jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-02 12:04:38 -05:00
Code Issues Projects Releases Wiki Activity
Files
c0f108ee4672f5a71d84aedc729c821dfc1fb73a
docs/data/release-notes/enterprise-server/3-4/3.yml

40 lines
5.0 KiB
YAML
Raw Blame History

date: '2022-05-17'
sections:
security_fixes:
- '**MEDIUM:** A security issue in nginx resolver was identified, where an attacker who could forge UDP packets from the DNS server could cause 1-byte memory overwrite, resulting in worker process crashes or other potentially damaging impacts. The vulnerability has been assigned [CVE-2021-23017](https://nvd.nist.gov/vuln/detail/CVE-2021-23017).'
- Updated the `actions/checkout@v2` and `actions/checkout@v3` actions to address new vulnerabilities announced in the [Git security enforcement blog post](https://github.blog/2022-04-12-git-security-vulnerability-announced/).
- Packages have been updated to the latest security versions.
bugs:
- In some cluster topologies, the `ghe-cluster-status` command left behind empty directories in `/tmp`.
- SNMP incorrectly logged a high number of `Cannot statfs` error messages to syslog.
- When adding custom patterns and providing non-UTF8 test strings, match highlighting was incorrect.
- LDAP users with an underscore character (`_`) in their user names can now login successfully.
- For instances configured with SAML authentication and built-in fallback enabled, built-in users would get stuck in a “login” loop when attempting to sign in from the page generated after logging out.
- After enabling SAML encrypted assertions with Azure as identity provider, the sign in page would fail with a `500` error.
- Character key shortcut preferences weren't respected.
- Attempts to view the `git fsck` output from the `/stafftools/repositories/:owner/:repo/disk` page would fail with a `500 Internal Server Error`.
- When using SAML encrypted assertions, some assertions were not correctly marking SSH keys as verified.
- Videos uploaded to issue comments would not be rendered properly.
- When using GitHub Enterprise Importer to import a repository, some issues would fail to import due to incorrectly configured project timeline events.
- When using `ghe-migrator`, a migration would fail to import video file attachments in issues and pull requests.
- 'The Releases page would return a 500 error when the repository has tags that contain non-ASCII characters. [Updated: 2022-06-10]'
- 'Upgrades would sometimes fail while migrating dependency graph data. [Updated: 2022-06-30]'
changes:
- In high availability configurations, clarify that the replication overview page in the Management Console only displays the current replication configuration, not the current replication status.
- The Nomad allocation timeout for Dependency Graph has been increased to ensure post-upgrade migrations can complete.
- When enabling {% data variables.product.prodname_registry %}, clarify that using a Shared Access Signature (SAS) token as connection string is not currently supported.
- Support bundles now include the row count of tables stored in MySQL.
- When determining which repository networks to schedule maintenance on, we no longer count the size of unreachable objects.
- The `run_started_at` response field is now included in the [Workflow runs API](/rest/actions/workflow-runs) and the `workflow_run` event webhook payload.
known_issues:
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
- Custom firewall rules are removed during the upgrade process.
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
- Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
- When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
- The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
- |
After registering a self-hosted runner with the `--ephemeral` parameter on more than one level (for example, both enterprise and organization), the runner may get stuck in an idle state and require re-registration. [Updated: 2022-06-17]
- After upgrading to {% data variables.product.prodname_ghe_server %} 3.4 releases may appear to be missing from repositories. This can occur when the required Elasticsearch index migrations have not successfully completed.
- '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'
Reference in New Issue View Git Blame Copy Permalink