Enterprise Server 3.0 release notes

包已更新到最新的安全版本。

包已更新到最新的安全版本。

Pages would become unavailable following a MySQL secret rotation until nginx was manually restarted.

When setting the maintenance schedule with a ISO 8601 date, the actual scheduled time wouldn't match due to the timezone not being transformed to UTC.

The version number would not be correctly updated after a installing a hotpatch using ghe-cluster-each.

Spurious error messages concerning the cloud-config.service would be output to the console.

When using CAS authentication and the "Reactivate suspended users" option was enabled, suspended users were not automatically reactivated.

The GitHub Connect data connection record now includes a count of the number of active and dormant users and the configured dormancy period.

Packages have been updated to the latest security versions. In these updates, Log4j has been updated to version 2.17.1. Note: previous mitigations released in 3.3.1, 3.2.6, 3.1.14, and 3.0.22 are sufficient to address the impact of CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 in these versions of GitHub Enterprise Server.

Sanitize more secrets in the generated support bundles

包已更新到最新的安全版本。

Running ghe-config-apply could sometimes fail because of permission issues in /data/user/tmp/pages.

The save button in management console was unreachable by scrolling in lower resolution browsers.

IOPS and Storage Traffic monitoring graphs were not updating after collectd version upgrade.

Some webhook related jobs could generated large amount of logs.

Critical: A remote code execution vulnerability in the Log4j library, identified as CVE-2021-44228, affected all versions of GitHub Enterprise Server prior to 3.3.1. The Log4j library is used in an open source service running on the GitHub Enterprise Server instance. This vulnerability was fixed in GitHub Enterprise Server versions 3.0.22, 3.1.14, 3.2.6, and 3.3.1. For more information, please see this post on the GitHub Blog.

December 17, 2021 update: The fixes in place for this release also mitigate CVE-2021-45046, which was published after this release. No additional upgrade for GitHub Enterprise Server is required to mitigate both CVE-2021-44228 and CVE-2021-45046.

Support bundles could include sensitive files if they met a specific set of conditions.

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned CVE-2021-41598.

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned CVE-2021-41599. Updated February 17, 2022.

Running ghe-config-apply could sometimes fail because of permission issues in /data/user/tmp/pages.

A misconfiguration in the Management Console caused scheduling errors.

Docker would hold log files open after a log rotation.

GraphQL requests did not set the GITHUB_USER_IP variable in pre-receive hook environments.

Clarifies explanation of Actions path-style in documentation.

Updates support contact URLs to use the current support site, support.github.com.

包已更新到最新的安全版本。

Pre-receive hooks would fail due to undefined PATH.

Running ghe-repl-setup would return an error: cannot create directory /data/user/elasticsearch: File exists if the instance had previously been configured as a replica.

In large cluster environments, the authentication backend could be unavailable on a subset of frontend nodes.

Some critical services may not have been available on backend nodes in GHES Cluster.

An additional outer layer of gzip compression when creating a cluster support bundle with ghe-cluster-suport-bundle is now turned off by default. This outer compression can optionally be applied with the ghe-cluster-suport-bundle -c command line option.

We have added extra text to the admin console to remind users about the mobile apps' data collection for experience improvement purposes.

The GitHub Connect data connection record now includes a list of enabled GitHub Connect features. [Updated 2021-12-09]

A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker needed permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3, and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported through the GitHub Bug Bounty program and has been assigned CVE-2021-22870.

包已更新到最新的安全版本。

Some Git operations failed after upgrading a GitHub Enterprise Server 3.x cluster because of the HAProxy configuration.

Unicorn worker counts might have been set incorrectly in clustering mode.

Resqued worker counts might have been set incorrectly in clustering mode.

If Ubuntu's Uncomplicated Firewall (UFW) status was inactive, a client could not clearly see it in the logs.

Some pages and Git-related background jobs might not run in cluster mode with certain cluster configurations.

The enterprise audit log page would not display audit events for 秘密扫描.

Users were not warned about potentially dangerous bidirectional unicode characters when viewing files. For more information, see "Warning about bidirectional Unicode text" in GitHub 博客.

Hookshot Go sent distribution type metrics that Collectd could not handle, which caused a ballooning of parsing errors.

Public repositories displayed unexpected results from 秘密扫描 with a type of Unknown Token.

Several known weak SSH public keys have been added to the deny list and can no longer be registered. In addition, versions of GitKraken known to generate weak SSH keys (7.6.x, 7.7.x and 8.0.0) have been blocked from registering new public keys.

包已更新到最新的安全版本。

Several parts of the application were unusable for users who are owners of many organizations.

包已更新到最新的安全版本。

Custom pre-receive hooks could have failed due to too restrictive virtual memory or CPU time limits.

Attempting to wipe all existing configuration settings with ghe-cleanup-settings failed to restart the Management Console service.

During replication teardown via ghe-repl-teardown Memcached failed to be restarted.

During periods of high load, users would receive HTTP 503 status codes when upstream services failed internal healthchecks.

Pre-receive hook environments were forbidden from calling the cat command via BusyBox on Alpine.

The external database password was logged in plaintext.

An erroneous jq error message may have been displayed when running ghe-config-apply.

Failing over from a primary Cluster datacenter to a secondary Cluster datacenter succeeds, but then failing back over to the original primary Cluster datacenter failed to promote Elasticsearch indicies.

The Site Admin page for repository self-hosted runners returned an HTTP 500.

In some cases, GitHub Enterprise Administrators attempting to view the Dormant users page received 502 Bad Gateway or 504 Gateway Timeout response.

More effectively delete Webhook logs that fall out of the Webhook log retention window.

HIGH: A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This is the result of an incomplete fix for CVE-2021-22867. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned CVE-2021-22868.

MEDIUM: An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases. It has been assigned CVE-2021-22869.

Resque worker counts were displayed incorrectly during maintenance mode.

Allocated memcached memory could be zero in clustering mode.

Fixes GitHub Pages builds so they take into account the NO_PROXY setting of the appliance. This is relevant to appliances configured with an HTTP proxy only. (update 2021-09-30)

The GitHub Connect configuration of the source instance was always restored to new instances even when the --config option for ghe-restore was not used. This would lead to a conflict with the GitHub Connect connection and license synchronization if both the source and destination instances were online at the same time. The fix also requires updating backup-utils to 3.2.0 or higher. [updated: 2021-11-18]

包已更新到最新的安全版本。

Attempting to tear down a newly-added replica node by specifying its UUID with ghe-repl-teardown would fail without reporting an error if replication was not started.

GitHub Pages builds were being passed through an external proxy if there was one configured.

Custom pre-receive hooks that created sub-processes would lack a PATH variable in their environment, resulting in "No such file or directory" errors.

MySQL could failover during an upgrade if mysql-auto-failover was enabled.

包已更新到最新的安全版本。

Attaching very large images or animated GIFs to images or pull requests would fail.

Journald messages related to automatic updates (Adding h/m/s random time.) were logged to syslog.

Custom pre-receive hooks that used a bash subshell would return an error: No such file or directory.

Custom pre-receive hooks that created named pipes (FIFOs) would crash or hang, resulting in a timeout error.

Adding filters to the audit log advanced search page did not populate the query text box in real-time with the correct facet prefix and value.

Git hooks to the internal API that result in failing requests returned the exception undefined method body for "success":String (NoMethodError) instead of returning an explicit nil.

When an integration was removed, it was possible for an unrelated OAuth application or integration to also be removed.

When a mandatory message containing an emoji character was added, attempting to view or change the message would return a 500 Internal Server Error.

When GitHub Actions is enabled without running regular scheduled backups the MSSQL Transaction Log could grow unbounded and can consume all available space on the appliance's Data Disk causing a possible outage.

Audit log entries for changes made to "Repository creation" organization settings were inaccurate.

Excessive logging of ActionController::UnknownFormat exceptions caused unnecessary disk usage.

LDAP group_dn values longer than 255 characters would result in errors being logged: Data truncated for column 'group_dn' at row 1.

Abuse rate limits are now called Secondary rate limits, since the behavior they limit is not always abusive.

包已更新到最新的安全版本。

Custom pre-receive hooks could lead to an error like error: object directory /data/user/repositories/0/nw/12/34/56/7890/network.git/objects does not exist; check .git/objects/info/alternates.

Unauthenticated HTTP proxy for the pages containers build was not supported for any users that use HTTP proxies.

A significant number of 503 errors were logged every time a user visited a repository''s /settings page if the dependency graph was not enabled.

Internal repositories were only returned when a user had affiliations with the repository through a team or through collaborator status, or queried with the ?type=internal parameter.

Failed background jobs had unlimited retries which could cause large queue depths.

A significant number of 503 errors were being created if the scheduled job to sync vulnerabilities with GitHub.com attempted to run when dependency graph was not enabled and content analysis was enabled.

The logs for babeld now include a cmd field for HTTP ref advertisement requests instead of only including it during the negotiation requests.

HIGH: A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and has been assigned CVE-2021-22867. This vulnerability was reported via the GitHub Bug Bounty program.

包已更新到最新的安全版本。

SAML expiration date variable was not configurable.

Application services would fail their health checks during config apply before they could enter a healthy state.

ghe-cluster-config-node-init would fail during cluster setup if HTTP proxy is enabled.

Pre-receive hooks could encounter an error Failed to resolve full path of the current executable due to /proc not being mounted on the container.

Collectd would not resolve the forwarding destination hostname after the initial startup.

The job that purged stale deleted repositories could fail to make progress if some of those repositories were protected from deletion by legal holds.

Running git nw-gc --pristine would result in an error.

Background jobs were being queued to the spam queue which were not being processed.

The preferred merge method would be reset when retrying after a failed PR merge.

Git pushes could result in a 500 Internal Server Error during the user reconciliation process on instances using LDAP authentication mode.

Improved the efficiency of config apply by skipping IP allow firewall rules that had not changed, which saved significant time on large clusters.

包已更新到最新的安全版本。

管理控制台中可能会积累大量 gauge-dependency-graph-api-dispatch_dispatch 指标。

sshd 服务有时无法从 Google Cloud 平台上运行的实例开始。

旧的升级文件将持续在用户磁盘上，有时导致空间不足。

日志旋转有时会中断后台作业。

gh-migrator 显示了其日志输出的不正确路径。

如果导出文件包含不在存档中的团队的审查请求，则导出存档在导入时将失败。

包已更新到最新的安全版本。

如果实例无法使用配置的主机名进行自请求，则升级过程可能会在升级操作时失败。

SVN 1.7 及以上客户端在使用 svn co 和 svn export 命令时出现错误。

使用 ghe-repo <owner>/<reponame> 通过管理外壳访问仓库将被挂起。

升级后，用户在大量使用时会减少可用性，因为服务重启太频繁。 出现这种情况是因为 nomad 配置与内部服务器的配置之间超时不匹配。

在某些情况下，设置 GitHub Actions 后运行 ghe-repl-status 会产生错误，并且 ghe-actions-teardown 会失败。

ghe-dbconsole 会在某些情况下返回错误。

从 非 GitHub 源导入组织或仓库失败可能会产生 undefined method '[]' for nil:NilClass 错误。

使用 SAML 身份验证时，如果 GitHub 配置文件名称不匹配管理控制台中映射到“Full name（全名）”字段的属性值，GitHub 配置文件名称可能已无意中更改。

firstPatchedVersion 字段现在可以在 GraphQL API 中的 SecurityVulability 对象上使用。

GraphQL API 的用户可以在 PullRequest 对象上查询公共字段 closingIssuesReferences 。此字段检索在相关拉取请求合并时自动关闭的议题。此方法还允许未来迁移此数据，作为更高保真度移徙过程的一部分。

中：在某些情况下，从团队或组织中删除的用户可以保留对现有拉取请求打开的分支的写入权限。

包已更新到最新的安全版本。

在初始安装过程的“Configure Actions and Packages（配置 Actions 和 Packages）”页面，当管理员点击“Test domain settings（测试域设置）”按钮时，测试未完成。

运行 ghe-btop 失败，错误为 cannot find a 'babeld' container（找不到 'babeld' 容器）。

由于内部和外部超时值不匹配，用户在升级后无法获得服务。

MSSQL 中的正常复制延迟会生成警告。

GitHub Enterprise Clustering Guide 在管理控制台上的链接不正确。

管理员使用“Create Whitelist Entry（创建白名单条目）”按钮添加的 IP 地址仍可能被锁定。

未启用的仓库中显示了“依赖关系图”和“Dependabot 警报”功能的引用。

对 /hooks 端点的HTTP POST 请求可能会因为 hookID 设置不正确而失败，出现 401 响应。

build-server进程未能清理进程，将它们留在 defunct 状态下。

spond 创建了过多的日志条目，包括“修复位置已跳过”短语。

超过 4 个月的检查注释将存档。

高： 在 GitHub Enterprise Server 中发现了 UI 错误表述漏洞，允许在 GitHub 应用程序的用户授权网络流程期间授予比批准过程中显示给用户多的权限。要利用此漏洞，攻击者需要在实例上创建一个 GitHub 应用程序，用户需要通过 web 身份验证流程授权应用程序。所有授予的权限都将在第一次授权期间正确显示，但在某些情况下，如果用户在 GitHub 应用程序配置了额外的用户级权限后重新审查授权流程，这些额外的权限可能无法显示，导致授予的权限比用户潜在的预期要多。此漏洞会影响 3.0.7 之前的 GitHub Enterprise Server 3.0.x 和 2.22.13 之前的 2.22.x，在 3.0.7 和 2.22.13 版本中已修复。 已为此漏洞分配 CVE-2021-2286，并通过 GitHub Bug Bounty 计划 报告。

包已更新到最新的安全版本。

操作或包存储配置中包含的引号可能会导致错误。

由于文件大小或打开文件数量的限制过于严格，自定义预接收挂钩可能会失败。

在配置应用阶段可以启用 Orchestrator 自动故障转移。

具有仓库维护员权限的用户会收到电子邮件验证警告，而不是在仓库 Pages 设置页面上构建成功的页面。

通配符规则的代码所有者将被错误地添加到代码所有者徽章的所有者列表中，即使该路径优先使用较新的规则。

OpenAPI 文档引用了无效的标头。

在创建或编辑预接收挂钩时，用户界面中的竞争情况意味着在选择仓库后，仓库中的文件有时不会填充到文件下拉列表中。

添加了 HAProxy 重载时配置更改的日志记录。

添加了仓库创建的日志记录。

包已更新到最新的安全版本。

在升级过程中，进程将在 cleanup nomad job 之后无限期暂停。

ghe-cluster-failover 失败，出现错误消息 Trilogy::Error: trilogy_connect。

ghe-cluster-status-mysql 将有关故障转移的警告显示为错误。

在 MySQL 副本上运行的安装脚本可能导致数据库故障转移期间不必要的数据库重新播种。

升级未包括正确安装的 Actions 运行器最新版本。

github-env 配置可能导致僵尸进程。

由于不必要地调用 rake db:migrate，config-apply 可能需要更长的时间。

Orchestrator 可能已故障转移到 MySQL 副本，当主数据库无法连接时，它无法在播种阶段从主数据库复制。

出现错误的组织或项目阻止了迁移，无法排除。

对于所属组织超过 50 个的用户禁用了“Create Repository（创建仓库）”按钮。

删除分支会临时闪烁一条错误消息，指示删除成功时出错。

rms-packages 索引显示在站点管理员仪表板中。

由于表单上未显示正确的可见性选项，因此组织所有者无法创建内部仓库。

在操作启动工作流程配置错误的情况下，仓库操作选项卡显示 500。

由于选择了最完整的磁盘而不是空节点，存储主机超过三个的客户无法恢复到其灾难恢复集群。

应用热补丁后，代码扫描后端服务无法可靠启动。

默认情况下，预运行检查允许所有 AWS 实例类型。

包已更新到最新的安全版本。

有些日志未包含在日志转发配置中。

警告消息 jq: error (at <stdin>:0): Cannot index number with string "settings" 可能在副本升级期间出现。

由于 MySQL 副本无法连接到主数据库，因此将备份连续还原到集群可能会失败。

使用自定义 CA 证书时页面未发布。

与子域相关的包未显示在“测试域设置”提示中以进行子域隔离。

通过 web 挂钩发送的 X-GitHub-Enterprise-Host 标头包含一个随机字符串，而不是发送 HTTP POST 有效负载的 GitHub Enterprise Server 实例的主机名。

如果先前启用了 GitHub Actions，但在升级之前被禁用，则从 2.22.x 升级到 3.0.x 将会失败。

访问 /settings/email 页面会存储状态，在登出并重新登录时可能导致错误的重定向。

在议题评论中通过提及功能直接提及团队时，GitHub 集成应用程序无法通知团队。

restructuredText(RST) 渲染在 web 界面可能失败，反而显示原始 RST 标记文本。

如果未完全启用依赖项图，则不会将密码扫描警报的电子邮件通知发送给授权用户。

当 ghe-migrator 遇到导入错误时，它有时会中止整个过程，但日志中没有包含足够的上下文。

具有非 ASCII 字符的 Jupyter notebook 可能无法渲染。

高：在 GitHub 企业服务器中发现了一个不当的访问控制漏洞，该漏洞允许从 GitHub App 的 Web 身份验证流程 生成的访问令牌通过 REST API 读取专用仓库元数据，而无需获得适当的权限。要利用此漏洞，攻击者需要在实例上创建 GitHub 应用程序，并让用户通过 Web 身份验证流程授权应用程序。返回的私有仓库元数据将仅限于令牌标识的用户拥有的仓库。此漏洞影响了 GitHub Enterprise Server 3.0.4 之前的所有版本，但在 3.0.4、2.22.10、2.21.18 版本中已修复。此漏洞已分配 CVE-2021-22865，并通过 [GitHub Bug Bounty 计划]](https://bounty.github.com) 报告。

包已更新到最新的安全版本。

当启用维护模式时，某些服务仍然列为“活动进程”，尽管预计它们将运行， 并且不应该被列出。

在从 2.22.x 升级到启用 GitHub Actions 的 3.0.x 后，自托管运行器版本没有更新，也没有自托管更新。

旧 GitHub Pages 构建未进行清理，导致磁盘使用量增加。

memcached 未在活动的副本上运行。

启用 GitHub Actions 时更新文件权限失败。

在 GitHub Enterprise 11.10.x 或更早版本中设置的时区没有被一些默认使用 UTC 时间的服务使用。

服务未作为日志旋转的一部分而过渡到新的日志文件，导致磁盘使用量增加。

ghe-saml-mapping-csv 命令行实用生成了一条警告消息。

内部仓库搜索结果上的标签显示为“私有”而不是“内部”。

高：在 GitHub Enterprise Server 中发现了远程代码执行漏洞，可能在构建 GitHub Pages 站点时被利用。GitHub Pages 使用的用户控制配置选项没有受到足够的限制，因此可以覆盖导致在 GitHub Enterprise Server 实例上执行代码的环境变量。要利用此漏洞，攻击者需要获得在 GitHub Enterprise Server 实例上创建和构建 GitHub Pages 站点的权限。此漏洞影响 GitHub Enterprise Server 3.0.3 之前的所有版本，已在 3.0.3、2.22.9 和 2.21.17 中修复。此漏洞通过 GitHub Bug Bounty 计划报告，已分配 CVE-2021-22864。

包已更新到最新的安全版本。

运行 ghe-cluster-config-init 可能会使集群无法操作。

当自定义预接收挂钩配置在仓库上时，解析 GUI 中的合并冲突将失败。

launch-deplauncher 和 launch-recever 在DEBUG 级别记录日志，并且用不必要的信息填充日志。

系统可能会失去 HAProxy PID 的跟踪。

当 Actions 配置为使用 S3 存储时，操作的日志有时无法加载。

Mysql-failover 警告在成功故障转移后无限期显示。

ghe-cluster-config-init 运行未完全考虑背景作业的退出代码，导致印检查的处理不当。

启用 GitHub Actions 时，初始化可能会静默失败。

启用漏洞警报后，升级到 3.0 系列将失败。

与 Codespace 有关的作业在排队，导致未处理的作业累积。

即使有几个节点关闭，对 consul 和 nomad bootstrap_expect 使用相对编号也允许集群 bootstrap。

除时间外，日志还根据大小旋转。

添加 kafka lite 到 'ghe-cluster-status' 命令。

包已更新到最新的安全版本。

在备份过程中尝试清理可清除的存储对象时，出现了“Warning: One or more storage objects were not found on the source appliance.（警告：源设备上未找到一个或多个存储对象。）”的错误。

依赖关系图无法解析 yarn.lock JavaScript 清单文件，导致日志中的 HTTP 500 错误。

禁用 GitHub Actions 有时会失败。

自定义预接收挂钩不允许写入 /tmp，从而阻止某些脚本正常运行。

在多个地方复制了系统日志。

在 GitHub Enterprise 11.10.x 或更早版本上设置的时区在升级到 3 后被重置为 UTC 时间，导致时间戳在某些情况下改变。

单击仓库上包侧边栏中的“Publish your first package（发布您的第一个包）”将导致空白页面。

站点管理员在尝试查看从私有私有仓库引用的议题时可能会获得 500 错误页面。

禁用 GitHub Packages 后，一些组织页面会返回 HTTP 500 错误响应。

从 GitHub Enterprise Server 导入丢失的仓库文件将因错误而失败。

仓库部署密钥 无法用于包含 LFS 对象的仓库。

在仓库的软件包侧边栏中，Docker 图标是灰色的，工具提示显示“This service is deprecated（此服务已弃用）”。

使用 application/x-www-form-urlencoded 的内容类型配置的 web 挂钩在 POST 请求正文中没有接收查询参数。

用户无需选中所有复选框即可忽略强制消息。

在某些情况下，从 2.22.X 实例升级后，web 接口资源丢失，页面无法正常运行。

运行 ghe-config-apply 可能会超时，并且因“'job' stanza not found（找不到 stanza 作业）”而出现“Failure waiting for nomad jobs to apply（等待 nomad 作业应用失败）”。

高：在 GitHub Enterprise Server 中发现了一个不适当的访问控制漏洞，允许经过验证的实例用户通过特殊构建的拉取请求和 REST API 请求获得对未授权仓库的写入权限。攻击者需要能够复刻目标仓库，该设置默认为组织拥有的私有仓库禁用。分支保护（如所需的拉取请求审查或状态检查）将防止未经进一步审查或验证的未授权提交被合并。此漏洞已分配 CVE-2021-22861。这个问题是通过 GitHub Bug Bounty 计划 报告的。

高： GitHub Enterprise Server GraphQL API 中发现了一个不当的访问控制漏洞，允许经过验证的实例用户在未经适当授权的情况下修改拉取请求的维护者协作权限。通过利用此漏洞，攻击者将能够访问在其作为维护者的仓库上打开的拉取请求的头部分支。对于组织拥有的私有仓库，复刻默认为禁用，并将阻止此漏洞。此外，分支保护（如必需的拉取请求审查或状态检查）将防止未经进一步审查或验证的未授权提交被合并。此漏洞已分配 CVE-2021-22863。这个问题是通过 GitHub Bug Bounty 计划 报告的。

高：在 GitHub Enterprise Server 中发现了不当的访问控制漏洞，允许能够复刻仓库的经验证用户为复刻的父仓库披露 Actions 密钥。此漏洞的存在源于一个缺陷，该缺陷允许更新拉取请求的基础引用，以指向复刻仓库外部的任意 SHA 或其他拉取请求。通过在 PR 中建立此不正确的引用，可以绕过限制从复刻发送工作流程的 Actions 密钥的限制。此漏洞影响了 GitHub Enterprise Server 版本 3.0.0、3.0.0.rc2 和 3.0.0.rc1，并已分配 CVE-2021-22862。此漏洞是通过 GitHub Bug Bounty 计划报告的。

中：来自 GitHub Pages 建立号的 GitHub 令牌可能在日志中结束。

包已更新到最新的安全版本。

在某些情况下，负载平衡器健康检查可能导致 babld 日志充满有关代理协议的错误。

HTTP 标头在特定响应中不符合 HTTP RFC 标准，如 304 存档的状态。

在启用了依赖关系图功能的主机 Python 仓库的实例中，由于根盘中填充了错误日志，实例可能会变得无响应。

在 GitHub Enterprise 备份实用程序快照期间，信息消息被无意中记录为错误，这导致在备份由侦听输出到 stderr 的 cron 作业安排时发送不必要的电子邮件。

在 VMWare ESX 6.7 上，初始配置可能会在创建主机密钥时挂起，使实例无法通过 SSH 访问。

启用 GitHub Actions 时，在管理控制台中禁用维护模式失败。

包创建设置显示在组织成员设置页面上，但此功能尚不可用。

在 Security & Analysis（安全和分析）页面上启用密钥扫描时，对话框不正确地提及私有仓库。

在编辑 wiki 页面时，用户单击 Save（保存）按钮时可能会遇到 500 错误。

使用主题替代名称中具有多个名称的证书签名的 S/MIME 签名提交将错误地显示为提交徽章中的“未验证”。

用户在使用 LDAP 身份验证配置的实例上执行 git 操作时看到 500 错误。

被暂停的用户在添加到团队时收到电子邮件。

当仓库有大量清单时，在 Insights（见解）-> Dependency graph（依赖关系图）选项卡上显示错误 You have reached the maximum number of allowed manifest files (20) for this repository.（您已达到此存储库允许的清单文件的最大数量）。更多信息请参阅可视化限制。

即使存储库未启用 Actions，也可修复显示设置代码扫描代 CodeQL Action 选项的用户。

无法成功启用或禁用企业帐户设置中的“Prevent repository admins from changing anonymous Git read access（防止仓库管理员更改匿名 Git 读取访问权限）”复选框。

用于显示强制消息的模组不包含垂直滚动栏，这意味着无法完全查看较长的消息。

Redis 有时在硬重启或应用程序崩溃后无法启动。

依赖关系图无法解析 setup.py Python 清单文件，导致日志中的 HTTP 500 错误。 这种情况再加上重复的记录问题，导致根卷的使用增加。

当多个用户下载同一存档时，可同时满足请求，从而提高性能。

HIGH: A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability has been assigned CVE-2020-10519 and was reported via the GitHub Bug Bounty Program.

GitHub Actions is now generally available on GitHub Enterprise Server 3.0+. Build, test, and deploy your code from GitHub. Submit code reviews, branch management, and issue triaging work the way you want.

This release includes several improvements from the beta of GitHub Actions on GitHub Enterprise Server:

• Enterprise, organization, and repository admins can create security policies for access to GitHub Actions on GitHub.com.
• Enterprise, organization, and repository admins can allow public repositories to use self-hosted runners.
• Enterprise, organization, and repository admins can now allow workflows to run on pull requests raised from forks of private repositories.
• The workflow_run event is now supported
• Users now have the ability to disable workflows and enable them at a later date.
• Workflow logs have been enhanced for a better user experience.
• Users can now use private images in container jobs and services.
• The max retention days for artifacts and logs can now be customized.
• The runner group API now includes labels.
• You can now create reusable actions using shell scripts with compose run steps.
• Encrypted secrets for an organization allows you to consolidate secrets across repositories.
• Workflow templates for an organization streamlines and promotes best practices and consistency across your organization.

GitHub Actions is not currently supported for enterprises using cluster configurations.

GitHub Packages is a package hosting service, natively integrated with GitHub APIs, Actions, and webhooks. Create an end-to-end DevOps workflow that includes your code, continuous integration, and deployment solutions.

Supported storage back ends include AWS S3 and MinIO with support for Azure blob coming in a future release. Please note that the current Docker support will be replaced by a beta of the new GitHub Container Registry in a future release. Please review the updated minimum requirements for your platform before you turn on GitHub Packages.

When publishing packages to NuGet, users can now use the --api-key option to pass their authentication token instead of writing it into a file. For more information, see Configuring dotnet CLI for use with GitHub Packages

GitHub Packages is not currently supported for enterprises using cluster configurations.

GitHub Mobile beta allows you to triage notifications and manage issues and pull requests from your device. You can be simultaneously signed into mobile with one user account on GitHub.com and one user account on GitHub Enterprise Server.

GitHub Mobile beta is now available for GitHub Enterprise Server. Sign in with our Android and iOS apps to triage notifications and manage issues and pull requests on the go. Administrators can disable mobile support for their Enterprise using the management console or by running ghe-config app.mobile.enabled false.

Secret Scanning beta scans public and private repositories for committed credentials, finds secrets, and notifies the secret provider or admin the moment they are committed into a repository.

Administrators using GitHub Advanced Security can enable and configure GitHub Advanced Security secret scanning. You can review the updated minimum requirements for your platform before you turn on GitHub Advanced Security secret scanning.

GitHub Advanced Security code scanning is now generally available on GitHub Enterprise Server. Organizations who have purchased Advanced Security can use this capability to do static analysis security testing against their code, and prevent vulnerabilities from making it to their production code using CodeQL, our semantic analysis engine. For more information, see "Configuring code scanning on your appliance"

The webhook events delivery system has been rearchitected for higher throughput, faster deliveries, and fewer delayed messages. It also uses less CPU and memory in GitHub Enterprise Server 3.0+.

Organization and Enterprise owners can now see when a team member has been promoted to or demoted from being a team maintainer in the audit log through the new team.promote_maintainer and team.demote_maintainer audit log events. For more information, see "Audited actions."

Repository maintainers with existing GitHub Pages sites can easily update their prior default branch name.

Additional hardware resources are required to run GitHub Enterprise Server with any of Actions, Packages or Advanced Security enabled. For more information on the minimum required resources for each supported platform, see "Setting up a GitHub Enterprise Server instance."

Administrators can now publish a message, which all users must accept. This can help to onboard new users and surface other organization-specific information and policies.

Organization owners can now disable publication of GitHub Pages sites from repositories in the organization. Disabling GitHub Pages for the organization will prevent members from creating new Pages sites but will not unpublish existing sites. For more information, see "Disabling publication of GitHub Pages sites for your organization."

A datacenter must be explicitly defined on all nodes before enabling an active replica.

All usage of SSH fingerprints has been switched to use SHA256 fingerprints as they are used with OpenSSH since version 6.8 as well. This applies to the web interface and also the API where fingerprints are returned such as in GraphQL. The fingerprints follow the OpenSSH format.

SHA-1 and SHA-256 signature headers (two headers) are sent on webhooks.

Majority of the services running in GitHub Enterprise Server 3.0+ are now on containers which internally enables GitHub to iterate fast and ship high quality releases

The webhook events delivery system has been rearchitected for higher throughput, faster deliveries, and fewer delayed messages.

Administrators can now configure and manage the site-wide announcement banner via the REST API. For more information, see the endpoints for "GitHub Enterprise administration."

A new API endpoint enables the exchange of a user to server token for a user to server token scoped to specific repositories. For more information, see "Apps" in the GitHub REST API documentation.

Enterprise and organization administrators can now set the default branch name for new repositories. Enterprise administrators can also enforce their choice of default branch name across all organizations or allow individual organizations to choose their own.

Existing repositories are unaffected by these settings, and their default branch name will not be changed.

This change is one of many changes GitHub is making to support projects and maintainers that want to rename their default branch. To learn more about the changes we're making, see github/renaming.

All known issues from Release Candidate 1 and Release Candidate 2 have been fixed, except those listed in the Known Issues section below.

Issues with migrations and upgrades to 3.0.0 have been fixed.

Backup Utilities versioning now works for release candidate versions.

Generating a support bundle resulted in an error in the orchestrator logs.

A large restore could result in Redis running out of memory.

The checkbox to enable GitHub Actions in the Management Console is now visible with any authentication method.

GitHub Actions could be enabled if the required storage was also configured.

ghe-repl-status could silently fail if MSSQL replication was not configured.

The format of several log files have changed, including the addition of a PID for different log types. This does not affect how GitHub Enterprise Support uses support bundles to troubleshoot issues.

A PATCH request to the webhook configuration API no longer erases the webhook secret.

Certain types of pre-receive hooks were failing.

The Packages NuGet service now normalizes semantic versions on publish. An invalid semantic version (for example: v1.0.0.0.0.0) is not downloadable by NuGet clients and therefore a NuGet service is expected to normalize those versions (for example: v1.0.0.0.0.0 --> v1.0.0). Any original, non-normalized, version will be available in the verbatimVersion field. No changes to client configurations are required.

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.

Custom firewall rules are not maintained during an upgrade.

Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.

When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

When maintenance mode is enabled, some services continue to be listed as "active processes". The services identified are expected to run during maintenance mode. If you experience this issue and are unsure, contact GitHub Enterprise Support.

When GitHub Actions is enabled, use 'ghe-maintenance -u' to unset maintenance mode.

Duplicated logging to /var/log/messages, /var/log/syslog, and /var/log/user.log results in increased root volume utilization.

Users can dismiss a mandatory message without checking all checkboxes.

Pre-receive hook scripts cannot write temporary files, which may cause script execution to fail. Users who use pre-receive hooks should test in a staging environment to see if scripts require write access.

Repository deploy keys are unable to be used with repositories containing LFS objects.

Jupyter Notebook rendering in the web UI may fail if the notebook includes non-ASCII UTF-8 characters.

reStructuredText (RST) rendering in the web UI may fail and instead display raw RST markup text.

Dependency graph fails to parse setup.py Python manifest files, resulting in HTTP 500 errors in logs. This, combined with the duplicated logging issue, results in increased root volume utilization.

A race condition can cause dependency graph database migrations to appear to fail.

Instances with a custom timezone that were upgraded from an earlier release of GitHub Enterprise Server may have incorrect timestamps in the web UI.

Old builds of Pages are not cleaned up, which could fill up the user disk (/data/user/).

When deleting a branch after merging a pull request, an error message appears although the branch deletion succeeds.

When a replica node is offline in a high availability configuration, GitHub Enterprise Server may still route GitHub Pages requests to the offline node, reducing the availability of GitHub Pages for users.

Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.

GitHub Enterprise Server 2.19 is deprecated as of November 12, 2020. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise Server as soon as possible.

Starting with GitHub Enterprise Server 2.21.0 two legacy GitHub Apps-related webhook events have been deprecated and will be removed in GitHub Enterprise Server 3.2.0. The deprecated events integration_installation and integration_installation_repositories have equivalent events which will be supported. More information is available in the deprecation announcement blog post.

Starting with GitHub Enterprise Server 2.21.0 the legacy GitHub Apps endpoint for creating installation access tokens was deprecated and will be removed in GitHub Enterprise Server 3.2.0. More information is available in the deprecation announcement blog post.

GitHub no longer supports the OAuth application endpoints that contain access_token as a path parameter. We have introduced new endpoints that allow you to securely manage tokens for OAuth Apps by moving access_token to the request body. While deprecated, the endpoints are still accessible in this version. We intend to remove these endpoints on GitHub Enterprise Server 3.4. For more information, see the deprecation announcement blog post.

The service supported a "Find by Symbol" experience in the pull request view that was not widely used.

GitHub Actions set-env and add-path workflow commands have been deprecated. For more information, see the changelog.