43 lines
3.3 KiB
YAML
43 lines
3.3 KiB
YAML
date: '2024-02-29'
|
|
sections:
|
|
security_fixes:
|
|
- |
|
|
**HIGH**: On an instance with GitHub Connect enabled and non-default settings for GitHub Connect configured, an attacker could use an enterprise GitHub Actions download token to fetch private repository data. This token is only accessible to users on the GitHub Enterprise Server instance. To fix this vulnerability, the Actions download token will now be a permissionless token. GitHub has requested CVE ID [CVE-2024-1908](https://www.cve.org/cverecord?id=CVE-2024-1908) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
|
|
- |
|
|
Packages have been updated to the latest security versions.
|
|
bugs:
|
|
- |
|
|
Redundant messages caused increased log volumes in `/var/log/syslog`.
|
|
changes:
|
|
- |
|
|
For instances deployed on Google Cloud Platform, GitHubs public images include support for Google Virtual NIC (gVNIC) by default. Previously, to use gVNIC, an administrator needed to use the `--guest-os-features=gvnic` flag when creating the instance.
|
|
known_issues:
|
|
- |
|
|
Custom firewall rules are removed during the upgrade process.
|
|
- |
|
|
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
|
|
- |
|
|
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
|
|
- |
|
|
If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
|
|
- |
|
|
The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
|
|
- |
|
|
{% data reusables.release-notes.2023-11-aws-system-time %}
|
|
- |
|
|
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
|
|
- |
|
|
{% data reusables.release-notes.2023-10-git-push-made-but-not-registered %}
|
|
- |
|
|
{% data reusables.release-notes.large-adoc-files-issue %}
|
|
- |
|
|
{% data reusables.release-notes.2023-11-cluster-ha-failover-git-push-failure %}
|
|
- |
|
|
{% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %}
|
|
- |
|
|
{% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %}
|
|
- |
|
|
{% data reusables.release-notes.2024-02-pages-deployment-error %}
|
|
- |
|
|
{% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17]
|