c99df4ee12
Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com> Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
48 lines
3.6 KiB
YAML
48 lines
3.6 KiB
YAML
date: '2023-10-24'
|
|
sections:
|
|
security_fixes:
|
|
- |
|
|
**LOW:** Due to an incorrect permission assignment for some configuration files, an attacker with access to a local operating system user account could read MySQL connection details including the MySQL password. [Updated: 2023-10-09]
|
|
- |
|
|
Packages have been updated to the latest security versions.
|
|
bugs:
|
|
- |
|
|
`/var/log/lastlog` was not copied over as a sparse file during `ghe-upgrade`, which could cause issues by using additional disk space.
|
|
- |
|
|
`ghe-repl-status` did not identify Git replicas in certain incomplete states and incorrectly suggested that a failover could be performed safely. In some cases, this led to data loss during failover.
|
|
- |
|
|
Repository exports using `ghe-migrator` or the REST API's operation for organization migrations could fail when a large number of commit comments or long commit comments were present.
|
|
- |
|
|
On an instance with a GitHub Advanced Security license and secret scanning enabled, secret scanning suggested incorrect filters when viewing both open and closed alerts.
|
|
- |
|
|
On an instance with multiple nodes, `ghe-spokes status` did not identify Git replicas in certain incomplete states, causing a false report that replication was in sync and leading to data loss or replication issues during failover.
|
|
- |
|
|
On an instance with a GitHub Advanced Security license and secret scanning enabled, dry runs sometimes incorrectly reported no results for custom patterns.
|
|
changes:
|
|
- |
|
|
On an instance in a cluster configuration, administrators can identify the repository networks or gists that are common across a specified set of storage nodes using the `spokesctl find-on-replicas` command.
|
|
- |
|
|
As a security measure, GitHub Pages does not build sites that contain symbolic links except when using custom GitHub Actions workflows. This change strengthens GitHub Pages's symbolic link detection.
|
|
known_issues:
|
|
- |
|
|
Custom firewall rules are removed during the upgrade process.
|
|
|
|
- |
|
|
In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
|
|
- |
|
|
Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
|
|
- |
|
|
{% data reusables.release-notes.repository-inconsistencies-errors %}
|
|
- |
|
|
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
|
|
- |
|
|
On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
|
|
- |
|
|
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
|
|
- |
|
|
When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
|
|
- |
|
|
{% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
|
|
- |
|
|
{% data reusables.release-notes.2023-11-aws-system-time %} [Updated 2023-11-10]
|