docs/data/release-notes/enterprise-server/3-7/3.yml

date: '2023-01-12'
sections:
  security_fixes:
    - Sanitize additional secrets in support bundles and the configuration log.
    - Dependencies for the CodeQL action have been updated to the latest security versions.
    - Packages have been updated to the latest security versions.
  bugs:
    - Some services incorrectly connected directly to kafka-lite instead of through its internal proxy. In a cluster environment where web services and job services execute on separate nodes, messages generated from the Insights job service werent delivered to kafka-lite.
    - The metrics `Active workers` and `Queued requests` for `github` (renamed from metadata), `gitauth`, and `unicorn` container services werent correctly read from collectd and displayed in the Management Console.
    - Dependabot Alert emails would be sent to disabled repositories.
    - Data migrations could fail when the underlying database table contained only a single record.
    - Sorting and filtering the list of custom patterns for secret scanning at the organization level did not work correctly.
    - After upgrading to GitHub Enterprise Server 3.7, viewing the security settings page for an organization or repository could result in a `500` error due to a GitHub Advanced Security backfill job not completing before the upgrade started.
    - The `git-janitor`command was unable to fix outdated `multi-pack-index.lock` files, resulting in the repository failing maintenance.
    - Dropped `launch.*` metrics that can't be parsed by statsd, as the resulting statsd errors caused collectd logs to grow rapidly in size.
    - When updating custom patterns, the pattern state was immediately set to published.
  changes:
    - Improved the reliability of the real time updates service (Alive) to make it more resilient against network issues with Redis.
    - |
      The `ghe-support-bundle` and `ghe-cluster-support-bundle` commands were updated to include the `-p/--period` flag to generate a time constrained support bundle. The duration can be specified in days and hours, for example: `-p '2 hours'`, `-p '1 day'`, `-p '2 days 5 hours'`.
    - When upgrading an instance with a new root partition, running the `ghe-upgrade` command with the `-t/--target` option ensures the preflight check for the minimum disk storage size is executed against the target partition.
    - The performance of configuration runs started with `ghe-config-apply` has been improved.
    - When exporting account data, backing up a repository, or performing a migration, the link to a repository archive now expires after 1 hour. Previously the archive link expired after 5 minutes.
  known_issues:
    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
    - Custom firewall rules are removed during the upgrade process.
    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
    - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
    - Actions services need to be restarted after restoring an instance from a backup taken on a different host.
    - In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
    - In some cases, users cannot convert existing issues to discussions.
    - During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
    - '{% data reusables.release-notes.repository-inconsistencies-errors %}'
    - '{% data reusables.release-notes.babeld-max-threads-performance-issue %}'
    - '{% data reusables.release-notes.git-push-known-issue %}'
    - '{% data reusables.release-notes.replication-commands-in-maintenance-mode-known-issue %}'

  deprecations:
    # https://github.com/github/enterprise-releases/issues/3217
    - |
      **Upcoming deprecation**: In GitHub Enterprise Server 3.8 and later, unsecure algorithms will be disabled for SSH connections to the administrative shell.

    # https://github.com/github/releases/issues/2395
    - Commit comments, which are comments that users add directly to a commit outside of a pull request, no longer appear in the pull request timeline. Users could not reply to or resolve these comments. The Timeline events REST API and the GraphQL API's `PullRequest` object also no longer return commit comments.

    # https://github.com/github/releases/issues/2380
    - Diffing GeoJSON, PSD, and STL files is no longer possible.

    # https://github.com/github/releases/issues/2480
    - |
      Package registries on the new GitHub Packages architecture, including Container registry and npm packages, no longer expose data through the GraphQL API. In a coming release, other GitHub Packages registries will migrate to the new architecture, which will deprecate the GraphQL API for those registries as well.