diff --git a/.github/workflows/comment-release-note-info.yml b/.github/workflows/comment-release-note-info.yml index e34eacd0f323..af000c7bb5dd 100644 --- a/.github/workflows/comment-release-note-info.yml +++ b/.github/workflows/comment-release-note-info.yml @@ -30,4 +30,4 @@ jobs: - If the change is urgent, post in `#docs-content-enterprise` on Slack. - Review the [style guide for release notes](https://docs.github.com/en/contributing/style-guide-and-content-model/style-guide#release-notes). - If you're updating or adding a note, add a datestamp in the format `[Updated: YYYY-MM-DD]`. - - If you're removing a note, add an "[Errata](https://docs.github.com/en/contributing/style-guide-and-content-model/style-guide#errata)" section with details of the change. + - If you're removing a note, add an [Errata](https://docs.github.com/en/contributing/style-guide-and-content-model/style-guide#errata) section with details of the change. diff --git a/Dockerfile b/Dockerfile index 8f9101ffe6a0..ca3381d9c512 100644 --- a/Dockerfile +++ b/Dockerfile @@ -140,20 +140,14 @@ COPY --chown=node:node --from=builder $APP_HOME/next.config.js ./ COPY --chown=node:node --from=builder $APP_HOME/tsconfig.json ./ # - - - -# Environment variables +# Environment variables are set in the Moda +# configuration: config/moda/configuration/*/env.yaml # - - - + # This makes it possible to set `--build-arg BUILD_SHA=abc123` # and it then becomes available as an environment variable in the docker run. ARG BUILD_SHA ENV BUILD_SHA=$BUILD_SHA -# We should always be running in production mode -ENV NODE_ENV=production -# Preferred port for server.js -ENV PORT=4000 -# Include all languages -ENV ENABLED_LANGUAGES="en,zh,es,pt,ru,ja,fr,de,ko" - -EXPOSE $PORT # Entrypoint to start the server # Note: Currently we have to use tsx because we have a mix of `.ts` and `.js` files with multiple import patterns diff --git a/config/kubernetes/production/deployments/webapp.yaml b/config/kubernetes/production/deployments/webapp.yaml index fba6734ca36d..1993db32ad4d 100644 --- a/config/kubernetes/production/deployments/webapp.yaml +++ b/config/kubernetes/production/deployments/webapp.yaml @@ -37,6 +37,10 @@ spec: name: vault-secrets - configMapRef: name: kube-cluster-metadata + # application-config is crated at deploy time from + # configuration set in config/moda/configuration/*/env.yaml + - configMapRef: + name: application-config # Zero-downtime deploys # https://thehub.github.com/engineering/products-and-services/internal/moda/feature-documentation/pod-lifecycle/#required-prestop-hook # https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks diff --git a/config/moda/configuration/production/env.yaml b/config/moda/configuration/production/env.yaml new file mode 100644 index 000000000000..6a9aa5468407 --- /dev/null +++ b/config/moda/configuration/production/env.yaml @@ -0,0 +1,8 @@ +data: + NODE_ENV: production + NODE_OPTIONS: '--max-old-space-size=4096' + PORT: '4000' + ENABLED_LANGUAGES: 'en,zh,es,pt,ru,ja,fr,de,ko' + HEROKU_APP_NAME: help-docs + HEROKU_PRODUCTION_APP: 'true' + RATE_LIMIT_MAX: '21' diff --git a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/finding-the-object-id-for-your-entra-oidc-application.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/finding-the-object-id-for-your-entra-oidc-application.md index 10aab81246d1..fad50bdb5ddf 100644 --- a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/finding-the-object-id-for-your-entra-oidc-application.md +++ b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/finding-the-object-id-for-your-entra-oidc-application.md @@ -1,6 +1,6 @@ --- title: Finding the object ID for your Entra OIDC application -shortTitle: Find ID for Entra OIDC +shortTitle: Find ID for Entra OIDC app intro: 'Learn how to find the object ID associated with your {% data variables.product.prodname_emus %} OIDC app.' product: '{% data reusables.gated-features.emus %}' versions: diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md b/content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md index 47977a79f519..868a4b87e40c 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md +++ b/content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md @@ -54,7 +54,7 @@ When {% data variables.product.prodname_copilot_autofix_short %} is enabled for Any {% data variables.product.prodname_copilot_autofix_short %} suggestions are generated and stored within the {% data variables.product.prodname_code_scanning %} backend. They are displayed as suggestions. No user interaction is needed beyond enabling {% data variables.product.prodname_code_scanning %} on the codebase and creating a pull request. -The process of generating fixes does not gather or utilize any customer data beyond the scope outlined above. Therefore, the use of this feature is governed by the existing terms and conditions associated with {% data variables.product.prodname_GH_advanced_security %}. Moreover, data handled by {% data variables.product.prodname_copilot_autofix_short %} is strictly not employed for LLM training purposes. For more information on {% data variables.product.prodname_GH_advanced_security %} terms and conditions, see [AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security){% ifversion fpt %}.{% else %} in the Free, Pro, & Team documentation.{% endif %} +The process of generating fixes does not gather or utilize any customer data beyond the scope outlined above. Therefore, the use of this feature is governed by the existing terms and conditions associated with {% data variables.product.prodname_GH_advanced_security %}. Moreover, data handled by {% data variables.product.prodname_copilot_autofix_short %} is strictly not employed for LLM training purposes. For more information on {% data variables.product.prodname_GH_advanced_security %} terms and conditions, see "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security){% ifversion fpt %}."{% else %} in the Free, Pro, & Team documentation.{% endif %} ## Quality of suggestions diff --git a/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-github.md b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-github.md index 688303c3b7a2..b503f91928ec 100644 --- a/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-github.md +++ b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-github.md @@ -89,7 +89,7 @@ However, it's important to note that {% data variables.product.prodname_copilot_ ## Improving performance for {% data variables.product.prodname_copilot_chat_short %} -{% data variables.product.prodname_copilot_chat_short %} can support a wide range of practical applications like Q&A, code generation, code analysis, and code fixes, each with different performance metrics and mitigation strategies. To enhance performance and address some of the the limitations of {% data variables.product.prodname_copilot_chat_short %}, there are various measures that you can adopt. For more information on the limitations of {% data variables.product.prodname_copilot_chat_short %}, see [Limitations of {% data variables.product.prodname_copilot_chat %}](#limitations-of-github-copilot-chat). +{% data variables.product.prodname_copilot_chat_short %} can support a wide range of practical applications like Q&A, code generation, code analysis, and code fixes, each with different performance metrics and mitigation strategies. To enhance performance and address some of the limitations of {% data variables.product.prodname_copilot_chat_short %}, there are various measures that you can adopt. For more information on the limitations of {% data variables.product.prodname_copilot_chat_short %}, see "[Limitations of {% data variables.product.prodname_copilot_chat %}](#limitations-of-github-copilot-chat)." ### Keep your prompts on topic diff --git a/content/support/learning-about-github-support/about-copilot-in-github-support.md b/content/support/learning-about-github-support/about-copilot-in-github-support.md index 664f46a6bf71..228910b50f83 100644 --- a/content/support/learning-about-github-support/about-copilot-in-github-support.md +++ b/content/support/learning-about-github-support/about-copilot-in-github-support.md @@ -53,7 +53,7 @@ Currently, {% data variables.product.prodname_copilot_in_support %} cannot take ## Best practices and use cases -{% data variables.product.prodname_copilot_in_support %} is intended to answer your query related to {% data variables.product.prodname_dotcom %} products from {% data variables.product.prodname_dotcom %} documentation. More information provided in your input increases {% data variables.product.prodname_copilot_in_support %}'s likelihood of providing a relevant and helpful response that may also include best practices, tips, and solutions. {% data variables.product.prodname_copilot_in_support %} consolidates information from multiple {% data variables.product.prodname_dotcom %} documents into a tailored response, and may reduce the time required to answer your question. If you have a follow-up question or another {% data variables.product.prodname_dotcom %}-related query, you can continue using {% data variables.product.prodname_copilot_in_support %}. +{% data variables.product.prodname_copilot_in_support %} is intended to answer your query related to {% data variables.product.prodname_dotcom %} products from {% data variables.product.prodname_dotcom %} documentation. More information provided in your input increases {% data variables.product.prodname_copilot_in_support %}'s likelihood of providing a relevant and helpful response that may also include best practices, tips, and solutions. {% data variables.product.prodname_copilot_in_support %} consolidates information from multiple {% data variables.product.prodname_dotcom %} documents into a tailored response, and may reduce the time required to answer your question. If you have a follow-up question or another {% data variables.product.prodname_dotcom %}-related query, you can continue using {% data variables.product.prodname_copilot_in_support %}. {% data variables.product.prodname_copilot_in_support %} also includes links to any documentation it uses when crafting an answer so that you're able to review the material or bookmark it for future reference. As with every large language model, it can make mistakes so please review the information provided to ensure it is free of errors. diff --git a/data/glossaries/external.yml b/data/glossaries/external.yml index ef22dc000b06..555762646186 100644 --- a/data/glossaries/external.yml +++ b/data/glossaries/external.yml @@ -79,7 +79,7 @@ description: A movable square within a project board associated with an issue or pull request. - term: check description: >- - A check is a type of status check on {% data variables.product.product_name %}. See "[Status checks](#status-checks)." + A check is a type of status check on {% data variables.product.product_name %}. See [Status checks](#status-checks). - term: checkout description: >- You can use `git checkout` on the command line to create a new branch, change your current working branch to a different branch, or even to switch to a different version of a file from a different branch with `git checkout [branchname] [path to file]`. The "checkout" action updates all or part of the working tree with a tree object or @@ -95,7 +95,7 @@ - term: clean description: >- A working tree is clean if it corresponds to the revision referenced by the - current HEAD. Also see "[dirty](#dirty)." + current HEAD. Also see [dirty](#dirty). - term: clone description: >- A clone is a copy of a repository that lives on your computer instead of on @@ -156,8 +156,8 @@ - term: contributions description: >- Specific activities on GitHub that will: - - Add a square to a user's contribution graph: "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile#what-counts-as-a-contribution)" - - Add activities to a user's timeline on their profile: "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile#contribution-activity)" + - Add a square to a user's contribution graph: [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile#what-counts-as-a-contribution) + - Add activities to a user's timeline on their profile: [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile#contribution-activity) - term: contributor description: >- A contributor is someone who does not have collaborator access to a repository but has contributed to a project and had a pull request they opened merged into the repository. @@ -173,7 +173,7 @@ description: Used in command lines or scripts to transfer data. - term: dashboard description: >- - Your personal dashboard is the main hub of your activity on GitHub. From your personal dashboard, you can keep track of issues and pull requests you're following or working on, navigate to your top repositories and team pages, and learn about recent activity in repositories you're watching or participating in. You can also discover new repositories, which are recommended based on users you're following and repositories you have starred. To only view activity for a specific organization, visit your organization's dashboard. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/about-your-personal-dashboard)" or "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/about-your-organization-dashboard)." + Your personal dashboard is the main hub of your activity on GitHub. From your personal dashboard, you can keep track of issues and pull requests you're following or working on, navigate to your top repositories and team pages, and learn about recent activity in repositories you're watching or participating in. You can also discover new repositories, which are recommended based on users you're following and repositories you have starred. To only view activity for a specific organization, visit your organization's dashboard. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/about-your-personal-dashboard) or [AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/about-your-organization-dashboard). - term: default branch description: >- The base branch for new pull requests and code commits in a repository. Each repository has at least one branch, which Git creates when you initialize the repository. The first branch is usually called `main`, and is often the default branch. @@ -337,7 +337,7 @@ that they configure and control. - term: integration description: >- - A third-party application that integrates with GitHub. These are often {% data variables.product.prodname_github_apps %}, {% data variables.product.prodname_actions %}, or custom actions. For more information, see "[AUTOTITLE](/get-started/exploring-integrations/about-building-integrations)." + A third-party application that integrates with GitHub. These are often {% data variables.product.prodname_github_apps %}, {% data variables.product.prodname_actions %}, or custom actions. For more information, see [AUTOTITLE](/get-started/exploring-integrations/about-building-integrations). - term: issue description: >- Issues are suggested improvements, tasks or questions related to the @@ -553,7 +553,7 @@ Pull refers to when you are fetching in changes and merging them. For instance, if someone has edited the remote file you're both working on, you'll want to pull in those changes to your local copy so that it's up to - date. See also "[fetch](#fetch)." + date. See also [fetch](#fetch). - term: pull access description: A synonym for read access. - term: pull request @@ -673,7 +673,7 @@ days. - term: server-to-server request description: >- - An API request used by an application that acts as a bot, independently of any particular user. For example, an application that runs on a scheduled basis and closes issues where there has been no activity for a long time. Applications that use this type of authentication don't use a licensed GitHub account so, in an enterprise with a billing plan that allows a certain number of licenses to be used, a server-to-server bot is not consuming one of your GitHub licenses. The token used in a server-to-server request is acquired programmatically, via the GitHub API. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)." See also, "[user-to-server request](#user-to-server-request)." + An API request used by an application that acts as a bot, independently of any particular user. For example, an application that runs on a scheduled basis and closes issues where there has been no activity for a long time. Applications that use this type of authentication don't use a licensed GitHub account so, in an enterprise with a billing plan that allows a certain number of licenses to be used, a server-to-server bot is not consuming one of your GitHub licenses. The token used in a server-to-server request is acquired programmatically, via the GitHub API. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation). See also, [user-to-server request](#user-to-server-request). - term: service hook description: >- Also called "webhook." Webhooks provide a way for notifications to be @@ -700,7 +700,7 @@ conditions set for the repository you're contributing to. - term: status checks description: >- - Status checks are external processes, such as continuous integration builds, which run for each commit you make in a repository. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks)." + Status checks are external processes, such as continuous integration builds, which run for each commit you make in a repository. For more information, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks). - term: star description: >- A bookmark or display of appreciation for a repository. Stars are a manual @@ -762,7 +762,7 @@ description: A user's handle on GitHub. - term: user-to-server request description: >- - An API request used by an application that performs a task on behalf of a particular user. Where a task is carried out with user-to-server authentication it's shown on GitHub as having been done by a user via an application. For example, you might choose to create an issue from within a third-party application, and the application would do this on your behalf on GitHub. The scope of tasks an application can perform using a user-to-server request is restricted by both the app's and the user's permissions and access. The token used in a user-to-server request is acquired via OAuth. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user)." See also, "[server-to-server request](#server-to-server-request)." + An API request used by an application that performs a task on behalf of a particular user. Where a task is carried out with user-to-server authentication it's shown on GitHub as having been done by a user via an application. For example, you might choose to create an issue from within a third-party application, and the application would do this on your behalf on GitHub. The scope of tasks an application can perform using a user-to-server request is restricted by both the app's and the user's permissions and access. The token used in a user-to-server request is acquired via OAuth. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user). See also, [server-to-server request](#server-to-server-request). - term: visible team description: A team that can be viewed and @mentioned by every organization member. - term: watch diff --git a/data/release-notes/PLACEHOLDER-TEMPLATE.yml b/data/release-notes/PLACEHOLDER-TEMPLATE.yml index b835696ea388..fe682cfabe27 100644 --- a/data/release-notes/PLACEHOLDER-TEMPLATE.yml +++ b/data/release-notes/PLACEHOLDER-TEMPLATE.yml @@ -8,7 +8,7 @@ intro: | > > If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch. - For upgrade instructions, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)." + For upgrade instructions, see [AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process). sections: # Remove section heading if the section contains no notes. diff --git a/data/release-notes/enterprise-server/3-10/0-rc1.yml b/data/release-notes/enterprise-server/3-10/0-rc1.yml index f182c508ab51..a54278b423e1 100644 --- a/data/release-notes/enterprise-server/3-10/0-rc1.yml +++ b/data/release-notes/enterprise-server/3-10/0-rc1.yml @@ -8,7 +8,7 @@ intro: | {% endnote %} - For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)." + For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server). sections: # Remove section heading if the section contains no notes. @@ -20,38 +20,38 @@ sections: notes: # https://github.com/github/releases/issues/3360 - | - To monitor the status of migrations in more detail, users with administrative SSH access to an instance can use the `ghe-migrations` utility to see the progress of individual migration groups. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations)." + To monitor the status of migrations in more detail, users with administrative SSH access to an instance can use the `ghe-migrations` utility to see the progress of individual migration groups. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations). # https://github.com/github/releases/issues/3359 - | - Site administrators can set a custom message for their users to see during a maintenance window. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)." + Site administrators can set a custom message for their users to see during a maintenance window. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode). # https://github.com/github/releases/issues/3378 - | - Site administrators can use the Manage GitHub Enterprise Server API to view and manage the maintenance status of an instance, including setting an IP exception list and modifying the message displayed to users during a maintenance window. For more information, see "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)" in the REST API documentation. + Site administrators can use the Manage GitHub Enterprise Server API to view and manage the maintenance status of an instance, including setting an IP exception list and modifying the message displayed to users during a maintenance window. For more information, see [AUTOTITLE](/rest/enterprise-admin/manage-ghes) in the REST API documentation. - heading: Authentication notes: # https://github.com/github/releases/issues/2998 - | - To help users access resources more securely, {% data variables.product.pat_v2_plural %} are available in public beta. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#about-personal-access-tokens)." + To help users access resources more securely, {% data variables.product.pat_v2_plural %} are available in public beta. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#about-personal-access-tokens). - Users can create {% data variables.product.pat_v2_plural %} with access to their personal repositories or, if permitted, organization-owned repositories. - Organization and enterprise owners can enable or disable the use of {% data variables.product.pat_v2_plural %} in organization-owned repositories, and can use the REST API or GraphQL API to manage tokens in their organizations. - - Users creating {% data variables.product.pat_v2_plural %} for an organization can add the `pre-receive hooks` permission to allow managing pre-receive hooks. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance)." + - Users creating {% data variables.product.pat_v2_plural %} for an organization can add the `pre-receive hooks` permission to allow managing pre-receive hooks. For more information, see [AUTOTITLE](/admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance). - heading: GitHub Advanced Security notes: # https://github.com/github/releases/issues/2798 - | - To find vulnerabilities in specific parts of a project, users with write access to a repository can filter code scanning alerts by language or by file path by using the search queries `language:` and `path:`. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository)." + To find vulnerabilities in specific parts of a project, users with write access to a repository can filter code scanning alerts by language or by file path by using the search queries `language:` and `path:`. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository). # https://github.com/github/releases/issues/2844 - | - To help repository administrators and security managers quickly enable automatic code scanning without needing to configure a workflow, default setup for code scanning supports compiled languages including Go, Java, and C. Default setup is now available for all languages supported by CodeQL, except Swift. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages)" and [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation. + To help repository administrators and security managers quickly enable automatic code scanning without needing to configure a workflow, default setup for code scanning supports compiled languages including Go, Java, and C. Default setup is now available for all languages supported by CodeQL, except Swift. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages) and [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation. # https://github.com/github/releases/issues/2843 - | - Repository administrators and security managers can choose which languages to include or exclude in default setup for code scanning. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning)." + Repository administrators and security managers can choose which languages to include or exclude in default setup for code scanning. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning). # https://github.com/github/releases/issues/2928 - | @@ -61,25 +61,25 @@ sections: # https://github.com/github/releases/issues/3315 - | To help users find vulnerabilities in projects for Swift libraries and Apple apps, - the release of CodeQL included with GitHub Enterprise Server 3.10 includes support for Swift, up to version 5.8.1, and Xcode, up to version 14.3.1. Support for Swift is in beta and subject to change. Swift analysis is not supported in default setup for code scanning, and requires the advanced setup. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning)." + the release of CodeQL included with GitHub Enterprise Server 3.10 includes support for Swift, up to version 5.8.1, and Xcode, up to version 14.3.1. Support for Swift is in beta and subject to change. Swift analysis is not supported in default setup for code scanning, and requires the advanced setup. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning). # https://github.com/github/releases/issues/2869 - | - To help identify steps to remediate leaked secrets, repository administrators and security managers can view metadata such as the secret owner, expiration date, and access rights for any active GitHub token leaked in a repository. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#reviewing-github-token-metadata)." + To help identify steps to remediate leaked secrets, repository administrators and security managers can view metadata such as the secret owner, expiration date, and access rights for any active GitHub token leaked in a repository. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#reviewing-github-token-metadata). # https://github.com/github/blog/pull/4506/files - | - Repository administrators, security managers, and organization and enterprise owners can view metrics for alerts generated by a specific custom pattern for secret scanning. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)." + Repository administrators, security managers, and organization and enterprise owners can view metrics for alerts generated by a specific custom pattern for secret scanning. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning). - heading: Dependabot notes: # https://github.com/github/releases/issues/3099 - | - Dependabot can automatically update the version of Node.js dependencies managed in the pnpm package manager. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)." + Dependabot can automatically update the version of Node.js dependencies managed in the pnpm package manager. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems). # https://github.com/github/releases/issues/3142 - | - To avoid unnecessary compute cost, Dependabot updates are automatically paused in repositories where there has been no activity on pull requests created by Dependabot for 90 days. For more information about the criteria for Dependabot updates being paused, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)." + To avoid unnecessary compute cost, Dependabot updates are automatically paused in repositories where there has been no activity on pull requests created by Dependabot for 90 days. For more information about the criteria for Dependabot updates being paused, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates) and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates). # https://github.com/github/releases/issues/3070 - | @@ -90,49 +90,49 @@ sections: # https://github.com/github/releases/issues/2303 - | - In the [GitHub Advisory Database](https://github.com/advisories), users can search for any historical vulnerability recognized by the National Vulnerability Database. The "Unreviewed advisories" category has been backfilled to include vulnerabilities from previous years. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)." + In the [GitHub Advisory Database](https://github.com/advisories), users can search for any historical vulnerability recognized by the National Vulnerability Database. The "Unreviewed advisories" category has been backfilled to include vulnerabilities from previous years. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database). # https://github.com/github/releases/issues/2295 - | - In the [GitHub Advisory Database](https://github.com/advisories), users can search for malware advisories by using the query `type:malware`. Dependabot does not send alerts for malware advisories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)." + In the [GitHub Advisory Database](https://github.com/advisories), users can search for malware advisories by using the query `type:malware`. Dependabot does not send alerts for malware advisories. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database). # https://github.com/github/releases/issues/2042 - | - In the [GitHub Advisory Database](https://github.com/advisories), users can search for advisories for the Hex package manager, including Elixir, Erlang, and more. Dependabot does not send alerts for Hex advisories. For more information, see "[Browsing security advisories in the GitHub Advisory Database](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)." + In the [GitHub Advisory Database](https://github.com/advisories), users can search for advisories for the Hex package manager, including Elixir, Erlang, and more. Dependabot does not send alerts for Hex advisories. For more information, see [Browsing security advisories in the GitHub Advisory Database](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database). # https://github.com/github/releases/issues/2890 - | - Organization owners, security managers, and users with admin access to a repository can quickly enable or disable security features for a filtered selection of repositories from the "Security coverage" view in an organization's security overview. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)." + Organization owners, security managers, and users with admin access to a repository can quickly enable or disable security features for a filtered selection of repositories from the "Security coverage" view in an organization's security overview. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories). # https://github.com/github/releases/issues/3162 - | - Enterprise owners, organization owners, and security managers can quickly assess adoption of security features and exposure to security vulnerabilities across their enterprise. The enterprise-level "Security coverage" and "Security risk" views in security overview display data for repositories in each organization where the viewer is an organization owner or security manager. These views replace the "Overview" page in the "Code Security" tab for an enterprise. The `risk` metric for filtering the "Overview" page is no longer available. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-enterprises)." + Enterprise owners, organization owners, and security managers can quickly assess adoption of security features and exposure to security vulnerabilities across their enterprise. The enterprise-level "Security coverage" and "Security risk" views in security overview display data for repositories in each organization where the viewer is an organization owner or security manager. These views replace the "Overview" page in the "Code Security" tab for an enterprise. The `risk` metric for filtering the "Overview" page is no longer available. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-enterprises). # https://github.com/github/releases/issues/3112 - | - Users can find curated security advisories for the Swift ecosystem in the GitHub Advisory Database. For more information, see "[AUTOTITLE](/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database)." [Updated: 2023-08-24] + Users can find curated security advisories for the Swift ecosystem in the GitHub Advisory Database. For more information, see [AUTOTITLE](/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database). [Updated: 2023-08-24] - heading: GitHub Actions notes: # https://github.com/github/releases/issues/3136 - | - Organization owners can increase instance security by preventing members from creating self-hosted runners at the repository level. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization)." + Organization owners can increase instance security by preventing members from creating self-hosted runners at the repository level. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization). # https://github.com/github/releases/issues/2901 - | - Users with admin access to a repository can allow external systems and third-party services to approve or reject deployments across organizations, repositories, and environments by enabling custom deployment protection rules. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#custom-deployment-protection-rules)." + Users with admin access to a repository can allow external systems and third-party services to approve or reject deployments across organizations, repositories, and environments by enabling custom deployment protection rules. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#custom-deployment-protection-rules). # https://github.com/github/releases/issues/3184 - | - The option to execute custom scripts on a self-hosted runner is no longer is beta. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job#about-pre--and-post-job-scripts)." + The option to execute custom scripts on a self-hosted runner is no longer is beta. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job#about-pre--and-post-job-scripts). # https://github.com/github/releases/issues/3248 - | - To prevent unnecessary transfer of OIDC tokens between workflows, to fetch an OIDC token generated within a reusable workflow that is outside their enterprise or organization, users must set the `id-token` permission to `write` in the workflow or specific job where the reusable workflow is called. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings)." + To prevent unnecessary transfer of OIDC tokens between workflows, to fetch an OIDC token generated within a reusable workflow that is outside their enterprise or organization, users must set the `id-token` permission to `write` in the workflow or specific job where the reusable workflow is called. For more information, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings). # https://github.com/github/docs-content/issues/9102 - | - Repository administrators, organization owners, and users with the `manage_runners:enterprise` scope for enterprises can use the REST API to create ephemeral, just-in-time (JIT) runners that can perform at most one job before being automatically removed from the repository, organization, or enterprise. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-just-in-time-runners)." + Repository administrators, organization owners, and users with the `manage_runners:enterprise` scope for enterprises can use the REST API to create ephemeral, just-in-time (JIT) runners that can perform at most one job before being automatically removed from the repository, organization, or enterprise. For more information, see [AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-just-in-time-runners). - heading: Community experience notes: @@ -148,29 +148,29 @@ sections: notes: # https://github.com/github/releases/issues/3226 - | - To prevent unnecessary repository removal, the API for managing the repositories accessible by a GitHub App in your organization has been updated to fail early if the application is currently granted access to `all` repositories in the organization. This API can only be used to remove a repository when the application has been granted access to an explicit list of repositories. For more information, see "[AUTOTITLE](/rest/apps/installations#remove-a-repository-from-an-app-installation)." + To prevent unnecessary repository removal, the API for managing the repositories accessible by a GitHub App in your organization has been updated to fail early if the application is currently granted access to `all` repositories in the organization. This API can only be used to remove a repository when the application has been granted access to an explicit list of repositories. For more information, see [AUTOTITLE](/rest/apps/installations#remove-a-repository-from-an-app-installation). # https://github.com/github/releases/issues/2610 - | - Repository administrators can ensure the security and stability of branches by requiring pull request approval by someone other than the last pusher. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging)." + Repository administrators can ensure the security and stability of branches by requiring pull request approval by someone other than the last pusher. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging). - heading: Projects notes: # https://github.com/github/releases/issues/2250 - | - Projects is no longer in public beta, and is now considered generally available. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects)." + Projects is no longer in public beta, and is now considered generally available. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects). # https://github.com/github/releases/issues/3207 - | - To control the amount of work in progress and promote focus, on a board layout, users with admin access to a project can set a recommended limit on the number of items in a column. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#setting-a-limit-on-the-number-of-items-in-a-column)." + To control the amount of work in progress and promote focus, on a board layout, users with admin access to a project can set a recommended limit on the number of items in a column. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#setting-a-limit-on-the-number-of-items-in-a-column). # https://github.com/github/releases/issues/3133 - | - To determine the default access rights organization members have to projects where they haven't been granted individual access, organization owners can set a base role for projects. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-access-to-your-projects#managing-access-for-organization-level-projects)." + To determine the default access rights organization members have to projects where they haven't been granted individual access, organization owners can set a base role for projects. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-access-to-your-projects#managing-access-for-organization-level-projects). # https://github.com/github/releases/issues/2929 - | - To share a pre-configured project with other people in an organization, users with admin access to a project can set the project as a template. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization)." + To share a pre-configured project with other people in an organization, users with admin access to a project can set the project as a template. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization). # https://github.com/github/releases/issues/3061 - | @@ -190,7 +190,7 @@ sections: notes: # https://github.com/github/releases/issues/3118 - | - Users can include mathematical expressions within Markdown by using LaTeX syntax delimited by `$` characters and backticks. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions#writing-inline-expressions)." + Users can include mathematical expressions within Markdown by using LaTeX syntax delimited by `$` characters and backticks. For more information, see [AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions#writing-inline-expressions). - heading: Accessibility notes: @@ -220,11 +220,11 @@ sections: # https://github.com/github/releases/issues/3233 - | - The `PUT` and `DELETE` operations on the `/installations/{installation_id}/repositories/{repository_id}` endpoint are no longer functional for the management of GitHub App installations. You can add or remove a repository from an app installation using the documented APIs instead. For more information, see "[AUTOTITLE](/rest/apps/installations)." + The `PUT` and `DELETE` operations on the `/installations/{installation_id}/repositories/{repository_id}` endpoint are no longer functional for the management of GitHub App installations. You can add or remove a repository from an app installation using the documented APIs instead. For more information, see [AUTOTITLE](/rest/apps/installations). # https://github.com/github/releases/issues/2870 - | - On an instance with a GitHub Advanced Security license, to make it easier to assess vulnerabilities to exposed secrets, enterprise owners and organization owners receive a single email with the results of the historical scan for secrets that is performed when secret scanning is first enabled in an organization or enterprise. Previously, secret scanning sent an email for each repository where secrets were detected. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)." + On an instance with a GitHub Advanced Security license, to make it easier to assess vulnerabilities to exposed secrets, enterprise owners and organization owners receive a single email with the results of the historical scan for secrets that is performed when secret scanning is first enabled in an organization or enterprise. Previously, secret scanning sent an email for each repository where secrets were detected. For more information, see [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users). # https://github.com/github/releases/issues/2805 - | @@ -251,7 +251,7 @@ sections: - | On an instance with GitHub Connect and unified search enabled, users will receive a `500` error after performing a GitHub.com search then selecting Advanced search. This will be fixed when version 3.10.0 becomes generally available. - | - After an administrator upgrades from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9 or 3.10, I/O utilization will increase, and in some cases the instance's performance will be impacted. Reduced performance is due to the database server being upgraded from MySQL 5.7 to MySQL 8.0. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance)." + After an administrator upgrades from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9 or 3.10, I/O utilization will increase, and in some cases the instance's performance will be impacted. Reduced performance is due to the database server being upgraded from MySQL 5.7 to MySQL 8.0. For more information, see [AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance). - | {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11] - | @@ -280,7 +280,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-08-24] - | @@ -293,4 +293,4 @@ sections: - heading: Upcoming deprecation of team discussions notes: - | - GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.12. In GitHub Enterprise Server 3.10, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." + GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.12. In GitHub Enterprise Server 3.10, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see [AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions) and [AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions). diff --git a/data/release-notes/enterprise-server/3-10/0.yml b/data/release-notes/enterprise-server/3-10/0.yml index ed153f6e65ac..954c911ba6ce 100644 --- a/data/release-notes/enterprise-server/3-10/0.yml +++ b/data/release-notes/enterprise-server/3-10/0.yml @@ -2,14 +2,14 @@ date: '2023-08-29' release_candidate: false deprecated: false intro: | - For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)." + For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server). {% warning %} **Warnings**: - - This release contains a known issue that may lead to replication issues on an instance in a high-availability, geo-replication, or repository cache configuration. The issue is resolved in {% data variables.product.prodname_ghe_server %} 3.10.2 and later. For more information, see the "[Known issues](#3.10.0-known-issues)" section of these release notes. - - A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.0-known-issues)" section of these release notes. + - This release contains a known issue that may lead to replication issues on an instance in a high-availability, geo-replication, or repository cache configuration. The issue is resolved in {% data variables.product.prodname_ghe_server %} 3.10.2 and later. For more information, see the [Known issues](#3.10.0-known-issues) section of these release notes. + - A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.0-known-issues) section of these release notes. {% endwarning %} sections: @@ -23,42 +23,42 @@ sections: notes: # https://github.com/github/releases/issues/3360 - | - To monitor the status of migrations in more detail, users with administrative SSH access to an instance can use the `ghe-migrations` utility to see the progress of individual migration groups. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations)." + To monitor the status of migrations in more detail, users with administrative SSH access to an instance can use the `ghe-migrations` utility to see the progress of individual migration groups. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations). # https://github.com/github/releases/issues/3359 - | - Site administrators can set a custom message for their users to see during a maintenance window. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)." + Site administrators can set a custom message for their users to see during a maintenance window. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode). # https://github.com/github/releases/issues/3378 - | - Site administrators can use the Manage GitHub Enterprise Server API to view and manage the maintenance status of an instance, including setting an IP exception list and modifying the message displayed to users during a maintenance window. For more information, see "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)" in the REST API documentation. + Site administrators can use the Manage GitHub Enterprise Server API to view and manage the maintenance status of an instance, including setting an IP exception list and modifying the message displayed to users during a maintenance window. For more information, see [AUTOTITLE](/rest/enterprise-admin/manage-ghes) in the REST API documentation. # https://github.com/github/releases/issues/3251 - | - Site administrators can use the Manage GitHub Enterprise Server API to change the `site admin` password and to make changes to [management console users](/enterprise-server@3.10/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#management-console-user). For more information, see "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)" in the REST API documentation. + Site administrators can use the Manage GitHub Enterprise Server API to change the `site admin` password and to make changes to [management console users](/enterprise-server@3.10/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#management-console-user). For more information, see [AUTOTITLE](/rest/enterprise-admin/manage-ghes) in the REST API documentation. - heading: Authentication notes: # https://github.com/github/releases/issues/2998 - | - To help users access resources more securely, {% data variables.product.pat_v2_plural %} are available in public beta. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#about-personal-access-tokens)." + To help users access resources more securely, {% data variables.product.pat_v2_plural %} are available in public beta. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#about-personal-access-tokens). - Users can create {% data variables.product.pat_v2_plural %} with access to their personal repositories or, if permitted, organization-owned repositories. - Organization and enterprise owners can enable or disable the use of {% data variables.product.pat_v2_plural %} in organization-owned repositories, and can use the REST API or GraphQL API to manage tokens in their organizations. - - Users creating fine-grained tokens for an organization can add the `pre-receive hooks` permission to allow managing pre-receive hooks. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance)." + - Users creating fine-grained tokens for an organization can add the `pre-receive hooks` permission to allow managing pre-receive hooks. For more information, see [AUTOTITLE](/admin/policies/enforcing-policy-with-pre-receive-hooks/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance). - heading: GitHub Advanced Security notes: # https://github.com/github/releases/issues/2798 - | - To find vulnerabilities in specific parts of a project, users with write access to a repository can filter code scanning alerts by language or by file path by using the search queries `language:` and `path:`. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository)." + To find vulnerabilities in specific parts of a project, users with write access to a repository can filter code scanning alerts by language or by file path by using the search queries `language:` and `path:`. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository). # https://github.com/github/releases/issues/2844 - | - To help repository administrators and security managers quickly enable automatic code scanning without needing to configure a workflow, default setup for code scanning supports compiled languages including Go, Java, and C. Default setup is now available for all languages supported by CodeQL, except Swift. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages)" and [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation. + To help repository administrators and security managers quickly enable automatic code scanning without needing to configure a workflow, default setup for code scanning supports compiled languages including Go, Java, and C. Default setup is now available for all languages supported by CodeQL, except Swift. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages) and [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation. # https://github.com/github/releases/issues/2843 - | - Repository administrators and security managers can choose which languages to include or exclude in default setup for code scanning. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning)." + Repository administrators and security managers can choose which languages to include or exclude in default setup for code scanning. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning). # https://github.com/github/releases/issues/2928 - | @@ -68,25 +68,25 @@ sections: # https://github.com/github/releases/issues/3315 - | To help users find vulnerabilities in projects for Swift libraries and Apple apps, - the release of CodeQL included with GitHub Enterprise Server 3.10 includes support for Swift, up to version 5.8.1, and Xcode, up to version 14.3.1. Support for Swift is in beta and subject to change. Swift analysis is not supported in default setup for code scanning, and requires the advanced setup. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning)." + the release of CodeQL included with GitHub Enterprise Server 3.10 includes support for Swift, up to version 5.8.1, and Xcode, up to version 14.3.1. Support for Swift is in beta and subject to change. Swift analysis is not supported in default setup for code scanning, and requires the advanced setup. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning). # https://github.com/github/releases/issues/2869 - | - To help identify steps to remediate leaked secrets, repository administrators and security managers can view metadata such as the secret owner, expiration date, and access rights for any active GitHub token leaked in a repository. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#reviewing-github-token-metadata)." + To help identify steps to remediate leaked secrets, repository administrators and security managers can view metadata such as the secret owner, expiration date, and access rights for any active GitHub token leaked in a repository. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#reviewing-github-token-metadata). # https://github.com/github/blog/pull/4506/files - | - Repository administrators, security managers, and organization and enterprise owners can view metrics for alerts generated by a specific custom pattern for secret scanning. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)." + Repository administrators, security managers, and organization and enterprise owners can view metrics for alerts generated by a specific custom pattern for secret scanning. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning). - heading: Dependabot notes: # https://github.com/github/releases/issues/3099 - | - Dependabot can automatically update the version of Node.js dependencies managed in the pnpm package manager. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)." + Dependabot can automatically update the version of Node.js dependencies managed in the pnpm package manager. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems). # https://github.com/github/releases/issues/3142 - | - To avoid unnecessary compute cost, Dependabot updates are automatically paused in repositories where there has been no activity on pull requests created by Dependabot for 90 days. For more information about the criteria for Dependabot updates being paused, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)." + To avoid unnecessary compute cost, Dependabot updates are automatically paused in repositories where there has been no activity on pull requests created by Dependabot for 90 days. For more information about the criteria for Dependabot updates being paused, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates) and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates). # https://github.com/github/releases/issues/3070 - | @@ -97,27 +97,27 @@ sections: # https://github.com/github/releases/issues/2303 - | - In the [GitHub Advisory Database](https://github.com/advisories), users can search for any historical vulnerability recognized by the National Vulnerability Database. The "Unreviewed advisories" category has been backfilled to include vulnerabilities from previous years. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)." + In the [GitHub Advisory Database](https://github.com/advisories), users can search for any historical vulnerability recognized by the National Vulnerability Database. The "Unreviewed advisories" category has been backfilled to include vulnerabilities from previous years. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database). # https://github.com/github/releases/issues/2295 - | - In the [GitHub Advisory Database](https://github.com/advisories), users can search for malware advisories by using the query `type:malware`. Dependabot does not send alerts for malware advisories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)." + In the [GitHub Advisory Database](https://github.com/advisories), users can search for malware advisories by using the query `type:malware`. Dependabot does not send alerts for malware advisories. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database). # https://github.com/github/releases/issues/2042 - | - In the [GitHub Advisory Database](https://github.com/advisories), users can search for advisories for the Hex package manager, including Elixir, Erlang, and more. Dependabot does not send alerts for Hex advisories. For more information, see "[Browsing security advisories in the GitHub Advisory Database](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database)." + In the [GitHub Advisory Database](https://github.com/advisories), users can search for advisories for the Hex package manager, including Elixir, Erlang, and more. Dependabot does not send alerts for Hex advisories. For more information, see [Browsing security advisories in the GitHub Advisory Database](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#about-the-github-advisory-database). # https://github.com/github/releases/issues/2890 - | - Organization owners, security managers, and users with admin access to a repository can quickly enable or disable security features for a filtered selection of repositories from the "Security coverage" view in an organization's security overview. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)." + Organization owners, security managers, and users with admin access to a repository can quickly enable or disable security features for a filtered selection of repositories from the "Security coverage" view in an organization's security overview. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories). # https://github.com/github/releases/issues/3162 - | - Enterprise owners, organization owners, and security managers can quickly assess adoption of security features and exposure to security vulnerabilities across their enterprise. The enterprise-level "Security coverage" and "Security risk" views in security overview display data for repositories in each organization where the viewer is an organization owner or security manager. These views replace the "Overview" page in the "Code Security" tab for an enterprise. The `risk` metric for filtering the "Overview" page is no longer available. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-enterprises)." + Enterprise owners, organization owners, and security managers can quickly assess adoption of security features and exposure to security vulnerabilities across their enterprise. The enterprise-level "Security coverage" and "Security risk" views in security overview display data for repositories in each organization where the viewer is an organization owner or security manager. These views replace the "Overview" page in the "Code Security" tab for an enterprise. The `risk` metric for filtering the "Overview" page is no longer available. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-enterprises). # https://github.com/github/releases/issues/3112 - | - Users can find curated security advisories for the Swift ecosystem in the GitHub Advisory Database. For more information, see "[AUTOTITLE](/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database)." + Users can find curated security advisories for the Swift ecosystem in the GitHub Advisory Database. For more information, see [AUTOTITLE](/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database). - heading: GitHub Actions notes: @@ -126,23 +126,23 @@ sections: {% data reusables.actions.actions-runner-release-note %} [Updated: 2024-04-25] # https://github.com/github/releases/issues/3136 - | - Organization owners can increase instance security by preventing members from creating self-hosted runners at the repository level. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization)." + Organization owners can increase instance security by preventing members from creating self-hosted runners at the repository level. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization). # https://github.com/github/releases/issues/2901 - | - Users with admin access to a repository can allow external systems and third-party services to approve or reject deployments across organizations, repositories, and environments by enabling custom deployment protection rules. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#custom-deployment-protection-rules)." + Users with admin access to a repository can allow external systems and third-party services to approve or reject deployments across organizations, repositories, and environments by enabling custom deployment protection rules. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#custom-deployment-protection-rules). # https://github.com/github/releases/issues/3184 - | - The option to execute custom scripts on a self-hosted runner is no longer is beta. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job#about-pre--and-post-job-scripts)." + The option to execute custom scripts on a self-hosted runner is no longer is beta. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job#about-pre--and-post-job-scripts). # https://github.com/github/releases/issues/3248 - | - To prevent unnecessary transfer of OIDC tokens between workflows, to fetch an OIDC token generated within a reusable workflow that is outside their enterprise or organization, users must set the `id-token` permission to `write` in the workflow or specific job where the reusable workflow is called. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings)." + To prevent unnecessary transfer of OIDC tokens between workflows, to fetch an OIDC token generated within a reusable workflow that is outside their enterprise or organization, users must set the `id-token` permission to `write` in the workflow or specific job where the reusable workflow is called. For more information, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings). # https://github.com/github/docs-content/issues/9102 - | - Repository administrators, organization owners, and users with the `manage_runners:enterprise` scope for enterprises can use the REST API to create ephemeral, just-in-time (JIT) runners that can perform at most one job before being automatically removed from the repository, organization, or enterprise. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-just-in-time-runners)." + Repository administrators, organization owners, and users with the `manage_runners:enterprise` scope for enterprises can use the REST API to create ephemeral, just-in-time (JIT) runners that can perform at most one job before being automatically removed from the repository, organization, or enterprise. For more information, see [AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-just-in-time-runners). - heading: Community experience notes: @@ -158,29 +158,29 @@ sections: notes: # https://github.com/github/releases/issues/3226 - | - To prevent unnecessary repository removal, the API for managing the repositories accessible by a GitHub App in your organization has been updated to fail early if the application is currently granted access to `all` repositories in the organization. This API can only be used to remove a repository when the application has been granted access to an explicit list of repositories. For more information, see "[AUTOTITLE](/rest/apps/installations#remove-a-repository-from-an-app-installation)." + To prevent unnecessary repository removal, the API for managing the repositories accessible by a GitHub App in your organization has been updated to fail early if the application is currently granted access to `all` repositories in the organization. This API can only be used to remove a repository when the application has been granted access to an explicit list of repositories. For more information, see [AUTOTITLE](/rest/apps/installations#remove-a-repository-from-an-app-installation). # https://github.com/github/releases/issues/2610 - | - Repository administrators can ensure the security and stability of branches by requiring pull request approval by someone other than the last pusher. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging)." + Repository administrators can ensure the security and stability of branches by requiring pull request approval by someone other than the last pusher. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging). - heading: Projects notes: # https://github.com/github/releases/issues/2250 - | - Projects is no longer in public beta, and is now considered generally available. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects)." + Projects is no longer in public beta, and is now considered generally available. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects). # https://github.com/github/releases/issues/3207 - | - To control the amount of work in progress and promote focus, on a board layout, users with admin access to a project can set a recommended limit on the number of items in a column. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#setting-a-limit-on-the-number-of-items-in-a-column)." + To control the amount of work in progress and promote focus, on a board layout, users with admin access to a project can set a recommended limit on the number of items in a column. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#setting-a-limit-on-the-number-of-items-in-a-column). # https://github.com/github/releases/issues/3133 - | - To determine the default access rights organization members have to projects where they haven't been granted individual access, organization owners can set a base role for projects. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-access-to-your-projects#managing-access-for-organization-level-projects)." + To determine the default access rights organization members have to projects where they haven't been granted individual access, organization owners can set a base role for projects. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-access-to-your-projects#managing-access-for-organization-level-projects). # https://github.com/github/releases/issues/2929 - | - To share a pre-configured project with other people in an organization, users with admin access to a project can set the project as a template. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization)." + To share a pre-configured project with other people in an organization, users with admin access to a project can set the project as a template. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization). # https://github.com/github/releases/issues/3061 - | @@ -200,7 +200,7 @@ sections: notes: # https://github.com/github/releases/issues/3118 - | - Users can include mathematical expressions within Markdown by using LaTeX syntax delimited by `$` characters and backticks. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions#writing-inline-expressions)." + Users can include mathematical expressions within Markdown by using LaTeX syntax delimited by `$` characters and backticks. For more information, see [AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/writing-mathematical-expressions#writing-inline-expressions). - heading: Accessibility notes: @@ -217,7 +217,7 @@ sections: - `log_message`, `msg`, or `message` is now `Body`. - `now` is now `Timestamp`. - Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names. - - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal)." + - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal). For a full list of field mappings, download the [OpenTelemetry attribute mapping CSV for GitHub Enterprise Server 3.9](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv) and the [OpenTelemetry attribute mapping CSV for GitHub Enterprise Server 3.10](/assets/ghes-3.10-opentelemetry-attribute-mappings.csv). This change is part of GitHub's gradual migration to internal semantic conventions for [OpenTelemetry](https://opentelemetry.io/), and additional field names will change in upcoming releases. @@ -231,11 +231,11 @@ sections: # https://github.com/github/releases/issues/3233 - | - The `PUT` and `DELETE` operations on the `/installations/{installation_id}/repositories/{repository_id}` endpoint are no longer functional for the management of GitHub App installations. You can add or remove a repository from an app installation using the documented APIs instead. For more information, see "[AUTOTITLE](/rest/apps/installations)." + The `PUT` and `DELETE` operations on the `/installations/{installation_id}/repositories/{repository_id}` endpoint are no longer functional for the management of GitHub App installations. You can add or remove a repository from an app installation using the documented APIs instead. For more information, see [AUTOTITLE](/rest/apps/installations). # https://github.com/github/releases/issues/2870 - | - On an instance with a GitHub Advanced Security license, to make it easier to assess vulnerabilities to exposed secrets, enterprise owners and organization owners receive a single email with the results of the historical scan for secrets that is performed when secret scanning is first enabled in an organization or enterprise. Previously, secret scanning sent an email for each repository where secrets were detected. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)." + On an instance with a GitHub Advanced Security license, to make it easier to assess vulnerabilities to exposed secrets, enterprise owners and organization owners receive a single email with the results of the historical scan for secrets that is performed when secret scanning is first enabled in an organization or enterprise. Previously, secret scanning sent an email for each repository where secrets were detected. For more information, see [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users). # https://github.com/github/releases/issues/2805 - | @@ -253,7 +253,7 @@ sections: known_issues: # INCLUDE NOTES FOR RELEASE FROM "GHES Release Note Tracking" PROJECT'S "Known Issues" TAB - | - After an administrator upgrades from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9 or 3.10, I/O utilization will increase, and in some cases the instance's performance will be impacted. Reduced performance is due to the database server being upgraded from MySQL 5.7 to MySQL 8.0. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance)." + After an administrator upgrades from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9 or 3.10, I/O utilization will increase, and in some cases the instance's performance will be impacted. Reduced performance is due to the database server being upgraded from MySQL 5.7 to MySQL 8.0. For more information, see [AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance). - | {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} [Updated: 2023-08-11] - | @@ -284,7 +284,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} [Updated: 2023-09-04] - | @@ -321,4 +321,4 @@ sections: - heading: Upcoming deprecation of team discussions notes: - | - GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.10, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." [Updated: 2024-03-04] + GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.10, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see [AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions) and [AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions). [Updated: 2024-03-04] diff --git a/data/release-notes/enterprise-server/3-10/1.yml b/data/release-notes/enterprise-server/3-10/1.yml index 353e7b20ca13..48c25ec934da 100644 --- a/data/release-notes/enterprise-server/3-10/1.yml +++ b/data/release-notes/enterprise-server/3-10/1.yml @@ -4,8 +4,8 @@ intro: | **Warnings**: - - This release contains a known issue that may lead to replication issues on an instance in a high-availability, geo-replication, or repository cache configuration. Upgrade to {% data variables.product.prodname_ghe_server %} 3.10.2 or later instead of this release. For more information, see the "[Known issues](#3.10.1-known-issues)" section of these release notes. - - A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.1-known-issues)" section of these release notes. + - This release contains a known issue that may lead to replication issues on an instance in a high-availability, geo-replication, or repository cache configuration. Upgrade to {% data variables.product.prodname_ghe_server %} 3.10.2 or later instead of this release. For more information, see the [Known issues](#3.10.1-known-issues) section of these release notes. + - A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.1-known-issues) section of these release notes. {% endwarning %} sections: @@ -38,7 +38,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23] + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). [Updated: 2023-02-23] - | On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node. - | diff --git a/data/release-notes/enterprise-server/3-10/10.yml b/data/release-notes/enterprise-server/3-10/10.yml index e0d995278271..46dea0ace863 100644 --- a/data/release-notes/enterprise-server/3-10/10.yml +++ b/data/release-notes/enterprise-server/3-10/10.yml @@ -2,7 +2,7 @@ date: '2024-04-18' intro: | {% warning %} - **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.10-known-issues)" section of these release notes. + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.10-known-issues) section of these release notes. {% endwarning %} sections: @@ -23,7 +23,7 @@ sections: - | Disk usage, utilization, and latency for data devices could render incorrectly in Grafana. - | - On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover. The `ghe-cluster-failover` command has been updated to block access from the old cluster, and four new command-line utilities have been introduced to manually block IP addresses: `ghe-cluster-block-ips`, `ghe-cluster-block-ip`, `ghe-cluster-unblock-ips`, and `ghe-cluster-unblock-ip`. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-failover)." [Updated: 2024-05-01] + On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover. The `ghe-cluster-failover` command has been updated to block access from the old cluster, and four new command-line utilities have been introduced to manually block IP addresses: `ghe-cluster-block-ips`, `ghe-cluster-block-ip`, `ghe-cluster-unblock-ips`, and `ghe-cluster-unblock-ip`. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-failover). [Updated: 2024-05-01] - | The `ghe-update-check` command did not clean up .tmp files in `/var/lib/ghe-updates/`, which could lead to full disk issues. - | @@ -59,7 +59,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-10/11.yml b/data/release-notes/enterprise-server/3-10/11.yml index e6ed9eec131a..b40b6f89aa37 100644 --- a/data/release-notes/enterprise-server/3-10/11.yml +++ b/data/release-notes/enterprise-server/3-10/11.yml @@ -2,7 +2,7 @@ date: '2024-05-08' intro: | {% warning %} - **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.11-known-issues)" section of these release notes. + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.11-known-issues) section of these release notes. {% endwarning %} sections: @@ -31,7 +31,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-10/12.yml b/data/release-notes/enterprise-server/3-10/12.yml index 9f30084de84c..07bba6700327 100644 --- a/data/release-notes/enterprise-server/3-10/12.yml +++ b/data/release-notes/enterprise-server/3-10/12.yml @@ -2,7 +2,7 @@ date: '2024-05-20' intro: | {% warning %} - **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.12-known-issues)" section of these release notes. + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.12-known-issues) section of these release notes. {% endwarning %} sections: @@ -12,14 +12,14 @@ sections: Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO or utilizing SAML SSO authentication without encrypted assertions are not impacted. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. GitHub has requested CVE ID [CVE-2024-4985](https://nvd.nist.gov/vuln/detail/CVE-2024-4985) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). - For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)" and "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions)." + For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise) and [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions). known_issues: - | Custom firewall rules are removed during the upgrade process. - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-10/13.yml b/data/release-notes/enterprise-server/3-10/13.yml index 2c8cef08a05c..b2bb029f1162 100644 --- a/data/release-notes/enterprise-server/3-10/13.yml +++ b/data/release-notes/enterprise-server/3-10/13.yml @@ -2,7 +2,7 @@ date: '2024-06-19' intro: | {% warning %} - **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.13-known-issues)" section of these release notes. + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.13-known-issues) section of these release notes. {% endwarning %} sections: @@ -20,7 +20,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-10/15.yml b/data/release-notes/enterprise-server/3-10/15.yml index f7c8ebdb10a9..54214a9ec568 100644 --- a/data/release-notes/enterprise-server/3-10/15.yml +++ b/data/release-notes/enterprise-server/3-10/15.yml @@ -5,7 +5,7 @@ intro: | {% warning %} - **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.14-known-issues)" section of these release notes. + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.14-known-issues) section of these release notes. {% endwarning %} sections: @@ -102,7 +102,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-10/16.yml b/data/release-notes/enterprise-server/3-10/16.yml index 7483da2ec08c..e0d7724f805b 100644 --- a/data/release-notes/enterprise-server/3-10/16.yml +++ b/data/release-notes/enterprise-server/3-10/16.yml @@ -2,7 +2,7 @@ date: '2024-08-20' intro: | {% warning %} - **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.16-known-issues)" section of these release notes. + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.16-known-issues) section of these release notes. {% endwarning %} sections: @@ -52,7 +52,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-10/17.yml b/data/release-notes/enterprise-server/3-10/17.yml index f790b376b3ea..41285cb9cde4 100644 --- a/data/release-notes/enterprise-server/3-10/17.yml +++ b/data/release-notes/enterprise-server/3-10/17.yml @@ -41,7 +41,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. - | diff --git a/data/release-notes/enterprise-server/3-10/2.yml b/data/release-notes/enterprise-server/3-10/2.yml index f2cad0a0c973..d48adb123322 100644 --- a/data/release-notes/enterprise-server/3-10/2.yml +++ b/data/release-notes/enterprise-server/3-10/2.yml @@ -2,7 +2,7 @@ date: '2023-09-22' intro: | {% warning %} - **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.2-known-issues)" section of these release notes. + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.2-known-issues) section of these release notes. {% endwarning %} sections: @@ -17,7 +17,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23] + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [Troubleshooting access to the Management Console](/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). [Updated: 2023-02-23] - | On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node. - | diff --git a/data/release-notes/enterprise-server/3-10/3.yml b/data/release-notes/enterprise-server/3-10/3.yml index 3c403381e2b4..afc4c268562f 100644 --- a/data/release-notes/enterprise-server/3-10/3.yml +++ b/data/release-notes/enterprise-server/3-10/3.yml @@ -2,7 +2,7 @@ date: '2023-10-24' intro: | {% warning %} - **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.3-known-issues)" section of these release notes. + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.3-known-issues) section of these release notes. {% endwarning %} sections: @@ -58,7 +58,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node. - | diff --git a/data/release-notes/enterprise-server/3-10/4.yml b/data/release-notes/enterprise-server/3-10/4.yml index 0001d340079c..e4fd8b9f7932 100644 --- a/data/release-notes/enterprise-server/3-10/4.yml +++ b/data/release-notes/enterprise-server/3-10/4.yml @@ -2,13 +2,13 @@ date: '2023-12-21' intro: | {% warning %} - **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.4-known-issues)" section of these release notes. + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.4-known-issues) section of these release notes. {% endwarning %} sections: security_fixes: - | - **HIGH**: An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of private mode by using a specially crafted API request. Private mode is the mechanism that enforces authentication for publicly-scoped resources. For more information, see "[AUTOTITLE](/admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode)." + **HIGH**: An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of private mode by using a specially crafted API request. Private mode is the mechanism that enforces authentication for publicly-scoped resources. For more information, see [AUTOTITLE](/admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode). This vulnerability would allow unauthenticated attackers to gain access to various types of resources set as public on the instance. To exploit this vulnerability, an attacker would need network access to the GitHub Enterprise Server instance configured in private mode. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-6847](https://www.cve.org/cverecord?id=CVE-2023-6847). - | @@ -38,7 +38,7 @@ sections: - | **LOW:** Pre-receive hooks have been further hardened against shell command injections. - | - **LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)." + **LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see [AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps). - | To address scenarios that could lead to denial of service, HAProxy has been upgraded to version 2.8.4. - | @@ -141,7 +141,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | @@ -185,4 +185,4 @@ sections: - | To allow users to render interactive maps in an instance's web UI by writing GeoJSON or TopoJSON syntax, GitHub Enterprise Server previously required a potentially unsecure API key for authentication with Azure Maps. If an administrator previously enabled interactive maps on an instance, the feature is disabled upon upgrade to this release. - To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)" and the security fixes for this release. + To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see [AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps) and the security fixes for this release. diff --git a/data/release-notes/enterprise-server/3-10/5.yml b/data/release-notes/enterprise-server/3-10/5.yml index d7665f8f7d82..314850c9b2e2 100644 --- a/data/release-notes/enterprise-server/3-10/5.yml +++ b/data/release-notes/enterprise-server/3-10/5.yml @@ -2,7 +2,7 @@ date: '2024-01-16' intro: | {% warning %} - **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.5-known-issues)" section of these release notes. + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.5-known-issues) section of these release notes. {% endwarning %} sections: @@ -33,7 +33,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-10/6.yml b/data/release-notes/enterprise-server/3-10/6.yml index 82938131173c..60bd466b4116 100644 --- a/data/release-notes/enterprise-server/3-10/6.yml +++ b/data/release-notes/enterprise-server/3-10/6.yml @@ -2,7 +2,7 @@ date: '2024-01-30' intro: | {% warning %} - **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.6-known-issues)" section of these release notes. + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.6-known-issues) section of these release notes. {% endwarning %} sections: @@ -19,7 +19,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-10/7.yml b/data/release-notes/enterprise-server/3-10/7.yml index 4c98b42f3087..7412430e9c81 100644 --- a/data/release-notes/enterprise-server/3-10/7.yml +++ b/data/release-notes/enterprise-server/3-10/7.yml @@ -2,7 +2,7 @@ date: '2024-02-13' intro: | {% warning %} - **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.7-known-issues)" section of these release notes. + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.7-known-issues) section of these release notes. {% endwarning %} sections: @@ -53,7 +53,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-10/8.yml b/data/release-notes/enterprise-server/3-10/8.yml index 0a5e02eec91a..e0c3bccf3a19 100644 --- a/data/release-notes/enterprise-server/3-10/8.yml +++ b/data/release-notes/enterprise-server/3-10/8.yml @@ -2,7 +2,7 @@ date: '2024-02-29' intro: | {% warning %} - **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.8-known-issues)" section of these release notes. + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.8-known-issues) section of these release notes. {% endwarning %} sections: @@ -20,7 +20,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-10/9.yml b/data/release-notes/enterprise-server/3-10/9.yml index fa0a1054e4b2..8f54b7326c90 100644 --- a/data/release-notes/enterprise-server/3-10/9.yml +++ b/data/release-notes/enterprise-server/3-10/9.yml @@ -2,7 +2,7 @@ date: '2024-03-20' intro: | {% warning %} - **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.9-known-issues)" section of these release notes. + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the [Known issues](#3.10.9-known-issues) section of these release notes. {% endwarning %} sections: @@ -64,16 +64,16 @@ sections: - | People deploying a GitHub Enterprise Server instance in AWS can now deploy in an environment that uses Instance Metadata Service Version 2 (IMDSv2). - | - On an instance in a cluster configuration, MySQL replica nodes can be configured to skip database seeding. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding)." + On an instance in a cluster configuration, MySQL replica nodes can be configured to skip database seeding. For more information, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding). - | - The payload for the `push` webhook event is now limited to 2,048 commits. If there are more than 2,048 commits in a push, the payload for the push webhook will not contain serialized diff information for each commit. If you need to fetch commit information, you can use the Commits endpoints of the REST API. For more information, see "[AUTOTITLE](/webhooks/webhook-events-and-payloads#push)" and "[AUTOTITLE](/rest/commits)." + The payload for the `push` webhook event is now limited to 2,048 commits. If there are more than 2,048 commits in a push, the payload for the push webhook will not contain serialized diff information for each commit. If you need to fetch commit information, you can use the Commits endpoints of the REST API. For more information, see [AUTOTITLE](/webhooks/webhook-events-and-payloads#push) and [AUTOTITLE](/rest/commits). known_issues: - | Custom firewall rules are removed during the upgrade process. - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-11/0-rc1.yml b/data/release-notes/enterprise-server/3-11/0-rc1.yml index a7a626195705..b379a86575ad 100644 --- a/data/release-notes/enterprise-server/3-11/0-rc1.yml +++ b/data/release-notes/enterprise-server/3-11/0-rc1.yml @@ -8,7 +8,7 @@ intro: | {% endnote %} - For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)." + For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server). sections: features: @@ -16,7 +16,7 @@ sections: notes: # https://github.com/github/releases/issues/3439 - | - Instance administrators can perform administrative tasks using the `gh es` extension for the GitHub CLI. The extension communicates with your instance's management API, so you don't need to SSH into the instance or write a custom application. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/administering-your-instance-using-the-github-cli)." + Instance administrators can perform administrative tasks using the `gh es` extension for the GitHub CLI. The extension communicates with your instance's management API, so you don't need to SSH into the instance or write a custom application. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/administering-your-instance-using-the-github-cli). - heading: Authentication notes: @@ -24,9 +24,9 @@ sections: - | To help users discover the required permissions for calls to a REST API endpoint, GitHub Enterprise Server returns the `X-Accepted-GitHub-Permissions` header for requests to endpoints that use fine-grained permissions, including requests from GitHub Apps. For more information, see the following articles. - - "[AUTOTITLE](/rest/overview/troubleshooting#insufficient-permissions-errors)" - - "[AUTOTITLE](/rest/overview/permissions-required-for-fine-grained-personal-access-tokens)" - - "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps)" + - [AUTOTITLE](/rest/overview/troubleshooting#insufficient-permissions-errors) + - [AUTOTITLE](/rest/overview/permissions-required-for-fine-grained-personal-access-tokens) + - [AUTOTITLE](/rest/overview/permissions-required-for-github-apps) - heading: Audit logs notes: @@ -34,9 +34,9 @@ sections: - | The web interface for enterprise, organization, and user audit logs include an expandable view that displays the full audit log payload for each event. Administrators and users can see the same event metadata when searching the audit log in the web interface or via streaming. For more information, see the following articles. - - "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise)" - - "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)" - - "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)" + - [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise) + - [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization) + - [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log) - heading: GitHub Advanced Security notes: @@ -44,17 +44,17 @@ sections: - | On an instance with GitHub Actions enabled, in repositories that use default setup for code scanning, the default setup configuration updates automatically if GitHub detects new languages. Users can view a repository's language configuration for default setup from the repository's "Code security and analysis" settings page. Additionally, users can view information about setup and debug failed languages from the tools status page. For more information, see the following articles. - - "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale#about-adding-languages-to-an-existing-default-setup-configuration)" - - "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" - - "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page)" + - [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale#about-adding-languages-to-an-existing-default-setup-configuration) + - [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning) + - [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page) # https://github.com/github/releases/issues/3258 - | - On an instance with GitHub Actions enabled, default setup for code scanning at the organization level is now generally available. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale)" and "[AUTOTITLE](/rest/orgs/orgs?apiVersion=2022-11-28#enable-or-disable-a-security-feature-for-an-organization)" in the REST API documentation. + On an instance with GitHub Actions enabled, default setup for code scanning at the organization level is now generally available. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale) and [AUTOTITLE](/rest/orgs/orgs?apiVersion=2022-11-28#enable-or-disable-a-security-feature-for-an-organization) in the REST API documentation. # https://github.com/github/releases/issues/3214 - | - On an instance with GitHub Actions enabled, during configuration of default setup for code scanning, users can select either the "Extended" or "Default" query suite for eligible repositories in an organization. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites)" and "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)." + On an instance with GitHub Actions enabled, during configuration of default setup for code scanning, users can select either the "Extended" or "Default" query suite for eligible repositories in an organization. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites) and [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning). # https://github.com/github/releases/issues/2841 - | @@ -62,39 +62,39 @@ sections: # https://github.com/github/releases/issues/3283 - | - Code scanning default setup is available for Swift analysis with CodeQL. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically)." + Code scanning default setup is available for Swift analysis with CodeQL. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically). # https://github.com/github/releases/issues/3355 - | - CodeQL 2.14.6 and later supports analysis of code written in Go 1.21. For more information, see "[Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/)" in the CodeQL documentation. + CodeQL 2.14.6 and later supports analysis of code written in Go 1.21. For more information, see [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation. # https://github.com/github/releases/issues/3289 - | With CodeQL model packs for Java, users can improve code scanning results by ensuring that any custom Java libraries and frameworks used by their codebase are recognized by CodeQL. For more information, see the following documentation. - - "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup)" - - "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-codeql-model-packs)" - - "[Using the CodeQL model editor](https://codeql.github.com/docs/codeql-for-visual-studio-code/using-the-codeql-model-editor)" in the CodeQL documentation + - [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup) + - [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-codeql-model-packs) + - [Using the CodeQL model editor](https://codeql.github.com/docs/codeql-for-visual-studio-code/using-the-codeql-model-editor) in the CodeQL documentation # https://github.com/github/releases/issues/3110 - | For instances with GitHub Connect configured, code scanning with CodeQL supports Java codebases that use [Project Lombok](https://projectlombok.org/). Previously, code scanning users were able to scan Java applications that contained Lombok code, but all the contents of files containing Lombok code were either skipped or users had to apply a workaround to prepare the applications for scanning. Lombok features will now be automatically scanned without requiring any workaround. - For more information about syncing the required GitHub Actions workflow to scan Lombok code, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions)." + For more information about syncing the required GitHub Actions workflow to scan Lombok code, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions). # https://github.com/github/releases/issues/2920 - | - Push protection for secret scanning is now generally available. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." + Push protection for secret scanning is now generally available. For more information, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning). # https://github.com/github/releases/issues/2649 # https://github.com/github/releases/issues/2866 # https://github.com/github/releases/issues/3196 - | - To prevent the leak of tokens where users work outside of code, secret scanning detects tokens in both new and historical issue titles, descriptions, and comments. When a new token type is added to secret scanning, GitHub Enterprise Server scans for matches automatically. This expanded coverage also detects and surfaces secrets that match any custom pattern defined at the repository, organization, or enterprise level. These secrets appear both in the web interface and in queries to the REST API. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)" and "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)." + To prevent the leak of tokens where users work outside of code, secret scanning detects tokens in both new and historical issue titles, descriptions, and comments. When a new token type is added to secret scanning, GitHub Enterprise Server scans for matches automatically. This expanded coverage also detects and surfaces secrets that match any custom pattern defined at the repository, organization, or enterprise level. These secrets appear both in the web interface and in queries to the REST API. For more information, see [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning) and [AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning). # https://github.com/github/releases/issues/2868 - | - Users can view metrics associated with push protection usage across an organization. The overview shows a summary of blocks and bypasses, as well as more granular metrics. For more information, see "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)." + Users can view metrics associated with push protection usage across an organization. The overview shows a summary of blocks and bypasses, as well as more granular metrics. For more information, see [AUTOTITLE](/code-security/security-overview/assessing-code-security-risk). # https://github.com/github/releases/issues/3291 - | @@ -104,22 +104,22 @@ sections: notes: # https://github.com/github/releases/issues/2919 - | - For developers who manage Node.js dependencies using the pnpm package manager, pnpm is fully supported by dependency graph, Dependabot alerts, and Dependabot security updates. For more information about securing your supply chain with Dependabot, see "[AUTOTITLE](/code-security/dependabot)." + For developers who manage Node.js dependencies using the pnpm package manager, pnpm is fully supported by dependency graph, Dependabot alerts, and Dependabot security updates. For more information about securing your supply chain with Dependabot, see [AUTOTITLE](/code-security/dependabot). # https://github.com/github/releases/issues/3171 - | Developers can enforce policies related to vulnerabilities and licenses in pull requests for complex ecosystems with transitive dependencies like Gradle and Scala. Dependency review supports dependencies from the dependency submission API. For more information, see the following articles. - - "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together)" - - "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)" - - "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)" + - [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together) + - [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review) + - [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api) # https://github.com/github/releases/issues/3268 # https://github.com/github/releases/issues/3362 # https://github.com/github/releases/issues/3363 # https://github.com/github/releases/issues/3364 - | - To control how Dependabot structures pull requests and improve mergeability, users can implement flexible grouping options in `dependabot.yml`. You can also control Dependabot's behavior for groups using comment commands. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups)" and "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)." + To control how Dependabot structures pull requests and improve mergeability, users can implement flexible grouping options in `dependabot.yml`. You can also control Dependabot's behavior for groups using comment commands. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups) and [AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands). # https://github.com/github/releases/issues/3270 # https://github.com/github/releases/issues/3271 @@ -129,27 +129,27 @@ sections: - Users can also configure scheduled updates for Swift dependencies using `dependabot.yml`. - If users have used the REST API for dependency submission to upload Gradle dependencies to the dependency graph and receive Dependabot alerts for those dependencies, Dependabot will try to open a pull request to resolve security updates enabled for the repository. - For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." + For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates). # https://github.com/github/releases/issues/3287 - | - Responses from REST API endpoints for repositories display whether Dependabot security updates are enabled or disabled. Users can also enable or disable security updates for a repository using the REST API. For more information, see "[AUTOTITLE](/rest/repos/repos)" in the REST API documentation. + Responses from REST API endpoints for repositories display whether Dependabot security updates are enabled or disabled. Users can also enable or disable security updates for a repository using the REST API. For more information, see [AUTOTITLE](/rest/repos/repos) in the REST API documentation. - heading: Code security notes: # https://github.com/github/releases/issues/3259 - | - To assess risks to code security and ensure adoption of features to improve code security, the "Security risk" and "Security coverage" pages for organizations and the entire instance are generally available. Additionally, the alert-centric pages for Dependabot, code scanning, and secret scanning are also now generally available. For more information, see "[Assessing your code security risk](/code-security/security-overview/assessing-code-security-risk)" and "[Assessing adoption of code security features](/code-security/security-overview/assessing-adoption-code-security)." + To assess risks to code security and ensure adoption of features to improve code security, the "Security risk" and "Security coverage" pages for organizations and the entire instance are generally available. Additionally, the alert-centric pages for Dependabot, code scanning, and secret scanning are also now generally available. For more information, see [Assessing your code security risk](/code-security/security-overview/assessing-code-security-risk) and [Assessing adoption of code security features](/code-security/security-overview/assessing-adoption-code-security). # https://github.com/github/releases/issues/3126 - | - Users can take advantage of the [GitHub Advisory Database](https://github.com/advisories) using the REST API. The Advisory Database is a free, open-source list of actionable security advisories and CVEs. API responses include machine-readable mappings to the ecosystem, package name, and affected versions of impacted software. For more information, see "[AUTOTITLE](/rest/security-advisories/global-advisories)" in the REST API documentation. + Users can take advantage of the [GitHub Advisory Database](https://github.com/advisories) using the REST API. The Advisory Database is a free, open-source list of actionable security advisories and CVEs. API responses include machine-readable mappings to the ecosystem, package name, and affected versions of impacted software. For more information, see [AUTOTITLE](/rest/security-advisories/global-advisories) in the REST API documentation. - heading: GitHub Actions notes: # https://github.com/github/releases/issues/3247 - | - To better navigate, trace, understand, and monitor deployments, users can view and track the full history of deployments in a repository or filter across environments. For more information, see "[AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history)." + To better navigate, trace, understand, and monitor deployments, users can view and track the full history of deployments in a repository or filter across environments. For more information, see [AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history). # https://github.com/github/releases/issues/3402 - | @@ -158,53 +158,53 @@ sections: - GitHub Enterprise Server blocks runs triggered from forks with branch names that match the protected branch's name. - Tags with the same name as a protected branch cannot deploy to the environments with a branch protection configuration. - For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches)." + For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches). # https://github.com/github/releases/issues/3489 - | - On an instance with GitHub Actions enabled and a configuration for deployment environments, administrators for environments can improve the security of deployments by enforcing a review by someone other than the person who triggered the run. This option prevents required reviewers from self-reviewing to trigger workflows. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#required-reviewers)." + On an instance with GitHub Actions enabled and a configuration for deployment environments, administrators for environments can improve the security of deployments by enforcing a review by someone other than the person who triggered the run. This option prevents required reviewers from self-reviewing to trigger workflows. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#required-reviewers). - heading: Organizations notes: # https://github.com/github/releases/issues/3465 - | - Organization owners can signal that an organization is no longer actively maintained by archiving the organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/archiving-an-organization)." + Organization owners can signal that an organization is no longer actively maintained by archiving the organization. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/archiving-an-organization). - heading: Repositories notes: # https://github.com/github/releases/issues/2926 - | - Users can govern protections for branches and tags in a repository using repository rules. To govern the protections for all of an organization's repositories, users can also enable rulesets for an organization. Contributors to a repository can see which rules apply via the web interface, Git, or the GitHub CLI. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets)." + Users can govern protections for branches and tags in a repository using repository rules. To govern the protections for all of an organization's repositories, users can also enable rulesets for an organization. Contributors to a repository can see which rules apply via the web interface, Git, or the GitHub CLI. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets). # https://github.com/github/releases/issues/3081 - | - Users can create new repositories with predefined attributes using query parameters. For example, a user can create a URL that prepopulates information about the repository like the name, description, visibility, and more. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-new-repository#creating-a-new-repository-from-a-url-query)." + Users can create new repositories with predefined attributes using query parameters. For example, a user can create a URL that prepopulates information about the repository like the name, description, visibility, and more. For more information, see [AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-new-repository#creating-a-new-repository-from-a-url-query). # https://github.com/github/releases/issues/2741 - | - Users can more easily understand changes to a repository using the activity view. For more information, see "[AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/using-the-activity-view-to-see-changes-to-a-repository)." + Users can more easily understand changes to a repository using the activity view. For more information, see [AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/using-the-activity-view-to-see-changes-to-a-repository). - heading: Issues notes: # https://github.com/github/releases/issues/3324 - | - Users can automatically add a new issue to projects using a custom issue form by defining `projects` in the issue template. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms)." + Users can automatically add a new issue to projects using a custom issue form by defining `projects` in the issue template. For more information, see [AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms). - heading: Projects notes: # https://github.com/github/releases/issues/3205 - | - Users can review items in a project view broken down by a certain field value. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-table-layout#slicing-by-field-values)." + Users can review items in a project view broken down by a certain field value. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-table-layout#slicing-by-field-values). # https://github.com/github/releases/issues/3205 - | - Users can create charts to visualize current project items, or visualize project items over time. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/viewing-insights-from-your-project/about-insights-for-projects)." + Users can create charts to visualize current project items, or visualize project items over time. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/viewing-insights-from-your-project/about-insights-for-projects). - heading: Accessibility notes: # https://github.com/github/releases/issues/3340 - | - To improve the visibility of links with blocks of text in the web interface for GitHub Enterprise Server, users can apply underline styling. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-accessibility-settings#managing-the-appearance-of-links)." + To improve the visibility of links with blocks of text in the web interface for GitHub Enterprise Server, users can apply underline styling. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-accessibility-settings#managing-the-appearance-of-links). changes: # https://github.com/github/releases/issues/3319 @@ -219,7 +219,7 @@ sections: - `log_message`, `msg`, or `message` is now `Body`. - `now` is now `Timestamp`. - Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names. - - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal)." + - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal). For a full list of mappings, download the OpenTelemetry attribute mapping CSV for GitHub Enterprise Server [3.9](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv), [3.10](/assets/ghes-3.10-opentelemetry-attribute-mappings.csv), and [3.11](/assets/ghes-3.11-opentelemetry-attribute-mappings.csv). @@ -229,15 +229,15 @@ sections: For more information about 2FA, see the following articles. - - "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization)" - - "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/sudo-mode)" - - "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-totp-mobile-app)" + - [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization) + - [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/sudo-mode) + - [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-totp-mobile-app) # https://github.com/github/releases/issues/3327 - | On an instance with a GitHub Advanced Security license, during analysis of Python projects with code scanning using CodeQL and an advanced setup, GitHub Enterprise Server would automatically install dependencies for the project. Due to improvements to CodeQL, GitHub Enterprise Server no longer needs to fetch these dependencies to analyze a codebase. To improve scan times for Python projects, automatic dependency installation is disabled. - If you configured code scanning with CodeQL via advanced setup to disable dependency installation, GitHub recommends setting `setup-python-dependencies` to `false` for the configuration. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#analyzing-python-dependencies)." + If you configured code scanning with CodeQL via advanced setup to disable dependency installation, GitHub recommends setting `setup-python-dependencies` to `false` for the configuration. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#analyzing-python-dependencies). # https://github.com/github/releases/issues/3172 - | @@ -245,7 +245,7 @@ sections: # https://github.com/github/releases/issues/3284 - | - On an instance with GitHub Advanced Security, to help users more efficiently review and filter code scanning alerts at scale using the REST API, the `updated_at` field in API responses is improved. The `updated_at` timestamp now represents an alert's most recent state change on the branch that you requested. State changes include an alert being introduced, fixed, dismissed, reopened, or reintroduced. Previously, the `updated_at` timestamp changed frequently, whenever an alert was found in an analysis or the alert state changed. For more information about using the REST API to retrieve code scanning alerts, see "[AUTOTITLE](/rest/code-scanning/code-scanning?apiVersion=2022-11-28)" in the REST API documentation. + On an instance with GitHub Advanced Security, to help users more efficiently review and filter code scanning alerts at scale using the REST API, the `updated_at` field in API responses is improved. The `updated_at` timestamp now represents an alert's most recent state change on the branch that you requested. State changes include an alert being introduced, fixed, dismissed, reopened, or reintroduced. Previously, the `updated_at` timestamp changed frequently, whenever an alert was found in an analysis or the alert state changed. For more information about using the REST API to retrieve code scanning alerts, see [AUTOTITLE](/rest/code-scanning/code-scanning?apiVersion=2022-11-28) in the REST API documentation. # https://github.com/github/releases/issues/2874 - | @@ -255,7 +255,7 @@ sections: - Dependency licenses are displayed. - Dependabot alerts appear for dependencies, sorted by severity, and link to the Dependabot alerts and the Dependabot update pull request where applicable. - For more information about the dependency graph, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)." + For more information about the dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph). # https://github.com/github/releases/issues/3253 - | @@ -265,12 +265,12 @@ sections: - | On an instance with GitHub Actions enabled, workflows that use Node.js 12 will log a warning. Node.js 12 has been end-of-life since [April 2022](https://github.com/nodejs/Release/#end-of-life-releases). - - Workflow authors should update actions to run on Node.js 16 instead of 12. For more information, see "[AUTOTITLE](/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions)." - - Users with workflows that use Node.js should specify Node.js 16 or later in the workflows using versioned actions. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#example-using-versioned-actions)." + - Workflow authors should update actions to run on Node.js 16 instead of 12. For more information, see [AUTOTITLE](/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions). + - Users with workflows that use Node.js should specify Node.js 16 or later in the workflows using versioned actions. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#example-using-versioned-actions). # https://github.com/github/releases/issues/3500 - | - On an instance with GitHub Actions enabled and runners using GitHub Actions Runner 2.309.0 or later, users can no longer use `GITHUB_ENV` to set the `NODE_OPTIONS` environment variable in workflows. Workflows that set `NODE_OPTIONS` as an environment variable will now log the following error. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable)" and the [v2.309.0 release](https://github.com/actions/runner/releases/tag/v2.309.0) in the actions/runner repository on GitHub.com. + On an instance with GitHub Actions enabled and runners using GitHub Actions Runner 2.309.0 or later, users can no longer use `GITHUB_ENV` to set the `NODE_OPTIONS` environment variable in workflows. Workflows that set `NODE_OPTIONS` as an environment variable will now log the following error. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable) and the [v2.309.0 release](https://github.com/actions/runner/releases/tag/v2.309.0) in the actions/runner repository on GitHub.com. ```shell Can't store NODE_OPTIONS output parameter using '$GITHUB_ENV' command. @@ -282,7 +282,7 @@ sections: # https://github.com/github/releases/issues/3219 - | - Users can break out items in a project by workstreams, team members, priorities, or other groupings using a swimlane view. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#grouping-by-field-values)." + Users can break out items in a project by workstreams, team members, priorities, or other groupings using a swimlane view. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#grouping-by-field-values). # https://github.com/github/releases/issues/3262 - | @@ -306,7 +306,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | @@ -335,4 +335,4 @@ sections: Users will continue to receive Dependabot alerts for dependencies with known vulnerabilities. To resolve these alerts, users can manually upgrade the affected package. - For more information about Python releases, see [Status of Python versions](https://devguide.python.org/versions) on the Python website. For more information about supported package managers for Dependabot, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)." + For more information about Python releases, see [Status of Python versions](https://devguide.python.org/versions) on the Python website. For more information about supported package managers for Dependabot, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems). diff --git a/data/release-notes/enterprise-server/3-11/0.yml b/data/release-notes/enterprise-server/3-11/0.yml index d80531bcb1ac..40f2a2feb851 100644 --- a/data/release-notes/enterprise-server/3-11/0.yml +++ b/data/release-notes/enterprise-server/3-11/0.yml @@ -2,7 +2,7 @@ date: '2023-12-05' release_candidate: false deprecated: false intro: | - For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)." + For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server). sections: features: @@ -10,7 +10,7 @@ sections: notes: # https://github.com/github/releases/issues/3439 - | - Instance administrators can perform administrative tasks using the `gh es` extension for the GitHub CLI. The extension communicates with your instance's management API, so you don't need to SSH into the instance or write a custom application. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/administering-your-instance-using-the-github-cli)." + Instance administrators can perform administrative tasks using the `gh es` extension for the GitHub CLI. The extension communicates with your instance's management API, so you don't need to SSH into the instance or write a custom application. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/administering-your-instance-using-the-github-cli). - heading: Authentication notes: @@ -18,9 +18,9 @@ sections: - | To help users discover the required permissions for calls to a REST API endpoint, GitHub Enterprise Server returns the `X-Accepted-GitHub-Permissions` header for requests to endpoints that use fine-grained permissions, including requests from GitHub Apps. For more information, see the following articles. - - "[AUTOTITLE](/rest/overview/troubleshooting#insufficient-permissions-errors)" - - "[AUTOTITLE](/rest/overview/permissions-required-for-fine-grained-personal-access-tokens)" - - "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps)" + - [AUTOTITLE](/rest/overview/troubleshooting#insufficient-permissions-errors) + - [AUTOTITLE](/rest/overview/permissions-required-for-fine-grained-personal-access-tokens) + - [AUTOTITLE](/rest/overview/permissions-required-for-github-apps) - heading: Audit logs notes: @@ -28,9 +28,9 @@ sections: - | The web interface for enterprise, organization, and user audit logs include an expandable view that displays the full audit log payload for each event. Administrators and users can see the same event metadata when searching the audit log in the web interface or via streaming. For more information, see the following articles. - - "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise)" - - "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)" - - "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)" + - [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise) + - [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization) + - [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log) - heading: GitHub Advanced Security notes: @@ -38,17 +38,17 @@ sections: - | On an instance with GitHub Actions enabled, in repositories that use default setup for code scanning, the default setup configuration updates automatically if GitHub detects new languages. Users can view a repository's language configuration for default setup from the repository's "Code security and analysis" settings page. Additionally, users can view information about setup and debug failed languages from the tools status page. For more information, see the following articles. - - "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale#about-adding-languages-to-an-existing-default-setup-configuration)" - - "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" - - "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page)" + - [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale#about-adding-languages-to-an-existing-default-setup-configuration) + - [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning) + - [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page) # https://github.com/github/releases/issues/3258 - | - On an instance with GitHub Actions enabled, default setup for code scanning at the organization level is now generally available. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale)" and "[AUTOTITLE](/rest/orgs/orgs?apiVersion=2022-11-28#enable-or-disable-a-security-feature-for-an-organization)" in the REST API documentation. + On an instance with GitHub Actions enabled, default setup for code scanning at the organization level is now generally available. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale) and [AUTOTITLE](/rest/orgs/orgs?apiVersion=2022-11-28#enable-or-disable-a-security-feature-for-an-organization) in the REST API documentation. # https://github.com/github/releases/issues/3214 - | - On an instance with GitHub Actions enabled, during configuration of default setup for code scanning, users can select either the "Extended" or "Default" query suite for eligible repositories in an organization. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites)" and "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)." + On an instance with GitHub Actions enabled, during configuration of default setup for code scanning, users can select either the "Extended" or "Default" query suite for eligible repositories in an organization. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites) and [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning). # https://github.com/github/releases/issues/2841 - | @@ -56,39 +56,39 @@ sections: # https://github.com/github/releases/issues/3283 - | - Code scanning default setup is available for Swift analysis with CodeQL. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically)." + Code scanning default setup is available for Swift analysis with CodeQL. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically). # https://github.com/github/releases/issues/3355 - | - CodeQL 2.14.6 and later supports analysis of code written in Go 1.21. For more information, see "[Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/)" in the CodeQL documentation. + CodeQL 2.14.6 and later supports analysis of code written in Go 1.21. For more information, see [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation. # https://github.com/github/releases/issues/3289 - | With CodeQL model packs for Java, users can improve code scanning results by ensuring that any custom Java libraries and frameworks used by their codebase are recognized by CodeQL. For more information, see the following documentation. - - "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup)" - - "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-codeql-model-packs)" - - "[Using the CodeQL model editor](https://codeql.github.com/docs/codeql-for-visual-studio-code/using-the-codeql-model-editor)" in the CodeQL documentation + - [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup) + - [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-codeql-model-packs) + - [Using the CodeQL model editor](https://codeql.github.com/docs/codeql-for-visual-studio-code/using-the-codeql-model-editor) in the CodeQL documentation # https://github.com/github/releases/issues/3110 - | For instances with GitHub Connect configured, code scanning with CodeQL supports Java codebases that use [Project Lombok](https://projectlombok.org/). Previously, code scanning users were able to scan Java applications that contained Lombok code, but all the contents of files containing Lombok code were either skipped or users had to apply a workaround to prepare the applications for scanning. Lombok features will now be automatically scanned without requiring any workaround. - For more information about syncing the required GitHub Actions workflow to scan Lombok code, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions)." + For more information about syncing the required GitHub Actions workflow to scan Lombok code, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions). # https://github.com/github/releases/issues/2920 - | - Push protection for secret scanning is now generally available. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." + Push protection for secret scanning is now generally available. For more information, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning). # https://github.com/github/releases/issues/2649 # https://github.com/github/releases/issues/2866 # https://github.com/github/releases/issues/3196 - | - To prevent the leak of tokens where users work outside of code, secret scanning detects tokens in both new and historical issue titles, descriptions, and comments. When a new token type is added to secret scanning, GitHub Enterprise Server scans for matches automatically. This expanded coverage also detects and surfaces secrets that match any custom pattern defined at the repository, organization, or enterprise level. These secrets appear both in the web interface and in queries to the REST API. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)" and "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)." + To prevent the leak of tokens where users work outside of code, secret scanning detects tokens in both new and historical issue titles, descriptions, and comments. When a new token type is added to secret scanning, GitHub Enterprise Server scans for matches automatically. This expanded coverage also detects and surfaces secrets that match any custom pattern defined at the repository, organization, or enterprise level. These secrets appear both in the web interface and in queries to the REST API. For more information, see [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning) and [AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning). # https://github.com/github/releases/issues/2868 - | - Users can view metrics associated with push protection usage across an organization. The overview shows a summary of blocks and bypasses, as well as more granular metrics. For more information, see "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)." + Users can view metrics associated with push protection usage across an organization. The overview shows a summary of blocks and bypasses, as well as more granular metrics. For more information, see [AUTOTITLE](/code-security/security-overview/assessing-code-security-risk). # https://github.com/github/releases/issues/3291 - | @@ -98,22 +98,22 @@ sections: notes: # https://github.com/github/releases/issues/2919 - | - For developers who manage Node.js dependencies using the pnpm package manager, pnpm is fully supported by dependency graph, Dependabot alerts, and Dependabot security updates. For more information about securing your supply chain with Dependabot, see "[AUTOTITLE](/code-security/dependabot)." + For developers who manage Node.js dependencies using the pnpm package manager, pnpm is fully supported by dependency graph, Dependabot alerts, and Dependabot security updates. For more information about securing your supply chain with Dependabot, see [AUTOTITLE](/code-security/dependabot). # https://github.com/github/releases/issues/3171 - | Developers can enforce policies related to vulnerabilities and licenses in pull requests for complex ecosystems with transitive dependencies like Gradle and Scala. Dependency review supports dependencies from the dependency submission API. For more information, see the following articles. - - "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together)" - - "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)" - - "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)" + - [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together) + - [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review) + - [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api) # https://github.com/github/releases/issues/3268 # https://github.com/github/releases/issues/3362 # https://github.com/github/releases/issues/3363 # https://github.com/github/releases/issues/3364 - | - To control how Dependabot structures pull requests and improve mergeability, users can implement flexible grouping options in `dependabot.yml`. You can also control Dependabot's behavior for groups using comment commands. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups)" and "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)." + To control how Dependabot structures pull requests and improve mergeability, users can implement flexible grouping options in `dependabot.yml`. You can also control Dependabot's behavior for groups using comment commands. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups) and [AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands). # https://github.com/github/releases/issues/3270 # https://github.com/github/releases/issues/3271 @@ -123,25 +123,25 @@ sections: - Users can also configure scheduled updates for Swift dependencies using `dependabot.yml`. - If users have used the REST API for dependency submission to upload Gradle dependencies to the dependency graph and receive Dependabot alerts for those dependencies, Dependabot will try to open a pull request to resolve security updates enabled for the repository. - For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." + For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates). # https://github.com/github/releases/issues/3287 - | - Responses from REST API endpoints for repositories display whether Dependabot security updates are enabled or disabled. Users can also enable or disable security updates for a repository using the REST API. For more information, see "[AUTOTITLE](/rest/repos/repos)" in the REST API documentation. + Responses from REST API endpoints for repositories display whether Dependabot security updates are enabled or disabled. Users can also enable or disable security updates for a repository using the REST API. For more information, see [AUTOTITLE](/rest/repos/repos) in the REST API documentation. # https://github.com/github/releases/issues/3253 - | - When Dependabot is first enabled, GitHub will not send notifications for all vulnerable dependencies found in the repository, only for new vulnerable dependencies ifentified after Dependabot is enabled. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts)." + When Dependabot is first enabled, GitHub will not send notifications for all vulnerable dependencies found in the repository, only for new vulnerable dependencies ifentified after Dependabot is enabled. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts). - heading: Code security notes: # https://github.com/github/releases/issues/3259 - | - To assess risks to code security and ensure adoption of features to improve code security, the "Security risk" and "Security coverage" pages for organizations and the entire instance are generally available. Additionally, the alert-centric pages for Dependabot, code scanning, and secret scanning are also now generally available. For more information, see "[Assessing your code security risk](/code-security/security-overview/assessing-code-security-risk)" and "[Assessing adoption of code security features](/code-security/security-overview/assessing-adoption-code-security)." + To assess risks to code security and ensure adoption of features to improve code security, the "Security risk" and "Security coverage" pages for organizations and the entire instance are generally available. Additionally, the alert-centric pages for Dependabot, code scanning, and secret scanning are also now generally available. For more information, see [Assessing your code security risk](/code-security/security-overview/assessing-code-security-risk) and [Assessing adoption of code security features](/code-security/security-overview/assessing-adoption-code-security). # https://github.com/github/releases/issues/3126 - | - Users can take advantage of the [GitHub Advisory Database](https://github.com/advisories) using the REST API. The Advisory Database is a free, open-source list of actionable security advisories and CVEs. API responses include machine-readable mappings to the ecosystem, package name, and affected versions of impacted software. For more information, see "[AUTOTITLE](/rest/security-advisories/global-advisories)" in the REST API documentation. + Users can take advantage of the [GitHub Advisory Database](https://github.com/advisories) using the REST API. The Advisory Database is a free, open-source list of actionable security advisories and CVEs. API responses include machine-readable mappings to the ecosystem, package name, and affected versions of impacted software. For more information, see [AUTOTITLE](/rest/security-advisories/global-advisories) in the REST API documentation. - heading: GitHub Actions notes: @@ -150,7 +150,7 @@ sections: {% data reusables.actions.actions-runner-release-note %} [Updated: 2024-04-25] # https://github.com/github/releases/issues/3247 - | - To better navigate, trace, understand, and monitor deployments, users can view and track the full history of deployments in a repository or filter across environments. For more information, see "[AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history)." + To better navigate, trace, understand, and monitor deployments, users can view and track the full history of deployments in a repository or filter across environments. For more information, see [AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history). # https://github.com/github/releases/issues/3402 - | @@ -159,53 +159,53 @@ sections: - GitHub Enterprise Server blocks runs triggered from forks with branch names that match the protected branch's name. - Tags with the same name as a protected branch cannot deploy to the environments with a branch protection configuration. - For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches)." + For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches). # https://github.com/github/releases/issues/3489 - | - On an instance with GitHub Actions enabled and a configuration for deployment environments, administrators for environments can improve the security of deployments by enforcing a review by someone other than the person who triggered the run. This option prevents required reviewers from self-reviewing to trigger workflows. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#required-reviewers)." + On an instance with GitHub Actions enabled and a configuration for deployment environments, administrators for environments can improve the security of deployments by enforcing a review by someone other than the person who triggered the run. This option prevents required reviewers from self-reviewing to trigger workflows. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#required-reviewers). - heading: Organizations notes: # https://github.com/github/releases/issues/3465 - | - Organization owners can signal that an organization is no longer actively maintained by archiving the organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/archiving-an-organization)." + Organization owners can signal that an organization is no longer actively maintained by archiving the organization. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/archiving-an-organization). - heading: Repositories notes: # https://github.com/github/releases/issues/2926 - | - Users can govern protections for branches and tags in a repository using repository rules. To govern the protections for all of an organization's repositories, users can also enable rulesets for an organization. Contributors to a repository can see which rules apply via the web interface, Git, or the GitHub CLI. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets)." + Users can govern protections for branches and tags in a repository using repository rules. To govern the protections for all of an organization's repositories, users can also enable rulesets for an organization. Contributors to a repository can see which rules apply via the web interface, Git, or the GitHub CLI. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets). # https://github.com/github/releases/issues/3081 - | - Users can create new repositories with predefined attributes using query parameters. For example, a user can create a URL that prepopulates information about the repository like the name, description, visibility, and more. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-new-repository#creating-a-new-repository-from-a-url-query)." + Users can create new repositories with predefined attributes using query parameters. For example, a user can create a URL that prepopulates information about the repository like the name, description, visibility, and more. For more information, see [AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-new-repository#creating-a-new-repository-from-a-url-query). # https://github.com/github/releases/issues/2741 - | - Users can more easily understand changes to a repository using the activity view. For more information, see "[AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/using-the-activity-view-to-see-changes-to-a-repository)." + Users can more easily understand changes to a repository using the activity view. For more information, see [AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/using-the-activity-view-to-see-changes-to-a-repository). - heading: Issues notes: # https://github.com/github/releases/issues/3324 - | - Users can automatically add a new issue to projects using a custom issue form by defining `projects` in the issue template. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms)." + Users can automatically add a new issue to projects using a custom issue form by defining `projects` in the issue template. For more information, see [AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms). - heading: Projects notes: # https://github.com/github/releases/issues/3205 - | - Users can review items in a project view broken down by a certain field value. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-table-layout#slicing-by-field-values)." + Users can review items in a project view broken down by a certain field value. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-table-layout#slicing-by-field-values). # https://github.com/github/releases/issues/3205 - | - Users can create charts to visualize current project items, or visualize project items over time. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/viewing-insights-from-your-project/about-insights-for-projects)." + Users can create charts to visualize current project items, or visualize project items over time. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/viewing-insights-from-your-project/about-insights-for-projects). - heading: Accessibility notes: # https://github.com/github/releases/issues/3340 - | - To improve the visibility of links with blocks of text in the web interface for GitHub Enterprise Server, users can apply underline styling. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-accessibility-settings#managing-the-appearance-of-links)." + To improve the visibility of links with blocks of text in the web interface for GitHub Enterprise Server, users can apply underline styling. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-accessibility-settings#managing-the-appearance-of-links). changes: # https://github.com/github/releases/issues/3319 @@ -214,7 +214,7 @@ sections: # https://github.com/github/ghes/issues/6613 - | - Configuration runs now correspond with a unique ID. During the run, the log remains at `/data/user/common/ghe-config.log`. After the run, the instance rotates the log's contents into `/data/user/config-apply/logs/YYYYMMDD/ghe-config.HOSTNAME.ID.log`, where YYYYMMDD is the date of the run, HOSTNAME is the hostname of the node, and ID is the ID of the run. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs#log-files-for-instance-configuration)." + Configuration runs now correspond with a unique ID. During the run, the log remains at `/data/user/common/ghe-config.log`. After the run, the instance rotates the log's contents into `/data/user/config-apply/logs/YYYYMMDD/ghe-config.HOSTNAME.ID.log`, where YYYYMMDD is the date of the run, HOSTNAME is the hostname of the node, and ID is the ID of the run. For more information, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/about-system-logs#log-files-for-instance-configuration). # https://github.com/github/releases/issues/3403 - | @@ -224,7 +224,7 @@ sections: - `log_message`, `msg`, or `message` is now `Body`. - `now` is now `Timestamp`. - Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names. - - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal)." + - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal). For a full list of mappings, download the OpenTelemetry attribute mapping CSV for GitHub Enterprise Server [3.9](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv), [3.10](/assets/ghes-3.10-opentelemetry-attribute-mappings.csv), and [3.11](/assets/ghes-3.11-opentelemetry-attribute-mappings.csv). @@ -234,15 +234,15 @@ sections: For more information about 2FA, see the following articles. - - "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization)" - - "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/sudo-mode)" - - "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-totp-mobile-app)" + - [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization) + - [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/sudo-mode) + - [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-totp-mobile-app) # https://github.com/github/releases/issues/3327 - | On an instance with a GitHub Advanced Security license, during analysis of Python projects with code scanning using CodeQL and an advanced setup, GitHub Enterprise Server would automatically install dependencies for the project. Due to improvements to CodeQL, GitHub Enterprise Server no longer needs to fetch these dependencies to analyze a codebase. To improve scan times for Python projects, automatic dependency installation is disabled. - If you configured code scanning with CodeQL via advanced setup to disable dependency installation, GitHub recommends setting `setup-python-dependencies` to `false` for the configuration. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#analyzing-python-dependencies)." + If you configured code scanning with CodeQL via advanced setup to disable dependency installation, GitHub recommends setting `setup-python-dependencies` to `false` for the configuration. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#analyzing-python-dependencies). # https://github.com/github/releases/issues/3172 - | @@ -250,7 +250,7 @@ sections: # https://github.com/github/releases/issues/3284 - | - On an instance with GitHub Advanced Security, to help users more efficiently review and filter code scanning alerts at scale using the REST API, the `updated_at` field in API responses is improved. The `updated_at` timestamp now represents an alert's most recent state change on the branch that you requested. State changes include an alert being introduced, fixed, dismissed, reopened, or reintroduced. Previously, the `updated_at` timestamp changed frequently, whenever an alert was found in an analysis or the alert state changed. For more information about using the REST API to retrieve code scanning alerts, see "[AUTOTITLE](/rest/code-scanning/code-scanning?apiVersion=2022-11-28)" in the REST API documentation. + On an instance with GitHub Advanced Security, to help users more efficiently review and filter code scanning alerts at scale using the REST API, the `updated_at` field in API responses is improved. The `updated_at` timestamp now represents an alert's most recent state change on the branch that you requested. State changes include an alert being introduced, fixed, dismissed, reopened, or reintroduced. Previously, the `updated_at` timestamp changed frequently, whenever an alert was found in an analysis or the alert state changed. For more information about using the REST API to retrieve code scanning alerts, see [AUTOTITLE](/rest/code-scanning/code-scanning?apiVersion=2022-11-28) in the REST API documentation. # https://github.com/github/releases/issues/2874 - | @@ -260,7 +260,7 @@ sections: - Dependency licenses are displayed. - Dependabot alerts appear for dependencies, sorted by severity, and link to the Dependabot alerts and the Dependabot update pull request where applicable. - For more information about the dependency graph, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)." + For more information about the dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph). # https://github.com/github/releases/issues/3253 - | @@ -270,14 +270,14 @@ sections: - | On an instance with GitHub Actions enabled, workflows that use Node.js 16 or earlier will log a warning. Node.js 16 has been end-of-life since [September 2023](https://github.com/nodejs/Release/#end-of-life-releases). - - Workflow authors should update actions to run on Node.js 20. For more information, see "[AUTOTITLE](/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions)." - - Users with workflows that use Node.js should specify Node.js 20 or later in the workflows using versioned actions. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#example-using-versioned-actions)." + - Workflow authors should update actions to run on Node.js 20. For more information, see [AUTOTITLE](/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions). + - Users with workflows that use Node.js should specify Node.js 20 or later in the workflows using versioned actions. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#example-using-versioned-actions). [Updated: 2024-03-05] # https://github.com/github/releases/issues/3500 - | - On an instance with GitHub Actions enabled and runners using GitHub Actions Runner 2.309.0 or later, users can no longer use `GITHUB_ENV` to set the `NODE_OPTIONS` environment variable in workflows. Workflows that set `NODE_OPTIONS` as an environment variable will now log the following error. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable)" and the [v2.309.0 release](https://github.com/actions/runner/releases/tag/v2.309.0) in the actions/runner repository on GitHub.com. + On an instance with GitHub Actions enabled and runners using GitHub Actions Runner 2.309.0 or later, users can no longer use `GITHUB_ENV` to set the `NODE_OPTIONS` environment variable in workflows. Workflows that set `NODE_OPTIONS` as an environment variable will now log the following error. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable) and the [v2.309.0 release](https://github.com/actions/runner/releases/tag/v2.309.0) in the actions/runner repository on GitHub.com. ```shell Can't store NODE_OPTIONS output parameter using '$GITHUB_ENV' command. @@ -289,7 +289,7 @@ sections: # https://github.com/github/releases/issues/3219 - | - Users can break out items in a project by workstreams, team members, priorities, or other groupings using a swimlane view. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#grouping-by-field-values)." + Users can break out items in a project by workstreams, team members, priorities, or other groupings using a swimlane view. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout#grouping-by-field-values). # https://github.com/github/releases/issues/3262 - | @@ -315,7 +315,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | @@ -346,7 +346,7 @@ sections: - heading: Enterprise-level security overview is deprecated notes: - | - The enterprise-level "Security overview" page is deprecated in favor of the new "Security risk" and "Security coverage" pages. For more information, see "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)" and "[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security)." + The enterprise-level "Security overview" page is deprecated in favor of the new "Security risk" and "Security coverage" pages. For more information, see [AUTOTITLE](/code-security/security-overview/assessing-code-security-risk) and [AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security). # https://github.com/github/releases/issues/2605 - heading: Dependabot updates no longer support Python 3.6 or 3.7 @@ -356,13 +356,13 @@ sections: Users will continue to receive Dependabot alerts for dependencies with known vulnerabilities. To resolve these alerts, users can manually upgrade the affected package. - For more information about Python releases, see [Status of Python versions](https://devguide.python.org/versions) on the Python website. For more information about supported package managers for Dependabot, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)." + For more information about Python releases, see [Status of Python versions](https://devguide.python.org/versions) on the Python website. For more information about supported package managers for Dependabot, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems). # https://github.com/github/releases/issues/2605 - heading: Upcoming deprecation of team discussions notes: - | - GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.11, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." [Updated: 2024-03-04] + GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.11, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see [AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions) and [AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions). [Updated: 2024-03-04] # https://github.com/github/docs-content/issues/14995 - heading: Elasticsearch index `repository-stack` is no longer in use @@ -371,4 +371,4 @@ sections: The Elasticsearch index `repository-stacks` is no longer in use. [Updated: 2024-06-24] errata: - - 'The "[Changes](/admin/release-notes#3.11.0-changes)" section previously indicated that users should update GitHub Actions workflows and actions to run on Node.js 16. Node.js 16 has reached end of life, and users should instead update actions and workflows to run on Node.js 20 or later. [Updated: 2024-03-05]' + - 'The [Changes](/admin/release-notes#3.11.0-changes) section previously indicated that users should update GitHub Actions workflows and actions to run on Node.js 16. Node.js 16 has reached end of life, and users should instead update actions and workflows to run on Node.js 20 or later. [Updated: 2024-03-05]' diff --git a/data/release-notes/enterprise-server/3-11/1.yml b/data/release-notes/enterprise-server/3-11/1.yml index 9231bafa0433..7e3759f7d447 100644 --- a/data/release-notes/enterprise-server/3-11/1.yml +++ b/data/release-notes/enterprise-server/3-11/1.yml @@ -2,13 +2,13 @@ date: '2023-12-21' intro: | {% warning %} - **Warning**: Hotpatch upgrades from GitHub Enterprise Server version `3.11.0` to `3.11.1` will result in the instance losing network connectivity after a reboot. We have removed the hotpatch upgrade package for the `3.11.1` version of GitHub Enterprise Server to ensure this upgrade path is not executed accidentally. Before you upgrade, please make sure you have read the "[Known issues](#3.11.1-known-issues)" section of these release notes. + **Warning**: Hotpatch upgrades from GitHub Enterprise Server version `3.11.0` to `3.11.1` will result in the instance losing network connectivity after a reboot. We have removed the hotpatch upgrade package for the `3.11.1` version of GitHub Enterprise Server to ensure this upgrade path is not executed accidentally. Before you upgrade, please make sure you have read the [Known issues](#3.11.1-known-issues) section of these release notes. {% endwarning %} sections: security_fixes: - | - **HIGH**: An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of private mode by using a specially crafted API request. Private mode is the mechanism that enforces authentication for publicly-scoped resources. For more information, see "[AUTOTITLE](/admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode)." + **HIGH**: An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of private mode by using a specially crafted API request. Private mode is the mechanism that enforces authentication for publicly-scoped resources. For more information, see [AUTOTITLE](/admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode). This vulnerability would allow unauthenticated attackers to gain access to various types of resources set as public on the instance. To exploit this vulnerability, an attacker would need network access to the GitHub Enterprise Server instance configured in private mode. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-6847](https://www.cve.org/cverecord?id=CVE-2023-6847). - | @@ -32,7 +32,7 @@ sections: - | **MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be read with an improperly scoped token. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51380](https://www.cve.org/CVERecord?id=CVE-2023-51380). - | - **LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)." + **LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see [AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps). - | To address scenarios that could lead to denial of service, HAProxy has been upgraded to version 2.8.4. - | @@ -89,7 +89,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | @@ -122,4 +122,4 @@ sections: - | To allow users to render interactive maps in an instance's web UI by writing GeoJSON or TopoJSON syntax, GitHub Enterprise Server previously required a potentially unsecure API key for authentication with Azure Maps. If an administrator previously enabled interactive maps on an instance, the feature is disabled upon upgrade to this release. - To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)" and the security fixes for this release. + To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see [AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps) and the security fixes for this release. diff --git a/data/release-notes/enterprise-server/3-11/10.yml b/data/release-notes/enterprise-server/3-11/10.yml index 001e77b95e5c..f2baab3b7997 100644 --- a/data/release-notes/enterprise-server/3-11/10.yml +++ b/data/release-notes/enterprise-server/3-11/10.yml @@ -6,14 +6,14 @@ sections: Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO or utilizing SAML SSO authentication without encrypted assertions are not impacted. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. GitHub has requested CVE ID [CVE-2024-4985](https://nvd.nist.gov/vuln/detail/CVE-2024-4985) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). - For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)" and "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions)." + For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise) and [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions). known_issues: - | Custom firewall rules are removed during the upgrade process. - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-11/11.yml b/data/release-notes/enterprise-server/3-11/11.yml index e4e15504aea2..c4f1ab089225 100644 --- a/data/release-notes/enterprise-server/3-11/11.yml +++ b/data/release-notes/enterprise-server/3-11/11.yml @@ -16,7 +16,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-11/13.yml b/data/release-notes/enterprise-server/3-11/13.yml index 598961697bfb..a2e6387cc7ce 100644 --- a/data/release-notes/enterprise-server/3-11/13.yml +++ b/data/release-notes/enterprise-server/3-11/13.yml @@ -132,7 +132,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-11/14.yml b/data/release-notes/enterprise-server/3-11/14.yml index ba36f98fec1f..6e13d42963d0 100644 --- a/data/release-notes/enterprise-server/3-11/14.yml +++ b/data/release-notes/enterprise-server/3-11/14.yml @@ -66,7 +66,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-11/15.yml b/data/release-notes/enterprise-server/3-11/15.yml index 6432ca7dda9d..f43368d62195 100644 --- a/data/release-notes/enterprise-server/3-11/15.yml +++ b/data/release-notes/enterprise-server/3-11/15.yml @@ -43,7 +43,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. - | diff --git a/data/release-notes/enterprise-server/3-11/16.yml b/data/release-notes/enterprise-server/3-11/16.yml index b03e734e3cf7..f290486ecd1f 100644 --- a/data/release-notes/enterprise-server/3-11/16.yml +++ b/data/release-notes/enterprise-server/3-11/16.yml @@ -29,7 +29,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. - | diff --git a/data/release-notes/enterprise-server/3-11/17.yml b/data/release-notes/enterprise-server/3-11/17.yml index 304a930f4f96..f63cd8ab3cdf 100644 --- a/data/release-notes/enterprise-server/3-11/17.yml +++ b/data/release-notes/enterprise-server/3-11/17.yml @@ -23,7 +23,7 @@ sections: - | Restoring Git repositories using `backup-utils` occasionally failed. - | - Some customers upgrading from 3.11 to 3.13 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read "[Undecryptable records](/enterprise-server@3.13/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records)." + Some customers upgrading from 3.11 to 3.13 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read [Undecryptable records](/enterprise-server@3.13/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records). changes: - | For instances deployed on AWS, the default settings for Chrony NTP synchronization have been aligned with AWS's suggested default configurations. @@ -33,7 +33,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. - | diff --git a/data/release-notes/enterprise-server/3-11/18.yml b/data/release-notes/enterprise-server/3-11/18.yml index 0c3209b0af91..df359499463d 100644 --- a/data/release-notes/enterprise-server/3-11/18.yml +++ b/data/release-notes/enterprise-server/3-11/18.yml @@ -14,7 +14,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. - | @@ -42,4 +42,4 @@ sections: - | Attempting to stop replications after stopping GitHub Actions on a GitHub Enterprise Server instance would fail, reporting that MSSQL was not responding. The can be avoided by start MSSQL prior to stopping replication `/usr/local/share/enterprise/ghe-nomad-jobs queue /etc/nomad-jobs/mssql/mssql.hcl` - | - Some customers upgrading from 3.11.x or 3.12.x may experience a bug with the feature "Automatic update checks", filling the root disk with logs causing a system degradation. To prevent this, you can turn off the feature "[Enable automatic update check](/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks#enabling-automatic-update-checks)" in the management console. + Some customers upgrading from 3.11.x or 3.12.x may experience a bug with the feature "Automatic update checks", filling the root disk with logs causing a system degradation. To prevent this, you can turn off the feature [Enable automatic update check](/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks#enabling-automatic-update-checks) in the management console. diff --git a/data/release-notes/enterprise-server/3-11/2.yml b/data/release-notes/enterprise-server/3-11/2.yml index e3173fdbd479..bc7a1ec7ebda 100644 --- a/data/release-notes/enterprise-server/3-11/2.yml +++ b/data/release-notes/enterprise-server/3-11/2.yml @@ -8,7 +8,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | @@ -37,4 +37,4 @@ sections: {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17] errata: - | - "[Known issues](/admin/release-notes#3.11.2-known-issues)" incorrectly indicated that an upgrade to GitHub Enterprise Server 3.11 may fail. This issue does not impact GitHub Enterprise Server instances when upgrading to version 3.11.1 or later. [Updated: 2024-01-26] + [Known issues](/admin/release-notes#3.11.2-known-issues) incorrectly indicated that an upgrade to GitHub Enterprise Server 3.11 may fail. This issue does not impact GitHub Enterprise Server instances when upgrading to version 3.11.1 or later. [Updated: 2024-01-26] diff --git a/data/release-notes/enterprise-server/3-11/3.yml b/data/release-notes/enterprise-server/3-11/3.yml index 7b126763b3ff..ba15a685add9 100644 --- a/data/release-notes/enterprise-server/3-11/3.yml +++ b/data/release-notes/enterprise-server/3-11/3.yml @@ -29,7 +29,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-11/4.yml b/data/release-notes/enterprise-server/3-11/4.yml index 914f51b8bcb7..2f9757327925 100644 --- a/data/release-notes/enterprise-server/3-11/4.yml +++ b/data/release-notes/enterprise-server/3-11/4.yml @@ -13,7 +13,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-11/5.yml b/data/release-notes/enterprise-server/3-11/5.yml index f366ca1babbb..6e10dade54af 100644 --- a/data/release-notes/enterprise-server/3-11/5.yml +++ b/data/release-notes/enterprise-server/3-11/5.yml @@ -49,7 +49,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-11/6.yml b/data/release-notes/enterprise-server/3-11/6.yml index 904a7cb61561..3fd79fd16eff 100644 --- a/data/release-notes/enterprise-server/3-11/6.yml +++ b/data/release-notes/enterprise-server/3-11/6.yml @@ -17,7 +17,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-11/7.yml b/data/release-notes/enterprise-server/3-11/7.yml index e5f6c10f0e37..0ad2b33f3d93 100644 --- a/data/release-notes/enterprise-server/3-11/7.yml +++ b/data/release-notes/enterprise-server/3-11/7.yml @@ -60,9 +60,9 @@ sections: - | On an instance with a GitHub Advanced Security license, in some cases, when a user deleted a custom pattern for secret scanning, GitHub Enterprise Server failed to close or delete the patterns alerts. - | - On an instance in a cluster configuration, MySQL replica nodes can be configured to skip database seeding. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding)." + On an instance in a cluster configuration, MySQL replica nodes can be configured to skip database seeding. For more information, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding). - | - The payload for the `push` webhook event is now limited to 2,048 commits. If there are more than 2,048 commits in a push, the payload for the push webhook will not contain serialized diff information for each commit. If you need to fetch commit information, you can use the Commits endpoints of the REST API. For more information, see "[AUTOTITLE](/webhooks/webhook-events-and-payloads#push)" and "[AUTOTITLE](/rest/commits)." + The payload for the `push` webhook event is now limited to 2,048 commits. If there are more than 2,048 commits in a push, the payload for the push webhook will not contain serialized diff information for each commit. If you need to fetch commit information, you can use the Commits endpoints of the REST API. For more information, see [AUTOTITLE](/webhooks/webhook-events-and-payloads#push) and [AUTOTITLE](/rest/commits). - | Organizations using projects (classic) returned an error log about a soon-to-be deprecated MySQL feature when viewing a project. known_issues: @@ -71,7 +71,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-11/8.yml b/data/release-notes/enterprise-server/3-11/8.yml index b945e43e1fb9..b771f3012b43 100644 --- a/data/release-notes/enterprise-server/3-11/8.yml +++ b/data/release-notes/enterprise-server/3-11/8.yml @@ -21,7 +21,7 @@ sections: - | On an instance in a cluster configuration with high availability replication enabled, Git operations for existing repositories would fail after failover to the replica cluster. - | - On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover. The `ghe-cluster-failover` command has been updated to block access from the old cluster, and four new command-line utilities have been introduced to manually block IP addresses: `ghe-cluster-block-ips`, `ghe-cluster-block-ip`, `ghe-cluster-unblock-ips`, and `ghe-cluster-unblock-ip`. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-failover)." [Updated: 2024-05-01] + On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover. The `ghe-cluster-failover` command has been updated to block access from the old cluster, and four new command-line utilities have been introduced to manually block IP addresses: `ghe-cluster-block-ips`, `ghe-cluster-block-ip`, `ghe-cluster-unblock-ips`, and `ghe-cluster-unblock-ip`. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-failover). [Updated: 2024-05-01] - | A Redis job had a memory limit that was too low in some cases, leading the process to run out of memory. - | @@ -65,7 +65,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-11/9.yml b/data/release-notes/enterprise-server/3-11/9.yml index 82e556e45ec1..0b88427ad675 100644 --- a/data/release-notes/enterprise-server/3-11/9.yml +++ b/data/release-notes/enterprise-server/3-11/9.yml @@ -30,14 +30,14 @@ sections: - | A more specific error message is shown when the `ghe-repl-node` command is run on an instance not configured for high availability. - | - The SCIM private beta has resumed with support from GitHub engineering in GitHub Enterprise Server version 3.11 and later. Site administrators can provision users and groups on a GitHub Enterprise Server instance automatically with SCIM. SCIM for GitHub Enterprise Server is in private beta and subject to change. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise)" and "[AUTOTITLE](/rest/enterprise-admin/scim)" in the REST API documentation. + The SCIM private beta has resumed with support from GitHub engineering in GitHub Enterprise Server version 3.11 and later. Site administrators can provision users and groups on a GitHub Enterprise Server instance automatically with SCIM. SCIM for GitHub Enterprise Server is in private beta and subject to change. For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise) and [AUTOTITLE](/rest/enterprise-admin/scim) in the REST API documentation. known_issues: - | Custom firewall rules are removed during the upgrade process. - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-12/0-rc1.yml b/data/release-notes/enterprise-server/3-12/0-rc1.yml index e6eb3bcba608..b086b2c793cc 100644 --- a/data/release-notes/enterprise-server/3-12/0-rc1.yml +++ b/data/release-notes/enterprise-server/3-12/0-rc1.yml @@ -8,25 +8,25 @@ intro: | {% endnote %} - For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)." + For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server). sections: features: - heading: Instance administration notes: # https://github.com/github/releases/issues/3542 - | - To ensure an instance's readiness for an upgrade to a new feature release of GitHub Enterprise Server, administrators can ensure that background tasks from a previous upgrade are complete using the `ghe-check-background-upgrade-jobs` command-line utility. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package#upgrading-a-standalone-instance-using-an-upgrade-package)" and "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-check-background-upgrade-jobs)." + To ensure an instance's readiness for an upgrade to a new feature release of GitHub Enterprise Server, administrators can ensure that background tasks from a previous upgrade are complete using the `ghe-check-background-upgrade-jobs` command-line utility. For more information, see [AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package#upgrading-a-standalone-instance-using-an-upgrade-package) and [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-check-background-upgrade-jobs). # https://github.com/github/releases/issues/3531 - | When backing up an instance in a cluster configuration using GitHub Enterprise Server Backup Utilities, the pre-flight routine includes a health check for all nodes and notifies administrators of any issues before the backup begins. # https://github.com/github/releases/issues/3659 - | The REST API's `/manage/v1` endpoints have been expanded to include all the same operations as the `/setup/api` endpoints. The `/setup/api` endpoints will be deprecated in a future release of GitHub Enterprise Server. For more information, see the following articles in the REST API documentation. - - "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)" - - "[AUTOTITLE](/rest/enterprise-admin/management-console)" + - [AUTOTITLE](/rest/enterprise-admin/manage-ghes) + - [AUTOTITLE](/rest/enterprise-admin/management-console) # https://github.com/github/releases/issues/3676 - | - On an instance in a cluster configuration, administrators can use the `ghe-remove-node` command-line utility to remove a node from a cluster. This command evacuates data from the node's data services, marks the node as offline, and stops traffic being routed to the node, replacing the manual steps previously required to remove a node. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-remove-node)." [Updated: 2024-02-28] + On an instance in a cluster configuration, administrators can use the `ghe-remove-node` command-line utility to remove a node from a cluster. This command evacuates data from the node's data services, marks the node as offline, and stops traffic being routed to the node, replacing the manual steps previously required to remove a node. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-remove-node). [Updated: 2024-02-28] - heading: Authentication notes: @@ -38,13 +38,13 @@ sections: notes: # https://github.com/github/releases/issues/3597 - | - The GitHub Advanced Security billing REST API and CSV download includes the email addresses for active committers. This provides information for insights into Advanced Security license usage across your business. For more information, see "[AUTOTITLE](/rest/enterprise-admin/billing)" and "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage#downloading-github-advanced-security-license-usage-information)". + The GitHub Advanced Security billing REST API and CSV download includes the email addresses for active committers. This provides information for insights into Advanced Security license usage across your business. For more information, see [AUTOTITLE](/rest/enterprise-admin/billing) and [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage#downloading-github-advanced-security-license-usage-information). # https://github.com/github/releases/issues/3285 - | - To make it easier for users to secure repositories, default setup for code scanning automatically attempts to analyze all languages supported by CodeQL. Users no longer need to manually include analysis of C, C++, C#, Java, or Kotlin when enabling default setup, and organization owners and security managers can enable analysis of these languages for multiple repositories in an organization. For more information about the languages and versions supported by CodeQL and code scanning, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" and "[Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/)" in the CodeQL documentation. + To make it easier for users to secure repositories, default setup for code scanning automatically attempts to analyze all languages supported by CodeQL. Users no longer need to manually include analysis of C, C++, C#, Java, or Kotlin when enabling default setup, and organization owners and security managers can enable analysis of these languages for multiple repositories in an organization. For more information about the languages and versions supported by CodeQL and code scanning, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning) and [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation. # https://github.com/github/releases/issues/3569 - | - Customers who use both GitHub Enterprise Server and GitHub Enterprise Cloud can ensure license usage for GitHub Advanced Security is calculated correctly by synchronizing license usage across deployments. Synchronization can be performed automatically, using GitHub Connect, or manually, using an export file. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)." + Customers who use both GitHub Enterprise Server and GitHub Enterprise Cloud can ensure license usage for GitHub Advanced Security is calculated correctly by synchronizing license usage across deployments. Synchronization can be performed automatically, using GitHub Connect, or manually, using an export file. For more information, see [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud). # https://github.com/github/releases/issues/3680 - | For code scanning, this release of GitHub Enterprise Server uses version 2.15.5 of CodeQL by default. This version of CodeQL includes more up-to-date support for various languages, including C# 12, .NET 8, TypeScript 5.3, Java 21, and Python 3.12. For more information, see the [changelog for CodeQL 2.15.5](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.15.5/) in the CodeQL documentation. @@ -53,74 +53,74 @@ sections: Code scanning with CodeQL has improved support for detecting vulnerabilities in C and C++ code, with queries available for detecting common memory-corruption vulnerabilities. These queries are in beta and subject to change. For more information, see [ICYMI: improved C++ vulnerability coverage and CodeQL support for Lombok](https://github.blog/2023-10-19-icymi-improved-c-vulnerability-coverage-and-codeql-support-for-lombok/#improved-c-vulnerability-coverage) on the GitHub Blog. # https://github.com/github/releases/issues/3512 - | - For repositories migrated to GitHub Enterprise Server from other platforms, to calculate active committers for GitHub Advanced Security license usage, GitHub only considers commits made after the migration date. Previously, historic commits were included in the calculation, and users needed to intervene manually to avoid consuming licenses unnecessarily. For more information, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)." + For repositories migrated to GitHub Enterprise Server from other platforms, to calculate active committers for GitHub Advanced Security license usage, GitHub only considers commits made after the migration date. Previously, historic commits were included in the calculation, and users needed to intervene manually to avoid consuming licenses unnecessarily. For more information, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security). # https://github.com/github/releases/issues/3310 - | To make the language overview on the tool status page more informative, users can directly specify `Kotlin`, `C`, and `TypeScript` as languages to be analyzed using the `language` property of a `codeql.yml` file. For example: `language: [ 'kotlin' ]`. These languages were already supported by CodeQL, but were previously treated as being part of the `Java`, `CPP`, and `JavaScript` languages respectively. # https://github.com/github/releases/issues/3119 - | - To increase the coverage of secret scanning without needing to maintain custom patterns, users can configure secret scanning to detect non-provider patterns. Non-provider patterns are patterns such as private keys that tend to have a higher rate of false positives than high-confidence patterns. GitHub displays non-provider alerts in a different list from high-confidence alerts, making triaging a better experience for users. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#managing-alerts-from-non-provider-patterns)." + To increase the coverage of secret scanning without needing to maintain custom patterns, users can configure secret scanning to detect non-provider patterns. Non-provider patterns are patterns such as private keys that tend to have a higher rate of false positives than high-confidence patterns. GitHub displays non-provider alerts in a different list from high-confidence alerts, making triaging a better experience for users. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#managing-alerts-from-non-provider-patterns). - heading: Dependabot notes: # https://github.com/github/releases/issues/3458 - | - To debug issues with Dependabot, users can view logs for Dependabot job runs associated with version updates, security updates, and rebase updates. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/viewing-dependabot-job-logs)." + To debug issues with Dependabot, users can view logs for Dependabot job runs associated with version updates, security updates, and rebase updates. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/viewing-dependabot-job-logs). # https://github.com/github/releases/issues/3091 - | - Users can choose how to respond to Dependabot alerts automatically by setting up custom auto-triage rules in repositories or organizations. Auto-triage rules provide control over whether an alert is ignored, is snoozed, or triggers a pull request for a security update. Users can also use a rule created by GitHub to automatically dismiss low-impact issues in npm dependencies. Auto-triage rules are in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules)." + Users can choose how to respond to Dependabot alerts automatically by setting up custom auto-triage rules in repositories or organizations. Auto-triage rules provide control over whether an alert is ignored, is snoozed, or triggers a pull request for a security update. Users can also use a rule created by GitHub to automatically dismiss low-impact issues in npm dependencies. Auto-triage rules are in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules). # https://github.com/github/releases/issues/3615 - | - Dependabot version updates have improved support for dependencies in NuGet, the package manager for .NET. Improvements include better support for implicit dependencies and peer dependencies. For more information about supported package managers, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)." + Dependabot version updates have improved support for dependencies in NuGet, the package manager for .NET. Improvements include better support for implicit dependencies and peer dependencies. For more information about supported package managers, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems). - heading: GitHub Actions notes: # https://github.com/github/releases/issues/3227 - | - Users can set up organization-wide rules to enforce their CI/CD workflows, ensuring workflows pass before pull requests can be merged into target repositories. You can fine-tune your rule by selecting a specific branch, tag, or SHA, and provide maximum control over the version expected to run. To reduce risk, you can "evaluate" workflow rules to validate rules are working correctly. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets#require-workflows-to-pass-before-merging)". + Users can set up organization-wide rules to enforce their CI/CD workflows, ensuring workflows pass before pull requests can be merged into target repositories. You can fine-tune your rule by selecting a specific branch, tag, or SHA, and provide maximum control over the version expected to run. To reduce risk, you can "evaluate" workflow rules to validate rules are working correctly. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets#require-workflows-to-pass-before-merging). # https://github.com/github/releases/issues/3417 - | - GitHub Actions developers can use GitHub Actions Importer to plan, forecast, and automate the migration of existing CI/CD pipelines from Bamboo Server, Bamboo Data Center, and Bitbucket. Developers can migrate their Bamboo and Bitbucket pipelines to GitHub Actions using the GitHub CLI or IssueOps. For more information, see "[AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer)" and "[AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bamboo-with-github-actions-importer)". + GitHub Actions developers can use GitHub Actions Importer to plan, forecast, and automate the migration of existing CI/CD pipelines from Bamboo Server, Bamboo Data Center, and Bitbucket. Developers can migrate their Bamboo and Bitbucket pipelines to GitHub Actions using the GitHub CLI or IssueOps. For more information, see [AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer) and [AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bamboo-with-github-actions-importer). # https://github.com/github/releases/issues/3508 - | - Actions environments support defining selected tag patterns to restrict deployments. Administrators who want to have more secure and controlled deployments can specify selected tags or tag patterns on their protected environments. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches)". + Actions environments support defining selected tag patterns to restrict deployments. Administrators who want to have more secure and controlled deployments can specify selected tags or tag patterns on their protected environments. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches). - heading: Community experience notes: # https://github.com/github/releases/issues/3529 - | - To tailor information to users' needs, users are prompted to sign in to access the [GitHub Support](https://support.github.com/) portal. For customers with an enterprise account on GitHub.com, we encourage users to sign in to an account with support privileges for the enterprise. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise)." Users who cannot sign in to an account on GitHub.com can still access the portal by verifying an email address. + To tailor information to users' needs, users are prompted to sign in to access the [GitHub Support](https://support.github.com/) portal. For customers with an enterprise account on GitHub.com, we encourage users to sign in to an account with support privileges for the enterprise. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise). Users who cannot sign in to an account on GitHub.com can still access the portal by verifying an email address. # https://github.com/github/releases/issues/3605 - | - To help users find answers to their questions more quickly, GitHub Copilot is integrated into GitHub Support. Users can choose to chat with Copilot instead of creating a ticket on the "[Get help with GitHub](https://support.github.com/contact)" contact form. Copilot has been trained on the GitHub Enterprise Server documentation on GitHub Docs. This feature is in public beta and subject to change. + To help users find answers to their questions more quickly, GitHub Copilot is integrated into GitHub Support. Users can choose to chat with Copilot instead of creating a ticket on the [Get help with GitHub](https://support.github.com/contact) contact form. Copilot has been trained on the GitHub Enterprise Server documentation on GitHub Docs. This feature is in public beta and subject to change. - heading: Projects notes: # https://github.com/github/releases/issues/2930 - | - Project templates for organizations are generally available. Users in an organization can create a template to share a pre-configured project with other people in your organization as the base for their projects. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization)". + Project templates for organizations are generally available. Users in an organization can create a template to share a pre-configured project with other people in your organization as the base for their projects. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization). # https://github.com/github/releases/issues/3549 - | - Users can access Projects from from the global navigation menu. This page can be used to find projects you've recently viewed or created, regardless of the organization or where they are located. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/finding-your-projects)". + Users can access Projects from from the global navigation menu. This page can be used to find projects you've recently viewed or created, regardless of the organization or where they are located. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/finding-your-projects). - heading: GitHub Discussions notes: # https://github.com/github/releases/issues/3475 - | - Users can filter for answered or unanswered discussions with the GraphQL API by using the `answered` property. For more information, see "[AUTOTITLE](/graphql/guides/using-the-graphql-api-for-discussions)." + Users can filter for answered or unanswered discussions with the GraphQL API by using the `answered` property. For more information, see [AUTOTITLE](/graphql/guides/using-the-graphql-api-for-discussions). - heading: Pull requests notes: # https://github.com/github/releases/issues/3140 - | - Users can merge pull requests without needing to wait for status checks to pass by adding a pull request to a merge queue. The merge queue ensures that the changes in the pull request will pass all required status checks when applied to the latest version of the target branch. A pull request is merged automatically once it reaches the front of the queue. This feature is particularly useful on branches where pull requests are merged frequently. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue)." + Users can merge pull requests without needing to wait for status checks to pass by adding a pull request to a merge queue. The merge queue ensures that the changes in the pull request will pass all required status checks when applied to the latest version of the target branch. A pull request is merged automatically once it reaches the front of the queue. This feature is particularly useful on branches where pull requests are merged frequently. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue). - heading: Markdown notes: # https://github.com/github/releases/issues/2339 - | - Users can highlight information using Markdown alerts. Alerts are displayed with distinctive colors and icons, and include notes, tips, warnings, and more. For more information, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#alerts)." + Users can highlight information using Markdown alerts. Alerts are displayed with distinctive colors and icons, and include notes, tips, warnings, and more. For more information, see [AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#alerts). - heading: Accessibility notes: @@ -146,7 +146,7 @@ sections: - `log_message`, `msg`, or `message` is now `Body`. - `now` is now `Timestamp`. - Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names. - - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal)." + - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal). For a full list of mappings, download the OpenTelemetry attribute mapping CSV for GitHub Enterprise Server [3.9](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv), [3.10](/assets/ghes-3.10-opentelemetry-attribute-mappings.csv), [3.11](/assets/ghes-3.11-opentelemetry-attribute-mappings.csv), and [3.12](/assets/ghes-3-12-opentelemetry-attribute-mappings.csv). @@ -155,7 +155,7 @@ sections: On an instance with GitHub Advanced Security and code scanning enabled, the bot that posts comments and annotations for code scanning alerts on pull requests has been renamed from `github-code-scanning` to `github-advanced-security`. # https://github.com/github/releases/issues/3561 - | - The REST API's `/rate_limit` endpoint is now subject to rate limits. Requests will not consume the primary rate limit quotas for the authenticated user. However, making a very high number of requests in a short period of time will trigger the secondary rate limits if secondary rate limits are enabled on your instance. For more information, see "[AUTOTITLE](/rest/rate-limit/rate-limit)" in the REST API documentation and "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-rate-limits)." + The REST API's `/rate_limit` endpoint is now subject to rate limits. Requests will not consume the primary rate limit quotas for the authenticated user. However, making a very high number of requests in a short period of time will trigger the secondary rate limits if secondary rate limits are enabled on your instance. For more information, see [AUTOTITLE](/rest/rate-limit/rate-limit) in the REST API documentation and [AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-rate-limits). known_issues: - | @@ -163,7 +163,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | @@ -184,4 +184,4 @@ sections: - heading: Upcoming deprecation of team discussions notes: - | - GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.12, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." [Updated: 2024-03-04] + GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.12, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see [AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions) and [AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions). [Updated: 2024-03-04] diff --git a/data/release-notes/enterprise-server/3-12/0.yml b/data/release-notes/enterprise-server/3-12/0.yml index e8b5ef3c36ca..df5b028767a9 100644 --- a/data/release-notes/enterprise-server/3-12/0.yml +++ b/data/release-notes/enterprise-server/3-12/0.yml @@ -2,7 +2,7 @@ date: '2024-03-05' release_candidate: false deprecated: false intro: | - For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)." + For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server). sections: features: @@ -10,18 +10,18 @@ sections: notes: # https://github.com/github/releases/issues/3542 - | - To ensure an instance's readiness for an upgrade to a new feature release of GitHub Enterprise Server, administrators can ensure that background tasks from a previous upgrade are complete using the `ghe-check-background-upgrade-jobs` command-line utility. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package#upgrading-a-standalone-instance-using-an-upgrade-package)" and "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-check-background-upgrade-jobs)." + To ensure an instance's readiness for an upgrade to a new feature release of GitHub Enterprise Server, administrators can ensure that background tasks from a previous upgrade are complete using the `ghe-check-background-upgrade-jobs` command-line utility. For more information, see [AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/upgrading-with-an-upgrade-package#upgrading-a-standalone-instance-using-an-upgrade-package) and [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-check-background-upgrade-jobs). # https://github.com/github/releases/issues/3531 - | When backing up an instance in a cluster configuration using GitHub Enterprise Server Backup Utilities, the pre-flight routine includes a health check for all nodes and notifies administrators of any issues before the backup begins. # https://github.com/github/releases/issues/3659 - | The REST API's `/manage/v1` endpoints have been expanded to include all the same operations as the `/setup/api` endpoints. The `/setup/api` endpoints will be deprecated in a future release of GitHub Enterprise Server. For more information, see the following articles in the REST API documentation. - - "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)" - - "[AUTOTITLE](/rest/enterprise-admin/management-console)" + - [AUTOTITLE](/rest/enterprise-admin/manage-ghes) + - [AUTOTITLE](/rest/enterprise-admin/management-console) # https://github.com/github/releases/issues/3676 - | - On an instance in a cluster configuration, administrators can use the `ghe-remove-node` command-line utility to remove a node from a cluster. This command evacuates data from the node's data services, marks the node as offline, and stops traffic being routed to the node, replacing the manual steps previously required to remove a node. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-remove-node)." [Updated: 2024-02-28] + On an instance in a cluster configuration, administrators can use the `ghe-remove-node` command-line utility to remove a node from a cluster. This command evacuates data from the node's data services, marks the node as offline, and stops traffic being routed to the node, replacing the manual steps previously required to remove a node. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-remove-node). [Updated: 2024-02-28] # https://github.com/github/releases/issues/3802 - | On an instance in a cluster configuration, administrators can more easily configure or tear down a high availability replica of the cluster. For more information, see the documentation for the following utilities in the "Command-line utilities" article: @@ -41,13 +41,13 @@ sections: notes: # https://github.com/github/releases/issues/3597 - | - The GitHub Advanced Security billing REST API and CSV download includes the email addresses for active committers. This provides information for insights into Advanced Security license usage across your business. For more information, see "[AUTOTITLE](/rest/enterprise-admin/billing)" and "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage#downloading-github-advanced-security-license-usage-information)". + The GitHub Advanced Security billing REST API and CSV download includes the email addresses for active committers. This provides information for insights into Advanced Security license usage across your business. For more information, see [AUTOTITLE](/rest/enterprise-admin/billing) and [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage#downloading-github-advanced-security-license-usage-information). # https://github.com/github/releases/issues/3285 - | - To make it easier for users to secure repositories, default setup for code scanning automatically attempts to analyze all languages supported by CodeQL. Users no longer need to manually include analysis of C, C++, C#, Java, or Kotlin when enabling default setup, and organization owners and security managers can enable analysis of these languages for multiple repositories in an organization. For more information about the languages and versions supported by CodeQL and code scanning, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" and "[Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/)" in the CodeQL documentation. + To make it easier for users to secure repositories, default setup for code scanning automatically attempts to analyze all languages supported by CodeQL. Users no longer need to manually include analysis of C, C++, C#, Java, or Kotlin when enabling default setup, and organization owners and security managers can enable analysis of these languages for multiple repositories in an organization. For more information about the languages and versions supported by CodeQL and code scanning, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning) and [Supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/) in the CodeQL documentation. # https://github.com/github/releases/issues/3569 - | - Customers who use both GitHub Enterprise Server and GitHub Enterprise Cloud can ensure license usage for GitHub Advanced Security is calculated correctly by synchronizing license usage across deployments. Synchronization can be performed automatically, using GitHub Connect, or manually, using an export file. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)." + Customers who use both GitHub Enterprise Server and GitHub Enterprise Cloud can ensure license usage for GitHub Advanced Security is calculated correctly by synchronizing license usage across deployments. Synchronization can be performed automatically, using GitHub Connect, or manually, using an export file. For more information, see [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud). # https://github.com/github/releases/issues/3680 - | For code scanning, this release of GitHub Enterprise Server uses version 2.15.5 of CodeQL by default. This version of CodeQL includes more up-to-date support for various languages, including C# 12, .NET 8, TypeScript 5.3, Java 21, and Python 3.12. For more information, see the [changelog for CodeQL 2.15.5](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.15.5/) in the CodeQL documentation. @@ -56,25 +56,25 @@ sections: Code scanning with CodeQL has improved support for detecting vulnerabilities in C and C++ code, with queries available for detecting common memory-corruption vulnerabilities. These queries are in beta and subject to change. For more information, see [ICYMI: improved C++ vulnerability coverage and CodeQL support for Lombok](https://github.blog/2023-10-19-icymi-improved-c-vulnerability-coverage-and-codeql-support-for-lombok/#improved-c-vulnerability-coverage) on the GitHub Blog. # https://github.com/github/releases/issues/3512 - | - For repositories migrated to GitHub Enterprise Server from other platforms, to calculate active committers for GitHub Advanced Security license usage, GitHub only considers commits made after the migration date. Previously, historic commits were included in the calculation, and users needed to intervene manually to avoid consuming licenses unnecessarily. For more information, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)." + For repositories migrated to GitHub Enterprise Server from other platforms, to calculate active committers for GitHub Advanced Security license usage, GitHub only considers commits made after the migration date. Previously, historic commits were included in the calculation, and users needed to intervene manually to avoid consuming licenses unnecessarily. For more information, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security). # https://github.com/github/releases/issues/3310 - | To make the language overview on the tool status page more informative, users can directly specify `Kotlin`, `C`, and `TypeScript` as languages to be analyzed using the `language` property of a `codeql.yml` file. For example: `language: [ 'kotlin' ]`. These languages were already supported by CodeQL, but were previously treated as being part of the `Java`, `CPP`, and `JavaScript` languages respectively. # https://github.com/github/releases/issues/3119 - | - To increase the coverage of secret scanning without needing to maintain custom patterns, users can configure secret scanning to detect non-provider patterns. Non-provider patterns are patterns such as private keys that tend to have a higher rate of false positives than high-confidence patterns. GitHub displays non-provider alerts in a different list from high-confidence alerts, making triaging a better experience for users. This feature is in beta and subject to change. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#managing-alerts-from-non-provider-patterns)." + To increase the coverage of secret scanning without needing to maintain custom patterns, users can configure secret scanning to detect non-provider patterns. Non-provider patterns are patterns such as private keys that tend to have a higher rate of false positives than high-confidence patterns. GitHub displays non-provider alerts in a different list from high-confidence alerts, making triaging a better experience for users. This feature is in beta and subject to change. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#managing-alerts-from-non-provider-patterns). - heading: Dependabot notes: # https://github.com/github/releases/issues/3458 - | - To debug issues with Dependabot, users can view logs for Dependabot job runs associated with version updates, security updates, and rebase updates. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/viewing-dependabot-job-logs)." + To debug issues with Dependabot, users can view logs for Dependabot job runs associated with version updates, security updates, and rebase updates. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/viewing-dependabot-job-logs). # https://github.com/github/releases/issues/3091 - | - Users can choose how to respond to Dependabot alerts automatically by setting up custom auto-triage rules in repositories or organizations. Auto-triage rules provide control over whether an alert is ignored, is snoozed, or triggers a pull request for a security update. Users can also use a rule created by GitHub to automatically dismiss low-impact issues in npm dependencies. Auto-triage rules are in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules)." + Users can choose how to respond to Dependabot alerts automatically by setting up custom auto-triage rules in repositories or organizations. Auto-triage rules provide control over whether an alert is ignored, is snoozed, or triggers a pull request for a security update. Users can also use a rule created by GitHub to automatically dismiss low-impact issues in npm dependencies. Auto-triage rules are in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules). # https://github.com/github/releases/issues/3615 - | - Dependabot version updates have improved support for dependencies in NuGet, the package manager for .NET. Improvements include better support for implicit dependencies and peer dependencies. For more information about supported package managers, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)." + Dependabot version updates have improved support for dependencies in NuGet, the package manager for .NET. Improvements include better support for implicit dependencies and peer dependencies. For more information about supported package managers, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems). - heading: GitHub Actions notes: @@ -83,50 +83,50 @@ sections: {% data reusables.actions.actions-runner-release-note %} [Updated: 2024-04-25] # https://github.com/github/releases/issues/3227 - | - Users can set up organization-wide rules to enforce their CI/CD workflows, ensuring workflows pass before pull requests can be merged into target repositories. You can fine-tune your rule by selecting a specific branch, tag, or SHA, and provide maximum control over the version expected to run. To reduce risk, you can "evaluate" workflow rules to validate rules are working correctly. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets#require-workflows-to-pass-before-merging)". + Users can set up organization-wide rules to enforce their CI/CD workflows, ensuring workflows pass before pull requests can be merged into target repositories. You can fine-tune your rule by selecting a specific branch, tag, or SHA, and provide maximum control over the version expected to run. To reduce risk, you can "evaluate" workflow rules to validate rules are working correctly. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets#require-workflows-to-pass-before-merging). # https://github.com/github/releases/issues/3417 - | - GitHub Actions developers can use GitHub Actions Importer to plan, forecast, and automate the migration of existing CI/CD pipelines from Bamboo Server, Bamboo Data Center, and Bitbucket. Developers can migrate their Bamboo and Bitbucket pipelines to GitHub Actions using the GitHub CLI or IssueOps. For more information, see "[AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer)" and "[AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bamboo-with-github-actions-importer)". + GitHub Actions developers can use GitHub Actions Importer to plan, forecast, and automate the migration of existing CI/CD pipelines from Bamboo Server, Bamboo Data Center, and Bitbucket. Developers can migrate their Bamboo and Bitbucket pipelines to GitHub Actions using the GitHub CLI or IssueOps. For more information, see [AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bitbucket-pipelines-with-github-actions-importer) and [AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/migrating-from-bamboo-with-github-actions-importer). # https://github.com/github/releases/issues/3508 - | - Actions environments support defining selected tag patterns to restrict deployments. Administrators who want to have more secure and controlled deployments can specify selected tags or tag patterns on their protected environments. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches)". + Actions environments support defining selected tag patterns to restrict deployments. Administrators who want to have more secure and controlled deployments can specify selected tags or tag patterns on their protected environments. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches). - heading: Community experience notes: # https://github.com/github/releases/issues/3529 - | - To tailor information to users' needs, users are prompted to sign in to access the [GitHub Support](https://support.github.com/) portal. For customers with an enterprise account on GitHub.com, we encourage users to sign in to an account with support privileges for the enterprise. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise)." Users who cannot sign in to an account on GitHub.com can still access the portal by verifying an email address. + To tailor information to users' needs, users are prompted to sign in to access the [GitHub Support](https://support.github.com/) portal. For customers with an enterprise account on GitHub.com, we encourage users to sign in to an account with support privileges for the enterprise. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise). Users who cannot sign in to an account on GitHub.com can still access the portal by verifying an email address. # https://github.com/github/releases/issues/3605 - | - To help users find answers to their questions more quickly, GitHub Copilot is integrated into GitHub Support. Users can choose to chat with Copilot instead of creating a ticket on the "[Get help with GitHub](https://support.github.com/contact)" contact form. Copilot has been trained on the GitHub Enterprise Server documentation on GitHub Docs. This feature is in public beta and subject to change. + To help users find answers to their questions more quickly, GitHub Copilot is integrated into GitHub Support. Users can choose to chat with Copilot instead of creating a ticket on the [Get help with GitHub](https://support.github.com/contact) contact form. Copilot has been trained on the GitHub Enterprise Server documentation on GitHub Docs. This feature is in public beta and subject to change. - heading: Projects notes: # https://github.com/github/releases/issues/2930 - | - Project templates for organizations are generally available. Users in an organization can create a template to share a pre-configured project with other people in your organization as the base for their projects. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization)". + Project templates for organizations are generally available. Users in an organization can create a template to share a pre-configured project with other people in your organization as the base for their projects. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization). # https://github.com/github/releases/issues/3549 - | - Users can access Projects from from the global navigation menu. This page can be used to find projects you've recently viewed or created, regardless of the organization or where they are located. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/finding-your-projects)". + Users can access Projects from from the global navigation menu. This page can be used to find projects you've recently viewed or created, regardless of the organization or where they are located. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/finding-your-projects). - heading: GitHub Discussions notes: # https://github.com/github/releases/issues/3475 - | - Users can filter for answered or unanswered discussions with the GraphQL API by using the `answered` property. For more information, see "[AUTOTITLE](/graphql/guides/using-the-graphql-api-for-discussions)." + Users can filter for answered or unanswered discussions with the GraphQL API by using the `answered` property. For more information, see [AUTOTITLE](/graphql/guides/using-the-graphql-api-for-discussions). - heading: Pull requests notes: # https://github.com/github/releases/issues/3140 - | - Users can merge pull requests without needing to wait for status checks to pass by adding a pull request to a merge queue. The merge queue ensures that the changes in the pull request will pass all required status checks when applied to the latest version of the target branch. A pull request is merged automatically once it reaches the front of the queue. This feature is particularly useful on branches where pull requests are merged frequently. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue)." + Users can merge pull requests without needing to wait for status checks to pass by adding a pull request to a merge queue. The merge queue ensures that the changes in the pull request will pass all required status checks when applied to the latest version of the target branch. A pull request is merged automatically once it reaches the front of the queue. This feature is particularly useful on branches where pull requests are merged frequently. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue). - heading: Markdown notes: # https://github.com/github/releases/issues/2339 - | - Users can highlight information using Markdown alerts. Alerts are displayed with distinctive colors and icons, and include notes, tips, warnings, and more. For more information, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#alerts)." + Users can highlight information using Markdown alerts. Alerts are displayed with distinctive colors and icons, and include notes, tips, warnings, and more. For more information, see [AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#alerts). - heading: Accessibility notes: @@ -152,7 +152,7 @@ sections: - `log_message`, `msg`, or `message` is now `Body`. - `now` is now `Timestamp`. - Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names. - - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal)." + - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job. For more information about containerized logs, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/monitoring-your-appliance/about-system-logs#system-logs-in-the-systemd-journal). For a full list of mappings, download the OpenTelemetry attribute mapping CSV for GitHub Enterprise Server [3.9](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv), [3.10](/assets/ghes-3.10-opentelemetry-attribute-mappings.csv), [3.11](/assets/ghes-3.11-opentelemetry-attribute-mappings.csv), and [3.12](/assets/ghes-3-12-opentelemetry-attribute-mappings.csv). @@ -161,7 +161,7 @@ sections: On an instance with GitHub Advanced Security and code scanning enabled, the bot that posts comments and annotations for code scanning alerts on pull requests has been renamed from `github-code-scanning` to `github-advanced-security`. # https://github.com/github/releases/issues/3561 - | - The REST API's `/rate_limit` endpoint is now subject to rate limits. Requests will not consume the primary rate limit quotas for the authenticated user. However, making a very high number of requests in a short period of time will trigger the secondary rate limits if secondary rate limits are enabled on your instance. For more information, see "[AUTOTITLE](/rest/rate-limit/rate-limit)" in the REST API documentation and "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-rate-limits)." + The REST API's `/rate_limit` endpoint is now subject to rate limits. Requests will not consume the primary rate limit quotas for the authenticated user. However, making a very high number of requests in a short period of time will trigger the secondary rate limits if secondary rate limits are enabled on your instance. For more information, see [AUTOTITLE](/rest/rate-limit/rate-limit) in the REST API documentation and [AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-rate-limits). # https://github.com/github/docs-content/issues/14386 - | TCP port 9103 is opened for future administrative features related to support for Prometheus scraping. @@ -172,7 +172,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | @@ -195,6 +195,6 @@ sections: - | The ability to upgrade the GitHub Enterprise Server Backup Utilities tool using a Git repository has been removed following changes to the [github/backup-utils repository](https://github.com/github/backup-utils/releases). For more information about the repository changes, see [Repository updates - November 2023](https://github.com/github/backup-utils?tab=readme-ov-file#repository-updates---november-2023) in the project's README. - Instead, to upgrade the tool using a compressed archive, download the relevant GitHub Enterprise Server Backup Utilities release from the [Releases](https://github.com/github/backup-utils/releases) page of the `github/backup-utils` repository. For more information, see "[AUTOTITLE](/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance#upgrading-github-enterprise-server-backup-utilities)." + Instead, to upgrade the tool using a compressed archive, download the relevant GitHub Enterprise Server Backup Utilities release from the [Releases](https://github.com/github/backup-utils/releases) page of the `github/backup-utils` repository. For more information, see [AUTOTITLE](/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance#upgrading-github-enterprise-server-backup-utilities). This deprecation does not affect the functionality of the GitHub Enterprise Server Backup Utilities tool or your ability to backup or restore your GitHub Enterprise Server instance. [Updated: 2024-03-15] diff --git a/data/release-notes/enterprise-server/3-12/1.yml b/data/release-notes/enterprise-server/3-12/1.yml index a69e4dc086de..338743a12428 100644 --- a/data/release-notes/enterprise-server/3-12/1.yml +++ b/data/release-notes/enterprise-server/3-12/1.yml @@ -88,17 +88,17 @@ sections: - | People deploying a GitHub Enterprise Server instance in AWS can now deploy in an environment that uses Instance Metadata Service Version 2 (IMDSv2). - | - On an instance in a cluster configuration, MySQL replica nodes can be configured to skip database seeding. For more information, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding)." + On an instance in a cluster configuration, MySQL replica nodes can be configured to skip database seeding. For more information, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/deferring-database-seeding). Gists can be deleted using the **Purge Gist** button on the Deleted Gists page in Staff Tools. - | - The payload for the `push` webhook event is now limited to 2,048 commits. If there are more than 2,048 commits in a push, the payload for the push webhook will not contain serialized diff information for each commit. If you need to fetch commit information, you can use the Commits endpoints of the REST API. For more information, see "[AUTOTITLE](/webhooks/webhook-events-and-payloads#push)" and "[AUTOTITLE](/rest/commits)." + The payload for the `push` webhook event is now limited to 2,048 commits. If there are more than 2,048 commits in a push, the payload for the push webhook will not contain serialized diff information for each commit. If you need to fetch commit information, you can use the Commits endpoints of the REST API. For more information, see [AUTOTITLE](/webhooks/webhook-events-and-payloads#push) and [AUTOTITLE](/rest/commits). known_issues: - | Custom firewall rules are removed during the upgrade process. - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-12/10.yml b/data/release-notes/enterprise-server/3-12/10.yml index 42fae4156874..7b9691cf5021 100644 --- a/data/release-notes/enterprise-server/3-12/10.yml +++ b/data/release-notes/enterprise-server/3-12/10.yml @@ -31,7 +31,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. - | diff --git a/data/release-notes/enterprise-server/3-12/11.yml b/data/release-notes/enterprise-server/3-12/11.yml index 42a26a1a93f0..c5d1afed6bf8 100644 --- a/data/release-notes/enterprise-server/3-12/11.yml +++ b/data/release-notes/enterprise-server/3-12/11.yml @@ -25,7 +25,7 @@ sections: - | Organizations were limited to using 100 Actions organization variables instead of 1,000. - | - Some customers upgrading from 3.12 to 3.13 or to 3.14 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read "[Undecryptable records](/enterprise-server@3.14/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records)." + Some customers upgrading from 3.12 to 3.13 or to 3.14 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read [Undecryptable records](/enterprise-server@3.14/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records). changes: - | For instances deployed on AWS, the default settings for Chrony NTP synchronization have been aligned with AWS's suggested default configurations. @@ -35,7 +35,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. - | diff --git a/data/release-notes/enterprise-server/3-12/12.yml b/data/release-notes/enterprise-server/3-12/12.yml index 30f4b23bc5f1..cfe8a85df30c 100644 --- a/data/release-notes/enterprise-server/3-12/12.yml +++ b/data/release-notes/enterprise-server/3-12/12.yml @@ -12,7 +12,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. - | diff --git a/data/release-notes/enterprise-server/3-12/2.yml b/data/release-notes/enterprise-server/3-12/2.yml index 906b9382e9de..c78fc1a200f1 100644 --- a/data/release-notes/enterprise-server/3-12/2.yml +++ b/data/release-notes/enterprise-server/3-12/2.yml @@ -19,7 +19,7 @@ sections: - | On an instance in a cluster configuration with high availability replication enabled, Git operations for existing repositories would fail after failover to the replica cluster. - | - On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover. The `ghe-cluster-failover` command has been updated to block access from the old cluster, and four new command-line utilities have been introduced to manually block IP addresses: `ghe-cluster-block-ips`, `ghe-cluster-block-ip`, `ghe-cluster-unblock-ips`, and `ghe-cluster-unblock-ip`. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-failover)." [Updated: 2024-05-01] + On an instance in a cluster configuration, former primary nodes were able to access the newly promoted nodes after failover. The `ghe-cluster-failover` command has been updated to block access from the old cluster, and four new command-line utilities have been introduced to manually block IP addresses: `ghe-cluster-block-ips`, `ghe-cluster-block-ip`, `ghe-cluster-unblock-ips`, and `ghe-cluster-unblock-ip`. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-cluster-failover). [Updated: 2024-05-01] - | A Redis job had a memory limit that was too low in some cases, leading the process to run out of memory. - | @@ -57,7 +57,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-12/3.yml b/data/release-notes/enterprise-server/3-12/3.yml index 37d5ce52c680..b31eaa656aa9 100644 --- a/data/release-notes/enterprise-server/3-12/3.yml +++ b/data/release-notes/enterprise-server/3-12/3.yml @@ -30,14 +30,14 @@ sections: - | A more specific error message is shown when the `ghe-repl-node` command is run on an instance not configured for high availability. - | - The SCIM private beta has resumed with support from GitHub engineering in GitHub Enterprise Server version 3.11 and later. Site administrators can provision users and groups on a GitHub Enterprise Server instance automatically with SCIM. SCIM for GitHub Enterprise Server is in private beta and subject to change. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise)" and "[AUTOTITLE](/rest/enterprise-admin/scim)" in the REST API documentation. + The SCIM private beta has resumed with support from GitHub engineering in GitHub Enterprise Server version 3.11 and later. Site administrators can provision users and groups on a GitHub Enterprise Server instance automatically with SCIM. SCIM for GitHub Enterprise Server is in private beta and subject to change. For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-user-provisioning-with-scim-for-your-enterprise) and [AUTOTITLE](/rest/enterprise-admin/scim) in the REST API documentation. known_issues: - | Custom firewall rules are removed during the upgrade process. - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-12/4.yml b/data/release-notes/enterprise-server/3-12/4.yml index 4fe11699f08d..22882cb92209 100644 --- a/data/release-notes/enterprise-server/3-12/4.yml +++ b/data/release-notes/enterprise-server/3-12/4.yml @@ -6,14 +6,14 @@ sections: Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO or utilizing SAML SSO authentication without encrypted assertions are not impacted. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. GitHub has requested CVE ID [CVE-2024-4985](https://nvd.nist.gov/vuln/detail/CVE-2024-4985) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). - For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)" and "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions)." + For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise) and [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions). known_issues: - | Custom firewall rules are removed during the upgrade process. - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-12/5.yml b/data/release-notes/enterprise-server/3-12/5.yml index 5fd6c5ed6706..725ef64e1b3f 100644 --- a/data/release-notes/enterprise-server/3-12/5.yml +++ b/data/release-notes/enterprise-server/3-12/5.yml @@ -16,7 +16,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-12/7.yml b/data/release-notes/enterprise-server/3-12/7.yml index 8b11e53bce90..94a997dd4c1c 100644 --- a/data/release-notes/enterprise-server/3-12/7.yml +++ b/data/release-notes/enterprise-server/3-12/7.yml @@ -142,7 +142,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-12/8.yml b/data/release-notes/enterprise-server/3-12/8.yml index 409efc1a7a18..803959d91993 100644 --- a/data/release-notes/enterprise-server/3-12/8.yml +++ b/data/release-notes/enterprise-server/3-12/8.yml @@ -76,7 +76,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. - | diff --git a/data/release-notes/enterprise-server/3-12/9.yml b/data/release-notes/enterprise-server/3-12/9.yml index c06549c0c159..2a3deaa3db75 100644 --- a/data/release-notes/enterprise-server/3-12/9.yml +++ b/data/release-notes/enterprise-server/3-12/9.yml @@ -45,7 +45,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. - | diff --git a/data/release-notes/enterprise-server/3-13/0-rc1.yml b/data/release-notes/enterprise-server/3-13/0-rc1.yml index c47e6ddfc9be..24c8669ed12a 100644 --- a/data/release-notes/enterprise-server/3-13/0-rc1.yml +++ b/data/release-notes/enterprise-server/3-13/0-rc1.yml @@ -9,7 +9,7 @@ intro: | > > If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch. - For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)." + For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server). sections: # Remove section heading if the section contains no notes. @@ -33,18 +33,18 @@ sections: People deploying a GitHub Enterprise Server instance in AWS can now deploy in an environment that uses Instance Metadata Service Version 2 (IMDSv2). # https://github.com/github/releases/issues/3887 - | - As part of the upgrade to GitHub Enterprise Server 3.13, Elasticsearch (ES) is upgraded from version 5.6.16 to 8.7.0. Upgrading platform components improves performance and security posture. For important upgrade considerations, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade)." + As part of the upgrade to GitHub Enterprise Server 3.13, Elasticsearch (ES) is upgraded from version 5.6.16 to 8.7.0. Upgrading platform components improves performance and security posture. For important upgrade considerations, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade). # https://github.com/github/releases/issues/3776 - | - To improve existing tooling for license handling, the `ghe-license` script handles all operations regarding the active license. Commands can be performed on new licenses without importing them first. The script allows direct application of the license without a full configuration run and avoids restarting the instance to reduce downtime. See "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-license)." + To improve existing tooling for license handling, the `ghe-license` script handles all operations regarding the active license. Commands can be performed on new licenses without importing them first. The script allows direct application of the license without a full configuration run and avoids restarting the instance to reduce downtime. See [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-license). - Administrators can upload the license to their instance using multiple interfaces, including the Management Console, Manage GHES API, CLI, or SSH. See "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server)." + Administrators can upload the license to their instance using multiple interfaces, including the Management Console, Manage GHES API, CLI, or SSH. See [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server). - heading: Audit logs notes: # https://github.com/github/releases/issues/3724 - | - Enterprise and organization audit log events include the applicable SAML and SCIM identity data associated with the user. This data provides increased visibility into the identity of the user and enables logs from multiple systems to quickly and easily be linked using a common corporate identity. The SAML identity information displays in the `external_identity_nameid` field and the SCIM identity data displays in the `external_identity_username` field within the audit log payloads. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)." + Enterprise and organization audit log events include the applicable SAML and SCIM identity data associated with the user. This data provides increased visibility into the identity of the user and enables logs from multiple systems to quickly and easily be linked using a common corporate identity. The SAML identity information displays in the `external_identity_nameid` field and the SCIM identity data displays in the `external_identity_username` field within the audit log payloads. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization). - heading: GitHub Actions @@ -54,28 +54,28 @@ sections: {% data reusables.actions.actions-runner-release-note %} # https://github.com/github/releases/issues/3822 - | - To ensure Actions runners are truly ephemeral and more secure, execution timeouts on self-hosted jobs are limited to 5 days. If a job reaches this limit, the job is terminated and fails to complete. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#usage-limits)." + To ensure Actions runners are truly ephemeral and more secure, execution timeouts on self-hosted jobs are limited to 5 days. If a job reaches this limit, the job is terminated and fails to complete. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#usage-limits). - heading: Repositories notes: # https://github.com/github/releases/issues/2992 - | - Users can use repository properties to add meaningful metadata to repositories that simplifies repository classification, enhances discoverability, and seamlessly integrates with rulesets. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization)." + Users can use repository properties to add meaningful metadata to repositories that simplifies repository classification, enhances discoverability, and seamlessly integrates with rulesets. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization). # https://github.com/github/releases/issues/3849 - | Users can browse and view code in a revamped experience for GitHub repositories, providing a tree pane for browsing files, fuzzy search for files, sticky code headers, and more. # https://github.com/github/releases/issues/3550 - | - Users can migrate existing tag protection rules into repository rules. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules#importing-tag-protection-rules-to-repository-rulesets)." + Users can migrate existing tag protection rules into repository rules. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules#importing-tag-protection-rules-to-repository-rulesets). - heading: Projects notes: # https://github.com/github/releases/issues/3606 - | - Users can post status updates on their projects to share the current status, start date, and target date of the project itself. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/sharing-project-updates)." + Users can post status updates on their projects to share the current status, start date, and target date of the project itself. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/sharing-project-updates). # https://github.com/github/releases/issues/3878 - | - Users can migrate their projects (classic) to the new Projects experience. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/creating-projects/migrating-from-projects-classic)." + Users can migrate their projects (classic) to the new Projects experience. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/creating-projects/migrating-from-projects-classic). - heading: Pull requests notes: @@ -87,19 +87,19 @@ sections: notes: # https://github.com/github/releases/issues/3566 - | - In the secret scanning list view, users can apply a filter to display alerts that are the result of having bypassed push protection. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)." + In the secret scanning list view, users can apply a filter to display alerts that are the result of having bypassed push protection. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning). # https://github.com/github/releases/issues/3180 - | - To increase coverage of secret scanning across an instance, users can enable secret scanning in repositories owned by their personal account. Enterprise owners can disable this feature, or automatically enable it for all new user-owned repositories, in the enterprise settings. See "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)." + To increase coverage of secret scanning across an instance, users can enable secret scanning in repositories owned by their personal account. Enterprise owners can disable this feature, or automatically enable it for all new user-owned repositories, in the enterprise settings. See [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise). - heading: Code scanning notes: # https://github.com/github/releases/issues/3526 - | - Users can enable code scanning on repositories even if they don't contain any code written in the [languages currently supported by CodeQL](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/). Default setup will automatically trigger the first scan when a supported language is detected on the default branch. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)." + Users can enable code scanning on repositories even if they don't contain any code written in the [languages currently supported by CodeQL](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/). Default setup will automatically trigger the first scan when a supported language is detected on the default branch. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning). # https://github.com/github/releases/issues/3545 - | - Users can use CodeQL threat model settings for Java to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)." + Users can use CodeQL threat model settings for Java to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning). # https://github.com/github/releases/issues/3771 # https://github.com/github/releases/issues/3807 # https://github.com/github/releases/issues/3818 @@ -123,13 +123,13 @@ sections: # https://github.com/github/releases/issues/3778 # https://github.com/github/releases/issues/3779 - | - On the security overview dashboard, users can find detailed insights for the security alerts in an organization or enterprise, including trending data that tracks alert counts and activity over time and snapshot data that reflects the current state of the security landscape. Alerts are displayed for both GitHub's security features and third-party tools. Filters are available for the type and visibility of alerts, date range, repository custom properties, and more. The overview dashboard is in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)." + On the security overview dashboard, users can find detailed insights for the security alerts in an organization or enterprise, including trending data that tracks alert counts and activity over time and snapshot data that reflects the current state of the security landscape. Alerts are displayed for both GitHub's security features and third-party tools. Filters are available for the type and visibility of alerts, date range, repository custom properties, and more. The overview dashboard is in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights). # https://github.com/github/releases/issues/3782 - | - Users can view trending data for the enablement of security features in an organization. In security overview for an organization, the "Enablement trends" view shows historical data for the activation of security features including Dependabot updates, code scanning alerts, and secret scanning alerts. This feature is in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security#viewing-enablement-trends-for-an-organization-beta)." + Users can view trending data for the enablement of security features in an organization. In security overview for an organization, the "Enablement trends" view shows historical data for the activation of security features including Dependabot updates, code scanning alerts, and secret scanning alerts. This feature is in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security#viewing-enablement-trends-for-an-organization-beta). # https://github.com/github/releases/issues/3712 - | - For users who use `devcontainer.json` files to define development containers for repositories, Dependabot version updates can keep "features" defined for the dev container up to date. Once configured in `dependabot.yml`, Dependabot will open pull requests on a specified schedule to update the listed features to the latest version. Dependabot security updates for dev containers are not currently supported. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#dev-containers)." + For users who use `devcontainer.json` files to define development containers for repositories, Dependabot version updates can keep "features" defined for the dev container up to date. Once configured in `dependabot.yml`, Dependabot will open pull requests on a specified schedule to update the listed features to the latest version. Dependabot security updates for dev containers are not currently supported. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#dev-containers). - heading: Authentication notes: @@ -137,7 +137,7 @@ sections: - | For enterprises or organizations that use an SSH certificate authority (CA) to provide SSH certificates to members, to protect against a security risk involving user renames, new SSH CAs that are uploaded to a GitHub Enterprise Server 3.13 instance can only be used to sign certificates that are set to expire. For new CAs, you must use the `-V` parameter with `ssh-keygen` to generate a certificate with a `valid-after` claim. - The `valid-after` claim allows GitHub to validate that the user named in the SSH certificate hasn't been renamed since the certificate was signed. CAs uploaded prior to version 3.13 are exempt from this requirement and can be used to sign certificates that do not expire. However, when you've ensured that your certificate signing process uses the `-V` flag, GitHub encourages you to upgrade existing certificates to enforce the expiration requirement. For more information, see "[AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities#upgrading-an-ssh-certificate-authority)" or "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#upgrading-an-ssh-certificate-authority)." + The `valid-after` claim allows GitHub to validate that the user named in the SSH certificate hasn't been renamed since the certificate was signed. CAs uploaded prior to version 3.13 are exempt from this requirement and can be used to sign certificates that do not expire. However, when you've ensured that your certificate signing process uses the `-V` flag, GitHub encourages you to upgrade existing certificates to enforce the expiration requirement. For more information, see [AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities#upgrading-an-ssh-certificate-authority) or [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#upgrading-an-ssh-certificate-authority). changes: # https://github.com/github/releases/issues/3971 @@ -156,7 +156,7 @@ sections: The "Create a reference" REST API endpoint is restricted from accepting POSTs from users and apps that only have permission to read and write packages. Previously, this endpoint accepted updates to both tags and branches. # https://github.com/github/releases/issues/3850 - | - To ensure security updates are applied correctly regardless of your repository's configuration settings, Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. Security updates still do not support `target-branch` configuration. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot)." + To ensure security updates are applied correctly regardless of your repository's configuration settings, Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. Security updates still do not support `target-branch` configuration. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot). known_issues: # INCLUDE NOTES FOR RELEASE FROM "GHES Release Note Tracking" PROJECT'S "Known Issues" TAB @@ -165,13 +165,13 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} - | - When enabling log forwarding, specific service logs, including babeld, are duplicated. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/log-forwarding#enabling-log-forwarding)." + When enabling log forwarding, specific service logs, including babeld, are duplicated. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/log-forwarding#enabling-log-forwarding). - | {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} [Updated: 2024-06-17] - | @@ -185,4 +185,4 @@ sections: As part of sunsetting Subversion compatibility, Subversion support is now disabled by default. Subversion can be re-enabled in the 3.13 release series by setting `app.svnbridge.enabled = true`. In 3.14, subversion support will be permanently removed. For more information, see [Sunsetting Subversion support](https://github.blog/2023-01-20-sunsetting-subversion-support/) on the GitHub blog. # https://github.com/github/releases/issues/3859 - | - The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will deprecate the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)." + The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will deprecate the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see [AUTOTITLE](/rest/enterprise-admin/management-console). diff --git a/data/release-notes/enterprise-server/3-13/0.yml b/data/release-notes/enterprise-server/3-13/0.yml index ac62a765d228..74defca6f9e1 100644 --- a/data/release-notes/enterprise-server/3-13/0.yml +++ b/data/release-notes/enterprise-server/3-13/0.yml @@ -2,9 +2,9 @@ date: '2024-06-18' release_candidate: false deprecated: false intro: | - >[!NOTE] An upgrade to Elasticsearch in version 3.13 may affect performance on your instance. See "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade)." + >[!NOTE] An upgrade to Elasticsearch in version 3.13 may affect performance on your instance. See [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade). - For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)." + For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server). sections: # Remove section heading if the section contains no notes. @@ -29,18 +29,18 @@ sections: People deploying a GitHub Enterprise Server instance in AWS can now deploy in an environment that uses Instance Metadata Service Version 2 (IMDSv2). # https://github.com/github/releases/issues/3887 - | - As part of the upgrade to GitHub Enterprise Server 3.13, Elasticsearch (ES) is upgraded from version 5.6.16 to 8.7.0. Upgrading platform components improves performance and security posture. For important upgrade considerations, see "[AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade)." + As part of the upgrade to GitHub Enterprise Server 3.13, Elasticsearch (ES) is upgraded from version 5.6.16 to 8.7.0. Upgrading platform components improves performance and security posture. For important upgrade considerations, see [AUTOTITLE](/admin/monitoring-managing-and-updating-your-instance/updating-the-virtual-machine-and-physical-resources/preparing-for-the-elasticsearch-upgrade). # https://github.com/github/releases/issues/3776 - | - To improve existing tooling for license handling, the `ghe-license` script handles all operations regarding the active license. Commands can be performed on new licenses without importing them first. The script allows direct application of the license without a full configuration run and avoids restarting the instance to reduce downtime. See "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-license)." + To improve existing tooling for license handling, the `ghe-license` script handles all operations regarding the active license. Commands can be performed on new licenses without importing them first. The script allows direct application of the license without a full configuration run and avoids restarting the instance to reduce downtime. See [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-license). - Administrators can upload the license to their instance using multiple interfaces, including the Management Console, Manage GHES API, CLI, or SSH. See "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server)." + Administrators can upload the license to their instance using multiple interfaces, including the Management Console, Manage GHES API, CLI, or SSH. See [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server). - heading: Audit logs notes: # https://github.com/github/releases/issues/3724 - | - Enterprise and organization audit log events include the applicable SAML and SCIM identity data associated with the user. This data provides increased visibility into the identity of the user and enables logs from multiple systems to quickly and easily be linked using a common corporate identity. The SAML identity information displays in the `external_identity_nameid` field and the SCIM identity data displays in the `external_identity_username` field within the audit log payloads. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)." + Enterprise and organization audit log events include the applicable SAML and SCIM identity data associated with the user. This data provides increased visibility into the identity of the user and enables logs from multiple systems to quickly and easily be linked using a common corporate identity. The SAML identity information displays in the `external_identity_nameid` field and the SCIM identity data displays in the `external_identity_username` field within the audit log payloads. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization). - heading: GitHub Actions @@ -50,28 +50,28 @@ sections: {% data reusables.actions.actions-runner-release-note %} # https://github.com/github/releases/issues/3822 - | - To ensure Actions runners are truly ephemeral and more secure, execution timeouts on self-hosted jobs are limited to 5 days. If a job reaches this limit, the job is terminated and fails to complete. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#usage-limits)." + To ensure Actions runners are truly ephemeral and more secure, execution timeouts on self-hosted jobs are limited to 5 days. If a job reaches this limit, the job is terminated and fails to complete. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#usage-limits). - heading: Repositories notes: # https://github.com/github/releases/issues/2992 - | - Users can use repository properties to add meaningful metadata to repositories that simplifies repository classification, enhances discoverability, and seamlessly integrates with rulesets. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization)." + Users can use repository properties to add meaningful metadata to repositories that simplifies repository classification, enhances discoverability, and seamlessly integrates with rulesets. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization). # https://github.com/github/releases/issues/3849 - | Users can browse and view code in a revamped experience for GitHub repositories, providing a tree pane for browsing files, fuzzy search for files, sticky code headers, and more. # https://github.com/github/releases/issues/3550 - | - Users can migrate existing tag protection rules into repository rules. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules#importing-tag-protection-rules-to-repository-rulesets)." + Users can migrate existing tag protection rules into repository rules. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules#importing-tag-protection-rules-to-repository-rulesets). - heading: Projects notes: # https://github.com/github/releases/issues/3606 - | - Users can post status updates on their projects to share the current status, start date, and target date of the project itself. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/sharing-project-updates)." + Users can post status updates on their projects to share the current status, start date, and target date of the project itself. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/sharing-project-updates). # https://github.com/github/releases/issues/3878 - | - Users can migrate their projects (classic) to the new Projects experience. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/creating-projects/migrating-from-projects-classic)." + Users can migrate their projects (classic) to the new Projects experience. For more information, see [AUTOTITLE](/issues/planning-and-tracking-with-projects/creating-projects/migrating-from-projects-classic). - heading: Pull requests notes: @@ -83,19 +83,19 @@ sections: notes: # https://github.com/github/releases/issues/3566 - | - In the secret scanning list view, users can apply a filter to display alerts that are the result of having bypassed push protection. For more information, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)." + In the secret scanning list view, users can apply a filter to display alerts that are the result of having bypassed push protection. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning). # https://github.com/github/releases/issues/3180 - | - To increase coverage of secret scanning across an instance, users can enable secret scanning in repositories owned by their personal account. Enterprise owners can disable this feature, or automatically enable it for all new user-owned repositories, in the enterprise settings. See "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)." + To increase coverage of secret scanning across an instance, users can enable secret scanning in repositories owned by their personal account. Enterprise owners can disable this feature, or automatically enable it for all new user-owned repositories, in the enterprise settings. See [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise). - heading: Code scanning notes: # https://github.com/github/releases/issues/3526 - | - Users can enable code scanning on repositories even if they don’t contain any code written in the [languages currently supported by CodeQL](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/). Default setup will automatically trigger the first scan when a supported language is detected on the default branch. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)." + Users can enable code scanning on repositories even if they don’t contain any code written in the [languages currently supported by CodeQL](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/). Default setup will automatically trigger the first scan when a supported language is detected on the default branch. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning). # https://github.com/github/releases/issues/3545 - | - Users can use CodeQL threat model settings for Java to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)." + Users can use CodeQL threat model settings for Java to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning). # https://github.com/github/releases/issues/3771 - | The {% data variables.product.prodname_codeql %} action for code scanning analysis uses version 2.16.5 of the {% data variables.product.prodname_codeql_cli %} by default, an upgrade from 2.15.5 compared to the previous {% data variables.product.prodname_ghe_server %} feature release. For a detailed list of changes included in each version, see the [{% data variables.product.prodname_codeql %} change logs](https://codeql.github.com/docs/codeql-overview/codeql-changelog/). @@ -114,13 +114,13 @@ sections: # https://github.com/github/releases/issues/3778 # https://github.com/github/releases/issues/3779 - | - On the security overview dashboard, users can find detailed insights for the security alerts in an organization or enterprise, including trending data that tracks alert counts and activity over time and snapshot data that reflects the current state of the security landscape. Alerts are displayed for both GitHub's security features and third-party tools. Filters are available for the type and visibility of alerts, date range, repository custom properties, and more. The overview dashboard is in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)." + On the security overview dashboard, users can find detailed insights for the security alerts in an organization or enterprise, including trending data that tracks alert counts and activity over time and snapshot data that reflects the current state of the security landscape. Alerts are displayed for both GitHub's security features and third-party tools. Filters are available for the type and visibility of alerts, date range, repository custom properties, and more. The overview dashboard is in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights). # https://github.com/github/releases/issues/3782 - | - Users can view trending data for the enablement of security features in an organization. In security overview for an organization, the "Enablement trends" view shows historical data for the activation of security features including Dependabot updates, code scanning alerts, and secret scanning alerts. This feature is in public beta and subject to change. For more information, see "[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security#viewing-enablement-trends-for-an-organization-beta)." + Users can view trending data for the enablement of security features in an organization. In security overview for an organization, the "Enablement trends" view shows historical data for the activation of security features including Dependabot updates, code scanning alerts, and secret scanning alerts. This feature is in public beta and subject to change. For more information, see [AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security#viewing-enablement-trends-for-an-organization-beta). # https://github.com/github/releases/issues/3712 - | - For users who use `devcontainer.json` files to define development containers for repositories, Dependabot version updates can keep "features" defined for the dev container up to date. Once configured in `dependabot.yml`, Dependabot will open pull requests on a specified schedule to update the listed features to the latest version. Dependabot security updates for dev containers are not currently supported. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#dev-containers)." + For users who use `devcontainer.json` files to define development containers for repositories, Dependabot version updates can keep "features" defined for the dev container up to date. Once configured in `dependabot.yml`, Dependabot will open pull requests on a specified schedule to update the listed features to the latest version. Dependabot security updates for dev containers are not currently supported. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#dev-containers). - heading: Authentication notes: @@ -128,7 +128,7 @@ sections: - | For enterprises or organizations that use an SSH certificate authority (CA) to provide SSH certificates to members, to protect against a security risk involving user renames, new SSH CAs that are uploaded to a GitHub Enterprise Server 3.13 instance can only be used to sign certificates that are set to expire. For new CAs, you must use the `-V` parameter with `ssh-keygen` to generate a certificate with a `valid-after` claim. - The `valid-after` claim allows GitHub to validate that the user named in the SSH certificate hasn't been renamed since the certificate was signed. CAs uploaded prior to version 3.13 are exempt from this requirement and can be used to sign certificates that do not expire. However, when you've ensured that your certificate signing process uses the `-V` flag, GitHub encourages you to upgrade existing certificates to enforce the expiration requirement. For more information, see "[AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities#upgrading-an-ssh-certificate-authority)" or "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#upgrading-an-ssh-certificate-authority)." + The `valid-after` claim allows GitHub to validate that the user named in the SSH certificate hasn't been renamed since the certificate was signed. CAs uploaded prior to version 3.13 are exempt from this requirement and can be used to sign certificates that do not expire. However, when you've ensured that your certificate signing process uses the `-V` flag, GitHub encourages you to upgrade existing certificates to enforce the expiration requirement. For more information, see [AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities#upgrading-an-ssh-certificate-authority) or [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#upgrading-an-ssh-certificate-authority). changes: # https://github.com/github/releases/issues/3971 @@ -147,7 +147,7 @@ sections: The "Create a reference" REST API endpoint is restricted from accepting POSTs from users and apps that only have permission to read and write packages. Previously, this endpoint accepted updates to both tags and branches. # https://github.com/github/releases/issues/3850 - | - To ensure security updates are applied correctly regardless of your repository's configuration settings, Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. Security updates still do not support `target-branch` configuration. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot)." + To ensure security updates are applied correctly regardless of your repository's configuration settings, Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. Security updates still do not support `target-branch` configuration. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot). known_issues: # INCLUDE NOTES FOR RELEASE FROM "GHES Release Note Tracking" PROJECT'S "Known Issues" TAB @@ -156,13 +156,13 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | {% data reusables.release-notes.2023-12-backup-utils-exit-early-redis %} - | - When enabling log forwarding, specific service logs, including babeld, are duplicated. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/log-forwarding#enabling-log-forwarding)." + When enabling log forwarding, specific service logs, including babeld, are duplicated. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/log-forwarding#enabling-log-forwarding). - | Repositories originally imported using `ghe-migrator` do not correctly track committers for GitHub Advanced Security billing. - | @@ -176,9 +176,9 @@ sections: - | The admin stats REST API endpoints may time out on appliances with many users or repositories. Retrying the request until data is returned is advised. - | - When following the steps for "[Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node)," step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. - | - Running `ghe-cluster-config-apply` as part of the steps for "[Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency)" might fail with errors if the node being replaced has not first been turned off. If this occurs, turn the node off and repeat the steps. + Running `ghe-cluster-config-apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) might fail with errors if the node being replaced has not first been turned off. If this occurs, turn the node off and repeat the steps. - | For an instance in a cluster configuration and with GitHub Actions enabled, restoring a cluster from backup requires targeting the primary DB node. - | @@ -198,7 +198,7 @@ sections: As part of sunsetting Subversion compatibility, Subversion support is now disabled by default. Subversion can be re-enabled in the 3.13 release series by setting `app.svnbridge.enabled = true`. In 3.14, subversion support will be permanently removed. For more information, see [Sunsetting Subversion support](https://github.blog/2023-01-20-sunsetting-subversion-support/) on the GitHub blog. # https://github.com/github/releases/issues/3859 - | - The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)." + The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see [AUTOTITLE](/rest/enterprise-admin/management-console). # https://github.com/github/releases/issues/3794 - | From November 19, 2024, references to v1 and v2 of artifacts actions in GitHub Actions will not resolve. GitHub deprecated v1 and v2 of actions/upload-artifact, actions/download-artifact, and related npm packages on June 30, 2024. You can read more about this deprecation on the [GitHub Blog](https://github.blog/changelog/2024-02-13-deprecation-notice-v1-and-v2-of-the-artifact-actions/). GitHub Enterprise Server instances configured to use GitHub Connect to download these actions will need to store cached copies locally for workflows to continue working. If your local copy of these actions has been removed, use [GitHub Actions Sync](https://github.com/actions/actions-sync) to manually re-download the actions. [Updated: 2024-18-20] @@ -206,4 +206,4 @@ sections: - | The deprecated v1 and v2 versions of artifacts actions will be removed from GitHub Enterprise Server 3.15 onwards. Users should update their workflows to use v3 or later versions of artifacts actions. [Updated: 2024-18-20] errata: - - 'The "[Deprecations](/admin/release-notes#3.13.0-deprecations)" section previously indicated that the Management Console API would be deprecated in GitHub Enterprise Server 3.14. Instead, the Management Console API will be removed in GitHub Enterprise Server 3.15. [Updated: 2024-07-08]' + - 'The [Deprecations](/admin/release-notes#3.13.0-deprecations) section previously indicated that the Management Console API would be deprecated in GitHub Enterprise Server 3.14. Instead, the Management Console API will be removed in GitHub Enterprise Server 3.15. [Updated: 2024-07-08]' diff --git a/data/release-notes/enterprise-server/3-13/2.yml b/data/release-notes/enterprise-server/3-13/2.yml index bd658941d9ac..dbd75439599d 100644 --- a/data/release-notes/enterprise-server/3-13/2.yml +++ b/data/release-notes/enterprise-server/3-13/2.yml @@ -148,7 +148,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | diff --git a/data/release-notes/enterprise-server/3-13/3.yml b/data/release-notes/enterprise-server/3-13/3.yml index 7c2ae63f5b89..3805d45c79f3 100644 --- a/data/release-notes/enterprise-server/3-13/3.yml +++ b/data/release-notes/enterprise-server/3-13/3.yml @@ -92,7 +92,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | diff --git a/data/release-notes/enterprise-server/3-13/4.yml b/data/release-notes/enterprise-server/3-13/4.yml index 879ed9e0bc22..f2b3fdaf8508 100644 --- a/data/release-notes/enterprise-server/3-13/4.yml +++ b/data/release-notes/enterprise-server/3-13/4.yml @@ -55,7 +55,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as `127.0.0.1`. - | @@ -82,4 +82,4 @@ sections: [Updated: 2024-11-29] errata: - - 'The "[Known issues](/admin/release-notes#3.13.4-known-issues)" section previously indicated that `Instance setup in AWS with IMDSv2 enforced fails if no public IP is present` is still an issue. The issue is resolved and is documented in the "[Bug fixes](/admin/release-notes#3.13.4-bugs)" section. [Updated: 2024-09-30]' + - 'The [Known issues](/admin/release-notes#3.13.4-known-issues) section previously indicated that `Instance setup in AWS with IMDSv2 enforced fails if no public IP is present` is still an issue. The issue is resolved and is documented in the [Bug fixes](/admin/release-notes#3.13.4-bugs) section. [Updated: 2024-09-30]' diff --git a/data/release-notes/enterprise-server/3-13/5.yml b/data/release-notes/enterprise-server/3-13/5.yml index 6c2270037289..5c4490479057 100644 --- a/data/release-notes/enterprise-server/3-13/5.yml +++ b/data/release-notes/enterprise-server/3-13/5.yml @@ -37,7 +37,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | diff --git a/data/release-notes/enterprise-server/3-13/6.yml b/data/release-notes/enterprise-server/3-13/6.yml index eeaa83a85c4a..c26af399c355 100644 --- a/data/release-notes/enterprise-server/3-13/6.yml +++ b/data/release-notes/enterprise-server/3-13/6.yml @@ -33,7 +33,7 @@ sections: - | Running `config-apply` became stuck under certain circumstances due to a misconfiguration with Packages and Elasticsearch. - | - Some customers upgrading to 3.13 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read "[Undecryptable records](/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records)." + Some customers upgrading to 3.13 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read [Undecryptable records](/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records). changes: - | When connecting to an appliance via SSH, a notification about upcoming root disk changes displays. @@ -41,7 +41,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | diff --git a/data/release-notes/enterprise-server/3-13/7.yml b/data/release-notes/enterprise-server/3-13/7.yml index c7e8a8e2561e..a52abf8117bc 100644 --- a/data/release-notes/enterprise-server/3-13/7.yml +++ b/data/release-notes/enterprise-server/3-13/7.yml @@ -7,7 +7,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | diff --git a/data/release-notes/enterprise-server/3-13/8.yml b/data/release-notes/enterprise-server/3-13/8.yml index d2031b42e15f..6cfc6f548505 100644 --- a/data/release-notes/enterprise-server/3-13/8.yml +++ b/data/release-notes/enterprise-server/3-13/8.yml @@ -12,7 +12,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | diff --git a/data/release-notes/enterprise-server/3-14/0-rc1.yml b/data/release-notes/enterprise-server/3-14/0-rc1.yml index 81307451692b..2160d9f77a29 100644 --- a/data/release-notes/enterprise-server/3-14/0-rc1.yml +++ b/data/release-notes/enterprise-server/3-14/0-rc1.yml @@ -8,7 +8,7 @@ intro: | > > If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch. - For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)." + For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process). sections: features: @@ -22,7 +22,7 @@ sections: notes: # https://github.com/github/releases/issues/4178 - | - Administrators can scale the appliance using generation 2 virtual machines, with support for booting in UEFI mode. This requires deploying a new instance and restoring data onto it. See "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/using-generation-2-virtual-machines)." + Administrators can scale the appliance using generation 2 virtual machines, with support for booting in UEFI mode. This requires deploying a new instance and restoring data onto it. See [AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/using-generation-2-virtual-machines). # https://github.com/github/releases/issues/4179 - | Nomad has been upgraded to 1.5.17 and Consul has been upgraded to 1.17.4. These services are used in {% data variables.product.prodname_ghe_server %} to orchestrate containers and configuration. @@ -31,23 +31,23 @@ sections: notes: # https://github.com/github/releases/issues/4087 - | - Automated user provisioning via the System for Cross-domain Identity Management (SCIM) standard is available in public beta. Instances that use SAML authentication can enable SCIM to provision user accounts and manage their lifecycle from an identity provider (IdP). You can configure SCIM using an application for supported IdPs, or using the REST API endpoints for SCIM. See "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes)." + Automated user provisioning via the System for Cross-domain Identity Management (SCIM) standard is available in public beta. Instances that use SAML authentication can enable SCIM to provision user accounts and manage their lifecycle from an identity provider (IdP). You can configure SCIM using an application for supported IdPs, or using the REST API endpoints for SCIM. See [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes). * If your instance already uses SAML, you will need to configure a new IdP application that supports automated provisioning via SCIM. * Existing private beta customers should also reconfigure their implementation with an updated application. * During the public beta, we recommend testing SCIM support for your identity system in a non-production instance before adding SCIM to your current setup. # https://github.com/github/releases/issues/3905 - | - Organization owners can create and assign custom organization roles, delegating administrative duties to trusted teams and users. See "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles)." + Organization owners can create and assign custom organization roles, delegating administrative duties to trusted teams and users. See [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles). # https://github.com/github/releases/issues/4026 - | - Users can use the account switcher to switch between multiple accounts. See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/switching-between-accounts)." + Users can use the account switcher to switch between multiple accounts. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/switching-between-accounts). # https://github.com/github/releases/issues/4025 - | - On an instance that uses built-in authentication, users can use passkeys to sign in securely to GitHub, without needing to input their password. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey)." + On an instance that uses built-in authentication, users can use passkeys to sign in securely to GitHub, without needing to input their password. See [AUTOTITLE](/authentication/authenticating-with-a-passkey). # https://github.com/github/releases/issues/3789 - | - Enterprises that use an SSH certificate authority can allow SSH certificates to be used to access user-owned repositories. See "[AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-access-to-user-owned-repositories)." + Enterprises that use an SSH certificate authority can allow SSH certificates to be used to access user-owned repositories. See [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-access-to-user-owned-repositories). - heading: Audit logs notes: @@ -59,10 +59,10 @@ sections: notes: # https://github.com/github/releases/issues/3179 - | - Users can specify which teams or roles have the ability to bypass push protection. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection)." + Users can specify which teams or roles have the ability to bypass push protection. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection). # https://github.com/github/releases/issues/3567 - | - Secret scanning detects secrets leaked in discussions and in pull request titles, bodies, and comments. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." + Secret scanning detects secrets leaked in discussions and in pull request titles, bodies, and comments. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning). # https://github.com/github/releases/issues/3740 - | Secret scanning blocks contributors from uploading files with detected secrets if push protection is enabled for a repository. This feature is in public beta and subject to change. @@ -74,13 +74,13 @@ sections: notes: # https://github.com/github/releases/issues/3707 - | - Users can create a dedicated code scanning rule to block pull request merges, instead of relying on status checks. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection)." + Users can create a dedicated code scanning rule to block pull request merges, instead of relying on status checks. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection). # https://github.com/github/releases/issues/3734 - | - Users can use CodeQL threat model settings for C# to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#including-local-sources-of-tainted-data-in-default-setup)." + Users can use CodeQL threat model settings for C# to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#including-local-sources-of-tainted-data-in-default-setup). # https://github.com/github/releases/issues/3936 - | - Organizations that use default setup for code scanning can use organization-level model packs to extend the coverage of multiple repositories. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup)." + Organizations that use default setup for code scanning can use organization-level model packs to extend the coverage of multiple repositories. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup). # https://github.com/github/releases/issues/3663 - | CodeQL can scan Java projects without a build. This feature is in public beta and subject to change. @@ -101,28 +101,28 @@ sections: notes: # https://github.com/github/releases/issues/3344 - | - Users can consolidate Dependabot pull requests by enabling grouped security updates for related dependencies in a package ecosystem. See "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates)." + Users can consolidate Dependabot pull requests by enabling grouped security updates for related dependencies in a package ecosystem. See [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates). # https://github.com/github/releases/issues/3839 - | - Dependabot can access Cargo private registries to provide updates to Rust dependencies. See "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#about-configuring-private-registries-for-dependabot)." + Dependabot can access Cargo private registries to provide updates to Rust dependencies. See [AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#about-configuring-private-registries-for-dependabot). # https://github.com/github/releases/issues/3848 - | Dependabot pauses scheduled jobs after 15 failures. This gives an earlier indication of potential issues while still ensuring that critical security updates continue to be applied without interruption. # https://github.com/github/releases/issues/3850 - | - Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. This ensures that security updates are applied correctly, regardless of your repository's configuration settings. See "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot)." + Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. This ensures that security updates are applied correctly, regardless of your repository's configuration settings. See [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot). - heading: Code security notes: # https://github.com/github/releases/issues/4036 - | - The security overview dashboard, with the ability to view secret scanning metrics and trending data for the enablement of security features, is available at the enterprise level. See "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)." + The security overview dashboard, with the ability to view secret scanning metrics and trending data for the enablement of security features, is available at the enterprise level. See [AUTOTITLE](/code-security/security-overview/viewing-security-insights). # https://github.com/github/releases/issues/4212 - | The security overview dashboard for organizations is now generally available. # https://github.com/github/releases/issues/3913 - | - On the security overview dashboard, users can view alert trends grouped by tool. The group-by option is designed to improve the ability to track and analyze the effectiveness of scanning tools, enabling more strategic decision-making. See "[AUTOTITLE](/code-security/security-overview/viewing-security-insights#viewing-the-security-overview-dashboard-for-your-organization)." + On the security overview dashboard, users can view alert trends grouped by tool. The group-by option is designed to improve the ability to track and analyze the effectiveness of scanning tools, enabling more strategic decision-making. See [AUTOTITLE](/code-security/security-overview/viewing-security-insights#viewing-the-security-overview-dashboard-for-your-organization). # https://github.com/github/releases/issues/3912 - | On the security overview dashboard, users can filter by security tool. This feature is in public beta and subject to change. @@ -137,28 +137,28 @@ sections: {% data reusables.actions.actions-runner-release-note %} # https://github.com/github/releases/issues/3866 - | - Deployment views across environments are now generally available. Users can pin environments and use additional filters to filter the views. See "[AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history)." + Deployment views across environments are now generally available. Users can pin environments and use additional filters to filter the views. See [AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history). - heading: GitHub Pages notes: # https://github.com/github/releases/issues/3872 - | - Users can configure custom GitHub Actions workflows to build and deploy sites on GitHub Pages. See "[AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site#publishing-with-a-custom-github-actions-workflow)." + Users can configure custom GitHub Actions workflows to build and deploy sites on GitHub Pages. See [AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site#publishing-with-a-custom-github-actions-workflow). - heading: Repositories notes: # https://github.com/github/releases/issues/3947 - | - Users can enhance security by adding deploy keys as a bypass type to rulesets. See "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset)." + Users can enhance security by adding deploy keys as a bypass type to rulesets. See [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset). # https://github.com/github/releases/issues/3826 - | - Users can select Dependabot in the bypass list of a ruleset. See "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-push-ruleset)." + Users can select Dependabot in the bypass list of a ruleset. See [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-push-ruleset). - heading: Projects notes: # https://github.com/github/releases/issues/3910 - | - Users can use the auto-close issue workflow to automatically close issues when a project item moves to a specific "completed" status. See "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations)." + Users can use the auto-close issue workflow to automatically close issues when a project item moves to a specific "completed" status. See [AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations). - heading: Integrations and extensions notes: @@ -185,7 +185,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | @@ -223,4 +223,4 @@ sections: deprecations: - | - The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)." + The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see [AUTOTITLE](/rest/enterprise-admin/management-console). diff --git a/data/release-notes/enterprise-server/3-14/0.yml b/data/release-notes/enterprise-server/3-14/0.yml index 3ba52ded53d1..1ac4db753bf3 100644 --- a/data/release-notes/enterprise-server/3-14/0.yml +++ b/data/release-notes/enterprise-server/3-14/0.yml @@ -2,7 +2,7 @@ date: '2024-08-27' release_candidate: false deprecated: false intro: | - For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)." + For upgrade instructions, see [Upgrading {% data variables.product.prodname_ghe_server %}](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process). sections: @@ -17,7 +17,7 @@ sections: notes: # https://github.com/github/releases/issues/4178 - | - Administrators can scale the appliance using generation 2 virtual machines, with support for booting in UEFI mode. This requires deploying a new instance and restoring data onto it. See "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/using-generation-2-virtual-machines)." + Administrators can scale the appliance using generation 2 virtual machines, with support for booting in UEFI mode. This requires deploying a new instance and restoring data onto it. See [AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/using-generation-2-virtual-machines). # https://github.com/github/releases/issues/4179 - | Nomad has been upgraded to 1.5.17 and Consul has been upgraded to 1.17.4. These services are used in {% data variables.product.prodname_ghe_server %} to orchestrate containers and configuration. @@ -26,23 +26,23 @@ sections: notes: # https://github.com/github/releases/issues/4087 - | - Automated user provisioning via the System for Cross-domain Identity Management (SCIM) standard is available in public beta. Instances that use SAML authentication can enable SCIM to provision user accounts and manage their lifecycle from an identity provider (IdP). You can configure SCIM using an application for supported IdPs, or using the REST API endpoints for SCIM. See "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes)." + Automated user provisioning via the System for Cross-domain Identity Management (SCIM) standard is available in public beta. Instances that use SAML authentication can enable SCIM to provision user accounts and manage their lifecycle from an identity provider (IdP). You can configure SCIM using an application for supported IdPs, or using the REST API endpoints for SCIM. See [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes). * If your instance already uses SAML, you will need to configure a new IdP application that supports automated provisioning via SCIM. * Existing private beta customers should also reconfigure their implementation with an updated application. * During the public beta, we recommend testing SCIM support for your identity system in a non-production instance before adding SCIM to your current setup. # https://github.com/github/releases/issues/3905 - | - Organization owners can create and assign custom organization roles, delegating administrative duties to trusted teams and users. See "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles)." + Organization owners can create and assign custom organization roles, delegating administrative duties to trusted teams and users. See [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles). # https://github.com/github/releases/issues/4026 - | - Users can use the account switcher to switch between multiple accounts. See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/switching-between-accounts)." + Users can use the account switcher to switch between multiple accounts. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/switching-between-accounts). # https://github.com/github/releases/issues/4025 - | - On an instance that uses built-in authentication, users can use passkeys to sign in securely to GitHub, without needing to input their password. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey)." + On an instance that uses built-in authentication, users can use passkeys to sign in securely to GitHub, without needing to input their password. See [AUTOTITLE](/authentication/authenticating-with-a-passkey). # https://github.com/github/releases/issues/3789 - | - Enterprises that use an SSH certificate authority can allow SSH certificates to be used to access user-owned repositories. See "[AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-access-to-user-owned-repositories)." + Enterprises that use an SSH certificate authority can allow SSH certificates to be used to access user-owned repositories. See [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-access-to-user-owned-repositories). - heading: Audit logs notes: @@ -54,10 +54,10 @@ sections: notes: # https://github.com/github/releases/issues/3179 - | - Users can specify which teams or roles have the ability to bypass push protection. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection)." + Users can specify which teams or roles have the ability to bypass push protection. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection). # https://github.com/github/releases/issues/3567 - | - Secret scanning detects secrets leaked in discussions and in pull request titles, bodies, and comments. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." + Secret scanning detects secrets leaked in discussions and in pull request titles, bodies, and comments. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning). # https://github.com/github/releases/issues/3740 - | Secret scanning blocks contributors from uploading files with detected secrets if push protection is enabled for a repository. This feature is in public beta and subject to change. @@ -69,13 +69,13 @@ sections: notes: # https://github.com/github/releases/issues/3707 - | - Users can create a dedicated code scanning rule to block pull request merges, instead of relying on status checks. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection)." + Users can create a dedicated code scanning rule to block pull request merges, instead of relying on status checks. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection). # https://github.com/github/releases/issues/3734 - | - Users can use CodeQL threat model settings for C# to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#including-local-sources-of-tainted-data-in-default-setup)." + Users can use CodeQL threat model settings for C# to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#including-local-sources-of-tainted-data-in-default-setup). # https://github.com/github/releases/issues/3936 - | - Organizations that use default setup for code scanning can use organization-level model packs to extend the coverage of multiple repositories. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup)." + Organizations that use default setup for code scanning can use organization-level model packs to extend the coverage of multiple repositories. This feature is in public beta and subject to change. See [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup). # https://github.com/github/releases/issues/3663 - | CodeQL can scan Java projects without a build. This feature is in public beta and subject to change. @@ -96,31 +96,31 @@ sections: notes: # https://github.com/github/releases/issues/3344 - | - Users can consolidate Dependabot pull requests by enabling grouped security updates for related dependencies in a package ecosystem. See "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates)." + Users can consolidate Dependabot pull requests by enabling grouped security updates for related dependencies in a package ecosystem. See [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates). # https://github.com/github/releases/issues/3839 - | - Dependabot can access Cargo private registries to provide updates to Rust dependencies. See "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#about-configuring-private-registries-for-dependabot)." + Dependabot can access Cargo private registries to provide updates to Rust dependencies. See [AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#about-configuring-private-registries-for-dependabot). # https://github.com/github/releases/issues/3848 - | Dependabot pauses scheduled jobs after 15 failures. This gives an earlier indication of potential issues while still ensuring that critical security updates continue to be applied without interruption. # https://github.com/github/releases/issues/3850 - | - Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. This ensures that security updates are applied correctly, regardless of your repository's configuration settings. See "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot)." + Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. This ensures that security updates are applied correctly, regardless of your repository's configuration settings. See [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot). # https://github.com/github/releases/issues/4118 - | - In the `dependabot.yml` file, users can apply the same configuration to manifest files from multiple directories using the `directories` key. Direct strings, glob syntax, and wildcards (`*`) are all supported for targeting directories. See "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#directories)." [Updated: 2024-10-07] + In the `dependabot.yml` file, users can apply the same configuration to manifest files from multiple directories using the `directories` key. Direct strings, glob syntax, and wildcards (`*`) are all supported for targeting directories. See [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#directories). [Updated: 2024-10-07] - heading: Code security notes: # https://github.com/github/releases/issues/4036 - | - The security overview dashboard, with the ability to view secret scanning metrics and trending data for the enablement of security features, is available at the enterprise level. See "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)." + The security overview dashboard, with the ability to view secret scanning metrics and trending data for the enablement of security features, is available at the enterprise level. See [AUTOTITLE](/code-security/security-overview/viewing-security-insights). # https://github.com/github/releases/issues/4212 - | The security overview dashboard for organizations is now generally available. # https://github.com/github/releases/issues/3913 - | - On the security overview dashboard, users can view alert trends grouped by tool. The group-by option is designed to improve the ability to track and analyze the effectiveness of scanning tools, enabling more strategic decision-making. See "[AUTOTITLE](/code-security/security-overview/viewing-security-insights#viewing-the-security-overview-dashboard-for-your-organization)." + On the security overview dashboard, users can view alert trends grouped by tool. The group-by option is designed to improve the ability to track and analyze the effectiveness of scanning tools, enabling more strategic decision-making. See [AUTOTITLE](/code-security/security-overview/viewing-security-insights#viewing-the-security-overview-dashboard-for-your-organization). # https://github.com/github/releases/issues/3912 - | On the security overview dashboard, users can filter by security tool. This feature is in public beta and subject to change. @@ -135,28 +135,28 @@ sections: {% data reusables.actions.actions-runner-release-note %} # https://github.com/github/releases/issues/3866 - | - Deployment views across environments are now generally available. Users can pin environments and use additional filters to filter the views. See "[AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history)." + Deployment views across environments are now generally available. Users can pin environments and use additional filters to filter the views. See [AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history). - heading: GitHub Pages notes: # https://github.com/github/releases/issues/3872 - | - Users can configure custom GitHub Actions workflows to build and deploy sites on GitHub Pages. See "[AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site#publishing-with-a-custom-github-actions-workflow)." + Users can configure custom GitHub Actions workflows to build and deploy sites on GitHub Pages. See [AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site#publishing-with-a-custom-github-actions-workflow). - heading: Repositories notes: # https://github.com/github/releases/issues/3947 - | - Users can enhance security by adding deploy keys as a bypass type to rulesets. See "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset)." + Users can enhance security by adding deploy keys as a bypass type to rulesets. See [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset). # https://github.com/github/releases/issues/3826 - | - Users can select Dependabot in the bypass list of a ruleset. See "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-push-ruleset)." + Users can select Dependabot in the bypass list of a ruleset. See [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-push-ruleset). - heading: Projects notes: # https://github.com/github/releases/issues/3910 - | - Users can use the auto-close issue workflow to automatically close issues when a project item moves to a specific "completed" status. See "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations)." + Users can use the auto-close issue workflow to automatically close issues when a project item moves to a specific "completed" status. See [AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations). - heading: Integrations and extensions notes: @@ -178,7 +178,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | @@ -224,7 +224,7 @@ sections: deprecations: - | - The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)." + The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see [AUTOTITLE](/rest/enterprise-admin/management-console). errata: - | diff --git a/data/release-notes/enterprise-server/3-14/1.yml b/data/release-notes/enterprise-server/3-14/1.yml index 0ce20c13636b..16b70ad83e07 100644 --- a/data/release-notes/enterprise-server/3-14/1.yml +++ b/data/release-notes/enterprise-server/3-14/1.yml @@ -45,7 +45,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as `127.0.0.1`. - | diff --git a/data/release-notes/enterprise-server/3-14/2.yml b/data/release-notes/enterprise-server/3-14/2.yml index c5d5547c7a9a..2d2f8d8ef2cb 100644 --- a/data/release-notes/enterprise-server/3-14/2.yml +++ b/data/release-notes/enterprise-server/3-14/2.yml @@ -49,7 +49,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | diff --git a/data/release-notes/enterprise-server/3-14/3.yml b/data/release-notes/enterprise-server/3-14/3.yml index 2b1155ae0d59..0a9b6889a3e4 100644 --- a/data/release-notes/enterprise-server/3-14/3.yml +++ b/data/release-notes/enterprise-server/3-14/3.yml @@ -39,7 +39,7 @@ sections: - | Audit log events for secret scanning alerts incorrectly displayed a blank secret type when generated for a custom pattern. - | - Some customers upgrading to 3.14 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read "[Undecryptable records](/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records)." + Some customers upgrading to 3.14 may experience issues with undecryptable records during the upgrade. This issue has now been resolved. We recommend you read [Undecryptable records](/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance#undecryptable-records). changes: - | When connecting to an appliance via SSH, a notification about upcoming root disk changes displays. @@ -47,7 +47,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | diff --git a/data/release-notes/enterprise-server/3-14/4.yml b/data/release-notes/enterprise-server/3-14/4.yml index 7af71a9b392b..b91671b89a8a 100644 --- a/data/release-notes/enterprise-server/3-14/4.yml +++ b/data/release-notes/enterprise-server/3-14/4.yml @@ -7,7 +7,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | diff --git a/data/release-notes/enterprise-server/3-14/5.yml b/data/release-notes/enterprise-server/3-14/5.yml index 8f605c06320c..c2ed8b238ec3 100644 --- a/data/release-notes/enterprise-server/3-14/5.yml +++ b/data/release-notes/enterprise-server/3-14/5.yml @@ -12,7 +12,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | diff --git a/data/release-notes/enterprise-server/3-15/0-rc1.yml b/data/release-notes/enterprise-server/3-15/0-rc1.yml index d93e31307c16..594ab28afd5e 100644 --- a/data/release-notes/enterprise-server/3-15/0-rc1.yml +++ b/data/release-notes/enterprise-server/3-15/0-rc1.yml @@ -8,7 +8,7 @@ intro: | > > If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch. - For upgrade instructions, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)." + For upgrade instructions, see [AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process). sections: # Remove section heading if the section contains no notes. @@ -20,23 +20,23 @@ sections: notes: # https://github.com/github/releases/issues/4353 - | - New installations of GitHub Enterprise Server version 3.15 and upgrades to 3.15 now require a root disk size of at least 400GB. Otherwise, the system will not boot. For more information on how to increase the root disk size in the appliance, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity)." + New installations of GitHub Enterprise Server version 3.15 and upgrades to 3.15 now require a root disk size of at least 400GB. Otherwise, the system will not boot. For more information on how to increase the root disk size in the appliance, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity). # https://github.com/github/releases/issues/4353 - | - Minimum recommended requirements for vCPUs, memory, root storage, and data storage have been updated. See "[AUTOTITLE](/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware#minimum-recommended-requirements)." + Minimum recommended requirements for vCPUs, memory, root storage, and data storage have been updated. See [AUTOTITLE](/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware#minimum-recommended-requirements). - heading: Audit logs notes: # https://github.com/github/releases/issues/4185 - | - Organization owners and security managers can monitor changes to the use of security configurations at the organization and repository levels. See "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)," [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration), and [`repository_security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#repository_security_configuration). + Organization owners and security managers can monitor changes to the use of security configurations at the organization and repository levels. See [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)," [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration), and [`repository_security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#repository_security_configuration) - heading: Code scanning notes: # https://github.com/github/releases/issues/3915 and https://github.com/github/releases/issues/4469 - | - Users can run CodeQL analysis of C# code without building the project, `build-mode: none`. When you enable code scanning using default setup on a repository, both Java and C# use this mode. Analysis of both languages using this method is generally available. See "[About build mode None for CodeQL](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-build-mode-none-for-codeql)." + Users can run CodeQL analysis of C# code without building the project, `build-mode: none`. When you enable code scanning using default setup on a repository, both Java and C# use this mode. Analysis of both languages using this method is generally available. See [About build mode None for CodeQL](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-build-mode-none-for-codeql). # https://github.com/github/releases/issues/4189 - | CodeQL analysis of Swift and Kotlin code is generally available. @@ -55,19 +55,19 @@ sections: notes: # https://github.com/github/releases/issues/4150 - | - Secret scanning for discussions, issues, and pull request titles, bodies, and comments is now generally available. See "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)." + Secret scanning for discussions, issues, and pull request titles, bodies, and comments is now generally available. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning). # https://github.com/github/releases/issues/4511 - | Users can bypass push protection using the existing `Create a blob` and `Create or update file contents` REST API endpoints. This action can also be performed programmatically using the new `Create a push protection bypass` API endpoint. See the [GitHub Blog post](https://github.blog/changelog/2024-08-13-secret-scanning-push-protection-is-supported-for-content-upload-rest-api-endpoints/). # https://github.com/github/releases/issues/4522 - | - Organization owners can enable the detection of non-provider patterns for their organization using a security configuration. This feature is in public beta and is subject to change. See "[Enabling detection of non-provider patterns for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns#enabling-detection-of-non-provider-patterns-for-an-organization)." + Organization owners can enable the detection of non-provider patterns for their organization using a security configuration. This feature is in public beta and is subject to change. See [Enabling detection of non-provider patterns for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns#enabling-detection-of-non-provider-patterns-for-an-organization). - heading: Dependabot notes: # https://github.com/github/releases/issues/4522 - | - Organization owners, security managers and users with **admin** access can manage Dependabot auto-triage rules, as well as create custom auto-triage rules. Auto-triage rules are a powerful tool that automatically dismiss Dependabot alerts matching certain criteria. This feature is generally available. See "[AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules)." + Organization owners, security managers and users with **admin** access can manage Dependabot auto-triage rules, as well as create custom auto-triage rules. Auto-triage rules are a powerful tool that automatically dismiss Dependabot alerts matching certain criteria. This feature is generally available. See [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules). - heading: GitHub Connect notes: @@ -78,16 +78,16 @@ sections: notes: # https://github.com/github/releases/issues/3953 and https://github.com/github/releases/issues/3954 - | - Organization owners and security managers can use a "CodeQL pull request alerts" view in security overview to proactively identify and mitigate security risks at the organization and enterprise level. For example, they can see the most common alerts found in pull requests and see the corresponding remediation rates. See "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts)." + Organization owners and security managers can use a "CodeQL pull request alerts" view in security overview to proactively identify and mitigate security risks at the organization and enterprise level. For example, they can see the most common alerts found in pull requests and see the corresponding remediation rates. See [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts). - heading: Code security notes: # https://github.com/github/releases/issues/4231 - | - Organization owners and security managers can simplify the rollout of GitHub security products at scale with security configurations. They can define collections of security settings, save them as a custom configuration, and apply them across groups of repositories. Security configurations can be enforced using policies to stop repositories making any changes to the enablement of security features. See "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)." + Organization owners and security managers can simplify the rollout of GitHub security products at scale with security configurations. They can define collections of security settings, save them as a custom configuration, and apply them across groups of repositories. Security configurations can be enforced using policies to stop repositories making any changes to the enablement of security features. See [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale). # https://github.com/github/releases/issues/4031 and https://github.com/github/releases/issues/4287 and https://github.com/github/releases/issues/4185 - | - Organization owners and security managers can create, apply, enforce, and monitor security configurations programmatically using REST API calls and audit logs. See "[AUTOTITLE](/rest/code-security/configurations)" and [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration). + Organization owners and security managers can create, apply, enforce, and monitor security configurations programmatically using REST API calls and audit logs. See [AUTOTITLE](/rest/code-security/configurations) and [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration). - heading: GitHub Actions notes: @@ -111,7 +111,7 @@ sections: Users can gain deeper insights into contributors and code frequency with enhanced focus navigation, and a new table format for viewing and downloading data. # https://github.com/github/releases/issues/4244 - | - Users can require that merges must be performed with a merge queue at the repository level. For more information about merge queues, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue#about-merge-queues)." + Users can require that merges must be performed with a merge queue at the repository level. For more information about merge queues, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue#about-merge-queues). # https://github.com/github/releases/issues/4245 - | Admins can enforce status checks and workflow runs on existing refs while allowing the creation of new refs. @@ -161,7 +161,7 @@ sections: Pushes that update over 5,000 branches no longer trigger webhooks or GitHub Actions workflows. # https://github.com/github/releases/issues/4231 - | - Organization owners and security managers will see a new organization-level code security settings UI. In the organization settings sidebar, the **Code security and analysis** option has been replaced by an expanding **Code security** option. This contains new **Configurations** and **Global settings** options. See "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)." + Organization owners and security managers will see a new organization-level code security settings UI. In the organization settings sidebar, the **Code security and analysis** option has been replaced by an expanding **Code security** option. This contains new **Configurations** and **Global settings** options. See [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale). known_issues: - | @@ -177,7 +177,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | @@ -218,7 +218,7 @@ sections: In GitHub Enterprise Server 3.16, the `/explore` functionality, including the `Activity` and `Trending` pages, will be removed. # https://github.com/github/releases/issues/4110 and https://github.com/github/releases/issues/4193 and https://github.com/github/releases/issues/4231 - | - We are closing down the API endpoints and parameters that complemented the old organization-level code security settings UI experience. These have been replaced by a new API for security configurations. See "[AUTOTITLE](/rest/code-security/configurations)." + We are closing down the API endpoints and parameters that complemented the old organization-level code security settings UI experience. These have been replaced by a new API for security configurations. See [AUTOTITLE](/rest/code-security/configurations). * **Closing down:** The GET response for security product status in an organization: [Get an organization](/rest/orgs/orgs?apiVersion=2022-11-28#get-an-organization) is deprecated. This attribute will return inaccurate information. * **Closing down:** The PATCH functionality for security products to set a default status for new repos in an organization: [Update an organization](/rest/orgs/orgs?apiVersion=2022-11-28#update-an-organization) is deprecated. The PATCH operation will be ignored. * **Closing down:** The POST endpoint to enable or disable a security feature for all repositories in an organization: [Enable or disable a security feature for an organization](/rest/orgs/orgs?apiVersion=2022-11-28#enable-or-disable-a-security-feature-for-an-organization) is deprecated. Using the POST operation may result in a code security configuration being unintentionally removed from a repository. @@ -226,7 +226,7 @@ sections: retired: # https://github.com/github/releases/issues/4878 - | - The Management Console API has been removed. The Manage GHES API reached feature parity with the Management Console API in {% data variables.product.prodname_ghe_server %} version 3.12. For information about the Manage GHES API, see "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)." + The Management Console API has been removed. The Manage GHES API reached feature parity with the Management Console API in {% data variables.product.prodname_ghe_server %} version 3.12. For information about the Manage GHES API, see [AUTOTITLE](/rest/enterprise-admin/manage-ghes). - | The option to "copy Storage settings from Actions" in the Management Console ("GitHub Packages" > "Packages Storage Settings") has been removed. [Updated: 2024-11-20] diff --git a/data/release-notes/enterprise-server/3-15/0.yml b/data/release-notes/enterprise-server/3-15/0.yml index d0141b930bd6..ce3bf1cd8540 100644 --- a/data/release-notes/enterprise-server/3-15/0.yml +++ b/data/release-notes/enterprise-server/3-15/0.yml @@ -2,7 +2,7 @@ date: '2024-12-03' release_candidate: false deprecated: false intro: | - For upgrade instructions, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)." + For upgrade instructions, see [AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process). sections: # Remove section heading if the section contains no notes. @@ -15,23 +15,23 @@ sections: notes: # https://github.com/github/releases/issues/4353 - | - New installations of GitHub Enterprise Server version 3.15 and upgrades to 3.15 now require a root disk size of at least 400GB. Otherwise, the system will not boot. For more information on how to increase the root disk size in the appliance, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity)." + New installations of GitHub Enterprise Server version 3.15 and upgrades to 3.15 now require a root disk size of at least 400GB. Otherwise, the system will not boot. For more information on how to increase the root disk size in the appliance, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity). # https://github.com/github/releases/issues/4353 - | - Minimum recommended requirements for vCPUs, memory, root storage, and data storage have been updated. See "[AUTOTITLE](/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware#minimum-recommended-requirements)." + Minimum recommended requirements for vCPUs, memory, root storage, and data storage have been updated. See [AUTOTITLE](/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware#minimum-recommended-requirements). - heading: Audit logs notes: # https://github.com/github/releases/issues/4185 - | - Organization owners and security managers can monitor changes to the use of security configurations at the organization and repository levels. See "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)," [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration), and [`repository_security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#repository_security_configuration). + Organization owners and security managers can monitor changes to the use of security configurations at the organization and repository levels. See [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)," [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration), and [`repository_security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#repository_security_configuration) - heading: Code scanning notes: # https://github.com/github/releases/issues/3915 and https://github.com/github/releases/issues/4469 - | - Users can run CodeQL analysis of C# code without building the project, `build-mode: none`. When you enable code scanning using default setup on a repository, both Java and C# use this mode. Analysis of both languages using this method is generally available. See "[About build mode None for CodeQL](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-build-mode-none-for-codeql)." + Users can run CodeQL analysis of C# code without building the project, `build-mode: none`. When you enable code scanning using default setup on a repository, both Java and C# use this mode. Analysis of both languages using this method is generally available. See [About build mode None for CodeQL](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-build-mode-none-for-codeql). # https://github.com/github/releases/issues/4189 - | CodeQL analysis of Swift and Kotlin code is generally available. @@ -50,19 +50,19 @@ sections: notes: # https://github.com/github/releases/issues/4150 - | - Secret scanning for discussions, issues, and pull request titles, bodies, and comments is now generally available. See "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)." + Secret scanning for discussions, issues, and pull request titles, bodies, and comments is now generally available. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning). # https://github.com/github/releases/issues/4511 - | Users can bypass push protection using the existing `Create a blob` and `Create or update file contents` REST API endpoints. This action can also be performed programmatically using the new `Create a push protection bypass` API endpoint. See the [GitHub Blog post](https://github.blog/changelog/2024-08-13-secret-scanning-push-protection-is-supported-for-content-upload-rest-api-endpoints/). # https://github.com/github/releases/issues/4522 - | - Organization owners can enable the detection of non-provider patterns for their organization using a security configuration. This feature is in public beta and is subject to change. See "[Enabling detection of non-provider patterns for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns#enabling-detection-of-non-provider-patterns-for-an-organization)." + Organization owners can enable the detection of non-provider patterns for their organization using a security configuration. This feature is in public beta and is subject to change. See [Enabling detection of non-provider patterns for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns#enabling-detection-of-non-provider-patterns-for-an-organization). - heading: Dependabot notes: # https://github.com/github/releases/issues/4522 - | - Organization owners, security managers and users with **admin** access can manage Dependabot auto-triage rules, as well as create custom auto-triage rules. Auto-triage rules are a powerful tool that automatically dismiss Dependabot alerts matching certain criteria. This feature is generally available. See "[AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules)." + Organization owners, security managers and users with **admin** access can manage Dependabot auto-triage rules, as well as create custom auto-triage rules. Auto-triage rules are a powerful tool that automatically dismiss Dependabot alerts matching certain criteria. This feature is generally available. See [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules). - heading: GitHub Connect notes: @@ -73,16 +73,16 @@ sections: notes: # https://github.com/github/releases/issues/3953 and https://github.com/github/releases/issues/3954 - | - Organization owners and security managers can use a "CodeQL pull request alerts" view in security overview to proactively identify and mitigate security risks at the organization and enterprise level. For example, they can see the most common alerts found in pull requests and see the corresponding remediation rates. See "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts)." + Organization owners and security managers can use a "CodeQL pull request alerts" view in security overview to proactively identify and mitigate security risks at the organization and enterprise level. For example, they can see the most common alerts found in pull requests and see the corresponding remediation rates. See [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts). - heading: Code security notes: # https://github.com/github/releases/issues/4231 - | - Organization owners and security managers can simplify the rollout of GitHub security products at scale with security configurations. They can define collections of security settings, save them as a custom configuration, and apply them across groups of repositories. Security configurations can be enforced using policies to stop repositories making any changes to the enablement of security features. See "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)." + Organization owners and security managers can simplify the rollout of GitHub security products at scale with security configurations. They can define collections of security settings, save them as a custom configuration, and apply them across groups of repositories. Security configurations can be enforced using policies to stop repositories making any changes to the enablement of security features. See [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale). # https://github.com/github/releases/issues/4031 and https://github.com/github/releases/issues/4287 and https://github.com/github/releases/issues/4185 - | - Organization owners and security managers can create, apply, enforce, and monitor security configurations programmatically using REST API calls and audit logs. See "[AUTOTITLE](/rest/code-security/configurations)" and [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration). + Organization owners and security managers can create, apply, enforce, and monitor security configurations programmatically using REST API calls and audit logs. See [AUTOTITLE](/rest/code-security/configurations) and [`security_configuration`](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#security_configuration). - heading: GitHub Actions notes: @@ -106,7 +106,7 @@ sections: Users can gain deeper insights into contributors and code frequency with enhanced focus navigation, and a new table format for viewing and downloading data. # https://github.com/github/releases/issues/4244 - | - Users can require that merges must be performed with a merge queue at the repository level. For more information about merge queues, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue#about-merge-queues)." + Users can require that merges must be performed with a merge queue at the repository level. For more information about merge queues, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue#about-merge-queues). # https://github.com/github/releases/issues/4245 - | Admins can enforce status checks and workflow runs on existing refs while allowing the creation of new refs. @@ -156,7 +156,7 @@ sections: Pushes that update over 5,000 branches no longer trigger webhooks or GitHub Actions workflows. # https://github.com/github/releases/issues/4231 - | - Organization owners and security managers will see a new organization-level code security settings UI. In the organization settings sidebar, the **Code security and analysis** option has been replaced by an expanding **Code security** option. This contains new **Configurations** and **Global settings** options. See "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)." + Organization owners and security managers will see a new organization-level code security settings UI. In the organization settings sidebar, the **Code security and analysis** option has been replaced by an expanding **Code security** option. This contains new **Configurations** and **Global settings** options. See [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale). known_issues: - | @@ -170,7 +170,7 @@ sections: - | During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. - | - If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). - | On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. - | @@ -202,7 +202,7 @@ sections: - | {% data reusables.release-notes.2024-11-ghe-repl-promote-primary-down %} - | - On Azure instances, a failed pre-upgrade check due to insufficient user disk size can result in the Management Console displaying an `Internal Server Error`. To restore access to the Management Console, run `sudo rm /var/log/preflight-check-report.json` to remove the file. If enabled, the `automatic update checks` need to be disabled from the Management Console until user disk size is increased to minimum 500 GB. To increase the user disk size, see "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity#increasing-the-data-partition-size)." + On Azure instances, a failed pre-upgrade check due to insufficient user disk size can result in the Management Console displaying an `Internal Server Error`. To restore access to the Management Console, run `sudo rm /var/log/preflight-check-report.json` to remove the file. If enabled, the `automatic update checks` need to be disabled from the Management Console until user disk size is increased to minimum 500 GB. To increase the user disk size, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity#increasing-the-data-partition-size). closing_down: # https://github.com/github/releases/issues/3525 @@ -213,7 +213,7 @@ sections: In GitHub Enterprise Server 3.16, the `/explore` functionality, including the `Activity` and `Trending` pages, will be removed. # https://github.com/github/releases/issues/4110 and https://github.com/github/releases/issues/4193 and https://github.com/github/releases/issues/4231 - | - We are closing down the API endpoints and parameters that complemented the old organization-level code security settings UI experience. These have been replaced by a new API for security configurations. See "[AUTOTITLE](/rest/code-security/configurations)." + We are closing down the API endpoints and parameters that complemented the old organization-level code security settings UI experience. These have been replaced by a new API for security configurations. See [AUTOTITLE](/rest/code-security/configurations). The following things are scheduled for removal in GitHub Enterprise Server 3.16. * **Closing down:** The GET response for security product status in an organization: [Get an organization](/rest/orgs/orgs?apiVersion=2022-11-28#get-an-organization) is deprecated. This attribute will return inaccurate information. @@ -223,6 +223,6 @@ sections: retired: # https://github.com/github/releases/issues/4878 - | - The Management Console API has been removed. The Manage GHES API reached feature parity with the Management Console API in {% data variables.product.prodname_ghe_server %} version 3.12. For information about the Manage GHES API, see "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)." + The Management Console API has been removed. The Manage GHES API reached feature parity with the Management Console API in {% data variables.product.prodname_ghe_server %} version 3.12. For information about the Manage GHES API, see [AUTOTITLE](/rest/enterprise-admin/manage-ghes). - | The option to "copy Storage settings from Actions" in the Management Console ("GitHub Packages" > "Packages Storage Settings") has been removed. diff --git a/data/reusables/rai/copilot-dotcom-feedback-collection.md b/data/reusables/rai/copilot-dotcom-feedback-collection.md index 8c00524a9e4c..6125a878d427 100644 --- a/data/reusables/rai/copilot-dotcom-feedback-collection.md +++ b/data/reusables/rai/copilot-dotcom-feedback-collection.md @@ -1 +1 @@ -> [!NOTE] The ability to provide feedback to {% data variables.product.prodname_dotcom %} about {% data variables.product.prodname_copilot_for_prs %} is dependent on enterprise settings. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise)." +> [!NOTE] The ability to provide feedback to {% data variables.product.prodname_dotcom %} about {% data variables.product.prodname_copilot_for_prs %} is dependent on enterprise settings. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise)." diff --git a/data/reusables/rai/copilot/about-copilot-chat-in-mobile.md b/data/reusables/rai/copilot/about-copilot-chat-in-mobile.md index 8e8f099b9870..133b28b2ffdf 100644 --- a/data/reusables/rai/copilot/about-copilot-chat-in-mobile.md +++ b/data/reusables/rai/copilot/about-copilot-chat-in-mobile.md @@ -22,7 +22,7 @@ The options available to you in {% data variables.product.prodname_copilot_mobil * Only people with a {% data variables.product.prodname_copilot_enterprise %} subscription can access and have conversations using the data from private indexed repositories. * If you have a {% data variables.product.prodname_copilot_enterprise %} subscription and you have enabled Bing search integration ({% data variables.release-phases.public_preview %}), {% data variables.product.prodname_copilot_mobile_short %} may respond using information based on the results of a Bing search. For information on how to enable or disable Bing search integration, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %} -* In addition to general coding conversations or conversations about a single file, people with a {% data variables.product.prodname_copilot_individuals_short %} subscription have the ability to discuss top popular public repositories using embeddings. +* In addition to general coding conversations or conversations about a single file, people with a {% data variables.product.prodname_copilot_individuals_short %} subscription have the ability to discuss top popular public repositories using embeddings. If you do not have a {% data variables.product.prodname_copilot %} subscription, you can purchase a {% data variables.product.prodname_copilot_individuals_short %} subscription directly in the iOS version of {% data variables.product.prodname_mobile %}, or in the Google Play Store for the Android version of {% data variables.product.prodname_mobile %}. @@ -50,7 +50,7 @@ You can ask {% data variables.product.prodname_copilot_chat_short %} for help or ## Improving performance for {% data variables.product.prodname_copilot_mobile_short %} -{% data variables.product.prodname_copilot_chat_short %} can support a wide range of practical applications like code generation, code analysis, and code fixes, each with different performance metrics and mitigation strategies. To enhance performance and address some of the the limitations of {% data variables.product.prodname_copilot_chat_short %}, there are various measures that you can adopt. For more information on the limitations of {% data variables.product.prodname_copilot_mobile_short %}, see "[Limitations of {% data variables.product.prodname_copilot_mobile_short %}](#limitations-of-copilot-chat-in-github-mobile)." +{% data variables.product.prodname_copilot_chat_short %} can support a wide range of practical applications like code generation, code analysis, and code fixes, each with different performance metrics and mitigation strategies. To enhance performance and address some of the limitations of {% data variables.product.prodname_copilot_chat_short %}, there are various measures that you can adopt. For more information on the limitations of {% data variables.product.prodname_copilot_mobile_short %}, see "[Limitations of {% data variables.product.prodname_copilot_mobile_short %}](#limitations-of-copilot-chat-in-github-mobile)." ### Keep your prompts on topic diff --git a/data/reusables/rai/copilot/copilot-chat-ide-improving-performance.md b/data/reusables/rai/copilot/copilot-chat-ide-improving-performance.md index 9756042616af..39ca5395cb5f 100644 --- a/data/reusables/rai/copilot/copilot-chat-ide-improving-performance.md +++ b/data/reusables/rai/copilot/copilot-chat-ide-improving-performance.md @@ -1,6 +1,6 @@ ## Improving performance for {% data variables.product.prodname_copilot_chat %} -{% data variables.product.prodname_copilot_chat_short %} can support a wide range of practical applications like code generation, code analysis, and code fixes, each with different performance metrics and mitigation strategies. To enhance performance and address some of the the limitations of {% data variables.product.prodname_copilot_chat_short %}, there are various measures that you can adopt. For more information on the limitations of {% data variables.product.prodname_copilot_chat_short %}, see "[Limitations of {% data variables.product.prodname_copilot_chat %}](/copilot/github-copilot-chat/copilot-chat-in-ides/about-github-copilot-chat-in-your-ide#limitations-of-github-copilot-chat)." +{% data variables.product.prodname_copilot_chat_short %} can support a wide range of practical applications like code generation, code analysis, and code fixes, each with different performance metrics and mitigation strategies. To enhance performance and address some of the limitations of {% data variables.product.prodname_copilot_chat_short %}, there are various measures that you can adopt. For more information on the limitations of {% data variables.product.prodname_copilot_chat_short %}, see "[Limitations of {% data variables.product.prodname_copilot_chat %}](/copilot/github-copilot-chat/copilot-chat-in-ides/about-github-copilot-chat-in-your-ide#limitations-of-github-copilot-chat)." ### Keep your prompts on topic diff --git a/data/variables/migrations.yml b/data/variables/migrations.yml index 82e1bb0f65df..a7c3c30c719b 100644 --- a/data/variables/migrations.yml +++ b/data/variables/migrations.yml @@ -1,8 +1,8 @@ user_migrations_intro: >- You can use these endpoints to review, backup, or migrate your user data stored on {% data variables.product.prodname_dotcom_the_website %}. organization_migrations_intro: >- - You can use these endpoints to export one or more repositories so you can move them to a{% ifversion ghes %}nother{% endif %} {% data variables.product.prodname_ghe_server %} instance. For more information, see "[AUTOTITLE](/migrations/using-ghe-migrator/exporting-migration-data-from-githubcom)." + You can use these endpoints to export one or more repositories so you can move them to a{% ifversion ghes %}nother{% endif %} {% data variables.product.prodname_ghe_server %} instance. For more information, see [AUTOTITLE](/migrations/using-ghe-migrator/exporting-migration-data-from-githubcom). source_imports_intro: >- You can use these endpoints to start an import from a Git repository hosted with another service. This is the same functionality as the {% data variables.product.prodname_dotcom %} - Importer. For more information, see "[AUTOTITLE](/migrations/importing-source-code/using-github-importer/importing-a-repository-with-github-importer)." + Importer. For more information, see [AUTOTITLE](/migrations/importing-source-code/using-github-importer/importing-a-repository-with-github-importer). diff --git a/src/fixtures/fixtures/data/glossaries/external.yml b/src/fixtures/fixtures/data/glossaries/external.yml index b643df45d808..9f6a27e8e28e 100644 --- a/src/fixtures/fixtures/data/glossaries/external.yml +++ b/src/fixtures/fixtures/data/glossaries/external.yml @@ -1,8 +1,8 @@ - term: foo description: >- Foo is an intentionally meaningless placeholder word often used in computer - programming. See "[AUTOTITLE](/get-started/foo)." + programming. See [AUTOTITLE](/get-started/foo). - term: check description: >- A check is a type of status check on {% data variables.product.product_name - %}. See "[foo](#foo)." + %}. See [foo](#foo).