jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 09:57:42 -05:00
Code Issues Projects Releases Wiki Activity

[Remove Quotes] removed quotes from yml files (#53655)

Browse Source 
Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
This commit is contained in:
Ashish Keshan
2024-12-16 18:39:34 -05:00
committed by GitHub
parent 9648a5eef3
commit cdc91ff623
73 changed files with 493 additions and 493 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/comment-release-note-info.yml vendored
View File

@@ -30,4 +30,4 @@ jobs:
- If the change is urgent, post in `#docs-content-enterprise` on Slack.
- Review the [style guide for release notes](https://docs.github.com/en/contributing/style-guide-and-content-model/style-guide#release-notes).
- If you're updating or adding a note, add a datestamp in the format `[Updated: YYYY-MM-DD]`.
- If you're removing a note, add an "[Errata](https://docs.github.com/en/contributing/style-guide-and-content-model/style-guide#errata)" section with details of the change.
- If you're removing a note, add an [Errata](https://docs.github.com/en/contributing/style-guide-and-content-model/style-guide#errata) section with details of the change.

20
data/glossaries/external.yml
View File

@@ -79,7 +79,7 @@
description: A movable square within a project board associated with an issue or pull request.
- term: check
description: >-
A check is a type of status check on {% data variables.product.product_name %}. See "[Status checks](#status-checks)."
A check is a type of status check on {% data variables.product.product_name %}. See [Status checks](#status-checks).
- term: checkout
description: >-
You can use `git checkout` on the command line to create a new branch, change your current working branch to a different branch, or even to switch to a different version of a file from a different branch with `git checkout [branchname] [path to file]`. The "checkout" action updates all or part of the working tree with a tree object or
@@ -95,7 +95,7 @@
- term: clean
description: >-
A working tree is clean if it corresponds to the revision referenced by the
current HEAD. Also see "[dirty](#dirty)."
current HEAD. Also see [dirty](#dirty).
- term: clone
description: >-
A clone is a copy of a repository that lives on your computer instead of on
@@ -156,8 +156,8 @@
- term: contributions
description: >-
Specific activities on GitHub that will:
- Add a square to a user's contribution graph: "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile#what-counts-as-a-contribution)"
- Add activities to a user's timeline on their profile: "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile#contribution-activity)"
- Add a square to a user's contribution graph: [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile#what-counts-as-a-contribution)
- Add activities to a user's timeline on their profile: [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile#contribution-activity)
- term: contributor
description: >-
A contributor is someone who does not have collaborator access to a repository but has contributed to a project and had a pull request they opened merged into the repository.
@@ -173,7 +173,7 @@
description: Used in command lines or scripts to transfer data.
- term: dashboard
description: >-
Your personal dashboard is the main hub of your activity on GitHub. From your personal dashboard, you can keep track of issues and pull requests you're following or working on, navigate to your top repositories and team pages, and learn about recent activity in repositories you're watching or participating in. You can also discover new repositories, which are recommended based on users you're following and repositories you have starred. To only view activity for a specific organization, visit your organization's dashboard. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/about-your-personal-dashboard)" or "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/about-your-organization-dashboard)."
Your personal dashboard is the main hub of your activity on GitHub. From your personal dashboard, you can keep track of issues and pull requests you're following or working on, navigate to your top repositories and team pages, and learn about recent activity in repositories you're watching or participating in. You can also discover new repositories, which are recommended based on users you're following and repositories you have starred. To only view activity for a specific organization, visit your organization's dashboard. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/about-your-personal-dashboard) or [AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/about-your-organization-dashboard).
- term: default branch
description: >-
The base branch for new pull requests and code commits in a repository. Each repository has at least one branch, which Git creates when you initialize the repository. The first branch is usually called `main`, and is often the default branch.
@@ -337,7 +337,7 @@
that they configure and control.
- term: integration
description: >-
A third-party application that integrates with GitHub. These are often {% data variables.product.prodname_github_apps %}, {% data variables.product.prodname_actions %}, or custom actions. For more information, see "[AUTOTITLE](/get-started/exploring-integrations/about-building-integrations)."
A third-party application that integrates with GitHub. These are often {% data variables.product.prodname_github_apps %}, {% data variables.product.prodname_actions %}, or custom actions. For more information, see [AUTOTITLE](/get-started/exploring-integrations/about-building-integrations).
- term: issue
description: >-
Issues are suggested improvements, tasks or questions related to the
@@ -553,7 +553,7 @@
Pull refers to when you are fetching in changes and merging them. For
instance, if someone has edited the remote file you're both working on,
you'll want to pull in those changes to your local copy so that it's up to
date. See also "[fetch](#fetch)."
date. See also [fetch](#fetch).
- term: pull access
description: A synonym for read access.
- term: pull request
@@ -673,7 +673,7 @@
days.
- term: server-to-server request
description: >-
An API request used by an application that acts as a bot, independently of any particular user. For example, an application that runs on a scheduled basis and closes issues where there has been no activity for a long time. Applications that use this type of authentication don't use a licensed GitHub account so, in an enterprise with a billing plan that allows a certain number of licenses to be used, a server-to-server bot is not consuming one of your GitHub licenses. The token used in a server-to-server request is acquired programmatically, via the GitHub API. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)." See also, "[user-to-server request](#user-to-server-request)."
An API request used by an application that acts as a bot, independently of any particular user. For example, an application that runs on a scheduled basis and closes issues where there has been no activity for a long time. Applications that use this type of authentication don't use a licensed GitHub account so, in an enterprise with a billing plan that allows a certain number of licenses to be used, a server-to-server bot is not consuming one of your GitHub licenses. The token used in a server-to-server request is acquired programmatically, via the GitHub API. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation). See also, [user-to-server request](#user-to-server-request).
- term: service hook
description: >-
Also called "webhook." Webhooks provide a way for notifications to be
@@ -700,7 +700,7 @@
conditions set for the repository you're contributing to.
- term: status checks
description: >-
Status checks are external processes, such as continuous integration builds, which run for each commit you make in a repository. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks)."
Status checks are external processes, such as continuous integration builds, which run for each commit you make in a repository. For more information, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks).
- term: star
description: >-
A bookmark or display of appreciation for a repository. Stars are a manual
@@ -762,7 +762,7 @@
description: A user's handle on GitHub.
- term: user-to-server request
description: >-
An API request used by an application that performs a task on behalf of a particular user. Where a task is carried out with user-to-server authentication it's shown on GitHub as having been done by a user via an application. For example, you might choose to create an issue from within a third-party application, and the application would do this on your behalf on GitHub. The scope of tasks an application can perform using a user-to-server request is restricted by both the app's and the user's permissions and access. The token used in a user-to-server request is acquired via OAuth. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user)." See also, "[server-to-server request](#server-to-server-request)."
An API request used by an application that performs a task on behalf of a particular user. Where a task is carried out with user-to-server authentication it's shown on GitHub as having been done by a user via an application. For example, you might choose to create an issue from within a third-party application, and the application would do this on your behalf on GitHub. The scope of tasks an application can perform using a user-to-server request is restricted by both the app's and the user's permissions and access. The token used in a user-to-server request is acquired via OAuth. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user). See also, [server-to-server request](#server-to-server-request).
- term: visible team
description: A team that can be viewed and @mentioned by every organization member.
- term: watch

2
data/release-notes/PLACEHOLDER-TEMPLATE.yml
View File

@@ -8,7 +8,7 @@ intro: |
>
> If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch.
For upgrade instructions, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)."
For upgrade instructions, see [AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process).
sections:
# Remove section heading if the section contains no notes.

74
data/release-notes/enterprise-server/3-10/0-rc1.yml
View File

@@ -8,7 +8,7 @@ intro: |
{% endnote %}
For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server).
sections:
# Remove section heading if the section contains no notes.
@@ -20,38 +20,38 @@ sections:
notes:
# https://github.com/github/releases/issues/3360
- |
To monitor the status of migrations in more detail, users with administrative SSH access to an instance can use the `ghe-migrations` utility to see the progress of individual migration groups. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations)."
To monitor the status of migrations in more detail, users with administrative SSH access to an instance can use the `ghe-migrations` utility to see the progress of individual migration groups. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations).
# https://github.com/github/releases/issues/3359
- |
Site administrators can set a custom message for their users to see during a maintenance window. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)."
Site administrators can set a custom message for their users to see during a maintenance window. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode).
# https://github.com/github/releases/issues/3378
- |
Site administrators can use the Manage GitHub Enterprise Server API to view and manage the maintenance status of an instance, including setting an IP exception list and modifying the message displayed to users during a maintenance window. For more information, see "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)" in the REST API documentation.
Site administrators can use the Manage GitHub Enterprise Server API to view and manage the maintenance status of an instance, including setting an IP exception list and modifying the message displayed to users during a maintenance window. For more information, see [AUTOTITLE](/rest/enterprise-admin/manage-ghes) in the REST API documentation.
- heading: Authentication
notes:
# https://github.com/github/releases/issues/2998
- |
To help users access resources more securely, {% data variables.product.pat_v2_plural %} are available in public beta. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#about-personal-access-tokens)."
To help users access resources more securely, {% data variables.product.pat_v2_plural %} are available in public beta. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#about-personal-access-tokens).
- Users can create {% data variables.product.pat_v2_plural %} with access to their personal repositories or, if permitted, organization-owned repositories.
- Organization and enterprise owners can enable or disable the use of {% data variables.product.pat_v2_plural %} in organization-owned repositories, and can use the REST API or GraphQL API to manage tokens in their organizations.
- Users creating {% data variables.product.pat_v2_plural %} for an organization can add the `pre-receive hooks` permission to allow managing pre-receive hooks. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance)."
- Users creating {% data variables.product.pat_v2_plural %} for an organization can add the `pre-receive hooks` permission to allow managing pre-receive hooks. For more information, see [AUTOTITLE](/admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance).
- heading: GitHub Advanced Security
notes:
# https://github.com/github/releases/issues/2798
- |
To find vulnerabilities in specific parts of a project, users with write access to a repository can filter code scanning alerts by language or by file path by using the search queries `language:` and `path:`. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository)."
To find vulnerabilities in specific parts of a project, users with write access to a repository can filter code scanning alerts by language or by file path by using the search queries `language:` and `path:`. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository).
# https://github.com/github/releases/issues/2844
- |
To help repository administrators and security managers quickly enable automatic code scanning without needing to configure a workflow, default setup for code scanning supports compiled languages including Go, Java, and C. Default setup is now available for all languages supported by CodeQL, except Swift. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages)" and [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation.
To help repository administrators and security managers quickly enable automatic code scanning without needing to configure a workflow, default setup for code scanning supports compiled languages including Go, Java, and C. Default setup is now available for all languages supported by CodeQL, except Swift. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages) and [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation.
# https://github.com/github/releases/issues/2843
- |
Repository administrators and security managers can choose which languages to include or exclude in default setup for code scanning. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning)."
Repository administrators and security managers can choose which languages to include or exclude in default setup for code scanning. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning).
# https://github.com/github/releases/issues/2928
- |
@@ -61,25 +61,25 @@ sections:
# https://github.com/github/releases/issues/3315
- |
To help users find vulnerabilities in projects for Swift libraries and Apple apps,
the release of CodeQL included with GitHub Enterprise Server 3.10 includes support for Swift, up to version 5.8.1, and Xcode, up to version 14.3.1. Support for Swift is in beta and subject to change. Swift analysis is not supported in default setup for code scanning, and requires the advanced setup. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning)."
the release of CodeQL included with GitHub Enterprise Server 3.10 includes support for Swift, up to version 5.8.1, and Xcode, up to version 14.3.1. Support for Swift is in beta and subject to change. Swift analysis is not supported in default setup for code scanning, and requires the advanced setup. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning).
# https://github.com/github/releases/issues/2869
- |
To help identify steps to remediate leaked secrets, repository administrators and security managers can view metadata such as the secret owner, expiration date, and access rights for any active GitHub token leaked in a repository. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#reviewing-github-token-metadata)."
To help identify steps to remediate leaked secrets, repository administrators and security managers can view metadata such as the secret owner, expiration date, and access rights for any active GitHub token leaked in a repository. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#reviewing-github-token-metadata).
# https://github.com/github/blog/pull/4506/files
- |
Repository administrators, security managers, and organization and enterprise owners can view metrics for alerts generated by a specific custom pattern for secret scanning. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
Repository administrators, security managers, and organization and enterprise owners can view metrics for alerts generated by a specific custom pattern for secret scanning. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning).
- heading: Dependabot
notes:
# https://github.com/github/releases/issues/3099
- |
Dependabot can automatically update the version of Node.js dependencies managed in the pnpm package manager. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)."
Dependabot can automatically update the version of Node.js dependencies managed in the pnpm package manager. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems).
# https://github.com/github/releases/issues/3142
- |
To avoid unnecessary compute cost, Dependabot updates are automatically paused in repositories where there has been no activity on pull requests created by Dependabot for 90 days. For more information about the criteria for Dependabot updates being paused, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)."
To avoid unnecessary compute cost, Dependabot updates are automatically paused in repositories where there has been no activity on pull requests created by Dependabot for 90 days. For more information about the criteria for Dependabot updates being paused, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates) and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates).
# https://github.com/github/releases/issues/3070
- |
@@ -90,49 +90,49 @@ sections:
# https://github.com/github/releases/issues/2303
- |
In the [GitHub Advisory Database](https://github.com/advisories), users can search for any historical vulnerability recognized by the National Vulnerability Database. The "Unreviewed advisories" category has been backfilled to include vulnerabilities from previous years. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)."
In the [GitHub Advisory Database](https://github.com/advisories), users can search for any historical vulnerability recognized by the National Vulnerability Database. The "Unreviewed advisories" category has been backfilled to include vulnerabilities from previous years. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database).
# https://github.com/github/releases/issues/2295
- |
In the [GitHub Advisory Database](https://github.com/advisories), users can search for malware advisories by using the query `type:malware`. Dependabot does not send alerts for malware advisories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)."
In the [GitHub Advisory Database](https://github.com/advisories), users can search for malware advisories by using the query `type:malware`. Dependabot does not send alerts for malware advisories. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database).
# https://github.com/github/releases/issues/2042
- |
In the [GitHub Advisory Database](https://github.com/advisories), users can search for advisories for the Hex package manager, including Elixir, Erlang, and more. Dependabot does not send alerts for Hex advisories. For more information, see "[Browsing security advisories in the GitHub Advisory Database](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)."
In the [GitHub Advisory Database](https://github.com/advisories), users can search for advisories for the Hex package manager, including Elixir, Erlang, and more. Dependabot does not send alerts for Hex advisories. For more information, see [Browsing security advisories in the GitHub Advisory Database](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database).
# https://github.com/github/releases/issues/2890
- |
Organization owners, security managers, and users with admin access to a repository can quickly enable or disable security features for a filtered selection of repositories from the "Security coverage" view in an organization's security overview. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."
Organization owners, security managers, and users with admin access to a repository can quickly enable or disable security features for a filtered selection of repositories from the "Security coverage" view in an organization's security overview. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories).
# https://github.com/github/releases/issues/3162
- |
Enterprise owners, organization owners, and security managers can quickly assess adoption of security features and exposure to security vulnerabilities across their enterprise. The enterprise-level "Security coverage" and "Security risk" views in security overview display data for repositories in each organization where the viewer is an organization owner or security manager. These views replace the "Overview" page in the "Code Security" tab for an enterprise. The `risk` metric for filtering the "Overview" page is no longer available. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-enterprises)."
Enterprise owners, organization owners, and security managers can quickly assess adoption of security features and exposure to security vulnerabilities across their enterprise. The enterprise-level "Security coverage" and "Security risk" views in security overview display data for repositories in each organization where the viewer is an organization owner or security manager. These views replace the "Overview" page in the "Code Security" tab for an enterprise. The `risk` metric for filtering the "Overview" page is no longer available. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-enterprises).
# https://github.com/github/releases/issues/3112
- |
Users can find curated security advisories for the Swift ecosystem in the GitHub Advisory Database. For more information, see "[AUTOTITLE](/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database)." [Updated: 2023-08-24]
Users can find curated security advisories for the Swift ecosystem in the GitHub Advisory Database. For more information, see [AUTOTITLE](/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database). [Updated: 2023-08-24]
- heading: GitHub Actions
notes:
# https://github.com/github/releases/issues/3136
- |
Organization owners can increase instance security by preventing members from creating self-hosted runners at the repository level. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization)."
Organization owners can increase instance security by preventing members from creating self-hosted runners at the repository level. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization).
# https://github.com/github/releases/issues/2901
- |
Users with admin access to a repository can allow external systems and third-party services to approve or reject deployments across organizations, repositories, and environments by enabling custom deployment protection rules. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#custom-deployment-protection-rules)."
Users with admin access to a repository can allow external systems and third-party services to approve or reject deployments across organizations, repositories, and environments by enabling custom deployment protection rules. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#custom-deployment-protection-rules).
# https://github.com/github/releases/issues/3184
- |
The option to execute custom scripts on a self-hosted runner is no longer is beta. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job#about-pre--and-post-job-scripts)."
The option to execute custom scripts on a self-hosted runner is no longer is beta. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job#about-pre--and-post-job-scripts).
# https://github.com/github/releases/issues/3248
- |
To prevent unnecessary transfer of OIDC tokens between workflows, to fetch an OIDC token generated within a reusable workflow that is outside their enterprise or organization, users must set the `id-token` permission to `write` in the workflow or specific job where the reusable workflow is called. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings)."
To prevent unnecessary transfer of OIDC tokens between workflows, to fetch an OIDC token generated within a reusable workflow that is outside their enterprise or organization, users must set the `id-token` permission to `write` in the workflow or specific job where the reusable workflow is called. For more information, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings).
# https://github.com/github/docs-content/issues/9102
- |
Repository administrators, organization owners, and users with the `manage_runners:enterprise` scope for enterprises can use the REST API to create ephemeral, just-in-time (JIT) runners that can perform at most one job before being automatically removed from the repository, organization, or enterprise. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-just-in-time-runners)."
Repository administrators, organization owners, and users with the `manage_runners:enterprise` scope for enterprises can use the REST API to create ephemeral, just-in-time (JIT) runners that can perform at most one job before being automatically removed from the repository, organization, or enterprise. For more information, see [AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-just-in-time-runners).
- heading: Community experience
notes:
@@ -148,29 +148,29 @@ sections:
notes:
# https://github.com/github/releases/issues/3226
- |
To prevent unnecessary repository removal, the API for managing the repositories accessible by a GitHub App in your organization has been updated to fail early if the application is currently granted access to `all` repositories in the organization. This API can only be used to remove a repository when the application has been granted access to an explicit list of repositories. For more information, see "[AUTOTITLE](/rest/apps/installations#remove-a-repository-from-an-app-installation)."
To prevent unnecessary repository removal, the API for managing the repositories accessible by a GitHub App in your organization has been updated to fail early if the application is currently granted access to `all` repositories in the organization. This API can only be used to remove a repository when the application has been granted access to an explicit list of repositories. For more information, see [AUTOTITLE](/rest/apps/installations#remove-a-repository-from-an-app-installation).
# https://github.com/github/releases/issues/2610
- |
Repository administrators can ensure the security and stability of branches by requiring pull request approval by someone other than the last pusher. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging)."
Repository administrators can ensure the security and stability of branches by requiring pull request approval by someone other than the last pusher. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging).
- heading: Projects
notes:
# https://github.com/github/releases/issues/2250
- |
Projects is no longer in public beta, and is now considered generally available. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects)."
Projects is no longer in public beta, and is now considered generally available. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects).
# https://github.com/github/releases/issues/3207
- |
To control the amount of work in progress and promote focus, on a board layout, users with admin access to a project can set a recommended limit on the number of items in a column. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#setting-a-limit-on-the-number-of-items-in-a-column)."
To control the amount of work in progress and promote focus, on a board layout, users with admin access to a project can set a recommended limit on the number of items in a column. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#setting-a-limit-on-the-number-of-items-in-a-column).
# https://github.com/github/releases/issues/3133
- |
To determine the default access rights organization members have to projects where they haven't been granted individual access, organization owners can set a base role for projects. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-access-to-your-projects#managing-access-for-organization-level-projects)."
To determine the default access rights organization members have to projects where they haven't been granted individual access, organization owners can set a base role for projects. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-access-to-your-projects#managing-access-for-organization-level-projects).
# https://github.com/github/releases/issues/2929
- |
To share a pre-configured project with other people in an organization, users with admin access to a project can set the project as a template. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization)."
To share a pre-configured project with other people in an organization, users with admin access to a project can set the project as a template. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization).
# https://github.com/github/releases/issues/3061
- |
@@ -190,7 +190,7 @@ sections:
notes:
# https://github.com/github/releases/issues/3118
- |
Users can include mathematical expressions within Markdown by using LaTeX syntax delimited by `$` characters and backticks. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions#writing-inline-expressions)."
Users can include mathematical expressions within Markdown by using LaTeX syntax delimited by `$` characters and backticks. For more information, see [AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions#writing-inline-expressions).
- heading: Accessibility
notes:
@@ -220,11 +220,11 @@ sections:
# https://github.com/github/releases/issues/3233
- |
The `PUT` and `DELETE` operations on the `/installations/{installation_id}/repositories/{repository_id}` endpoint are no longer functional for the management of GitHub App installations. You can add or remove a repository from an app installation using the documented APIs instead. For more information, see "[AUTOTITLE](/rest/apps/installations)."
The `PUT` and `DELETE` operations on the `/installations/{installation_id}/repositories/{repository_id}` endpoint are no longer functional for the management of GitHub App installations. You can add or remove a repository from an app installation using the documented APIs instead. For more information, see [AUTOTITLE](/rest/apps/installations).
# https://github.com/github/releases/issues/2870
- |
On an instance with a GitHub Advanced Security license, to make it easier to assess vulnerabilities to exposed secrets, enterprise owners and organization owners receive a single email with the results of the historical scan for secrets that is performed when secret scanning is first enabled in an organization or enterprise. Previously, secret scanning sent an email for each repository where secrets were detected. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)."
On an instance with a GitHub Advanced Security license, to make it easier to assess vulnerabilities to exposed secrets, enterprise owners and organization owners receive a single email with the results of the historical scan for secrets that is performed when secret scanning is first enabled in an organization or enterprise. Previously, secret scanning sent an email for each repository where secrets were detected. For more information, see [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users).
# https://github.com/github/releases/issues/2805
- |
@@ -251,7 +251,7 @@ sections:
- |
On an instance with GitHub Connect and unified search enabled, users will receive a `500` error after performing a GitHub.com search then selecting Advanced search. This will be fixed when version 3.10.0 becomes generally available.
- |
After an administrator upgrades from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9 or 3.10, I/O utilization will increase, and in some cases the instance's performance will be impacted. Reduced performance is due to the database server being upgraded from MySQL 5.7 to MySQL 8.0. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance)."
After an administrator upgrades from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9 or 3.10, I/O utilization will increase, and in some cases the instance's performance will be impacted. Reduced performance is due to the database server being upgraded from MySQL 5.7 to MySQL 8.0. For more information, see [AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance).
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
@@ -280,7 +280,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24]
- |
@@ -293,4 +293,4 @@ sections:
- heading: Upcoming deprecation of team discussions
notes:
- |
GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.12. In GitHub Enterprise Server 3.10, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)."
GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.12. In GitHub Enterprise Server 3.10, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see [AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions) and [AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions).

82
data/release-notes/enterprise-server/3-10/0.yml
View File

@@ -2,14 +2,14 @@ date: '2023-08-29'
release_candidate: false
deprecated: false
intro: |
For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server).
{% warning %}
**Warnings**:
- This release contains a known issue that may lead to replication issues on an instance in a high-availability, geo-replication, or repository cache configuration. The issue is resolved in {% data variables.product.prodname_ghe_server %} 3.10.2 and later. For more information, see the "[Known issues](#3.10.0-known-issues)" section of these release notes.
- A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.0-known-issues)" section of these release notes.
- This release contains a known issue that may lead to replication issues on an instance in a high-availability, geo-replication, or repository cache configuration. The issue is resolved in {% data variables.product.prodname_ghe_server %} 3.10.2 and later. For more information, see the [Known issues](#3.10.0-known-issues) section of these release notes.
- A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.0-known-issues) section of these release notes.
{% endwarning %}
sections:
@@ -23,42 +23,42 @@ sections:
notes:
# https://github.com/github/releases/issues/3360
- |
To monitor the status of migrations in more detail, users with administrative SSH access to an instance can use the `ghe-migrations` utility to see the progress of individual migration groups. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations)."
To monitor the status of migrations in more detail, users with administrative SSH access to an instance can use the `ghe-migrations` utility to see the progress of individual migration groups. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations).
# https://github.com/github/releases/issues/3359
- |
Site administrators can set a custom message for their users to see during a maintenance window. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)."
Site administrators can set a custom message for their users to see during a maintenance window. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode).
# https://github.com/github/releases/issues/3378
- |
Site administrators can use the Manage GitHub Enterprise Server API to view and manage the maintenance status of an instance, including setting an IP exception list and modifying the message displayed to users during a maintenance window. For more information, see "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)" in the REST API documentation.
Site administrators can use the Manage GitHub Enterprise Server API to view and manage the maintenance status of an instance, including setting an IP exception list and modifying the message displayed to users during a maintenance window. For more information, see [AUTOTITLE](/rest/enterprise-admin/manage-ghes) in the REST API documentation.
# https://github.com/github/releases/issues/3251
- |
Site administrators can use the Manage GitHub Enterprise Server API to change the `site admin` password and to make changes to [management console users](/enterprise-server@3.10/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#management-console-user). For more information, see "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)" in the REST API documentation.
Site administrators can use the Manage GitHub Enterprise Server API to change the `site admin` password and to make changes to [management console users](/enterprise-server@3.10/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#management-console-user). For more information, see [AUTOTITLE](/rest/enterprise-admin/manage-ghes) in the REST API documentation.
- heading: Authentication
notes:
# https://github.com/github/releases/issues/2998
- |
To help users access resources more securely, {% data variables.product.pat_v2_plural %} are available in public beta. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#about-personal-access-tokens)."
To help users access resources more securely, {% data variables.product.pat_v2_plural %} are available in public beta. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#about-personal-access-tokens).
- Users can create {% data variables.product.pat_v2_plural %} with access to their personal repositories or, if permitted, organization-owned repositories.
- Organization and enterprise owners can enable or disable the use of {% data variables.product.pat_v2_plural %} in organization-owned repositories, and can use the REST API or GraphQL API to manage tokens in their organizations.
- Users creating fine-grained tokens for an organization can add the `pre-receive hooks` permission to allow managing pre-receive hooks. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance)."
- Users creating fine-grained tokens for an organization can add the `pre-receive hooks` permission to allow managing pre-receive hooks. For more information, see [AUTOTITLE](/admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance).
- heading: GitHub Advanced Security
notes:
# https://github.com/github/releases/issues/2798
- |
To find vulnerabilities in specific parts of a project, users with write access to a repository can filter code scanning alerts by language or by file path by using the search queries `language:` and `path:`. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository)."
To find vulnerabilities in specific parts of a project, users with write access to a repository can filter code scanning alerts by language or by file path by using the search queries `language:` and `path:`. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository).
# https://github.com/github/releases/issues/2844
- |
To help repository administrators and security managers quickly enable automatic code scanning without needing to configure a workflow, default setup for code scanning supports compiled languages including Go, Java, and C. Default setup is now available for all languages supported by CodeQL, except Swift. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages)" and [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation.
To help repository administrators and security managers quickly enable automatic code scanning without needing to configure a workflow, default setup for code scanning supports compiled languages including Go, Java, and C. Default setup is now available for all languages supported by CodeQL, except Swift. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages) and [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation.
# https://github.com/github/releases/issues/2843
- |
Repository administrators and security managers can choose which languages to include or exclude in default setup for code scanning. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning)."
Repository administrators and security managers can choose which languages to include or exclude in default setup for code scanning. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning).
# https://github.com/github/releases/issues/2928
- |
@@ -68,25 +68,25 @@ sections:
# https://github.com/github/releases/issues/3315
- |
To help users find vulnerabilities in projects for Swift libraries and Apple apps,
the release of CodeQL included with GitHub Enterprise Server 3.10 includes support for Swift, up to version 5.8.1, and Xcode, up to version 14.3.1. Support for Swift is in beta and subject to change. Swift analysis is not supported in default setup for code scanning, and requires the advanced setup. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning)."
the release of CodeQL included with GitHub Enterprise Server 3.10 includes support for Swift, up to version 5.8.1, and Xcode, up to version 14.3.1. Support for Swift is in beta and subject to change. Swift analysis is not supported in default setup for code scanning, and requires the advanced setup. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning).
# https://github.com/github/releases/issues/2869
- |
To help identify steps to remediate leaked secrets, repository administrators and security managers can view metadata such as the secret owner, expiration date, and access rights for any active GitHub token leaked in a repository. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#reviewing-github-token-metadata)."
To help identify steps to remediate leaked secrets, repository administrators and security managers can view metadata such as the secret owner, expiration date, and access rights for any active GitHub token leaked in a repository. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#reviewing-github-token-metadata).
# https://github.com/github/blog/pull/4506/files
- |
Repository administrators, security managers, and organization and enterprise owners can view metrics for alerts generated by a specific custom pattern for secret scanning. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
Repository administrators, security managers, and organization and enterprise owners can view metrics for alerts generated by a specific custom pattern for secret scanning. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning).
- heading: Dependabot
notes:
# https://github.com/github/releases/issues/3099
- |
Dependabot can automatically update the version of Node.js dependencies managed in the pnpm package manager. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)."
Dependabot can automatically update the version of Node.js dependencies managed in the pnpm package manager. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems).
# https://github.com/github/releases/issues/3142
- |
To avoid unnecessary compute cost, Dependabot updates are automatically paused in repositories where there has been no activity on pull requests created by Dependabot for 90 days. For more information about the criteria for Dependabot updates being paused, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)."
To avoid unnecessary compute cost, Dependabot updates are automatically paused in repositories where there has been no activity on pull requests created by Dependabot for 90 days. For more information about the criteria for Dependabot updates being paused, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates) and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates).
# https://github.com/github/releases/issues/3070
- |
@@ -97,27 +97,27 @@ sections:
# https://github.com/github/releases/issues/2303
- |
In the [GitHub Advisory Database](https://github.com/advisories), users can search for any historical vulnerability recognized by the National Vulnerability Database. The "Unreviewed advisories" category has been backfilled to include vulnerabilities from previous years. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)."
In the [GitHub Advisory Database](https://github.com/advisories), users can search for any historical vulnerability recognized by the National Vulnerability Database. The "Unreviewed advisories" category has been backfilled to include vulnerabilities from previous years. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database).
# https://github.com/github/releases/issues/2295
- |
In the [GitHub Advisory Database](https://github.com/advisories), users can search for malware advisories by using the query `type:malware`. Dependabot does not send alerts for malware advisories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)."
In the [GitHub Advisory Database](https://github.com/advisories), users can search for malware advisories by using the query `type:malware`. Dependabot does not send alerts for malware advisories. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database).
# https://github.com/github/releases/issues/2042
- |
In the [GitHub Advisory Database](https://github.com/advisories), users can search for advisories for the Hex package manager, including Elixir, Erlang, and more. Dependabot does not send alerts for Hex advisories. For more information, see "[Browsing security advisories in the GitHub Advisory Database](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)."
In the [GitHub Advisory Database](https://github.com/advisories), users can search for advisories for the Hex package manager, including Elixir, Erlang, and more. Dependabot does not send alerts for Hex advisories. For more information, see [Browsing security advisories in the GitHub Advisory Database](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database).
# https://github.com/github/releases/issues/2890
- |
Organization owners, security managers, and users with admin access to a repository can quickly enable or disable security features for a filtered selection of repositories from the "Security coverage" view in an organization's security overview. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."
Organization owners, security managers, and users with admin access to a repository can quickly enable or disable security features for a filtered selection of repositories from the "Security coverage" view in an organization's security overview. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories).
# https://github.com/github/releases/issues/3162
- |
Enterprise owners, organization owners, and security managers can quickly assess adoption of security features and exposure to security vulnerabilities across their enterprise. The enterprise-level "Security coverage" and "Security risk" views in security overview display data for repositories in each organization where the viewer is an organization owner or security manager. These views replace the "Overview" page in the "Code Security" tab for an enterprise. The `risk` metric for filtering the "Overview" page is no longer available. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-enterprises)."
Enterprise owners, organization owners, and security managers can quickly assess adoption of security features and exposure to security vulnerabilities across their enterprise. The enterprise-level "Security coverage" and "Security risk" views in security overview display data for repositories in each organization where the viewer is an organization owner or security manager. These views replace the "Overview" page in the "Code Security" tab for an enterprise. The `risk` metric for filtering the "Overview" page is no longer available. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-enterprises).
# https://github.com/github/releases/issues/3112
- |
Users can find curated security advisories for the Swift ecosystem in the GitHub Advisory Database. For more information, see "[AUTOTITLE](/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database)."
Users can find curated security advisories for the Swift ecosystem in the GitHub Advisory Database. For more information, see [AUTOTITLE](/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database).
- heading: GitHub Actions
notes:
@@ -126,23 +126,23 @@ sections:
{% data reusables.actions.actions-runner-release-note %} [Updated: 2024-04-25]
# https://github.com/github/releases/issues/3136
- |
Organization owners can increase instance security by preventing members from creating self-hosted runners at the repository level. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization)."
Organization owners can increase instance security by preventing members from creating self-hosted runners at the repository level. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization).
# https://github.com/github/releases/issues/2901
- |
Users with admin access to a repository can allow external systems and third-party services to approve or reject deployments across organizations, repositories, and environments by enabling custom deployment protection rules. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#custom-deployment-protection-rules)."
Users with admin access to a repository can allow external systems and third-party services to approve or reject deployments across organizations, repositories, and environments by enabling custom deployment protection rules. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#custom-deployment-protection-rules).
# https://github.com/github/releases/issues/3184
- |
The option to execute custom scripts on a self-hosted runner is no longer is beta. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job#about-pre--and-post-job-scripts)."
The option to execute custom scripts on a self-hosted runner is no longer is beta. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job#about-pre--and-post-job-scripts).
# https://github.com/github/releases/issues/3248
- |
To prevent unnecessary transfer of OIDC tokens between workflows, to fetch an OIDC token generated within a reusable workflow that is outside their enterprise or organization, users must set the `id-token` permission to `write` in the workflow or specific job where the reusable workflow is called. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings)."
To prevent unnecessary transfer of OIDC tokens between workflows, to fetch an OIDC token generated within a reusable workflow that is outside their enterprise or organization, users must set the `id-token` permission to `write` in the workflow or specific job where the reusable workflow is called. For more information, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings).
# https://github.com/github/docs-content/issues/9102
- |
Repository administrators, organization owners, and users with the `manage_runners:enterprise` scope for enterprises can use the REST API to create ephemeral, just-in-time (JIT) runners that can perform at most one job before being automatically removed from the repository, organization, or enterprise. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-just-in-time-runners)."
Repository administrators, organization owners, and users with the `manage_runners:enterprise` scope for enterprises can use the REST API to create ephemeral, just-in-time (JIT) runners that can perform at most one job before being automatically removed from the repository, organization, or enterprise. For more information, see [AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-just-in-time-runners).
- heading: Community experience
notes:
@@ -158,29 +158,29 @@ sections:
notes:
# https://github.com/github/releases/issues/3226
- |
To prevent unnecessary repository removal, the API for managing the repositories accessible by a GitHub App in your organization has been updated to fail early if the application is currently granted access to `all` repositories in the organization. This API can only be used to remove a repository when the application has been granted access to an explicit list of repositories. For more information, see "[AUTOTITLE](/rest/apps/installations#remove-a-repository-from-an-app-installation)."
To prevent unnecessary repository removal, the API for managing the repositories accessible by a GitHub App in your organization has been updated to fail early if the application is currently granted access to `all` repositories in the organization. This API can only be used to remove a repository when the application has been granted access to an explicit list of repositories. For more information, see [AUTOTITLE](/rest/apps/installations#remove-a-repository-from-an-app-installation).
# https://github.com/github/releases/issues/2610
- |
Repository administrators can ensure the security and stability of branches by requiring pull request approval by someone other than the last pusher. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging)."
Repository administrators can ensure the security and stability of branches by requiring pull request approval by someone other than the last pusher. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging).
- heading: Projects
notes:
# https://github.com/github/releases/issues/2250
- |
Projects is no longer in public beta, and is now considered generally available. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects)."
Projects is no longer in public beta, and is now considered generally available. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects).
# https://github.com/github/releases/issues/3207
- |
To control the amount of work in progress and promote focus, on a board layout, users with admin access to a project can set a recommended limit on the number of items in a column. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#setting-a-limit-on-the-number-of-items-in-a-column)."
To control the amount of work in progress and promote focus, on a board layout, users with admin access to a project can set a recommended limit on the number of items in a column. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#setting-a-limit-on-the-number-of-items-in-a-column).
# https://github.com/github/releases/issues/3133
- |
To determine the default access rights organization members have to projects where they haven't been granted individual access, organization owners can set a base role for projects. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-access-to-your-projects#managing-access-for-organization-level-projects)."
To determine the default access rights organization members have to projects where they haven't been granted individual access, organization owners can set a base role for projects. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-access-to-your-projects#managing-access-for-organization-level-projects).
# https://github.com/github/releases/issues/2929
- |
To share a pre-configured project with other people in an organization, users with admin access to a project can set the project as a template. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization)."
To share a pre-configured project with other people in an organization, users with admin access to a project can set the project as a template. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization).
# https://github.com/github/releases/issues/3061
- |
@@ -200,7 +200,7 @@ sections:
notes:
# https://github.com/github/releases/issues/3118
- |
Users can include mathematical expressions within Markdown by using LaTeX syntax delimited by `$` characters and backticks. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions#writing-inline-expressions)."
Users can include mathematical expressions within Markdown by using LaTeX syntax delimited by `$` characters and backticks. For more information, see [AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions#writing-inline-expressions).
- heading: Accessibility
notes:
@@ -217,7 +217,7 @@ sections:
- `log_message`, `msg`, or `message` is now `Body`.
- `now` is now `Timestamp`.
- Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names.
- Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal)."
- Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal).
For a full list of field mappings, download the [OpenTelemetry attribute mapping CSV for GitHub Enterprise Server 3.9](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv) and the [OpenTelemetry attribute mapping CSV for GitHub Enterprise Server 3.10](/assets/ghes-3.10-opentelemetry-attribute-mappings.csv). This change is part of GitHub's gradual migration to internal semantic conventions for [OpenTelemetry](https://opentelemetry.io/), and additional field names will change in upcoming releases.
@@ -231,11 +231,11 @@ sections:
# https://github.com/github/releases/issues/3233
- |
The `PUT` and `DELETE` operations on the `/installations/{installation_id}/repositories/{repository_id}` endpoint are no longer functional for the management of GitHub App installations. You can add or remove a repository from an app installation using the documented APIs instead. For more information, see "[AUTOTITLE](/rest/apps/installations)."
The `PUT` and `DELETE` operations on the `/installations/{installation_id}/repositories/{repository_id}` endpoint are no longer functional for the management of GitHub App installations. You can add or remove a repository from an app installation using the documented APIs instead. For more information, see [AUTOTITLE](/rest/apps/installations).
# https://github.com/github/releases/issues/2870
- |
On an instance with a GitHub Advanced Security license, to make it easier to assess vulnerabilities to exposed secrets, enterprise owners and organization owners receive a single email with the results of the historical scan for secrets that is performed when secret scanning is first enabled in an organization or enterprise. Previously, secret scanning sent an email for each repository where secrets were detected. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)."
On an instance with a GitHub Advanced Security license, to make it easier to assess vulnerabilities to exposed secrets, enterprise owners and organization owners receive a single email with the results of the historical scan for secrets that is performed when secret scanning is first enabled in an organization or enterprise. Previously, secret scanning sent an email for each repository where secrets were detected. For more information, see [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users).
# https://github.com/github/releases/issues/2805
- |
@@ -253,7 +253,7 @@ sections:
known_issues:
# INCLUDE NOTES FOR RELEASE FROM "GHES Release Note Tracking" PROJECT'S "Known Issues" TAB
- |
After an administrator upgrades from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9 or 3.10, I/O utilization will increase, and in some cases the instance's performance will be impacted. Reduced performance is due to the database server being upgraded from MySQL 5.7 to MySQL 8.0. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance)."
After an administrator upgrades from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9 or 3.10, I/O utilization will increase, and in some cases the instance's performance will be impacted. Reduced performance is due to the database server being upgraded from MySQL 5.7 to MySQL 8.0. For more information, see [AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance).
- |
{% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
- |
@@ -284,7 +284,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-09-04]
- |
@@ -321,4 +321,4 @@ sections:
- heading: Upcoming deprecation of team discussions
notes:
- |
GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.10, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." [Updated: 2024-03-04]
GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.10, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see [AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions) and [AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions). [Updated: 2024-03-04]

6
data/release-notes/enterprise-server/3-10/1.yml
View File

@@ -4,8 +4,8 @@ intro: |
**Warnings**:
- This release contains a known issue that may lead to replication issues on an instance in a high-availability, geo-replication, or repository cache configuration. Upgrade to {% data variables.product.prodname_ghe_server %} 3.10.2 or later instead of this release. For more information, see the "[Known issues](#3.10.1-known-issues)" section of these release notes.
- A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.1-known-issues)" section of these release notes.
- This release contains a known issue that may lead to replication issues on an instance in a high-availability, geo-replication, or repository cache configuration. Upgrade to {% data variables.product.prodname_ghe_server %} 3.10.2 or later instead of this release. For more information, see the [Known issues](#3.10.1-known-issues) section of these release notes.
- A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.1-known-issues) section of these release notes.
{% endwarning %}
sections:
@@ -38,7 +38,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). [Updated: 2023-02-23]
- |
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- |

6
data/release-notes/enterprise-server/3-10/10.yml
View File

@@ -2,7 +2,7 @@ date: '2024-04-18'
intro: |
{% warning %}
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.10-known-issues)" section of these release notes.
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.10-known-issues) section of these release notes.
{% endwarning %}
sections:
@@ -23,7 +23,7 @@ sections:
- |
Disk usage, utilization, and latency for data devices could render incorrectly in Grafana.
- |
On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover. The `ghe-cluster-failover` command has been updated to block access from the old cluster, and four new command-line utilities have been introduced to manually block IP addresses: `ghe-cluster-block-ips`, `ghe-cluster-block-ip`, `ghe-cluster-unblock-ips`, and `ghe-cluster-unblock-ip`. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-failover)." [Updated: 2024-05-01]
On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover. The `ghe-cluster-failover` command has been updated to block access from the old cluster, and four new command-line utilities have been introduced to manually block IP addresses: `ghe-cluster-block-ips`, `ghe-cluster-block-ip`, `ghe-cluster-unblock-ips`, and `ghe-cluster-unblock-ip`. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-failover). [Updated: 2024-05-01]
- |
The `ghe-update-check` command did not clean up .tmp files in `/var/lib/ghe-updates/`, which could lead to full disk issues.
- |
@@ -59,7 +59,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

4
data/release-notes/enterprise-server/3-10/11.yml
View File

@@ -2,7 +2,7 @@ date: '2024-05-08'
intro: |
{% warning %}
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.11-known-issues)" section of these release notes.
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.11-known-issues) section of these release notes.
{% endwarning %}
sections:
@@ -31,7 +31,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

6
data/release-notes/enterprise-server/3-10/12.yml
View File

@@ -2,7 +2,7 @@ date: '2024-05-20'
intro: |
{% warning %}
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.12-known-issues)" section of these release notes.
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.12-known-issues) section of these release notes.
{% endwarning %}
sections:
@@ -12,14 +12,14 @@ sections:
Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO or utilizing SAML SSO authentication without encrypted assertions are not impacted. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. GitHub has requested CVE ID [CVE-2024-4985](https://nvd.nist.gov/vuln/detail/CVE-2024-4985) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)" and "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions)."
For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise) and [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions).
known_issues:
- |
Custom firewall rules are removed during the upgrade process.
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

4
data/release-notes/enterprise-server/3-10/13.yml
View File

@@ -2,7 +2,7 @@ date: '2024-06-19'
intro: |
{% warning %}
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.13-known-issues)" section of these release notes.
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.13-known-issues) section of these release notes.
{% endwarning %}
sections:
@@ -20,7 +20,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

4
data/release-notes/enterprise-server/3-10/15.yml
View File

@@ -5,7 +5,7 @@ intro: |
{% warning %}
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.14-known-issues)" section of these release notes.
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.14-known-issues) section of these release notes.
{% endwarning %}
sections:
@@ -102,7 +102,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

4
data/release-notes/enterprise-server/3-10/16.yml
View File

@@ -2,7 +2,7 @@ date: '2024-08-20'
intro: |
{% warning %}
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.16-known-issues)" section of these release notes.
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.16-known-issues) section of these release notes.
{% endwarning %}
sections:
@@ -52,7 +52,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

2
data/release-notes/enterprise-server/3-10/17.yml
View File

@@ -41,7 +41,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- |

4
data/release-notes/enterprise-server/3-10/2.yml
View File

@@ -2,7 +2,7 @@ date: '2023-09-22'
intro: |
{% warning %}
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.2-known-issues)" section of these release notes.
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.2-known-issues) section of these release notes.
{% endwarning %}
sections:
@@ -17,7 +17,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). [Updated: 2023-02-23]
- |
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- |

4
data/release-notes/enterprise-server/3-10/3.yml
View File

@@ -2,7 +2,7 @@ date: '2023-10-24'
intro: |
{% warning %}
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.3-known-issues)" section of these release notes.
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.3-known-issues) section of these release notes.
{% endwarning %}
sections:
@@ -58,7 +58,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- |

10
data/release-notes/enterprise-server/3-10/4.yml
View File

@@ -2,13 +2,13 @@ date: '2023-12-21'
intro: |
{% warning %}
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.4-known-issues)" section of these release notes.
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.4-known-issues) section of these release notes.
{% endwarning %}
sections:
security_fixes:
- |
**HIGH**: An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of private mode by using a specially crafted API request. Private mode is the mechanism that enforces authentication for publicly-scoped resources. For more information, see "[AUTOTITLE](/admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode)."
**HIGH**: An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of private mode by using a specially crafted API request. Private mode is the mechanism that enforces authentication for publicly-scoped resources. For more information, see [AUTOTITLE](/admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode).
This vulnerability would allow unauthenticated attackers to gain access to various types of resources set as public on the instance. To exploit this vulnerability, an attacker would need network access to the GitHub Enterprise Server instance configured in private mode. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-6847](https://www.cve.org/cverecord?id=CVE-2023-6847).
- |
@@ -38,7 +38,7 @@ sections:
- |
**LOW:** Pre-receive hooks have been further hardened against shell command injections.
- |
**LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)."
**LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see [AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps).
- |
To address scenarios that could lead to denial of service, HAProxy has been upgraded to version 2.8.4.
- |
@@ -141,7 +141,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
@@ -185,4 +185,4 @@ sections:
- |
To allow users to render interactive maps in an instance's web UI by writing GeoJSON or TopoJSON syntax, GitHub Enterprise Server previously required a potentially unsecure API key for authentication with Azure Maps. If an administrator previously enabled interactive maps on an instance, the feature is disabled upon upgrade to this release.
To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)" and the security fixes for this release.
To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see [AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps) and the security fixes for this release.

4
data/release-notes/enterprise-server/3-10/5.yml
View File

@@ -2,7 +2,7 @@ date: '2024-01-16'
intro: |
{% warning %}
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.5-known-issues)" section of these release notes.
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.5-known-issues) section of these release notes.
{% endwarning %}
sections:
@@ -33,7 +33,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

4
data/release-notes/enterprise-server/3-10/6.yml
View File

@@ -2,7 +2,7 @@ date: '2024-01-30'
intro: |
{% warning %}
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.6-known-issues)" section of these release notes.
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.6-known-issues) section of these release notes.
{% endwarning %}
sections:
@@ -19,7 +19,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

4
data/release-notes/enterprise-server/3-10/7.yml
View File

@@ -2,7 +2,7 @@ date: '2024-02-13'
intro: |
{% warning %}
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.7-known-issues)" section of these release notes.
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.7-known-issues) section of these release notes.
{% endwarning %}
sections:
@@ -53,7 +53,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

4
data/release-notes/enterprise-server/3-10/8.yml
View File

@@ -2,7 +2,7 @@ date: '2024-02-29'
intro: |
{% warning %}
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.8-known-issues)" section of these release notes.
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.8-known-issues) section of these release notes.
{% endwarning %}
sections:
@@ -20,7 +20,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

8
data/release-notes/enterprise-server/3-10/9.yml
View File

@@ -2,7 +2,7 @@ date: '2024-03-20'
intro: |
{% warning %}
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.9-known-issues)" section of these release notes.
**Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.9-known-issues) section of these release notes.
{% endwarning %}
sections:
@@ -64,16 +64,16 @@ sections:
- |
People deploying a GitHub Enterprise Server instance in AWS can now deploy in an environment that uses Instance Metadata Service Version 2 (IMDSv2).
- |
On an instance in a cluster configuration, MySQL replica nodes can be configured to skip database seeding. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding)."
On an instance in a cluster configuration, MySQL replica nodes can be configured to skip database seeding. For more information, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding).
- |
The payload for the `push` webhook event is now limited to 2,048 commits. If there are more than 2,048 commits in a push, the payload for the push webhook will not contain serialized diff information for each commit. If you need to fetch commit information, you can use the Commits endpoints of the REST API. For more information, see "[AUTOTITLE](/webhooks/webhook-events-and-payloads#push)" and "[AUTOTITLE](/rest/commits)."
The payload for the `push` webhook event is now limited to 2,048 commits. If there are more than 2,048 commits in a push, the payload for the push webhook will not contain serialized diff information for each commit. If you need to fetch commit information, you can use the Commits endpoints of the REST API. For more information, see [AUTOTITLE](/webhooks/webhook-events-and-payloads#push) and [AUTOTITLE](/rest/commits).
known_issues:
- |
Custom firewall rules are removed during the upgrade process.
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

110
data/release-notes/enterprise-server/3-11/0-rc1.yml
View File

@@ -8,7 +8,7 @@ intro: |
{% endnote %}
For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server).
sections:
features:
@@ -16,7 +16,7 @@ sections:
notes:
# https://github.com/github/releases/issues/3439
- |
Instance administrators can perform administrative tasks using the `gh es` extension for the GitHub CLI. The extension communicates with your instance's management API, so you don't need to SSH into the instance or write a custom application. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/administering-your-instance-using-the-github-cli)."
Instance administrators can perform administrative tasks using the `gh es` extension for the GitHub CLI. The extension communicates with your instance's management API, so you don't need to SSH into the instance or write a custom application. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/administering-your-instance-using-the-github-cli).
- heading: Authentication
notes:
@@ -24,9 +24,9 @@ sections:
- |
To help users discover the required permissions for calls to a REST API endpoint, GitHub Enterprise Server returns the `X-Accepted-GitHub-Permissions` header for requests to endpoints that use fine-grained permissions, including requests from GitHub Apps. For more information, see the following articles.
- "[AUTOTITLE](/rest/overview/troubleshooting#insufficient-permissions-errors)"
- "[AUTOTITLE](/rest/overview/permissions-required-for-fine-grained-personal-access-tokens)"
- "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps)"
- [AUTOTITLE](/rest/overview/troubleshooting#insufficient-permissions-errors)
- [AUTOTITLE](/rest/overview/permissions-required-for-fine-grained-personal-access-tokens)
- [AUTOTITLE](/rest/overview/permissions-required-for-github-apps)
- heading: Audit logs
notes:
@@ -34,9 +34,9 @@ sections:
- |
The web interface for enterprise, organization, and user audit logs include an expandable view that displays the full audit log payload for each event. Administrators and users can see the same event metadata when searching the audit log in the web interface or via streaming. For more information, see the following articles.
- "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise)"
- "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)"
- "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)"
- [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise)
- [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)
- [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)
- heading: GitHub Advanced Security
notes:
@@ -44,17 +44,17 @@ sections:
- |
On an instance with GitHub Actions enabled, in repositories that use default setup for code scanning, the default setup configuration updates automatically if GitHub detects new languages. Users can view a repository's language configuration for default setup from the repository's "Code security and analysis" settings page. Additionally, users can view information about setup and debug failed languages from the tools status page. For more information, see the following articles.
- "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale#about-adding-languages-to-an-existing-default-setup-configuration)"
- "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)"
- "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page)"
- [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale#about-adding-languages-to-an-existing-default-setup-configuration)
- [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)
- [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page)
# https://github.com/github/releases/issues/3258
- |
On an instance with GitHub Actions enabled, default setup for code scanning at the organization level is now generally available. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale)" and "[AUTOTITLE](/rest/orgs/orgs?apiVersion=2022-11-28#enable-or-disable-a-security-feature-for-an-organization)" in the REST API documentation.
On an instance with GitHub Actions enabled, default setup for code scanning at the organization level is now generally available. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale) and [AUTOTITLE](/rest/orgs/orgs?apiVersion=2022-11-28#enable-or-disable-a-security-feature-for-an-organization) in the REST API documentation.
# https://github.com/github/releases/issues/3214
- |
On an instance with GitHub Actions enabled, during configuration of default setup for code scanning, users can select either the "Extended" or "Default" query suite for eligible repositories in an organization. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites)" and "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)."
On an instance with GitHub Actions enabled, during configuration of default setup for code scanning, users can select either the "Extended" or "Default" query suite for eligible repositories in an organization. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites) and [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
# https://github.com/github/releases/issues/2841
- |
@@ -62,39 +62,39 @@ sections:
# https://github.com/github/releases/issues/3283
- |
Code scanning default setup is available for Swift analysis with CodeQL. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically)."
Code scanning default setup is available for Swift analysis with CodeQL. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically).
# https://github.com/github/releases/issues/3355
- |
CodeQL 2.14.6 and later supports analysis of code written in Go 1.21. For more information, see "[Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/)" in the CodeQL documentation.
CodeQL 2.14.6 and later supports analysis of code written in Go 1.21. For more information, see [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation.
# https://github.com/github/releases/issues/3289
- |
With CodeQL model packs for Java, users can improve code scanning results by ensuring that any custom Java libraries and frameworks used by their codebase are recognized by CodeQL. For more information, see the following documentation.
- "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup)"
- "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-codeql-model-packs)"
- "[Using the CodeQL model editor](https://codeql.github.com/docs/codeql-for-visual-studio-code/using-the-codeql-model-editor)" in the CodeQL documentation
- [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup)
- [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-codeql-model-packs)
- [Using the CodeQL model editor](https://codeql.github.com/docs/codeql-for-visual-studio-code/using-the-codeql-model-editor) in the CodeQL documentation
# https://github.com/github/releases/issues/3110
- |
For instances with GitHub Connect configured, code scanning with CodeQL supports Java codebases that use [Project Lombok](https://projectlombok.org/). Previously, code scanning users were able to scan Java applications that contained Lombok code, but all the contents of files containing Lombok code were either skipped or users had to apply a workaround to prepare the applications for scanning. Lombok features will now be automatically scanned without requiring any workaround.
For more information about syncing the required GitHub Actions workflow to scan Lombok code, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions)."
For more information about syncing the required GitHub Actions workflow to scan Lombok code, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions).
# https://github.com/github/releases/issues/2920
- |
Push protection for secret scanning is now generally available. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
Push protection for secret scanning is now generally available. For more information, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).
# https://github.com/github/releases/issues/2649
# https://github.com/github/releases/issues/2866
# https://github.com/github/releases/issues/3196
- |
To prevent the leak of tokens where users work outside of code, secret scanning detects tokens in both new and historical issue titles, descriptions, and comments. When a new token type is added to secret scanning, GitHub Enterprise Server scans for matches automatically. This expanded coverage also detects and surfaces secrets that match any custom pattern defined at the repository, organization, or enterprise level. These secrets appear both in the web interface and in queries to the REST API. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)" and "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
To prevent the leak of tokens where users work outside of code, secret scanning detects tokens in both new and historical issue titles, descriptions, and comments. When a new token type is added to secret scanning, GitHub Enterprise Server scans for matches automatically. This expanded coverage also detects and surfaces secrets that match any custom pattern defined at the repository, organization, or enterprise level. These secrets appear both in the web interface and in queries to the REST API. For more information, see [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning) and [AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning).
# https://github.com/github/releases/issues/2868
- |
Users can view metrics associated with push protection usage across an organization. The overview shows a summary of blocks and bypasses, as well as more granular metrics. For more information, see "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)."
Users can view metrics associated with push protection usage across an organization. The overview shows a summary of blocks and bypasses, as well as more granular metrics. For more information, see [AUTOTITLE](/code-security/security-overview/assessing-code-security-risk).
# https://github.com/github/releases/issues/3291
- |
@@ -104,22 +104,22 @@ sections:
notes:
# https://github.com/github/releases/issues/2919
- |
For developers who manage Node.js dependencies using the pnpm package manager, pnpm is fully supported by dependency graph, Dependabot alerts, and Dependabot security updates. For more information about securing your supply chain with Dependabot, see "[AUTOTITLE](/code-security/dependabot)."
For developers who manage Node.js dependencies using the pnpm package manager, pnpm is fully supported by dependency graph, Dependabot alerts, and Dependabot security updates. For more information about securing your supply chain with Dependabot, see [AUTOTITLE](/code-security/dependabot).
# https://github.com/github/releases/issues/3171
- |
Developers can enforce policies related to vulnerabilities and licenses in pull requests for complex ecosystems with transitive dependencies like Gradle and Scala. Dependency review supports dependencies from the dependency submission API. For more information, see the following articles.
- "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together)"
- "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)"
- "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)"
- [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together)
- [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)
- [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)
# https://github.com/github/releases/issues/3268
# https://github.com/github/releases/issues/3362
# https://github.com/github/releases/issues/3363
# https://github.com/github/releases/issues/3364
- |
To control how Dependabot structures pull requests and improve mergeability, users can implement flexible grouping options in `dependabot.yml`. You can also control Dependabot's behavior for groups using comment commands. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups)" and "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)."
To control how Dependabot structures pull requests and improve mergeability, users can implement flexible grouping options in `dependabot.yml`. You can also control Dependabot's behavior for groups using comment commands. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups) and [AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands).
# https://github.com/github/releases/issues/3270
# https://github.com/github/releases/issues/3271
@@ -129,27 +129,27 @@ sections:
- Users can also configure scheduled updates for Swift dependencies using `dependabot.yml`.
- If users have used the REST API for dependency submission to upload Gradle dependencies to the dependency graph and receive Dependabot alerts for those dependencies, Dependabot will try to open a pull request to resolve security updates enabled for the repository.
For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)."
For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates).
# https://github.com/github/releases/issues/3287
- |
Responses from REST API endpoints for repositories display whether Dependabot security updates are enabled or disabled. Users can also enable or disable security updates for a repository using the REST API. For more information, see "[AUTOTITLE](/rest/repos/repos)" in the REST API documentation.
Responses from REST API endpoints for repositories display whether Dependabot security updates are enabled or disabled. Users can also enable or disable security updates for a repository using the REST API. For more information, see [AUTOTITLE](/rest/repos/repos) in the REST API documentation.
- heading: Code security
notes:
# https://github.com/github/releases/issues/3259
- |
To assess risks to code security and ensure adoption of features to improve code security, the "Security risk" and "Security coverage" pages for organizations and the entire instance are generally available. Additionally, the alert-centric pages for Dependabot, code scanning, and secret scanning are also now generally available. For more information, see "[Assessing your code security risk](/code-security/security-overview/assessing-code-security-risk)" and "[Assessing adoption of code security features](/code-security/security-overview/assessing-adoption-code-security)."
To assess risks to code security and ensure adoption of features to improve code security, the "Security risk" and "Security coverage" pages for organizations and the entire instance are generally available. Additionally, the alert-centric pages for Dependabot, code scanning, and secret scanning are also now generally available. For more information, see [Assessing your code security risk](/code-security/security-overview/assessing-code-security-risk) and [Assessing adoption of code security features](/code-security/security-overview/assessing-adoption-code-security).
# https://github.com/github/releases/issues/3126
- |
Users can take advantage of the [GitHub Advisory Database](https://github.com/advisories) using the REST API. The Advisory Database is a free, open-source list of actionable security advisories and CVEs. API responses include machine-readable mappings to the ecosystem, package name, and affected versions of impacted software. For more information, see "[AUTOTITLE](/rest/security-advisories/global-advisories)" in the REST API documentation.
Users can take advantage of the [GitHub Advisory Database](https://github.com/advisories) using the REST API. The Advisory Database is a free, open-source list of actionable security advisories and CVEs. API responses include machine-readable mappings to the ecosystem, package name, and affected versions of impacted software. For more information, see [AUTOTITLE](/rest/security-advisories/global-advisories) in the REST API documentation.
- heading: GitHub Actions
notes:
# https://github.com/github/releases/issues/3247
- |
To better navigate, trace, understand, and monitor deployments, users can view and track the full history of deployments in a repository or filter across environments. For more information, see "[AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history)."
To better navigate, trace, understand, and monitor deployments, users can view and track the full history of deployments in a repository or filter across environments. For more information, see [AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history).
# https://github.com/github/releases/issues/3402
- |
@@ -158,53 +158,53 @@ sections:
- GitHub Enterprise Server blocks runs triggered from forks with branch names that match the protected branch's name.
- Tags with the same name as a protected branch cannot deploy to the environments with a branch protection configuration.
For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches)."
For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches).
# https://github.com/github/releases/issues/3489
- |
On an instance with GitHub Actions enabled and a configuration for deployment environments, administrators for environments can improve the security of deployments by enforcing a review by someone other than the person who triggered the run. This option prevents required reviewers from self-reviewing to trigger workflows. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#required-reviewers)."
On an instance with GitHub Actions enabled and a configuration for deployment environments, administrators for environments can improve the security of deployments by enforcing a review by someone other than the person who triggered the run. This option prevents required reviewers from self-reviewing to trigger workflows. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#required-reviewers).
- heading: Organizations
notes:
# https://github.com/github/releases/issues/3465
- |
Organization owners can signal that an organization is no longer actively maintained by archiving the organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/archiving-an-organization)."
Organization owners can signal that an organization is no longer actively maintained by archiving the organization. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/archiving-an-organization).
- heading: Repositories
notes:
# https://github.com/github/releases/issues/2926
- |
Users can govern protections for branches and tags in a repository using repository rules. To govern the protections for all of an organization's repositories, users can also enable rulesets for an organization. Contributors to a repository can see which rules apply via the web interface, Git, or the GitHub CLI. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets)."
Users can govern protections for branches and tags in a repository using repository rules. To govern the protections for all of an organization's repositories, users can also enable rulesets for an organization. Contributors to a repository can see which rules apply via the web interface, Git, or the GitHub CLI. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets).
# https://github.com/github/releases/issues/3081
- |
Users can create new repositories with predefined attributes using query parameters. For example, a user can create a URL that prepopulates information about the repository like the name, description, visibility, and more. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-new-repository#creating-a-new-repository-from-a-url-query)."
Users can create new repositories with predefined attributes using query parameters. For example, a user can create a URL that prepopulates information about the repository like the name, description, visibility, and more. For more information, see [AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-new-repository#creating-a-new-repository-from-a-url-query).
# https://github.com/github/releases/issues/2741
- |
Users can more easily understand changes to a repository using the activity view. For more information, see "[AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/using-the-activity-view-to-see-changes-to-a-repository)."
Users can more easily understand changes to a repository using the activity view. For more information, see [AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/using-the-activity-view-to-see-changes-to-a-repository).
- heading: Issues
notes:
# https://github.com/github/releases/issues/3324
- |
Users can automatically add a new issue to projects using a custom issue form by defining `projects` in the issue template. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms)."
Users can automatically add a new issue to projects using a custom issue form by defining `projects` in the issue template. For more information, see [AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms).
- heading: Projects
notes:
# https://github.com/github/releases/issues/3205
- |
Users can review items in a project view broken down by a certain field value. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-table-layout#slicing-by-field-values)."
Users can review items in a project view broken down by a certain field value. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-table-layout#slicing-by-field-values).
# https://github.com/github/releases/issues/3205
- |
Users can create charts to visualize current project items, or visualize project items over time. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/viewing-insights-from-your-project/about-insights-for-projects)."
Users can create charts to visualize current project items, or visualize project items over time. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/viewing-insights-from-your-project/about-insights-for-projects).
- heading: Accessibility
notes:
# https://github.com/github/releases/issues/3340
- |
To improve the visibility of links with blocks of text in the web interface for GitHub Enterprise Server, users can apply underline styling. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-accessibility-settings#managing-the-appearance-of-links)."
To improve the visibility of links with blocks of text in the web interface for GitHub Enterprise Server, users can apply underline styling. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-accessibility-settings#managing-the-appearance-of-links).
changes:
# https://github.com/github/releases/issues/3319
@@ -219,7 +219,7 @@ sections:
- `log_message`, `msg`, or `message` is now `Body`.
- `now` is now `Timestamp`.
- Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names.
- Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal)."
- Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal).
For a full list of mappings, download the OpenTelemetry attribute mapping CSV for GitHub Enterprise Server [3.9](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv), [3.10](/assets/ghes-3.10-opentelemetry-attribute-mappings.csv), and [3.11](/assets/ghes-3.11-opentelemetry-attribute-mappings.csv).
@@ -229,15 +229,15 @@ sections:
For more information about 2FA, see the following articles.
- "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization)"
- "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/sudo-mode)"
- "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-totp-mobile-app)"
- [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization)
- [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/sudo-mode)
- [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-totp-mobile-app)
# https://github.com/github/releases/issues/3327
- |
On an instance with a GitHub Advanced Security license, during analysis of Python projects with code scanning using CodeQL and an advanced setup, GitHub Enterprise Server would automatically install dependencies for the project. Due to improvements to CodeQL, GitHub Enterprise Server no longer needs to fetch these dependencies to analyze a codebase. To improve scan times for Python projects, automatic dependency installation is disabled.
If you configured code scanning with CodeQL via advanced setup to disable dependency installation, GitHub recommends setting `setup-python-dependencies` to `false` for the configuration. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#analyzing-python-dependencies)."
If you configured code scanning with CodeQL via advanced setup to disable dependency installation, GitHub recommends setting `setup-python-dependencies` to `false` for the configuration. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#analyzing-python-dependencies).
# https://github.com/github/releases/issues/3172
- |
@@ -245,7 +245,7 @@ sections:
# https://github.com/github/releases/issues/3284
- |
On an instance with GitHub Advanced Security, to help users more efficiently review and filter code scanning alerts at scale using the REST API, the `updated_at` field in API responses is improved. The `updated_at` timestamp now represents an alert's most recent state change on the branch that you requested. State changes include an alert being introduced, fixed, dismissed, reopened, or reintroduced. Previously, the `updated_at` timestamp changed frequently, whenever an alert was found in an analysis or the alert state changed. For more information about using the REST API to retrieve code scanning alerts, see "[AUTOTITLE](/rest/code-scanning/code-scanning?apiVersion=2022-11-28)" in the REST API documentation.
On an instance with GitHub Advanced Security, to help users more efficiently review and filter code scanning alerts at scale using the REST API, the `updated_at` field in API responses is improved. The `updated_at` timestamp now represents an alert's most recent state change on the branch that you requested. State changes include an alert being introduced, fixed, dismissed, reopened, or reintroduced. Previously, the `updated_at` timestamp changed frequently, whenever an alert was found in an analysis or the alert state changed. For more information about using the REST API to retrieve code scanning alerts, see [AUTOTITLE](/rest/code-scanning/code-scanning?apiVersion=2022-11-28) in the REST API documentation.
# https://github.com/github/releases/issues/2874
- |
@@ -255,7 +255,7 @@ sections:
- Dependency licenses are displayed.
- Dependabot alerts appear for dependencies, sorted by severity, and link to the Dependabot alerts and the Dependabot update pull request where applicable.
For more information about the dependency graph, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."
For more information about the dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
# https://github.com/github/releases/issues/3253
- |
@@ -265,12 +265,12 @@ sections:
- |
On an instance with GitHub Actions enabled, workflows that use Node.js 12 will log a warning. Node.js 12 has been end-of-life since [April 2022](https://github.com/nodejs/Release/#end-of-life-releases).
- Workflow authors should update actions to run on Node.js 16 instead of 12. For more information, see "[AUTOTITLE](/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions)."
- Users with workflows that use Node.js should specify Node.js 16 or later in the workflows using versioned actions. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#example-using-versioned-actions)."
- Workflow authors should update actions to run on Node.js 16 instead of 12. For more information, see [AUTOTITLE](/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions).
- Users with workflows that use Node.js should specify Node.js 16 or later in the workflows using versioned actions. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#example-using-versioned-actions).
# https://github.com/github/releases/issues/3500
- |
On an instance with GitHub Actions enabled and runners using GitHub Actions Runner 2.309.0 or later, users can no longer use `GITHUB_ENV` to set the `NODE_OPTIONS` environment variable in workflows. Workflows that set `NODE_OPTIONS` as an environment variable will now log the following error. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable)" and the [v2.309.0 release](https://github.com/actions/runner/releases/tag/v2.309.0) in the actions/runner repository on GitHub.com.
On an instance with GitHub Actions enabled and runners using GitHub Actions Runner 2.309.0 or later, users can no longer use `GITHUB_ENV` to set the `NODE_OPTIONS` environment variable in workflows. Workflows that set `NODE_OPTIONS` as an environment variable will now log the following error. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable) and the [v2.309.0 release](https://github.com/actions/runner/releases/tag/v2.309.0) in the actions/runner repository on GitHub.com.
```shell
Can't store NODE_OPTIONS output parameter using '$GITHUB_ENV' command.
@@ -282,7 +282,7 @@ sections:
# https://github.com/github/releases/issues/3219
- |
Users can break out items in a project by workstreams, team members, priorities, or other groupings using a swimlane view. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#grouping-by-field-values)."
Users can break out items in a project by workstreams, team members, priorities, or other groupings using a swimlane view. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#grouping-by-field-values).
# https://github.com/github/releases/issues/3262
- |
@@ -306,7 +306,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
@@ -335,4 +335,4 @@ sections:
Users will continue to receive Dependabot alerts for dependencies with known vulnerabilities. To resolve these alerts, users can manually upgrade the affected package.
For more information about Python releases, see [Status of Python versions](https://devguide.python.org/versions) on the Python website. For more information about supported package managers for Dependabot, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)."
For more information about Python releases, see [Status of Python versions](https://devguide.python.org/versions) on the Python website. For more information about supported package managers for Dependabot, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems).

120
data/release-notes/enterprise-server/3-11/0.yml
View File

@@ -2,7 +2,7 @@ date: '2023-12-05'
release_candidate: false
deprecated: false
intro: |
For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server).
sections:
features:
@@ -10,7 +10,7 @@ sections:
notes:
# https://github.com/github/releases/issues/3439
- |
Instance administrators can perform administrative tasks using the `gh es` extension for the GitHub CLI. The extension communicates with your instance's management API, so you don't need to SSH into the instance or write a custom application. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/administering-your-instance-using-the-github-cli)."
Instance administrators can perform administrative tasks using the `gh es` extension for the GitHub CLI. The extension communicates with your instance's management API, so you don't need to SSH into the instance or write a custom application. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/administering-your-instance-using-the-github-cli).
- heading: Authentication
notes:
@@ -18,9 +18,9 @@ sections:
- |
To help users discover the required permissions for calls to a REST API endpoint, GitHub Enterprise Server returns the `X-Accepted-GitHub-Permissions` header for requests to endpoints that use fine-grained permissions, including requests from GitHub Apps. For more information, see the following articles.
- "[AUTOTITLE](/rest/overview/troubleshooting#insufficient-permissions-errors)"
- "[AUTOTITLE](/rest/overview/permissions-required-for-fine-grained-personal-access-tokens)"
- "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps)"
- [AUTOTITLE](/rest/overview/troubleshooting#insufficient-permissions-errors)
- [AUTOTITLE](/rest/overview/permissions-required-for-fine-grained-personal-access-tokens)
- [AUTOTITLE](/rest/overview/permissions-required-for-github-apps)
- heading: Audit logs
notes:
@@ -28,9 +28,9 @@ sections:
- |
The web interface for enterprise, organization, and user audit logs include an expandable view that displays the full audit log payload for each event. Administrators and users can see the same event metadata when searching the audit log in the web interface or via streaming. For more information, see the following articles.
- "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise)"
- "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)"
- "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)"
- [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise)
- [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)
- [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)
- heading: GitHub Advanced Security
notes:
@@ -38,17 +38,17 @@ sections:
- |
On an instance with GitHub Actions enabled, in repositories that use default setup for code scanning, the default setup configuration updates automatically if GitHub detects new languages. Users can view a repository's language configuration for default setup from the repository's "Code security and analysis" settings page. Additionally, users can view information about setup and debug failed languages from the tools status page. For more information, see the following articles.
- "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale#about-adding-languages-to-an-existing-default-setup-configuration)"
- "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)"
- "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page)"
- [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale#about-adding-languages-to-an-existing-default-setup-configuration)
- [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)
- [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page)
# https://github.com/github/releases/issues/3258
- |
On an instance with GitHub Actions enabled, default setup for code scanning at the organization level is now generally available. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale)" and "[AUTOTITLE](/rest/orgs/orgs?apiVersion=2022-11-28#enable-or-disable-a-security-feature-for-an-organization)" in the REST API documentation.
On an instance with GitHub Actions enabled, default setup for code scanning at the organization level is now generally available. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale) and [AUTOTITLE](/rest/orgs/orgs?apiVersion=2022-11-28#enable-or-disable-a-security-feature-for-an-organization) in the REST API documentation.
# https://github.com/github/releases/issues/3214
- |
On an instance with GitHub Actions enabled, during configuration of default setup for code scanning, users can select either the "Extended" or "Default" query suite for eligible repositories in an organization. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites)" and "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)."
On an instance with GitHub Actions enabled, during configuration of default setup for code scanning, users can select either the "Extended" or "Default" query suite for eligible repositories in an organization. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites) and [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
# https://github.com/github/releases/issues/2841
- |
@@ -56,39 +56,39 @@ sections:
# https://github.com/github/releases/issues/3283
- |
Code scanning default setup is available for Swift analysis with CodeQL. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically)."
Code scanning default setup is available for Swift analysis with CodeQL. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically).
# https://github.com/github/releases/issues/3355
- |
CodeQL 2.14.6 and later supports analysis of code written in Go 1.21. For more information, see "[Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/)" in the CodeQL documentation.
CodeQL 2.14.6 and later supports analysis of code written in Go 1.21. For more information, see [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation.
# https://github.com/github/releases/issues/3289
- |
With CodeQL model packs for Java, users can improve code scanning results by ensuring that any custom Java libraries and frameworks used by their codebase are recognized by CodeQL. For more information, see the following documentation.
- "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup)"
- "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-codeql-model-packs)"
- "[Using the CodeQL model editor](https://codeql.github.com/docs/codeql-for-visual-studio-code/using-the-codeql-model-editor)" in the CodeQL documentation
- [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup)
- [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-codeql-model-packs)
- [Using the CodeQL model editor](https://codeql.github.com/docs/codeql-for-visual-studio-code/using-the-codeql-model-editor) in the CodeQL documentation
# https://github.com/github/releases/issues/3110
- |
For instances with GitHub Connect configured, code scanning with CodeQL supports Java codebases that use [Project Lombok](https://projectlombok.org/). Previously, code scanning users were able to scan Java applications that contained Lombok code, but all the contents of files containing Lombok code were either skipped or users had to apply a workaround to prepare the applications for scanning. Lombok features will now be automatically scanned without requiring any workaround.
For more information about syncing the required GitHub Actions workflow to scan Lombok code, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions)."
For more information about syncing the required GitHub Actions workflow to scan Lombok code, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions).
# https://github.com/github/releases/issues/2920
- |
Push protection for secret scanning is now generally available. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
Push protection for secret scanning is now generally available. For more information, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).
# https://github.com/github/releases/issues/2649
# https://github.com/github/releases/issues/2866
# https://github.com/github/releases/issues/3196
- |
To prevent the leak of tokens where users work outside of code, secret scanning detects tokens in both new and historical issue titles, descriptions, and comments. When a new token type is added to secret scanning, GitHub Enterprise Server scans for matches automatically. This expanded coverage also detects and surfaces secrets that match any custom pattern defined at the repository, organization, or enterprise level. These secrets appear both in the web interface and in queries to the REST API. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)" and "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
To prevent the leak of tokens where users work outside of code, secret scanning detects tokens in both new and historical issue titles, descriptions, and comments. When a new token type is added to secret scanning, GitHub Enterprise Server scans for matches automatically. This expanded coverage also detects and surfaces secrets that match any custom pattern defined at the repository, organization, or enterprise level. These secrets appear both in the web interface and in queries to the REST API. For more information, see [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning) and [AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning).
# https://github.com/github/releases/issues/2868
- |
Users can view metrics associated with push protection usage across an organization. The overview shows a summary of blocks and bypasses, as well as more granular metrics. For more information, see "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)."
Users can view metrics associated with push protection usage across an organization. The overview shows a summary of blocks and bypasses, as well as more granular metrics. For more information, see [AUTOTITLE](/code-security/security-overview/assessing-code-security-risk).
# https://github.com/github/releases/issues/3291
- |
@@ -98,22 +98,22 @@ sections:
notes:
# https://github.com/github/releases/issues/2919
- |
For developers who manage Node.js dependencies using the pnpm package manager, pnpm is fully supported by dependency graph, Dependabot alerts, and Dependabot security updates. For more information about securing your supply chain with Dependabot, see "[AUTOTITLE](/code-security/dependabot)."
For developers who manage Node.js dependencies using the pnpm package manager, pnpm is fully supported by dependency graph, Dependabot alerts, and Dependabot security updates. For more information about securing your supply chain with Dependabot, see [AUTOTITLE](/code-security/dependabot).
# https://github.com/github/releases/issues/3171
- |
Developers can enforce policies related to vulnerabilities and licenses in pull requests for complex ecosystems with transitive dependencies like Gradle and Scala. Dependency review supports dependencies from the dependency submission API. For more information, see the following articles.
- "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together)"
- "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)"
- "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)"
- [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together)
- [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)
- [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)
# https://github.com/github/releases/issues/3268
# https://github.com/github/releases/issues/3362
# https://github.com/github/releases/issues/3363
# https://github.com/github/releases/issues/3364
- |
To control how Dependabot structures pull requests and improve mergeability, users can implement flexible grouping options in `dependabot.yml`. You can also control Dependabot's behavior for groups using comment commands. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups)" and "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)."
To control how Dependabot structures pull requests and improve mergeability, users can implement flexible grouping options in `dependabot.yml`. You can also control Dependabot's behavior for groups using comment commands. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups) and [AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands).
# https://github.com/github/releases/issues/3270
# https://github.com/github/releases/issues/3271
@@ -123,25 +123,25 @@ sections:
- Users can also configure scheduled updates for Swift dependencies using `dependabot.yml`.
- If users have used the REST API for dependency submission to upload Gradle dependencies to the dependency graph and receive Dependabot alerts for those dependencies, Dependabot will try to open a pull request to resolve security updates enabled for the repository.
For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)."
For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates).
# https://github.com/github/releases/issues/3287
- |
Responses from REST API endpoints for repositories display whether Dependabot security updates are enabled or disabled. Users can also enable or disable security updates for a repository using the REST API. For more information, see "[AUTOTITLE](/rest/repos/repos)" in the REST API documentation.
Responses from REST API endpoints for repositories display whether Dependabot security updates are enabled or disabled. Users can also enable or disable security updates for a repository using the REST API. For more information, see [AUTOTITLE](/rest/repos/repos) in the REST API documentation.
# https://github.com/github/releases/issues/3253
- |
When Dependabot is first enabled, GitHub will not send notifications for all vulnerable dependencies found in the repository, only for new vulnerable dependencies ifentified after Dependabot is enabled. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts)."
When Dependabot is first enabled, GitHub will not send notifications for all vulnerable dependencies found in the repository, only for new vulnerable dependencies ifentified after Dependabot is enabled. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts).
- heading: Code security
notes:
# https://github.com/github/releases/issues/3259
- |
To assess risks to code security and ensure adoption of features to improve code security, the "Security risk" and "Security coverage" pages for organizations and the entire instance are generally available. Additionally, the alert-centric pages for Dependabot, code scanning, and secret scanning are also now generally available. For more information, see "[Assessing your code security risk](/code-security/security-overview/assessing-code-security-risk)" and "[Assessing adoption of code security features](/code-security/security-overview/assessing-adoption-code-security)."
To assess risks to code security and ensure adoption of features to improve code security, the "Security risk" and "Security coverage" pages for organizations and the entire instance are generally available. Additionally, the alert-centric pages for Dependabot, code scanning, and secret scanning are also now generally available. For more information, see [Assessing your code security risk](/code-security/security-overview/assessing-code-security-risk) and [Assessing adoption of code security features](/code-security/security-overview/assessing-adoption-code-security).
# https://github.com/github/releases/issues/3126
- |
Users can take advantage of the [GitHub Advisory Database](https://github.com/advisories) using the REST API. The Advisory Database is a free, open-source list of actionable security advisories and CVEs. API responses include machine-readable mappings to the ecosystem, package name, and affected versions of impacted software. For more information, see "[AUTOTITLE](/rest/security-advisories/global-advisories)" in the REST API documentation.
Users can take advantage of the [GitHub Advisory Database](https://github.com/advisories) using the REST API. The Advisory Database is a free, open-source list of actionable security advisories and CVEs. API responses include machine-readable mappings to the ecosystem, package name, and affected versions of impacted software. For more information, see [AUTOTITLE](/rest/security-advisories/global-advisories) in the REST API documentation.
- heading: GitHub Actions
notes:
@@ -150,7 +150,7 @@ sections:
{% data reusables.actions.actions-runner-release-note %} [Updated: 2024-04-25]
# https://github.com/github/releases/issues/3247
- |
To better navigate, trace, understand, and monitor deployments, users can view and track the full history of deployments in a repository or filter across environments. For more information, see "[AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history)."
To better navigate, trace, understand, and monitor deployments, users can view and track the full history of deployments in a repository or filter across environments. For more information, see [AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history).
# https://github.com/github/releases/issues/3402
- |
@@ -159,53 +159,53 @@ sections:
- GitHub Enterprise Server blocks runs triggered from forks with branch names that match the protected branch's name.
- Tags with the same name as a protected branch cannot deploy to the environments with a branch protection configuration.
For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches)."
For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches).
# https://github.com/github/releases/issues/3489
- |
On an instance with GitHub Actions enabled and a configuration for deployment environments, administrators for environments can improve the security of deployments by enforcing a review by someone other than the person who triggered the run. This option prevents required reviewers from self-reviewing to trigger workflows. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#required-reviewers)."
On an instance with GitHub Actions enabled and a configuration for deployment environments, administrators for environments can improve the security of deployments by enforcing a review by someone other than the person who triggered the run. This option prevents required reviewers from self-reviewing to trigger workflows. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#required-reviewers).
- heading: Organizations
notes:
# https://github.com/github/releases/issues/3465
- |
Organization owners can signal that an organization is no longer actively maintained by archiving the organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/archiving-an-organization)."
Organization owners can signal that an organization is no longer actively maintained by archiving the organization. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/archiving-an-organization).
- heading: Repositories
notes:
# https://github.com/github/releases/issues/2926
- |
Users can govern protections for branches and tags in a repository using repository rules. To govern the protections for all of an organization's repositories, users can also enable rulesets for an organization. Contributors to a repository can see which rules apply via the web interface, Git, or the GitHub CLI. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets)."
Users can govern protections for branches and tags in a repository using repository rules. To govern the protections for all of an organization's repositories, users can also enable rulesets for an organization. Contributors to a repository can see which rules apply via the web interface, Git, or the GitHub CLI. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets).
# https://github.com/github/releases/issues/3081
- |
Users can create new repositories with predefined attributes using query parameters. For example, a user can create a URL that prepopulates information about the repository like the name, description, visibility, and more. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-new-repository#creating-a-new-repository-from-a-url-query)."
Users can create new repositories with predefined attributes using query parameters. For example, a user can create a URL that prepopulates information about the repository like the name, description, visibility, and more. For more information, see [AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-new-repository#creating-a-new-repository-from-a-url-query).
# https://github.com/github/releases/issues/2741
- |
Users can more easily understand changes to a repository using the activity view. For more information, see "[AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/using-the-activity-view-to-see-changes-to-a-repository)."
Users can more easily understand changes to a repository using the activity view. For more information, see [AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/using-the-activity-view-to-see-changes-to-a-repository).
- heading: Issues
notes:
# https://github.com/github/releases/issues/3324
- |
Users can automatically add a new issue to projects using a custom issue form by defining `projects` in the issue template. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms)."
Users can automatically add a new issue to projects using a custom issue form by defining `projects` in the issue template. For more information, see [AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms).
- heading: Projects
notes:
# https://github.com/github/releases/issues/3205
- |
Users can review items in a project view broken down by a certain field value. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-table-layout#slicing-by-field-values)."
Users can review items in a project view broken down by a certain field value. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-table-layout#slicing-by-field-values).
# https://github.com/github/releases/issues/3205
- |
Users can create charts to visualize current project items, or visualize project items over time. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/viewing-insights-from-your-project/about-insights-for-projects)."
Users can create charts to visualize current project items, or visualize project items over time. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/viewing-insights-from-your-project/about-insights-for-projects).
- heading: Accessibility
notes:
# https://github.com/github/releases/issues/3340
- |
To improve the visibility of links with blocks of text in the web interface for GitHub Enterprise Server, users can apply underline styling. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-accessibility-settings#managing-the-appearance-of-links)."
To improve the visibility of links with blocks of text in the web interface for GitHub Enterprise Server, users can apply underline styling. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-accessibility-settings#managing-the-appearance-of-links).
changes:
# https://github.com/github/releases/issues/3319
@@ -214,7 +214,7 @@ sections:
# https://github.com/github/ghes/issues/6613
- |
Configuration runs now correspond with a unique ID. During the run, the log remains at `/data/user/common/ghe-config.log`. After the run, the instance rotates the log's contents into `/data/user/config-apply/logs/YYYYMMDD/ghe-config.HOSTNAME.ID.log`, where YYYYMMDD is the date of the run, HOSTNAME is the hostname of the node, and ID is the ID of the run. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs#log-files-for-instance-configuration)."
Configuration runs now correspond with a unique ID. During the run, the log remains at `/data/user/common/ghe-config.log`. After the run, the instance rotates the log's contents into `/data/user/config-apply/logs/YYYYMMDD/ghe-config.HOSTNAME.ID.log`, where YYYYMMDD is the date of the run, HOSTNAME is the hostname of the node, and ID is the ID of the run. For more information, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs#log-files-for-instance-configuration).
# https://github.com/github/releases/issues/3403
- |
@@ -224,7 +224,7 @@ sections:
- `log_message`, `msg`, or `message` is now `Body`.
- `now` is now `Timestamp`.
- Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names.
- Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal)."
- Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal).
For a full list of mappings, download the OpenTelemetry attribute mapping CSV for GitHub Enterprise Server [3.9](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv), [3.10](/assets/ghes-3.10-opentelemetry-attribute-mappings.csv), and [3.11](/assets/ghes-3.11-opentelemetry-attribute-mappings.csv).
@@ -234,15 +234,15 @@ sections:
For more information about 2FA, see the following articles.
- "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization)"
- "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/sudo-mode)"
- "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-totp-mobile-app)"
- [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization)
- [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/sudo-mode)
- [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-totp-mobile-app)
# https://github.com/github/releases/issues/3327
- |
On an instance with a GitHub Advanced Security license, during analysis of Python projects with code scanning using CodeQL and an advanced setup, GitHub Enterprise Server would automatically install dependencies for the project. Due to improvements to CodeQL, GitHub Enterprise Server no longer needs to fetch these dependencies to analyze a codebase. To improve scan times for Python projects, automatic dependency installation is disabled.
If you configured code scanning with CodeQL via advanced setup to disable dependency installation, GitHub recommends setting `setup-python-dependencies` to `false` for the configuration. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#analyzing-python-dependencies)."
If you configured code scanning with CodeQL via advanced setup to disable dependency installation, GitHub recommends setting `setup-python-dependencies` to `false` for the configuration. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#analyzing-python-dependencies).
# https://github.com/github/releases/issues/3172
- |
@@ -250,7 +250,7 @@ sections:
# https://github.com/github/releases/issues/3284
- |
On an instance with GitHub Advanced Security, to help users more efficiently review and filter code scanning alerts at scale using the REST API, the `updated_at` field in API responses is improved. The `updated_at` timestamp now represents an alert's most recent state change on the branch that you requested. State changes include an alert being introduced, fixed, dismissed, reopened, or reintroduced. Previously, the `updated_at` timestamp changed frequently, whenever an alert was found in an analysis or the alert state changed. For more information about using the REST API to retrieve code scanning alerts, see "[AUTOTITLE](/rest/code-scanning/code-scanning?apiVersion=2022-11-28)" in the REST API documentation.
On an instance with GitHub Advanced Security, to help users more efficiently review and filter code scanning alerts at scale using the REST API, the `updated_at` field in API responses is improved. The `updated_at` timestamp now represents an alert's most recent state change on the branch that you requested. State changes include an alert being introduced, fixed, dismissed, reopened, or reintroduced. Previously, the `updated_at` timestamp changed frequently, whenever an alert was found in an analysis or the alert state changed. For more information about using the REST API to retrieve code scanning alerts, see [AUTOTITLE](/rest/code-scanning/code-scanning?apiVersion=2022-11-28) in the REST API documentation.
# https://github.com/github/releases/issues/2874
- |
@@ -260,7 +260,7 @@ sections:
- Dependency licenses are displayed.
- Dependabot alerts appear for dependencies, sorted by severity, and link to the Dependabot alerts and the Dependabot update pull request where applicable.
For more information about the dependency graph, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."
For more information about the dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
# https://github.com/github/releases/issues/3253
- |
@@ -270,14 +270,14 @@ sections:
- |
On an instance with GitHub Actions enabled, workflows that use Node.js 16 or earlier will log a warning. Node.js 16 has been end-of-life since [September 2023](https://github.com/nodejs/Release/#end-of-life-releases).
- Workflow authors should update actions to run on Node.js 20. For more information, see "[AUTOTITLE](/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions)."
- Users with workflows that use Node.js should specify Node.js 20 or later in the workflows using versioned actions. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#example-using-versioned-actions)."
- Workflow authors should update actions to run on Node.js 20. For more information, see [AUTOTITLE](/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions).
- Users with workflows that use Node.js should specify Node.js 20 or later in the workflows using versioned actions. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#example-using-versioned-actions).
[Updated: 2024-03-05]
# https://github.com/github/releases/issues/3500
- |
On an instance with GitHub Actions enabled and runners using GitHub Actions Runner 2.309.0 or later, users can no longer use `GITHUB_ENV` to set the `NODE_OPTIONS` environment variable in workflows. Workflows that set `NODE_OPTIONS` as an environment variable will now log the following error. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable)" and the [v2.309.0 release](https://github.com/actions/runner/releases/tag/v2.309.0) in the actions/runner repository on GitHub.com.
On an instance with GitHub Actions enabled and runners using GitHub Actions Runner 2.309.0 or later, users can no longer use `GITHUB_ENV` to set the `NODE_OPTIONS` environment variable in workflows. Workflows that set `NODE_OPTIONS` as an environment variable will now log the following error. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable) and the [v2.309.0 release](https://github.com/actions/runner/releases/tag/v2.309.0) in the actions/runner repository on GitHub.com.
```shell
Can't store NODE_OPTIONS output parameter using '$GITHUB_ENV' command.
@@ -289,7 +289,7 @@ sections:
# https://github.com/github/releases/issues/3219
- |
Users can break out items in a project by workstreams, team members, priorities, or other groupings using a swimlane view. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#grouping-by-field-values)."
Users can break out items in a project by workstreams, team members, priorities, or other groupings using a swimlane view. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#grouping-by-field-values).
# https://github.com/github/releases/issues/3262
- |
@@ -315,7 +315,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
@@ -346,7 +346,7 @@ sections:
- heading: Enterprise-level security overview is deprecated
notes:
- |
The enterprise-level "Security overview" page is deprecated in favor of the new "Security risk" and "Security coverage" pages. For more information, see "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)" and "[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security)."
The enterprise-level "Security overview" page is deprecated in favor of the new "Security risk" and "Security coverage" pages. For more information, see [AUTOTITLE](/code-security/security-overview/assessing-code-security-risk) and [AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security).
# https://github.com/github/releases/issues/2605
- heading: Dependabot updates no longer support Python 3.6 or 3.7
@@ -356,13 +356,13 @@ sections:
Users will continue to receive Dependabot alerts for dependencies with known vulnerabilities. To resolve these alerts, users can manually upgrade the affected package.
For more information about Python releases, see [Status of Python versions](https://devguide.python.org/versions) on the Python website. For more information about supported package managers for Dependabot, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)."
For more information about Python releases, see [Status of Python versions](https://devguide.python.org/versions) on the Python website. For more information about supported package managers for Dependabot, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems).
# https://github.com/github/releases/issues/2605
- heading: Upcoming deprecation of team discussions
notes:
- |
GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.11, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." [Updated: 2024-03-04]
GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.11, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see [AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions) and [AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions). [Updated: 2024-03-04]
# https://github.com/github/docs-content/issues/14995
- heading: Elasticsearch index `repository-stack` is no longer in use
@@ -371,4 +371,4 @@ sections:
The Elasticsearch index `repository-stacks` is no longer in use. [Updated: 2024-06-24]
errata:
- 'The "[Changes](/admin/release-notes#3.11.0-changes)" section previously indicated that users should update GitHub Actions workflows and actions to run on Node.js 16. Node.js 16 has reached end of life, and users should instead update actions and workflows to run on Node.js 20 or later. [Updated: 2024-03-05]'
- 'The [Changes](/admin/release-notes#3.11.0-changes) section previously indicated that users should update GitHub Actions workflows and actions to run on Node.js 16. Node.js 16 has reached end of life, and users should instead update actions and workflows to run on Node.js 20 or later. [Updated: 2024-03-05]'

10
data/release-notes/enterprise-server/3-11/1.yml
View File

@@ -2,13 +2,13 @@ date: '2023-12-21'
intro: |
{% warning %}
**Warning**: Hotpatch upgrades from GitHub Enterprise Server version `3.11.0` to `3.11.1` will result in the instance losing network connectivity after a reboot. We have removed the hotpatch upgrade package for the `3.11.1` version of GitHub Enterprise Server to ensure this upgrade path is not executed accidentally. Before you upgrade, please make sure you have read the "[Known issues](#3.11.1-known-issues)" section of these release notes.
**Warning**: Hotpatch upgrades from GitHub Enterprise Server version `3.11.0` to `3.11.1` will result in the instance losing network connectivity after a reboot. We have removed the hotpatch upgrade package for the `3.11.1` version of GitHub Enterprise Server to ensure this upgrade path is not executed accidentally. Before you upgrade, please make sure you have read the [Known issues](#3.11.1-known-issues) section of these release notes.
{% endwarning %}
sections:
security_fixes:
- |
**HIGH**: An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of private mode by using a specially crafted API request. Private mode is the mechanism that enforces authentication for publicly-scoped resources. For more information, see "[AUTOTITLE](/admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode)."
**HIGH**: An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of private mode by using a specially crafted API request. Private mode is the mechanism that enforces authentication for publicly-scoped resources. For more information, see [AUTOTITLE](/admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode).
This vulnerability would allow unauthenticated attackers to gain access to various types of resources set as public on the instance. To exploit this vulnerability, an attacker would need network access to the GitHub Enterprise Server instance configured in private mode. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-6847](https://www.cve.org/cverecord?id=CVE-2023-6847).
- |
@@ -32,7 +32,7 @@ sections:
- |
**MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be read with an improperly scoped token. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51380](https://www.cve.org/CVERecord?id=CVE-2023-51380).
- |
**LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)."
**LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see [AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps).
- |
To address scenarios that could lead to denial of service, HAProxy has been upgraded to version 2.8.4.
- |
@@ -89,7 +89,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
@@ -122,4 +122,4 @@ sections:
- |
To allow users to render interactive maps in an instance's web UI by writing GeoJSON or TopoJSON syntax, GitHub Enterprise Server previously required a potentially unsecure API key for authentication with Azure Maps. If an administrator previously enabled interactive maps on an instance, the feature is disabled upon upgrade to this release.
To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)" and the security fixes for this release.
To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see [AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps) and the security fixes for this release.

4
data/release-notes/enterprise-server/3-11/10.yml
View File

@@ -6,14 +6,14 @@ sections:
Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO or utilizing SAML SSO authentication without encrypted assertions are not impacted. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. GitHub has requested CVE ID [CVE-2024-4985](https://nvd.nist.gov/vuln/detail/CVE-2024-4985) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)" and "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions)."
For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise) and [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions).
known_issues:
- |
Custom firewall rules are removed during the upgrade process.
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

2
data/release-notes/enterprise-server/3-11/11.yml
View File

@@ -16,7 +16,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

2
data/release-notes/enterprise-server/3-11/13.yml
View File

@@ -132,7 +132,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

2
data/release-notes/enterprise-server/3-11/14.yml
View File

@@ -66,7 +66,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

2
data/release-notes/enterprise-server/3-11/15.yml
View File

@@ -43,7 +43,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- |

2
data/release-notes/enterprise-server/3-11/16.yml
View File

@@ -29,7 +29,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- |

4
data/release-notes/enterprise-server/3-11/17.yml
View File

@@ -23,7 +23,7 @@ sections:
- |
Restoring Git repositories using `backup-utils` occasionally failed.
- |
Some customers upgrading from 3.11 to 3.13 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read "[Undecryptable records](/enterprise-server@3.13/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records)."
Some customers upgrading from 3.11 to 3.13 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read [Undecryptable records](/enterprise-server@3.13/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records).
changes:
- |
For instances deployed on AWS, the default settings for Chrony NTP synchronization have been aligned with AWS's suggested default configurations.
@@ -33,7 +33,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- |

4
data/release-notes/enterprise-server/3-11/18.yml
View File

@@ -14,7 +14,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- |
@@ -42,4 +42,4 @@ sections:
- |
Attempting to stop replications after stopping GitHub Actions on a GitHub Enterprise Server instance would fail, reporting that MSSQL was not responding. The can be avoided by start MSSQL prior to stopping replication `/usr/local/share/enterprise/ghe-nomad-jobs queue /etc/nomad-jobs/mssql/mssql.hcl`
- |
Some customers upgrading from 3.11.x or 3.12.x may experience a bug with the feature "Automatic update checks", filling the root disk with logs causing a system degradation. To prevent this, you can turn off the feature "[Enable automatic update check](/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks#enabling-automatic-update-checks)" in the management console.
Some customers upgrading from 3.11.x or 3.12.x may experience a bug with the feature "Automatic update checks", filling the root disk with logs causing a system degradation. To prevent this, you can turn off the feature [Enable automatic update check](/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks#enabling-automatic-update-checks) in the management console.

4
data/release-notes/enterprise-server/3-11/2.yml
View File

@@ -8,7 +8,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
@@ -37,4 +37,4 @@ sections:
{% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
errata:
- |
"[Known issues](/admin/release-notes#3.11.2-known-issues)" incorrectly indicated that an upgrade to GitHub Enterprise Server 3.11 may fail. This issue does not impact GitHub Enterprise Server instances when upgrading to version 3.11.1 or later. [Updated: 2024-01-26]
[Known issues](/admin/release-notes#3.11.2-known-issues) incorrectly indicated that an upgrade to GitHub Enterprise Server 3.11 may fail. This issue does not impact GitHub Enterprise Server instances when upgrading to version 3.11.1 or later. [Updated: 2024-01-26]

2
data/release-notes/enterprise-server/3-11/3.yml
View File

@@ -29,7 +29,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

2
data/release-notes/enterprise-server/3-11/4.yml
View File

@@ -13,7 +13,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

2
data/release-notes/enterprise-server/3-11/5.yml
View File

@@ -49,7 +49,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

2
data/release-notes/enterprise-server/3-11/6.yml
View File

@@ -17,7 +17,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

6
data/release-notes/enterprise-server/3-11/7.yml
View File

@@ -60,9 +60,9 @@ sections:
- |
On an instance with a GitHub Advanced Security license, in some cases, when a user deleted a custom pattern for secret scanning, GitHub Enterprise Server failed to close or delete the patterns alerts.
- |
On an instance in a cluster configuration, MySQL replica nodes can be configured to skip database seeding. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding)."
On an instance in a cluster configuration, MySQL replica nodes can be configured to skip database seeding. For more information, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding).
- |
The payload for the `push` webhook event is now limited to 2,048 commits. If there are more than 2,048 commits in a push, the payload for the push webhook will not contain serialized diff information for each commit. If you need to fetch commit information, you can use the Commits endpoints of the REST API. For more information, see "[AUTOTITLE](/webhooks/webhook-events-and-payloads#push)" and "[AUTOTITLE](/rest/commits)."
The payload for the `push` webhook event is now limited to 2,048 commits. If there are more than 2,048 commits in a push, the payload for the push webhook will not contain serialized diff information for each commit. If you need to fetch commit information, you can use the Commits endpoints of the REST API. For more information, see [AUTOTITLE](/webhooks/webhook-events-and-payloads#push) and [AUTOTITLE](/rest/commits).
- |
Organizations using projects (classic) returned an error log about a soon-to-be deprecated MySQL feature when viewing a project.
known_issues:
@@ -71,7 +71,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

4
data/release-notes/enterprise-server/3-11/8.yml
View File

@@ -21,7 +21,7 @@ sections:
- |
On an instance in a cluster configuration with high availability replication enabled, Git operations for existing repositories would fail after failover to the replica cluster.
- |
On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover. The `ghe-cluster-failover` command has been updated to block access from the old cluster, and four new command-line utilities have been introduced to manually block IP addresses: `ghe-cluster-block-ips`, `ghe-cluster-block-ip`, `ghe-cluster-unblock-ips`, and `ghe-cluster-unblock-ip`. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-failover)." [Updated: 2024-05-01]
On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover. The `ghe-cluster-failover` command has been updated to block access from the old cluster, and four new command-line utilities have been introduced to manually block IP addresses: `ghe-cluster-block-ips`, `ghe-cluster-block-ip`, `ghe-cluster-unblock-ips`, and `ghe-cluster-unblock-ip`. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-failover). [Updated: 2024-05-01]
- |
A Redis job had a memory limit that was too low in some cases, leading the process to run out of memory.
- |
@@ -65,7 +65,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

4
data/release-notes/enterprise-server/3-11/9.yml
View File

@@ -30,14 +30,14 @@ sections:
- |
A more specific error message is shown when the `ghe-repl-node` command is run on an instance not configured for high availability.
- |
The SCIM private beta has resumed with support from GitHub engineering in GitHub Enterprise Server version 3.11 and later. Site administrators can provision users and groups on a GitHub Enterprise Server instance automatically with SCIM. SCIM for GitHub Enterprise Server is in private beta and subject to change. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise)" and "[AUTOTITLE](/rest/enterprise-admin/scim)" in the REST API documentation.
The SCIM private beta has resumed with support from GitHub engineering in GitHub Enterprise Server version 3.11 and later. Site administrators can provision users and groups on a GitHub Enterprise Server instance automatically with SCIM. SCIM for GitHub Enterprise Server is in private beta and subject to change. For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise) and [AUTOTITLE](/rest/enterprise-admin/scim) in the REST API documentation.
known_issues:
- |
Custom firewall rules are removed during the upgrade process.
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

54
data/release-notes/enterprise-server/3-12/0-rc1.yml
View File

@@ -8,25 +8,25 @@ intro: |
{% endnote %}
For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server).
sections:
features:
- heading: Instance administration
notes:
# https://github.com/github/releases/issues/3542
- |
To ensure an instance's readiness for an upgrade to a new feature release of GitHub Enterprise Server, administrators can ensure that background tasks from a previous upgrade are complete using the `ghe-check-background-upgrade-jobs` command-line utility. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package#upgrading-a-standalone-instance-using-an-upgrade-package)" and "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-check-background-upgrade-jobs)."
To ensure an instance's readiness for an upgrade to a new feature release of GitHub Enterprise Server, administrators can ensure that background tasks from a previous upgrade are complete using the `ghe-check-background-upgrade-jobs` command-line utility. For more information, see [AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package#upgrading-a-standalone-instance-using-an-upgrade-package) and [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-check-background-upgrade-jobs).
# https://github.com/github/releases/issues/3531
- |
When backing up an instance in a cluster configuration using GitHub Enterprise Server Backup Utilities, the pre-flight routine includes a health check for all nodes and notifies administrators of any issues before the backup begins.
# https://github.com/github/releases/issues/3659
- |
The REST API's `/manage/v1` endpoints have been expanded to include all the same operations as the `/setup/api` endpoints. The `/setup/api` endpoints will be deprecated in a future release of GitHub Enterprise Server. For more information, see the following articles in the REST API documentation.
- "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)"
- "[AUTOTITLE](/rest/enterprise-admin/management-console)"
- [AUTOTITLE](/rest/enterprise-admin/manage-ghes)
- [AUTOTITLE](/rest/enterprise-admin/management-console)
# https://github.com/github/releases/issues/3676
- |
On an instance in a cluster configuration, administrators can use the `ghe-remove-node` command-line utility to remove a node from a cluster. This command evacuates data from the node's data services, marks the node as offline, and stops traffic being routed to the node, replacing the manual steps previously required to remove a node. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-remove-node)." [Updated: 2024-02-28]
On an instance in a cluster configuration, administrators can use the `ghe-remove-node` command-line utility to remove a node from a cluster. This command evacuates data from the node's data services, marks the node as offline, and stops traffic being routed to the node, replacing the manual steps previously required to remove a node. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-remove-node). [Updated: 2024-02-28]
- heading: Authentication
notes:
@@ -38,13 +38,13 @@ sections:
notes:
# https://github.com/github/releases/issues/3597
- |
The GitHub Advanced Security billing REST API and CSV download includes the email addresses for active committers. This provides information for insights into Advanced Security license usage across your business. For more information, see "[AUTOTITLE](/rest/enterprise-admin/billing)" and "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage#downloading-github-advanced-security-license-usage-information)".
The GitHub Advanced Security billing REST API and CSV download includes the email addresses for active committers. This provides information for insights into Advanced Security license usage across your business. For more information, see [AUTOTITLE](/rest/enterprise-admin/billing) and [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage#downloading-github-advanced-security-license-usage-information).
# https://github.com/github/releases/issues/3285
- |
To make it easier for users to secure repositories, default setup for code scanning automatically attempts to analyze all languages supported by CodeQL. Users no longer need to manually include analysis of C, C++, C#, Java, or Kotlin when enabling default setup, and organization owners and security managers can enable analysis of these languages for multiple repositories in an organization. For more information about the languages and versions supported by CodeQL and code scanning, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" and "[Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/)" in the CodeQL documentation.
To make it easier for users to secure repositories, default setup for code scanning automatically attempts to analyze all languages supported by CodeQL. Users no longer need to manually include analysis of C, C++, C#, Java, or Kotlin when enabling default setup, and organization owners and security managers can enable analysis of these languages for multiple repositories in an organization. For more information about the languages and versions supported by CodeQL and code scanning, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning) and [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation.
# https://github.com/github/releases/issues/3569
- |
Customers who use both GitHub Enterprise Server and GitHub Enterprise Cloud can ensure license usage for GitHub Advanced Security is calculated correctly by synchronizing license usage across deployments. Synchronization can be performed automatically, using GitHub Connect, or manually, using an export file. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)."
Customers who use both GitHub Enterprise Server and GitHub Enterprise Cloud can ensure license usage for GitHub Advanced Security is calculated correctly by synchronizing license usage across deployments. Synchronization can be performed automatically, using GitHub Connect, or manually, using an export file. For more information, see [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud).
# https://github.com/github/releases/issues/3680
- |
For code scanning, this release of GitHub Enterprise Server uses version 2.15.5 of CodeQL by default. This version of CodeQL includes more up-to-date support for various languages, including C# 12, .NET 8, TypeScript 5.3, Java 21, and Python 3.12. For more information, see the [changelog for CodeQL 2.15.5](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.15.5/) in the CodeQL documentation.
@@ -53,74 +53,74 @@ sections:
Code scanning with CodeQL has improved support for detecting vulnerabilities in C and C++ code, with queries available for detecting common memory-corruption vulnerabilities. These queries are in beta and subject to change. For more information, see [ICYMI: improved C++ vulnerability coverage and CodeQL support for Lombok](https://github.blog/2023-10-19-icymi-improved-c-vulnerability-coverage-and-codeql-support-for-lombok/#improved-c-vulnerability-coverage) on the GitHub Blog.
# https://github.com/github/releases/issues/3512
- |
For repositories migrated to GitHub Enterprise Server from other platforms, to calculate active committers for GitHub Advanced Security license usage, GitHub only considers commits made after the migration date. Previously, historic commits were included in the calculation, and users needed to intervene manually to avoid consuming licenses unnecessarily. For more information, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."
For repositories migrated to GitHub Enterprise Server from other platforms, to calculate active committers for GitHub Advanced Security license usage, GitHub only considers commits made after the migration date. Previously, historic commits were included in the calculation, and users needed to intervene manually to avoid consuming licenses unnecessarily. For more information, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
# https://github.com/github/releases/issues/3310
- |
To make the language overview on the tool status page more informative, users can directly specify `Kotlin`, `C`, and `TypeScript` as languages to be analyzed using the `language` property of a `codeql.yml` file. For example: `language: [ 'kotlin' ]`. These languages were already supported by CodeQL, but were previously treated as being part of the `Java`, `CPP`, and `JavaScript` languages respectively.
# https://github.com/github/releases/issues/3119
- |
To increase the coverage of secret scanning without needing to maintain custom patterns, users can configure secret scanning to detect non-provider patterns. Non-provider patterns are patterns such as private keys that tend to have a higher rate of false positives than high-confidence patterns. GitHub displays non-provider alerts in a different list from high-confidence alerts, making triaging a better experience for users. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#managing-alerts-from-non-provider-patterns)."
To increase the coverage of secret scanning without needing to maintain custom patterns, users can configure secret scanning to detect non-provider patterns. Non-provider patterns are patterns such as private keys that tend to have a higher rate of false positives than high-confidence patterns. GitHub displays non-provider alerts in a different list from high-confidence alerts, making triaging a better experience for users. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#managing-alerts-from-non-provider-patterns).
- heading: Dependabot
notes:
# https://github.com/github/releases/issues/3458
- |
To debug issues with Dependabot, users can view logs for Dependabot job runs associated with version updates, security updates, and rebase updates. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/viewing-dependabot-job-logs)."
To debug issues with Dependabot, users can view logs for Dependabot job runs associated with version updates, security updates, and rebase updates. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/viewing-dependabot-job-logs).
# https://github.com/github/releases/issues/3091
- |
Users can choose how to respond to Dependabot alerts automatically by setting up custom auto-triage rules in repositories or organizations. Auto-triage rules provide control over whether an alert is ignored, is snoozed, or triggers a pull request for a security update. Users can also use a rule created by GitHub to automatically dismiss low-impact issues in npm dependencies. Auto-triage rules are in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules)."
Users can choose how to respond to Dependabot alerts automatically by setting up custom auto-triage rules in repositories or organizations. Auto-triage rules provide control over whether an alert is ignored, is snoozed, or triggers a pull request for a security update. Users can also use a rule created by GitHub to automatically dismiss low-impact issues in npm dependencies. Auto-triage rules are in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules).
# https://github.com/github/releases/issues/3615
- |
Dependabot version updates have improved support for dependencies in NuGet, the package manager for .NET. Improvements include better support for implicit dependencies and peer dependencies. For more information about supported package managers, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)."
Dependabot version updates have improved support for dependencies in NuGet, the package manager for .NET. Improvements include better support for implicit dependencies and peer dependencies. For more information about supported package managers, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems).
- heading: GitHub Actions
notes:
# https://github.com/github/releases/issues/3227
- |
Users can set up organization-wide rules to enforce their CI/CD workflows, ensuring workflows pass before pull requests can be merged into target repositories. You can fine-tune your rule by selecting a specific branch, tag, or SHA, and provide maximum control over the version expected to run. To reduce risk, you can "evaluate" workflow rules to validate rules are working correctly. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets#require-workflows-to-pass-before-merging)".
Users can set up organization-wide rules to enforce their CI/CD workflows, ensuring workflows pass before pull requests can be merged into target repositories. You can fine-tune your rule by selecting a specific branch, tag, or SHA, and provide maximum control over the version expected to run. To reduce risk, you can "evaluate" workflow rules to validate rules are working correctly. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets#require-workflows-to-pass-before-merging).
# https://github.com/github/releases/issues/3417
- |
GitHub Actions developers can use GitHub Actions Importer to plan, forecast, and automate the migration of existing CI/CD pipelines from Bamboo Server, Bamboo Data Center, and Bitbucket. Developers can migrate their Bamboo and Bitbucket pipelines to GitHub Actions using the GitHub CLI or IssueOps. For more information, see "[AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer)" and "[AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bamboo-with-github-actions-importer)".
GitHub Actions developers can use GitHub Actions Importer to plan, forecast, and automate the migration of existing CI/CD pipelines from Bamboo Server, Bamboo Data Center, and Bitbucket. Developers can migrate their Bamboo and Bitbucket pipelines to GitHub Actions using the GitHub CLI or IssueOps. For more information, see [AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer) and [AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bamboo-with-github-actions-importer).
# https://github.com/github/releases/issues/3508
- |
Actions environments support defining selected tag patterns to restrict deployments. Administrators who want to have more secure and controlled deployments can specify selected tags or tag patterns on their protected environments. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches)".
Actions environments support defining selected tag patterns to restrict deployments. Administrators who want to have more secure and controlled deployments can specify selected tags or tag patterns on their protected environments. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches).
- heading: Community experience
notes:
# https://github.com/github/releases/issues/3529
- |
To tailor information to users' needs, users are prompted to sign in to access the [GitHub Support](https://support.github.com/) portal. For customers with an enterprise account on GitHub.com, we encourage users to sign in to an account with support privileges for the enterprise. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise)." Users who cannot sign in to an account on GitHub.com can still access the portal by verifying an email address.
To tailor information to users' needs, users are prompted to sign in to access the [GitHub Support](https://support.github.com/) portal. For customers with an enterprise account on GitHub.com, we encourage users to sign in to an account with support privileges for the enterprise. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise). Users who cannot sign in to an account on GitHub.com can still access the portal by verifying an email address.
# https://github.com/github/releases/issues/3605
- |
To help users find answers to their questions more quickly, GitHub Copilot is integrated into GitHub Support. Users can choose to chat with Copilot instead of creating a ticket on the "[Get help with GitHub](https://support.github.com/contact)" contact form. Copilot has been trained on the GitHub Enterprise Server documentation on GitHub Docs. This feature is in public beta and subject to change.
To help users find answers to their questions more quickly, GitHub Copilot is integrated into GitHub Support. Users can choose to chat with Copilot instead of creating a ticket on the [Get help with GitHub](https://support.github.com/contact) contact form. Copilot has been trained on the GitHub Enterprise Server documentation on GitHub Docs. This feature is in public beta and subject to change.
- heading: Projects
notes:
# https://github.com/github/releases/issues/2930
- |
Project templates for organizations are generally available. Users in an organization can create a template to share a pre-configured project with other people in your organization as the base for their projects. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization)".
Project templates for organizations are generally available. Users in an organization can create a template to share a pre-configured project with other people in your organization as the base for their projects. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization).
# https://github.com/github/releases/issues/3549
- |
Users can access Projects from from the global navigation menu. This page can be used to find projects you've recently viewed or created, regardless of the organization or where they are located. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/finding-your-projects)".
Users can access Projects from from the global navigation menu. This page can be used to find projects you've recently viewed or created, regardless of the organization or where they are located. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/finding-your-projects).
- heading: GitHub Discussions
notes:
# https://github.com/github/releases/issues/3475
- |
Users can filter for answered or unanswered discussions with the GraphQL API by using the `answered` property. For more information, see "[AUTOTITLE](/graphql/guides/using-the-graphql-api-for-discussions)."
Users can filter for answered or unanswered discussions with the GraphQL API by using the `answered` property. For more information, see [AUTOTITLE](/graphql/guides/using-the-graphql-api-for-discussions).
- heading: Pull requests
notes:
# https://github.com/github/releases/issues/3140
- |
Users can merge pull requests without needing to wait for status checks to pass by adding a pull request to a merge queue. The merge queue ensures that the changes in the pull request will pass all required status checks when applied to the latest version of the target branch. A pull request is merged automatically once it reaches the front of the queue. This feature is particularly useful on branches where pull requests are merged frequently. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue)."
Users can merge pull requests without needing to wait for status checks to pass by adding a pull request to a merge queue. The merge queue ensures that the changes in the pull request will pass all required status checks when applied to the latest version of the target branch. A pull request is merged automatically once it reaches the front of the queue. This feature is particularly useful on branches where pull requests are merged frequently. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue).
- heading: Markdown
notes:
# https://github.com/github/releases/issues/2339
- |
Users can highlight information using Markdown alerts. Alerts are displayed with distinctive colors and icons, and include notes, tips, warnings, and more. For more information, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#alerts)."
Users can highlight information using Markdown alerts. Alerts are displayed with distinctive colors and icons, and include notes, tips, warnings, and more. For more information, see [AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#alerts).
- heading: Accessibility
notes:
@@ -146,7 +146,7 @@ sections:
- `log_message`, `msg`, or `message` is now `Body`.
- `now` is now `Timestamp`.
- Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names.
- Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal)."
- Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal).
For a full list of mappings, download the OpenTelemetry attribute mapping CSV for GitHub Enterprise Server [3.9](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv), [3.10](/assets/ghes-3.10-opentelemetry-attribute-mappings.csv), [3.11](/assets/ghes-3.11-opentelemetry-attribute-mappings.csv), and [3.12](/assets/ghes-3-12-opentelemetry-attribute-mappings.csv).
@@ -155,7 +155,7 @@ sections:
On an instance with GitHub Advanced Security and code scanning enabled, the bot that posts comments and annotations for code scanning alerts on pull requests has been renamed from `github-code-scanning` to `github-advanced-security`.
# https://github.com/github/releases/issues/3561
- |
The REST API's `/rate_limit` endpoint is now subject to rate limits. Requests will not consume the primary rate limit quotas for the authenticated user. However, making a very high number of requests in a short period of time will trigger the secondary rate limits if secondary rate limits are enabled on your instance. For more information, see "[AUTOTITLE](/rest/rate-limit/rate-limit)" in the REST API documentation and "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-rate-limits)."
The REST API's `/rate_limit` endpoint is now subject to rate limits. Requests will not consume the primary rate limit quotas for the authenticated user. However, making a very high number of requests in a short period of time will trigger the secondary rate limits if secondary rate limits are enabled on your instance. For more information, see [AUTOTITLE](/rest/rate-limit/rate-limit) in the REST API documentation and [AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-rate-limits).
known_issues:
- |
@@ -163,7 +163,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
@@ -184,4 +184,4 @@ sections:
- heading: Upcoming deprecation of team discussions
notes:
- |
GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.12, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." [Updated: 2024-03-04]
GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.12, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see [AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions) and [AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions). [Updated: 2024-03-04]

54
data/release-notes/enterprise-server/3-12/0.yml
View File

@@ -2,7 +2,7 @@ date: '2024-03-05'
release_candidate: false
deprecated: false
intro: |
For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server).
sections:
features:
@@ -10,18 +10,18 @@ sections:
notes:
# https://github.com/github/releases/issues/3542
- |
To ensure an instance's readiness for an upgrade to a new feature release of GitHub Enterprise Server, administrators can ensure that background tasks from a previous upgrade are complete using the `ghe-check-background-upgrade-jobs` command-line utility. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package#upgrading-a-standalone-instance-using-an-upgrade-package)" and "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-check-background-upgrade-jobs)."
To ensure an instance's readiness for an upgrade to a new feature release of GitHub Enterprise Server, administrators can ensure that background tasks from a previous upgrade are complete using the `ghe-check-background-upgrade-jobs` command-line utility. For more information, see [AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package#upgrading-a-standalone-instance-using-an-upgrade-package) and [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-check-background-upgrade-jobs).
# https://github.com/github/releases/issues/3531
- |
When backing up an instance in a cluster configuration using GitHub Enterprise Server Backup Utilities, the pre-flight routine includes a health check for all nodes and notifies administrators of any issues before the backup begins.
# https://github.com/github/releases/issues/3659
- |
The REST API's `/manage/v1` endpoints have been expanded to include all the same operations as the `/setup/api` endpoints. The `/setup/api` endpoints will be deprecated in a future release of GitHub Enterprise Server. For more information, see the following articles in the REST API documentation.
- "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)"
- "[AUTOTITLE](/rest/enterprise-admin/management-console)"
- [AUTOTITLE](/rest/enterprise-admin/manage-ghes)
- [AUTOTITLE](/rest/enterprise-admin/management-console)
# https://github.com/github/releases/issues/3676
- |
On an instance in a cluster configuration, administrators can use the `ghe-remove-node` command-line utility to remove a node from a cluster. This command evacuates data from the node's data services, marks the node as offline, and stops traffic being routed to the node, replacing the manual steps previously required to remove a node. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-remove-node)." [Updated: 2024-02-28]
On an instance in a cluster configuration, administrators can use the `ghe-remove-node` command-line utility to remove a node from a cluster. This command evacuates data from the node's data services, marks the node as offline, and stops traffic being routed to the node, replacing the manual steps previously required to remove a node. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-remove-node). [Updated: 2024-02-28]
# https://github.com/github/releases/issues/3802
- |
On an instance in a cluster configuration, administrators can more easily configure or tear down a high availability replica of the cluster. For more information, see the documentation for the following utilities in the "Command-line utilities" article:
@@ -41,13 +41,13 @@ sections:
notes:
# https://github.com/github/releases/issues/3597
- |
The GitHub Advanced Security billing REST API and CSV download includes the email addresses for active committers. This provides information for insights into Advanced Security license usage across your business. For more information, see "[AUTOTITLE](/rest/enterprise-admin/billing)" and "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage#downloading-github-advanced-security-license-usage-information)".
The GitHub Advanced Security billing REST API and CSV download includes the email addresses for active committers. This provides information for insights into Advanced Security license usage across your business. For more information, see [AUTOTITLE](/rest/enterprise-admin/billing) and [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage#downloading-github-advanced-security-license-usage-information).
# https://github.com/github/releases/issues/3285
- |
To make it easier for users to secure repositories, default setup for code scanning automatically attempts to analyze all languages supported by CodeQL. Users no longer need to manually include analysis of C, C++, C#, Java, or Kotlin when enabling default setup, and organization owners and security managers can enable analysis of these languages for multiple repositories in an organization. For more information about the languages and versions supported by CodeQL and code scanning, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" and "[Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/)" in the CodeQL documentation.
To make it easier for users to secure repositories, default setup for code scanning automatically attempts to analyze all languages supported by CodeQL. Users no longer need to manually include analysis of C, C++, C#, Java, or Kotlin when enabling default setup, and organization owners and security managers can enable analysis of these languages for multiple repositories in an organization. For more information about the languages and versions supported by CodeQL and code scanning, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning) and [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation.
# https://github.com/github/releases/issues/3569
- |
Customers who use both GitHub Enterprise Server and GitHub Enterprise Cloud can ensure license usage for GitHub Advanced Security is calculated correctly by synchronizing license usage across deployments. Synchronization can be performed automatically, using GitHub Connect, or manually, using an export file. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)."
Customers who use both GitHub Enterprise Server and GitHub Enterprise Cloud can ensure license usage for GitHub Advanced Security is calculated correctly by synchronizing license usage across deployments. Synchronization can be performed automatically, using GitHub Connect, or manually, using an export file. For more information, see [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud).
# https://github.com/github/releases/issues/3680
- |
For code scanning, this release of GitHub Enterprise Server uses version 2.15.5 of CodeQL by default. This version of CodeQL includes more up-to-date support for various languages, including C# 12, .NET 8, TypeScript 5.3, Java 21, and Python 3.12. For more information, see the [changelog for CodeQL 2.15.5](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.15.5/) in the CodeQL documentation.
@@ -56,25 +56,25 @@ sections:
Code scanning with CodeQL has improved support for detecting vulnerabilities in C and C++ code, with queries available for detecting common memory-corruption vulnerabilities. These queries are in beta and subject to change. For more information, see [ICYMI: improved C++ vulnerability coverage and CodeQL support for Lombok](https://github.blog/2023-10-19-icymi-improved-c-vulnerability-coverage-and-codeql-support-for-lombok/#improved-c-vulnerability-coverage) on the GitHub Blog.
# https://github.com/github/releases/issues/3512
- |
For repositories migrated to GitHub Enterprise Server from other platforms, to calculate active committers for GitHub Advanced Security license usage, GitHub only considers commits made after the migration date. Previously, historic commits were included in the calculation, and users needed to intervene manually to avoid consuming licenses unnecessarily. For more information, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."
For repositories migrated to GitHub Enterprise Server from other platforms, to calculate active committers for GitHub Advanced Security license usage, GitHub only considers commits made after the migration date. Previously, historic commits were included in the calculation, and users needed to intervene manually to avoid consuming licenses unnecessarily. For more information, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
# https://github.com/github/releases/issues/3310
- |
To make the language overview on the tool status page more informative, users can directly specify `Kotlin`, `C`, and `TypeScript` as languages to be analyzed using the `language` property of a `codeql.yml` file. For example: `language: [ 'kotlin' ]`. These languages were already supported by CodeQL, but were previously treated as being part of the `Java`, `CPP`, and `JavaScript` languages respectively.
# https://github.com/github/releases/issues/3119
- |
To increase the coverage of secret scanning without needing to maintain custom patterns, users can configure secret scanning to detect non-provider patterns. Non-provider patterns are patterns such as private keys that tend to have a higher rate of false positives than high-confidence patterns. GitHub displays non-provider alerts in a different list from high-confidence alerts, making triaging a better experience for users. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#managing-alerts-from-non-provider-patterns)."
To increase the coverage of secret scanning without needing to maintain custom patterns, users can configure secret scanning to detect non-provider patterns. Non-provider patterns are patterns such as private keys that tend to have a higher rate of false positives than high-confidence patterns. GitHub displays non-provider alerts in a different list from high-confidence alerts, making triaging a better experience for users. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#managing-alerts-from-non-provider-patterns).
- heading: Dependabot
notes:
# https://github.com/github/releases/issues/3458
- |
To debug issues with Dependabot, users can view logs for Dependabot job runs associated with version updates, security updates, and rebase updates. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/viewing-dependabot-job-logs)."
To debug issues with Dependabot, users can view logs for Dependabot job runs associated with version updates, security updates, and rebase updates. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/viewing-dependabot-job-logs).
# https://github.com/github/releases/issues/3091
- |
Users can choose how to respond to Dependabot alerts automatically by setting up custom auto-triage rules in repositories or organizations. Auto-triage rules provide control over whether an alert is ignored, is snoozed, or triggers a pull request for a security update. Users can also use a rule created by GitHub to automatically dismiss low-impact issues in npm dependencies. Auto-triage rules are in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules)."
Users can choose how to respond to Dependabot alerts automatically by setting up custom auto-triage rules in repositories or organizations. Auto-triage rules provide control over whether an alert is ignored, is snoozed, or triggers a pull request for a security update. Users can also use a rule created by GitHub to automatically dismiss low-impact issues in npm dependencies. Auto-triage rules are in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules).
# https://github.com/github/releases/issues/3615
- |
Dependabot version updates have improved support for dependencies in NuGet, the package manager for .NET. Improvements include better support for implicit dependencies and peer dependencies. For more information about supported package managers, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)."
Dependabot version updates have improved support for dependencies in NuGet, the package manager for .NET. Improvements include better support for implicit dependencies and peer dependencies. For more information about supported package managers, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems).
- heading: GitHub Actions
notes:
@@ -83,50 +83,50 @@ sections:
{% data reusables.actions.actions-runner-release-note %} [Updated: 2024-04-25]
# https://github.com/github/releases/issues/3227
- |
Users can set up organization-wide rules to enforce their CI/CD workflows, ensuring workflows pass before pull requests can be merged into target repositories. You can fine-tune your rule by selecting a specific branch, tag, or SHA, and provide maximum control over the version expected to run. To reduce risk, you can "evaluate" workflow rules to validate rules are working correctly. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets#require-workflows-to-pass-before-merging)".
Users can set up organization-wide rules to enforce their CI/CD workflows, ensuring workflows pass before pull requests can be merged into target repositories. You can fine-tune your rule by selecting a specific branch, tag, or SHA, and provide maximum control over the version expected to run. To reduce risk, you can "evaluate" workflow rules to validate rules are working correctly. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets#require-workflows-to-pass-before-merging).
# https://github.com/github/releases/issues/3417
- |
GitHub Actions developers can use GitHub Actions Importer to plan, forecast, and automate the migration of existing CI/CD pipelines from Bamboo Server, Bamboo Data Center, and Bitbucket. Developers can migrate their Bamboo and Bitbucket pipelines to GitHub Actions using the GitHub CLI or IssueOps. For more information, see "[AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer)" and "[AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bamboo-with-github-actions-importer)".
GitHub Actions developers can use GitHub Actions Importer to plan, forecast, and automate the migration of existing CI/CD pipelines from Bamboo Server, Bamboo Data Center, and Bitbucket. Developers can migrate their Bamboo and Bitbucket pipelines to GitHub Actions using the GitHub CLI or IssueOps. For more information, see [AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer) and [AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bamboo-with-github-actions-importer).
# https://github.com/github/releases/issues/3508
- |
Actions environments support defining selected tag patterns to restrict deployments. Administrators who want to have more secure and controlled deployments can specify selected tags or tag patterns on their protected environments. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches)".
Actions environments support defining selected tag patterns to restrict deployments. Administrators who want to have more secure and controlled deployments can specify selected tags or tag patterns on their protected environments. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches).
- heading: Community experience
notes:
# https://github.com/github/releases/issues/3529
- |
To tailor information to users' needs, users are prompted to sign in to access the [GitHub Support](https://support.github.com/) portal. For customers with an enterprise account on GitHub.com, we encourage users to sign in to an account with support privileges for the enterprise. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise)." Users who cannot sign in to an account on GitHub.com can still access the portal by verifying an email address.
To tailor information to users' needs, users are prompted to sign in to access the [GitHub Support](https://support.github.com/) portal. For customers with an enterprise account on GitHub.com, we encourage users to sign in to an account with support privileges for the enterprise. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise). Users who cannot sign in to an account on GitHub.com can still access the portal by verifying an email address.
# https://github.com/github/releases/issues/3605
- |
To help users find answers to their questions more quickly, GitHub Copilot is integrated into GitHub Support. Users can choose to chat with Copilot instead of creating a ticket on the "[Get help with GitHub](https://support.github.com/contact)" contact form. Copilot has been trained on the GitHub Enterprise Server documentation on GitHub Docs. This feature is in public beta and subject to change.
To help users find answers to their questions more quickly, GitHub Copilot is integrated into GitHub Support. Users can choose to chat with Copilot instead of creating a ticket on the [Get help with GitHub](https://support.github.com/contact) contact form. Copilot has been trained on the GitHub Enterprise Server documentation on GitHub Docs. This feature is in public beta and subject to change.
- heading: Projects
notes:
# https://github.com/github/releases/issues/2930
- |
Project templates for organizations are generally available. Users in an organization can create a template to share a pre-configured project with other people in your organization as the base for their projects. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization)".
Project templates for organizations are generally available. Users in an organization can create a template to share a pre-configured project with other people in your organization as the base for their projects. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization).
# https://github.com/github/releases/issues/3549
- |
Users can access Projects from from the global navigation menu. This page can be used to find projects you've recently viewed or created, regardless of the organization or where they are located. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/finding-your-projects)".
Users can access Projects from from the global navigation menu. This page can be used to find projects you've recently viewed or created, regardless of the organization or where they are located. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/finding-your-projects).
- heading: GitHub Discussions
notes:
# https://github.com/github/releases/issues/3475
- |
Users can filter for answered or unanswered discussions with the GraphQL API by using the `answered` property. For more information, see "[AUTOTITLE](/graphql/guides/using-the-graphql-api-for-discussions)."
Users can filter for answered or unanswered discussions with the GraphQL API by using the `answered` property. For more information, see [AUTOTITLE](/graphql/guides/using-the-graphql-api-for-discussions).
- heading: Pull requests
notes:
# https://github.com/github/releases/issues/3140
- |
Users can merge pull requests without needing to wait for status checks to pass by adding a pull request to a merge queue. The merge queue ensures that the changes in the pull request will pass all required status checks when applied to the latest version of the target branch. A pull request is merged automatically once it reaches the front of the queue. This feature is particularly useful on branches where pull requests are merged frequently. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue)."
Users can merge pull requests without needing to wait for status checks to pass by adding a pull request to a merge queue. The merge queue ensures that the changes in the pull request will pass all required status checks when applied to the latest version of the target branch. A pull request is merged automatically once it reaches the front of the queue. This feature is particularly useful on branches where pull requests are merged frequently. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue).
- heading: Markdown
notes:
# https://github.com/github/releases/issues/2339
- |
Users can highlight information using Markdown alerts. Alerts are displayed with distinctive colors and icons, and include notes, tips, warnings, and more. For more information, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#alerts)."
Users can highlight information using Markdown alerts. Alerts are displayed with distinctive colors and icons, and include notes, tips, warnings, and more. For more information, see [AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#alerts).
- heading: Accessibility
notes:
@@ -152,7 +152,7 @@ sections:
- `log_message`, `msg`, or `message` is now `Body`.
- `now` is now `Timestamp`.
- Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names.
- Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal)."
- Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal).
For a full list of mappings, download the OpenTelemetry attribute mapping CSV for GitHub Enterprise Server [3.9](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv), [3.10](/assets/ghes-3.10-opentelemetry-attribute-mappings.csv), [3.11](/assets/ghes-3.11-opentelemetry-attribute-mappings.csv), and [3.12](/assets/ghes-3-12-opentelemetry-attribute-mappings.csv).
@@ -161,7 +161,7 @@ sections:
On an instance with GitHub Advanced Security and code scanning enabled, the bot that posts comments and annotations for code scanning alerts on pull requests has been renamed from `github-code-scanning` to `github-advanced-security`.
# https://github.com/github/releases/issues/3561
- |
The REST API's `/rate_limit` endpoint is now subject to rate limits. Requests will not consume the primary rate limit quotas for the authenticated user. However, making a very high number of requests in a short period of time will trigger the secondary rate limits if secondary rate limits are enabled on your instance. For more information, see "[AUTOTITLE](/rest/rate-limit/rate-limit)" in the REST API documentation and "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-rate-limits)."
The REST API's `/rate_limit` endpoint is now subject to rate limits. Requests will not consume the primary rate limit quotas for the authenticated user. However, making a very high number of requests in a short period of time will trigger the secondary rate limits if secondary rate limits are enabled on your instance. For more information, see [AUTOTITLE](/rest/rate-limit/rate-limit) in the REST API documentation and [AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-rate-limits).
# https://github.com/github/docs-content/issues/14386
- |
TCP port 9103 is opened for future administrative features related to support for Prometheus scraping.
@@ -172,7 +172,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
@@ -195,6 +195,6 @@ sections:
- |
The ability to upgrade the GitHub Enterprise Server Backup Utilities tool using a Git repository has been removed following changes to the [github/backup-utils repository](https://github.com/github/backup-utils/releases). For more information about the repository changes, see [Repository updates - November 2023](https://github.com/github/backup-utils?tab=readme-ov-file#repository-updates---november-2023) in the project's README.
Instead, to upgrade the tool using a compressed archive, download the relevant GitHub Enterprise Server Backup Utilities release from the [Releases](https://github.com/github/backup-utils/releases) page of the `github/backup-utils` repository. For more information, see "[AUTOTITLE](/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance#upgrading-github-enterprise-server-backup-utilities)."
Instead, to upgrade the tool using a compressed archive, download the relevant GitHub Enterprise Server Backup Utilities release from the [Releases](https://github.com/github/backup-utils/releases) page of the `github/backup-utils` repository. For more information, see [AUTOTITLE](/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance#upgrading-github-enterprise-server-backup-utilities).
This deprecation does not affect the functionality of the GitHub Enterprise Server Backup Utilities tool or your ability to backup or restore your GitHub Enterprise Server instance. [Updated: 2024-03-15]

6
data/release-notes/enterprise-server/3-12/1.yml
View File

@@ -88,17 +88,17 @@ sections:
- |
People deploying a GitHub Enterprise Server instance in AWS can now deploy in an environment that uses Instance Metadata Service Version 2 (IMDSv2).
- |
On an instance in a cluster configuration, MySQL replica nodes can be configured to skip database seeding. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding)."
On an instance in a cluster configuration, MySQL replica nodes can be configured to skip database seeding. For more information, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding).
Gists can be deleted using the **Purge Gist** button on the Deleted Gists page in Staff Tools.
- |
The payload for the `push` webhook event is now limited to 2,048 commits. If there are more than 2,048 commits in a push, the payload for the push webhook will not contain serialized diff information for each commit. If you need to fetch commit information, you can use the Commits endpoints of the REST API. For more information, see "[AUTOTITLE](/webhooks/webhook-events-and-payloads#push)" and "[AUTOTITLE](/rest/commits)."
The payload for the `push` webhook event is now limited to 2,048 commits. If there are more than 2,048 commits in a push, the payload for the push webhook will not contain serialized diff information for each commit. If you need to fetch commit information, you can use the Commits endpoints of the REST API. For more information, see [AUTOTITLE](/webhooks/webhook-events-and-payloads#push) and [AUTOTITLE](/rest/commits).
known_issues:
- |
Custom firewall rules are removed during the upgrade process.
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

2
data/release-notes/enterprise-server/3-12/10.yml
View File

@@ -31,7 +31,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- |

4
data/release-notes/enterprise-server/3-12/11.yml
View File

@@ -25,7 +25,7 @@ sections:
- |
Organizations were limited to using 100 Actions organization variables instead of 1,000.
- |
Some customers upgrading from 3.12 to 3.13 or to 3.14 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read "[Undecryptable records](/enterprise-server@3.14/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records)."
Some customers upgrading from 3.12 to 3.13 or to 3.14 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read [Undecryptable records](/enterprise-server@3.14/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records).
changes:
- |
For instances deployed on AWS, the default settings for Chrony NTP synchronization have been aligned with AWS's suggested default configurations.
@@ -35,7 +35,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- |

2
data/release-notes/enterprise-server/3-12/12.yml
View File

@@ -12,7 +12,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- |

4
data/release-notes/enterprise-server/3-12/2.yml
View File

@@ -19,7 +19,7 @@ sections:
- |
On an instance in a cluster configuration with high availability replication enabled, Git operations for existing repositories would fail after failover to the replica cluster.
- |
On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover. The `ghe-cluster-failover` command has been updated to block access from the old cluster, and four new command-line utilities have been introduced to manually block IP addresses: `ghe-cluster-block-ips`, `ghe-cluster-block-ip`, `ghe-cluster-unblock-ips`, and `ghe-cluster-unblock-ip`. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-failover)." [Updated: 2024-05-01]
On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover. The `ghe-cluster-failover` command has been updated to block access from the old cluster, and four new command-line utilities have been introduced to manually block IP addresses: `ghe-cluster-block-ips`, `ghe-cluster-block-ip`, `ghe-cluster-unblock-ips`, and `ghe-cluster-unblock-ip`. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-failover). [Updated: 2024-05-01]
- |
A Redis job had a memory limit that was too low in some cases, leading the process to run out of memory.
- |
@@ -57,7 +57,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

4
data/release-notes/enterprise-server/3-12/3.yml
View File

@@ -30,14 +30,14 @@ sections:
- |
A more specific error message is shown when the `ghe-repl-node` command is run on an instance not configured for high availability.
- |
The SCIM private beta has resumed with support from GitHub engineering in GitHub Enterprise Server version 3.11 and later. Site administrators can provision users and groups on a GitHub Enterprise Server instance automatically with SCIM. SCIM for GitHub Enterprise Server is in private beta and subject to change. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise)" and "[AUTOTITLE](/rest/enterprise-admin/scim)" in the REST API documentation.
The SCIM private beta has resumed with support from GitHub engineering in GitHub Enterprise Server version 3.11 and later. Site administrators can provision users and groups on a GitHub Enterprise Server instance automatically with SCIM. SCIM for GitHub Enterprise Server is in private beta and subject to change. For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise) and [AUTOTITLE](/rest/enterprise-admin/scim) in the REST API documentation.
known_issues:
- |
Custom firewall rules are removed during the upgrade process.
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

4
data/release-notes/enterprise-server/3-12/4.yml
View File

@@ -6,14 +6,14 @@ sections:
Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO or utilizing SAML SSO authentication without encrypted assertions are not impacted. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. GitHub has requested CVE ID [CVE-2024-4985](https://nvd.nist.gov/vuln/detail/CVE-2024-4985) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)" and "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions)."
For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise) and [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions).
known_issues:
- |
Custom firewall rules are removed during the upgrade process.
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

2
data/release-notes/enterprise-server/3-12/5.yml
View File

@@ -16,7 +16,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

2
data/release-notes/enterprise-server/3-12/7.yml
View File

@@ -142,7 +142,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

2
data/release-notes/enterprise-server/3-12/8.yml
View File

@@ -76,7 +76,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |

2
data/release-notes/enterprise-server/3-12/9.yml
View File

@@ -45,7 +45,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- |

44
data/release-notes/enterprise-server/3-13/0-rc1.yml
View File

@@ -9,7 +9,7 @@ intro: |
>
> If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch.
For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server).
sections:
# Remove section heading if the section contains no notes.
@@ -33,18 +33,18 @@ sections:
People deploying a GitHub Enterprise Server instance in AWS can now deploy in an environment that uses Instance Metadata Service Version 2 (IMDSv2).
# https://github.com/github/releases/issues/3887
- |
As part of the upgrade to GitHub Enterprise Server 3.13, Elasticsearch (ES) is upgraded from version 5.6.16 to 8.7.0. Upgrading platform components improves performance and security posture. For important upgrade considerations, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade)."
As part of the upgrade to GitHub Enterprise Server 3.13, Elasticsearch (ES) is upgraded from version 5.6.16 to 8.7.0. Upgrading platform components improves performance and security posture. For important upgrade considerations, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade).
# https://github.com/github/releases/issues/3776
- |
To improve existing tooling for license handling, the `ghe-license` script handles all operations regarding the active license. Commands can be performed on new licenses without importing them first. The script allows direct application of the license without a full configuration run and avoids restarting the instance to reduce downtime. See "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-license)."
To improve existing tooling for license handling, the `ghe-license` script handles all operations regarding the active license. Commands can be performed on new licenses without importing them first. The script allows direct application of the license without a full configuration run and avoids restarting the instance to reduce downtime. See [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-license).
Administrators can upload the license to their instance using multiple interfaces, including the Management Console, Manage GHES API, CLI, or SSH. See "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server)."
Administrators can upload the license to their instance using multiple interfaces, including the Management Console, Manage GHES API, CLI, or SSH. See [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server).
- heading: Audit logs
notes:
# https://github.com/github/releases/issues/3724
- |
Enterprise and organization audit log events include the applicable SAML and SCIM identity data associated with the user. This data provides increased visibility into the identity of the user and enables logs from multiple systems to quickly and easily be linked using a common corporate identity. The SAML identity information displays in the `external_identity_nameid` field and the SCIM identity data displays in the `external_identity_username` field within the audit log payloads. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)."
Enterprise and organization audit log events include the applicable SAML and SCIM identity data associated with the user. This data provides increased visibility into the identity of the user and enables logs from multiple systems to quickly and easily be linked using a common corporate identity. The SAML identity information displays in the `external_identity_nameid` field and the SCIM identity data displays in the `external_identity_username` field within the audit log payloads. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization).
- heading: GitHub Actions
@@ -54,28 +54,28 @@ sections:
{% data reusables.actions.actions-runner-release-note %}
# https://github.com/github/releases/issues/3822
- |
To ensure Actions runners are truly ephemeral and more secure, execution timeouts on self-hosted jobs are limited to 5 days. If a job reaches this limit, the job is terminated and fails to complete. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#usage-limits)."
To ensure Actions runners are truly ephemeral and more secure, execution timeouts on self-hosted jobs are limited to 5 days. If a job reaches this limit, the job is terminated and fails to complete. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#usage-limits).
- heading: Repositories
notes:
# https://github.com/github/releases/issues/2992
- |
Users can use repository properties to add meaningful metadata to repositories that simplifies repository classification, enhances discoverability, and seamlessly integrates with rulesets. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization)."
Users can use repository properties to add meaningful metadata to repositories that simplifies repository classification, enhances discoverability, and seamlessly integrates with rulesets. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization).
# https://github.com/github/releases/issues/3849
- |
Users can browse and view code in a revamped experience for GitHub repositories, providing a tree pane for browsing files, fuzzy search for files, sticky code headers, and more.
# https://github.com/github/releases/issues/3550
- |
Users can migrate existing tag protection rules into repository rules. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules#importing-tag-protection-rules-to-repository-rulesets)."
Users can migrate existing tag protection rules into repository rules. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules#importing-tag-protection-rules-to-repository-rulesets).
- heading: Projects
notes:
# https://github.com/github/releases/issues/3606
- |
Users can post status updates on their projects to share the current status, start date, and target date of the project itself. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/sharing-project-updates)."
Users can post status updates on their projects to share the current status, start date, and target date of the project itself. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/sharing-project-updates).
# https://github.com/github/releases/issues/3878
- |
Users can migrate their projects (classic) to the new Projects experience. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/creating-projects/migrating-from-projects-classic)."
Users can migrate their projects (classic) to the new Projects experience. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/creating-projects/migrating-from-projects-classic).
- heading: Pull requests
notes:
@@ -87,19 +87,19 @@ sections:
notes:
# https://github.com/github/releases/issues/3566
- |
In the secret scanning list view, users can apply a filter to display alerts that are the result of having bypassed push protection. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."
In the secret scanning list view, users can apply a filter to display alerts that are the result of having bypassed push protection. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).
# https://github.com/github/releases/issues/3180
- |
To increase coverage of secret scanning across an instance, users can enable secret scanning in repositories owned by their personal account. Enterprise owners can disable this feature, or automatically enable it for all new user-owned repositories, in the enterprise settings. See "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
To increase coverage of secret scanning across an instance, users can enable secret scanning in repositories owned by their personal account. Enterprise owners can disable this feature, or automatically enable it for all new user-owned repositories, in the enterprise settings. See [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise).
- heading: Code scanning
notes:
# https://github.com/github/releases/issues/3526
- |
Users can enable code scanning on repositories even if they don't contain any code written in the [languages currently supported by CodeQL](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/). Default setup will automatically trigger the first scan when a supported language is detected on the default branch. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)."
Users can enable code scanning on repositories even if they don't contain any code written in the [languages currently supported by CodeQL](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/). Default setup will automatically trigger the first scan when a supported language is detected on the default branch. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
# https://github.com/github/releases/issues/3545
- |
Users can use CodeQL threat model settings for Java to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)."
Users can use CodeQL threat model settings for Java to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning).
# https://github.com/github/releases/issues/3771
# https://github.com/github/releases/issues/3807
# https://github.com/github/releases/issues/3818
@@ -123,13 +123,13 @@ sections:
# https://github.com/github/releases/issues/3778
# https://github.com/github/releases/issues/3779
- |
On the security overview dashboard, users can find detailed insights for the security alerts in an organization or enterprise, including trending data that tracks alert counts and activity over time and snapshot data that reflects the current state of the security landscape. Alerts are displayed for both GitHub's security features and third-party tools. Filters are available for the type and visibility of alerts, date range, repository custom properties, and more. The overview dashboard is in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)."
On the security overview dashboard, users can find detailed insights for the security alerts in an organization or enterprise, including trending data that tracks alert counts and activity over time and snapshot data that reflects the current state of the security landscape. Alerts are displayed for both GitHub's security features and third-party tools. Filters are available for the type and visibility of alerts, date range, repository custom properties, and more. The overview dashboard is in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights).
# https://github.com/github/releases/issues/3782
- |
Users can view trending data for the enablement of security features in an organization. In security overview for an organization, the "Enablement trends" view shows historical data for the activation of security features including Dependabot updates, code scanning alerts, and secret scanning alerts. This feature is in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security#viewing-enablement-trends-for-an-organization-beta)."
Users can view trending data for the enablement of security features in an organization. In security overview for an organization, the "Enablement trends" view shows historical data for the activation of security features including Dependabot updates, code scanning alerts, and secret scanning alerts. This feature is in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security#viewing-enablement-trends-for-an-organization-beta).
# https://github.com/github/releases/issues/3712
- |
For users who use `devcontainer.json` files to define development containers for repositories, Dependabot version updates can keep "features" defined for the dev container up to date. Once configured in `dependabot.yml`, Dependabot will open pull requests on a specified schedule to update the listed features to the latest version. Dependabot security updates for dev containers are not currently supported. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#dev-containers)."
For users who use `devcontainer.json` files to define development containers for repositories, Dependabot version updates can keep "features" defined for the dev container up to date. Once configured in `dependabot.yml`, Dependabot will open pull requests on a specified schedule to update the listed features to the latest version. Dependabot security updates for dev containers are not currently supported. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#dev-containers).
- heading: Authentication
notes:
@@ -137,7 +137,7 @@ sections:
- |
For enterprises or organizations that use an SSH certificate authority (CA) to provide SSH certificates to members, to protect against a security risk involving user renames, new SSH CAs that are uploaded to a GitHub Enterprise Server 3.13 instance can only be used to sign certificates that are set to expire. For new CAs, you must use the `-V` parameter with `ssh-keygen` to generate a certificate with a `valid-after` claim.
The `valid-after` claim allows GitHub to validate that the user named in the SSH certificate hasn't been renamed since the certificate was signed. CAs uploaded prior to version 3.13 are exempt from this requirement and can be used to sign certificates that do not expire. However, when you've ensured that your certificate signing process uses the `-V` flag, GitHub encourages you to upgrade existing certificates to enforce the expiration requirement. For more information, see "[AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities#upgrading-an-ssh-certificate-authority)" or "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#upgrading-an-ssh-certificate-authority)."
The `valid-after` claim allows GitHub to validate that the user named in the SSH certificate hasn't been renamed since the certificate was signed. CAs uploaded prior to version 3.13 are exempt from this requirement and can be used to sign certificates that do not expire. However, when you've ensured that your certificate signing process uses the `-V` flag, GitHub encourages you to upgrade existing certificates to enforce the expiration requirement. For more information, see [AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities#upgrading-an-ssh-certificate-authority) or [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#upgrading-an-ssh-certificate-authority).
changes:
# https://github.com/github/releases/issues/3971
@@ -156,7 +156,7 @@ sections:
The "Create a reference" REST API endpoint is restricted from accepting POSTs from users and apps that only have permission to read and write packages. Previously, this endpoint accepted updates to both tags and branches.
# https://github.com/github/releases/issues/3850
- |
To ensure security updates are applied correctly regardless of your repository's configuration settings, Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. Security updates still do not support `target-branch` configuration. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot)."
To ensure security updates are applied correctly regardless of your repository's configuration settings, Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. Security updates still do not support `target-branch` configuration. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot).
known_issues:
# INCLUDE NOTES FOR RELEASE FROM "GHES Release Note Tracking" PROJECT'S "Known Issues" TAB
@@ -165,13 +165,13 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
- |
When enabling log forwarding, specific service logs, including babeld, are duplicated. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/log-forwarding#enabling-log-forwarding)."
When enabling log forwarding, specific service logs, including babeld, are duplicated. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/log-forwarding#enabling-log-forwarding).
- |
{% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
- |
@@ -185,4 +185,4 @@ sections:
As part of sunsetting Subversion compatibility, Subversion support is now disabled by default. Subversion can be re-enabled in the 3.13 release series by setting `app.svnbridge.enabled = true`. In 3.14, subversion support will be permanently removed. For more information, see [Sunsetting Subversion support](https://github.blog/2023-01-20-sunsetting-subversion-support/) on the GitHub blog.
# https://github.com/github/releases/issues/3859
- |
The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will deprecate the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)."
The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will deprecate the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see [AUTOTITLE](/rest/enterprise-admin/management-console).

52
data/release-notes/enterprise-server/3-13/0.yml
View File

@@ -2,9 +2,9 @@ date: '2024-06-18'
release_candidate: false
deprecated: false
intro: |
>[!NOTE] An upgrade to Elasticsearch in version 3.13 may affect performance on your instance. See "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade)."
>[!NOTE] An upgrade to Elasticsearch in version 3.13 may affect performance on your instance. See [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade).
For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server).
sections:
# Remove section heading if the section contains no notes.
@@ -29,18 +29,18 @@ sections:
People deploying a GitHub Enterprise Server instance in AWS can now deploy in an environment that uses Instance Metadata Service Version 2 (IMDSv2).
# https://github.com/github/releases/issues/3887
- |
As part of the upgrade to GitHub Enterprise Server 3.13, Elasticsearch (ES) is upgraded from version 5.6.16 to 8.7.0. Upgrading platform components improves performance and security posture. For important upgrade considerations, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade)."
As part of the upgrade to GitHub Enterprise Server 3.13, Elasticsearch (ES) is upgraded from version 5.6.16 to 8.7.0. Upgrading platform components improves performance and security posture. For important upgrade considerations, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade).
# https://github.com/github/releases/issues/3776
- |
To improve existing tooling for license handling, the `ghe-license` script handles all operations regarding the active license. Commands can be performed on new licenses without importing them first. The script allows direct application of the license without a full configuration run and avoids restarting the instance to reduce downtime. See "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-license)."
To improve existing tooling for license handling, the `ghe-license` script handles all operations regarding the active license. Commands can be performed on new licenses without importing them first. The script allows direct application of the license without a full configuration run and avoids restarting the instance to reduce downtime. See [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-license).
Administrators can upload the license to their instance using multiple interfaces, including the Management Console, Manage GHES API, CLI, or SSH. See "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server)."
Administrators can upload the license to their instance using multiple interfaces, including the Management Console, Manage GHES API, CLI, or SSH. See [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server).
- heading: Audit logs
notes:
# https://github.com/github/releases/issues/3724
- |
Enterprise and organization audit log events include the applicable SAML and SCIM identity data associated with the user. This data provides increased visibility into the identity of the user and enables logs from multiple systems to quickly and easily be linked using a common corporate identity. The SAML identity information displays in the `external_identity_nameid` field and the SCIM identity data displays in the `external_identity_username` field within the audit log payloads. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)."
Enterprise and organization audit log events include the applicable SAML and SCIM identity data associated with the user. This data provides increased visibility into the identity of the user and enables logs from multiple systems to quickly and easily be linked using a common corporate identity. The SAML identity information displays in the `external_identity_nameid` field and the SCIM identity data displays in the `external_identity_username` field within the audit log payloads. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization).
- heading: GitHub Actions
@@ -50,28 +50,28 @@ sections:
{% data reusables.actions.actions-runner-release-note %}
# https://github.com/github/releases/issues/3822
- |
To ensure Actions runners are truly ephemeral and more secure, execution timeouts on self-hosted jobs are limited to 5 days. If a job reaches this limit, the job is terminated and fails to complete. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#usage-limits)."
To ensure Actions runners are truly ephemeral and more secure, execution timeouts on self-hosted jobs are limited to 5 days. If a job reaches this limit, the job is terminated and fails to complete. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#usage-limits).
- heading: Repositories
notes:
# https://github.com/github/releases/issues/2992
- |
Users can use repository properties to add meaningful metadata to repositories that simplifies repository classification, enhances discoverability, and seamlessly integrates with rulesets. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization)."
Users can use repository properties to add meaningful metadata to repositories that simplifies repository classification, enhances discoverability, and seamlessly integrates with rulesets. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization).
# https://github.com/github/releases/issues/3849
- |
Users can browse and view code in a revamped experience for GitHub repositories, providing a tree pane for browsing files, fuzzy search for files, sticky code headers, and more.
# https://github.com/github/releases/issues/3550
- |
Users can migrate existing tag protection rules into repository rules. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules#importing-tag-protection-rules-to-repository-rulesets)."
Users can migrate existing tag protection rules into repository rules. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules#importing-tag-protection-rules-to-repository-rulesets).
- heading: Projects
notes:
# https://github.com/github/releases/issues/3606
- |
Users can post status updates on their projects to share the current status, start date, and target date of the project itself. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/sharing-project-updates)."
Users can post status updates on their projects to share the current status, start date, and target date of the project itself. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/sharing-project-updates).
# https://github.com/github/releases/issues/3878
- |
Users can migrate their projects (classic) to the new Projects experience. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/creating-projects/migrating-from-projects-classic)."
Users can migrate their projects (classic) to the new Projects experience. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/creating-projects/migrating-from-projects-classic).
- heading: Pull requests
notes:
@@ -83,19 +83,19 @@ sections:
notes:
# https://github.com/github/releases/issues/3566
- |
In the secret scanning list view, users can apply a filter to display alerts that are the result of having bypassed push protection. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."
In the secret scanning list view, users can apply a filter to display alerts that are the result of having bypassed push protection. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).
# https://github.com/github/releases/issues/3180
- |
To increase coverage of secret scanning across an instance, users can enable secret scanning in repositories owned by their personal account. Enterprise owners can disable this feature, or automatically enable it for all new user-owned repositories, in the enterprise settings. See "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
To increase coverage of secret scanning across an instance, users can enable secret scanning in repositories owned by their personal account. Enterprise owners can disable this feature, or automatically enable it for all new user-owned repositories, in the enterprise settings. See [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise).
- heading: Code scanning
notes:
# https://github.com/github/releases/issues/3526
- |
Users can enable code scanning on repositories even if they dont contain any code written in the [languages currently supported by CodeQL](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/). Default setup will automatically trigger the first scan when a supported language is detected on the default branch. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)."
Users can enable code scanning on repositories even if they dont contain any code written in the [languages currently supported by CodeQL](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/). Default setup will automatically trigger the first scan when a supported language is detected on the default branch. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
# https://github.com/github/releases/issues/3545
- |
Users can use CodeQL threat model settings for Java to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)."
Users can use CodeQL threat model settings for Java to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning).
# https://github.com/github/releases/issues/3771
- |
The {% data variables.product.prodname_codeql %} action for code scanning analysis uses version 2.16.5 of the {% data variables.product.prodname_codeql_cli %} by default, an upgrade from 2.15.5 compared to the previous {% data variables.product.prodname_ghe_server %} feature release. For a detailed list of changes included in each version, see the [{% data variables.product.prodname_codeql %} change logs](https://codeql.github.com/docs/codeql-overview/codeql-changelog/).
@@ -114,13 +114,13 @@ sections:
# https://github.com/github/releases/issues/3778
# https://github.com/github/releases/issues/3779
- |
On the security overview dashboard, users can find detailed insights for the security alerts in an organization or enterprise, including trending data that tracks alert counts and activity over time and snapshot data that reflects the current state of the security landscape. Alerts are displayed for both GitHub's security features and third-party tools. Filters are available for the type and visibility of alerts, date range, repository custom properties, and more. The overview dashboard is in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)."
On the security overview dashboard, users can find detailed insights for the security alerts in an organization or enterprise, including trending data that tracks alert counts and activity over time and snapshot data that reflects the current state of the security landscape. Alerts are displayed for both GitHub's security features and third-party tools. Filters are available for the type and visibility of alerts, date range, repository custom properties, and more. The overview dashboard is in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights).
# https://github.com/github/releases/issues/3782
- |
Users can view trending data for the enablement of security features in an organization. In security overview for an organization, the "Enablement trends" view shows historical data for the activation of security features including Dependabot updates, code scanning alerts, and secret scanning alerts. This feature is in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security#viewing-enablement-trends-for-an-organization-beta)."
Users can view trending data for the enablement of security features in an organization. In security overview for an organization, the "Enablement trends" view shows historical data for the activation of security features including Dependabot updates, code scanning alerts, and secret scanning alerts. This feature is in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security#viewing-enablement-trends-for-an-organization-beta).
# https://github.com/github/releases/issues/3712
- |
For users who use `devcontainer.json` files to define development containers for repositories, Dependabot version updates can keep "features" defined for the dev container up to date. Once configured in `dependabot.yml`, Dependabot will open pull requests on a specified schedule to update the listed features to the latest version. Dependabot security updates for dev containers are not currently supported. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#dev-containers)."
For users who use `devcontainer.json` files to define development containers for repositories, Dependabot version updates can keep "features" defined for the dev container up to date. Once configured in `dependabot.yml`, Dependabot will open pull requests on a specified schedule to update the listed features to the latest version. Dependabot security updates for dev containers are not currently supported. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#dev-containers).
- heading: Authentication
notes:
@@ -128,7 +128,7 @@ sections:
- |
For enterprises or organizations that use an SSH certificate authority (CA) to provide SSH certificates to members, to protect against a security risk involving user renames, new SSH CAs that are uploaded to a GitHub Enterprise Server 3.13 instance can only be used to sign certificates that are set to expire. For new CAs, you must use the `-V` parameter with `ssh-keygen` to generate a certificate with a `valid-after` claim.
The `valid-after` claim allows GitHub to validate that the user named in the SSH certificate hasn't been renamed since the certificate was signed. CAs uploaded prior to version 3.13 are exempt from this requirement and can be used to sign certificates that do not expire. However, when you've ensured that your certificate signing process uses the `-V` flag, GitHub encourages you to upgrade existing certificates to enforce the expiration requirement. For more information, see "[AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities#upgrading-an-ssh-certificate-authority)" or "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#upgrading-an-ssh-certificate-authority)."
The `valid-after` claim allows GitHub to validate that the user named in the SSH certificate hasn't been renamed since the certificate was signed. CAs uploaded prior to version 3.13 are exempt from this requirement and can be used to sign certificates that do not expire. However, when you've ensured that your certificate signing process uses the `-V` flag, GitHub encourages you to upgrade existing certificates to enforce the expiration requirement. For more information, see [AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities#upgrading-an-ssh-certificate-authority) or [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#upgrading-an-ssh-certificate-authority).
changes:
# https://github.com/github/releases/issues/3971
@@ -147,7 +147,7 @@ sections:
The "Create a reference" REST API endpoint is restricted from accepting POSTs from users and apps that only have permission to read and write packages. Previously, this endpoint accepted updates to both tags and branches.
# https://github.com/github/releases/issues/3850
- |
To ensure security updates are applied correctly regardless of your repository's configuration settings, Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. Security updates still do not support `target-branch` configuration. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot)."
To ensure security updates are applied correctly regardless of your repository's configuration settings, Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. Security updates still do not support `target-branch` configuration. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot).
known_issues:
# INCLUDE NOTES FOR RELEASE FROM "GHES Release Note Tracking" PROJECT'S "Known Issues" TAB
@@ -156,13 +156,13 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
- |
When enabling log forwarding, specific service logs, including babeld, are duplicated. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/log-forwarding#enabling-log-forwarding)."
When enabling log forwarding, specific service logs, including babeld, are duplicated. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/log-forwarding#enabling-log-forwarding).
- |
Repositories originally imported using `ghe-migrator` do not correctly track committers for GitHub Advanced Security billing.
- |
@@ -176,9 +176,9 @@ sections:
- |
The admin stats REST API endpoints may time out on appliances with many users or repositories. Retrying the request until data is returned is advised.
- |
When following the steps for "[Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node)," step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed.
When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed.
- |
Running `ghe-cluster-config-apply` as part of the steps for "[Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency)" might fail with errors if the node being replaced has not first been turned off. If this occurs, turn the node off and repeat the steps.
Running `ghe-cluster-config-apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) might fail with errors if the node being replaced has not first been turned off. If this occurs, turn the node off and repeat the steps.
- |
For an instance in a cluster configuration and with GitHub Actions enabled, restoring a cluster from backup requires targeting the primary DB node.
- |
@@ -198,7 +198,7 @@ sections:
As part of sunsetting Subversion compatibility, Subversion support is now disabled by default. Subversion can be re-enabled in the 3.13 release series by setting `app.svnbridge.enabled = true`. In 3.14, subversion support will be permanently removed. For more information, see [Sunsetting Subversion support](https://github.blog/2023-01-20-sunsetting-subversion-support/) on the GitHub blog.
# https://github.com/github/releases/issues/3859
- |
The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)."
The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see [AUTOTITLE](/rest/enterprise-admin/management-console).
# https://github.com/github/releases/issues/3794
- |
From November 19, 2024, references to v1 and v2 of artifacts actions in GitHub Actions will not resolve. GitHub deprecated v1 and v2 of actions/upload-artifact, actions/download-artifact, and related npm packages on June 30, 2024. You can read more about this deprecation on the [GitHub Blog](https://github.blog/changelog/2024-02-13-deprecation-notice-v1-and-v2-of-the-artifact-actions/). GitHub Enterprise Server instances configured to use GitHub Connect to download these actions will need to store cached copies locally for workflows to continue working. If your local copy of these actions has been removed, use [GitHub Actions Sync](https://github.com/actions/actions-sync) to manually re-download the actions. [Updated: 2024-18-20]
@@ -206,4 +206,4 @@ sections:
- |
The deprecated v1 and v2 versions of artifacts actions will be removed from GitHub Enterprise Server 3.15 onwards. Users should update their workflows to use v3 or later versions of artifacts actions. [Updated: 2024-18-20]
errata:
- 'The "[Deprecations](/admin/release-notes#3.13.0-deprecations)" section previously indicated that the Management Console API would be deprecated in GitHub Enterprise Server 3.14. Instead, the Management Console API will be removed in GitHub Enterprise Server 3.15. [Updated: 2024-07-08]'
- 'The [Deprecations](/admin/release-notes#3.13.0-deprecations) section previously indicated that the Management Console API would be deprecated in GitHub Enterprise Server 3.14. Instead, the Management Console API will be removed in GitHub Enterprise Server 3.15. [Updated: 2024-07-08]'

2
data/release-notes/enterprise-server/3-13/2.yml
View File

@@ -148,7 +148,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |

2
data/release-notes/enterprise-server/3-13/3.yml
View File

@@ -92,7 +92,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |

4
data/release-notes/enterprise-server/3-13/4.yml
View File

@@ -55,7 +55,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as `127.0.0.1`.
- |
@@ -82,4 +82,4 @@ sections:
[Updated: 2024-11-29]
errata:
- 'The "[Known issues](/admin/release-notes#3.13.4-known-issues)" section previously indicated that `Instance setup in AWS with IMDSv2 enforced fails if no public IP is present` is still an issue. The issue is resolved and is documented in the "[Bug fixes](/admin/release-notes#3.13.4-bugs)" section. [Updated: 2024-09-30]'
- 'The [Known issues](/admin/release-notes#3.13.4-known-issues) section previously indicated that `Instance setup in AWS with IMDSv2 enforced fails if no public IP is present` is still an issue. The issue is resolved and is documented in the [Bug fixes](/admin/release-notes#3.13.4-bugs) section. [Updated: 2024-09-30]'

2
data/release-notes/enterprise-server/3-13/5.yml
View File

@@ -37,7 +37,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |

4
data/release-notes/enterprise-server/3-13/6.yml
View File

@@ -33,7 +33,7 @@ sections:
- |
Running `config-apply` became stuck under certain circumstances due to a misconfiguration with Packages and Elasticsearch.
- |
Some customers upgrading to 3.13 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read "[Undecryptable records](/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records)."
Some customers upgrading to 3.13 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read [Undecryptable records](/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records).
changes:
- |
When connecting to an appliance via SSH, a notification about upcoming root disk changes displays.
@@ -41,7 +41,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |

2
data/release-notes/enterprise-server/3-13/7.yml
View File

@@ -7,7 +7,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |

2
data/release-notes/enterprise-server/3-13/8.yml
View File

@@ -12,7 +12,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |

48
data/release-notes/enterprise-server/3-14/0-rc1.yml
View File

@@ -8,7 +8,7 @@ intro: |
>
> If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch.
For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)."
For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process).
sections:
features:
@@ -22,7 +22,7 @@ sections:
notes:
# https://github.com/github/releases/issues/4178
- |
Administrators can scale the appliance using generation 2 virtual machines, with support for booting in UEFI mode. This requires deploying a new instance and restoring data onto it. See "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/using-generation-2-virtual-machines)."
Administrators can scale the appliance using generation 2 virtual machines, with support for booting in UEFI mode. This requires deploying a new instance and restoring data onto it. See [AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/using-generation-2-virtual-machines).
# https://github.com/github/releases/issues/4179
- |
Nomad has been upgraded to 1.5.17 and Consul has been upgraded to 1.17.4. These services are used in {% data variables.product.prodname_ghe_server %} to orchestrate containers and configuration.
@@ -31,23 +31,23 @@ sections:
notes:
# https://github.com/github/releases/issues/4087
- |
Automated user provisioning via the System for Cross-domain Identity Management (SCIM) standard is available in public beta. Instances that use SAML authentication can enable SCIM to provision user accounts and manage their lifecycle from an identity provider (IdP). You can configure SCIM using an application for supported IdPs, or using the REST API endpoints for SCIM. See "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes)."
Automated user provisioning via the System for Cross-domain Identity Management (SCIM) standard is available in public beta. Instances that use SAML authentication can enable SCIM to provision user accounts and manage their lifecycle from an identity provider (IdP). You can configure SCIM using an application for supported IdPs, or using the REST API endpoints for SCIM. See [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes).
* If your instance already uses SAML, you will need to configure a new IdP application that supports automated provisioning via SCIM.
* Existing private beta customers should also reconfigure their implementation with an updated application.
* During the public beta, we recommend testing SCIM support for your identity system in a non-production instance before adding SCIM to your current setup.
# https://github.com/github/releases/issues/3905
- |
Organization owners can create and assign custom organization roles, delegating administrative duties to trusted teams and users. See "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles)."
Organization owners can create and assign custom organization roles, delegating administrative duties to trusted teams and users. See [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles).
# https://github.com/github/releases/issues/4026
- |
Users can use the account switcher to switch between multiple accounts. See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/switching-between-accounts)."
Users can use the account switcher to switch between multiple accounts. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/switching-between-accounts).
# https://github.com/github/releases/issues/4025
- |
On an instance that uses built-in authentication, users can use passkeys to sign in securely to GitHub, without needing to input their password. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey)."
On an instance that uses built-in authentication, users can use passkeys to sign in securely to GitHub, without needing to input their password. See [AUTOTITLE](/authentication/authenticating-with-a-passkey).
# https://github.com/github/releases/issues/3789
- |
Enterprises that use an SSH certificate authority can allow SSH certificates to be used to access user-owned repositories. See "[AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-access-to-user-owned-repositories)."
Enterprises that use an SSH certificate authority can allow SSH certificates to be used to access user-owned repositories. See [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-access-to-user-owned-repositories).
- heading: Audit logs
notes:
@@ -59,10 +59,10 @@ sections:
notes:
# https://github.com/github/releases/issues/3179
- |
Users can specify which teams or roles have the ability to bypass push protection. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection)."
Users can specify which teams or roles have the ability to bypass push protection. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection).
# https://github.com/github/releases/issues/3567
- |
Secret scanning detects secrets leaked in discussions and in pull request titles, bodies, and comments. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."
Secret scanning detects secrets leaked in discussions and in pull request titles, bodies, and comments. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning).
# https://github.com/github/releases/issues/3740
- |
Secret scanning blocks contributors from uploading files with detected secrets if push protection is enabled for a repository. This feature is in public beta and subject to change.
@@ -74,13 +74,13 @@ sections:
notes:
# https://github.com/github/releases/issues/3707
- |
Users can create a dedicated code scanning rule to block pull request merges, instead of relying on status checks. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection)."
Users can create a dedicated code scanning rule to block pull request merges, instead of relying on status checks. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection).
# https://github.com/github/releases/issues/3734
- |
Users can use CodeQL threat model settings for C# to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#including-local-sources-of-tainted-data-in-default-setup)."
Users can use CodeQL threat model settings for C# to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#including-local-sources-of-tainted-data-in-default-setup).
# https://github.com/github/releases/issues/3936
- |
Organizations that use default setup for code scanning can use organization-level model packs to extend the coverage of multiple repositories. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup)."
Organizations that use default setup for code scanning can use organization-level model packs to extend the coverage of multiple repositories. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup).
# https://github.com/github/releases/issues/3663
- |
CodeQL can scan Java projects without a build. This feature is in public beta and subject to change.
@@ -101,28 +101,28 @@ sections:
notes:
# https://github.com/github/releases/issues/3344
- |
Users can consolidate Dependabot pull requests by enabling grouped security updates for related dependencies in a package ecosystem. See "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates)."
Users can consolidate Dependabot pull requests by enabling grouped security updates for related dependencies in a package ecosystem. See [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates).
# https://github.com/github/releases/issues/3839
- |
Dependabot can access Cargo private registries to provide updates to Rust dependencies. See "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#about-configuring-private-registries-for-dependabot)."
Dependabot can access Cargo private registries to provide updates to Rust dependencies. See [AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#about-configuring-private-registries-for-dependabot).
# https://github.com/github/releases/issues/3848
- |
Dependabot pauses scheduled jobs after 15 failures. This gives an earlier indication of potential issues while still ensuring that critical security updates continue to be applied without interruption.
# https://github.com/github/releases/issues/3850
- |
Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. This ensures that security updates are applied correctly, regardless of your repository's configuration settings. See "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot)."
Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. This ensures that security updates are applied correctly, regardless of your repository's configuration settings. See [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot).
- heading: Code security
notes:
# https://github.com/github/releases/issues/4036
- |
The security overview dashboard, with the ability to view secret scanning metrics and trending data for the enablement of security features, is available at the enterprise level. See "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)."
The security overview dashboard, with the ability to view secret scanning metrics and trending data for the enablement of security features, is available at the enterprise level. See [AUTOTITLE](/code-security/security-overview/viewing-security-insights).
# https://github.com/github/releases/issues/4212
- |
The security overview dashboard for organizations is now generally available.
# https://github.com/github/releases/issues/3913
- |
On the security overview dashboard, users can view alert trends grouped by tool. The group-by option is designed to improve the ability to track and analyze the effectiveness of scanning tools, enabling more strategic decision-making. See "[AUTOTITLE](/code-security/security-overview/viewing-security-insights#viewing-the-security-overview-dashboard-for-your-organization)."
On the security overview dashboard, users can view alert trends grouped by tool. The group-by option is designed to improve the ability to track and analyze the effectiveness of scanning tools, enabling more strategic decision-making. See [AUTOTITLE](/code-security/security-overview/viewing-security-insights#viewing-the-security-overview-dashboard-for-your-organization).
# https://github.com/github/releases/issues/3912
- |
On the security overview dashboard, users can filter by security tool. This feature is in public beta and subject to change.
@@ -137,28 +137,28 @@ sections:
{% data reusables.actions.actions-runner-release-note %}
# https://github.com/github/releases/issues/3866
- |
Deployment views across environments are now generally available. Users can pin environments and use additional filters to filter the views. See "[AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history)."
Deployment views across environments are now generally available. Users can pin environments and use additional filters to filter the views. See [AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history).
- heading: GitHub Pages
notes:
# https://github.com/github/releases/issues/3872
- |
Users can configure custom GitHub Actions workflows to build and deploy sites on GitHub Pages. See "[AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site#publishing-with-a-custom-github-actions-workflow)."
Users can configure custom GitHub Actions workflows to build and deploy sites on GitHub Pages. See [AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site#publishing-with-a-custom-github-actions-workflow).
- heading: Repositories
notes:
# https://github.com/github/releases/issues/3947
- |
Users can enhance security by adding deploy keys as a bypass type to rulesets. See "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset)."
Users can enhance security by adding deploy keys as a bypass type to rulesets. See [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset).
# https://github.com/github/releases/issues/3826
- |
Users can select Dependabot in the bypass list of a ruleset. See "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-push-ruleset)."
Users can select Dependabot in the bypass list of a ruleset. See [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-push-ruleset).
- heading: Projects
notes:
# https://github.com/github/releases/issues/3910
- |
Users can use the auto-close issue workflow to automatically close issues when a project item moves to a specific "completed" status. See "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations)."
Users can use the auto-close issue workflow to automatically close issues when a project item moves to a specific "completed" status. See [AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations).
- heading: Integrations and extensions
notes:
@@ -185,7 +185,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |
@@ -223,4 +223,4 @@ sections:
deprecations:
- |
The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)."
The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see [AUTOTITLE](/rest/enterprise-admin/management-console).

50
data/release-notes/enterprise-server/3-14/0.yml
View File

@@ -2,7 +2,7 @@ date: '2024-08-27'
release_candidate: false
deprecated: false
intro: |
For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)."
For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process).
sections:
@@ -17,7 +17,7 @@ sections:
notes:
# https://github.com/github/releases/issues/4178
- |
Administrators can scale the appliance using generation 2 virtual machines, with support for booting in UEFI mode. This requires deploying a new instance and restoring data onto it. See "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/using-generation-2-virtual-machines)."
Administrators can scale the appliance using generation 2 virtual machines, with support for booting in UEFI mode. This requires deploying a new instance and restoring data onto it. See [AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/using-generation-2-virtual-machines).
# https://github.com/github/releases/issues/4179
- |
Nomad has been upgraded to 1.5.17 and Consul has been upgraded to 1.17.4. These services are used in {% data variables.product.prodname_ghe_server %} to orchestrate containers and configuration.
@@ -26,23 +26,23 @@ sections:
notes:
# https://github.com/github/releases/issues/4087
- |
Automated user provisioning via the System for Cross-domain Identity Management (SCIM) standard is available in public beta. Instances that use SAML authentication can enable SCIM to provision user accounts and manage their lifecycle from an identity provider (IdP). You can configure SCIM using an application for supported IdPs, or using the REST API endpoints for SCIM. See "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes)."
Automated user provisioning via the System for Cross-domain Identity Management (SCIM) standard is available in public beta. Instances that use SAML authentication can enable SCIM to provision user accounts and manage their lifecycle from an identity provider (IdP). You can configure SCIM using an application for supported IdPs, or using the REST API endpoints for SCIM. See [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes).
* If your instance already uses SAML, you will need to configure a new IdP application that supports automated provisioning via SCIM.
* Existing private beta customers should also reconfigure their implementation with an updated application.
* During the public beta, we recommend testing SCIM support for your identity system in a non-production instance before adding SCIM to your current setup.
# https://github.com/github/releases/issues/3905
- |
Organization owners can create and assign custom organization roles, delegating administrative duties to trusted teams and users. See "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles)."
Organization owners can create and assign custom organization roles, delegating administrative duties to trusted teams and users. See [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles).
# https://github.com/github/releases/issues/4026
- |
Users can use the account switcher to switch between multiple accounts. See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/switching-between-accounts)."
Users can use the account switcher to switch between multiple accounts. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/switching-between-accounts).
# https://github.com/github/releases/issues/4025
- |
On an instance that uses built-in authentication, users can use passkeys to sign in securely to GitHub, without needing to input their password. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey)."
On an instance that uses built-in authentication, users can use passkeys to sign in securely to GitHub, without needing to input their password. See [AUTOTITLE](/authentication/authenticating-with-a-passkey).
# https://github.com/github/releases/issues/3789
- |
Enterprises that use an SSH certificate authority can allow SSH certificates to be used to access user-owned repositories. See "[AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-access-to-user-owned-repositories)."
Enterprises that use an SSH certificate authority can allow SSH certificates to be used to access user-owned repositories. See [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-access-to-user-owned-repositories).
- heading: Audit logs
notes:
@@ -54,10 +54,10 @@ sections:
notes:
# https://github.com/github/releases/issues/3179
- |
Users can specify which teams or roles have the ability to bypass push protection. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection)."
Users can specify which teams or roles have the ability to bypass push protection. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection).
# https://github.com/github/releases/issues/3567
- |
Secret scanning detects secrets leaked in discussions and in pull request titles, bodies, and comments. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."
Secret scanning detects secrets leaked in discussions and in pull request titles, bodies, and comments. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning).
# https://github.com/github/releases/issues/3740
- |
Secret scanning blocks contributors from uploading files with detected secrets if push protection is enabled for a repository. This feature is in public beta and subject to change.
@@ -69,13 +69,13 @@ sections:
notes:
# https://github.com/github/releases/issues/3707
- |
Users can create a dedicated code scanning rule to block pull request merges, instead of relying on status checks. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection)."
Users can create a dedicated code scanning rule to block pull request merges, instead of relying on status checks. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection).
# https://github.com/github/releases/issues/3734
- |
Users can use CodeQL threat model settings for C# to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#including-local-sources-of-tainted-data-in-default-setup)."
Users can use CodeQL threat model settings for C# to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#including-local-sources-of-tainted-data-in-default-setup).
# https://github.com/github/releases/issues/3936
- |
Organizations that use default setup for code scanning can use organization-level model packs to extend the coverage of multiple repositories. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup)."
Organizations that use default setup for code scanning can use organization-level model packs to extend the coverage of multiple repositories. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup).
# https://github.com/github/releases/issues/3663
- |
CodeQL can scan Java projects without a build. This feature is in public beta and subject to change.
@@ -96,31 +96,31 @@ sections:
notes:
# https://github.com/github/releases/issues/3344
- |
Users can consolidate Dependabot pull requests by enabling grouped security updates for related dependencies in a package ecosystem. See "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates)."
Users can consolidate Dependabot pull requests by enabling grouped security updates for related dependencies in a package ecosystem. See [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates).
# https://github.com/github/releases/issues/3839
- |
Dependabot can access Cargo private registries to provide updates to Rust dependencies. See "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#about-configuring-private-registries-for-dependabot)."
Dependabot can access Cargo private registries to provide updates to Rust dependencies. See [AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#about-configuring-private-registries-for-dependabot).
# https://github.com/github/releases/issues/3848
- |
Dependabot pauses scheduled jobs after 15 failures. This gives an earlier indication of potential issues while still ensuring that critical security updates continue to be applied without interruption.
# https://github.com/github/releases/issues/3850
- |
Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. This ensures that security updates are applied correctly, regardless of your repository's configuration settings. See "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot)."
Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. This ensures that security updates are applied correctly, regardless of your repository's configuration settings. See [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot).
# https://github.com/github/releases/issues/4118
- |
In the `dependabot.yml` file, users can apply the same configuration to manifest files from multiple directories using the `directories` key. Direct strings, glob syntax, and wildcards (`*`) are all supported for targeting directories. See "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#directories)." [Updated: 2024-10-07]
In the `dependabot.yml` file, users can apply the same configuration to manifest files from multiple directories using the `directories` key. Direct strings, glob syntax, and wildcards (`*`) are all supported for targeting directories. See [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#directories). [Updated: 2024-10-07]
- heading: Code security
notes:
# https://github.com/github/releases/issues/4036
- |
The security overview dashboard, with the ability to view secret scanning metrics and trending data for the enablement of security features, is available at the enterprise level. See "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)."
The security overview dashboard, with the ability to view secret scanning metrics and trending data for the enablement of security features, is available at the enterprise level. See [AUTOTITLE](/code-security/security-overview/viewing-security-insights).
# https://github.com/github/releases/issues/4212
- |
The security overview dashboard for organizations is now generally available.
# https://github.com/github/releases/issues/3913
- |
On the security overview dashboard, users can view alert trends grouped by tool. The group-by option is designed to improve the ability to track and analyze the effectiveness of scanning tools, enabling more strategic decision-making. See "[AUTOTITLE](/code-security/security-overview/viewing-security-insights#viewing-the-security-overview-dashboard-for-your-organization)."
On the security overview dashboard, users can view alert trends grouped by tool. The group-by option is designed to improve the ability to track and analyze the effectiveness of scanning tools, enabling more strategic decision-making. See [AUTOTITLE](/code-security/security-overview/viewing-security-insights#viewing-the-security-overview-dashboard-for-your-organization).
# https://github.com/github/releases/issues/3912
- |
On the security overview dashboard, users can filter by security tool. This feature is in public beta and subject to change.
@@ -135,28 +135,28 @@ sections:
{% data reusables.actions.actions-runner-release-note %}
# https://github.com/github/releases/issues/3866
- |
Deployment views across environments are now generally available. Users can pin environments and use additional filters to filter the views. See "[AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history)."
Deployment views across environments are now generally available. Users can pin environments and use additional filters to filter the views. See [AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history).
- heading: GitHub Pages
notes:
# https://github.com/github/releases/issues/3872
- |
Users can configure custom GitHub Actions workflows to build and deploy sites on GitHub Pages. See "[AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site#publishing-with-a-custom-github-actions-workflow)."
Users can configure custom GitHub Actions workflows to build and deploy sites on GitHub Pages. See [AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site#publishing-with-a-custom-github-actions-workflow).
- heading: Repositories
notes:
# https://github.com/github/releases/issues/3947
- |
Users can enhance security by adding deploy keys as a bypass type to rulesets. See "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset)."
Users can enhance security by adding deploy keys as a bypass type to rulesets. See [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset).
# https://github.com/github/releases/issues/3826
- |
Users can select Dependabot in the bypass list of a ruleset. See "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-push-ruleset)."
Users can select Dependabot in the bypass list of a ruleset. See [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-push-ruleset).
- heading: Projects
notes:
# https://github.com/github/releases/issues/3910
- |
Users can use the auto-close issue workflow to automatically close issues when a project item moves to a specific "completed" status. See "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations)."
Users can use the auto-close issue workflow to automatically close issues when a project item moves to a specific "completed" status. See [AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations).
- heading: Integrations and extensions
notes:
@@ -178,7 +178,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |
@@ -224,7 +224,7 @@ sections:
deprecations:
- |
The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)."
The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see [AUTOTITLE](/rest/enterprise-admin/management-console).
errata:
- |

2
data/release-notes/enterprise-server/3-14/1.yml
View File

@@ -45,7 +45,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as `127.0.0.1`.
- |

2
data/release-notes/enterprise-server/3-14/2.yml
View File

@@ -49,7 +49,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |

4
data/release-notes/enterprise-server/3-14/3.yml
View File

@@ -39,7 +39,7 @@ sections:
- |
Audit log events for secret scanning alerts incorrectly displayed a blank secret type when generated for a custom pattern.
- |
Some customers upgrading to 3.14 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read "[Undecryptable records](/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records)."
Some customers upgrading to 3.14 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read [Undecryptable records](/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records).
changes:
- |
When connecting to an appliance via SSH, a notification about upcoming root disk changes displays.
@@ -47,7 +47,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |

2
data/release-notes/enterprise-server/3-14/4.yml
View File

@@ -7,7 +7,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |

2
data/release-notes/enterprise-server/3-14/5.yml
View File

@@ -12,7 +12,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |

32
data/release-notes/enterprise-server/3-15/0-rc1.yml
View File

@@ -8,7 +8,7 @@ intro: |
>
> If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch.
For upgrade instructions, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)."
For upgrade instructions, see [AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process).
sections:
# Remove section heading if the section contains no notes.
@@ -20,23 +20,23 @@ sections:
notes:
# https://github.com/github/releases/issues/4353
- |
New installations of GitHub Enterprise Server version 3.15 and upgrades to 3.15 now require a root disk size of at least 400GB. Otherwise, the system will not boot. For more information on how to increase the root disk size in the appliance, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity)."
New installations of GitHub Enterprise Server version 3.15 and upgrades to 3.15 now require a root disk size of at least 400GB. Otherwise, the system will not boot. For more information on how to increase the root disk size in the appliance, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity).
# https://github.com/github/releases/issues/4353
- |
Minimum recommended requirements for vCPUs, memory, root storage, and data storage have been updated. See "[AUTOTITLE](/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware#minimum-recommended-requirements)."
Minimum recommended requirements for vCPUs, memory, root storage, and data storage have been updated. See [AUTOTITLE](/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware#minimum-recommended-requirements).
- heading: Audit logs
notes:
# https://github.com/github/releases/issues/4185
- |
Organization owners and security managers can monitor changes to the use of security configurations at the organization and repository levels. See "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)," [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration), and [`repository_security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#repository_security_configuration).
Organization owners and security managers can monitor changes to the use of security configurations at the organization and repository levels. See [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)," [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration), and [`repository_security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#repository_security_configuration)
- heading: Code scanning
notes:
# https://github.com/github/releases/issues/3915 and https://github.com/github/releases/issues/4469
- |
Users can run CodeQL analysis of C# code without building the project, `build-mode: none`. When you enable code scanning using default setup on a repository, both Java and C# use this mode. Analysis of both languages using this method is generally available. See "[About build mode None for CodeQL](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-build-mode-none-for-codeql)."
Users can run CodeQL analysis of C# code without building the project, `build-mode: none`. When you enable code scanning using default setup on a repository, both Java and C# use this mode. Analysis of both languages using this method is generally available. See [About build mode None for CodeQL](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-build-mode-none-for-codeql).
# https://github.com/github/releases/issues/4189
- |
CodeQL analysis of Swift and Kotlin code is generally available.
@@ -55,19 +55,19 @@ sections:
notes:
# https://github.com/github/releases/issues/4150
- |
Secret scanning for discussions, issues, and pull request titles, bodies, and comments is now generally available. See "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)."
Secret scanning for discussions, issues, and pull request titles, bodies, and comments is now generally available. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).
# https://github.com/github/releases/issues/4511
- |
Users can bypass push protection using the existing `Create a blob` and `Create or update file contents` REST API endpoints. This action can also be performed programmatically using the new `Create a push protection bypass` API endpoint. See the [GitHub Blog post](https://github.blog/changelog/2024-08-13-secret-scanning-push-protection-is-supported-for-content-upload-rest-api-endpoints/).
# https://github.com/github/releases/issues/4522
- |
Organization owners can enable the detection of non-provider patterns for their organization using a security configuration. This feature is in public beta and is subject to change. See "[Enabling detection of non-provider patterns for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns#enabling-detection-of-non-provider-patterns-for-an-organization)."
Organization owners can enable the detection of non-provider patterns for their organization using a security configuration. This feature is in public beta and is subject to change. See [Enabling detection of non-provider patterns for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns#enabling-detection-of-non-provider-patterns-for-an-organization).
- heading: Dependabot
notes:
# https://github.com/github/releases/issues/4522
- |
Organization owners, security managers and users with **admin** access can manage Dependabot auto-triage rules, as well as create custom auto-triage rules. Auto-triage rules are a powerful tool that automatically dismiss Dependabot alerts matching certain criteria. This feature is generally available. See "[AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules)."
Organization owners, security managers and users with **admin** access can manage Dependabot auto-triage rules, as well as create custom auto-triage rules. Auto-triage rules are a powerful tool that automatically dismiss Dependabot alerts matching certain criteria. This feature is generally available. See [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules).
- heading: GitHub Connect
notes:
@@ -78,16 +78,16 @@ sections:
notes:
# https://github.com/github/releases/issues/3953 and https://github.com/github/releases/issues/3954
- |
Organization owners and security managers can use a "CodeQL pull request alerts" view in security overview to proactively identify and mitigate security risks at the organization and enterprise level. For example, they can see the most common alerts found in pull requests and see the corresponding remediation rates. See "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts)."
Organization owners and security managers can use a "CodeQL pull request alerts" view in security overview to proactively identify and mitigate security risks at the organization and enterprise level. For example, they can see the most common alerts found in pull requests and see the corresponding remediation rates. See [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts).
- heading: Code security
notes:
# https://github.com/github/releases/issues/4231
- |
Organization owners and security managers can simplify the rollout of GitHub security products at scale with security configurations. They can define collections of security settings, save them as a custom configuration, and apply them across groups of repositories. Security configurations can be enforced using policies to stop repositories making any changes to the enablement of security features. See "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)."
Organization owners and security managers can simplify the rollout of GitHub security products at scale with security configurations. They can define collections of security settings, save them as a custom configuration, and apply them across groups of repositories. Security configurations can be enforced using policies to stop repositories making any changes to the enablement of security features. See [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale).
# https://github.com/github/releases/issues/4031 and https://github.com/github/releases/issues/4287 and https://github.com/github/releases/issues/4185
- |
Organization owners and security managers can create, apply, enforce, and monitor security configurations programmatically using REST API calls and audit logs. See "[AUTOTITLE](/rest/code-security/configurations)" and [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration).
Organization owners and security managers can create, apply, enforce, and monitor security configurations programmatically using REST API calls and audit logs. See [AUTOTITLE](/rest/code-security/configurations) and [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration).
- heading: GitHub Actions
notes:
@@ -111,7 +111,7 @@ sections:
Users can gain deeper insights into contributors and code frequency with enhanced focus navigation, and a new table format for viewing and downloading data.
# https://github.com/github/releases/issues/4244
- |
Users can require that merges must be performed with a merge queue at the repository level. For more information about merge queues, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue#about-merge-queues)."
Users can require that merges must be performed with a merge queue at the repository level. For more information about merge queues, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue#about-merge-queues).
# https://github.com/github/releases/issues/4245
- |
Admins can enforce status checks and workflow runs on existing refs while allowing the creation of new refs.
@@ -161,7 +161,7 @@ sections:
Pushes that update over 5,000 branches no longer trigger webhooks or GitHub Actions workflows.
# https://github.com/github/releases/issues/4231
- |
Organization owners and security managers will see a new organization-level code security settings UI. In the organization settings sidebar, the **Code security and analysis** option has been replaced by an expanding **Code security** option. This contains new **Configurations** and **Global settings** options. See "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)."
Organization owners and security managers will see a new organization-level code security settings UI. In the organization settings sidebar, the **Code security and analysis** option has been replaced by an expanding **Code security** option. This contains new **Configurations** and **Global settings** options. See [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale).
known_issues:
- |
@@ -177,7 +177,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |
@@ -218,7 +218,7 @@ sections:
In GitHub Enterprise Server 3.16, the `/explore` functionality, including the `Activity` and `Trending` pages, will be removed.
# https://github.com/github/releases/issues/4110 and https://github.com/github/releases/issues/4193 and https://github.com/github/releases/issues/4231
- |
We are closing down the API endpoints and parameters that complemented the old organization-level code security settings UI experience. These have been replaced by a new API for security configurations. See "[AUTOTITLE](/rest/code-security/configurations)."
We are closing down the API endpoints and parameters that complemented the old organization-level code security settings UI experience. These have been replaced by a new API for security configurations. See [AUTOTITLE](/rest/code-security/configurations).
* **Closing down:** The GET response for security product status in an organization: [Get an organization](/rest/orgs/orgs?apiVersion=2022-11-28#get-an-organization) is deprecated. This attribute will return inaccurate information.
* **Closing down:** The PATCH functionality for security products to set a default status for new repos in an organization: [Update an organization](/rest/orgs/orgs?apiVersion=2022-11-28#update-an-organization) is deprecated. The PATCH operation will be ignored.
* **Closing down:** The POST endpoint to enable or disable a security feature for all repositories in an organization: [Enable or disable a security feature for an organization](/rest/orgs/orgs?apiVersion=2022-11-28#enable-or-disable-a-security-feature-for-an-organization) is deprecated. Using the POST operation may result in a code security configuration being unintentionally removed from a repository.
@@ -226,7 +226,7 @@ sections:
retired:
# https://github.com/github/releases/issues/4878
- |
The Management Console API has been removed. The Manage GHES API reached feature parity with the Management Console API in {% data variables.product.prodname_ghe_server %} version 3.12. For information about the Manage GHES API, see "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)."
The Management Console API has been removed. The Manage GHES API reached feature parity with the Management Console API in {% data variables.product.prodname_ghe_server %} version 3.12. For information about the Manage GHES API, see [AUTOTITLE](/rest/enterprise-admin/manage-ghes).
- |
The option to "copy Storage settings from Actions" in the Management Console ("GitHub Packages" > "Packages Storage Settings") has been removed. [Updated: 2024-11-20]

34
data/release-notes/enterprise-server/3-15/0.yml
View File

@@ -2,7 +2,7 @@ date: '2024-12-03'
release_candidate: false
deprecated: false
intro: |
For upgrade instructions, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)."
For upgrade instructions, see [AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process).
sections:
# Remove section heading if the section contains no notes.
@@ -15,23 +15,23 @@ sections:
notes:
# https://github.com/github/releases/issues/4353
- |
New installations of GitHub Enterprise Server version 3.15 and upgrades to 3.15 now require a root disk size of at least 400GB. Otherwise, the system will not boot. For more information on how to increase the root disk size in the appliance, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity)."
New installations of GitHub Enterprise Server version 3.15 and upgrades to 3.15 now require a root disk size of at least 400GB. Otherwise, the system will not boot. For more information on how to increase the root disk size in the appliance, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity).
# https://github.com/github/releases/issues/4353
- |
Minimum recommended requirements for vCPUs, memory, root storage, and data storage have been updated. See "[AUTOTITLE](/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware#minimum-recommended-requirements)."
Minimum recommended requirements for vCPUs, memory, root storage, and data storage have been updated. See [AUTOTITLE](/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware#minimum-recommended-requirements).
- heading: Audit logs
notes:
# https://github.com/github/releases/issues/4185
- |
Organization owners and security managers can monitor changes to the use of security configurations at the organization and repository levels. See "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)," [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration), and [`repository_security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#repository_security_configuration).
Organization owners and security managers can monitor changes to the use of security configurations at the organization and repository levels. See [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)," [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration), and [`repository_security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#repository_security_configuration)
- heading: Code scanning
notes:
# https://github.com/github/releases/issues/3915 and https://github.com/github/releases/issues/4469
- |
Users can run CodeQL analysis of C# code without building the project, `build-mode: none`. When you enable code scanning using default setup on a repository, both Java and C# use this mode. Analysis of both languages using this method is generally available. See "[About build mode None for CodeQL](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-build-mode-none-for-codeql)."
Users can run CodeQL analysis of C# code without building the project, `build-mode: none`. When you enable code scanning using default setup on a repository, both Java and C# use this mode. Analysis of both languages using this method is generally available. See [About build mode None for CodeQL](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-build-mode-none-for-codeql).
# https://github.com/github/releases/issues/4189
- |
CodeQL analysis of Swift and Kotlin code is generally available.
@@ -50,19 +50,19 @@ sections:
notes:
# https://github.com/github/releases/issues/4150
- |
Secret scanning for discussions, issues, and pull request titles, bodies, and comments is now generally available. See "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)."
Secret scanning for discussions, issues, and pull request titles, bodies, and comments is now generally available. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).
# https://github.com/github/releases/issues/4511
- |
Users can bypass push protection using the existing `Create a blob` and `Create or update file contents` REST API endpoints. This action can also be performed programmatically using the new `Create a push protection bypass` API endpoint. See the [GitHub Blog post](https://github.blog/changelog/2024-08-13-secret-scanning-push-protection-is-supported-for-content-upload-rest-api-endpoints/).
# https://github.com/github/releases/issues/4522
- |
Organization owners can enable the detection of non-provider patterns for their organization using a security configuration. This feature is in public beta and is subject to change. See "[Enabling detection of non-provider patterns for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns#enabling-detection-of-non-provider-patterns-for-an-organization)."
Organization owners can enable the detection of non-provider patterns for their organization using a security configuration. This feature is in public beta and is subject to change. See [Enabling detection of non-provider patterns for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns#enabling-detection-of-non-provider-patterns-for-an-organization).
- heading: Dependabot
notes:
# https://github.com/github/releases/issues/4522
- |
Organization owners, security managers and users with **admin** access can manage Dependabot auto-triage rules, as well as create custom auto-triage rules. Auto-triage rules are a powerful tool that automatically dismiss Dependabot alerts matching certain criteria. This feature is generally available. See "[AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules)."
Organization owners, security managers and users with **admin** access can manage Dependabot auto-triage rules, as well as create custom auto-triage rules. Auto-triage rules are a powerful tool that automatically dismiss Dependabot alerts matching certain criteria. This feature is generally available. See [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules).
- heading: GitHub Connect
notes:
@@ -73,16 +73,16 @@ sections:
notes:
# https://github.com/github/releases/issues/3953 and https://github.com/github/releases/issues/3954
- |
Organization owners and security managers can use a "CodeQL pull request alerts" view in security overview to proactively identify and mitigate security risks at the organization and enterprise level. For example, they can see the most common alerts found in pull requests and see the corresponding remediation rates. See "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts)."
Organization owners and security managers can use a "CodeQL pull request alerts" view in security overview to proactively identify and mitigate security risks at the organization and enterprise level. For example, they can see the most common alerts found in pull requests and see the corresponding remediation rates. See [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts).
- heading: Code security
notes:
# https://github.com/github/releases/issues/4231
- |
Organization owners and security managers can simplify the rollout of GitHub security products at scale with security configurations. They can define collections of security settings, save them as a custom configuration, and apply them across groups of repositories. Security configurations can be enforced using policies to stop repositories making any changes to the enablement of security features. See "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)."
Organization owners and security managers can simplify the rollout of GitHub security products at scale with security configurations. They can define collections of security settings, save them as a custom configuration, and apply them across groups of repositories. Security configurations can be enforced using policies to stop repositories making any changes to the enablement of security features. See [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale).
# https://github.com/github/releases/issues/4031 and https://github.com/github/releases/issues/4287 and https://github.com/github/releases/issues/4185
- |
Organization owners and security managers can create, apply, enforce, and monitor security configurations programmatically using REST API calls and audit logs. See "[AUTOTITLE](/rest/code-security/configurations)" and [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration).
Organization owners and security managers can create, apply, enforce, and monitor security configurations programmatically using REST API calls and audit logs. See [AUTOTITLE](/rest/code-security/configurations) and [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration).
- heading: GitHub Actions
notes:
@@ -106,7 +106,7 @@ sections:
Users can gain deeper insights into contributors and code frequency with enhanced focus navigation, and a new table format for viewing and downloading data.
# https://github.com/github/releases/issues/4244
- |
Users can require that merges must be performed with a merge queue at the repository level. For more information about merge queues, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue#about-merge-queues)."
Users can require that merges must be performed with a merge queue at the repository level. For more information about merge queues, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue#about-merge-queues).
# https://github.com/github/releases/issues/4245
- |
Admins can enforce status checks and workflow runs on existing refs while allowing the creation of new refs.
@@ -156,7 +156,7 @@ sections:
Pushes that update over 5,000 branches no longer trigger webhooks or GitHub Actions workflows.
# https://github.com/github/releases/issues/4231
- |
Organization owners and security managers will see a new organization-level code security settings UI. In the organization settings sidebar, the **Code security and analysis** option has been replaced by an expanding **Code security** option. This contains new **Configurations** and **Global settings** options. See "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)."
Organization owners and security managers will see a new organization-level code security settings UI. In the organization settings sidebar, the **Code security and analysis** option has been replaced by an expanding **Code security** option. This contains new **Configurations** and **Global settings** options. See [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale).
known_issues:
- |
@@ -170,7 +170,7 @@ sections:
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |
@@ -202,7 +202,7 @@ sections:
- |
{% data reusables.release-notes.2024-11-ghe-repl-promote-primary-down %}
- |
On Azure instances, a failed pre-upgrade check due to insufficient user disk size can result in the Management Console displaying an `Internal Server Error`. To restore access to the Management Console, run `sudo rm /var/log/preflight-check-report.json` to remove the file. If enabled, the `automatic update checks` need to be disabled from the Management Console until user disk size is increased to minimum 500 GB. To increase the user disk size, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity#increasing-the-data-partition-size)."
On Azure instances, a failed pre-upgrade check due to insufficient user disk size can result in the Management Console displaying an `Internal Server Error`. To restore access to the Management Console, run `sudo rm /var/log/preflight-check-report.json` to remove the file. If enabled, the `automatic update checks` need to be disabled from the Management Console until user disk size is increased to minimum 500 GB. To increase the user disk size, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity#increasing-the-data-partition-size).
closing_down:
# https://github.com/github/releases/issues/3525
@@ -213,7 +213,7 @@ sections:
In GitHub Enterprise Server 3.16, the `/explore` functionality, including the `Activity` and `Trending` pages, will be removed.
# https://github.com/github/releases/issues/4110 and https://github.com/github/releases/issues/4193 and https://github.com/github/releases/issues/4231
- |
We are closing down the API endpoints and parameters that complemented the old organization-level code security settings UI experience. These have been replaced by a new API for security configurations. See "[AUTOTITLE](/rest/code-security/configurations)."
We are closing down the API endpoints and parameters that complemented the old organization-level code security settings UI experience. These have been replaced by a new API for security configurations. See [AUTOTITLE](/rest/code-security/configurations).
The following things are scheduled for removal in GitHub Enterprise Server 3.16.
* **Closing down:** The GET response for security product status in an organization: [Get an organization](/rest/orgs/orgs?apiVersion=2022-11-28#get-an-organization) is deprecated. This attribute will return inaccurate information.
@@ -223,6 +223,6 @@ sections:
retired:
# https://github.com/github/releases/issues/4878
- |
The Management Console API has been removed. The Manage GHES API reached feature parity with the Management Console API in {% data variables.product.prodname_ghe_server %} version 3.12. For information about the Manage GHES API, see "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)."
The Management Console API has been removed. The Manage GHES API reached feature parity with the Management Console API in {% data variables.product.prodname_ghe_server %} version 3.12. For information about the Manage GHES API, see [AUTOTITLE](/rest/enterprise-admin/manage-ghes).
- |
The option to "copy Storage settings from Actions" in the Management Console ("GitHub Packages" > "Packages Storage Settings") has been removed.

4
data/variables/migrations.yml
View File

@@ -1,8 +1,8 @@
user_migrations_intro: >-
You can use these endpoints to review, backup, or migrate your user data stored on {% data variables.product.prodname_dotcom_the_website %}.
organization_migrations_intro: >-
You can use these endpoints to export one or more repositories so you can move them to a{% ifversion ghes %}nother{% endif %} {% data variables.product.prodname_ghe_server %} instance. For more information, see "[AUTOTITLE](/migrations/using-ghe-migrator/exporting-migration-data-from-githubcom)."
You can use these endpoints to export one or more repositories so you can move them to a{% ifversion ghes %}nother{% endif %} {% data variables.product.prodname_ghe_server %} instance. For more information, see [AUTOTITLE](/migrations/using-ghe-migrator/exporting-migration-data-from-githubcom).
source_imports_intro: >-
You can use these endpoints to start an import from a Git repository hosted with another service. This is the same
functionality as the {% data variables.product.prodname_dotcom %}
Importer. For more information, see "[AUTOTITLE](/migrations/importing-source-code/using-github-importer/importing-a-repository-with-github-importer)."
Importer. For more information, see [AUTOTITLE](/migrations/importing-source-code/using-github-importer/importing-a-repository-with-github-importer).

4
src/fixtures/fixtures/data/glossaries/external.yml
View File

@@ -1,8 +1,8 @@
- term: foo
description: >-
Foo is an intentionally meaningless placeholder word often used in computer
programming. See "[AUTOTITLE](/get-started/foo)."
programming. See [AUTOTITLE](/get-started/foo).
- term: check
description: >-
A check is a type of status check on {% data variables.product.product_name
%}. See "[foo](#foo)."
%}. See [foo](#foo).