jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-02 03:04:13 -05:00
Code Issues Projects Releases Wiki Activity
Files
1fc030d21dcc213e5f93b514b3f07a52156840bc
docs/data/release-notes/enterprise-server/3-1/3.yml
Roger D. Winans 979c3aaffa Add known issue about GHES pre-receive hooks (#21559) 
Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com>
2021-09-22 22:40:04 +00:00

28 lines
3.5 KiB
YAML
Raw Blame History

date: '2021-07-14'
sections:
security_fixes:
- '**HIGH:** A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and has been assigned CVE-2021-22867. This vulnerability was reported via the GitHub Bug Bounty program.'
- Packages have been updated to the latest security versions.
bugs:
- SAML expiration date variable was not configurable.
- Application services would fail their health checks during config apply before they could enter a healthy state.
- '`ghe-cluster-config-node-init` would fail during cluster setup if HTTP proxy is enabled.'
- Pre-receive hooks could encounter an error `Failed to resolve full path of the current executable` due to `/proc` not being mounted on the container.
- Collectd would not resolve the forwarding destination hostname after the initial startup.
- The job that purged stale deleted repositories could fail to make progress if some of those repositories were protected from deletion by legal holds.
- Background jobs were being queued to the `spam` queue which were not being processed.
- The preferred merge method would be reset when retrying after a failed PR merge.
- Git pushes could result in a 500 Internal Server Error during the user reconciliation process on instances using LDAP authentication mode.
- 'After upgrading from 3.0.x to 3.1.x, in some cases GitHub Actions would fail with an error: `An unexpected error occurred when executing this workflow.`'
changes:
- Improved the efficiency of config apply by skipping IP allow firewall rules that had not changed, which saved significant time on large clusters.
known_issues:
- The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
- On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
- Custom firewall rules are removed during the upgrade process.
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
- Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
- If {% data variables.product.prodname_actions %} is enabled for {% data variables.product.prodname_ghe_server %}, teardown of a replica node with `ghe-repl-teardown` will succeed, but may return `ERROR:Running migrations`.
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Reference in New Issue View Git Blame Copy Permalink