jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-06 06:02:35 -05:00
Code Issues Projects Releases Wiki Activity
Files
41ae9fdfea916fd474cd4e6fe3dee3609de0c8c6
docs/data/release-notes/enterprise-server/3-7/13.yml
release-controller[bot] 780ba7d189 Patch release notes for GitHub Enterprise Server (#39238) 
Co-authored-by: Release-Controller <runner@fv-az223-599.ovbemkf0w2zejfil3c5ji5hxxg.bx.internal.cloudapp.net>
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
2023-07-18 16:43:16 +00:00

79 lines
6.2 KiB
YAML
Raw Blame History

date: '2023-07-18'
sections:
security_fixes:
- |
An attacker with access to the password hash of the root site administrator user for the instance's Management Console could make requests to the password API endpoint from outside of the instance.
- |
Packages have been updated to the latest security versions.
bugs:
- |
If MinIO was configured for external blob storage on an instance with GitHub Actions enabled and MinIO was configured for bucket replication, the instance's credential validation with MinIO would occasionally fail.
- |
Customers who use Azure Blob store as the remote blob provider to back GitHub Packages would have validation errors if the `EndpointSuffix` part of their Connection string was anything other than `core.windows.net`. Now all valid `EndpointSuffix` are accepted.
- |
After creation of a blob object from the web UI, pre-receive hook events were missing from the instance's audit log.
- |
On an instance with custom firewall rules defined, a configuration run with `ghe-config-apply` could take longer than expected.
- |
On an instance with an outbound web proxy server configured, the proxy interfered with internal operations that used `nomad alloc exec`.
- |
On an instance in a cluster configuration, the `ghe-cluster-balance` behaved inconsistently when displaying status or managing jobs with more than one task group.
- |
On an instance configured for LDAP authentication, if the LDAP server sent an empty string for the `sshPublicKey` attribute, LDAP user sync would fail.
- |
When an administrator updated an instance's TLS certificate via the API as a query parameter instead of in the request body, the certificate and key appeared in `unicorn.log`.
- |
On an instance with Dependabot enabled, in some situations, Dependabot alerts were not updated when a user pushed to a repository.
- |
Determining suggested reviewers on a pull request could time out or be very slow.
- |
After a migration using GitHub Enterprise Importer, some repository autolink references were created with an incorrect format.
- |
On an instance that was not configured to deliver email notifications using SMTP, background jobs to deliver email were enqueued unnecessarily.
- |
Events related to repository notifications did not appear in the audit log.
- |
On an instance with a GitHub Advanced Security license and secret scanning enabled, in some cases, a committer would not receive an email notification for a secret scanning alert where push protections were bypassed.
- |
In some cases, users could reopen a pull request that should not have been able to be reopened.
- |
On an instance with a GitHub Advanced Security license, if a user filtered by a custom pattern on an organizations "Code & security analysis" page using an invalid query, the entire GitHub Advanced Security disappeared and an error reading "Sorry, something went wrong loading GitHub Advanced Security settings" appeared.
- |
On an instance with a GitHub Advanced Security license and secret scanning enabled, output from Git for a push blocked by push protection always included an `http://` link.
- |
The audit log reported the incorrect target repository for pre-receive hook failures.
- |
On an instance in a high availability configuration, existing nodes with out-of-sync repositories prevented new nodes from replicating those repositories.
- |
On an instance with multiple nodes, when using the `spokesctl` command-line utility to manage repositories with replicas that failed to fully create, the utility would spuriously attempt to repair healthy replicas.
changes:
- |
On an instance in a cluster configuration, the `ghe-cluster-config-check` command-line utility will return an affirmative message when no warnings or errors are detected. The affirmative message is "Configuration validation complete. No errors found."
- |
During initialization of a cluster configuration, output from the `ghe-cluster-config-init` command-line utility is improved and simplified.
- |
On an instance with 170 or fewer vCPUs, the default for `app.babeld.threads-max` is 512 instead of 3 times the number of vCPUs. The monitor dashboard also includes metrics within the "Babeld threads" section.
- |
The Management Console displays a warning about unexpected consequences that may result from modification of the instance's hostname after initial configuration.
known_issues:
- |
Custom firewall rules are removed during the upgrade process.
- |
The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
- |
{% data reusables.release-notes.babeld-max-threads-performance-issue %}
- |
In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
- |
{% data reusables.release-notes.repository-inconsistencies-errors %}
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
- |
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
- |
When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
- |
{% data reusables.release-notes.enterprise-backup-utils-encryption-keys %}
Reference in New Issue View Git Blame Copy Permalink