|
| 1 | +date: '2025-08-19' |
| 2 | +intro: | |
| 3 | + {% warning %} |
| 4 | +
|
| 5 | + **Warning**: We are lifting the pause on upgrade to 3.15. You can now upgrade to version 3.15.12, but not to earlier releases of 3.15. This release includes optimizations that address performance issues reported in recent versions of GitHub Enterprise Server. As an additional step, it is recommended to check system capacity before upgrading. See [check system capacity before upgrading](/admin/upgrading-your-instance/preparing-to-upgrade/check-system-capacity-before-upgrading). |
| 6 | + |
| 7 | + {% endwarning %} |
| 8 | +sections: |
| 9 | + security_fixes: |
| 10 | + - | |
| 11 | + **HIGH:** An improper access control vulnerability was identified that allowed authenticated users to obtain code content from private repositories they did not have permission to access. If a user knew the names of a private repository and its branches, tags, or commit SHAs, they could use the compare/diff functionality to retrieve code from those repositories without authorization. Exploiting this vulnerability also required the attacker to have legitimate access to another repository within the same fork network. This vulnerability has been assigned [CVE-2025-8447](https://www.cve.org/cverecord?id=CVE-2025-8447) and was reported through the [GitHub Bug Bounty program](https://bounty.github.com/). |
| 12 | + - | |
| 13 | + Packages have been updated to the latest security versions. |
| 14 | + - | |
| 15 | + Elasticsearch packages have been updated to the 8.18.0 security version. |
| 16 | + - | |
| 17 | + The maintenance page in the Management Console did not include cross-site request forgery (CSRF) protection. |
| 18 | + bugs: |
| 19 | + - | |
| 20 | + For enterprises with a large number of organizations, some authorization queries were non-performant. This patch includes a set of fixes improving the performance of authorization checks that enforce PAT access policies for both fine-grained and classic {% data variables.product.pat_generic_title_case_plural %} (PATs). |
| 21 | + - | |
| 22 | + On instances in a cluster configuration, builds of GitHub Pages sites timed out in GitHub Actions workflows. |
| 23 | + - | |
| 24 | + After enabling GitHub Actions or performing an upgrade with GitHub Actions enabled, administrators experienced a delay of approximately 10 minutes longer than they should have due to a faulty connection check. This is fixed for future enablement and upgrades. |
| 25 | + - | |
| 26 | + Secret scanning backfills for pull requests and discussions did not run as expected during backfills of new secret types. Site administrators and security teams may have noticed incomplete secret scanning coverage or unworked queues after upgrading. |
| 27 | + - | |
| 28 | + Site administrators observed that uploading a license failed to restart GitHub services after upgrading GitHub Enterprise Server due to file permission issues in `/var/log/license-upgrade`. |
| 29 | + - | |
| 30 | + After upgrading to GHES 3.15.11, GHES 3.16.7, or GHES 3.17.4, administrators found that draft pull requests for private repositories were no longer available. |
| 31 | + changes: |
| 32 | + - | |
| 33 | + When administrators run the `ghe-support-bundle` command on an unconfigured node, the output clearly states that metadata collection was skipped, instead of producing misleading `curl` errors. This improves the clarity of support bundle diagnostics. |
| 34 | + - | |
| 35 | + Configuration runs do not output transient Elasticsearch health check failures. This update reduces log verbosity to address confusion reported by users. |
| 36 | + - | |
| 37 | + For administrators monitoring search index repairs, logs for repair jobs now include batch-level details, such as the ranges of updated IDs. This improvement makes it easier to track and debug the status of index repairs. |
| 38 | + known_issues: |
| 39 | + - | |
| 40 | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. |
| 41 | + - | |
| 42 | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). |
| 43 | + - | |
| 44 | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. |
| 45 | + - | |
| 46 | + {% data reusables.release-notes.large-adoc-files-issue %} |
| 47 | + - | |
| 48 | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. |
| 49 | + - | |
| 50 | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) may fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. |
| 51 | + - | |
| 52 | + Running `ghe-cluster-config-apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. |
| 53 | + - | |
| 54 | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} |
| 55 | + - | |
| 56 | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. |
| 57 | + - | |
| 58 | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. |
| 59 | + - | |
| 60 | + In the header bar displayed to site administrators, some icons are not available. |
| 61 | + - | |
| 62 | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. |
| 63 | + - | |
| 64 | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. |
| 65 | + - | |
| 66 | + When initializing a new GHES cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. |
| 67 | + - | |
| 68 | + Admins setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. |
| 69 | + - | |
| 70 | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. |
![release-controller[bot]](https://avatars.githubusercontent.com/in/223695?v=4&size=40){kind=avatar}
0 commit comments