jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-08 03:01:54 -05:00
Code Issues Projects Releases Wiki Activity
Files
d2eaff2d34a42e5980056237af50e14e2a4065ac
docs/data/release-notes/3-0/3.yml

31 lines
3.6 KiB
YAML
Raw Blame History

date: '2021-03-23'
intro: The minimum infrastructure requirements have increased for {% data variables.product.prodname_ghe_server %} 3.0+. For more information, see "[About minimum requirements for GitHub Enterprise Server 3.0 and later](/admin/enterprise-management/upgrading-github-enterprise-server#about-minimum-requirements-for-github-enterprise-server-30-and-later)."
sections:
security_fixes:
- '**HIGH:** A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned CVE-2021-22864.'
- Packages have been updated to the latest security versions.
bugs:
- Running `ghe-cluster-config-init` could cause a cluster to become inoperable.
- Resolving merge conflicts in the GUI would fail when custom pre-receive hooks are configured on the repository.
- '`launch-deployer` and `launch-receiver` were logging at DEBUG level and filling logs with unnecessary information.'
- Systemd could lose track of HAProxy's PID.
- When Actions was configured to use S3 storage, the logs for an action would sometimes fail to load.
- The mysql-failover warning was displayed indefinitely after a successful failover.
- The `ghe-cluster-config-init` run was not fully accounting for the exit code of background jobs leading to improper handling of preflight checks.
- When enabling GitHub Actions, initialization could fail silently.
- When vulnerability alerting is enabled, upgrades to the 3.0 series would fail.
- Jobs related to Codespaces were being enqueued leading to an accumulation of unprocessed jobs.
changes:
- Use a relative number for consul and nomad `bootstrap_expect` allowing for a cluster to bootstrap even if a handful of nodes are down.
- Logs will rotate based on size in addition to time.
- Added kafka-lite to the `ghe-cluster-status` command.
known_issues:
- On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
- Custom firewall rules are not maintained during an upgrade.
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
- Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
- When maintenance mode is enabled, some services continue to be listed as "active processes". The services identified are expected to run during maintenance mode. If you experience this issue and are unsure, contact [GitHub Enterprise Support](https://enterprise.githubsupport.com/hc/en-us) or [GitHub Premium Support](https://premium.githubsupport.com/).
- Jupyter Notebook rendering in the web UI may fail if the notebook includes non-ASCII UTF-8 characters.
- reStructuredText (RST) rendering in the web UI may fail and instead display raw RST markup text.
Reference in New Issue View Git Blame Copy Permalink