54c60e330a
Co-authored-by: Laura Coursen <lecoursen@github.com> Co-authored-by: Jiaqi Liu <1573931+itsJiaqi@users.noreply.github.com> Co-authored-by: Rachael Rose Renk <91027132+rachaelrenk@users.noreply.github.com>
28 lines
2.8 KiB
YAML
28 lines
2.8 KiB
YAML
date: '2023-03-02'
|
|
sections:
|
|
security_fixes:
|
|
- |
|
|
**HIGH**: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23760). [Updated: 2023-03-10]
|
|
bugs:
|
|
- When viewing a list of open sessions for the devices logged into a user account, the GitHub Enterprise Server web UI could display an incorrect location.
|
|
- |
|
|
In the rare case when primary shards for Elasticsearch were located on a replica node, the `ghe-repl-stop` command would fail with `ERROR: Running migrations`.
|
|
known_issues:
|
|
- |
|
|
{% data reusables.release-notes.upgrade-mysql8-cannot-start-up %}
|
|
- |
|
|
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %}
|
|
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
|
|
- Custom firewall rules are removed during the upgrade process.
|
|
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
|
|
- The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
|
|
- Actions services need to be restarted after restoring an instance from a backup taken on a different host.
|
|
- In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
|
|
- During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
|
|
- '{% data reusables.release-notes.repository-inconsistencies-errors %}'
|
|
- '{% data reusables.release-notes.babeld-max-threads-performance-issue %}'
|
|
- '{% data reusables.release-notes.stuck-discussion-conversion-issue %}'
|
|
- '{% data reusables.release-notes.git-push-known-issue %}'
|
|
- '{% data reusables.release-notes.replication-commands-in-maintenance-mode-known-issue %}'
|
|
- '{% data reusables.release-notes.slow-deleted-repos-migration-known-issue %}'
|