docs/data/release-notes/enterprise-server/3-9/4.yml

date: '2023-08-24'
intro: |
  {% warning %}

  **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.4-known-issues)" section of these release notes.

  {% endwarning %}
sections:
  security_fixes:
    - |
      An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after the fork's visibility was changed to private. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and assigned [CVE-2023-23763](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23763). [Updated: 2023-09-01]
    - Packages have been updated to the latest security versions.
  bugs:
    - On an instance with GitHub Actions enabled, scale sets configured at the enterprise level did not appear for use within the instance's organizations or repositories.
    - When an administrator tried to validate blob storage connection settings for GitHub Enterprise Importer in the Management Console using the **Test storage settings** button, the operation failed.
    - syslog-ng configurations for containerized services caused errors for log forwarding services. The configurations have been removed.
    - When an instance exhausted available memory, in some cases, the system's out-of-memory killer (OOMK) killed the process for `dockerd`, causing Nomad to fail to recover after systemd restarted Docker.
    - In some cases, when starting a new GitHub Enterprise Server instance, the preflight page indicated that there was no user disk of sufficient size attached.
    - When running the ghe-migrator, certain error messages contained an invalid link to import documentation.
    - On an instance with GitHub Actions enabled, due to mismatched values, users could not easily associate workflow job run IDs from the GitHub Enterprise Server APIs or webhooks with a job in the UI. Workflow job runs now use a new URL pattern of `...actions/runs/job/{job_id}`, and `job_id` matches values from APIs and webhook payloads.
    - |
      Administrators could not see or use the "Migrations" section in an instance's Management Console, which prevented the configuration of blob storage for GitHub Enterprise Importer. [Updated: 2023-08-31]
  known_issues:
    - |
      {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} [Updated: 2023-10-26]
    - |
      Custom firewall rules are removed during the upgrade process.

    - |
      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
    - |
      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
    - |
      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
    - |
      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
    - |
      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
    - |
      The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
    - |
      {% data reusables.release-notes.mermaid-rendering-known-issue %}
    - |
      When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing.
    - |
      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11]
    - |
      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
    - |
      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-09-04]
    - |
      {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %} [Updated: 2023-09-21]
    - |
      {% data reusables.release-notes.2023-09-ephemeral-self-hosted-runners-not-auto-upgrading %} [Updated: 2023-09-29]
    - |
      {% data reusables.release-notes.2023-10-resource-activity-queue-not-processed %} [Updated: 2023-10-10]
    - |
      {% data reusables.release-notes.2023-10-support-bundle-p-flag-not-working %} [Updated: 2023-10-13]
    - |
      {% data reusables.release-notes.scheduled-reminders-unintentional %} [Updated: 2023-10-17]
    - |
      {% data reusables.release-notes.2023-10-actions-upgrade-bug %} [Updated: 2023-12-04]
    - |
      {% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
    - |
      {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} [Updated 2023-12-05]
    - |
      {% data reusables.release-notes.2023-12-client-ip-addresses-incorrect-in-audit-log %} [Updated 2023-12-13]
    - |
      {% data reusables.release-notes.2024-01-ha-proxy-out-of-memory %} [Updated 2024-01-23]
    - |
      {% data reusables.release-notes.2024-03-increased-log-volume-in-syslog %} [Updated: 2024-03-08]
    - |
      {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]