19 lines
1.8 KiB
YAML
19 lines
1.8 KiB
YAML
date: '2023-02-16'
|
|
sections:
|
|
security_fixes:
|
|
- |
|
|
**HIGH:** Updated Git to include fixes from 2.39.2, which address [CVE-2023-22490](https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q) and [CVE-2023-23946](https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh).
|
|
- Packages have been updated to the latest security versions.
|
|
bugs:
|
|
- When using a VPC endpoint URL as an AWS S3 URL for GitHub Packages, publication and installation of packages failed.
|
|
known_issues:
|
|
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
|
|
- Custom firewall rules are removed during the upgrade process.
|
|
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
|
|
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
|
|
- The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
|
|
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
|
|
- Actions services need to be restarted after restoring an appliance from a backup taken on a different host.
|
|
- '{% data reusables.release-notes.2022-09-hotpatch-issue %}'
|
|
- '{% data reusables.release-notes.babeld-max-threads-performance-issue %}'
|