jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-03 06:04:16 -05:00
Code Issues Projects Releases Wiki Activity
Files
37e43594de4954b811350f483c99f440cda4bf7e
docs/data/release-notes/enterprise-server/3-4/1.yml
Kamil Grzebien 219f46af81 Remove known issue description
2022-04-22 15:14:06 +02:00

104 lines
12 KiB
YAML
Raw Blame History

date: '2022-04-04'
sections:
security_fixes:
- 'MEDIUM: A path traversal vulnerability was identified in {% data variables.product.prodname_ghe_server %} Management Console that allowed the bypass of CSRF protections. This vulnerability affected all versions of {% data variables.product.prodname_ghe_server %} prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the {% data variables.product.prodname_dotcom %} Bug Bounty program and has been assigned CVE-2022-23732.'
- 'MEDIUM: An integer overflow vulnerability was identified in the 1.x branch and the 2.x branch of `yajil` which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. This vulnerability was reported internally and has been assigned CVE-2022-24795. '
- Support bundles could include sensitive files if {% data variables.product.prodname_actions %} was enabled.
- Packages have been updated to the latest security versions.
bugs:
- A workflow run may not complete if it uses composite-actions.
- When enabling {% data variables.product.prodname_dependabot %}, an error caused some security advisories to temporarily read as no-longer applicable.
- Minio processes would have high CPU usage if an old configuration option was present after upgrading {% data variables.product.prodname_ghe_server %}.
- The options to enable `TLS 1.0` and `TLS 1.1` in the Privacy settings of the Management Console were shown, although removal of those protocol versions occurred in an earlier release.
- In a HA environment, configuring MSSQL replication could require additional manual steps after enabling {% data variables.product.prodname_actions %} for the first time.
- A subset of internal configuration files are more reliably updated after a hotpatch.
- The `ghe-run-migrations` script would sometimes fail to generate temporary certificate names correctly.
- Pre-receive hooks that used `gpg --import` timed out due to insufficient `syscall` privileges.
- In some cluster topologies, webhook delivery information was not available.
- The {% data variables.product.prodname_actions %} deployment graph would display an error when rendering a pending job.
- Elasticsearch health checks would not allow a yellow cluster status when running migrations.
- When using the [Migrations API](/rest/reference/migrations), queued export jobs were not processed.
- Repositories would display a non-functional Discussions tab in the web UI.
- Organizations created as a result of a user transforming their user account into an organization were not added to the global enterprise account.
- LDAP user sync jobs would fail when trying to sync GPG keys that had been synced previously.
- Links to inaccessible pages were removed.
- Some instances experienced high CPU usage due to large amounts unnecessary background jobs being queued.
- Empty repositories didnt sync correctly to cache servers.
- Adding a team as a reviewer to a pull request would sometimes show the incorrect number of members on that team.
- The remove team membership API endpoint would respond with an error when attempting to remove member externally managed via a SCIM Group.
- A large number of dormant users could cause a {% data variables.product.prodname_github_connect %} configuration to fail.
- The "Feature & beta enrollments" page in the Site admin web UI was incorrectly available.
- The "Site admin mode" link in the site footer did not change state when clicked.
changes:
- Memcached connection limits were increased to better accommodate large cluster topologies.
- The Dependency Graph API previously ran with a statically defined port.
- The default shard counts for cluster-related Elasticsearch shard settings have been updated.
- The [Migrations API](/rest/reference/migrations) now generates exports of repositories.
- When filtering enterprise members by organization role on the "People" page, the text for the dropdown menu items has been improved.
- The “Triage” and “Maintain” team roles are preserved during repository migrations.
- Using ghe-migrator or exporting from GitHub.com, an export would not include Pull Request attachments.
- Performance has been improved for web requests made by enterprise owners.
known_issues:
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
- Custom firewall rules are removed during the upgrade process.
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
- Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
- When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
- The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
- |
When using SAML encrypted assertions with {% data variables.product.prodname_ghe_server %} 3.4.0 and 3.4.1, a new XML attribute `WantAssertionsEncrypted` in the `SPSSODescriptor` contains an invalid attribute for SAML metadata. IdPs that consume this SAML metadata endpoint may encounter errors when validating the SAML metadata XML schema. A fix will be available in the next patch release. [Updated: 2022-04-11]
To work around this problem, you can take one of the two following actions.
- Reconfigure the IdP by uploading a static copy of the SAML metadata without the `WantAssertionsEncrypted` attribute.
- Copy the SAML metadata, remove `WantAssertionsEncrypted` attribute, host it on a web server, and reconfigure the IdP to point to that URL.
deprecations:
- heading: Deprecation of GitHub Enterprise Server 3.0
notes:
- '**{% data variables.product.prodname_ghe_server %} 3.0 was discontinued on February 16, 2022**. This means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, [upgrade to the newest version of {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.4/admin/enterprise-management/upgrading-github-enterprise-server) as soon as possible.'
- heading: Deprecation of GitHub Enterprise Server 3.1
notes:
- '**{% data variables.product.prodname_ghe_server %} 3.1 will be discontinued on June 3, 2022**. This means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, [upgrade to the newest version of {% data variables.product.prodname_ghe_server %}](/enterprise-server@3.4/admin/enterprise-management/upgrading-github-enterprise-server) as soon as possible.'
- heading: Deprecation of XenServer Hypervisor support
notes:
# https://github.com/github/docs-content/issues/4439
- Starting in {% data variables.product.prodname_ghe_server %} 3.3, {% data variables.product.prodname_ghe_server %} on XenServer was deprecated and is no longer supported. Please contact [GitHub Support](https://support.github.com) with questions or concerns.
- heading: Deprecation of the Content Attachments API preview
notes:
#
- Due to low usage, we have deprecated the Content References API preview in {% data variables.product.prodname_ghe_server %} 3.4. The API was previously accessible with the `corsair-preview` header. Users can continue to navigate to external URLs without this API. Any registered usages of the Content References API will no longer receive a webhook notification for URLs from your registered domain(s) and we no longer return valid response codes for attempted updates to existing content attachments.
- heading: Deprecation of the Codes of Conduct API preview
notes:
# https://github.com/github/releases/issues/1708
- 'The Codes of Conduct API preview, which was accessible with the `scarlet-witch-preview` header, is deprecated and no longer accessible in {% data variables.product.prodname_ghe_server %} 3.4. We instead recommend using the "[Get community profile metrics](/rest/reference/repos#get-community-profile-metrics)" endpoint to retrieve information about a repository''s code of conduct. For more information, see the "[Deprecation Notice: Codes of Conduct API preview](https://github.blog/changelog/2021-10-06-deprecation-notice-codes-of-conduct-api-preview/)" in the {% data variables.product.prodname_dotcom %} changelog.'
- heading: Deprecation of OAuth Application API endpoints and API authentication using query parameters
notes:
# https://github.com/github/releases/issues/1316
- |
Starting with {% data variables.product.prodname_ghe_server %} 3.4, the [deprecated version of the OAuth Application API endpoints](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/#endpoints-affected) have been removed. If you encounter 404 error messages on these endpoints, convert your code to the versions of the OAuth Application API that do not have `access_tokens` in the URL. We've also disabled the use of API authentication using query parameters. We instead recommend using [API authentication in the request header](https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/#changes-to-make).
- heading: Deprecation of the CodeQL runner
notes:
# https://github.com/github/releases/issues/1632
- The {% data variables.product.prodname_codeql %} runner is deprecated in {% data variables.product.prodname_ghe_server %} 3.4 and is no longer supported. The deprecation only affects users who use {% data variables.product.prodname_codeql %} code scanning in third party CI/CD systems; {% data variables.product.prodname_actions %} users are not affected. We strongly recommend that customers migrate to the {% data variables.product.prodname_codeql %} CLI, which is a feature-complete replacement for the {% data variables.product.prodname_codeql %} runner. For more information, see the [{% data variables.product.prodname_dotcom %} changelog](https://github.blog/changelog/2021-09-21-codeql-runner-deprecation/).
- heading: Deprecation of custom bit-cache extensions
notes:
# https://github.com/github/releases/issues/1415
- |
Starting in {% data variables.product.prodname_ghe_server %} 3.1, support for {% data variables.product.company_short %}'s proprietary bit-cache extensions began to be phased out. These extensions are deprecated in {% data variables.product.prodname_ghe_server %} 3.3 onwards.
Any repositories that were already present and active on {% data variables.product.product_location %} running version 3.1 or 3.2 will have been automatically updated.
Repositories which were not present and active before upgrading to {% data variables.product.prodname_ghe_server %} 3.3 may not perform optimally until a repository maintenance task is run and has successfully completed.
To start a repository maintenance task manually, browse to `https://<hostname>/stafftools/repositories/<owner>/<repository>/network` for each affected repository and click the Schedule button.
backups:
- '{% data variables.product.prodname_ghe_server %} 3.4 requires at least [GitHub Enterprise Backup Utilities 3.4.0](https://github.com/github/backup-utils) for [Backups and Disaster Recovery](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance).'
Reference in New Issue View Git Blame Copy Permalink