jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-04 00:06:20 -05:00
Code Issues Projects Releases Wiki Activity
Files
daec24cdcbf60f0c9b60ca67dbfd328bd8a8033a
docs/data/release-notes/enterprise-server/3-5/3.yml
Joseph Franks 7ff08d0b8c July 21, 2022: adding release notes (patch release) (#29225) 
* adding release notes

* Update and deduplicate SVN SSRF vulnerability note

* Update note about Grafana

* Update note about XSS vulnerability; fix order

* Update note about logrotate

* Update note about Elasticsearch exceptions

* Update note about pull request merges

* Update note about password field focus

* Update note about scheduled workflows

* Update note about pagination for Billing API

* Update note about committer count for Billing API

* Add links to notes about Billing API

* Update note about dormant user report

* Update note about GEI and projects

* Update note about organization sidebar

* Update note about recovery mode

* Update note about migration logs

Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
Co-authored-by: Gurjant <97250585+Gill312@users.noreply.github.com>
2022-07-21 17:15:11 -04:00

23 lines
2.7 KiB
YAML
Raw Blame History

date: '2022-07-21'
sections:
security_fixes:
- "**MEDIUM**: Prevents an attack where a server-side request forgery (SSRF) could potentially force the Subversion (SVN) bridge to execute remote code by injecting arbitrary data into Memcached."
- "**MEDIUM**: Prevents an attacker from executing Javascript code by exploiting a cross-site scripting (XSS) vulnerability in dropdown UI elements within the GitHub Enterprise Server web interface."
- Updates Grafana to version 7.5.16, which addresses various security vulnerabilities including [CVE-2020-13379](https://github.com/advisories/GHSA-wc9w-wvq2-ffm9) and [CVE-2022-21702](https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g).
- Packages have been updated to the latest security versions.
bugs:
- In some cases, the collectd daemon could consume excess memory.
- In some cases, backups of rotated log files could accumulate and consume excess storage.
- After an upgrade to a new feature release and subsequent configuration run, Elasticsearch could log excessive exceptions while rebuilding indices.
- In some cases where a protected branch required more than one approving review, a pull request could be merged with fewer than the required number of approving reviews.
- The GitHub Enterprise Importer did not correctly migrate settings for projects within repositories.
- On instances using LDAP authentication, the authentication prompt for sudo mode incorrectly placed the cursor within the password field by default when text fields for both a username and password were visible.
- The site admin dashboard erroneously included an option to export a report listing dormant users.
- The Billing API's "[Get GitHub Advanced Security active committers for an organization](/rest/billing#get-github-advanced-security-active-committers-for-an-organization)" endpoint now returns `Link` headers to provide information about pagination.
- The Billing API's "[Get GitHub Advanced Security active committers for an organization](/rest/billing#get-github-advanced-security-active-committers-for-an-organization)" endpoint now returns the correct number of total committers.
- In the sidebar for an organization's settings, the **Archive** navigation item contained no children.
changes:
- The `ghe-set-password` command-line utility starts required services automatically when the instance is booted in recovery mode.
- Metrics for `aqueduct` background processes are gathered for Collectd forwarding and display in the Management Console.
- The location of the database migration and configuration run log, `/data/user/common/ghe-config.log`, is now displayed on the page that details a migration in progress.
Reference in New Issue View Git Blame Copy Permalink