jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-06 15:01:04 -05:00
Code Issues Projects Releases Wiki Activity
Files
b0e01d5bfb400a10fc656102b75219db6ad02c66
docs/data/release-notes/enterprise-server/3-13/11.yml
Rachael Rose Renk f5bc3655eb [Release note update]: Invalid Known Issue in release notes (#55239) 
Co-authored-by: Vanessa <vgrl@github.com>
2025-04-11 16:58:48 +00:00

74 lines
6.4 KiB
YAML
Raw Blame History

date: '2025-02-18'
intro: |
{% warning %}
**Warning**: For instances installed on Google Cloud Platform (GCP), hotpatches to GitHub Enterprise Server version `3.13.11` will result in errors being reported in the upgrade log. We recommend hotpatching to a newer 3.13 version instead. [Updated: 2025-03-11]
{% endwarning %}
sections:
security_fixes:
- |
**HIGH**: An attacker could access environment variables in the debug artifacts uploaded by the CodeQL action after a failed code scanning workflow run. This includes any secrets that were exposed to the workflow as environment variables. The attacker requires read access to the repository to access the debug artifact. Users who do not have debug logging enabled are unaffected. The impact to GitHub Enterprise Server users is limited to internal actors. To mitigate this issue, GitHub no longer logs the complete environment by default. GitHub has requested [CVE-2025-24362](https://www.cve.org/CVERecord?id=CVE-2025-24362) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- |
Packages have been updated to the latest security versions.
bugs:
- |
In some cluster configurations, it was not possible to enable GitHub Advanced Security in bulk.
- |
In certain cases, on an instance in a cluster configuration, secret scanning would fail to run due to misconfiguration of a Kafka service.
- |
In an instance in a high-availability or cluster configuration, administrators who updated the instance's license did not see the change reflected on the "Licenses" page in the UI.
- |
Audit log indices from 2018 could occasionally fail to be created when migrating to Elasticsearch 8.
- |
Attachment records were not created when JWT tokens were included in user asset URLs on issues.
- |
The relative date for commits was sometimes incorrectly displayed in the web UI.
- |
In cluster environments, API rate limits were calculated using the cluster node IP address instead of the client IP address. This could lead to incorrect rate limiting and the wrong IP address being recorded in audit log entries.
- |
Users were unable to open issues where the events timeline contained references to projects that were not moved over during a migration. Instead, the `500` error page was displayed.
- |
Certain search terms for repositories and wikis did not return all valid results.
- |
In some cluster configurations, secret scanning failed to run normally due to connection failures.
changes:
- |
Log files on the appliance root disk are compressed immediately upon daily rotation instead of after a 24 hour delay. You can revert to the previous `delaycompress` behavior by signing in as an SSH admin user, setting `ghe-config logrotate.delaycompress true` and then running `ghe-config-apply`.
- |
The CodeQL action has been updated to v3.28.6 to enable uploading artifacts in debug mode without logging the complete environment when running CodeQL CLI v2.20.3+.
- |
The `ghe-live-migrations --init-target` command fails with a descriptive error message if the specified upgrade path is not supported.
known_issues:
- |
{% data reusables.release-notes.2025-02-gcp-hotpatch-bug %} [Updated: 2025-03-11]
- |
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
- |
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
- |
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
- |
For an instance in a cluster configuration and with GitHub Actions enabled, restoring a cluster from backup requires targeting the primary DB node.
- |
When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed.
- |
Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps.
- |
{% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %}
- |
When restoring data originally backed up from a 3.13 appliance onto a 3.13 appliance, the elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`.
- |
When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed.
- |
{% data reusables.release-notes.2025-03-03-elasticsearch-data-loss %}
[Updated: 2025-03-12]
errata:
- |
The warning and known issues section have been updated to accurately reflect that instances installed on GCP will face issues while hotpatching to 3.13.11. Previously, the warning and known issue indicated that customers would face issues either while upgrading or hotpatching to version 3.13.11. [Updated: 2025-03-11]
- |
These release notes previously indicated as a known issue that on GitHub Enterprise Server 3.13.11, repositories originally imported using `ghe-migrator` will not correctly track Advanced Security contributions.
The fix for this problem was already included in GitHub Enterprise Server [3.12](/admin/release-notes#3.12.0-bugs). [Updated: 2025-04-11]
Reference in New Issue View Git Blame Copy Permalink