date: '2023-02-16'
sections:
  security_fixes:
    - |
      **HIGH:** Updated Git to include fixes from 2.39.2, which address [CVE-2023-22490](https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q) and [CVE-2023-23946](https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh).
    - Packages have been updated to the latest security versions.
  bugs:
    - When using a VPC endpoint URL as an AWS S3 URL for GitHub Packages, publication and installation of packages failed.
    - On an instance with a GitHub Advanced Security license, if code scanning had been used while running GitHub Enterprise Server 3.4 or earlier, a subsequent upgrade from 3.5 to 3.6 or 3.7 could fail when attempting to add a unique index to a database table.
  changes:
    - '{% data reusables.release-notes.scim-in-3-6-series %} [Updated: 2023-04-17]'
  known_issues:
    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
    - Custom firewall rules are removed during the upgrade process.
    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
    - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
    - Actions services need to be restarted after restoring an instance from a backup taken on a different host.
    - In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
    - Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
    - '{% data reusables.release-notes.repository-inconsistencies-errors %}'
    - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}'
    - '{% data reusables.release-notes.stuck-discussion-conversion-issue %}'
    - '{% data reusables.release-notes.git-push-known-issue %}'
    - '{% data reusables.release-notes.slow-deleted-repos-migration-known-issue %}'
    - '{% data reusables.release-notes.user-already-taken %}'