Enterprise Server 3.0 release notes
Enterprise Server 3.0.25
Download GitHub Enterprise Server 3.0.25February 17, 2022
ð£ è¿ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
On a freshly set up GitHub Enterprise Server instance without any users, an attacker could create the first admin user.
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.24
Download GitHub Enterprise Server 3.0.24February 01, 2022
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
Pages would become unavailable following a MySQL secret rotation until
nginx
was manually restarted.When setting the maintenance schedule with a ISO 8601 date, the actual scheduled time wouldn't match due to the timezone not being transformed to UTC.
The version number would not be correctly updated after a installing a hotpatch using
ghe-cluster-each
.Spurious error messages concerning the
cloud-config.service
would be output to the console.When using CAS authentication and the "Reactivate suspended users" option was enabled, suspended users were not automatically reactivated.
Bug fixes
The GitHub Connect data connection record now includes a count of the number of active and dormant users and the configured dormancy period.
Changes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.23
Download GitHub Enterprise Server 3.0.23January 18, 2022
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
Packages have been updated to the latest security versions. In these updates, Log4j has been updated to version 2.17.1. Note: previous mitigations released in 3.3.1, 3.2.6, 3.1.14, and 3.0.22 are sufficient to address the impact of CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 in these versions of GitHub Enterprise Server.
Sanitize more secrets in the generated support bundles
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
Running
ghe-config-apply
could sometimes fail because of permission issues in/data/user/tmp/pages
.The save button in management console was unreachable by scrolling in lower resolution browsers.
IOPS and Storage Traffic monitoring graphs were not updating after collectd version upgrade.
Some webhook related jobs could generated large amount of logs.
Bug fixes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.22
Download GitHub Enterprise Server 3.0.22December 13, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
Critical: A remote code execution vulnerability in the Log4j library, identified as CVE-2021-44228, affected all versions of GitHub Enterprise Server prior to 3.3.1. The Log4j library is used in an open source service running on the GitHub Enterprise Server instance. This vulnerability was fixed in GitHub Enterprise Server versions 3.0.22, 3.1.14, 3.2.6, and 3.3.1. For more information, please see this post on the GitHub Blog.
December 17, 2021 update: The fixes in place for this release also mitigate CVE-2021-45046, which was published after this release. No additional upgrade for GitHub Enterprise Server is required to mitigate both CVE-2021-44228 and CVE-2021-45046.
Security fixes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.21
Download GitHub Enterprise Server 3.0.21December 07, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
Support bundles could include sensitive files if they met a specific set of conditions.
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned CVE-2021-41598.
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned CVE-2021-41599. Updated February 17, 2022.
Security fixes
Running
ghe-config-apply
could sometimes fail because of permission issues in/data/user/tmp/pages
.A misconfiguration in the Management Console caused scheduling errors.
Docker would hold log files open after a log rotation.
GraphQL requests did not set the GITHUB_USER_IP variable in pre-receive hook environments.
Bug fixes
Clarifies explanation of Actions path-style in documentation.
Updates support contact URLs to use the current support site, support.github.com.
Changes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.20
Download GitHub Enterprise Server 3.0.20November 23, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
Pre-receive hooks would fail due to undefined
PATH
.Running
ghe-repl-setup
would return an error:cannot create directory /data/user/elasticsearch: File exists
if the instance had previously been configured as a replica.In large cluster environments, the authentication backend could be unavailable on a subset of frontend nodes.
Some critical services may not have been available on backend nodes in GHES Cluster.
Bug fixes
An additional outer layer of
gzip
compression when creating a cluster support bundle withghe-cluster-suport-bundle
is now turned off by default. This outer compression can optionally be applied with theghe-cluster-suport-bundle -c
command line option.We have added extra text to the admin console to remind users about the mobile apps' data collection for experience improvement purposes.
The GitHub Connect data connection record now includes a list of enabled GitHub Connect features. [Updated 2021-12-09]
Changes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.19
Download GitHub Enterprise Server 3.0.19November 09, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker needed permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3, and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported through the GitHub Bug Bounty program and has been assigned CVE-2021-22870.
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
Some Git operations failed after upgrading a GitHub Enterprise Server 3.x cluster because of the HAProxy configuration.
Unicorn worker counts might have been set incorrectly in clustering mode.
Resqued worker counts might have been set incorrectly in clustering mode.
If Ubuntu's Uncomplicated Firewall (UFW) status was inactive, a client could not clearly see it in the logs.
Some pages and Git-related background jobs might not run in cluster mode with certain cluster configurations.
The enterprise audit log page would not display audit events for ç§å¯æ«æ.
Users were not warned about potentially dangerous bidirectional unicode characters when viewing files. For more information, see "Warning about bidirectional Unicode text" in GitHub å客.
Hookshot Go sent distribution type metrics that Collectd could not handle, which caused a ballooning of parsing errors.
Public repositories displayed unexpected results from ç§å¯æ«æ with a type of
Unknown Token
.
Bug fixes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.18
Download GitHub Enterprise Server 3.0.18October 28, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
Several known weak SSH public keys have been added to the deny list and can no longer be registered. In addition, versions of GitKraken known to generate weak SSH keys (7.6.x, 7.7.x and 8.0.0) have been blocked from registering new public keys.
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
Several parts of the application were unusable for users who are owners of many organizations.
Bug fixes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.17
Download GitHub Enterprise Server 3.0.17October 12, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
Custom pre-receive hooks could have failed due to too restrictive virtual memory or CPU time limits.
Attempting to wipe all existing configuration settings with
ghe-cleanup-settings
failed to restart the Management Console service.During replication teardown via
ghe-repl-teardown
Memcached failed to be restarted.During periods of high load, users would receive HTTP 503 status codes when upstream services failed internal healthchecks.
Pre-receive hook environments were forbidden from calling the cat command via BusyBox on Alpine.
The external database password was logged in plaintext.
An erroneous
jq
error message may have been displayed when runningghe-config-apply
.Failing over from a primary Cluster datacenter to a secondary Cluster datacenter succeeds, but then failing back over to the original primary Cluster datacenter failed to promote Elasticsearch indicies.
The Site Admin page for repository self-hosted runners returned an HTTP 500.
In some cases, GitHub Enterprise Administrators attempting to view the
Dormant users
page received502 Bad Gateway
or504 Gateway Timeout
response.
Bug fixes
More effectively delete Webhook logs that fall out of the Webhook log retention window.
Changes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.16
Download GitHub Enterprise Server 3.0.16September 24, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
HIGH: A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This is the result of an incomplete fix for CVE-2021-22867. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned CVE-2021-22868.
MEDIUM: An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases. It has been assigned CVE-2021-22869.
Security fixes
Resque worker counts were displayed incorrectly during maintenance mode.
Allocated memcached memory could be zero in clustering mode.
Fixes GitHub Pages builds so they take into account the NO_PROXY setting of the appliance. This is relevant to appliances configured with an HTTP proxy only. (update 2021-09-30)
The GitHub Connect configuration of the source instance was always restored to new instances even when the
--config
option forghe-restore
was not used. This would lead to a conflict with the GitHub Connect connection and license synchronization if both the source and destination instances were online at the same time. The fix also requires updating backup-utils to 3.2.0 or higher. [updated: 2021-11-18]
Bug fixes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.15
Download GitHub Enterprise Server 3.0.15September 07, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
Attempting to tear down a newly-added replica node by specifying its UUID with
ghe-repl-teardown
would fail without reporting an error if replication was not started.GitHub Pages builds were being passed through an external proxy if there was one configured.
Custom pre-receive hooks that created sub-processes would lack a
PATH
variable in their environment, resulting in "No such file or directory" errors.MySQL could failover during an upgrade if
mysql-auto-failover
was enabled.
Bug fixes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.14
Download GitHub Enterprise Server 3.0.14August 24, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
Attaching very large images or animated GIFs to images or pull requests would fail.
Journald messages related to automatic updates (
Adding h/m/s random time.
) were logged to syslog.Custom pre-receive hooks that used a bash subshell would return an error:
No such file or directory
.Custom pre-receive hooks that created named pipes (FIFOs) would crash or hang, resulting in a timeout error.
Adding filters to the audit log advanced search page did not populate the query text box in real-time with the correct facet prefix and value.
Git hooks to the internal API that result in failing requests returned the exception
undefined method body for "success":String (NoMethodError)
instead of returning an explicitnil
.When an integration was removed, it was possible for an unrelated OAuth application or integration to also be removed.
When a mandatory message containing an emoji character was added, attempting to view or change the message would return a 500 Internal Server Error.
Bug fixes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.13
Download GitHub Enterprise Server 3.0.13August 10, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
When GitHub Actions is enabled without running regular scheduled backups the MSSQL Transaction Log could grow unbounded and can consume all available space on the appliance's Data Disk causing a possible outage.
Audit log entries for changes made to "Repository creation" organization settings were inaccurate.
Excessive logging of
ActionController::UnknownFormat
exceptions caused unnecessary disk usage.LDAP
group_dn
values longer than 255 characters would result in errors being logged:Data truncated for column 'group_dn' at row 1
.
Bug fixes
Abuse rate limits are now called Secondary rate limits, since the behavior they limit is not always abusive.
Changes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.12
Download GitHub Enterprise Server 3.0.12July 27, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
Custom pre-receive hooks could lead to an error like
error: object directory /data/user/repositories/0/nw/12/34/56/7890/network.git/objects does not exist; check .git/objects/info/alternates
.Unauthenticated HTTP proxy for the pages containers build was not supported for any users that use HTTP proxies.
A significant number of 503 errors were logged every time a user visited a repository''s
/settings
page if the dependency graph was not enabled.Internal repositories were only returned when a user had affiliations with the repository through a team or through collaborator status, or queried with the
?type=internal
parameter.Failed background jobs had unlimited retries which could cause large queue depths.
A significant number of 503 errors were being created if the scheduled job to sync vulnerabilities with GitHub.com attempted to run when dependency graph was not enabled and content analysis was enabled.
Bug fixes
The logs for
babeld
now include acmd
field for HTTP ref advertisement requests instead of only including it during the negotiation requests.
Changes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.11
Download GitHub Enterprise Server 3.0.11July 14, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
HIGH: A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and has been assigned CVE-2021-22867. This vulnerability was reported via the GitHub Bug Bounty program.
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
SAML expiration date variable was not configurable.
Application services would fail their health checks during config apply before they could enter a healthy state.
ghe-cluster-config-node-init
would fail during cluster setup if HTTP proxy is enabled.Pre-receive hooks could encounter an error
Failed to resolve full path of the current executable
due to/proc
not being mounted on the container.Collectd would not resolve the forwarding destination hostname after the initial startup.
The job that purged stale deleted repositories could fail to make progress if some of those repositories were protected from deletion by legal holds.
Running
git nw-gc --pristine
would result in an error.Background jobs were being queued to the
spam
queue which were not being processed.The preferred merge method would be reset when retrying after a failed PR merge.
Git pushes could result in a 500 Internal Server Error during the user reconciliation process on instances using LDAP authentication mode.
Bug fixes
Improved the efficiency of config apply by skipping IP allow firewall rules that had not changed, which saved significant time on large clusters.
Changes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.10
Download GitHub Enterprise Server 3.0.10June 24, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
管çæ§å¶å°ä¸å¯è½ä¼ç§¯ç´¯å¤§é
gauge-dependency-graph-api-dispatch_dispatch
ææ ãsshd æå¡ææ¶æ æ³ä» Google Cloud å¹³å°ä¸è¿è¡çå®ä¾å¼å§ã
æ§çå级æ件å°æç»å¨ç¨æ·ç£çä¸ï¼ææ¶å¯¼è´ç©ºé´ä¸è¶³ã
æ¥å¿æ转ææ¶ä¼ä¸æåå°ä½ä¸ã
gh-migrator
æ¾ç¤ºäºå ¶æ¥å¿è¾åºçä¸æ£ç¡®è·¯å¾ãå¦æ导åºæ件å å«ä¸å¨åæ¡£ä¸çå¢éç审æ¥è¯·æ±ï¼å导åºåæ¡£å¨å¯¼å ¥æ¶å°å¤±è´¥ã
Bug fixes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.9
Download GitHub Enterprise Server 3.0.9June 10, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
å¦æå®ä¾æ æ³ä½¿ç¨é ç½®ç主æºåè¿è¡èªè¯·æ±ï¼åå级è¿ç¨å¯è½ä¼å¨å级æä½æ¶å¤±è´¥ã
SVN 1.7 å以ä¸å®¢æ·ç«¯å¨ä½¿ç¨
svn co
åsvn export
å½ä»¤æ¶åºç°é误ã使ç¨
ghe-repo <owner>/<reponame>
éè¿ç®¡çå¤å£³è®¿é®ä»åºå°è¢«æèµ·ãå级åï¼ç¨æ·å¨å¤§é使ç¨æ¶ä¼åå°å¯ç¨æ§ï¼å 为æå¡éå¯å¤ªé¢ç¹ã åºç°è¿ç§æ åµæ¯å 为 nomad é ç½®ä¸å é¨æå¡å¨çé ç½®ä¹é´è¶ æ¶ä¸å¹é ã
å¨æäºæ åµä¸ï¼è®¾ç½® GitHub Actions åè¿è¡
ghe-repl-status
ä¼äº§çé误ï¼å¹¶ä¸ghe-actions-teardown
ä¼å¤±è´¥ãghe-dbconsole
ä¼å¨æäºæ åµä¸è¿åé误ãä» é GitHub æºå¯¼å ¥ç»ç»æä»åºå¤±è´¥å¯è½ä¼äº§ç
undefined method '[]' for nil:NilClass
é误ãä½¿ç¨ SAML 身份éªè¯æ¶ï¼å¦æ GitHub é ç½®æ件å称ä¸å¹é 管çæ§å¶å°ä¸æ å°å°âFull nameï¼å ¨åï¼âå段çå±æ§å¼ï¼GitHub é ç½®æ件å称å¯è½å·²æ æä¸æ´æ¹ã
Bug fixes
firstPatchedVersion
å段ç°å¨å¯ä»¥å¨ GraphQL API ä¸çSecurityVulability
对象ä¸ä½¿ç¨ãGraphQL API çç¨æ·å¯ä»¥å¨
PullRequest
对象ä¸æ¥è¯¢å ¬å ±å段closingIssuesReferences
ãæ¤å段æ£ç´¢å¨ç¸å ³æå请æ±å并æ¶èªå¨å ³éçè®®é¢ãæ¤æ¹æ³è¿å 许æªæ¥è¿ç§»æ¤æ°æ®ï¼ä½ä¸ºæ´é«ä¿ç度移å¾è¿ç¨çä¸é¨åã
Changes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级è¿ç¨ä¸è¢«å é¤ã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.8
Download GitHub Enterprise Server 3.0.8May 25, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
ä¸ï¼å¨æäºæ åµä¸ï¼ä»å¢éæç»ç»ä¸å é¤çç¨æ·å¯ä»¥ä¿ç对ç°ææå请æ±æå¼çåæ¯çåå ¥æéã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
å¨åå§å®è£ è¿ç¨çâConfigure Actions and Packagesï¼é ç½® Actions å Packagesï¼â页é¢ï¼å½ç®¡çåç¹å»âTest domain settingsï¼æµè¯å设置ï¼âæé®æ¶ï¼æµè¯æªå®æã
è¿è¡
ghe-btop
失败ï¼é误为cannot find a 'babeld' containerï¼æ¾ä¸å° 'babeld' 容å¨ï¼
ãç±äºå é¨åå¤é¨è¶ æ¶å¼ä¸å¹é ï¼ç¨æ·å¨å级åæ æ³è·å¾æå¡ã
MSSQL ä¸çæ£å¸¸å¤å¶å»¶è¿ä¼çæè¦åã
GitHub Enterprise Clustering Guide å¨ç®¡çæ§å¶å°ä¸çé¾æ¥ä¸æ£ç¡®ã
管çå使ç¨âCreate Whitelist Entryï¼å建ç½ååæ¡ç®ï¼âæé®æ·»å ç IP å°åä»å¯è½è¢«éå®ã
æªå¯ç¨çä»åºä¸æ¾ç¤ºäºâä¾èµå ³ç³»å¾âåâDependabot è¦æ¥âåè½çå¼ç¨ã
对
/hooks
端ç¹çHTTP POST 请æ±å¯è½ä¼å 为hookID
设置ä¸æ£ç¡®è失败ï¼åºç° 401 ååºãbuild-server
è¿ç¨æªè½æ¸ çè¿ç¨ï¼å°å®ä»¬çå¨defunct
ç¶æä¸ãspond
å建äºè¿å¤çæ¥å¿æ¡ç®ï¼å æ¬âä¿®å¤ä½ç½®å·²è·³è¿âçè¯ã
Bug fixes
è¶ è¿ 4 个æçæ£æ¥æ³¨éå°åæ¡£ã
Changes
使ç¨"ghe-repo
/ "éè¿ç®¡ç shell 访é®ä»åºå°æèµ·ãä½ä¸ºè§£å³æ¹æ³ï¼å¯ä½¿ç¨"ghe-repo / -c"bash-i"ï¼ç´å°ä¸ä¸ä¸ªçæ¬ä¸è¿è¡äºä¿®æ£ã å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级æé´ä¸ä¼ä¿æã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.7
Download GitHub Enterprise Server 3.0.7May 13, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
é«ï¼ å¨ GitHub Enterprise Server ä¸åç°äº UI é误表述æ¼æ´ï¼å è®¸å¨ GitHub åºç¨ç¨åºçç¨æ·ææç½ç»æµç¨æé´æäºæ¯æ¹åè¿ç¨ä¸æ¾ç¤ºç»ç¨æ·å¤çæéãè¦å©ç¨æ¤æ¼æ´ï¼æ»å»è éè¦å¨å®ä¾ä¸å建ä¸ä¸ª GitHub åºç¨ç¨åºï¼ç¨æ·éè¦éè¿ web 身份éªè¯æµç¨ææåºç¨ç¨åºãæææäºçæéé½å°å¨ç¬¬ä¸æ¬¡æææé´æ£ç¡®æ¾ç¤ºï¼ä½å¨æäºæ åµä¸ï¼å¦æç¨æ·å¨ GitHub åºç¨ç¨åºé ç½®äºé¢å¤çç¨æ·çº§æéåéæ°å®¡æ¥æææµç¨ï¼è¿äºé¢å¤çæéå¯è½æ æ³æ¾ç¤ºï¼å¯¼è´æäºçæéæ¯ç¨æ·æ½å¨çé¢æè¦å¤ãæ¤æ¼æ´ä¼å½±å 3.0.7 ä¹åç GitHub Enterprise Server 3.0.x å 2.22.13 ä¹åç 2.22.xï¼å¨ 3.0.7 å 2.22.13 çæ¬ä¸å·²ä¿®å¤ã 已为æ¤æ¼æ´åé CVE-2021-2286ï¼å¹¶éè¿ GitHub Bug Bounty 计å æ¥åã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
æä½æå åå¨é ç½®ä¸å å«çå¼å·å¯è½ä¼å¯¼è´é误ã
ç±äºæ件大å°ææå¼æ件æ°éçéå¶è¿äºä¸¥æ ¼ï¼èªå®ä¹é¢æ¥æ¶æé©å¯è½ä¼å¤±è´¥ã
å¨é ç½®åºç¨é¶æ®µå¯ä»¥å¯ç¨ Orchestrator èªå¨æ é转移ã
å ·æä»åºç»´æ¤åæéçç¨æ·ä¼æ¶å°çµåé®ä»¶éªè¯è¦åï¼èä¸æ¯å¨ä»åº Pages 设置页é¢ä¸æ建æåç页é¢ã
éé 符è§åç代ç ææè å°è¢«é误å°æ·»å å°ä»£ç ææè å¾½ç« çææè å表ä¸ï¼å³ä½¿è¯¥è·¯å¾ä¼å 使ç¨è¾æ°çè§åã
OpenAPI ææ¡£å¼ç¨äºæ æçæ 头ã
å¨å建æç¼è¾é¢æ¥æ¶æé©æ¶ï¼ç¨æ·çé¢ä¸çç«äºæ åµæå³çå¨éæ©ä»åºåï¼ä»åºä¸çæ件ææ¶ä¸ä¼å¡«å å°æ件ä¸æå表ä¸ã
Bug fixes
æ·»å äº HAProxy éè½½æ¶é ç½®æ´æ¹çæ¥å¿è®°å½ã
æ·»å äºä»åºå建çæ¥å¿è®°å½ã
Changes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级æé´ä¸ä¼ä¿æã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.6
Download GitHub Enterprise Server 3.0.6April 28, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
å¨å级è¿ç¨ä¸ï¼è¿ç¨å°å¨
cleanup nomad job
ä¹åæ éææåãghe-cluster-failover
失败ï¼åºç°é误æ¶æ¯Trilogy::Error: trilogy_connect
ãghe-cluster-status-mysql
å°æå ³æ é转移çè¦åæ¾ç¤ºä¸ºé误ãå¨ MySQL å¯æ¬ä¸è¿è¡çå®è£ èæ¬å¯è½å¯¼è´æ°æ®åºæ é转移æé´ä¸å¿ è¦çæ°æ®åºéæ°æç§ã
å级æªå æ¬æ£ç¡®å®è£ ç Actions è¿è¡å¨ææ°çæ¬ã
github-env
é ç½®å¯è½å¯¼è´åµå°¸è¿ç¨ãç±äºä¸å¿ è¦å°è°ç¨
rake db:migrate
ï¼config-apply
å¯è½éè¦æ´é¿çæ¶é´ãOrchestrator å¯è½å·²æ éè½¬ç§»å° MySQL å¯æ¬ï¼å½ä¸»æ°æ®åºæ æ³è¿æ¥æ¶ï¼å®æ æ³å¨æç§é¶æ®µä»ä¸»æ°æ®åºå¤å¶ã
åºç°é误çç»ç»æ项ç®é»æ¢äºè¿ç§»ï¼æ æ³æé¤ã
对äºæå±ç»ç»è¶ è¿ 50 个çç¨æ·ç¦ç¨äºâCreate Repositoryï¼å建ä»åºï¼âæé®ã
å é¤åæ¯ä¼ä¸´æ¶éªçä¸æ¡é误æ¶æ¯ï¼æ示å é¤æåæ¶åºéã
rms-packages
ç´¢å¼æ¾ç¤ºå¨ç«ç¹ç®¡çå仪表æ¿ä¸ãç±äºè¡¨åä¸æªæ¾ç¤ºæ£ç¡®çå¯è§æ§é项ï¼å æ¤ç»ç»ææè æ æ³å建å é¨ä»åºã
å¨æä½å¯å¨å·¥ä½æµç¨é ç½®é误çæ åµä¸ï¼ä»åºæä½é项å¡æ¾ç¤º 500ã
ç±äºéæ©äºæå®æ´çç£çèä¸æ¯ç©ºèç¹ï¼åå¨ä¸»æºè¶ è¿ä¸ä¸ªç客æ·æ æ³æ¢å¤å°å ¶ç¾é¾æ¢å¤é群ã
åºç¨çè¡¥ä¸åï¼ä»£ç æ«æå端æå¡æ æ³å¯é å¯å¨ã
Bug fixes
é»è®¤æ åµä¸ï¼é¢è¿è¡æ£æ¥å 许ææ AWS å®ä¾ç±»åã
Changes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级æé´ä¸ä¼ä¿æã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.5
Download GitHub Enterprise Server 3.0.5April 14, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
å¯¹äº GitHub Enterprise Server 3.0+ çæä½åºç¡è®¾æ½è¦æ±å·²ç»å¢å ãæ´å¤ä¿¡æ¯è¯·åé âå ³äºGitHub Enterprise Server 3.0 åæ´é«çæ¬çæä½è¦æ±âã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
æäºæ¥å¿æªå å«å¨æ¥å¿è½¬åé ç½®ä¸ã
è¦åæ¶æ¯
jq: error (at <stdin>:0): Cannot index number with string "settings"
å¯è½å¨å¯æ¬å级æé´åºç°ãç±äº MySQL å¯æ¬æ æ³è¿æ¥å°ä¸»æ°æ®åºï¼å æ¤å°å¤ä»½è¿ç»è¿åå°é群å¯è½ä¼å¤±è´¥ã
使ç¨èªå®ä¹ CA è¯ä¹¦æ¶é¡µé¢æªåå¸ã
ä¸ååç¸å ³çå æªæ¾ç¤ºå¨âæµè¯å设置âæ示ä¸ä»¥è¿è¡ååé离ã
éè¿ web æé©åéç
X-GitHub-Enterprise-Host
æ 头å å«ä¸ä¸ªéæºå符串ï¼èä¸æ¯åé HTTP POST ææè´è½½ç GitHub Enterprise Server å®ä¾ç主æºåãå¦æå åå¯ç¨äº GitHub Actionsï¼ä½å¨å级ä¹å被ç¦ç¨ï¼åä» 2.22.x åçº§å° 3.0.x å°ä¼å¤±è´¥ã
访é®
/settings/email
页é¢ä¼åå¨ç¶æï¼å¨ç»åºå¹¶éæ°ç»å½æ¶å¯è½å¯¼è´é误çéå®åãå¨è®®é¢è¯è®ºä¸éè¿æååè½ç´æ¥æåå¢éæ¶ï¼GitHub éæåºç¨ç¨åºæ æ³éç¥å¢éã
restructuredText(RST) 渲æå¨ web çé¢å¯è½å¤±è´¥ï¼åèæ¾ç¤ºåå§ RST æ è®°ææ¬ã
å¦ææªå®å ¨å¯ç¨ä¾èµé¡¹å¾ï¼åä¸ä¼å°å¯ç æ«æè¦æ¥ççµåé®ä»¶éç¥åéç»ææç¨æ·ã
å½ ghe-migrator éå°å¯¼å ¥é误æ¶ï¼å®ææ¶ä¼ä¸æ¢æ´ä¸ªè¿ç¨ï¼ä½æ¥å¿ä¸æ²¡æå å«è¶³å¤çä¸ä¸æã
å ·æé ASCII å符ç Jupyter notebook å¯è½æ æ³æ¸²æã
Bug fixes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级æé´ä¸ä¼ä¿æã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å¨å并æå请æ±åå é¤åæ¯æ¶ï¼å³ä½¿åæ¯å é¤æåä¹ä¼åºç°é误æ¶æ¯ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.4
Download GitHub Enterprise Server 3.0.4April 01, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
å¯¹äº GitHub Enterprise Server 3.0+ çæä½åºç¡è®¾æ½è¦æ±å·²ç»å¢å ãæ´å¤ä¿¡æ¯è¯·åé âå ³äºGitHub Enterprise Server 3.0 åæ´é«çæ¬çæä½è¦æ±âã
é«ï¼å¨ GitHub ä¼ä¸æå¡å¨ä¸åç°äºä¸ä¸ªä¸å½ç访é®æ§å¶æ¼æ´ï¼è¯¥æ¼æ´å è®¸ä» GitHub App ç Web 身份éªè¯æµç¨ çæç访é®ä»¤çéè¿ REST API 读åä¸ç¨ä»åºå æ°æ®ï¼èæ éè·å¾éå½çæéãè¦å©ç¨æ¤æ¼æ´ï¼æ»å»è éè¦å¨å®ä¾ä¸å建 GitHub åºç¨ç¨åºï¼å¹¶è®©ç¨æ·éè¿ Web 身份éªè¯æµç¨ææåºç¨ç¨åºãè¿åçç§æä»åºå æ°æ®å°ä» éäºä»¤çæ è¯çç¨æ·æ¥æçä»åºãæ¤æ¼æ´å½±åäº GitHub Enterprise Server 3.0.4 ä¹åçææçæ¬ï¼ä½å¨ 3.0.4ã2.22.10ã2.21.18 çæ¬ä¸å·²ä¿®å¤ãæ¤æ¼æ´å·²åé CVE-2021-22865ï¼å¹¶éè¿ [GitHub Bug Bounty 计å]](https://bounty.github.com) æ¥åã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
å½å¯ç¨ç»´æ¤æ¨¡å¼æ¶ï¼æäºæå¡ä»ç¶å为âæ´»å¨è¿ç¨âï¼å°½ç®¡é¢è®¡å®ä»¬å°è¿è¡ï¼ 并ä¸ä¸åºè¯¥è¢«ååºã
å¨ä» 2.22.x å级å°å¯ç¨ GitHub Actions ç 3.0.x åï¼èªæ管è¿è¡å¨çæ¬æ²¡ææ´æ°ï¼ä¹æ²¡æèªæ管æ´æ°ã
æ§ GitHub Pages æ建æªè¿è¡æ¸ çï¼å¯¼è´ç£ç使ç¨éå¢å ã
memcached
æªå¨æ´»å¨çå¯æ¬ä¸è¿è¡ãå¯ç¨ GitHub Actions æ¶æ´æ°æ件æé失败ã
å¨ GitHub Enterprise 11.10.x ææ´æ©çæ¬ä¸è®¾ç½®çæ¶åºæ²¡æ被ä¸äºé»è®¤ä½¿ç¨ UTC æ¶é´çæå¡ä½¿ç¨ã
æå¡æªä½ä¸ºæ¥å¿æ转çä¸é¨åèè¿æ¸¡å°æ°çæ¥å¿æ件ï¼å¯¼è´ç£ç使ç¨éå¢å ã
ghe-saml-mapping-csv
å½ä»¤è¡å®ç¨çæäºä¸æ¡è¦åæ¶æ¯ãå é¨ä»åºæç´¢ç»æä¸çæ ç¾æ¾ç¤ºä¸ºâç§æâèä¸æ¯âå é¨âã
Bug fixes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级æé´ä¸ä¼ä¿æã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
å¦æç¬è®°æ¬å å«é ASCII UTF-8 å符ï¼ç½é¡µçé¢ä¸ç Jupyter Notebook 渲æå¯è½ä¼å¤±è´¥ã
restructuredText(RST) 渲æå¨ web çé¢å¯è½å¤±è´¥ï¼åèæ¾ç¤ºåå§ RST æ è®°ææ¬ã
å¨å并æå请æ±åå é¤åæ¯æ¶ï¼å³ä½¿åæ¯å é¤æåä¹ä¼åºç°é误æ¶æ¯ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.3
Download GitHub Enterprise Server 3.0.3March 23, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
ç±äºå½±åå¤ä¸ªå®¢æ·çé大é误ï¼ä¸è½½å·²ç¦ç¨ãä¿®å¤ç¨åºå°å¨ä¸ä¸ä¸ªä¿®è¡¥ç¨åºä¸æä¾ã
é«ï¼å¨ GitHub Enterprise Server ä¸åç°äºè¿ç¨ä»£ç æ§è¡æ¼æ´ï¼å¯è½å¨æ建 GitHub Pages ç«ç¹æ¶è¢«å©ç¨ãGitHub Pages 使ç¨çç¨æ·æ§å¶é ç½®é项没æåå°è¶³å¤çéå¶ï¼å æ¤å¯ä»¥è¦ç导è´å¨ GitHub Enterprise Server å®ä¾ä¸æ§è¡ä»£ç çç¯å¢åéãè¦å©ç¨æ¤æ¼æ´ï¼æ»å»è éè¦è·å¾å¨ GitHub Enterprise Server å®ä¾ä¸å建åæ建 GitHub Pages ç«ç¹çæéãæ¤æ¼æ´å½±å GitHub Enterprise Server 3.0.3 ä¹åçææçæ¬ï¼å·²å¨ 3.0.3ã2.22.9 å 2.21.17 ä¸ä¿®å¤ãæ¤æ¼æ´éè¿ GitHub Bug Bounty 计åæ¥åï¼å·²åé CVE-2021-22864ã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
è¿è¡
ghe-cluster-config-init
å¯è½ä¼ä½¿é群æ æ³æä½ãå½èªå®ä¹é¢æ¥æ¶æé©é ç½®å¨ä»åºä¸æ¶ï¼è§£æ GUI ä¸çå并å²çªå°å¤±è´¥ã
launch-deplauncher
ålaunch-recever
å¨DEBUG 级å«è®°å½æ¥å¿ï¼å¹¶ä¸ç¨ä¸å¿ è¦çä¿¡æ¯å¡«å æ¥å¿ãç³»ç»å¯è½ä¼å¤±å» HAProxy PID çè·è¸ªã
å½ Actions é ç½®ä¸ºä½¿ç¨ S3 åå¨æ¶ï¼æä½çæ¥å¿ææ¶æ æ³å è½½ã
Mysql-failover è¦åå¨æåæ é转移åæ éææ¾ç¤ºã
ghe-cluster-config-init
è¿è¡æªå®å ¨èèèæ¯ä½ä¸çéåºä»£ç ï¼å¯¼è´å°æ£æ¥çå¤çä¸å½ãå¯ç¨ GitHub Actions æ¶ï¼åå§åå¯è½ä¼éé»å¤±è´¥ã
å¯ç¨æ¼æ´è¦æ¥åï¼åçº§å° 3.0 ç³»åå°å¤±è´¥ã
ä¸ Codespace æå ³çä½ä¸å¨æéï¼å¯¼è´æªå¤ççä½ä¸ç´¯ç§¯ã
Bug fixes
å³ä½¿æå 个èç¹å ³éï¼å¯¹ consul å nomad
bootstrap_expect
使ç¨ç¸å¯¹ç¼å·ä¹å 许é群 bootstrapãé¤æ¶é´å¤ï¼æ¥å¿è¿æ ¹æ®å¤§å°æ转ã
æ·»å kafka lite å° 'ghe-cluster-status' å½ä»¤ã
Changes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级æé´ä¸ä¼ä¿æã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
When maintenance mode is enabled, some services continue to be listed as "active processes". The services identified are expected to run during maintenance mode. If you experience this issue and are unsure, contact GitHub Enterprise Support.
å¦æç¬è®°æ¬å å«é ASCII UTF-8 å符ï¼ç½é¡µçé¢ä¸ç Jupyter Notebook 渲æå¯è½ä¼å¤±è´¥ã
restructuredText(RST) 渲æå¨ web çé¢å¯è½å¤±è´¥ï¼åèæ¾ç¤ºåå§ RST æ è®°ææ¬ã
Pages çæ§çæ¬æªæ¸ çï¼å¯è½å¡«å ç¨æ·ç£ç (
/data/user/
)ãå¨å并æå请æ±åå é¤åæ¯æ¶ï¼å³ä½¿åæ¯å é¤æåä¹ä¼åºç°é误æ¶æ¯ã
Log rotation may fail to signal services to transition to new log files, leading to older log files continuing to be used, and eventual root disk space exhaustion. To remedy and/or prevent this issue, run the following commands in the administrative shell (SSH), or contact GitHub Enterprise Support for assistance:
printf "PATH=/usr/local/sbin:/usr/local/bin:/usr/local/share/enterprise:/usr/sbin:/usr/bin:/sbin:/bin\n29,59 * * * * root /usr/sbin/logrotate /etc/logrotate.conf\n" | sudo sponge /etc/cron.d/logrotate sudo /usr/sbin/logrotate -f /etc/logrotate.conf
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.2
Download GitHub Enterprise Server 3.0.2March 16, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
å¯¹äº GitHub Enterprise Server 3.0+ çæä½åºç¡è®¾æ½è¦æ±å·²ç»å¢å ãæ´å¤ä¿¡æ¯è¯·åé âå ³äºGitHub Enterprise Server 3.0 åæ´é«çæ¬çæä½è¦æ±âã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
å¨å¤ä»½è¿ç¨ä¸å°è¯æ¸ çå¯æ¸ é¤çåå¨å¯¹è±¡æ¶ï¼åºç°äºâWarning: One or more storage objects were not found on the source appliance.ï¼è¦åï¼æºè®¾å¤ä¸æªæ¾å°ä¸ä¸ªæå¤ä¸ªåå¨å¯¹è±¡ãï¼âçé误ã
ä¾èµå ³ç³»å¾æ æ³è§£æ
yarn.lock
JavaScript æ¸ åæ件ï¼å¯¼è´æ¥å¿ä¸ç HTTP 500 é误ãç¦ç¨ GitHub Actions ææ¶ä¼å¤±è´¥ã
èªå®ä¹é¢æ¥æ¶æé©ä¸å 许åå ¥
/tmp
ï¼ä»èé»æ¢æäºèæ¬æ£å¸¸è¿è¡ãå¨å¤ä¸ªå°æ¹å¤å¶äºç³»ç»æ¥å¿ã
å¨ GitHub Enterprise 11.10.x ææ´æ©çæ¬ä¸è®¾ç½®çæ¶åºå¨åçº§å° 3 å被é置为 UTC æ¶é´ï¼å¯¼è´æ¶é´æ³å¨æäºæ åµä¸æ¹åã
åå»ä»åºä¸å 侧边æ ä¸çâPublish your first packageï¼åå¸æ¨ç第ä¸ä¸ªå ï¼âå°å¯¼è´ç©ºç½é¡µé¢ã
ç«ç¹ç®¡çåå¨å°è¯æ¥çä»ç§æç§æä»åºå¼ç¨çè®®é¢æ¶å¯è½ä¼è·å¾ 500 é误页é¢ã
ç¦ç¨ GitHub Packages åï¼ä¸äºç»ç»é¡µé¢ä¼è¿å HTTP 500 é误ååºã
ä» GitHub Enterprise Server å¯¼å ¥ä¸¢å¤±çä»åºæ件å°å é误è失败ã
ä»åºé¨ç½²å¯é¥ æ æ³ç¨äºå å« LFS 对象çä»åºã
å¨ä»åºç软件å 侧边æ ä¸ï¼Docker å¾æ æ¯ç°è²çï¼å·¥å ·æ示æ¾ç¤ºâThis service is deprecatedï¼æ¤æå¡å·²å¼ç¨ï¼âã
使ç¨
application/x-www-form-urlencoded
çå 容类åé ç½®ç web æé©å¨ POST 请æ±æ£æä¸æ²¡ææ¥æ¶æ¥è¯¢åæ°ãç¨æ·æ ééä¸ææå¤éæ¡å³å¯å¿½ç¥å¼ºå¶æ¶æ¯ã
å¨æäºæ åµä¸ï¼ä» 2.22.X å®ä¾å级åï¼web æ¥å£èµæºä¸¢å¤±ï¼é¡µé¢æ æ³æ£å¸¸è¿è¡ã
è¿è¡
ghe-config-apply
å¯è½ä¼è¶ æ¶ï¼å¹¶ä¸å â'job' stanza not foundï¼æ¾ä¸å° stanza ä½ä¸ï¼âèåºç°âFailure waiting for nomad jobs to applyï¼çå¾ nomad ä½ä¸åºç¨å¤±è´¥ï¼âã
Bug fixes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级æé´ä¸ä¼ä¿æã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
When maintenance mode is enabled, some services continue to be listed as "active processes". The services identified are expected to run during maintenance mode. If you experience this issue and are unsure, contact GitHub Enterprise Support.
å¦æç¬è®°æ¬å å«é ASCII UTF-8 å符ï¼ç½é¡µçé¢ä¸ç Jupyter Notebook 渲æå¯è½ä¼å¤±è´¥ã
restructuredText(RST) 渲æå¨ web çé¢å¯è½å¤±è´¥ï¼åèæ¾ç¤ºåå§ RST æ è®°ææ¬ã
Pages çæ§çæ¬æªæ¸ çï¼å¯è½å¡«å ç¨æ·ç£ç (
/data/user/
)ãå¨å并æå请æ±åå é¤åæ¯æ¶ï¼å³ä½¿åæ¯å é¤æåä¹ä¼åºç°é误æ¶æ¯ã
ç¨æ·å¯è½ä¼éå°ä¸äºèµäº§ï¼å¦å¤´åï¼ä¸å è½½ï¼æè æ æ³æ¨é/æå代ç ãè¿å¯è½æ¯ç±äº
haproxy-cluster-proxy
æå¡ä¸ç PID ä¸å¹é é æçãè¦ç¡®å®æ¨æ¯å¦æåå½±åçå®ä¾ï¼åä¸å®ä¾
. å¨ administrative shell (SSH) ä¸è¿è¡ï¼
`` if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi
2. å¦æå®æ¾ç¤ºåå¨ä¸å¹é ï¼éå¯å®ä¾ã
é群æé«å¯ç¨æ§é ç½®
- å¨ ç®¡ç shell (SSH) ä¸è¿è¡å®ï¼
ghe-cluster-each -- 'if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi'
2. å¦æå®æ¾ç¤ºä¸ä¸ªæå¤ä¸ªèç¹åå°å½±åï¼è¯·éå¯åå½±åçèç¹ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.1
Download GitHub Enterprise Server 3.0.1March 02, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
å¯¹äº GitHub Enterprise Server 3.0+ çæä½åºç¡è®¾æ½è¦æ±å·²ç»å¢å ãæ´å¤ä¿¡æ¯è¯·åé âå ³äºGitHub Enterprise Server 3.0 åæ´é«çæ¬çæä½è¦æ±âã
é«ï¼å¨ GitHub Enterprise Server ä¸åç°äºä¸ä¸ªä¸éå½ç访é®æ§å¶æ¼æ´ï¼å 许ç»è¿éªè¯çå®ä¾ç¨æ·éè¿ç¹æ®æ建çæå请æ±å REST API 请æ±è·å¾å¯¹æªææä»åºçåå ¥æéãæ»å»è éè¦è½å¤å¤å»ç®æ ä»åºï¼è¯¥è®¾ç½®é»è®¤ä¸ºç»ç»æ¥æçç§æä»åºç¦ç¨ãåæ¯ä¿æ¤ï¼å¦æéçæå请æ±å®¡æ¥æç¶ææ£æ¥ï¼å°é²æ¢æªç»è¿ä¸æ¥å®¡æ¥æéªè¯çæªæææ交被å并ãæ¤æ¼æ´å·²åé CVE-2021-22861ãè¿ä¸ªé®é¢æ¯éè¿ GitHub Bug Bounty 计å æ¥åçã
é«ï¼ GitHub Enterprise Server GraphQL API ä¸åç°äºä¸ä¸ªä¸å½ç访é®æ§å¶æ¼æ´ï¼å 许ç»è¿éªè¯çå®ä¾ç¨æ·å¨æªç»éå½ææçæ åµä¸ä¿®æ¹æå请æ±çç»´æ¤è åä½æéãéè¿å©ç¨æ¤æ¼æ´ï¼æ»å»è å°è½å¤è®¿é®å¨å ¶ä½ä¸ºç»´æ¤è çä»åºä¸æå¼çæå请æ±ç头é¨åæ¯ã对äºç»ç»æ¥æçç§æä»åºï¼å¤å»é»è®¤ä¸ºç¦ç¨ï¼å¹¶å°é»æ¢æ¤æ¼æ´ãæ¤å¤ï¼åæ¯ä¿æ¤ï¼å¦å¿ éçæå请æ±å®¡æ¥æç¶ææ£æ¥ï¼å°é²æ¢æªç»è¿ä¸æ¥å®¡æ¥æéªè¯çæªæææ交被å并ãæ¤æ¼æ´å·²åé CVE-2021-22863ãè¿ä¸ªé®é¢æ¯éè¿ GitHub Bug Bounty 计å æ¥åçã
é«ï¼å¨ GitHub Enterprise Server ä¸åç°äºä¸å½ç访é®æ§å¶æ¼æ´ï¼å 许è½å¤å¤å»ä»åºçç»éªè¯ç¨æ·ä¸ºå¤å»çç¶ä»åºæ«é² Actions å¯é¥ãæ¤æ¼æ´çåå¨æºäºä¸ä¸ªç¼ºé·ï¼è¯¥ç¼ºé·å 许æ´æ°æå请æ±çåºç¡å¼ç¨ï¼ä»¥æåå¤å»ä»åºå¤é¨çä»»æ SHA æå ¶ä»æå请æ±ãéè¿å¨ PR ä¸å»ºç«æ¤ä¸æ£ç¡®çå¼ç¨ï¼å¯ä»¥ç»è¿éå¶ä»å¤å»åéå·¥ä½æµç¨ç Actions å¯é¥çéå¶ãæ¤æ¼æ´å½±åäº GitHub Enterprise Server çæ¬ 3.0.0ã3.0.0.rc2 å 3.0.0.rc1ï¼å¹¶å·²åé CVE-2021-22862ãæ¤æ¼æ´æ¯éè¿ GitHub Bug Bounty 计åæ¥åçã
ä¸ï¼æ¥èª GitHub Pages 建ç«å·ç GitHub 令çå¯è½å¨æ¥å¿ä¸ç»æã
å å·²æ´æ°å°ææ°çå®å ¨çæ¬ã
Security fixes
å¨æäºæ åµä¸ï¼è´è½½å¹³è¡¡å¨å¥åº·æ£æ¥å¯è½å¯¼è´ babld æ¥å¿å 满æå ³ä»£çåè®®çé误ã
HTTP æ 头å¨ç¹å®ååºä¸ä¸ç¬¦å HTTP RFC æ åï¼å¦ 304 åæ¡£çç¶æã
å¨å¯ç¨äºä¾èµå ³ç³»å¾åè½çä¸»æº Python ä»åºçå®ä¾ä¸ï¼ç±äºæ ¹çä¸å¡«å äºé误æ¥å¿ï¼å®ä¾å¯è½ä¼åå¾æ ååºã
å¨ GitHub Enterprise å¤ä»½å®ç¨ç¨åºå¿«ç §æé´ï¼ä¿¡æ¯æ¶æ¯è¢«æ æä¸è®°å½ä¸ºé误ï¼è¿å¯¼è´å¨å¤ä»½ç±ä¾¦å¬è¾åºå° stderr ç cron ä½ä¸å®ææ¶åéä¸å¿ è¦ççµåé®ä»¶ã
å¨ VMWare ESX 6.7 ä¸ï¼åå§é ç½®å¯è½ä¼å¨å建主æºå¯é¥æ¶æèµ·ï¼ä½¿å®ä¾æ æ³éè¿ SSH 访é®ã
å¯ç¨ GitHub Actions æ¶ï¼å¨ç®¡çæ§å¶å°ä¸ç¦ç¨ç»´æ¤æ¨¡å¼å¤±è´¥ã
å å建设置æ¾ç¤ºå¨ç»ç»æå设置页é¢ä¸ï¼ä½æ¤åè½å°ä¸å¯ç¨ã
å¨ Security & Analysisï¼å®å ¨ååæï¼é¡µé¢ä¸å¯ç¨å¯é¥æ«ææ¶ï¼å¯¹è¯æ¡ä¸æ£ç¡®å°æåç§æä»åºã
å¨ç¼è¾ wiki 页é¢æ¶ï¼ç¨æ·åå» Saveï¼ä¿åï¼æé®æ¶å¯è½ä¼éå° 500 é误ã
使ç¨ä¸»é¢æ¿ä»£å称ä¸å ·æå¤ä¸ªå称çè¯ä¹¦ç¾åç S/MIME ç¾åæ交å°é误å°æ¾ç¤ºä¸ºæäº¤å¾½ç« ä¸çâæªéªè¯âã
ç¨æ·å¨ä½¿ç¨ LDAP 身份éªè¯é ç½®çå®ä¾ä¸æ§è¡ git æä½æ¶çå° 500 é误ã
被æåçç¨æ·å¨æ·»å å°å¢éæ¶æ¶å°çµåé®ä»¶ã
å½ä»åºæ大éæ¸ åæ¶ï¼å¨ Insightsï¼è§è§£ï¼-> Dependency graphï¼ä¾èµå ³ç³»å¾ï¼é项å¡ä¸æ¾ç¤ºé误
You have reached the maximum number of allowed manifest files (20) for this repository.
ï¼æ¨å·²è¾¾å°æ¤åå¨åºå 许çæ¸ åæ件çæ大æ°éï¼ãæ´å¤ä¿¡æ¯è¯·åé å¯è§åéå¶ãå³ä½¿åå¨åºæªå¯ç¨ Actionsï¼ä¹å¯ä¿®å¤æ¾ç¤ºè®¾ç½®ä»£ç æ«æ代 CodeQL Action é项çç¨æ·ã
æ æ³æåå¯ç¨æç¦ç¨ä¼ä¸å¸æ·è®¾ç½®ä¸çâPrevent repository admins from changing anonymous Git read accessï¼é²æ¢ä»åºç®¡çåæ´æ¹å¿å Git 读å访é®æéï¼âå¤éæ¡ã
ç¨äºæ¾ç¤ºå¼ºå¶æ¶æ¯ç模ç»ä¸å å«åç´æ»å¨æ ï¼è¿æå³çæ æ³å®å ¨æ¥çè¾é¿çæ¶æ¯ã
Redis ææ¶å¨ç¡¬éå¯æåºç¨ç¨åºå´©æºåæ æ³å¯å¨ã
ä¾èµå ³ç³»å¾æ æ³è§£æ
setup.py
Python æ¸ åæ件ï¼å¯¼è´æ¥å¿ä¸ç HTTP 500 é误ã è¿ç§æ åµåå ä¸éå¤çè®°å½é®é¢ï¼å¯¼è´æ ¹å·ç使ç¨å¢å ã
Bug fixes
å½å¤ä¸ªç¨æ·ä¸è½½åä¸åæ¡£æ¶ï¼å¯åæ¶æ»¡è¶³è¯·æ±ï¼ä»èæé«æ§è½ã
Changes
å¨æ°å»ºç没æä»»ä½ç¨æ·ç GitHub Enterprise Server ä¸ï¼æ»å»è å¯ä»¥å建第ä¸ä¸ªç®¡çåç¨æ·ã
èªå®ä¹é²ç«å¢è§åå¨å级æé´ä¸ä¼ä¿æã
Git LFS è·è¸ªçæ件éè¿ Web çé¢ä¸ä¼ 被é误å°ç´æ¥æ·»å å°ä»åºã
å¦æè®®é¢å å«æ件路å¾é¿äº 255 个å符çåä¸ä»åºä¸ blob çæ°¸ä¹ é¾æ¥ï¼åè®®é¢æ æ³å ³éã
对 GitHub Connect å¯ç¨âç¨æ·å¯ä»¥æç´¢ GitHub.comâåï¼ç§æåå é¨ä»åºä¸çè®®é¢ä¸å æ¬å¨ GitHub.com æç´¢ç»æä¸ã
When maintenance mode is enabled, some services continue to be listed as "active processes". The services identified are expected to run during maintenance mode. If you experience this issue and are unsure, contact GitHub Enterprise Support.
éå¤è®°å½å°
/var/log/messages
ã/var/log/syslog
å/var/log/user.log
å°æé«æ ¹å·å©ç¨çãç¨æ·æ ééä¸ææå¤éæ¡å³å¯å¿½ç¥å¼ºå¶æ¶æ¯ã
é¢æ¥æ¶æé©èæ¬ æ æ³ç¼å临æ¶æ件ï¼è¿å¯è½å¯¼è´èæ¬æ§è¡å¤±è´¥ã使ç¨é¢æ¥æ¶æé©çç¨æ·åºå¨æåç¯å¢ä¸è¿è¡æµè¯ï¼ä»¥æ¥çèæ¬æ¯å¦éè¦åå ¥æéã
ä»åºé¨ç½²å¯é¥ æ æ³ç¨äºå å« LFS 对象çä»åºã
å¦æç¬è®°æ¬å å«é ASCII UTF-8 å符ï¼ç½é¡µçé¢ä¸ç Jupyter Notebook 渲æå¯è½ä¼å¤±è´¥ã
restructuredText(RST) 渲æå¨ web çé¢å¯è½å¤±è´¥ï¼åèæ¾ç¤ºåå§ RST æ è®°ææ¬ã
ä¾èµå ³ç³»å¾æ æ³è§£æ
yarn.lock
Javascript æ¸ åæ件ï¼å¯¼è´æ¥å¿ä¸ç HTTP 500 é误ãèªå®ä¹æ¶åºä»è¾æ©åå¸ç GitHub Enterprise Server å级çå®ä¾å¯è½å¨ web UI ä¸æä¸æ£ç¡®çæ¶é´æ³ã
Pages çæ§çæ¬æªæ¸ çï¼å¯è½å¡«å ç¨æ·ç£ç (
/data/user/
)ãå¨å并æå请æ±åå é¤åæ¯æ¶ï¼å³ä½¿åæ¯å é¤æåä¹ä¼åºç°é误æ¶æ¯ã
ç¨æ·å¯è½ä¼éå°ä¸äºèµäº§ï¼å¦å¤´åï¼ä¸å è½½ï¼æè æ æ³æ¨é/æå代ç ãè¿å¯è½æ¯ç±äº
haproxy-cluster-proxy
æå¡ä¸ç PID ä¸å¹é é æçãè¦ç¡®å®æ¨æ¯å¦æåå½±åçå®ä¾ï¼åä¸å®ä¾
. å¨ administrative shell (SSH) ä¸è¿è¡ï¼
`` if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi
2. å¦æå®æ¾ç¤ºåå¨ä¸å¹é ï¼éå¯å®ä¾ã
é群æé«å¯ç¨æ§é ç½®
- å¨ ç®¡ç shell (SSH) ä¸è¿è¡å®ï¼
ghe-cluster-each -- 'if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi'
2. å¦æå®æ¾ç¤ºä¸ä¸ªæå¤ä¸ªèç¹åå°å½±åï¼è¯·éå¯åå½±åçèç¹ã
å½å¯æ¬èç¹å¨é«å¯ç¨æ§é ç½®ä¸ç¦»çº¿æ¶ï¼GitHub Enterprise Server ä»å¯è½å° GitHub Pages 请æ±è·¯ç±å°ç¦»çº¿èç¹ï¼ä»èåå°ç¨æ·ç GitHub Pages å¯ç¨æ§ã
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
Enterprise Server 3.0.0
Download GitHub Enterprise Server 3.0.0February 16, 2021
ð£ è¿ä¸æ¯æ¤çæ¬ç³»åçææ°ä¿®è¡¥çï¼ä¹ä¸æ¯ Enterprise Server çææ°çæ¬ã 请使ç¨ææ°çæ¬è·åææ°çå®å ¨æ§ãæ§è½åé误修å¤ã
The minimum infrastructure requirements have increased for GitHub Enterprise Server 3.0+. For more information, see "About minimum requirements for GitHub Enterprise Server 3.0 and later."
HIGH: A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability has been assigned CVE-2020-10519 and was reported via the GitHub Bug Bounty Program.
Security fixes
GitHub Actions is now generally available on GitHub Enterprise Server 3.0+. Build, test, and deploy your code from GitHub. Submit code reviews, branch management, and issue triaging work the way you want.
This release includes several improvements from the beta of GitHub Actions on GitHub Enterprise Server:
- Enterprise, organization, and repository admins can create security policies for access to GitHub Actions on GitHub.com.
- Enterprise, organization, and repository admins can allow public repositories to use self-hosted runners.
- Enterprise, organization, and repository admins can now allow workflows to run on pull requests raised from forks of private repositories.
- The
workflow_run
event is now supported - Users now have the ability to disable workflows and enable them at a later date.
- Workflow logs have been enhanced for a better user experience.
- Users can now use private images in container jobs and services.
- The max retention days for artifacts and logs can now be customized.
- The runner group API now includes labels.
- You can now create reusable actions using shell scripts with compose run steps.
- Encrypted secrets for an organization allows you to consolidate secrets across repositories.
- Workflow templates for an organization streamlines and promotes best practices and consistency across your organization.
GitHub Actions is not currently supported for enterprises using cluster configurations.
GitHub Packages is a package hosting service, natively integrated with GitHub APIs, Actions, and webhooks. Create an end-to-end DevOps workflow that includes your code, continuous integration, and deployment solutions.
Supported storage back ends include AWS S3 and MinIO with support for Azure blob coming in a future release. Please note that the current Docker support will be replaced by a beta of the new GitHub Container Registry in a future release. Please review the updated minimum requirements for your platform before you turn on GitHub Packages.
When publishing packages to NuGet, users can now use the
--api-key
option to pass their authentication token instead of writing it into a file. For more information, see Configuring dotnet CLI for use with GitHub PackagesGitHub Packages is not currently supported for enterprises using cluster configurations.
GitHub Mobile beta allows you to triage notifications and manage issues and pull requests from your device. You can be simultaneously signed into mobile with one user account on GitHub.com and one user account on GitHub Enterprise Server.
GitHub Mobile beta is now available for GitHub Enterprise Server. Sign in with our Android and iOS apps to triage notifications and manage issues and pull requests on the go. Administrators can disable mobile support for their Enterprise using the management console or by running
ghe-config app.mobile.enabled false
.Secret Scanning beta scans public and private repositories for committed credentials, finds secrets, and notifies the secret provider or admin the moment they are committed into a repository.
Administrators using GitHub Advanced Security can enable and configure GitHub Advanced Security secret scanning. You can review the updated minimum requirements for your platform before you turn on GitHub Advanced Security secret scanning.
GitHub Advanced Security code scanning is now generally available on GitHub Enterprise Server. Organizations who have purchased Advanced Security can use this capability to do static analysis security testing against their code, and prevent vulnerabilities from making it to their production code using CodeQL, our semantic analysis engine. For more information, see "Configuring code scanning on your appliance"
Features
GitHub Actions
GitHub Packages
GitHub Mobile beta
Advanced Security Secret Scanning beta
Advanced Security Code Scanning
The webhook events delivery system has been rearchitected for higher throughput, faster deliveries, and fewer delayed messages. It also uses less CPU and memory in GitHub Enterprise Server 3.0+.
Organization and Enterprise owners can now see when a team member has been promoted to or demoted from being a team maintainer in the audit log through the new
team.promote_maintainer
andteam.demote_maintainer
audit log events. For more information, see "Audited actions."Repository maintainers with existing GitHub Pages sites can easily update their prior default branch name.
Additional hardware resources are required to run GitHub Enterprise Server with any of Actions, Packages or Advanced Security enabled. For more information on the minimum required resources for each supported platform, see "Setting up a GitHub Enterprise Server instance."
Administrators can now publish a message, which all users must accept. This can help to onboard new users and surface other organization-specific information and policies.
Organization owners can now disable publication of GitHub Pages sites from repositories in the organization. Disabling GitHub Pages for the organization will prevent members from creating new Pages sites but will not unpublish existing sites. For more information, see "Disabling publication of GitHub Pages sites for your organization."
A datacenter must be explicitly defined on all nodes before enabling an active replica.
All usage of SSH fingerprints has been switched to use SHA256 fingerprints as they are used with OpenSSH since version 6.8 as well. This applies to the web interface and also the API where fingerprints are returned such as in GraphQL. The fingerprints follow the OpenSSH format.
SHA-1 and SHA-256 signature headers (two headers) are sent on webhooks.
Majority of the services running in GitHub Enterprise Server 3.0+ are now on containers which internally enables GitHub to iterate fast and ship high quality releases
The webhook events delivery system has been rearchitected for higher throughput, faster deliveries, and fewer delayed messages.
Administrators can now configure and manage the site-wide announcement banner via the REST API. For more information, see the endpoints for "GitHub Enterprise administration."
A new API endpoint enables the exchange of a user to server token for a user to server token scoped to specific repositories. For more information, see "Apps" in the GitHub REST API documentation.
Enterprise and organization administrators can now set the default branch name for new repositories. Enterprise administrators can also enforce their choice of default branch name across all organizations or allow individual organizations to choose their own.
Existing repositories are unaffected by these settings, and their default branch name will not be changed.
The default branch for newly-created repositories will be set to
main
in GHES 3.1, unless you opt out by setting the default branch setting at the enterprise level.This change is one of many changes GitHub is making to support projects and maintainers that want to rename their default branch. To learn more about the changes we're making, see github/renaming.
Changes
Administration Changes
Security Changes
Developer Changes
API Changes
Default branch renaming
All known issues from Release Candidate 1 and Release Candidate 2 have been fixed, except those listed in the Known Issues section below.
Issues with migrations and upgrades to 3.0.0 have been fixed.
Backup Utilities versioning now works for release candidate versions.
Generating a support bundle resulted in an error in the orchestrator logs.
A large restore could result in Redis running out of memory.
The checkbox to enable GitHub Actions in the Management Console is now visible with any authentication method.
GitHub Actions could be enabled if the required storage was also configured.
ghe-repl-status
could silently fail if MSSQL replication was not configured.The format of several log files have changed, including the addition of a PID for different log types. This does not affect how GitHub Enterprise Support uses support bundles to troubleshoot issues.
A PATCH request to the webhook configuration API no longer erases the webhook secret.
Certain types of pre-receive hooks were failing.
The Packages NuGet service now normalizes semantic versions on publish. An invalid semantic version (for example: v1.0.0.0.0.0) is not downloadable by NuGet clients and therefore a NuGet service is expected to normalize those versions (for example: v1.0.0.0.0.0 --> v1.0.0). Any original, non-normalized, version will be available in the
verbatimVersion
field. No changes to client configurations are required.
Bug fixes
Fixes for known issues from Release Candidates
Fixes for other issues
On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
When maintenance mode is enabled, some services continue to be listed as "active processes". The services identified are expected to run during maintenance mode. If you experience this issue and are unsure, contact GitHub Enterprise Support.
When GitHub Actions is enabled, use '
ghe-maintenance -u
' to unset maintenance mode.Duplicated logging to
/var/log/messages
,/var/log/syslog
, and/var/log/user.log
results in increased root volume utilization.Users can dismiss a mandatory message without checking all checkboxes.
Pre-receive hook scripts cannot write temporary files, which may cause script execution to fail. Users who use pre-receive hooks should test in a staging environment to see if scripts require write access.
Repository deploy keys are unable to be used with repositories containing LFS objects.
Jupyter Notebook rendering in the web UI may fail if the notebook includes non-ASCII UTF-8 characters.
reStructuredText (RST) rendering in the web UI may fail and instead display raw RST markup text.
Dependency graph fails to parse
setup.py
Python manifest files, resulting in HTTP 500 errors in logs. This, combined with the duplicated logging issue, results in increased root volume utilization.A race condition can cause dependency graph database migrations to appear to fail.
Instances with a custom timezone that were upgraded from an earlier release of GitHub Enterprise Server may have incorrect timestamps in the web UI.
Old builds of Pages are not cleaned up, which could fill up the user disk (
/data/user/
).When deleting a branch after merging a pull request, an error message appears although the branch deletion succeeds.
When a replica node is offline in a high availability configuration, GitHub Enterprise Server may still route GitHub Pages requests to the offline node, reducing the availability of GitHub Pages for users.
Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
Known issues
GitHub Enterprise Server 2.19 is deprecated as of November 12, 2020. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.
Starting with GitHub Enterprise Server 2.21.0 two legacy GitHub Apps-related webhook events have been deprecated and will be removed in GitHub Enterprise Server 3.2.0. The deprecated events
integration_installation
andintegration_installation_repositories
have equivalent events which will be supported. More information is available in the deprecation announcement blog post.Starting with GitHub Enterprise Server 2.21.0 the legacy GitHub Apps endpoint for creating installation access tokens was deprecated and will be removed in GitHub Enterprise Server 3.2.0. More information is available in the deprecation announcement blog post.
GitHub no longer supports the OAuth application endpoints that contain
access_token
as a path parameter. We have introduced new endpoints that allow you to securely manage tokens for OAuth Apps by movingaccess_token
to the request body. While deprecated, the endpoints are still accessible in this version. We intend to remove these endpoints on GitHub Enterprise Server 3.4. For more information, see the deprecation announcement blog post.The service supported a "Find by Symbol" experience in the pull request view that was not widely used.
GitHub Actions
set-env
andadd-path
workflow commands have been deprecated. For more information, see the changelog.
Deprecations
Deprecation of GitHub Enterprise Server 2.19
Deprecation of Legacy GitHub App Webhook Events
Deprecation of Legacy GitHub Apps Endpoint
Deprecation of OAuth Application API
Deprecation of support for Semiotic
Deprecation of workflow commands
GitHub Enterprise Server 3.0 requires at least GitHub Enterprise Backup Utilities 3.0.0 for Backups and Disaster Recovery.