docs/data/release-notes/enterprise-server/3-7/10.yml

date: '2023-05-09'
sections:
  security_fixes:
    - |
      **HIGH:** Updated Git to include fixes from 2.39.2, which address [CVE-2023-22490](https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q) and [CVE-2023-23946](https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh). 
    - |
      **MEDIUM**: Updated Git to include fixes from 2.40.1. For more information, see [Git security vulnerabilities announced](https://github.blog/2023-04-25-git-security-vulnerabilities-announced-4/) on the GitHub Blog. 
  bugs:
    - Users were unable to upload GIF files as attachments within a comment in an issue or pull request. 
    - On an instance in a high availability configuration, a `git push` operation could fail if GitHub Enterprise Server was simultaneously creating the repository on a replica node. 
    - |
      A site administrator could not bypass a proxy for a top-level domain (TLD) from the instance's exception list or IANAs registered top-level domains (TLDs).  
    - |
      On some platforms, after someone with administrative SSH access ran `ghe-diagnostics`, the command's output included a cosmetic `SG_IO` error. 
    - In some cases on an instance with a GitHub Advanced Security license, users could not load the security analysis page and saw a `500` error. 
    - When a site administrator used GitHub Enterprise Importer to import data from GitHub Enterprise Cloud, migrations failed during the import of file-level comments. This failure no longer prevents the import from proceeding. 
    - On an instance with a GitHub Advanced Security license, users with the security manager role for an organization could not view GitHub Advanced Security settings for the organization. 
    - If a user clicked the link to share feedback or report bugs for the beta of user lists, the web interface responded with a `404` error. 
    - When a site administrator used GitHub Enterprise Importer, import of a repository failed if a project column in the repository contained 2,500 or more archived cards. 
    - On an instance with Dependabot alerts enabled, alerts were erroneously hidden when different vulnerabilities were detected by multiple build-time submission detectors. 
    - GitHub Enterprise Server published distribution metrics that cannot be processed by collectd. The metrics included `pre_receive.lfsintegrity.dist.referenced_oids`, `pre_receive.lfsintegrity.dist.unknown_oids`, and `git.hooks.runtime`. 
    - In some cases, on an instance with GitHub Actions enabled, deployment of GitHub Pages site using a GitHub Actions workflow failed with a status of `deployment_lost`. 
    - On an instance with a GitHub Advanced Security license that was also configured for a timezone greater than UTC, the list of secret scanning alerts displayed a "Loading secrets failed" error if a user sorted secrets by date in descending order. 
  changes:
    - On an instance with the dependency graph enabled, background services can handle more traffic. 
    - |
      People with administrative SSH access who generate a support bundle using the `ghe-support-bundle` or `ghe-cluster-support-bundle` utilities can specify the period of time to gather data with `-p` or `--period` without using spaces or quotes. For example, in addition to `'-p 5 days'` or `-p '4 days 10 hours'`,  `-p 5days` or `-p 4days10hours` are valid.
  known_issues:
    - |
      Custom firewall rules are removed during the upgrade process.
    - |
      The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
    - |
      {% data reusables.release-notes.babeld-max-threads-performance-issue %}
    - |
      In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
    - |
      {% data reusables.release-notes.repository-inconsistencies-errors %}
    - |
      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
    - |
      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
    - |
      When using an outbound web proxy server, the `ghe-btop` command may fail in some circumstances with the error "Error querying allocation: Unexpected response code: 401".
    - |
      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
    - |
      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
    - '{% data reusables.release-notes.slow-deleted-repos-migration-known-issue %}'