37 lines
3.8 KiB
YAML
37 lines
3.8 KiB
YAML
date: '2023-08-24'
|
|
sections:
|
|
security_fixes:
|
|
- |
|
|
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after the fork's visibility was changed to private. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and assigned [CVE-2023-23763](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23763). [Updated: 2023-09-01]
|
|
- Packages have been updated to the latest security versions.
|
|
bugs:
|
|
- syslog-ng configurations for containerized services caused errors for log forwarding services. The configurations have been removed.
|
|
- When an instance exhausted available memory, in some cases, the system's out-of-memory killer (OOMK) killed the process for `dockerd`, causing Nomad to fail to recover after systemd restarted Docker.
|
|
- When running the ghe-migrator, certain error messages contained an invalid link to import documentation.
|
|
- On an instance with Dependabot alerts enabled, repository creation could fail if an organization owner did not set a primary email address.
|
|
- On an instance with a GitHub Advanced Security license and secret scanning enabled, in some cases, custom patterns would erroneously show no results for a dry run.
|
|
changes:
|
|
- Administrators with SSH access to an instance can view the version of GitHub Enterprise Server on the instance by using the `-v` flag with the `ghe-version` utility.
|
|
- As a security measure, GitHub Pages does not build sites that contain symbolic links except when using custom GitHub Actions workflows. When the page builder encounters a symbolic link, the build will fail with an error indicating that the symbolic link should be dereferenced. Custom workflows for GitHub Pages are available in GitHub Enterprise Server 3.7 and later.
|
|
known_issues:
|
|
- |
|
|
Custom firewall rules are removed during the upgrade process.
|
|
- |
|
|
The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
|
|
- |
|
|
In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
|
|
- |
|
|
Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
|
|
- |
|
|
{% data reusables.release-notes.repository-inconsistencies-errors %}
|
|
- |
|
|
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
|
|
- |
|
|
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
|
|
- |
|
|
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
|
|
- |
|
|
When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
|
|
- |
|
|
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-09-04]
|