date: '2021-05-25'
sections:
  security_fixes:
    - '**MEDIUM:** Under certain circumstances, users who were removed from a team or organization could retain write access to branches they had existing pull requests opened for.'
    - Packages have been updated to the latest security versions.
  bugs:
    - On the "Configure Actions and Packages" page of the initial installation process, when an admin clicked the "Test domain settings" button the test did not complete.
    - Running `ghe-btop` failed with error `cannot find a 'babeld' container`.
    - Users were experiencing service unavailability after upgrading due to a mismatch of internal and external timeout values.
    - Normal replication delays in MSSQL generated warnings.
    - Link for GitHub Enterprise Clustering Guide on management console was incorrect.
    - An IP address added by an admin using the "Create Whitelist Entry" button could still be locked out.
    - References to the "Dependency graph" and "Dependabot alerts" features were shown on repositories where they were not enabled.
    - HTTP POST requests to the `/hooks` endpoint could fail with a 401 response due to the `hookID` being set incorrectly.
    - The `build-server` process failed to clean up processes leaving them in the `defunct` state.
    - '`spokesd` created excessive log entries including the phrase "fixing placement skipped".'
  changes:
    - Check annotations older than 4 months will be archived.
  known_issues:
    - Access to a repository through the administrative shell using `ghe-repo <owner>/<reponame>` will hang. As a workaround, use `ghe-repo <owner>/<reponame> -c "bash -i"` until a fix is available in the next version.
    - On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
    - Custom firewall rules are not maintained during an upgrade.
    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
    - Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
    - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
    - When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.