date: '2022-06-09' sections: security_fixes: - Packages have been updated to the latest security versions. bugs: - An internal script to validate hostnames in the {% data variables.product.prodname_ghe_server %} configuration file would return an error if the hostname string started with a "." (period character). - In HA configurations where the primary node's hostname was longer than 60 characters, MySQL would fail to be configured - The `--gateway` argument was added to the `ghe-setup-network` command, to allow passing the gateway address when configuring network settings using the command line. - Image attachments that were deleted would return a `500 Internal Server Error` instead of a `404 Not Found` error. - The calculation of "maximum committers across entire instance" reported in the site admin dashboard was incorrect. - An incorrect database entry for repository replicas caused database corruption when performing a restore using {% data variables.product.prodname_enterprise_backup_utilities %}. changes: - Optimised the inclusion of metrics when generating a cluster support bundle. - In HA configurations where Elasticsearch reported a valid yellow status, changes introduced in a previous fix would block the `ghe-repl-stop` command and not allow replication to be stopped. Using `ghe-repo-stop --force` will now force Elasticsearch to stop when the service is in a normal or valid yellow status. - When using `ghe-migrator` or exporting from {% data variables.product.prodname_dotcom_the_website %}, migrations would fail to export pull request attachments. known_issues: - After upgrading to {% data variables.product.prodname_ghe_server %} 3.3, {% data variables.product.prodname_actions %} may fail to start automatically. To resolve this issue, connect to the appliance via SSH and run the `ghe-actions-start` command. - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user. - Custom firewall rules are removed during the upgrade process. - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters. - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results. - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues. - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail. - '{% data variables.product.prodname_actions %} storage settings cannot be validated and saved in the {% data variables.enterprise.management_console %} when "Force Path Style" is selected, and must instead be configured with the `ghe-actions-precheck` command line utility.' - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'