone with admin access to a repository can ass
You can also use the REST API to create and manage custom repository roles. For more information, see "[AUTOTITLE](/rest/orgs/custom-roles)."
{% elsif ghes < 3.8 %}
You can also use the REST API to list the custom repository roles available in your organization. For more information, see "[AUTOTITLE](/rest/orgs/custom-roles)."
{% endif %}
{% ifversion custom-org-roles %}

12
content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository.md
View File

@@ -221,17 +221,7 @@ You can set a total cache storage size for your repository up to the maximum siz
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.settings-sidebar-actions-general %}
{% data reusables.actions.change-cache-size-limit %}
{% elsif ghes < 3.8 %}
The repository settings for {% data variables.product.prodname_actions %} cache storage can currently only be modified using the REST API:
- To view the current cache storage limit for a repository, see "[AUTOTITLE](/rest/actions/cache#get-github-actions-cache-usage-policy-for-a-repository)."
- To change the cache storage limit for a repository, see "[AUTOTITLE](/rest/actions/cache#set-github-actions-cache-usage-policy-for-a-repository)."
{% data reusables.actions.cache-no-org-policy %}
{% data reusables.actions.change-cache-size-limit %}
{% endif %}
{% endif %}

4
content/rest/actions/variables.md
View File

@@ -2,9 +2,7 @@
title: GitHub Actions Variables
allowTitleToDifferFromFilename: true
shortTitle: Variables
intro: >-
Use the REST API to interact with variables in {% data
variables.product.prodname_actions %}.
intro: 'Use the REST API to interact with variables in {% data variables.product.prodname_actions %}.'
topics:
- API
versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖

2
content/rest/announcement-banners/index.md
View File

@@ -3,7 +3,7 @@ title: Announcement Banners
intro: 'The Announcement Banners API enables you to view, create, and remove an announcement banner for your enterprise or organization.'
versions:
ghec: '*'
ghes: '>=3.8'
ghes: '*'
children:
- /enterprises
- /organizations

4
content/rest/announcement-banners/organizations.md
View File

@@ -1,9 +1,7 @@
---
title: Organization announcement banners
shortTitle: Organization
intro: >-
The Organization Announcement Banners API allows you to get, set, and remove
the announcement banner for your organization.
intro: 'The Organization Announcement Banners API allows you to get, set, and remove the announcement banner for your organization.'
versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
ghec: '*'
ghes: '*'

4
content/rest/dependabot/alerts.md
View File

@@ -2,9 +2,7 @@
title: '{% data variables.product.prodname_dependabot_alerts %}'
allowTitleToDifferFromFilename: true
shortTitle: Alerts
intro: >-
Use the REST API to interact with {% data
variables.product.prodname_dependabot %} alerts for a repository.
intro: 'Use the REST API to interact with {% data variables.product.prodname_dependabot %} alerts for a repository.'
versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
fpt: '*'
ghec: '*'

4
content/rest/enterprise-admin/code-security-and-analysis.md
View File

@@ -1,8 +1,6 @@
---
title: Code security and analysis
intro: >-
Use the REST API to manage code security and analysis features for your
enterprise.
intro: Use the REST API to manage code security and analysis features for your enterprise.
versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
ghec: '*'
ghes: '*'

2
content/rest/enterprise-admin/scim.md
View File

@@ -118,7 +118,7 @@ To authenticate API requests, the person who configures SCIM on the IdP must use
The {% data variables.product.product_name %} instance links each user who authenticates successfully with SAML SSO to a SCIM identity. To link the identities successfully, the SAML IdP and the SCIM integration must use matching SAML `NameID` and SCIM `userName` values for each user.
{% ifversion ghes > 3.7 %}
{% ifversion ghes %}
{% note %}
**Note:** If the {% data variables.product.product_name %} uses Azure AD as a SAML IdP, {% data variables.product.product_name %} will also check the SCIM `externalId` claim and SAML `http://schemas.microsoft.com/identity/claims/objectidentifier` claim to match users first, instead of using `NameID` and `userName`.

122
data/graphql/ghes-3.7/graphql_previews.enterprise.yml
View File

@@ -1,122 +0,0 @@
- title: Access to package version deletion
description: >-
This preview adds support for the DeletePackageVersion mutation which
enables deletion of private package versions.
toggled_by: ':package-deletes-preview'
announcement: null
updates: null
toggled_on:
- Mutation.deletePackageVersion
owning_teams:
- '@github/pe-package-registry'
- title: Deployments
description: >-
This preview adds support for deployments mutations and new deployments
features.
toggled_by: ':flash-preview'
announcement: null
updates: null
toggled_on:
- DeploymentStatus.environment
- Mutation.createDeploymentStatus
- CreateDeploymentStatusInput
- CreateDeploymentStatusPayload
- Mutation.createDeployment
- CreateDeploymentInput
- CreateDeploymentPayload
owning_teams:
- '@github/c2c-actions-service'
- title: >-
MergeInfoPreview - More detailed information about a pull request's merge
state.
description: >-
This preview adds support for accessing fields that provide more detailed
information about a pull request's merge state.
toggled_by: ':merge-info-preview'
announcement: null
updates: null
toggled_on:
- PullRequest.canBeRebased
- PullRequest.mergeStateStatus
owning_teams:
- '@github/pe-pull-requests'
- title: UpdateRefsPreview - Update multiple refs in a single operation.
description: This preview adds support for updating multiple refs in a single operation.
toggled_by: ':update-refs-preview'
announcement: null
updates: null
toggled_on:
- Mutation.updateRefs
- GitRefname
- RefUpdate
- UpdateRefsInput
- UpdateRefsPayload
owning_teams:
- '@github/reponauts'
- title: Project Event Details
description: >-
This preview adds project, project card, and project column details to
project-related issue events.
toggled_by: ':starfox-preview'
announcement: null
updates: null
toggled_on:
- AddedToProjectEvent.project
- AddedToProjectEvent.projectCard
- AddedToProjectEvent.projectColumnName
- ConvertedNoteToIssueEvent.project
- ConvertedNoteToIssueEvent.projectCard
- ConvertedNoteToIssueEvent.projectColumnName
- MovedColumnsInProjectEvent.project
- MovedColumnsInProjectEvent.projectCard
- MovedColumnsInProjectEvent.projectColumnName
- MovedColumnsInProjectEvent.previousProjectColumnName
- RemovedFromProjectEvent.project
- RemovedFromProjectEvent.projectColumnName
owning_teams:
- '@github/github-projects'
- title: Labels Preview
description: >-
This preview adds support for adding, updating, creating and deleting
labels.
toggled_by: ':bane-preview'
announcement: null
updates: null
toggled_on:
- Mutation.createLabel
- CreateLabelPayload
- CreateLabelInput
- Mutation.deleteLabel
- DeleteLabelPayload
- DeleteLabelInput
- Mutation.updateLabel
- UpdateLabelPayload
- UpdateLabelInput
owning_teams:
- '@github/pe-pull-requests'
- title: Import Project
description: This preview adds support for importing projects.
toggled_by: ':slothette-preview'
announcement: null
updates: null
toggled_on:
- Mutation.importProject
owning_teams:
- '@github/pe-issues-projects'
- title: Team Review Assignments Preview
description: >-
This preview adds support for updating the settings for team review
assignment.
toggled_by: ':stone-crop-preview'
announcement: null
updates: null
toggled_on:
- Mutation.updateTeamReviewAssignment
- UpdateTeamReviewAssignmentInput
- TeamReviewAssignmentAlgorithm
- Team.reviewRequestDelegationEnabled
- Team.reviewRequestDelegationAlgorithm
- Team.reviewRequestDelegationMemberCount
- Team.reviewRequestDelegationNotifyTeam
owning_teams:
- '@github/pe-pull-requests'

241
data/graphql/ghes-3.7/graphql_upcoming_changes.public-enterprise.yml
View File

@@ -1,241 +0,0 @@
---
upcoming_changes:
- location: LegacyMigration.uploadUrlTemplate
description: '`uploadUrlTemplate` will be removed. Use `uploadUrl` instead.'
reason:
'`uploadUrlTemplate` is being removed because it is not a standard URL and
adds an extra user step.'
date: '2019-04-01T00:00:00+00:00'
criticality: breaking
owner: tambling
- location: AssignedEvent.user
description: '`user` will be removed. Use the `assignee` field instead.'
reason: Assignees can now be mannequins.
date: '2020-01-01T00:00:00+00:00'
criticality: breaking
owner: tambling
- location: UnassignedEvent.user
description: '`user` will be removed. Use the `assignee` field instead.'
reason: Assignees can now be mannequins.
date: '2020-01-01T00:00:00+00:00'
criticality: breaking
owner: tambling
- location: Issue.timeline
description: '`timeline` will be removed. Use Issue.timelineItems instead.'
reason: '`timeline` will be removed'
date: '2020-10-01T00:00:00+00:00'
criticality: breaking
owner: mikesea
- location: PullRequest.timeline
description: '`timeline` will be removed. Use PullRequest.timelineItems instead.'
reason: '`timeline` will be removed'
date: '2020-10-01T00:00:00+00:00'
criticality: breaking
owner: mikesea
- location: MergeStateStatus.DRAFT
description: '`DRAFT` will be removed. Use PullRequest.isDraft instead.'
reason:
DRAFT state will be removed from this enum and `isDraft` should be used
instead
date: '2021-01-01T00:00:00+00:00'
criticality: breaking
owner: nplasterer
- location: PackageType.DOCKER
description: '`DOCKER` will be removed.'
reason:
DOCKER will be removed from this enum as this type will be migrated to only
be used by the Packages REST API.
date: '2021-06-21'
criticality: breaking
owner: reybard
- location: ReactionGroup.users
description: '`users` will be removed. Use the `reactors` field instead.'
reason: Reactors can now be mannequins, bots, and organizations.
date: '2021-10-01T00:00:00+00:00'
criticality: breaking
owner: synthead
- location: Repository.defaultMergeQueue
description: '`defaultMergeQueue` will be removed. Use `Repository.mergeQueue` instead.'
reason: '`defaultMergeQueue` will be removed.'
date: '2022-04-01'
criticality: breaking
owner: colinshum
- location: AddPullRequestToMergeQueueInput.branch
description: '`branch` will be removed.'
reason:
PRs are added to the merge queue for the base branch, the `branch` argument
is now a no-op
date: '2022-07-01T00:00:00+00:00'
criticality: breaking
owner: jhunschejones
- location: LockMergeQueueInput.branch
description: '`branch` will be removed.'
reason:
The merge queue is locked for the repository's default branch, the `branch`
argument is now a no-op
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: jhunschejones
- location: MergeLockedMergeGroupInput.branch
description: '`branch` will be removed.'
reason:
Changes are merged into the repository's default branch, the `branch` argument
is now a no-op
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: jhunschejones
- location: ProjectNextFieldType.ASSIGNEES
description:
'`ASSIGNEES` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
to find a suitable replacement.'
reason:
The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
API.
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: lukewar
- location: ProjectNextFieldType.DATE
description:
'`DATE` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
to find a suitable replacement.'
reason:
The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
API.
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: lukewar
- location: ProjectNextFieldType.ITERATION
description:
'`ITERATION` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
to find a suitable replacement.'
reason:
The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
API.
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: lukewar
- location: ProjectNextFieldType.LABELS
description:
'`LABELS` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
to find a suitable replacement.'
reason:
The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
API.
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: lukewar
- location: ProjectNextFieldType.LINKED_PULL_REQUESTS
description:
'`LINKED_PULL_REQUESTS` will be removed. Follow the ProjectV2 guide
at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
to find a suitable replacement.'
reason:
The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
API.
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: lukewar
- location: ProjectNextFieldType.MILESTONE
description:
'`MILESTONE` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
to find a suitable replacement.'
reason:
The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
API.
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: lukewar
- location: ProjectNextFieldType.NUMBER
description:
'`NUMBER` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
to find a suitable replacement.'
reason:
The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
API.
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: lukewar
- location: ProjectNextFieldType.REPOSITORY
description:
'`REPOSITORY` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
to find a suitable replacement.'
reason:
The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
API.
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: lukewar
- location: ProjectNextFieldType.REVIEWERS
description:
'`REVIEWERS` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
to find a suitable replacement.'
reason:
The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
API.
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: lukewar
- location: ProjectNextFieldType.SINGLE_SELECT
description:
'`SINGLE_SELECT` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
to find a suitable replacement.'
reason:
The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
API.
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: lukewar
- location: ProjectNextFieldType.TEXT
description:
'`TEXT` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
to find a suitable replacement.'
reason:
The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
API.
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: lukewar
- location: ProjectNextFieldType.TITLE
description:
'`TITLE` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
to find a suitable replacement.'
reason:
The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
API.
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: lukewar
- location: ProjectNextFieldType.TRACKS
description:
'`TRACKS` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
to find a suitable replacement.'
reason:
The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
API.
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: lukewar
- location: RemovePullRequestFromMergeQueueInput.branch
description: '`branch` will be removed.'
reason:
PRs are removed from the merge queue for the base branch, the `branch` argument
is now a no-op
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: jhunschejones
- location: RepositoryVulnerabilityAlert.fixReason
description: '`fixReason` will be removed.'
reason:
The `fixReason` field is being removed. You can still use `fixedAt` and
`dismissReason`.
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: jamestran201
- location: UnlockAndResetMergeGroupInput.branch
description: '`branch` will be removed.'
reason:
The current merge group for the repository's default branch, the `branch`
argument is now a no-op
date: '2022-10-01T00:00:00+00:00'
criticality: breaking
owner: jhunschejones

47498
data/graphql/ghes-3.7/schema.docs-enterprise.graphql
View File

File diff suppressed because it is too large Load Diff

339
data/release-notes/enterprise-server/3-7/0-rc1.yml
View File

@@ -1,339 +0,0 @@
date: '2022-10-25'
release_candidate: true
deprecated: true
intro: |
{% note %}
**Note:** If {% data variables.location.product_location %} is running a release candidate build, you can't upgrade with a hotpatch. We recommend that you only run release candidates in a test environment.
{% endnote %}
For upgrade instructions, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
sections:
features:
- heading: Instance administration
notes:
# https://github.com/github/releases/issues/2407
- |
To increase the security of the Management Console, site administrators can configure the rate limit for sign-in attempts, as well as the lockout duration after exceeding the rate limit. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-rate-limits#configuring-rate-limits-for-authentication-to-the-management-console)."
# https://github.com/github/releases/issues/2407
- |
The minimum password requirements for the Management Console are more stringent.
# https://github.com/github/releases/issues/2497
- |
Attempts to authenticate to the Management Console and changes made by a site administrator within the Management Console are written to a log file in `/var/log/enterprise-manage/audit.log`.
- heading: Instance services
notes:
# https://github.com/github/releases/issues/2344
- |
Azure Maps replaces MapBox for rendering GeoJSON files as graphical maps. Administrators can enable map rendering and provide an Azure Maps token in the Management Console. For more information, see "[Administering your instance from the Management Console](/admin/configuration/administering-your-instance-from-the-management-console)."
- heading: Authentication
notes:
# https://github.com/github/releases/issues/2197
- |
Users can verify commits using an SSH public key. For more information, see "[About commit signature verification](/authentication/managing-commit-signature-verification/about-commit-signature-verification#ssh-commit-signature-verification)."
# https://github.com/github/releases/issues/2460
- |
Site administrators can provision users and groups on a GitHub Enterprise Server instance automatically with SCIM. SCIM for GitHub Enterprise Server is in private beta and subject to change. For more information, see "[Configuring user provisioning with SCIM for your enterprise](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise)" and "[SCIM](/rest/enterprise-admin/scim)" in the REST API documentation.
- heading: GitHub Advanced Security
notes:
# https://github.com/github/releases/issues/2256
- |
Enterprise owners on an instance with a GitHub Advanced Security license can see an overview of code scanning alerts for the entire instance, including a repository-centric view of application security risks, and an alert-centric view of all code scanning, secret scanning, and Dependabot alerts. For more information, see "[Viewing the security overview](/code-security/security-overview/viewing-the-security-overview#viewing-the-security-overview-for-an-enterprise)."
# https://github.com/github/releases/issues/2373
- |
Users on an instance with a GitHub Advanced Security license can view and comment on code scanning alerts in their repository within a pull request's **Conversation** tab. If the **Require conversation resolution before merging** branch protection rule is enabled for the repository, all comments on these code scanning alerts must be resolved before a user merges the pull request. For more information, see "[About code scanning](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning#about-code-scanning)," "[About pull request reviews](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews)," and "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-conversation-resolution-before-merging)."
# https://github.com/github/releases/issues/2388
- |
To simplify the rollout of secret scanning for instances with dozens, hundreds, or even thousands of organizations, enterprise owners on an instance with a GitHub Advanced Security license can enable secret scanning and push protection for the instance using the web interface. For more information, see "[Managing GitHub Advanced Security features for your enterprise](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
# https://github.com/github/releases/issues/2389
- |
Organization owners on an instance with a GitHub Advanced Security license can perform a dry run of custom patterns for secret scanning for all repositories within an organization. For more information, see "[Defining custom patterns for secret scanning](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
# https://github.com/github/releases/issues/2383
- |
If a site administrator has enabled email notifications for an instance with a GitHub Advanced Security license, users who watch a repository's secret scanning alerts will receive an email notification when a contributor bypasses a secret blocked by push protection. Previously, notifications were not sent if the secret was marked as a false positive or used in tests. For more information, see "[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)" and "[Configuring email for notifications](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications)."
# https://github.com/github/releases/issues/2355
- |
To ease the management of dozens or hundreds of custom patterns for secret scanning, users, organization owners, or enterprise owners on an instance with a GitHub Advanced Security license can sort and filter the list of patterns for a repository, organization, or the entire instance. For more information, see "[Defining custom patterns for secret scanning](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
# https://github.com/github/releases/issues/2319
- |
Users on an instance with a GitHub Advanced Security license who protect pushes with secret scanning can specify a custom link that will display in the error message when push protection detects and blocks a potential secret. For more information, see "[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
# https://github.com/github/releases/issues/2445
- |
Users can publish CodeQL packs to the Container registry. For more information, see [Creating and working with CodeQL packs](https://codeql.github.com/docs/codeql-cli/creating-and-working-with-codeql-packs/) in the CodeQL CLI documentation.
# https://github.com/github/releases/issues/2445
- |
Users on an instance with a GitHub Advanced Security license can use CodeQL packs with code scanning, including packs that are published to the instance's GitHub Container registry. For more information, see "[Configuring code scanning](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#downloading-codeql-packs-from-github-enterprise-server)" and [Publishing and using CodeQL packs](https://codeql.github.com/docs/codeql-cli/publishing-and-using-codeql-packs/)" in the CodeQL CLI documentation.
# https://github.com/github/releases/issues/2403
- |
Users on an instance with a GitHub Advanced Security license can exclude unnecessary CodeQL queries for code scanning by using query filters. For more information, see "[Configuring code scanning](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#about-code-scanning-configuration)."
# https://github.com/github/releases/issues/2405
- |
Enterprise owners on an instance with a GitHub Advanced Security license can retrieve code scanning results for the entire instance using the REST API. The new endpoint supplements the existing endpoints for repositories and organizations. For more information, see "[Code Scanning](/rest/code-scanning#list-code-scanning-alerts-for-an-enterprise)" in the REST API documentation.
# https://github.com/github/releases/issues/2417
- |
Organization owners on an instance with a GitHub Advanced Security license can retrieve the enablement status or configure the automatic enablement of the following features using the REST API.
- GitHub Advanced Security
- Secret scanning
- Push protection
For more information, see "[Organizations](/rest/orgs/orgs#enable-or-disable-a-security-feature-for-an-organization)" in the REST API documentation.
# https://github.com/github/releases/issues/2348
- |
Users on an instance with a GitHub Advanced Security license can use cursors to paginate secret scanning alert results retrieved with the REST API's organization and repository endpoints. For more information, see "[Secret scanning](/rest/secret-scanning)" in the REST API documentation.
- heading: Dependabot
notes:
# https://github.com/github/releases/issues/2308
- |
Users can see more information about the activity associated with a Dependabot alert. Within the details for a Dependabot alert, users can see a timeline of events, such as when the alert was opened, fixed, or reopened. Events will also show additional metadata when available, like relevant pull requests. For more information, see "[About Dependabot alerts](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
# https://github.com/github/releases/issues/2382
- |
Users' Dependabot alerts are sorted by importance by default. Importance considers CVSS as the primary factor, as well as potential risk, relevancy, and ease of fixing the vulnerability. The calculation will improve over time.
# https://github.com/github/releases/issues/2163
- |
Users can sort Dependabot alerts by the scope of the dependency, either runtime or development.
# https://github.com/github/releases/issues/2421
- |
Users can optionally add a comment when dismissing a Dependabot alert. Dismissal comments appear in the event timeline and within the `dismissComment` field in the GraphQL API's `RepositoryVulnerabilityAlert` object. For more information about the GraphQL API, see "[Objects](/graphql/reference/objects#repositoryvulnerabilityalert)" in the GraphQL API documentation.
# https://github.com/github/releases/issues/2160
- |
Users can select multiple Dependabot alerts, then dismiss or reopen the alerts. For example, from the **Closed alerts** tab, you can select multiple alerts that have been previously dismissed, and then reopen them all at once.
# https://github.com/github/releases/issues/2417
- |
Organization owners on an instance can retrieve the enablement status or configure the automatic enablement of the following features for dependency management using the REST API.
- Dependency graph
- Dependabot alerts
- Dependabot security updates
For more information, see "[Organizations](/rest/orgs/orgs#enable-or-disable-a-security-feature-for-an-organization)" in the REST API documentation.
- heading: Code security
notes:
# https://github.com/github/releases/issues/2300
- |
Enterprise and organization owners can see the security overview for the entire GitHub Enterprise Server instance or individual organizations on the instance. The security overview provides a centralized view of risk for application security teams, engineering leaders, and developers who work across many repositories. For more information, see "[About the security overview](/code-security/security-overview/about-the-security-overview)."
# https://github.com/github/releases/issues/2415
- |
Organization owners can manage teams of security managers using the REST API. For more information, see "[Security Managers](/rest/orgs/security-managers)" in the REST API documentation.
# https://github.com/github/releases/issues/2042
# https://github.com/github/releases/issues/2295
# https://github.com/github/releases/issues/2307
- |
Users can take advantage of the following improvements to the [GitHub Advisory Database](https://github.com/advisories).
- The database displays advisories for for Elixir, Erlang's Hex package manager, and more.
- Users can find malware advisories by searching for `type:malware`.
- The database displays advisories for GitHub Actions vulnerabilities.
For more information, see "[Browsing security advisories in the GitHub Advisory Database](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)."
# https://github.com/github/releases/issues/2099
- |
Users can populate a repository's dependency graph by submitting the dependencies for the repository using the REST API. The dependency graph powers Dependabot alerts and Dependabot security updates. For more information, see "[Using the Dependency submission API](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
- heading: GitHub Actions
notes:
# https://github.com/github/releases/issues/2577
- |
GitHub Actions supports Google Cloud Storage as a storage provider for logs, artifacts, and caches. For more information, see "[Enabling GitHub Actions with Google Cloud Storage](/enterprise-server@3.7/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage)."
# https://github.com/github/releases/issues/2409
- |
GitHub Actions users who use dependency caching to speed up workflows can now use the GitHub CLI to manage the GitHub Actions cache for a repository. To manage caches using the GitHub CLI, install the `gh-actions-cache` extension. For more information, see the [`gh-actions-cache` documentation](https://github.com/actions/gh-actions-cache#readme).
# https://github.com/github/releases/issues/2340
- |
Workflow re-runs in GitHub Actions use the actor who initially triggered the workflow for privilege evaluation. The actor who triggered the re-run will continue to be displayed in the UI, and can be accessed in a workflow via the `triggering_actor` field in the `github` context. For more information, see "[Re-running workflows and jobs](/actions/managing-workflow-runs/re-running-workflows-and-jobs)" and "[Contexts](/actions/learn-github-actions/contexts#github-context)."
# https://github.com/github/docs-content/issues/7093
# https://github.com/github/docs-content/issues/7094
- |
Users can call reusable workflows from a matrix or other reusable workflows. For more information, see "[Reusing workflows](/actions/using-workflows/reusing-workflows#using-reusable-workflows)."
# https://github.com/github/releases/issues/2292
- |
When querying GitHub Actions for artifacts, the REST API returns information about the run and branch that produced the artifact. For more information, see "[GitHub Actions Artifacts](/rest/actions/artifacts)" in the REST API documentation.
# https://github.com/github/releases/issues/2325
- |
To support secure cloud deployments at scale, organization owners and repository administrators can complete the following tasks with the OpenID Connect REST API. For more information, see "[GitHub Actions OIDC](/rest/actions/oidc)" in the REST API documentation
- Enable a standard OpenID Connect configuration across cloud deployment workflows by customizing the `subject` claim format.
- Ensure additional compliance and security for OpenID Connect deployments by appending the `issuer` URL with the enterprise's slug.
- Configure advanced OpenID Connect policies by using additional OpenID Connect token claims like `repository_id` and `repo_visibility`.
For more information, see "[About security hardening with OpenID Connect](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token)."
# https://github.com/github/releases/issues/2326
- |
GitHub Actions users who use dependency caching to speed up workflows can now use the GitHub Actions Cache REST API to accomplish the following tasks.
- List all caches within a repository and sort by metadata.
- Delete a corrupt or stale cache entry.
For more information, see "[Caching dependencies to speed up workflows](/actions/using-workflows/caching-dependencies-to-speed-up-workflows#managing-caches)" and "[GitHub Actions Cache](/rest/actions/cache)" in the REST API documentation.
# https://github.com/github/docs-content/issues/7689
- |
If a non-ephemeral self-hosted GitHub Actions runner does not communicate with the GitHub Enterprise Server instance for more than 14 days, the instance will automatically remove the runner. If an ephemeral self-hosted runner does not communicate with the instance for more than one day, the instance will automatically remove the runner. Previously, GitHub Enterprise Server removed runners after 30 days. For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners#about-self-hosted-runners)."
# https://github.com/github/releases/issues/2210
- |
GitHub Actions can run self-hosted macOS workflows in a macOS ARM64 runtime with [runner](https://github.com/actions/runner) support for Apple silicon, such as the M1 or M2 chip. For more information, see "[Using self-hosted runners in a workflow](/actions/hosting-your-own-runners/using-self-hosted-runners-in-a-workflow#using-default-labels-to-route-jobs)."
- heading: GitHub Pages
notes:
# https://github.com/github/blog/pull/3655
- |
Users can deploy a GitHub Pages site directly from a repository using GitHub Actions, without configuration of a publishing source. Using GitHub Actions provides control over the authoring framework and version, as well as more control over the publishing process with features like deployment gates. For more information, see "[Configuring a publishing source for your GitHub Pages site](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site#creating-a-custom-github-actions-workflow-to-publish-your-site)."
- heading: Repositories
notes:
# https://github.com/github/releases/issues/2329
- |
Enterprise owners can prevent users from creating repositories owned by their user accounts. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-creation)."
# https://github.com/github/releases/issues/1966
- |
Enterprise owners can control where users can fork repositories. Forking can be limited to preset combinations of organizations, the same organization as the parent repository, user accounts, or everywhere. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-forking-private-or-internal-repositories)."
# https://github.com/github/releases/issues/1974
- |
Repository administrators can block potentially destructive pushes by limiting the number of branches and tags that can be updated by a single push. By default, there is no limit to the number of branches and tags that can be updated in a single push. For more information, see "[Managing the push policy for your repository](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-the-push-policy-for-your-repository)."
# https://github.com/github/docs-content/issues/7597
- |
Users can further customize the default commit message when squash-merging a pull request. For more information, see "[Configuring commit merging for pull requests](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/configuring-commit-merging-for-pull-requests)" and "[Configuring commit squashing for pull requests](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/configuring-commit-squashing-for-pull-requests)."
# https://github.com/github/releases/issues/2179
- |
Users can create a branch from a repository's **Branches** overview page by clicking the **New branch** button. For more information, see "[Creating and deleting branches within your repository](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-and-deleting-branches-within-your-repository#creating-a-branch)."
# https://github.com/github/releases/issues/1964
# https://github.com/github/releases/issues/1965
# https://github.com/github/releases/issues/2170
# https://github.com/github/releases/issues/2369
# https://github.com/github/releases/issues/2406
- |
Improvements have been made to the creation and management of forks.
- When forking a repository, users can choose to only include the repository's default branch in the fork.
- Users can use a repository's' **Fork** button to see existing forks of the repository.
- The **Fetch upstream** button has been renamed to **Sync fork** to better describe the button's behavior. If the sync causes a conflict, the web UI prompts the user to contribute changes to the parent repository, discard changes, or resolve the conflict.
- To address situations where people work within one organization and don't want to fork a repository to a different organization or user account, users can fork a repository to the same organization as the parent repository.
- Users can fork an internal repository to another organization and the fork will retain internal visibility. When forking an internal repository, users can choose which organization should own the fork.
For more information, see "[Fork a repo](/get-started/quickstart/fork-a-repo)."
# https://github.com/github/releases/issues/1973
- |
Repository administrators can block the creation of branches that match a configured name pattern with the **Restrict pushes that create matching branches** branch protection rule. For example, if a repository's default branch changes from `master` to `main`, a repository administrator can prevent any subsequent creation or push of the `master` branch. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#restrict-who-can-push-to-matching-branches)" and "[Managing a branch protection rule](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule#creating-a-branch-protection-rule)."
# https://github.com/github/releases/issues/2105
- |
Users can create files with geoJSON, topoJSON, and STL diagrams and render the diagrams in the web interface. For more information, see "[Working with non-code files](/repositories/working-with-files/using-files/working-with-non-code-files)."
# https://github.com/github/releases/issues/2336
- |
Users can create autolink references using either alphanumeric or numeric identifiers. For more information, see "[Configuring autolinks to reference external resources autolinks](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-autolinks-to-reference-external-resources)."
# https://github.com/github/releases/issues/2399
- |
Users can customize exclusions in the file finder like `vendor/` and `build/` by using `linguist` attributes in a `.gitattributes` file. For more information, see "[Finding files on GitHub](/search-github/searching-on-github/finding-files-on-github#customizing-excluded-files)" and "[Customizing how changed files appear on GitHub](/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github)."
- heading: Pull requests
notes:
# https://github.com/github/releases/issues/2178
- |
Users can browse the files modified in an individual commit using the tree view. For more information, see "[About commits](/pull-requests/committing-changes-to-your-project/creating-and-editing-commits/about-commits#using-the-file-tree)."
- heading: Issues
notes:
# https://github.com/github/releases/issues/2488
- |
Users can manually link existing branches or pull requests to an issue from the "Development" section in the issue's sidebar. For more information, see "[Linking a pull request to an issue](/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#manually-linking-a-pull-request-or-branch-to-an-issue-using-the-issue-sidebar)."
- heading: Markdown
notes:
# https://github.com/github/releases/issues/2027
- |
Users can use Mermaid syntax when writing Markdown, which displays a diagram when rendering the Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams)."
# https://github.com/github/docs-content/issues/7471
- |
Users can write mathematical expressions using fenced code blocks with the `math` syntax in addition to the existing delimiters. `$$` is not required with this method. For more information, see "[Writing mathematical expressions](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions)."
# https://github.com/github/releases/issues/2105
- |
Users can render maps directly in Markdown using fenced code blocks with the `geojson` or `topojson` syntax, and embed STL 3D renders using `stl` syntax. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams)."
# https://github.com/github/releases/issues/2345
- |
In Markdown, users can write LaTeX-style syntax to render math expressions inline using `$` delimiters, or in blocks using `$$` delimiters. For more information, see "[Writing mathematical expressions](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions)."
changes:
- Secret scanning no longer supports custom patterns that use `.*` as an end delimiter in the "After secret" field, as the pattern syntax would cause scan problems and inconsistencies.
# https://github.com/github/releases/issues/2535
- When creating a new release, users can now submit the form using <kbd>Ctrl</kbd> + <kbd>Enter</kbd> in macOS, or <kbd>Ctrl</kbd> + <kbd>Enter</kbd> in Windows or Linux.
# https://github.com/github/releases/issues/2533
- The **Wiki** tab in a repository only appears when a wiki exists. Previously, the tab always appeared.
# https://github.com/github/releases/issues/2410
- Rendered wikis display mathematical expressions and Mermaid diagrams.
# https://github.com/github/releases/issues/2534
- The size of the search field for user, organization, and enterprise audit logs has increased.
# https://github.com/github/releases/issues/2344
- To improve stability, the service for rendering GeoJSON, Jupyter Notebook, PDF, PSD, SVG, SolidWorks, and other binary formats has been replaced.
known_issues:
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
- Custom firewall rules are removed during the upgrade process.
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
- Actions services need to be restarted after restoring an instance from a backup taken on a different host.
- In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- In some cases, users cannot convert existing issues to discussions.
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
deprecations:
# https://github.com/github/releases/issues/2395
- Commit comments, which are comments that users add directly to a commit outside of a pull request, no longer appear in the pull request timeline. Users could not reply to or resolve these comments. The Timeline events REST API and the GraphQL API's `PullRequest` object also no longer return commit comments.
# https://github.com/github/releases/issues/2380
- Diffing GeoJSON, PSD, and STL files is no longer possible.
# https://github.com/github/releases/issues/2480
- Package registries on the new GitHub Packages architecture, including Container registry and npm packages, no longer expose data through the GraphQL API. In a coming release, other GitHub Packages registries will migrate to the new architecture, which will deprecate the GraphQL API for those registries as well. GitHub recommends using the REST API to programmatically access information about GitHub Packages. For more information, see "[Packages](/rest/packages)" in the REST API documentation.

397
data/release-notes/enterprise-server/3-7/0.yml
View File

@@ -1,397 +0,0 @@
date: '2022-10-25'
release_candidate: false
deprecated: false
intro: |
For upgrade instructions, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
sections:
features:
- heading: Instance administration
notes:
# https://github.com/github/releases/issues/2407
- |
To increase the security of the Management Console, site administrators can configure the rate limit for sign-in attempts, as well as the lockout duration after exceeding the rate limit. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-rate-limits#configuring-rate-limits-for-authentication-to-the-management-console)."
# https://github.com/github/releases/issues/2407
- |
The minimum password requirements for the Management Console are more stringent.
# https://github.com/github/releases/issues/2497
- |
Attempts to authenticate to the Management Console and changes made by a site administrator within the Management Console are written to a log file in `/var/log/enterprise-manage/audit.log`.
- heading: Instance services
notes:
# https://github.com/github/releases/issues/2344
- |
Azure Maps replaces MapBox for rendering GeoJSON files as graphical maps. Administrators can enable map rendering and provide an Azure Maps token in the Management Console. For more information, see "[Administering your instance from the Management Console](/admin/configuration/administering-your-instance-from-the-management-console)."
- heading: Authentication
notes:
# https://github.com/github/releases/issues/2197
- |
Users can verify commits using an SSH public key. For more information, see "[About commit signature verification](/authentication/managing-commit-signature-verification/about-commit-signature-verification#ssh-commit-signature-verification)."
# https://github.com/github/releases/issues/2460
- |
Site administrators can provision users and groups on a GitHub Enterprise Server instance automatically with SCIM. SCIM for GitHub Enterprise Server is in private beta and subject to change. For more information, see "[Configuring user provisioning with SCIM for your enterprise](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise)" and "[SCIM](/rest/enterprise-admin/scim)" in the REST API documentation.
- heading: GitHub Advanced Security
notes:
# https://github.com/github/releases/issues/2373
- |
Users on an instance with a GitHub Advanced Security license can view and comment on code scanning alerts in their repository within a pull request's **Conversation** tab. If the **Require conversation resolution before merging** branch protection rule is enabled for the repository, all comments on these code scanning alerts must be resolved before a user merges the pull request. For more information, see "[About code scanning](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning#about-code-scanning)," "[About pull request reviews](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews)," and "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-conversation-resolution-before-merging)."
# https://github.com/github/releases/issues/2388
- |
To simplify the rollout of secret scanning for instances with dozens, hundreds, or even thousands of organizations, enterprise owners on an instance with a GitHub Advanced Security license can enable secret scanning and push protection for the instance using the web interface. For more information, see "[Managing GitHub Advanced Security features for your enterprise](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
# https://github.com/github/releases/issues/2389
- |
Organization owners on an instance with a GitHub Advanced Security license can perform a dry run of custom patterns for secret scanning for all repositories within an organization. For more information, see "[Defining custom patterns for secret scanning](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
# https://github.com/github/releases/issues/2383
- |
If a site administrator has enabled email notifications for an instance with a GitHub Advanced Security license, users who watch a repository's secret scanning alerts will receive an email notification when a contributor bypasses a secret blocked by push protection. Previously, notifications were not sent if the secret was marked as a false positive or used in tests. For more information, see "[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)" and "[Configuring email for notifications](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications)."
# https://github.com/github/releases/issues/2355
- |
To ease the management of dozens or hundreds of custom patterns for secret scanning, users, organization owners, or enterprise owners on an instance with a GitHub Advanced Security license can sort and filter the list of patterns for a repository, organization, or the entire instance. For more information, see "[Defining custom patterns for secret scanning](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
# https://github.com/github/releases/issues/2319
- |
Users on an instance with a GitHub Advanced Security license who protect pushes with secret scanning can specify a custom link that will display in the error message when push protection detects and blocks a potential secret. For more information, see "[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
# https://github.com/github/releases/issues/2445
- |
Users can publish CodeQL packs to the Container registry. For more information, see [Creating and working with CodeQL packs](https://codeql.github.com/docs/codeql-cli/creating-and-working-with-codeql-packs/) in the CodeQL CLI documentation.
# https://github.com/github/releases/issues/2445
- |
Users on an instance with a GitHub Advanced Security license can use CodeQL packs with code scanning, including packs that are published to the instance's GitHub Container registry. For more information, see "[Configuring code scanning](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#downloading-codeql-packs-from-github-enterprise-server)" and [Publishing and using CodeQL packs](https://codeql.github.com/docs/codeql-cli/publishing-and-using-codeql-packs/)" in the CodeQL CLI documentation.
# https://github.com/github/releases/issues/2403
- |
Users on an instance with a GitHub Advanced Security license can exclude unnecessary CodeQL queries for code scanning by using query filters. For more information, see "[Configuring code scanning](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#about-code-scanning-configuration)."
# https://github.com/github/releases/issues/2405
- |
Enterprise owners on an instance with a GitHub Advanced Security license can retrieve code scanning results for the entire instance using the REST API. The new endpoint supplements the existing endpoints for repositories and organizations. For more information, see "[Code Scanning](/rest/code-scanning#list-code-scanning-alerts-for-an-enterprise)" in the REST API documentation.
# https://github.com/github/releases/issues/2417
- |
Organization owners on an instance with a GitHub Advanced Security license can retrieve the enablement status or configure the automatic enablement of the following features using the REST API.
- GitHub Advanced Security
- Secret scanning
- Push protection
For more information, see "[Organizations](/rest/orgs/orgs#enable-or-disable-a-security-feature-for-an-organization)" in the REST API documentation.
# https://github.com/github/releases/issues/2348
- |
Users on an instance with a GitHub Advanced Security license can use cursors to paginate secret scanning alert results retrieved with the REST API's organization and repository endpoints. For more information, see "[Secret scanning](/rest/secret-scanning)" in the REST API documentation.
- heading: Dependabot
notes:
# https://github.com/github/releases/issues/2256
- |
The security overview for the instance includes information about Dependabot. For more information, see "[Viewing the security overview](/code-security/security-overview/viewing-the-security-overview#viewing-the-security-overview-for-an-enterprise)."
# https://github.com/github/releases/issues/2308
- |
Users can see more information about the activity associated with a Dependabot alert. Within the details for a Dependabot alert, users can see a timeline of events, such as when the alert was opened, fixed, or reopened. Events will also show additional metadata when available, like relevant pull requests. For more information, see "[About Dependabot alerts](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
# https://github.com/github/releases/issues/2382
- |
Users' Dependabot alerts are sorted by importance by default. Importance considers CVSS as the primary factor, as well as potential risk, relevancy, and ease of fixing the vulnerability. The calculation will improve over time.
# https://github.com/github/releases/issues/2163
- |
Users can sort Dependabot alerts by the scope of the dependency, either runtime or development.
# https://github.com/github/releases/issues/2421
- |
Users can optionally add a comment when dismissing a Dependabot alert. Dismissal comments appear in the event timeline and within the `dismissComment` field in the GraphQL API's `RepositoryVulnerabilityAlert` object. For more information about the GraphQL API, see "[Objects](/graphql/reference/objects#repositoryvulnerabilityalert)" in the GraphQL API documentation.
# https://github.com/github/releases/issues/2160
- |
Users can select multiple Dependabot alerts, then dismiss or reopen the alerts. For example, from the **Closed alerts** tab, you can select multiple alerts that have been previously dismissed, and then reopen them all at once.
# https://github.com/github/releases/issues/2417
- |
Organization owners on an instance can retrieve the enablement status or configure the automatic enablement of the following features for dependency management using the REST API.
- Dependency graph
- Dependabot alerts
- Dependabot security updates
For more information, see "[Organizations](/rest/orgs/orgs#enable-or-disable-a-security-feature-for-an-organization)" in the REST API documentation.
- heading: Code security
notes:
# https://github.com/github/releases/issues/2300
- |
Enterprise owners, organization owners, and security managers can access a centralized view of risk across the entire instance. The view also includes an alert-centric view of all code scanning, secret scanning, and Dependabot alerts. Enterprise owners can view alerts for organizations that they are owners of. Organization owners and security managers can view repositories and alerts for the organizations that they have full access to. For more information, see "[About the security overview](/code-security/security-overview/about-the-security-overview)."
# https://github.com/github/releases/issues/2415
- |
Organization owners can manage teams of security managers using the REST API. For more information, see "[Security Managers](/rest/orgs/security-managers)" in the REST API documentation.
# https://github.com/github/releases/issues/2295
# https://github.com/github/releases/issues/2307
- |
Users of the [GitHub Advisory Database](https://github.com/advisories) can now see advisories for GitHub Actions vulnerabilities. For more information, see "[Browsing security advisories in the GitHub Advisory Database](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)."
# https://github.com/github/releases/issues/2099
- |
Users can populate a repository's dependency graph by submitting the dependencies for the repository using the REST API. The dependency graph powers Dependabot alerts and Dependabot security updates. For more information, see "[Using the Dependency submission API](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
- heading: GitHub Actions
notes:
# https://github.com/github/releases/issues/2577
- |
GitHub Actions supports Google Cloud Storage as a storage provider for logs, artifacts, and caches. For more information, see "[Enabling GitHub Actions with Google Cloud Storage](/enterprise-server@3.7/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage)."
# https://github.com/github/releases/issues/2409
- |
GitHub Actions users who use dependency caching to speed up workflows can now use the GitHub CLI to manage the GitHub Actions cache for a repository. To manage caches using the GitHub CLI, install the `gh-actions-cache` extension. For more information, see the [`gh-actions-cache` documentation](https://github.com/actions/gh-actions-cache#readme).
# https://github.com/github/releases/issues/2340
- |
Workflow re-runs in GitHub Actions use the actor who initially triggered the workflow for privilege evaluation. The actor who triggered the re-run will continue to be displayed in the UI, and can be accessed in a workflow via the `triggering_actor` field in the `github` context. For more information, see "[Re-running workflows and jobs](/actions/managing-workflow-runs/re-running-workflows-and-jobs)" and "[Contexts](/actions/learn-github-actions/contexts#github-context)."
# https://github.com/github/docs-content/issues/7093
# https://github.com/github/docs-content/issues/7094
- |
Users can call reusable workflows from a matrix or other reusable workflows. For more information, see "[Reusing workflows](/actions/using-workflows/reusing-workflows#using-reusable-workflows)."
# https://github.com/github/releases/issues/2292
- |
When querying GitHub Actions for artifacts, the REST API returns information about the run and branch that produced the artifact. For more information, see "[GitHub Actions Artifacts](/rest/actions/artifacts)" in the REST API documentation.
# https://github.com/github/releases/issues/2325
- |
To support secure cloud deployments at scale, organization owners and repository administrators can complete the following tasks with the OpenID Connect REST API. For more information, see "[GitHub Actions OIDC](/rest/actions/oidc)" in the REST API documentation
- Enable a standard OpenID Connect configuration across cloud deployment workflows by customizing the `subject` claim format.
- Ensure additional compliance and security for OpenID Connect deployments by appending the `issuer` URL with the enterprise's slug.
- Configure advanced OpenID Connect policies by using additional OpenID Connect token claims like `repository_id` and `repo_visibility`.
For more information, see "[About security hardening with OpenID Connect](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token)."
# https://github.com/github/releases/issues/2326
- |
GitHub Actions users who use dependency caching to speed up workflows can now use the GitHub Actions Cache REST API to accomplish the following tasks.
- List all caches within a repository and sort by metadata.
- Delete a corrupt or stale cache entry.
For more information, see "[Caching dependencies to speed up workflows](/actions/using-workflows/caching-dependencies-to-speed-up-workflows#managing-caches)" and "[GitHub Actions Cache](/rest/actions/cache)" in the REST API documentation.
# https://github.com/github/docs-content/issues/7689
- |
If a non-ephemeral self-hosted GitHub Actions runner does not communicate with the GitHub Enterprise Server instance for more than 14 days, the instance will automatically remove the runner. If an ephemeral self-hosted runner does not communicate with the instance for more than one day, the instance will automatically remove the runner. Previously, GitHub Enterprise Server removed runners after 30 days. For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners#about-self-hosted-runners)."
# https://github.com/github/releases/issues/2210
- |
GitHub Actions can run self-hosted macOS workflows in a macOS ARM64 runtime with [runner](https://github.com/actions/runner) support for Apple silicon, such as the M1 or M2 chip. For more information, see "[Using self-hosted runners in a workflow](/actions/hosting-your-own-runners/using-self-hosted-runners-in-a-workflow#using-default-labels-to-route-jobs)."
- heading: GitHub Pages
notes:
# https://github.com/github/blog/pull/3655
- |
Users can deploy a GitHub Pages site directly from a repository using GitHub Actions, without configuration of a publishing source. Using GitHub Actions provides control over the authoring framework and version, as well as more control over the publishing process with features like deployment gates. For more information, see "[Configuring a publishing source for your GitHub Pages site](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site#creating-a-custom-github-actions-workflow-to-publish-your-site)."
- heading: Repositories
notes:
# https://github.com/github/releases/issues/2329
- |
Enterprise owners can prevent users from creating repositories owned by their user accounts. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-creation)."
# https://github.com/github/releases/issues/1966
- |
Enterprise owners can control where users can fork repositories. Forking can be limited to preset combinations of organizations, the same organization as the parent repository, user accounts, or everywhere. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-forking-private-or-internal-repositories)."
# https://github.com/github/releases/issues/1974
- |
Repository administrators can block potentially destructive pushes by limiting the number of branches and tags that can be updated by a single push. By default, there is no limit to the number of branches and tags that can be updated in a single push. For more information, see "[Managing the push policy for your repository](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-the-push-policy-for-your-repository)."
# https://github.com/github/docs-content/issues/7597
- |
Users can further customize the default commit message when squash-merging a pull request. For more information, see "[Configuring commit merging for pull requests](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/configuring-commit-merging-for-pull-requests)" and "[Configuring commit squashing for pull requests](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/configuring-commit-squashing-for-pull-requests)."
# https://github.com/github/releases/issues/2179
- |
Users can create a branch from a repository's **Branches** overview page by clicking the **New branch** button. For more information, see "[Creating and deleting branches within your repository](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-and-deleting-branches-within-your-repository#creating-a-branch)."
# https://github.com/github/releases/issues/2233
- |
When a user renames or moves a file to a new directory, if at least half of the file's contents are identical, the commit history indicates that the file was renamed, similar to `git log --follow`. For more information, see the [GitHub Blog](https://github.blog/changelog/2022-06-06-view-commit-history-across-file-renames-and-moves/). [Updated: 2023-02-10]
# https://github.com/github/releases/issues/1964
# https://github.com/github/releases/issues/1965
# https://github.com/github/releases/issues/2170
# https://github.com/github/releases/issues/2369
# https://github.com/github/releases/issues/2406
- |
Improvements have been made to the creation and management of forks.
- When forking a repository, users can choose to only include the repository's default branch in the fork.
- Users can use a repository's' **Fork** button to see existing forks of the repository.
- The **Fetch upstream** button has been renamed to **Sync fork** to better describe the button's behavior. If the sync causes a conflict, the web UI prompts the user to contribute changes to the parent repository, discard changes, or resolve the conflict.
- To address situations where people work within one organization and don't want to fork a repository to a different organization or user account, users can fork a repository to the same organization as the parent repository.
- Users can fork an internal repository to another organization and the fork will retain internal visibility. When forking an internal repository, users can choose which organization should own the fork.
For more information, see "[Fork a repo](/get-started/quickstart/fork-a-repo)."
# https://github.com/github/releases/issues/1973
- |
Repository administrators can block the creation of branches that match a configured name pattern with the **Restrict pushes that create matching branches** branch protection rule. For example, if a repository's default branch changes from `master` to `main`, a repository administrator can prevent any subsequent creation or push of the `master` branch. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#restrict-who-can-push-to-matching-branches)" and "[Managing a branch protection rule](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule#creating-a-branch-protection-rule)."
# https://github.com/github/releases/issues/2105
- |
Users can create files with geoJSON, topoJSON, and STL diagrams and render the diagrams in the web interface. For more information, see "[Working with non-code files](/repositories/working-with-files/using-files/working-with-non-code-files)."
# https://github.com/github/releases/issues/2336
- |
Users can create autolink references using either alphanumeric or numeric identifiers. For more information, see "[Configuring autolinks to reference external resources autolinks](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-autolinks-to-reference-external-resources)."
# https://github.com/github/releases/issues/2399
- |
Users can customize exclusions in the file finder like `vendor/` and `build/` by using `linguist` attributes in a `.gitattributes` file. For more information, see "[Finding files on GitHub](/search-github/searching-on-github/finding-files-on-github#customizing-excluded-files)" and "[Customizing how changed files appear on GitHub](/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github)."
- heading: Pull requests
notes:
# https://github.com/github/releases/issues/2178
- |
Users can browse the files modified in an individual commit using the tree view. For more information, see "[About commits](/pull-requests/committing-changes-to-your-project/creating-and-editing-commits/about-commits#using-the-file-tree)."
- heading: Issues
notes:
# https://github.com/github/releases/issues/2488
- |
Users can manually link existing branches or pull requests to an issue from the "Development" section in the issue's sidebar. For more information, see "[Linking a pull request to an issue](/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#manually-linking-a-pull-request-or-branch-to-an-issue-using-the-issue-sidebar)."
- heading: Markdown
notes:
# https://github.com/github/releases/issues/2027
- |
Users can use Mermaid syntax when writing Markdown, which displays a diagram when rendering the Markdown. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams)."
# https://github.com/github/docs-content/issues/7471
- |
Users can write mathematical expressions using fenced code blocks with the `math` syntax in addition to the existing delimiters. `$$` is not required with this method. For more information, see "[Writing mathematical expressions](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions)."
- **Note**: This feature is unavailable in GitHub Enterprise Server 3.7. The feature will be available in an upcoming release. [Updated: 2022-11-16]
# https://github.com/github/releases/issues/2105
- |
Users can render maps directly in Markdown using fenced code blocks with the `geojson` or `topojson` syntax, and embed STL 3D renders using `stl` syntax. For more information, see "[Creating diagrams](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams)."
# https://github.com/github/releases/issues/2345
- |
In Markdown, users can write LaTeX-style syntax to render math expressions inline using `$` delimiters, or in blocks using `$$` delimiters. For more information, see "[Writing mathematical expressions](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions)."
changes:
# https://github.com/github/releases/issues/2344
- |
To improve stability, the service for rendering GeoJSON, Jupyter Notebook, PDF, PSD, SVG, SolidWorks, and other binary formats has been replaced.
- |
If TLS and subdomain isolation are configured for your instance and your certificate is not a wildcard certificate, you must generate a new certificate that includes the additional subdomains for these services, `notebooks.HOSTNAME` and `viewscreen.HOSTNAME`. For more information, see "[Enabling subdomain isolation](/admin/configuration/configuring-network-settings/enabling-subdomain-isolation)." [Updated: 2022-12-02]
- Secret scanning no longer supports custom patterns that use `.*` as an end delimiter in the "After secret" field, as the pattern syntax would cause scan problems and inconsistencies.
# https://github.com/github/releases/issues/2535
- When creating a new release, users can now submit the form using <kbd>Ctrl</kbd> + <kbd>Enter</kbd> in macOS, or <kbd>Ctrl</kbd> + <kbd>Enter</kbd> in Windows or Linux.
# https://github.com/github/releases/issues/2533
- The **Wiki** tab in a repository only appears when a wiki exists. Previously, the tab always appeared.
# https://github.com/github/releases/issues/2410
- Rendered wikis display mathematical expressions and Mermaid diagrams.
# https://github.com/github/releases/issues/2534
- The size of the search field for user, organization, and enterprise audit logs has increased.
# https://github.com/github/actions-dotnet/pull/12831
- 'The maximum number of self-hosted runners in a runner group is limited to 10,000. Previously, there was no limit. [Updated: 2023-05-24]'
- |
If a user refreshes the page while creating a new issue or pull request, the assignees, reviewers, labels and projects will all be preserved. [Updated: 2023-09-06]
known_issues:
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
- Custom firewall rules are removed during the upgrade process.
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
- Actions services need to be restarted after restoring an instance from a backup taken on a different host.
- In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- In some cases, users cannot convert existing issues to discussions.
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
In some cases after upgrading to GitHub Enterprise Server 3.7.0, users may encounter `Internal Server Error` or `500` errors when initiating `git` operations over SSH or HTTPS. Example:
```
git push origin master
Total 0 (delta 0), reused 0 (delta 0)
remote: Internal Server Error
To ghes.hostname.com:User/repo.git
! [remote rejected] master -> master (Internal Server Error)
```
If these are encountered, please [contact GitHub Enterprise Support](/support/contacting-github-support/creating-a-support-ticket) with a support bundle. The known temporary workaround at this time is to restart the `github-gitauth` service with the commands below:
```
nomad stop github-gitauth
nomad run /etc/nomad-jobs/github/gitauth.hcl
nomad status github-gitauth
```
We are currently investigating a permanent fix for a future hot patch [Updated: 2022-11-24].
- '{% data reusables.release-notes.babeld-max-threads-performance-issue %}'
- '{% data reusables.release-notes.new-subdomains-missing-from-management-console %} [Updated: 2023-01-12]'
- '{% data reusables.release-notes.git-push-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.replication-commands-in-maintenance-mode-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.slow-deleted-repos-migration-known-issue %} [Updated: 2023-05-09]'
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
deprecations:
# https://github.com/github/enterprise-releases/issues/3217
- |
**Upcoming deprecation**: In GitHub Enterprise Server 3.8 and later, unsecure algorithms will be disabled for SSH connections to the administrative shell.
# https://github.com/github/releases/issues/2395
- Commit comments, which are comments that users add directly to a commit outside of a pull request, no longer appear in the pull request timeline. Users could not reply to or resolve these comments. The Timeline events REST API and the GraphQL API's `PullRequest` object also no longer return commit comments.
# https://github.com/github/releases/issues/2380
- Diffing GeoJSON, PSD, and STL files is no longer possible.
# https://github.com/github/releases/issues/2480
- |
Package registries on the new GitHub Packages architecture, including Container registry and npm packages, no longer expose data through the GraphQL API. In a coming release, other GitHub Packages registries will migrate to the new architecture, which will deprecate the GraphQL API for those registries as well.
# https://github.com/github/releases/issues/1569
- |
In GitHub Enterprise Server 3.6 and later, GitHub is changing the supported algorithms and hash functions for Git operations over SSH. By default, SSH connections that satisfy **both** of the following conditions will fail.
{% data reusables.ssh.rsa-sha-1-connection-failure-criteria %}
You can adjust the cutoff date. For more information, see "[Configuring SSH connections to your instance](/admin/configuration/configuring-your-enterprise/configuring-ssh-connections-to-your-instance)." [Updated: 2023-09-29]
errata:
- '{% data reusables.release-notes.github-actions-secrets-encryption-docs %} [Updated: 2023-06-01]'
# https://github.com/github/releases/issues/2042
- |
"[Features](#3.7.0-features)" incorrectly indicated that users of the GitHub Advisory Database can see advisories for both Elixir and malware. These features are unavailable in GitHub Enterprise Server 3.7, and will be available in a future release. [Updated 2023-08-21]

55
data/release-notes/enterprise-server/3-7/1.yml
View File

@@ -1,55 +0,0 @@
date: '2022-11-22'
sections:
security_fixes:
- "**HIGH**: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This bug was originally reported via GitHub's Bug Bounty program and assigned [CVE-2022-23740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23740). [Updated: 2022-12-02]"
- "**HIGH**: A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability has been assigned [CVE-2022-46255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46255)."
- "**MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209)."
- "**MEDIUM**: Scoped user-to-server tokens from GitHub Apps could bypass authorization checks in GraphQL API requests when accessing non-repository resources. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2022-23739](https://www.cve.org/CVERecord?id=CVE-2022-23739)."
- "**MEDIUM**: Pull request preview links did not properly sanitize URLs, allowing a malicious user to embed dangerous links in the instances web UI. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com)."
bugs:
- If a GitHub Actions dependency uses a pinned SHA version, Dependabot will no longer mark the dependency as vulnerable.
- Running the `ghe-spokesctl` command returned a `failed to get repo metrics` error.
- Setting the maintenance mode with an IP Exception List would not persist across upgrades.
- GitHub Pages builds could time out on instances in AWS that are configured for high availability.
- Status details for the replication of Git LFS objects to repository cache replica nodes were not visible in the `ghe-repl-status` output on those nodes.
- The audit log timestamp for Dependabot alert events returned the creation date of the alert instead of the timestamp when a user took action on the alert.
- When accessing an instances JavaScript resources from behind a proxy, the browser displayed Cross-Origin Resource Sharing (CORS) errors.
- If a user named a status check with leading or trailing spaces, the instance created a duplicate check if another check existed with the same name and no leading or trailing spaces.
- If a user configured a pre-receive hook for multiple repositories, the instances **Hooks** page would not always display the correct status for the hook.
- In some cases, an instance could replace an active repository with a deleted repository.
- Git LFS objects in a repository with a cache replication policy would not be copied to cache replicas if the total number of objects in the repository exceeded 5,000.
- After running migrations for the GitHub Enterprise Importer on an instance configured for high availability, replication of migration storage assets would not catch up.
- Zombie processes no longer accumulate in the `gitrpcd` container.
- On an instance with GitHub Packages configured, package upload and installation could fail for customers using a VPC endpoint URL for AWS S3 blob storage.
- In some cases, after upgrading to GitHub Enterprise Server 3.7.0, users may encounter `Internal Server Error` or `500` errors when initiating Git operations over SSH or HTTPS.
changes:
- If a site administrator has not yet configured GitHub Actions for the instance, the UI for setting up code scanning will prompt the user to configure GitHub Actions.
- To avoid failing domain verification due to the 63-character limit enforced by DNS providers for DNS records, the GitHub-generated `TXT` record to verify domain ownership is now limited to 63 characters.
known_issues:
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
- Custom firewall rules are removed during the upgrade process.
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
- Actions services need to be restarted after restoring an instance from a backup taken on a different host.
- In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- In some cases, users cannot convert existing issues to discussions.
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- '{% data reusables.release-notes.repository-inconsistencies-errors %}'
- '{% data reusables.release-notes.babeld-max-threads-performance-issue %}'
- '{% data reusables.release-notes.new-subdomains-missing-from-management-console %} [Updated: 2023-01-12]'
- '{% data reusables.release-notes.git-push-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.replication-commands-in-maintenance-mode-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.slow-deleted-repos-migration-known-issue %} [Updated: 2023-05-09]'
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

61
data/release-notes/enterprise-server/3-7/10.yml
View File

@@ -1,61 +0,0 @@
date: '2023-05-09'
sections:
security_fixes:
- |
**MEDIUM**: Updated Git to include fixes from 2.40.1. For more information, see [Git security vulnerabilities announced](https://github.blog/2023-04-25-git-security-vulnerabilities-announced-4/) on the GitHub Blog.
bugs:
- Users were unable to upload GIF files as attachments within a comment in an issue or pull request.
- On an instance in a high availability configuration, a `git push` operation could fail if GitHub Enterprise Server was simultaneously creating the repository on a replica node.
- |
A site administrator could not bypass a proxy for a top-level domain (TLD) from the instance's exception list or IANAs registered top-level domains (TLDs).
- |
On some platforms, after someone with administrative SSH access ran `ghe-diagnostics`, the command's output included a cosmetic `SG_IO` error.
- In some cases on an instance with a GitHub Advanced Security license, users could not load the security analysis page and saw a `500` error.
- When a site administrator used GitHub Enterprise Importer to import data from GitHub Enterprise Cloud, migrations failed during the import of file-level comments. This failure no longer prevents the import from proceeding.
- On an instance with a GitHub Advanced Security license, users with the security manager role for an organization could not view GitHub Advanced Security settings for the organization.
- If a user clicked the link to share feedback or report bugs for the beta of user lists, the web interface responded with a `404` error.
- When a site administrator used GitHub Enterprise Importer, import of a repository failed if a project column in the repository contained 2,500 or more archived cards.
- On an instance with Dependabot alerts enabled, alerts were erroneously hidden when different vulnerabilities were detected by multiple build-time submission detectors.
- GitHub Enterprise Server published distribution metrics that cannot be processed by collectd. The metrics included `pre_receive.lfsintegrity.dist.referenced_oids`, `pre_receive.lfsintegrity.dist.unknown_oids`, and `git.hooks.runtime`.
- In some cases, on an instance with GitHub Actions enabled, deployment of GitHub Pages site using a GitHub Actions workflow failed with a status of `deployment_lost`.
- On an instance with a GitHub Advanced Security license that was also configured for a timezone greater than UTC, the list of secret scanning alerts displayed a "Loading secrets failed" error if a user sorted secrets by date in descending order.
changes:
- On an instance with the dependency graph enabled, background services can handle more traffic.
- |
People with administrative SSH access who generate a support bundle using the `ghe-support-bundle` or `ghe-cluster-support-bundle` utilities can specify the period of time to gather data with `-p` or `--period` without using spaces or quotes. For example, in addition to `'-p 5 days'` or `-p '4 days 10 hours'`, `-p 5days` or `-p 4days10hours` are valid.
known_issues:
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- |
Custom firewall rules are removed during the upgrade process.
- |
{% data reusables.release-notes.babeld-max-threads-performance-issue %}
- |
In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- |
{% data reusables.release-notes.repository-inconsistencies-errors %}
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- |
When using an outbound web proxy server, the `ghe-btop` command may fail in some circumstances with the error "Error querying allocation: Unexpected response code: 401".
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- '{% data reusables.release-notes.slow-deleted-repos-migration-known-issue %}'
# https://github.com/github/driftwood/issues/2746
- |
On an instance with audit log streaming enabled, the `driftwood` service does not start, preventing the normal operation of audit log streaming. [Updated: 2023-06-06]
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

45
data/release-notes/enterprise-server/3-7/11.yml
View File

@@ -1,45 +0,0 @@
date: '2023-05-30'
sections:
security_fixes:
- |
**MEDIUM**: Scoped installation tokens for a GitHub App kept approved permissions after the permissions on the integration installation were downgraded or removed. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
bugs:
- On an instance in a cluster configuration, when upgrading the MySQL master node, the post-upgrade configuration run would take 600 seconds longer than required due to incorrect detection of unhealthy nodes.
- In some situations on an instance with multiple nodes, Git replication failed to fully replicate repositories that had previously been deleted, which resulted in a warning in `ghe-repl-status` output.
- If an instance had tens of thousands of deleted repositories, an upgrade to GitHub Enterprise Server 3.7 could take longer than expected.
- On an instance with the dependency graph enabled, the correct path appears for manifests that originate from build-time submission snapshots.
changes:
- People with administrative SSH access to an instance can configure the maximum memory usage in gigabytes for Redis using `ghe-config redis.max-memory-gb VALUE`.
known_issues:
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- |
Custom firewall rules are removed during the upgrade process.
- |
{% data reusables.release-notes.babeld-max-threads-performance-issue %}
- |
In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- |
{% data reusables.release-notes.repository-inconsistencies-errors %}
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- |
When using an outbound web proxy server, the `ghe-btop` command may fail in some circumstances with the error "Error querying allocation: Unexpected response code: 401".
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- '{% data reusables.release-notes.slow-deleted-repos-migration-known-issue-updated %} [Updated: 2023-05-30]'
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

46
data/release-notes/enterprise-server/3-7/12.yml
View File

@@ -1,46 +0,0 @@
date: '2023-06-20'
sections:
security_fixes:
- |
If a user's request to the instance's API included authentication credentials within a URL parameter, administrators could see the credentials in JSON within the instance's audit log.
- Packages have been updated to the latest security versions.
bugs:
- |
If an administrator updated the instance's TLS certificate using the Management Console API's [Set settings](/rest/enterprise-admin/management-console) endpoint, sending the certificate and key data as a URL query parameter resulted in the data appearing unmasked in system logs.
- After an enterprise owner set a permanent rate limit for a users GitHub App at `http(s)://HOSTNAME/stafftools/users/USERNAME/installations`, the instance did not respect the rate limit.
- If an instance had tens of thousands of deleted repositories, an upgrade to GitHub Enterprise Server 3.7 could take longer than expected.
- On an instance with multiple nodes, when using the `spokesctl` command-line utility to manage repositories with replicas that failed to fully create, the utility would spuriously attempt to repair healthy replicas.
changes:
- If a configuration runs fails due to Elasticsearch errors, `ghe-config-apply` displays a more actionable error message.
known_issues:
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- |
Custom firewall rules are removed during the upgrade process.
- |
{% data reusables.release-notes.babeld-max-threads-performance-issue %}
- |
In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- |
{% data reusables.release-notes.repository-inconsistencies-errors %}
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- |
When using an outbound web proxy server, the `ghe-btop` command may fail in some circumstances with the error "Error querying allocation: Unexpected response code: 401".
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

87
data/release-notes/enterprise-server/3-7/13.yml
View File

@@ -1,87 +0,0 @@
date: '2023-07-18'
sections:
security_fixes:
- |
An attacker with access to the password hash of the root site administrator user for the instance's Management Console could make requests to the password API endpoint from outside of the instance.
- |
Packages have been updated to the latest security versions.
- |
**LOW:** An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and was assigned [CVE-2023-23765](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23765).
bugs:
- |
If MinIO was configured for external blob storage on an instance with GitHub Actions enabled and MinIO was configured for bucket replication, the instance's credential validation with MinIO would occasionally fail.
- |
Customers who use Azure Blob store as the remote blob provider to back GitHub Packages would have validation errors if the `EndpointSuffix` part of their Connection string was anything other than `core.windows.net`. Now all valid `EndpointSuffix` are accepted.
- |
After creation of a blob object from the web UI, pre-receive hook events were missing from the instance's audit log.
- |
On an instance with custom firewall rules defined, a configuration run with `ghe-config-apply` could take longer than expected.
- |
On an instance with an outbound web proxy server configured, the proxy interfered with internal operations that used `nomad alloc exec`.
- |
On an instance in a cluster configuration, the `ghe-cluster-balance` behaved inconsistently when displaying status or managing jobs with more than one task group.
- |
On an instance configured for LDAP authentication, if the LDAP server sent an empty string for the `sshPublicKey` attribute, LDAP user sync would fail.
- |
When an administrator updated an instance's TLS certificate via the API as a query parameter instead of in the request body, the certificate and key appeared in `unicorn.log`.
- |
On an instance with Dependabot enabled, in some situations, Dependabot alerts were not updated when a user pushed to a repository.
- |
Determining suggested reviewers on a pull request could time out or be very slow.
- |
After a migration using GitHub Enterprise Importer, some repository autolink references were created with an incorrect format.
- |
On an instance that was not configured to deliver email notifications using SMTP, background jobs to deliver email were enqueued unnecessarily.
- |
Events related to repository notifications did not appear in the audit log.
- |
On an instance with a GitHub Advanced Security license and secret scanning enabled, in some cases, a committer would not receive an email notification for a secret scanning alert where push protections were bypassed.
- |
On an instance with a GitHub Advanced Security license, if a user filtered by a custom pattern on an organizations "Code & security analysis" page using an invalid query, the entire GitHub Advanced Security disappeared and an error reading "Sorry, something went wrong loading GitHub Advanced Security settings" appeared.
- |
On an instance with a GitHub Advanced Security license and secret scanning enabled, output from Git for a push blocked by push protection always included an `http://` link.
- |
The audit log reported the incorrect target repository for pre-receive hook failures.
- |
On an instance in a high availability configuration, existing nodes with out-of-sync repositories prevented new nodes from replicating those repositories.
- |
On an instance with multiple nodes, when using the `spokesctl` command-line utility to manage repositories with replicas that failed to fully create, the utility would spuriously attempt to repair healthy replicas.
changes:
- |
On an instance in a cluster configuration, the `ghe-cluster-config-check` command-line utility will return an affirmative message when no warnings or errors are detected. The affirmative message is "Configuration validation complete. No errors found."
- |
During initialization of a cluster configuration, output from the `ghe-cluster-config-init` command-line utility is improved and simplified.
- |
On an instance with 170 or fewer vCPUs, the default for `app.babeld.threads-max` is 512 instead of 3 times the number of vCPUs. The monitor dashboard also includes metrics within the "Babeld threads" section.
- |
The Management Console displays a warning about unexpected consequences that may result from modification of the instance's hostname after initial configuration.
known_issues:
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
Custom firewall rules are removed during the upgrade process.
- |
{% data reusables.release-notes.babeld-max-threads-performance-issue %}
- |
In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- |
{% data reusables.release-notes.repository-inconsistencies-errors %}
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

34
data/release-notes/enterprise-server/3-7/14.yml
View File

@@ -1,34 +0,0 @@
date: '2023-07-28'
sections:
known_issues:
- |
Custom firewall rules are removed during the upgrade process.
- |
{% data reusables.release-notes.babeld-max-threads-performance-issue %}
- |
In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- |
{% data reusables.release-notes.repository-inconsistencies-errors %}
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- |
On an instance that is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles uploaded by a site administrator using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
changes:
- |
Adjusted the timeout threshold for shutting down MySQL to prevent premature termination when upgrading to GHES 3.9.

65
data/release-notes/enterprise-server/3-7/15.yml
View File

@@ -1,65 +0,0 @@
date: '2023-08-10'
sections:
security_fixes:
- |
**LOW:** An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a reopened pull request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com/) and was assigned [CVE-2023-23766](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23766). [Updated: 2023-09-22]
- |
Packages have been updated to the latest security versions.
bugs:
- |
In rare circumstances, Git commits signed with SSH keys using the RSA algorithm would incorrectly indicate the signature was invalid.
- |
Issues with cross references to pull requests from deleted accounts would not load.
- |
The site admin page for organizations erroneously included a "Blocked Copilot Repositories" link.
- |
The checks in the merge box for a pull request did not always match the the checks for the most recent commit in the pull request.
- |
When a site administrator used GitHub Enterprise Importer on versions 3.7 and below to migrate repositories from GitHub Enterprise Server, the system backup size would increase after running many migrations due to storage files not being cleaned up.
- |
API results were incomplete, and ordering of results was incorrect if `asc` or `desc` appeared in lowercase within the API query.
- |
A collaborator with the "Set the social preview" permission inherited from the "Read" role couldnt upload the social preview image of a repository.
- |
In some cases, on an instance with GitHub Actions enabled, deployment of GitHub Pages site using a GitHub Actions workflow failed with a status of `deployment_lost`.
- |
On an instance in a high availability configuration, existing nodes with out-of-sync repositories prevented new nodes from replicating those repositories.
- |
GitHub Enterprise Server was queuing zip jobs unnecessarily.
- |
On an instance configured to use an outbound web proxy server, an administrator could not exclude private domains in [this list](https://github.com/weppos/publicsuffix-ruby/blob/main/data/list.txt) from the proxy configuration. [Updated: 2023-11-27]
changes:
- |
The description of the `ghe-cluster-balance` command line utility clarifies that it can be used to balance jobs other than `github-unicorn`.
- |
Administrators can display all repositories in a network with `spokesctl` by using the `repositories` subcommand.
- |
Site administrators can see improved diagnostic information about repositories that have been deleted.
- |
The secondary abuse rate limits of the GraphQL API are now configurable in the Management Console. [Updated: 2023-09-01]
known_issues:
- |
Custom firewall rules are removed during the upgrade process.
- |
In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- |
Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
- |
{% data reusables.release-notes.repository-inconsistencies-errors %}
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

41
data/release-notes/enterprise-server/3-7/16.yml
View File

@@ -1,41 +0,0 @@
date: '2023-08-24'
sections:
security_fixes:
- |
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after the fork's visibility was changed to private. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and assigned [CVE-2023-23763](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23763). [Updated: 2023-09-01]
- Packages have been updated to the latest security versions.
bugs:
- syslog-ng configurations for containerized services caused errors for log forwarding services. The configurations have been removed.
- When an instance exhausted available memory, in some cases, the system's out-of-memory killer (OOMK) killed the process for `dockerd`, causing Nomad to fail to recover after systemd restarted Docker.
- When running the ghe-migrator, certain error messages contained an invalid link to import documentation.
- On an instance with Dependabot alerts enabled, repository creation could fail if an organization owner did not set a primary email address.
- On an instance with a GitHub Advanced Security license and secret scanning enabled, in some cases, custom patterns would erroneously show no results for a dry run.
changes:
- Administrators with SSH access to an instance can view the version of GitHub Enterprise Server on the instance by using the `-v` flag with the `ghe-version` utility.
- As a security measure, GitHub Pages does not build sites that contain symbolic links except when using custom GitHub Actions workflows. When the page builder encounters a symbolic link, the build will fail with an error indicating that the symbolic link should be dereferenced. Custom workflows for GitHub Pages are available in GitHub Enterprise Server 3.7 and later.
known_issues:
- |
Custom firewall rules are removed during the upgrade process.
- |
In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- |
Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
- |
{% data reusables.release-notes.repository-inconsistencies-errors %}
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-09-04]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

44
data/release-notes/enterprise-server/3-7/17.yml
View File

@@ -1,44 +0,0 @@
date: '2023-09-21'
sections:
security_fixes:
- HTTP Strict Transport Security (HSTS) is enabled within the Management Console.
- To prevent commits from a detached repository from syncing to prior forks that are now in a separate repository network, GitHub Enterprise Server closes pull requests between repositories during detachment.
- Packages have been updated to the latest security versions.
bugs:
- When displaying a list of subdomains in the Management Console, the list included the outdated `render` subdomain, and excluded the newer `containers`, `docker`, `notebook`, and `viewscreen` subdomains.
- On an instance in a cluster configuration, the Cluster-Balance daemon would run against jobs not specified in the configuration.
- Duplicated intermediate commit trailers wont appear in pull request squash messages.
- On an instance with a GitHub Advanced Security license and secret scanning enabled, and when using Safari, changing additional match requirements for a custom pattern did not retrigger custom pattern evaluation against a user submitted test string.
- When viewing git blame data, the reviewer menu was loaded even when the suggested reviewer calculation timed out.
- When migrating a repository from a GitHub Enterprise Server instance to another location, the `ghe-migrator target_url` command allows you to record the repository's new location. The new URL is displayed when you visit the main page of the repository in the web interface.
- On an instance with subdomain isolation disabled, a notebook could not be loaded due to an extra `/` character in the URL path.
- On an instance with a GitHub Advanced Security license and secret scanning enabled, in some cases, custom patterns would erroneously show no results for a dry run.
changes:
- Site administrators can see improved diagnostic information about repositories that have been deleted.
- When providing data to GitHub Support, GitHub Enterprise Server displays a notice describing how support data is used before uploading the support files.
known_issues:
- |
Custom firewall rules are removed during the upgrade process.
- |
In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- |
Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
- |
{% data reusables.release-notes.repository-inconsistencies-errors %}
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

51
data/release-notes/enterprise-server/3-7/18.yml
View File

@@ -1,51 +0,0 @@
date: '2023-10-24'
sections:
security_fixes:
- |
**LOW:** Due to an incorrect permission assignment for some configuration files, an attacker with access to a local operating system user account could read MySQL connection details including the MySQL password. [Updated: 2023-11-13]
- |
Packages have been updated to the latest security versions.
bugs:
- |
`/var/log/lastlog` was not copied over as a sparse file during `ghe-upgrade`, which could cause issues by using additional disk space.
- |
`ghe-repl-status` did not identify Git replicas in certain incomplete states and incorrectly suggested that a failover could be performed safely. In some cases, this led to data loss during failover.
- |
Repository exports using `ghe-migrator` or the REST API's operation for organization migrations could fail when a large number of commit comments or long commit comments were present.
- |
On an instance with a GitHub Advanced Security license and secret scanning enabled, secret scanning suggested incorrect filters when viewing both open and closed alerts.
- |
On an instance with multiple nodes, `ghe-spokes status` did not identify Git replicas in certain incomplete states, causing a false report that replication was in sync and leading to data loss or replication issues during failover.
- |
On an instance with a GitHub Advanced Security license and secret scanning enabled, dry runs sometimes incorrectly reported no results for custom patterns.
changes:
- |
On an instance in a cluster configuration, administrators can identify the repository networks or gists that are common across a specified set of storage nodes using the `spokesctl find-on-replicas` command.
- |
As a security measure, GitHub Pages does not build sites that contain symbolic links except when using custom GitHub Actions workflows. This change strengthens GitHub Pages's symbolic link detection.
known_issues:
- |
Custom firewall rules are removed during the upgrade process.
- |
In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- |
Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
- |
{% data reusables.release-notes.repository-inconsistencies-errors %}
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

91
data/release-notes/enterprise-server/3-7/19.yml
View File

@@ -1,91 +0,0 @@
date: '2023-12-21'
sections:
security_fixes:
- |
**HIGH**: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-46645](https://www.cve.org/cverecord?id=CVE-2023-46645).
- |
**MEDIUM**: An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server backend service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server instance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. GitHub has requested CVE ID [CVE-2023-6746](https://www.cve.org/CVERecord?id=CVE-2023-6746) for this vulnerability.
- |
**MEDIUM**: Due to an improper access control, an attacker could view private repository names by enumerating check run IDs with the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content other than the name. GitHub has requested CVE ID [CVE-2023-46646](https://www.cve.org/CVERecord?id=CVE-2023-46646) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- |
**MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required `contents.write` and `issues.read` permissions. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51379](https://www.cve.org/CVERecord?id=CVE-2023-51379).
- |
**MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be read with an improperly scoped token. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51380](https://www.cve.org/CVERecord?id=CVE-2023-51380).
- |
**LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)."
- |
To address scenarios that could lead to denial of service, HAProxy has been upgraded to version 2.8.4. [Updated 2024-01-03]
- |
Packages have been updated to the latest security versions.
bugs:
- |
When an administrator ran the `ghe-support-bundle` or `ghe-cluster-support-bundle` command, the `-p` flag did not produce bundles with log durations as specified. The duration period can now only be specified in `days`. Additionally, unnecessary files were sanitized by the commands.
- |
On an instance in a cluster configuration, upgrades could fail due to a background job running during database migration.
- |
On an instance in a high availability configuration, the `ghe-repl-teardown` command failed when provided with a UUID.
- |
In some environments, stale `.backup` log files could accumulate in the system.
- |
On an instance hosted on AWS, when configuring GitHub Packages, virtual-hosted-style AWS S3 URLs would default to path-style URLs if a `region-code` was included. For more information, see [Virtual hosting of buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html) in the AWS documentation.
- |
Because the `|` character was not permitted, administrators could not add an SMTP username to authenticate with the Azure Communication Service.
- |
On an instance with a GitHub Advanced Security license and secret scanning enabled, site administrators using the `ghe-secret-scanning` command would not see a relevant error message if their input was invalid.
- |
After importing a migration archive using `ghe-migrator` or REST API endpoints for organization migrations, in some cases, some review comments within pull requests were not associated with lines of code.
- |
On an instance with a GitHub Advanced Security license and secret scanning enabled, secret scanning alert emails were sent to organization owners even if their email address did not comply with domain restrictions.
- |
A missing executable on the PATH caused the `ghe-spokesctl ssh` command to fail.
- |
On an instance with GitHub Connect enabled, some system users were incorrectly counted as consuming a license following license sync.
- |
A user in the process of being converted into an organization could be added as a collaborator on a repository. This resulted in the new organizations owners unexpectedly receiving access to the repository.
- |
Pre-receive hook failures were not visible in the administrator audit log.
- |
On an instance with a GitHub Advanced Security license and secret scanning enabled, dry runs sometimes incorrectly reported no results for custom patterns.
changes:
- |
When adding a node to an instance, performance is improved during initial database replication.
- |
An administrator can run the new `ghe-check-background-upgrade-jobs` command to ensure all upgrade jobs that run in the background have finished. This allows the administrator to know when they can start the next upgrade to their GitHub Enterprise Server instance.
- |
When using `ghe-migrator prepare` to import an archive, a missing `schema.json` file results in an `UnsupportedArchive` error rather than an `UnsupportedSchemaVersion` error.
- |
As a security measure, GitHub Pages does not build sites that contain symbolic links except when using custom GitHub Actions workflows. When the page builder encounters a symbolic link, the build will fail with an error indicating that the symbolic link should be dereferenced. Custom workflows for GitHub Pages are available in GitHub Enterprise Server 3.7 and later.
known_issues:
- |
Custom firewall rules are removed during the upgrade process.
- |
The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
- |
In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- |
Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
- |
{% data reusables.release-notes.repository-inconsistencies-errors %}
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
- |
On an instance hosted in AWS, system time may lose synchronization with Amazon's servers after an administrator reboots the instance.
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |
Restoring backups with `ghe-restore` on a GHES cluster will exit prematurely if `redis` has not restarted properly.
- |
{% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %} [Updated 2024-01-03]
deprecations:
- heading: Interactive maps in the web UI no longer allow authentication using an Azure Maps API key
notes:
- |
To allow users to render interactive maps in an instance's web UI by writing GeoJSON or TopoJSON syntax, GitHub Enterprise Server previously required a potentially unsecure API key for authentication with Azure Maps. If an administrator previously enabled interactive maps on an instance, the feature is disabled upon upgrade to this release.
To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)" and the security fixes for this release.

55
data/release-notes/enterprise-server/3-7/2.yml
View File

@@ -1,55 +0,0 @@
date: '2022-12-13'
sections:
security_fixes:
- |
**HIGH**: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2022-46256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46256).
bugs:
- A race condition blocked upgrades to GitHub Enterprise Server 3.6 or later until a site administrator retried the upgrade.
- When a site administrator ran the `ghe-repl-status` command on a cache replica via the administrative shell (SSH), the command incorrectly reported overall Git and Alambic cluster replication status information as if it pertained only to cache replication.
- When a site administrator ran the `ghe-repl-sync-ca-certificates` command from an instances primary node via the administrative shell (SSH), the command only replicated CA certificates from the instances primary node to a single replica node. The command did not replicate the certificates to all available replica nodes.
- In a high availability configuration, after promotion of a replica to be the primary node, a site administrator could not force replication to stop on a secondary replica node using the `ghe-repl-stop -f` command.
- When using repository caching with an instance in a high availability configuration, if a Git client used SSH instead of HTTPS for a repositorys remote URL, Git LFS would fetch objects from the instances primary node instead of the appropriate cache replica node.
- Installation of GitHub Enterprise Server on the VMware ESXi hypervisor failed due to the generation of an OVA file with an invalid capacity value.
- When users performed an operation using the API, GitHub Enterprise Server enforced repository size quotas even when disabled globally.
- In some cases, searches via the API returned a `500` error.
- Adding a collaborator to a user-owned fork of a private, organization-owned repository with triage, maintain, or custom access resulted in a `500` error.
- In some cases, the page for setting up code scanning would erroneously report that GitHub Actions was not configured for the instance.
- Dismissing a Dependabot alert that contained certain characters could result in a `400` error.
- After a user's account was deleted from the instance, image attachments that the user uploaded in comments were no longer visible in the web interface.
- On an instance that uses SAML for authentication, the **Configure SSO** dropdown menu appeared erroneously for personal access tokens and SSH keys.
- An upgrade from GitHub Enterprise Server 3.5 to 3.7 could fail because the instance had not yet purged deleted repositories.
- In a high availability or repository caching configuration, Unicorn services on nodes other than the primary node were unable to send log events to the primary node.
- Fixes a bug in which a GHES log file could get filled very quickly and cause the root drive to run out of free space.
- When viewing code scanning results for Ruby, an erroneous beta label appeared.
changes:
- After an enterprise owner enables Dependabot alerts, GitHub Enterprise Server enqueues the synchronization of advisory data to ensure hourly updates from GitHub.com.
- A user's list of recently accessed repositories no longer includes deleted repositories.
- '{% data reusables.release-notes.scim-custom-mappings-supported-change %} [Updated: 2023-02-27]'
known_issues:
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
- Custom firewall rules are removed during the upgrade process.
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
- Actions services need to be restarted after restoring an instance from a backup taken on a different host.
- In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- In some cases, users cannot convert existing issues to discussions.
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- '{% data reusables.release-notes.repository-inconsistencies-errors %}'
- '{% data reusables.release-notes.babeld-max-threads-performance-issue %}'
- '{% data reusables.release-notes.new-subdomains-missing-from-management-console %} [Updated: 2023-01-12]'
- '{% data reusables.release-notes.scim-saml-tokens-known-issue %} [Updated: 2023-02-27]'
- '{% data reusables.release-notes.git-push-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.replication-commands-in-maintenance-mode-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.slow-deleted-repos-migration-known-issue %} [Updated: 2023-05-09]'
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

49
data/release-notes/enterprise-server/3-7/3.yml
View File

@@ -1,49 +0,0 @@
date: '2023-01-12'
sections:
security_fixes:
- Sanitize additional secrets in support bundles and the configuration log.
- Dependencies for the CodeQL action have been updated to the latest security versions.
- Packages have been updated to the latest security versions.
bugs:
- Some services incorrectly connected directly to kafka-lite instead of through its internal proxy. In a cluster environment where web services and job services execute on separate nodes, messages generated from the Insights job service werent delivered to kafka-lite.
- The metrics `Active workers` and `Queued requests` for `github` (renamed from metadata), `gitauth`, and `unicorn` container services werent correctly read from collectd and displayed in the Management Console.
- Dependabot Alert emails would be sent to disabled repositories.
- Data migrations could fail when the underlying database table contained only a single record.
- Sorting and filtering the list of custom patterns for secret scanning at the organization level did not work correctly.
- After upgrading to GitHub Enterprise Server 3.7, viewing the security settings page for an organization or repository could result in a `500` error due to a GitHub Advanced Security backfill job not completing before the upgrade started.
- The `git-janitor`command was unable to fix outdated `multi-pack-index.lock` files, resulting in the repository failing maintenance.
- Dropped `launch.*` metrics that can't be parsed by statsd, as the resulting statsd errors caused collectd logs to grow rapidly in size.
- When updating custom patterns, the pattern state was immediately set to published.
changes:
- Improved the reliability of the real time updates service (Alive) to make it more resilient against network issues with Redis.
- |
The `ghe-support-bundle` and `ghe-cluster-support-bundle` commands were updated to include the `-p/--period` flag to generate a time constrained support bundle. The duration can be specified in days and hours, for example: `-p '2 hours'`, `-p '1 day'`, `-p '2 days 5 hours'`.
- When upgrading an instance with a new root partition, running the `ghe-upgrade` command with the `-t/--target` option ensures the preflight check for the minimum disk storage size is executed against the target partition.
- The performance of configuration runs started with `ghe-config-apply` has been improved.
- When exporting account data, backing up a repository, or performing a migration, the link to a repository archive now expires after 1 hour. Previously the archive link expired after 5 minutes.
known_issues:
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
- Custom firewall rules are removed during the upgrade process.
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
- Actions services need to be restarted after restoring an instance from a backup taken on a different host.
- In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- In some cases, users cannot convert existing issues to discussions.
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- '{% data reusables.release-notes.repository-inconsistencies-errors %}'
- '{% data reusables.release-notes.babeld-max-threads-performance-issue %}'
- '{% data reusables.release-notes.git-push-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.replication-commands-in-maintenance-mode-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.slow-deleted-repos-migration-known-issue %} [Updated: 2023-05-09]'
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

31
data/release-notes/enterprise-server/3-7/4.yml
View File

@@ -1,31 +0,0 @@
date: '2023-01-17'
sections:
security_fixes:
- |
{% data reusables.release-notes.2023-01-git-vulnerabilities %}
known_issues:
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
- Custom firewall rules are removed during the upgrade process.
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
- Actions services need to be restarted after restoring an instance from a backup taken on a different host.
- In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- In some cases, users cannot convert existing issues to discussions.
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- '{% data reusables.release-notes.repository-inconsistencies-errors %}'
- '{% data reusables.release-notes.babeld-max-threads-performance-issue %}'
- '{% data reusables.release-notes.git-push-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.replication-commands-in-maintenance-mode-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.slow-deleted-repos-migration-known-issue %} [Updated: 2023-05-09]'
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

39
data/release-notes/enterprise-server/3-7/5.yml
View File

@@ -1,39 +0,0 @@
date: '2023-02-02'
sections:
security_fixes:
- "**MEDIUM**: A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner due to improper sanitization of null bytes. To exploit this vulnerability, an attacker would need existing permission to control the value of environment variables for use with GitHub Actions. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-22381](https://www.cve.org/CVERecord?id=CVE-2023-22381)."
- Packages have been updated to the latest security versions.
bugs:
- After a site administrator adjusted the cutoff date for allowing SSH connections with RSA keys using `ghe-config app.gitauth.rsa-sha1`, the instance would still disallow connections with RSA keys if the connection attempt was signed by the SHA-1 hash function.
- During the validation phase of a configuration run, a `No such object error` may have occurred for the Notebook and Viewscreen services.
- After disabling Dependabot updates, the avatar for Dependabot was displayed as the **@ghost** user in the Dependabot alert timeline.
- In some cases, users could experience a `500` error when viewing the **Code security & analysis** settings page for an instance with a very high number of active committers.
- Some links to contact GitHub Support or view the GitHub Enterprise Server release notes were incorrect.
- The additional committers count for GitHub Advanced Security always showed 0.
- In some cases, users were unable to convert existing issues to discussions. If an issue is stuck while being converted to a discussion, enterprise owners can review the "Known issues" section below for more information.
known_issues:
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
- Custom firewall rules are removed during the upgrade process.
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
- Actions services need to be restarted after restoring an instance from a backup taken on a different host.
- In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- '{% data reusables.release-notes.repository-inconsistencies-errors %}'
- '{% data reusables.release-notes.babeld-max-threads-performance-issue %}'
- '{% data reusables.release-notes.stuck-discussion-conversion-issue %}'
- '{% data reusables.release-notes.git-push-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.replication-commands-in-maintenance-mode-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.slow-deleted-repos-migration-known-issue %} [Updated: 2023-05-09]'
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

42
data/release-notes/enterprise-server/3-7/6.yml
View File

@@ -1,42 +0,0 @@
date: '2023-02-16'
sections:
security_fixes:
- |
**HIGH**: Updated Git to include fixes from 2.39.2, which address [CVE-2023-22490](https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q) and [CVE-2023-23946](https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh).
- |
**HIGH**: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-22380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22380).
- Packages have been updated to the latest security versions.
bugs:
- When using a VPC endpoint URL as an AWS S3 URL for GitHub Packages, publication and installation of packages failed.
- For instances with both GitHub Connect and automatic access to GitHub.com actions enabled, Dependabot would fail to update actions hosted on GitHub.com.
- The CSV file containing details about GitHub Advanced Security contributors could not be downloaded if the instance did not have a GitHub Advanced Security license.
- Collectd logs could grow rapidly in size due to the inclusion of `kredz.*` metrics, which can't be parsed by StatsD and resulted in error messages.
- On an instance with a GitHub Advanced Security license, if code scanning had been used while running GitHub Enterprise Server 3.4 or earlier, a subsequent upgrade from 3.5 to 3.6 or 3.7 could fail when attempting to add a unique index to a database table.
changes:
- After the Dependency submission REST API receives a submission with one or more dependencies without a version, the dependency graph will now correctly report this fact.
known_issues:
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
- Custom firewall rules are removed during the upgrade process.
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
- Actions services need to be restarted after restoring an instance from a backup taken on a different host.
- In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- '{% data reusables.release-notes.repository-inconsistencies-errors %}'
- '{% data reusables.release-notes.babeld-max-threads-performance-issue %}'
- '{% data reusables.release-notes.stuck-discussion-conversion-issue %}'
- '{% data reusables.release-notes.git-push-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.replication-commands-in-maintenance-mode-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.slow-deleted-repos-migration-known-issue %} [Updated: 2023-05-09]'
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

35
data/release-notes/enterprise-server/3-7/7.yml
View File

@@ -1,35 +0,0 @@
date: '2023-03-02'
sections:
security_fixes:
- |
**HIGH**: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23760). [Updated: 2023-03-10]
bugs:
- When viewing a list of open sessions for the devices logged into a user account, the GitHub Enterprise Server web UI could display an incorrect location.
- |
In the rare case when primary shards for Elasticsearch were located on a replica node, the `ghe-repl-stop` command would fail with `ERROR: Running migrations`.
known_issues:
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
- Custom firewall rules are removed during the upgrade process.
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
- Actions services need to be restarted after restoring an instance from a backup taken on a different host.
- In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- '{% data reusables.release-notes.repository-inconsistencies-errors %}'
- '{% data reusables.release-notes.babeld-max-threads-performance-issue %}'
- '{% data reusables.release-notes.stuck-discussion-conversion-issue %}'
- '{% data reusables.release-notes.git-push-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.replication-commands-in-maintenance-mode-known-issue %} [Updated: 2023-03-17]'
- '{% data reusables.release-notes.slow-deleted-repos-migration-known-issue %} [Updated: 2023-05-09]'
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

69
data/release-notes/enterprise-server/3-7/8.yml
View File

@@ -1,69 +0,0 @@
date: '2023-03-23'
sections:
security_fixes:
- |
**HIGH**: Addressed an improper authentication vulnerability that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23761](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23761). [Updated: 2023-04-07]
- |
**MEDIUM**: Addressed an incorrect comparison vulnerability that allowed commit smuggling by displaying an incorrect diff. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23762). [Updated: 2023-04-07]
bugs:
- |
On an instance with GitHub Actions enabled, nested calls to reusable workflows within a reusable workflow job with a matrix correctly evaluate contexts within expressions, like `strategy: ${% raw %}{{ inputs.strategies }}{% endraw %}`.
- On an instance in a high availability configuration, a `git push` operation could fail if GitHub Enterprise Server was simultaneously creating the repository on a replica node.
- "In the Management Console's monitor dashboard, the `Cached Requests` and `Served Requests` graphs, which are retrieved by the `git fetch catching` command, did not display metrics for the instance."
- After a site administrator exempted the **@github-actions\[bot]** user from rate limiting by using the `ghe-config app.github.rate-limiting-exempt-users "github-actions[bot]"` command, running `ghe-config-check` caused a `Validation is-valid-characterset failed` warning to appear.
- GitHub Actions (`actions`) and Microsoft SQL (`mssql`) did not appear in the list of processes within the instances monitor dashboard.
- "In some cases, graphs on the Management Console's monitor dashboard failed to render."
- On an instance in a high availability configuration, if an administrator tore down replication from a replica node using `ghe-repl-teardown` immediately after running `ghe-repl-setup`, but before `ghe-repl-start`, an error indicated that the script `cannot launch /usr/local/bin/ghe-single-config-apply - run is locked`. `ghe-repl-teardown` now displays an informational alert and continues the teardown.
- After an administrator used the `/setup/api/start` REST API endpoint to upload a license, the configuration run failed with a `Connection refused` error during the migrations phase.
- On an instance in a cluster configuration, when a site administrator set maintenance mode using `ghe-maintenance -s`, a `Permission denied` error appeared when the utility tried to access `/data/user/common/cluster.conf`.
- During configuration of high availability, if a site administrator interrupted the `ghe-repl-start` utility, the utility erroneously reported that replication was configured, and the instance would not perform expected clean-up operations.
- "On instances configured to use the private beta of SCIM for GitHub Enterprise Server, users' authentication with SSH keys and personal access tokens failed due to an erroneous requirement for authorization."
- |
After a user imported a repository with push protection enabled, the repository was not immediately visible in the security overview's "Security Coverage" view.
- Responses from the `/repositories` REST API endpoint erroneously included deleted repositories.
- When a site administrator used `ghe-migrator` to migrate data to GitHub Enterprise Server, in some cases, nested team relationships would not persist after teams were imported.
- If a repository contained a `CODEOWNERS` file with check annotations, pull requests "Files changed" tab returned a `500` error and displayed "Oops, something went wrong" in the "Unchanged files with check annotations" section.
- On an instance with GitHub Actions enabled, if a user manually triggered a workflow using the REST API but did not specify values for optional booleans, the API failed to validate the request and returned a `422` error.
- The CSV reports for all users and all active users, available from the site admin dashboard, did not consider recent access using SSH or personal access tokens.
- In some cases on an instance with multiple nodes, GitHub Enterprise Server erroneously stopped writing to replica fileservers, causing repository data to fall out of sync.
- GitHub Enterprise Server published distribution metrics that cannot be processed by collectd. The metrics included `pre_receive.lfsintegrity.dist.referenced_oids`, `pre_receive.lfsintegrity.dist.unknown_oids`, and `git.hooks.runtime`.
- On an instance with a GitHub Advanced Security license, if code scanning had been used while running GitHub Enterprise Server 3.4 or earlier, a subsequent upgrade from 3.5 to 3.6 or 3.7 could fail when attempting to add a unique index to a database table.
- |
An enterprise owner could not enable two-factor authentication (2FA) for an instance if any enterprise owners had not enabled 2FA for their user accounts. [Updated: 2023-04-17]
- |
On an instance with GitHub Packages enabled, after users pushed to the Container registry, the instance erroneously responded with a `429 Too Many Requests` error in cases when the instance could accommodate the request. The limits have been raised, and users should receive this message less often. [Updated: 2023-05-30]
changes:
- When the dependency submission API received a submission with one or more dependencies without a version, the dependency graph will now correctly report this fact.
- To avoid a failure during a configuration run on a cluster, validation of `cluster.conf` with the `ghe-cluster-config-check` utility ensures that the `consul-datacenter` field for each node matches the top-level `primary-datacenter` field.
- On an instance in a cluster configuration, when a site administrator sets maintenance mode on a single cluster node using `ghe-maintenance -s`, the utility warns the administrator to use `ghe-cluster-maintenance -s` to set maintenance mode on all of the clusters nodes. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode#enabling-or-disabling-maintenance-mode-for-all-nodes-in-a-cluster)."
- When a site administrator configures an outbound web proxy server for GitHub Enterprise Server, the instance now validates top-level domains (TLDs) excluded from the proxy configuration. By default, you can exclude public TLDs that the IANA specifies. Site administrators can specify a list of unregistered TLDs to exclude using `ghe-config`. The `.` prefix is required for any public TLDs. For example, `.example.com` is valid, but `example.com` is invalid. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-an-outbound-web-proxy-server)."
- To avoid intermittent issues with the success of Git operations on an instance with multiple nodes, GitHub Enterprise Server checks the status of the MySQL container before attempting a SQL query. The timeout duration has also been reduced.
- The default path for output from `ghe-saml-mapping-csv -d` is `/data/user/tmp` instead of `/tmp`. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-saml-mapping-csv)."
known_issues:
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- |
On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
- |
Custom firewall rules are removed during the upgrade process.
- |
{% data reusables.release-notes.babeld-max-threads-performance-issue %}
- |
In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- |
{% data reusables.release-notes.repository-inconsistencies-errors %}
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- '{% data reusables.release-notes.slow-deleted-repos-migration-known-issue %} [Updated: 2023-05-09]'
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

44
data/release-notes/enterprise-server/3-7/9.yml
View File

@@ -1,44 +0,0 @@
date: '2023-04-18'
sections:
security_fixes:
- |
**MEDIUM**: An attacker with write access to a repository could craft a pull request that would hide commits made in its source branch. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23764](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23764). [Updated: 2023-07-26]
bugs:
- |
On an instance with GitHub Actions enabled, nested calls to reusable workflows within a reusable workflow job with a matrix correctly evaluate contexts within expressions, like `strategy: {% raw %}${{ inputs.strategies }}{% endraw %}`.
- Download requests for Git LFS objects did not complete until reporting the final download size, which affected the latency of these requests, particularly on an instance with nodes functioning as repository caches.
- For instances with both GitHub Connect and automatic access to GitHub.com actions enabled, Dependabot would fail to update actions hosted on GitHub.com.
- In some cases on an instance with a GitHub Advanced Security license, users could not load the security analysis page and saw a `500` error.
- On an instance with GitHub Connect enabled, if "Users can search GitHub.com" was enabled, issues in private and internal repositories were not included in users search results for GitHub.com.
- After restoration of a deleted organization, the organization did not appear in the instance's list of organizations.
- |
Collectd logs could grow rapidly in size due to the inclusion of `kredz.*` metrics, which can't be parsed by StatsD and resulted in error messages.
- |
Dropped `launch.*` metrics that can't be parsed by statsd, as the resulting statsd errors caused collectd logs to grow rapidly in size.
changes:
- If a site administrator provides an invalid configuration for blob storage for GitHub Actions or GitHub Packages on an instance, the preflight checks page displays details and troubleshooting information.
known_issues:
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %} [Updated: 2023-07-31]
- |
Custom firewall rules are removed during the upgrade process.
- |
{% data reusables.release-notes.babeld-max-threads-performance-issue %}
- |
In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- |
{% data reusables.release-notes.repository-inconsistencies-errors %}
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- '{% data reusables.release-notes.slow-deleted-repos-migration-known-issue %} [Updated: 2023-05-09]'
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
- |
{% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]

2
data/reusables/actions/reusable-workflow-calling-syntax.md
View File

@@ -1,4 +1,4 @@
- `{owner}/{repo}/.github/workflows/{filename}@{ref}` for reusable workflows in {% ifversion fpt %}public and private{% elsif ghec or ghes > 3.7 or ghae > 3.7 %}public, internal and private{% else %}public and internal{% endif %} repositories.
- `{owner}/{repo}/.github/workflows/{filename}@{ref}` for reusable workflows in {% ifversion fpt %}public and private{% elsif ghec or ghes or ghae > 3.7 %}public, internal and private{% else %}public and internal{% endif %} repositories.
- `./.github/workflows/{filename}` for reusable workflows in the same repository.
In the first option, `{ref}` can be a SHA, a release tag, or a branch name. If a release tag and a branch have the same name, the release tag takes precedence over the branch name. Using the commit SHA is the safest option for stability and security. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#reusing-third-party-workflows)."

2
data/reusables/code-scanning/beta-ruby-support.md
View File

@@ -1,4 +1,4 @@
{% ifversion ghes < 3.8 or ghae < 3.8 %}
{% ifversion ghae < 3.8 %}
{% note %}
**Note**: {% data variables.product.prodname_codeql %} analysis for Ruby is currently in beta. During the beta, analysis of Ruby will be less comprehensive than {% data variables.product.prodname_codeql %} analysis of other languages.

2
data/reusables/code-scanning/codeql-languages-bullets.md
View File

@@ -12,7 +12,7 @@
**Notes**:
{% ifversion ghes < 3.8 or ghae < 3.8 %}
{% ifversion ghae < 3.8 %}
- {% data variables.product.prodname_codeql %} analysis for Ruby is currently in beta. During the beta, analysis of Ruby will be less comprehensive than {% data variables.product.prodname_codeql %} analysis of other languages.{% endif %}{% ifversion codeql-swift-beta %}
- {% data variables.product.prodname_codeql %} analysis for Swift is currently in beta. During the beta, analysis of Swift will be less comprehensive than {% data variables.product.prodname_codeql %} analysis of other languages. Additionally, Swift 5.8 is not yet supported.{% endif %}
{% ifversion codeql-kotlin-beta %}

2
data/reusables/enterprise/azure-maps-auth-deprecation-link.md
View File

@@ -1 +1 @@
For more information, see the "[Deprecations](/admin/release-notes#{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.7 %}19{% elsif ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %}-deprecations)" section in the release notes.
For more information, see the "[Deprecations](/admin/release-notes#{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %}-deprecations)" section in the release notes.

9
data/reusables/enterprise/bundle-utility-period-argument-availability-note.md
View File

@@ -1,9 +0,0 @@
{% ifversion ghes < 3.8 %}
{% note %}
**Note**: To use the `--p` / `--period` argument that appears in the following commands, your instance must be running the latest patch release. For more information, see [AUTOTITLE](/admin/release-notes).
{% endnote %}
{% endif %}

2
data/reusables/enterprise_backup_utilities/enterprise-backup-utils-encryption-keys.md
View File

@@ -1 +1 @@
After restoration of a backup created using {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.7 %}3.7.0{% elsif ghes = 3.8 %}3.7.0 or 3.8.0{% elsif ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %}, users may not be able to sign into the instance. To fix this issue, plus a bug that was preventing secret scanning encryption keys from being backed up, upgrade your backup host to use {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.7 %}3.7.1{% elsif ghes = 3.8 %}3.8.1{% elsif ghes = 3.9 %}3.9.1{% endif %} and generate a new full backup using `ghe-backup`. For more information about using an existing backup, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/known-issues-with-backups-for-your-instance#users-cannot-sign-in-after-restoration-of-a-backup)."
After restoration of a backup created using {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.7.0 or 3.8.0{% elsif ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %}, users may not be able to sign into the instance. To fix this issue, plus a bug that was preventing secret scanning encryption keys from being backed up, upgrade your backup host to use {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.8.1{% elsif ghes = 3.9 %}3.9.1{% endif %} and generate a new full backup using `ghe-backup`. For more information about using an existing backup, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/known-issues-with-backups-for-your-instance#users-cannot-sign-in-after-restoration-of-a-backup)."

4
data/reusables/enterprise_site_admin_settings/3-7-new-subdomains.md
View File

@@ -1,8 +1,8 @@
{% ifversion ghes = 3.7 or ghes = 3.8 %}
{% ifversion ghes = 3.8 %}
{% note %}
{%- ifversion ghes = 3.7 or ghes = 3.8 %}
{%- ifversion ghes = 3.8 %}
**Note**: The `http(s)://notebooks.HOSTNAME` or `http(s)://viewscreen.HOSTNAME` subdomains are new in {% data variables.product.product_name %} 3.7 and later, and replace `http(s)://render.HOSTNAME`. After you upgrade to 3.7 or later, your TLS certificate must cover the subdomain for the replacement services, `http(s)://notebooks.HOSTNAME` and `http(s)://viewscreen.HOSTNAME`.

2
data/reusables/enterprise_site_admin_settings/management-console-access.md
View File

@@ -2,4 +2,4 @@
{% data reusables.enterprise_site_admin_settings.management-console-overview %} For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/about-the-management-console)."
You can access the {% data variables.enterprise.management_console %}{% ifversion enterprise-management-console-multi-user-auth %} as the root site administrator or a {% data variables.enterprise.management_console %} user{% elsif ghes < 3.8 %} using the {% data variables.enterprise.management_console %} password{% endif %}. An administrator created the {% ifversion enterprise-management-console-multi-user-auth %}root site administrator {% endif %}password during the initial setup process for {% data variables.location.product_location %}.
You can access the {% data variables.enterprise.management_console %}{% ifversion enterprise-management-console-multi-user-auth %} as the root site administrator or a {% data variables.enterprise.management_console %} user{% endif %}. An administrator created the {% ifversion enterprise-management-console-multi-user-auth %}root site administrator {% endif %}password during the initial setup process for {% data variables.location.product_location %}.

2
data/reusables/notifications/vulnerable-dependency-notification-options.md
View File

@@ -1,7 +1,7 @@
{% ifversion fpt or ghec %}By default, you will receive notifications:{% endif %}{% ifversion ghes or ghae %}By default, if your enterprise owner has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}:{% endif %}
- in your inbox, as web notifications. A web notification is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**On {% data variables.product.prodname_dotcom %}** option).
- by email, an email is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**Email** option).{% ifversion ghes < 3.8 or ghae < 3.8 %}
- by email, an email is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**Email** option).{% ifversion ghae < 3.8 %}
- in the user interface, a warning is shown in your repository's file and code views if there are any insecure dependencies (**UI alerts** option).{% endif %}
- on the command line, warnings are displayed as callbacks when you push to repositories with any insecure dependencies (**CLI** option).
{% ifversion not ghae %}

9
data/reusables/projects/graphql-ghes.md
View File

@@ -1,9 +0,0 @@
{% ifversion ghes = 3.7 %}
{% note %}
**Note:** The ProjectsV2 GraphQL API may not be available on {% data variables.location.product_location %}.
{% endnote %}
{% endif %}

6
data/reusables/release-notes/2024-01-haproxy-upgrade-causing-increased-errors.md
View File

@@ -4,14 +4,12 @@ is upgraded as part of a hotpatch upgrade to a {% data variables.product.prodnam
These elevated error rates should resolve within 5 minutes of the hotpatch being applied.
Please note, when performing a hotpatch upgrade to
{% ifversion ghes = 3.7 %} {% data variables.product.prodname_ghe_server %} version 3.7.19 or higher
{% elsif ghes = 3.8 %} {% data variables.product.prodname_ghe_server %} version 3.8.12 or higher
{% ifversion ghes = 3.8 %} {% data variables.product.prodname_ghe_server %} version 3.8.12 or higher
{% elsif ghes = 3.9 %} {% data variables.product.prodname_ghe_server %} version 3.9.7 or higher
{% elsif ghes = 3.10 %} {% data variables.product.prodname_ghe_server %} version 3.10.4 or higher
{% elsif ghes = 3.11 %} {% data variables.product.prodname_ghe_server %} version 3.11.1 or higher
{% endif %} you will encounter this known issue only if you are hotpatching from
{% ifversion ghes = 3.7 %} {% data variables.product.prodname_ghe_server %} version 3.7.18 or lower
{% elsif ghes = 3.8 %} {% data variables.product.prodname_ghe_server %} version 3.8.11 or lower
{% ifversion ghes = 3.8 %} {% data variables.product.prodname_ghe_server %} version 3.8.11 or lower
{% elsif ghes = 3.9 %} {% data variables.product.prodname_ghe_server %} version 3.9.6 or lower
{% elsif ghes = 3.10 %} {% data variables.product.prodname_ghe_server %} version 3.10.3 or lower
{% elsif ghes = 3.11 %} {% data variables.product.prodname_ghe_server %} version 3.11.0{% endif %}.

2
data/reusables/release-notes/enterprise-backup-utils-encryption-keys.md
View File

@@ -1 +1 @@
After restoration of a backup created using {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.7 %}3.7.0{% elsif ghes = 3.8 %}3.7.0 or 3.8.0{% elsif ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %}, users may not be able to sign into the instance. To fix this issue, plus a bug that was preventing secret scanning encryption keys from being backed up, upgrade your backup host to use {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.7 %}3.7.1{% elsif ghes = 3.8 %}3.8.1{% elsif ghes = 3.9 %}3.9.1{% endif %} and generate a new full backup using `ghe-backup`. For more information on using an existing backup, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/known-issues-with-backups-for-your-instance#users-cannot-sign-in-after-restoration-of-a-backup)."
After restoration of a backup created using {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.7.0 or 3.8.0{% elsif ghes = 3.9 %}3.7.0, 3.8.0, or 3.9.0{% endif %}, users may not be able to sign into the instance. To fix this issue, plus a bug that was preventing secret scanning encryption keys from being backed up, upgrade your backup host to use {% data variables.product.prodname_enterprise_backup_utilities %} {% ifversion ghes = 3.8 %}3.8.1{% elsif ghes = 3.9 %}3.9.1{% endif %} and generate a new full backup using `ghe-backup`. For more information on using an existing backup, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/known-issues-with-backups-for-your-instance#users-cannot-sign-in-after-restoration-of-a-backup)."

2
data/reusables/secret-scanning/enterprise-enable-secret-scanning.md
View File

@@ -4,7 +4,7 @@
**Note:** Your site administrator must enable {% data variables.product.prodname_secret_scanning %} for {% data variables.location.product_location %} before you can use this feature. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance)."
You may not be able to enable or disable {% data variables.product.prodname_secret_scanning %}, if an enterprise owner has set a {% ifversion ghes < 3.8 %}{% data variables.product.prodname_GH_advanced_security %} (GHAS){% endif %} policy at the enterprise level. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)."
You may not be able to enable or disable {% data variables.product.prodname_secret_scanning %}, if an enterprise owner has set a policy at the enterprise level. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)."
{% endnote %}

2
data/reusables/ssh/key-type-support.md
View File

@@ -9,7 +9,7 @@ RSA keys (`ssh-rsa`) with a `valid_after` before November 2, 2021 may continue t
{% endnote %}
{% elsif ghes = 3.7 or ghes = 3.8 %}
{% elsif ghes = 3.8 %}
{% note %}

8
data/variables/product.yml
View File

@@ -94,13 +94,13 @@ codeql_cli_ghes_recommended_version: >-
# Projects v2
prodname_projects_v2: '{% ifversion ghes = 3.8 or ghes = 3.9 %}Projects (beta){% else %}Projects{% endif %}'
prodname_projects_v1: >-
{% ifversion ghes < 3.8 or ghae %}project boards{% else %}projects (classic){% endif %}
{% ifversion ghae %}project boards{% else %}projects (classic){% endif %}
prodname_projects_v1_caps: >-
{% ifversion ghes < 3.8 or ghae %}Project boards{% else %}Projects (classic){% endif %}
{% ifversion ghae %}Project boards{% else %}Projects (classic){% endif %}
prodname_project_v1: >-
{% ifversion ghes < 3.8 or ghae %}project board{% else %}project (classic){% endif %}
{% ifversion ghae %}project board{% else %}project (classic){% endif %}
prodname_project_v1_caps: >-
{% ifversion ghes < 3.8 or ghae %}Project board{% else %}Project (classic){% endif %}
{% ifversion ghae %}Project board{% else %}Project (classic){% endif %}
# Personal access tokens
pat_generic: 'personal access token'

8
data/variables/projects.yml
View File

@@ -4,13 +4,13 @@ project_v2: 'project'
project_v2_caps: 'Project'
projects_v1_board: >-
{% ifversion ghes < 3.8 or ghae %}project board{% else %}classic project{% endif %}
{% ifversion ghae %}project board{% else %}classic project{% endif %}
projects_v1_board_caps: >-
{% ifversion ghes < 3.8 or ghae %}Project board{% else %}Classic project{% endif %}
{% ifversion ghae %}Project board{% else %}Classic project{% endif %}
projects_v1_boards: >-
{% ifversion ghes < 3.8 or ghae %}project boards{% else %}classic projects{% endif %}
{% ifversion ghae %}project boards{% else %}classic projects{% endif %}
projects_v1_boards_caps: >-
{% ifversion ghes < 3.8 or ghae %}Project boards{% else %}Classic projects{% endif %}
{% ifversion ghae %}Project boards{% else %}Classic projects{% endif %}
command-palette-shortcut: '<kbd>Command</kbd>+<kbd>K</kbd> (Mac) or <kbd>Ctrl</kbd>+<kbd>K</kbd> (Windows/Linux)'

5978
src/github-apps/data/ghes-3.7/fine-grained-pat-permissions.json
View File

File diff suppressed because it is too large Load Diff

3656
src/github-apps/data/ghes-3.7/fine-grained-pat.json
View File

File diff suppressed because it is too large Load Diff

7278
src/github-apps/data/ghes-3.7/server-to-server-permissions.json
View File

File diff suppressed because it is too large Load Diff

3276
src/github-apps/data/ghes-3.7/server-to-server-rest.json
View File

File diff suppressed because it is too large Load Diff

3680
src/github-apps/data/ghes-3.7/user-to-server-rest.json
View File

File diff suppressed because it is too large Load Diff

129
src/graphql/data/ghes-3.7/previews.json
View File

@@ -1,129 +0,0 @@
[
{
"title": "Access to package version deletion preview",
"description": "This preview adds support for the DeletePackageVersion mutation which enables deletion of private package versions.",
"toggled_by": "package-deletes-preview",
"toggled_on": [
"Mutation.deletePackageVersion"
],
"owning_teams": [
"@github/pe-package-registry"
],
"accept_header": "application/vnd.github.package-deletes-preview+json",
"href": "/graphql/overview/schema-previews#access-to-package-version-deletion-preview"
},
{
"title": "Deployments preview",
"description": "This preview adds support for deployments mutations and new deployments features.",
"toggled_by": "flash-preview",
"toggled_on": [
"DeploymentStatus.environment",
"Mutation.createDeploymentStatus",
"Mutation.createDeployment"
],
"owning_teams": [
"@github/c2c-actions-service"
],
"accept_header": "application/vnd.github.flash-preview+json",
"href": "/graphql/overview/schema-previews#deployments-preview"
},
{
"title": "Merge info preview more detailed information about a pull request's merge state preview",
"description": "This preview adds support for accessing fields that provide more detailed information about a pull request's merge state.",
"toggled_by": "merge-info-preview",
"toggled_on": [
"PullRequest.canBeRebased",
"PullRequest.mergeStateStatus"
],
"owning_teams": [
"@github/pe-pull-requests"
],
"accept_header": "application/vnd.github.merge-info-preview+json",
"href": "/graphql/overview/schema-previews#merge-info-preview-more-detailed-information-about-a-pull-requests-merge-state-preview"
},
{
"title": "Update refs preview update multiple refs in a single operation preview",
"description": "This preview adds support for updating multiple refs in a single operation.",
"toggled_by": "update-refs-preview",
"toggled_on": [
"Mutation.updateRefs",
"GitRefname",
"RefUpdate"
],
"owning_teams": [
"@github/reponauts"
],
"accept_header": "application/vnd.github.update-refs-preview+json",
"href": "/graphql/overview/schema-previews#update-refs-preview-update-multiple-refs-in-a-single-operation-preview"
},
{
"title": "Project event details preview",
"description": "This preview adds project, project card, and project column details to project-related issue events.",
"toggled_by": "starfox-preview",
"toggled_on": [
"AddedToProjectEvent.project",
"AddedToProjectEvent.projectCard",
"AddedToProjectEvent.projectColumnName",
"ConvertedNoteToIssueEvent.project",
"ConvertedNoteToIssueEvent.projectCard",
"ConvertedNoteToIssueEvent.projectColumnName",
"MovedColumnsInProjectEvent.project",
"MovedColumnsInProjectEvent.projectCard",
"MovedColumnsInProjectEvent.projectColumnName",
"MovedColumnsInProjectEvent.previousProjectColumnName",
"RemovedFromProjectEvent.project",
"RemovedFromProjectEvent.projectColumnName"
],
"owning_teams": [
"@github/github-projects"
],
"accept_header": "application/vnd.github.starfox-preview+json",
"href": "/graphql/overview/schema-previews#project-event-details-preview"
},
{
"title": "Labels preview",
"description": "This preview adds support for adding, updating, creating and deleting labels.",
"toggled_by": "bane-preview",
"toggled_on": [
"Mutation.createLabel",
"Mutation.deleteLabel",
"Mutation.updateLabel"
],
"owning_teams": [
"@github/pe-pull-requests"
],
"accept_header": "application/vnd.github.bane-preview+json",
"href": "/graphql/overview/schema-previews#labels-preview"
},
{
"title": "Import project preview",
"description": "This preview adds support for importing projects.",
"toggled_by": "slothette-preview",
"toggled_on": [
"Mutation.importProject"
],
"owning_teams": [
"@github/pe-issues-projects"
],
"accept_header": "application/vnd.github.slothette-preview+json",
"href": "/graphql/overview/schema-previews#import-project-preview"
},
{
"title": "Team review assignments preview",
"description": "This preview adds support for updating the settings for team review assignment.",
"toggled_by": "stone-crop-preview",
"toggled_on": [
"Mutation.updateTeamReviewAssignment",
"TeamReviewAssignmentAlgorithm",
"Team.reviewRequestDelegationEnabled",
"Team.reviewRequestDelegationAlgorithm",
"Team.reviewRequestDelegationMemberCount",
"Team.reviewRequestDelegationNotifyTeam"
],
"owning_teams": [
"@github/pe-pull-requests"
],
"accept_header": "application/vnd.github.stone-crop-preview+json",
"href": "/graphql/overview/schema-previews#team-review-assignments-preview"
}
]

83191
src/graphql/data/ghes-3.7/schema.json
View File

File diff suppressed because it is too large Load Diff

244
src/graphql/data/ghes-3.7/upcoming-changes.json
View File

@@ -1,244 +0,0 @@
{
"2022-10-01": [
{
"location": "UnlockAndResetMergeGroupInput.branch",
"description": "<p><code>branch</code> will be removed.</p>",
"reason": "<p>The current merge group for the repository's default branch, the <code>branch</code> argument is now a no-op</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "jhunschejones"
},
{
"location": "RepositoryVulnerabilityAlert.fixReason",
"description": "<p><code>fixReason</code> will be removed.</p>",
"reason": "<p>The <code>fixReason</code> field is being removed. You can still use <code>fixedAt</code> and <code>dismissReason</code>.</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "jamestran201"
},
{
"location": "RemovePullRequestFromMergeQueueInput.branch",
"description": "<p><code>branch</code> will be removed.</p>",
"reason": "<p>PRs are removed from the merge queue for the base branch, the <code>branch</code> argument is now a no-op</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "jhunschejones"
},
{
"location": "ProjectNextFieldType.TRACKS",
"description": "<p><code>TRACKS</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
"reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "lukewar"
},
{
"location": "ProjectNextFieldType.TITLE",
"description": "<p><code>TITLE</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
"reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "lukewar"
},
{
"location": "ProjectNextFieldType.TEXT",
"description": "<p><code>TEXT</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
"reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "lukewar"
},
{
"location": "ProjectNextFieldType.SINGLE_SELECT",
"description": "<p><code>SINGLE_SELECT</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
"reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "lukewar"
},
{
"location": "ProjectNextFieldType.REVIEWERS",
"description": "<p><code>REVIEWERS</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
"reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "lukewar"
},
{
"location": "ProjectNextFieldType.REPOSITORY",
"description": "<p><code>REPOSITORY</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
"reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "lukewar"
},
{
"location": "ProjectNextFieldType.NUMBER",
"description": "<p><code>NUMBER</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
"reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "lukewar"
},
{
"location": "ProjectNextFieldType.MILESTONE",
"description": "<p><code>MILESTONE</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
"reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "lukewar"
},
{
"location": "ProjectNextFieldType.LINKED_PULL_REQUESTS",
"description": "<p><code>LINKED_PULL_REQUESTS</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
"reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "lukewar"
},
{
"location": "ProjectNextFieldType.LABELS",
"description": "<p><code>LABELS</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
"reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "lukewar"
},
{
"location": "ProjectNextFieldType.ITERATION",
"description": "<p><code>ITERATION</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
"reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "lukewar"
},
{
"location": "ProjectNextFieldType.DATE",
"description": "<p><code>DATE</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
"reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "lukewar"
},
{
"location": "ProjectNextFieldType.ASSIGNEES",
"description": "<p><code>ASSIGNEES</code> will be removed. Follow the ProjectV2 guide at <a href=\"https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/\">https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/</a>, to find a suitable replacement.</p>",
"reason": "<p>The <code>ProjectNext</code> API is deprecated in favour of the more capable <code>ProjectV2</code> API.</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "lukewar"
},
{
"location": "MergeLockedMergeGroupInput.branch",
"description": "<p><code>branch</code> will be removed.</p>",
"reason": "<p>Changes are merged into the repository's default branch, the <code>branch</code> argument is now a no-op</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "jhunschejones"
},
{
"location": "LockMergeQueueInput.branch",
"description": "<p><code>branch</code> will be removed.</p>",
"reason": "<p>The merge queue is locked for the repository's default branch, the <code>branch</code> argument is now a no-op</p>",
"date": "2022-10-01",
"criticality": "breaking",
"owner": "jhunschejones"
}
],
"2022-07-01": [
{
"location": "AddPullRequestToMergeQueueInput.branch",
"description": "<p><code>branch</code> will be removed.</p>",
"reason": "<p>PRs are added to the merge queue for the base branch, the <code>branch</code> argument is now a no-op</p>",
"date": "2022-07-01",
"criticality": "breaking",
"owner": "jhunschejones"
}
],
"2022-04-01": [
{
"location": "Repository.defaultMergeQueue",
"description": "<p><code>defaultMergeQueue</code> will be removed. Use <code>Repository.mergeQueue</code> instead.</p>",
"reason": "<p><code>defaultMergeQueue</code> will be removed.</p>",
"date": "2022-04-01",
"criticality": "breaking",
"owner": "colinshum"
}
],
"2021-10-01": [
{
"location": "ReactionGroup.users",
"description": "<p><code>users</code> will be removed. Use the <code>reactors</code> field instead.</p>",
"reason": "<p>Reactors can now be mannequins, bots, and organizations.</p>",
"date": "2021-10-01",
"criticality": "breaking",
"owner": "synthead"
}
],
"2021-06-21": [
{
"location": "PackageType.DOCKER",
"description": "<p><code>DOCKER</code> will be removed.</p>",
"reason": "<p>DOCKER will be removed from this enum as this type will be migrated to only be used by the Packages REST API.</p>",
"date": "2021-06-21",
"criticality": "breaking",
"owner": "reybard"
}
],
"2021-01-01": [
{
"location": "MergeStateStatus.DRAFT",
"description": "<p><code>DRAFT</code> will be removed. Use PullRequest.isDraft instead.</p>",
"reason": "<p>DRAFT state will be removed from this enum and <code>isDraft</code> should be used instead</p>",
"date": "2021-01-01",
"criticality": "breaking",
"owner": "nplasterer"
}
],
"2020-10-01": [
{
"location": "PullRequest.timeline",
"description": "<p><code>timeline</code> will be removed. Use PullRequest.timelineItems instead.</p>",
"reason": "<p><code>timeline</code> will be removed</p>",
"date": "2020-10-01",
"criticality": "breaking",
"owner": "mikesea"
},
{
"location": "Issue.timeline",
"description": "<p><code>timeline</code> will be removed. Use Issue.timelineItems instead.</p>",
"reason": "<p><code>timeline</code> will be removed</p>",
"date": "2020-10-01",
"criticality": "breaking",
"owner": "mikesea"
}
],
"2020-01-01": [
{
"location": "UnassignedEvent.user",
"description": "<p><code>user</code> will be removed. Use the <code>assignee</code> field instead.</p>",
"reason": "<p>Assignees can now be mannequins.</p>",
"date": "2020-01-01",
"criticality": "breaking",
"owner": "tambling"
},
{
"location": "AssignedEvent.user",
"description": "<p><code>user</code> will be removed. Use the <code>assignee</code> field instead.</p>",
"reason": "<p>Assignees can now be mannequins.</p>",
"date": "2020-01-01",
"criticality": "breaking",
"owner": "tambling"
}
],
"2019-04-01": [
{
"location": "LegacyMigration.uploadUrlTemplate",
"description": "<p><code>uploadUrlTemplate</code> will be removed. Use <code>uploadUrl</code> instead.</p>",
"reason": "<p><code>uploadUrlTemplate</code> is being removed because it is not a standard URL and adds an extra user step.</p>",
"date": "2019-04-01",
"criticality": "breaking",
"owner": "tambling"
}
]
}

483291
src/rest/data/ghes-3.7/schema.json
View File

File diff suppressed because one or more lines are too long

193841
src/webhooks/data/ghes-3.7/schema.json
View File

File diff suppressed because it is too large Load Diff