jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-02 21:04:32 -05:00
Code Issues Projects Releases Wiki Activity
Files
c0f108ee4672f5a71d84aedc729c821dfc1fb73a
docs/data/release-notes/enterprise-server/3-2/19.yml
Daniel Johnson 159ab049d9 adding release notes - 3.2.19, 3.3.14, 3.4.9, 3.5.6, 3.6.2 (#30989) 
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com>
2022-09-22 17:29:57 +00:00

25 lines
2.7 KiB
YAML
Raw Blame History

date: '2022-09-21'
sections:
security_fixes:
- |
**HIGH**: A GitHub App could use a scoped user-to-server token to bypass user authorization logic and escalate privileges.
- |
**MEDIUM**: The use of a Unicode right-to-left override character in the list of accessible files for a GitHub App could obscure additional files that the app could access.
- Packages have been updated to the latest security versions.
bugs:
- In a cluster configuration, running `ghe-cluster-config-apply` could cause unconfigured nodes to replicate configuration to the rest of the cluster, potentially removing configurations from existing nodes.
- In some cases, the Management Console's monitor dashboard would not load correctly.
- When sending a support bundle to GitHub Enterprise Support using `ghe-support-upload`, the `-t` option would not successfully associate the uploaded bundle with the specified ticket.
- After a user deleted or restored packages from the web interface, counts for packages could render incorrectly.
- Manually disabled GitHub Actions workflows in a repository were re-enabled if the repository received a push containing more than 2048 commits, or if the repository's default branch changed.
- When using a VPC endpoint URL as an AWS S3 URL for GitHub Packages, publication and installation of packages failed.
known_issues:
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
- Custom firewall rules are removed during the upgrade process.
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
- Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
- When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
- The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
- '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'
Reference in New Issue View Git Blame Copy Permalink