jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-03 15:05:54 -05:00
Code Issues Projects Releases Wiki Activity

Add release notes for GHES 3.10 release candidate (#39432)

Browse Source 
Co-authored-by: jc-clark <jc-clark@github.com>
Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
Co-authored-by: Vanessa <vgrl@github.com>
This commit is contained in:
Isaac Brown
2023-08-04 10:37:20 +01:00
committed by GitHub
parent 82bf3a4155
commit e76c87dbd1
3 changed files with 243 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

242
data/release-notes/enterprise-server/3-10/0-rc1.yml Normal file
View File

@@ -0,0 +1,242 @@
date: '2023-08-08'
release_candidate: true
deprecated: false
intro: |
{% note %}
**Note:** Release candidate (RC) builds are intended solely for use in a test environment. If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch.
{% endnote %}
For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
sections:
# Remove section heading if the section contains no notes.
features:
# Remove a sub-section heading if the heading contains no notes. If sections
# that regularly recur are missing, add placeholders to this template.
- heading: Instance administration
notes:
# https://github.com/github/releases/issues/3360
- |
To monitor the status of migrations in more detail, users with administrative SSH access to an instance can use the `ghe-migrations` utility to see the progress of individual migration groups. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations)."
# https://github.com/github/releases/issues/3359
- |
Site administrators can set a custom message for their users to see during a maintenance window. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)."
# https://github.com/github/releases/issues/3378
- |
Site administrators can use the Manage GitHub Enterprise Server API to view and manage the maintenance status of an instance, including setting an IP exception list and modifying the message displayed to users during a maintenance window. For more information, see "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)" in the REST API documentation.
- heading: Authentication
notes:
# https://github.com/github/releases/issues/2998
- |
To help users access resources more securely, fine-grained personal access tokens are available in public beta. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#about-personal-access-tokens)."
- Users can create fine-grained personal access tokens with access to their personal repositories or, if permitted, organization-owned repositories.
- Organization and enterprise owners can enable or disable the use of fine-grained personal access tokens in organization-owned repositories, and can use the REST API or GraphQL API to manage tokens in their organizations.
- Users creating fine-grained tokens for an organization can add the `pre-receive hooks` permission to allow managing pre-receive hooks. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance)."
- heading: Policies
notes:
# https://github.com/github/releases/issues/2610
- |
Repository administrators can require pull request approvals from someone other than the last person to push to a branch. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging)."
- heading: GitHub Advanced Security
notes:
# https://github.com/github/releases/issues/2798
- |
To find vulnerabilities in specific parts of a project, users with write access to a repository can filter code scanning alerts by language or by file path by using the search queries `language:` and `path:`. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository)."
# https://github.com/github/releases/issues/2844
- |
To help repository administrators and security managers quickly enable automatic code scanning, default setup for code scanning supports compiled languages including Go, Java, and C. Default setup is now available for all languages supported by CodeQL, except Swift. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages)" and [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation.
# https://github.com/github/releases/issues/2843
- |
Repository administrators and security managers can choose which languages to include or exclude in default setup for code scanning. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning)."
# https://github.com/github/releases/issues/2928
- |
To improve analysis of C# code, the release of CodeQL included with GitHub Enterprise Server 3.10
can scan projects that include features from C# 11. For more information, see [What's new in C# 11](https://learn.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-11) in the Microsoft documentation. Support for C# 11 is in beta and subject to change. CodeQL can scan projects built with C# 11 features, but does not analyse the code used for C# 11 features themselves.
# https://github.com/github/releases/issues/3315
- |
To help users find vulnerabilities in projects for Swift libraries and Apple apps,
the release of CodeQL included with GitHub Enterprise Server 3.10 includes support for Swift, up to version 5.8.1, and Xcode, up to version 14.3.1. Support for Swift is in beta and subject to change. Swift analysis is not supported in default setup for code scanning, and requires the advanced setup. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning)."
# https://github.com/github/releases/issues/2869
- |
To help identify steps to remediate leaked secrets, repository administrators and security managers can view metadata such as the secret owner, expiration date, and access rights for any active GitHub token leaked in a repository. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#reviewing-github-token-metadata)."
# https://github.com/github/blog/pull/4506/files
- |
Repository administrators, security managers, and organization and enterprise owners can view metrics for alerts generated by a specific custom pattern for secret scanning. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
- heading: Dependabot
notes:
# https://github.com/github/releases/issues/3099
- |
Dependabot can automatically update the version of Node.js dependencies managed in the pnpm package manager. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)."
# https://github.com/github/releases/issues/3142
- |
To avoid unnecessary compute cost, Dependabot updates are automatically paused in repositories where there has been no activity on pull requests created by Dependabot for 90 days. For more information about the criteria for Dependabot updates being paused, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)."
# https://github.com/github/releases/issues/3070
- |
To avoid unnecessary compute cost, Dependabot stops automatically rebasing a pull request for version or security updates if the pull request has been open for 30 days.
- heading: Code security
notes:
# https://github.com/github/releases/issues/2303
- |
In the [GitHub Advisory Database](https://github.com/advisories), users can search for any historical vulnerability recognized by the National Vulnerability Database. The "Unreviewed advisories" category has been backfilled to include vulnerabilities from previous years. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)."
# https://github.com/github/releases/issues/2295
- |
In the [GitHub Advisory Database](https://github.com/advisories), users can search for malware advisories by using the query `type:malware`. Dependabot does not send alerts for malware advisories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)."
# https://github.com/github/releases/issues/2042
- |
In the [GitHub Advisory Database](https://github.com/advisories), users can search for advisories for the Hex package manager, including Elixir, Erlang, and more. Dependabot does not send alerts for Hex advisories. For more information, see "[Browsing security advisories in the GitHub Advisory Database](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)."
# https://github.com/github/releases/issues/2890
- |
Organization owners, security managers, and users with admin access to a repository can quickly enable or disable security features for a filtered selection of repositories from the "Security coverage" view in an organization's security overview. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."
# https://github.com/github/releases/issues/3162
- |
Enterprise owners, organization owners, and security managers can quickly assess adoption of security features and exposure to security vulnerabilities across their enterprise. The enterprise-level "Security coverage" and "Security risk" views in security overview display data for repositories in each organization where the viewer is an organization owner or security manager. These views replace the "Overview" page in the "Code Security" tab for an enterprise. The `risk` metric for filtering the "Overview" page is no longer available. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-enterprises)."
# https://github.com/github/releases/issues/3112
- |
Swift is supported for the GitHub Advisory Database, the dependency graph, and Dependabot alerts.
- Users can find curated security advisories for the Swift ecosystem in the GitHub Advisory Database. For more information, see "[AUTOTITLE](/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database)."
- The dependency graph includes Swift dependencies detected in a `Package.resolved` file. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."
- Dependabot can send alerts for vulnerabilities detected in Swift dependencies. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
- heading: GitHub Actions
notes:
# https://github.com/github/releases/issues/3136
- |
Organization owners can increase instance security by preventing members from creating self-hosted runners at the repository level. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization)."
# https://github.com/github/releases/issues/2901
- |
Users with admin access to a repository can allow external systems and third-party services to approve or reject deployments across organizations, repositories, and environments by enabling custom deployment protection rules. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#custom-deployment-protection-rules)."
# https://github.com/github/releases/issues/3184
- |
The option to execute custom scripts on a self-hosted runner is no longer is beta. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job#about-pre--and-post-job-scripts)."
# https://github.com/github/releases/issues/3248
- |
To prevent unnecessary transfer of OIDC tokens between workflows, to fetch an OIDC token generated within a reusable workflow that is outside their enterprise or organization, users must set the `id-token` permission to `write` in the workflow or specific job where the reusable workflow is called. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings)."
- heading: Community experience
notes:
# https://github.com/github/releases/issues/2673
- |
To improve the accuracy of marked answers in discussions, and reduce the burden on users to duplicate their text to get their answer marked as correct, users can mark threaded replies as the answer to a question.
# https://github.com/github/releases/issues/2951
- |
To improve content organization and topic discoverability, GitHub Discussions maintainers can group discussion categories into sections.
- heading: Repositories
notes:
# https://github.com/github/releases/issues/3226
- |
To prevent unnecessary repository removal, the API for managing the repositories accessible by a GitHub App in your organization has been updated to fail early if the application is currently granted access to `all` repositories in the organization. This API can only be used to remove a repository when the application has been granted access to an explicit list of repositories. For more information, see "[AUTOTITLE](/rest/apps/installations#remove-a-repository-from-an-app-installation)."
- heading: Projects
notes:
# https://github.com/github/releases/issues/3207
- |
To control the amount of work in progress and promote focus, on a board layout, users with admin access to a project can set a recommended limit on the number of items in a column. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#setting-a-limit-on-the-number-of-items-in-a-column)."
# https://github.com/github/releases/issues/3133
- |
To determine the default access rights organization members have to projects where they haven't been granted individual access, organization owners can set a base role for projects. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-access-to-your-projects#managing-access-for-organization-level-projects)."
# https://github.com/github/releases/issues/2929
- |
To share a pre-configured project with other people in an organization, users with admin access to a project can set the project as a template. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization)."
# https://github.com/github/releases/issues/3061
- |
In a table layout, users can select and update multiple cells at once by clicking and dragging or using the <kbd>Shift</kbd> or <kbd>Ctrl</kbd>/<kbd>Command</kbd> key.
- heading: Commits
notes:
# https://github.com/github/releases/issues/3137
- |
When editing a file in the user interface, users with permission to bypass branch protection rules receive a note if their commit will bypass a rule, with the option to create a new branch instead of committing directly to the protected branch. Previously, the commit was added to the protected branch directly, without indication that a rule was being bypassed.
# https://github.com/github/releases/issues/3079
- |
When using `git push` from the command line, users with permission to bypass branch protection rules receive a note if they have pushed a commit that bypasses a rule. Previously there was no indication after a Git push that branch rules had been bypassed.
- heading: Markdown
notes:
# https://github.com/github/releases/issues/3118
- |
Users can include mathematical expressions within Markdown by using LaTeX syntax delimited by `$` characters and backticks. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions#writing-inline-expressions)."
- heading: Accessibility
notes:
# https://github.com/github/releases/issues/3071
- |
To make GitHub inclusive to all developers, GitHub has improved color contrast of the default light and dark themes, making them accessible to all users. These changes were made to Primer, [GitHub's Design System](https://primer.style/). For more information, see [GitHub Accessibility](https://accessibility.github.com/).
changes:
# https://github.com/github/releases/issues/3134
- |
Users who use pull requests with protected branches may be affected by the following security measures.
- Merge commits created locally and pushed to a protected branch are rejected if the contents of the commit differ from the merge commit predicted by GitHub.
- If the branch protection rule for dismissing stale reviews is active, an approving review is dismissed if the merge base changes after the review was submitted. The merge base is the commit that is the latest common ancestor of the pull request branch and the protected branch.
- A pull request approval only counts towards the pull request it was submitted for. Previously, approvals were gathered across multiple independent pull requests if the pull request branches pointed to the same commit and targeted the same base branch.
# https://github.com/github/releases/issues/3233
- |
The `PUT` and `DELETE` operations on the `/installations/{installation_id}/repositories/{repository_id}` endpoint are no longer functional for the management of GitHub App installations. You can add or remove a repository from an app installation using the documented APIs instead. For more information, see "[AUTOTITLE](/rest/apps/installations)."
# https://github.com/github/releases/issues/2870
- |
On an instance with a GitHub Advanced Security license, to make it easier to assess vulnerabilities to exposed secrets, enterprise owners and organization owners receive a single email with the results of the historical scan for secrets that is performed when secret scanning is first enabled in an organization or enterprise. Previously, secret scanning sent an email for each repository where secrets were detected. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)."
# https://github.com/github/releases/issues/2805
- |
On an instance with a GitHub Advanced Security license, in the "Files changed" view of pull requests, GitHub only displays code scanning alerts for vulnerabilities detected in lines that a pull request has changed. Previously, code scanning displayed all alerts unique to the pull request branch, even if they were unrelated to the changes the pull request introduced.
backups:
# https://github.com/github/releases/issues/3361
- |
To generate backups of an instance more quickly, in GitHub Enterprise Server Backup Utilities 3.10.0 and later, the job for pruning snapshots is no longer performed as part of the `ghe-backup` tool. Site administrators can prune snapshots manually or on a schedule by running the `ghe-prune-snapshots` job. For more information, see [Scheduling backups](https://github.com/github/backup-utils/blob/master/docs/scheduling-backups.md) in the `github/backup-utils` repository.
# https://github.com/github/releases/issues/3365
- |
To reduce the data transfer required to regularly back up an instance, GitHub Enterprise Server Backup Utilities 3.10.0 and later allows administrators to perform incremental backups of a MySQL 8 database. For more information, see [Making a Differential or Incremental Backup](https://dev.mysql.com/doc/mysql-enterprise-backup/8.0/en/mysqlbackup.incremental.html) in the MySQL documentation.
known_issues:
# INCLUDE NOTES FOR RELEASE FROM "GHES Release Note Tracking" PROJECT'S "Known Issues" TAB
- |
{% data reusables.release-notes.upgrade-mysql8-cannot-start-up %}
- |
The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
- |
When enabling CodeQL via default setup at scale, some checks related to GitHub Actions are omitted, potentially preventing the process from completing. For more information, see "[AUTOTITLE]([at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale)."
deprecations:
# https://github.com/github/releases/issues/2605
- heading: Upcoming deprecation of team discussions
notes:
- |
GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.12. In GitHub Enterprise Server 3.10, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)."

200
data/release-notes/enterprise-server/3-10/PLACEHOLDER.yml
View File

@@ -1,200 +0,0 @@
date: '2099-12-31'
release_candidate: true
deprecated: false
intro: |
{% note %}
**Note:** Release candidate (RC) builds are intended solely for use in a test environment. If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch.
{% endnote %}
For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
sections:
# Remove section heading if the section contains no notes.
features:
# Remove a sub-section heading if the heading contains no notes. If sections
# that regularly recur are missing, add placeholders to this template.
- heading: Instance administration
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Instance services
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Identity and access management
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Authentication
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Migrations
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Policies
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Audit logs
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: GitHub Connect
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: GitHub Advanced Security
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Dependabot
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Code security
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: GitHub Actions
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: GitHub Packages
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: GitHub Pages
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Community experience
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Organizations
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Repositories
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Issues
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Projects
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: GitHub Discussions
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Commits
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Pull requests
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Releases
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Gist
notes:
# LINK TO RELEASES ISSUE
- |
...
- heading: Markdown
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Accessibility
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: GitHub Mobile
notes:
# LINK TO RELEASE ISSUE
- |
...
- heading: Integrations and extensions
notes:
# LINK TO RELEASE ISSUE
- |
...
changes:
# LINK TO RELEASE ISSUE
- |
...
known_issues:
# INCLUDE NOTES FOR RELEASE FROM "GHES Release Note Tracking" PROJECT'S "Known Issues" TAB
- |
...
deprecations:
# LINK TO RELEASE ISSUE
- |
...

2
data/reusables/enterprise/upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up.md
View File

@@ -1 +1 @@
After an administrator upgrades from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9, MySQL may not start back up. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance#mysql-does-not-start-after-upgrade-to-github-enterprise-server-39)."
After an administrator upgrades from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8, 3.9, or 3.10, MySQL may not start back up. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance#mysql-does-not-start-after-upgrade-to-github-enterprise-server-39)."