date: '2021-05-25'
sections:
  security_fixes:
    - '**MEDIUM:** Under certain circumstances, users who were removed from a team or organization could retain write access to branches they had existing pull requests opened for.'
    - Packages have been updated to the latest security versions.
  bugs:
    - An IP address added by an admin using the "Create Whitelist Entry" button could still be locked out.
    - In a cluster or HA environment, GitHub Pages builds could be triggered on secondary nodes where they would fail.
  known_issues:
    - On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
    - Custom firewall rules are not maintained during an upgrade.
    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
    - Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
    - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
    - Security alerts are not reported when pushing to a repository on the command line.
    - 'When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.'