3.0

Enterprise Server 3.1 release notes

Enterprise Server 3.1.1

Download

June 10, 2021

  • Packages have been updated to the latest security versions.

  • SVN 1.7 and older clients showed an error when using the svn co and svn export commands.

  • Accessing a repository through the administrative shell using ghe-repo <owner>/<reponame> would hang.

  • After upgrading, users experienced reduced availability during heavy usage, because services restarted too frequently. This would occur due to timeout mismatches between the nomad configuration and that of the internal services.

  • In some instances, running ghe-repl-status after setting up GitHub Actions would produce an error and ghe-actions-teardown would fail.

  • ghe-dbconsole would return errors under some circumstances.

  • Import failures of organizations or repositories from non-GitHub sources could produce an undefined method '[]' for nil:NilClass error.

  • GitHub profile names might have changed unintentionally when using SAML authentication, if the GitHub profile name did not match the value of the attribute mapped to the Full name field in the Management Console.

  • Upgrading an instance that had previously ran a 2.13 release, but not a 2.14 release, resulted in a database migration error relating to the AddRepositoryIdToCheckRuns data transition.

  • Users of the GraphQL API can query the public field closingIssuesReferences on the PullRequest object. This field retrieves issues that will be automatically closed when the related pull request is merged. This approach will also allow this data to be migrated in future, as part of a higher fidelity migration process.

  • The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.

  • On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.

  • Custom firewall rules are removed during the upgrade process.

  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.

  • Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.

  • When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

  • After upgrading from 3.0.x to 3.1.x, in some cases GitHub Actions can fail with an error: An unexpected error occurred when executing this workflow. To workaround this problem, connect to the administrative shell (ssh) and run:

    ghe-actions-console -s actions -c "Queue-ServiceJob -JobId 4DB1F4CF-19FD-40E0-A253-91288813DE8B"
    

Enterprise Server 3.1.0

Download

June 03, 2021

📣 This is not the latest patch release of Enterprise Server. Please use the latest release for the latest security, performance, and bug fixes.

For minimum infrastructure requirements, see "About minimum requirements for GitHub Enterprise Server 3.0 and later."

  • GitHub Advanced Security Secret Scanning

    • Secret Scanning is now generally available on GitHub Enterprise Server 3.1+. Scan public and private repositories for committed credentials, find secrets, and notify the secret provider or admin the moment they are committed into a repository.

      This release includes several improvements from the beta of Secret Scanning on GitHub Enterprise Server:

      Administrators using GitHub Advanced Security can enable and configure GitHub Advanced Security secret scanning. You can review the updated minimum requirements for your platform before you turn on GitHub Advanced Security secret scanning.

  • GitHub Advanced Security billing improvements

    • This release includes several improvements to GitHub Advanced Security billing in GitHub Enterprise Server:

      • GitHub Advanced Security customers can now view their active committer count and the remaining number of unused committer seats on their organization or enterprise account’s Billing page. If Advanced Security is purchased for an enterprise, administrators can also view the active committer seats which are being used by other organizations within their enterprise. For more information, see "About GitHub Advanced Security licensing" and "Viewing your GitHub Advanced Security usage."
      • GitHub Advanced Security customers can now view their active committer count for any Advanced Security enabled repositories on their organization or enterprise account's Billing page. These changes help billing administrators track their usage against how many committer licenses they purchased. For more information see "Managing security and analysis settings for your organization."
  • Dependabot improvements

    • This release includes improvements to Dependabot alerts in GitHub Enterprise Server:

  • GitHub Actions Workflow Visualization beta

    • GitHub Actions can now generate a visual graph of your workflow on every run. With workflow visualization, you can:

      • View and understand complex workflows
      • Track progress of workflows in real-time
      • Troubleshoot runs quickly by easily accessing logs and jobs metadata
      • Monitor progress of deployment jobs and easily access deployment targets

      For more information, see "Using the visualization graph."

  • OAuth 2.0 Device Authorization Grant

  • Pull request auto-merge

    • With auto-merge, pull requests can be set to merge automatically when all merge requirements have been satisfied. This saves users from needing to constantly check the state of their pull requests just to merge them. Auto-merge can be enabled by a user with permission to merge and on pull requests that have unsatisfied merge requirements. For more information, see "Automatically merging a pull request."

  • Custom notifications

    • You can customize the types of notifications you want to receive from individual repositories. For more information, see "Configuring notifications."

  • GitHub Mobile filtering

    • GitHub for mobile filtering allows you to search for and find issues, pull requests, and discussions from your device. New metadata for issues and pull request list items allow you to filter by assignees, checks status, review states, and comment counts.

      GitHub for mobile beta is available for GitHub Enterprise Server. Sign in with our Android and iOS apps to triage notifications and manage issues and pull requests on the go. Administrators can disable mobile support for their Enterprise using the management console or by running ghe-config app.mobile.enabled false. For more information, see "GitHub for mobile."

  • Administration Changes

    • By precomputing checksums, the amount of time a repository is under the lock has reduced dramatically, allowing more write operations to succeed immediately and improving monorepo performance.

    • The latest release of the CodeQL CLI supports uploading analysis results to GitHub. This makes it easier to run code analysis for customers who wish to use CI/CD systems other than GitHub Actions. Previously, such users had to use the separate CodeQL runner, which will continue to be available. For more information, see "About CodeQL code scanning in your CI system."

    • GitHub Actions now supports skipping push and pull_request workflows by looking for some common keywords in your commit message.

    • Check annotations older than four months will be archived.

  • Security Changes

  • Developer Changes

    • You can specify multiple callback URLs while configuring a GitHub App. This can be used in services with multiple domains or subdomains. GitHub will always deny authorization if the callback URL from the request is not in the authorization callback URL list.

    • The GitHub App file permission has been updated to allow an app developer to specify up to 10 files for read-only or read-write access that their app can request access to.

    • CodeQL now supports more libraries and frameworks for a variety of languages (C++, JavaScript, Python,Java, Go). The CodeQL engine can now detect more sources of untrusted user data, which improves the quality and depth of the code scanning alerts. For more information, see "About CodeQL."

    • When configuring a GitHub App, the authorization callback URL is a required field. Now, we allow the developer to specify multiple callback URLs. This can be used in services with multiple domains or subdomains. GitHub will always deny authorization if the callback URL from the request is not in the authorization callback URL list.

    • Delete an entire directory of files, including subdirectories, from your web browser. For more information, see "Deleting a file or directory."

    • Include multiple words after the # in an issue, discussion, or pull request comment to further narrow your search.

    • When you’re writing an issue, pull request, or discussion comment the list syntax for bullets, numbers, and tasks autocompletes after you press return or enter.

  • API Changes

    • The code scanning API allows users to upload data about static analysis security testing results, or export data about alerts. For more information, see the code scanning API reference.

    • The GitHub Apps API for managing installations has now graduated from an API preview to a generally available API. The preview header is no longer required to access these endpoints.

  • MEDIUM Under certain circumstances, users who were removed from a team or organization could retain write access to branches they had existing pull requests opened for.

  • Packages have been updated to the latest security versions.

  • Fixes for known issues from Release Candidate

    • All known issues from Release Candidate 1 have been fixed, except those listed in the Known Issues section below.

  • Fixes for other issues

    • On the "Configure Actions and Packages" page of the initial installation process, clicking on the "Test domain settings" button did not complete the test.

    • Running ghe-btop failed with an error and cannot find a babeld container.

    • MySQL could reload and cause downtime if you change auto failover settings.

    • After upgrading, a mismatch of internal and external timeout values created service unavailability.

    • Expected replication delays in MSSQL generated warnings.

    • Link to "Configuring clustering" on the Management Console was incorrect.

    • When creating or editing a pre-receive hook, a race condition in the user interface meant that after selecting a repository, files within the repository were sometimes not populated in files dropdown.

    • When an IP address is added to a whitelist using "Create Whitelist Entry" button, it could still be shown as locked out.

    • References to the "Dependency graph" and "Dependabot alerts" features were not shown as disabled on some repositories.

    • Setting an announcement in the enterprise account settings could result in a 500 Internal Server Error.

    • HTTP POST requests to the /hooks endpoint could fail with a 401 response due to an incorrectly configured hookID.

    • The build-server process failed to clean up processes, leaving them in the defunct state.

    • spokesd created excessive log entries, including the phrase "fixing placement skipped".

    • While upgrading Actions the upgrade could fail if the instance could not make self-requests via its configured hostname.

    • Upgrading from 2.22.x to 3.1.0.rc1 could result in a database migration error relating to the BackfillIntegrationApplicationCallbackUrlsTransition data transition.

  • Access to a repository through the administrative shell using ghe-repo <owner>/<reponame> will hang. As a workaround, use ghe-repo <owner>/<reponame> -c "bash -i" until a fix is available in the next version.

  • The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.

  • On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.

  • Custom firewall rules are not maintained during an upgrade.

  • Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.

  • Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.

  • When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.

  • Upgrading an instance that has previously ran a 2.13 release, but not a 2.14 release, results in a database migration error relating to the AddRepositoryIdToCheckRuns data transition.

  • After upgrading from 3.0.x to 3.1.x, in some cases GitHub Actions can fail with an error: An unexpected error occurred when executing this workflow. To workaround this problem, connect to the administrative shell (ssh) and run:

    ghe-actions-console -s actions -c "Queue-ServiceJob -JobId 4DB1F4CF-19FD-40E0-A253-91288813DE8B"
    

Did this doc help you? Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.