date: '2022-01-18'
sections:
  security_fixes:
    - 'Packages have been updated to the latest security versions. In these updates, Log4j has been updated to version 2.17.1. Note: previous mitigations released in 3.3.1, 3.2.6, 3.1.14, and 3.0.22 are sufficient to address the impact of CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 in these versions of GitHub Enterprise Server.'
    - Sanitize more secrets in the generated support bundles
    - Packages have been updated to the latest security versions.
  bugs:
    - Actions self hosted runners would fail to self-update or run new jobs after upgrading from an older GHES installation.
    - Storage settings could not be validated when configuring MinIO as blob storage for GitHub Packages.
    - Running `ghe-config-apply` could sometimes fail because of permission issues in `/data/user/tmp/pages`.
    - The save button in management console was unreachable by scrolling in lower resolution browsers.
    - IOPS and Storage Traffic monitoring graphs were not updating after collectd version upgrade.
    - Some webhook related jobs could generated large amount of logs.
    - Several documentation links resulted in a 404 Not Found error.
  known_issues:
    - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
    - Custom firewall rules are removed during the upgrade process.
    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
    - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
    - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'