40 lines
3.9 KiB
YAML
40 lines
3.9 KiB
YAML
date: '2023-05-30'
|
|
sections:
|
|
security_fixes:
|
|
- |
|
|
**MEDIUM**: Scoped installation tokens for a GitHub App kept approved permissions after the permissions on the integration installation were downgraded or removed. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
|
|
- Packages have been updated to the latest security versions.
|
|
bugs:
|
|
- On an instance in a cluster configuration, when upgrading the MySQL master node, the post-upgrade configuration run would take 600 seconds longer than required due to incorrect detection of unhealthy nodes.
|
|
- On an instance with a GitHub Advanced Security license and secret scanning enabled, rotation of the key used to encrypt secrets discovered by secret scanning would fail.
|
|
- In some situations on an instance with multiple nodes, Git replication failed to fully replicate repositories that had previously been deleted, which resulted in a warning in `ghe-repl-status` output.
|
|
- |
|
|
If a user made a request to the Collaborators API's Add a repository collaborator endpoint specifying a `permission` of `read` or `write`, the instance returned a `500` error.
|
|
- On an instance with the dependency graph enabled, the correct path appears for manifests that originate from build-time submission snapshots.
|
|
- The `spokesctl` command-line utility accepts more input formats.
|
|
changes:
|
|
- People with administrative SSH access to an instance can configure the maximum memory usage in gigabytes for Redis using `ghe-config redis.max-memory-gb VALUE`.
|
|
known_issues:
|
|
- |
|
|
{% data reusables.release-notes.upgrade-mysql8-cannot-start-up %}
|
|
- |
|
|
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %}
|
|
- |
|
|
Custom firewall rules are removed during the upgrade process.
|
|
- |
|
|
The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
|
|
- |
|
|
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
|
|
- |
|
|
If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](https://docs.github.com/en/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
|
|
- |
|
|
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
|
|
- |
|
|
When using an outbound web proxy server, the `ghe-btop` command may fail in some circumstances with the error "Error querying allocation: Unexpected response code: 401".
|
|
- |
|
|
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
|
|
- |
|
|
When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
|
|
- |
|
|
On an instance with subdomain isolation disabled, Mermaid diagrams in the web UI display an "Unable to render rich display" error and fail to render.
|