date: '2021-09-07' sections: security_fixes: - Packages have been updated to the latest security versions. bugs: - Attempting to tear down a newly-added replica node by specifying its UUID with `ghe-repl-teardown` would fail without reporting an error if replication was not started. - GitHub Pages builds were being passed through an external proxy if there was one configured. - Custom pre-receive hooks that created sub-processes would lack a `PATH` variable in their environment, resulting in "No such file or directory" errors. - MySQL could failover during an upgrade if `mysql-auto-failover` was enabled. known_issues: - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues. - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user. - Custom firewall rules are removed during the upgrade process. - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters. - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. - If {% data variables.product.prodname_actions %} is enabled for {% data variables.product.prodname_ghe_server %}, teardown of a replica node with `ghe-repl-teardown` will succeed, but may return `ERROR:Running migrations`. - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.