jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-30 03:01:36 -05:00
Code Issues Projects Releases Wiki Activity
Files
fa6c0f306fa409bd6912aace1dfe9dee4cea6ffb
docs/data/release-notes/2-20/13.yml
Jason Etcovitch d891618fcc Import Enterprise release notes for 2.20, 2.21 and 2.22.5 (#16909) 
* Add 2.20

* Add 2.21

* Add 2.22.5

* Lint

* Properly format dates

* Update the tests
2020-12-14 15:16:29 +00:00

22 lines
4.3 KiB
YAML
Raw Blame History

date: '2020-08-11'
sections:
security_fixes:
- '**CRITICAL:** A remote code execution vulnerability was identified in GitHub Pages that could allow an attacker to execute commands as part building a GitHub Pages site. This issue was due to an outdated and vulnerable dependency used in the Pages build process. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server. To mitigate this vulnerability, Kramdown has been updated to address CVE-2020-14001. {% comment %} https://github.com/github/pages/pull/2836, https://github.com/github/pages/pull/2827 {% endcomment %}'
- '**HIGH:** An attacker could inject a malicious argument into a Git sub-command when executed on GitHub Enterprise Server. This could allow an attacker to overwrite arbitrary files with partially user-controlled content and potentially execute arbitrary commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to access repositories within the GitHub Enterprise Server instance. However, due to other protections in place, we could not identify a way to actively exploit this vulnerability. This vulnerability was reported through the GitHub Security Bug Bounty program. {% comment %} https://github.com/github/github/pull/151097 {% endcomment %}'
- 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/21811, https://github.com/github/enterprise2/pull/21700 {% endcomment %}'
bugs:
- 'A Consul configuration error prevented some background jobs from being processed on standalone instances. {% comment %} https://github.com/github/enterprise2/pull/21464 {% endcomment %}'
- 'The service memory allocation calculation could allocate an incorrect or unbounded memory allocation to a service resulting in poor system performance. {% comment %} https://github.com/github/enterprise2/pull/21716 {% endcomment %}'
- 'The virtualization platform for oVirt KVM systems was not properly detected, causing problems during upgrades. {% comment %} https://github.com/github/enterprise2/pull/21730, https://github.com/github/enterprise2/pull/21669 {% endcomment %}'
- "The error message for invalid authentication with a password via Git command line didn't populate the URL linking to adding the appropriate token or SSH key. {% comment %} https://github.com/github/github/pull/149714 {% endcomment %}"
- 'GitHub Connect was using a deprecated GitHub.com API endpoint. {% comment %} https://github.com/github/github/pull/150828, https://github.com/github/github/pull/150545 {% endcomment %}'
- 'Issues could not be sorted by *Recently updated* on repositories migrated to a new instance. {% comment %} https://github.com/github/github/pull/150843, https://github.com/github/github/pull/149330 {% endcomment %}'
- 'The 404 page contained GitHub.com contact and status links in the footer. {% comment %} https://github.com/github/github/pull/151316 {% endcomment %}'
known_issues:
- 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
- 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
- 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
- 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
- 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
- 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
Reference in New Issue View Git Blame Copy Permalink