diff --git a/content/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists.md b/content/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists.md deleted file mode 100644 index a4faeb0fc7c9..000000000000 --- a/content/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: About task lists -intro: 'You can use task lists to break the work for an issue or pull request into smaller tasks, then track the full set of work to completion.' -product: '{% data reusables.gated-features.markdown-ui %}' -redirect_from: - - /github/managing-your-work-on-github/managing-your-work-with-issues-and-pull-requests/about-task-lists - - /articles/about-task-lists - - /github/managing-your-work-on-github/about-task-lists - - /issues/tracking-your-work-with-issues/creating-issues/about-task-lists - - /issues/tracking-your-work-with-issues/about-task-lists -versions: - fpt: '*' - ghes: '*' - ghec: '*' -topics: - - Pull requests - - Issues ---- - -## About task lists - -A task list is a set of tasks that each render on a separate line with a clickable checkbox. You can select or deselect the checkboxes to mark the tasks as complete or incomplete. - -You can use Markdown to create a task list in any comment on {% data variables.product.github %}. {% ifversion fpt or ghec %}If you reference an issue, pull request, or discussion in a task list, the reference will unfurl to show the title and state.{% endif %} - -{% ifversion not fpt or ghec %} -You can view task list summary information in issue and pull request lists, when the task list is in the initial comment. -{% else %} - -## About issue task lists - -If you add a task list to the body of an issue, the list has added functionality. - -* To help you track your team's work on an issue, the progress of an issue's task list appears in various places on {% data variables.product.github %}, such as a repository's list of issues. -* If a task references another issue and someone closes that issue, the task's checkbox will automatically be marked as complete. -* If a task requires further tracking or discussion, you can convert the task to an issue by hovering over the task and clicking {% octicon "issue-opened" aria-label="The issue opened icon" %} in the upper-right corner of the task. To add more details before creating the issue, you can use keyboard shortcuts to open the new issue form. For more information, see [AUTOTITLE](/get-started/accessibility/keyboard-shortcuts#issues-and-pull-requests). -* Any issues referenced in the task list will specify that they are tracked in the referencing issue. - -![Screenshot of an issue showing a task list under the header "Features." Three list items link to other issues.](/assets/images/help/writing/task-list-rendered.png) - -{% endif %} - -## Creating task lists - -{% data reusables.repositories.task-list-markdown %} - -> [!NOTE] -> You cannot create task list items within closed issues or issues with linked pull requests. - -## Reordering tasks - -You can reorder the items in a task list. First, click or hover to the left of a task's checkbox until a grid of six dots appears. Then, drag and drop the grid to move the task to a new location. - -You can reorder tasks across different lists in the same comment, but you cannot reorder tasks across different comments. - -{% ifversion fpt or ghec %} ![Screenshot of a {% data variables.product.prodname_dotcom %} issue showing two tasks in a task list. A grid of six dots to the left of the second task is outlined in dark orange.](/assets/images/help/writing/task-list-reorder.png){% endif %} - -{% ifversion fpt %} - -## Converting tasks into issues - -You can also convert tasks into issues. First, hover over one of the items in your task list and then click {% octicon "issue-opened" aria-label="Convert to issue" %}. - - ![Screenshot of an issue showing two tasks. The "Convert to issue" icon is highlighted with an orange outline.](/assets/images/help/writing/convert-task-lists-into-issues.png) - -## Navigating tracked issues - -Any issues that are referenced in a task list specify that they are tracked by the issue that contains the task list. To navigate to the tracking issue from the tracked issue, click on the tracking issue number in the **Tracked by** section next to the issue status. - -![Screenshot of issue 3 showing the issue status of "Open" and the text "Tracked by issue #2", which is outlined in orange.](/assets/images/help/writing/task-list-tracked.png) - -{% endif %} diff --git a/content/get-started/writing-on-github/working-with-advanced-formatting/about-tasklists.md b/content/get-started/writing-on-github/working-with-advanced-formatting/about-tasklists.md new file mode 100644 index 000000000000..4a9650540ce8 --- /dev/null +++ b/content/get-started/writing-on-github/working-with-advanced-formatting/about-tasklists.md @@ -0,0 +1,78 @@ +--- +title: About tasklists +intro: 'You can use tasklists to break the work for an issue or pull request into smaller tasks, then track the full set of work to completion.' +product: '{% data reusables.gated-features.markdown-ui %}' +redirect_from: + - /github/managing-your-work-on-github/managing-your-work-with-issues-and-pull-requests/about-task-lists + - /articles/about-task-lists + - /github/managing-your-work-on-github/about-task-lists + - /issues/tracking-your-work-with-issues/creating-issues/about-task-lists + - /issues/tracking-your-work-with-issues/about-task-lists + - /get-started/writing-on-github/working-with-advanced-formatting/about-task-lists +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Pull requests + - Issues +--- + +## About tasklists + +> [!IMPORTANT] +> Tasklists are {% data variables.release-phases.retired %}. You can read more about this on the [GitHub Blog](https://github.blog/changelog/2025-04-29-closing-down-code-scanning-alerts-tracked-in-tasklists/). +> +> {% ifversion sub-issues %} You can use sub-issues as the replacement for tasklist blocks. Sub-issues provide a dedicated section within each issue, making it easier to track related work without relying on Markdown. For more information about sub-issues, see [AUTOTITLE](/issues/tracking-your-work-with-issues/using-issues/adding-sub-issues). {% endif %} + +A tasklist is a set of tasks that each render on a separate line with a clickable checkbox. You can select or deselect the checkboxes to mark the tasks as complete or incomplete. + +You can use Markdown to create a tasklist in any comment on {% data variables.product.github %}. {% ifversion fpt or ghec %}If you reference an issue, pull request, or discussion in a tasklist, the reference will unfurl to show the title and state.{% endif %} + +{% ifversion not fpt or ghec %} +You can view tasklist summary information in issue and pull request lists, when the tasklist is in the initial comment. +{% else %} + +## About issue tasklists + +If you add a tasklist to the body of an issue, the list has added functionality. + +* To help you track your team's work on an issue, the progress of an issue's tasklist appears in various places on {% data variables.product.github %}, such as a repository's list of issues. +* If a task references another issue and someone closes that issue, the task's checkbox will automatically be marked as complete. +* If a task requires further tracking or discussion, you can convert the task to an issue by hovering over the task and clicking {% octicon "issue-opened" aria-label="The issue opened icon" %} in the upper-right corner of the task. To add more details before creating the issue, you can use keyboard shortcuts to open the new issue form. For more information, see [AUTOTITLE](/get-started/accessibility/keyboard-shortcuts#issues-and-pull-requests). +* Any issues referenced in the tasklist will specify that they are tracked in the referencing issue. + +![Screenshot of an issue showing a tasklist under the header "Features." Three list items link to other issues.](/assets/images/help/writing/task-list-rendered.png) + +{% endif %} + +## Creating tasklists + +{% data reusables.repositories.task-list-markdown %} + +> [!NOTE] +> You cannot create tasklist items within closed issues or issues with linked pull requests. + +## Reordering tasks + +You can reorder the items in a tasklist. First, click or hover to the left of a task's checkbox until a grid of six dots appears. Then, drag and drop the grid to move the task to a new location. + +You can reorder tasks across different lists in the same comment, but you cannot reorder tasks across different comments. + +{% ifversion fpt or ghec %} ![Screenshot of a {% data variables.product.prodname_dotcom %} issue showing two tasks in a tasklist. A grid of six dots to the left of the second task is outlined in dark orange.](/assets/images/help/writing/task-list-reorder.png){% endif %} + +{% ifversion fpt %} + +## Converting tasks into issues + +You can also convert tasks into issues. First, hover over one of the items in your tasklist and then click {% octicon "issue-opened" aria-label="Convert to issue" %}. + + ![Screenshot of an issue showing two tasks. The "Convert to issue" icon is highlighted with an orange outline.](/assets/images/help/writing/convert-task-lists-into-issues.png) + +## Navigating tracked issues + +Any issues that are referenced in a tasklist specify that they are tracked by the issue that contains the tasklist. To navigate to the tracking issue from the tracked issue, click on the tracking issue number in the **Tracked by** section next to the issue status. + +![Screenshot of issue 3 showing the issue status of "Open" and the text "Tracked by issue #2", which is outlined in orange.](/assets/images/help/writing/task-list-tracked.png) + +{% endif %} diff --git a/content/get-started/writing-on-github/working-with-advanced-formatting/index.md b/content/get-started/writing-on-github/working-with-advanced-formatting/index.md index a955df419dfb..1cfd414031ea 100644 --- a/content/get-started/writing-on-github/working-with-advanced-formatting/index.md +++ b/content/get-started/writing-on-github/working-with-advanced-formatting/index.md @@ -16,7 +16,7 @@ children: - /writing-mathematical-expressions - /autolinked-references-and-urls - /attaching-files - - /about-task-lists + - /about-tasklists - /creating-a-permanent-link-to-a-code-snippet - /using-keywords-in-issues-and-pull-requests shortTitle: Work with advanced formatting diff --git a/data/release-notes/enterprise-server/3-13/15.yml b/data/release-notes/enterprise-server/3-13/15.yml new file mode 100644 index 000000000000..112e89894d41 --- /dev/null +++ b/data/release-notes/enterprise-server/3-13/15.yml @@ -0,0 +1,73 @@ +date: '2025-05-27' +sections: + security_fixes: + - | + **MEDIUM:** An attacker could inject HTML in the instances web UI because the web commit dialog did not properly sanitize repository rule violation messages. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + Packages have been updated to the latest security versions. + bugs: + - | + Ephemeral runner registrations for GitHub Actions were not fully cleaned up after deletion. + - | + For instances in a high availability configuration, because there was no Nomad job for the `aqueduct-lite` service on replica nodes, generating a support bundle from the command line on a replica would result in the error `ERROR: Failed to get elastomer index build progress` being incorrectly reported. + - | + A pre-receive hook could fail due to blocked system calls. + - | + After updating the TLS certificate from the Management Console, users encountered 502 errors when creating releases and uploading artifacts. Running `ghe-config-apply` did not resolve the issue, as the alambic service required a manual restart. + - | + The sidebar menu did not display on the "Retired namespaces" page on the site admin dashboard. + - | + Site administrators could encounter a failure to load domain entries in the "Verified & Approved Domains" section of the site admin dashboard when one or more authoritative nameservers for the affected domain were unreachable or unresponsive due to inefficient DNS queries. + - | + Images embedded in Markdown tables did not display correctly. + - | + Deleted discussions could potentially prevent a repository from being exported using the export API or `ghe-migrator`. + - | + During an import, missing assignee models caused incomplete imports of issues, pull requests, and their dependent models. + - | + When the GitHub Enterprise Server application attempted to create an Elasticsearch index that already existed but lacked a routing configuration, the operation failed. This resulted in a state where the index appeared to exist, but the application could not write documents to it. + - | + Enterprise customers in very large organizations experienced performance issues with the GitHub API when making multiple API requests to retrieve Dependabot alerts for their enterprise. + - | + In some cases, a file in the code view would appear as JSON instead of HTML. + - | + Instances using Azure for migration API storage without a proxy configured could not export migration archives because the system incorrectly attempted to route requests through a proxy. + - | + When administrators downloaded large Advanced Security committer CSV files, the operation would fail due to insufficient timeout settings. The timeout duration has been increased to ensure successful downloads. + - | + Actions workflows were not able to access up to 1,000 organization variables when the total size of all variables was under 10 MB. + - | + Secret scanning alerts would sometimes incorrectly identify the location of a secret in a file after a custom pattern was edited. + changes: + - | + Support tools now redact proxy credentials from their outputs in the admin terminal during connectivity checks. + - | + Live updates to the GitHub site were sometimes blocked by per-IP address rate limits, especially in environments where users accessed a GitHub Enterprise Server instance through a proxy. + - | + Merging a pull request using the "Rebase and merge" option is now limited to 100 commits. If you have a pull request with more than 100 commits, you can create a merge commit, or squash and merge, or split the commits into multiple pull requests. + closing_down: + - | + Microsoft Exchange Online is retiring SMTP basic authentication in September 2025. If your GitHub Enterprise Server instance uses this method to send email, delivery may fail after the retirement date. Microsoft recommends switching to a supported alternative. As another option, you may consider using an SMTP OAuth proxy such as [email-oauth2-proxy](https://github.com/simonrob/email-oauth2-proxy), though this is not officially supported. For details and configuration guidance, see the [Microsoft announcement](https://techcommunity.microsoft.com/blog/exchange/exchange-online-to-retire-basic-auth-for-client-submission-smtp-auth/4114750) and the proxy’s [documentation](https://github.com/simonrob/email-oauth2-proxy/blob/main/emailproxy.config). + known_issues: + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + For an instance in a cluster configuration and with GitHub Actions enabled, restoring a cluster from backup requires targeting the primary DB node. + - | + When following instructions for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), the step that includes running `ghe-cluster-config-apply` might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running `ghe-cluster-config-apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. The reindexing can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. diff --git a/data/release-notes/enterprise-server/3-14/12.yml b/data/release-notes/enterprise-server/3-14/12.yml new file mode 100644 index 000000000000..f12244924fe6 --- /dev/null +++ b/data/release-notes/enterprise-server/3-14/12.yml @@ -0,0 +1,91 @@ +date: '2025-05-27' +sections: + security_fixes: + - | + **MEDIUM:** An attacker could inject HTML in the instances web UI because the web commit dialog did not properly sanitize repository rule violation messages. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + Packages have been updated to the latest security versions. + bugs: + - | + Ephemeral runner registrations for GitHub Actions were not fully cleaned up after deletion. + - | + The alive process intermittently experienced segmentation faults (SIGSEGV) due to a `panic: runtime error: invalid memory address or nil pointer dereference` in the alive daemon during restore operations. These crashes caused services, such as mps, to appear unhealthy, leading to restore operation failures after 20 attempts. + - | + For instances in a high availability configuration, because there was no Nomad job for the `aqueduct-lite` service on replica nodes, generating a support bundle from the command line on a replica would result in the error `ERROR: Failed to get elastomer index build progress` being incorrectly reported. + - | + A pre-receive hook could fail due to blocked system calls. + - | + After updating the TLS certificate from the Management Console, users encountered 502 errors when creating releases and uploading artifacts. Running `ghe-config-apply` did not resolve the issue, as the alambic service required a manual restart. + - | + The sidebar menu did not display on the "Retired namespaces" page on the site admin dashboard. + - | + Site administrators could encounter a failure to load domain entries in the "Verified & Approved Domains" section of the site admin dashboard when one or more authoritative nameservers for the affected domain were unreachable or unresponsive due to inefficient DNS queries. + - | + When migrating from an instance with S3 on AWS Gov Cloud, an incorrect URL was generated. + - | + Images embedded in Markdown tables did not display correctly. + - | + Deleted discussions could potentially prevent a repository from being exported using the export API or `ghe-migrator`. + - | + During an import, missing assignee models caused incomplete imports of issues, pull requests, and their dependent models. + - | + When the GitHub Enterprise Server application attempted to create an Elasticsearch index that already existed but lacked a routing configuration, the operation failed. This resulted in a state where the index appeared to exist, but the application could not write documents to it. + - | + Enterprise customers in very large organizations experienced performance issues with the GitHub API when making multiple API requests to retrieve Dependabot alerts for their enterprise. + - | + Instances using Azure for migration API storage without a proxy configured could not export migration archives because the system incorrectly attempted to route requests through a proxy. + - | + When administrators downloaded large Advanced Security committer CSV files, the operation would fail due to insufficient timeout settings. The timeout duration has been increased to ensure successful downloads. + - | + The "Grouped security updates" button was not being displayed in the Dependabot settings at the organization and repository levels. + - | + Actions workflows were not able to access up to 1,000 organization variables when the total size of all variables was under 10 MB. + - | + Fetches from repository caches returned a "Repository not found" error when the cache is out of sync. + - | + Secret scanning alerts would sometimes incorrectly identify the location of a secret in a file after a custom pattern was edited. + changes: + - | + Support tools now redact proxy credentials from their outputs in the admin terminal during connectivity checks. + - | + Live updates to the GitHub site were sometimes blocked by per-IP address rate limits, especially in environments where users accessed a GitHub Enterprise Server instance through a proxy. + - | + Merging a pull request using the "Rebase and merge" option is now limited to 100 commits. If you have a pull request with more than 100 commits, you can create a merge commit, or squash and merge, or split the commits into multiple pull requests. + closing_down: + - | + Microsoft Exchange Online is retiring SMTP basic authentication in September 2025. If your GitHub Enterprise Server instance uses this method to send email, delivery may fail after the retirement date. Microsoft recommends switching to a supported alternative. As another option, you may consider using an SMTP OAuth proxy such as [email-oauth2-proxy](https://github.com/simonrob/email-oauth2-proxy), though this is not officially supported. For details and configuration guidance, see the [Microsoft announcement](https://techcommunity.microsoft.com/blog/exchange/exchange-online-to-retire-basic-auth-for-client-submission-smtp-auth/4114750) and the proxy’s [documentation](https://github.com/simonrob/email-oauth2-proxy/blob/main/emailproxy.config). + known_issues: + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following instructions for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), the step that includes running `ghe-cluster-config-apply` might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running `ghe-cluster-config-apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. The reindexing can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + In the header bar displayed to site administrators, some icons are not available. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. + - | + Repository cache replicas return `Repository not found` when changes have been pushed to the primary instance that have not yet synchronized to the cache replica. This issue can also occur in all previous patches of this release. + - | + Unexpected elements may appear in the UI on the repository overview page for locked repositories. diff --git a/data/release-notes/enterprise-server/3-15/7.yml b/data/release-notes/enterprise-server/3-15/7.yml new file mode 100644 index 000000000000..c39c6dd44fde --- /dev/null +++ b/data/release-notes/enterprise-server/3-15/7.yml @@ -0,0 +1,95 @@ +date: '2025-05-27' +sections: + security_fixes: + - | + **MEDIUM:** An attacker could inject HTML in the instances web UI because the web commit dialog did not properly sanitize repository rule violation messages. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + Packages have been updated to the latest security versions. + bugs: + - | + Ephemeral runner registrations for GitHub Actions were not fully cleaned up after deletion. + - | + The alive process intermittently experienced segmentation faults (SIGSEGV) due to a `panic: runtime error: invalid memory address or nil pointer dereference` in the alive daemon during restore operations. These crashes caused services, such as mps, to appear unhealthy, leading to restore operation failures after 20 attempts. + - | + For instances in a high availability configuration, because there was no Nomad job for the `aqueduct-lite` service on replica nodes, generating a support bundle from the command line on a replica would result in the erroneous error `ERROR: Failed to get elastomer index build progress` being reported. + - | + A pre-receive hook could fail due to blocked system calls. + - | + After updating the TLS certificate from the Management Console, users encountered 502 errors when creating releases and uploading artifacts. Running `ghe-config-apply` did not resolve the issue, as the alambic service required a manual restart. + - | + Enterprise customers in very large organizations experienced performance issues with the GitHub API when making multiple API requests to retrieve Dependabot alerts for their enterprise. + - | + The sidebar menu did not display on the "Retired namespaces" page on the site admin dashboard. + - | + Site administrators could encounter a failure to load domain entries in the "Verified & Approved Domains" section of the site admin dashboard when one or more authoritative nameservers for the affected domain were unreachable or unresponsive due to inefficient DNS queries. + - | + When migrating from an instance with S3 on AWS Gov Cloud, an incorrect URL was generated. + - | + Images embedded in Markdown tables did not display correctly. + - | + Deleted discussions could potentially prevent a repository from being exported using the export API or `ghe-migrator`. + - | + During an import, missing assignee models caused incomplete imports of issues, pull requests, and their dependent models. + - | + When the GitHub Enterprise Server application attempted to create an Elasticsearch index that already existed but lacked a routing configuration, the operation failed. This resulted in a state where the index appeared to exist, but the application could not write documents to it. + - | + Pull request pages did not update asynchronously to reflect new changes, sometimes causing users to see outdated information until a manual refresh or navigation occurred. + - | + On instances where vulnerability alerts were not configured, server usage metrics did not upload as expected. + - | + Instances using Azure for migration API storage without a proxy configured could not export migration archives because the system incorrectly attempted to route requests through a proxy. + - | + When administrators downloaded large Advanced Security committer CSV files, the operation would fail due to insufficient timeout settings. The timeout duration has been increased to ensure successful downloads. + - | + The "Grouped security updates" button was not being displayed in the Dependabot settings at the organization and repository levels. + - | + Actions workflows were not able to access up to 1,000 organization variables when the total size of all variables was under 10 MB. + - | + Fetches from repository caches returned a "Repository not found" error when the cache is out of sync. + - | + Secret scanning alerts would sometimes incorrectly identify the location of a secret in a file after a custom pattern was edited. + changes: + - | + Support tools now redact proxy credentials from their outputs in the admin terminal during connectivity checks. + - | + Live updates to the GitHub site were sometimes blocked by per-IP address rate limits, especially in environments where users access the GitHub Enterprise Server instance through a proxy. + - | + Merging a pull request using the "Rebase and merge" option is now limited to 100 commits. If you have a pull request with more than 100 commits, you can create a merge commit, or squash and merge, or split the commits into multiple pull requests. + closing_down: + - | + Microsoft Exchange Online is retiring SMTP basic authentication in September 2025. If your GitHub Enterprise Server instance uses this method to send email, delivery may fail after the retirement date. Microsoft recommends switching to a supported alternative. As another option, you may consider using an SMTP OAuth proxy such as [email-oauth2-proxy](https://github.com/simonrob/email-oauth2-proxy), though this is not officially supported. For details and configuration guidance, see the [Microsoft announcement](https://techcommunity.microsoft.com/blog/exchange/exchange-online-to-retire-basic-auth-for-client-submission-smtp-auth/4114750) and the proxy’s [documentation](https://github.com/simonrob/email-oauth2-proxy/blob/main/emailproxy.config). + known_issues: + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following instructions for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), the step that includes running `ghe-cluster-config-apply` might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running `ghe-cluster-config-apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. The reindexing can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + In the header bar displayed to site administrators, some icons are not available. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new GHES cluster, nodes with the `consul-server` role should be added to the cluster before adding more nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Administrators setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + Repository cache replicas return `Repository not found` when changes have been pushed to the primary instance that have not yet synchronized to the cache replica. This issue can also occur in all previous patches of this release. diff --git a/data/release-notes/enterprise-server/3-16/3.yml b/data/release-notes/enterprise-server/3-16/3.yml new file mode 100644 index 000000000000..5465ed1bc631 --- /dev/null +++ b/data/release-notes/enterprise-server/3-16/3.yml @@ -0,0 +1,95 @@ +date: '2025-05-27' +sections: + security_fixes: + - | + **MEDIUM:** An attacker could inject HTML in the instances web UI because the web commit dialog did not properly sanitize repository rule violation messages. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + Packages have been updated to the latest security versions. + bugs: + - | + Ephemeral runner registrations for GitHub Actions were not fully cleaned up after deletion. + - | + The alive process intermittently experienced segmentation faults (SIGSEGV) due to a `panic: runtime error: invalid memory address or nil pointer dereference` in the alive daemon during restore operations. These crashes caused services, such as mps, to appear unhealthy, leading to restore operation failures after 20 attempts. + - | + A pre-receive hook could fail due to blocked system calls. + - | + After updating the TLS certificate from the Management Console, users encountered 502 errors when creating releases and uploading artifacts. Running `ghe-config-apply` did not resolve the issue, as the alambic service required a manual restart. + - | + The sidebar menu did not display on the "Retired namespaces" page on the site admin dashboard. + - | + When migrating from an instance with S3 on AWS Gov Cloud, an incorrect URL was generated. + - | + Deleted discussions could potentially prevent a repository from being exported using the export API or `ghe-migrator`. + - | + During an import, missing assignee models caused incomplete imports of issues, pull requests, and their dependent models. + - | + When the GitHub Enterprise Server application attempted to create an Elasticsearch index that already existed but lacked a routing configuration, the operation failed. This resulted in a state where the index appeared to exist, but the application could not write documents to it. + - | + The security configuration page returned a 404 error when a user deleted a reviewer without first removing them as a bypass reviewer in the secret protection push protection settings. + - | + On instances where vulnerability alerts were not configured, server usage metrics did not upload as expected. + - | + For instances with secret scanning disabled through `ghe-config`, navigating to the "Risk" page on the "Security" tab for the organization or enterprise level, resulted in a 500 error. + - | + Instances using Azure for migration API storage without a proxy configured could not export migration archives because the system incorrectly attempted to route requests through a proxy. + - | + When administrators downloaded large Advanced Security committer CSV files, the operation would fail due to insufficient timeout settings. The timeout duration has been increased to ensure successful downloads. + - | + The "Grouped security updates" button was not being displayed in the Dependabot settings at the organization and repository levels. + - | + Actions workflows were not able to access up to 1,000 organization variables when the total size of all variables was under 10 MB. + - | + Fetches from repository caches returned a "Repository not found" error when the cache is out of sync. + - | + Secret scanning alerts would sometimes incorrectly identify the location of a secret in a file after a custom pattern was edited. + changes: + - | + Support tools now redact proxy credentials from their outputs in the admin terminal during connectivity checks. + - | + Live updates to the GitHub site were sometimes blocked by per-IP address rate limits, especially in environments where users access the GitHub Enterprise Server instance through a proxy. + - | + Merging a pull request using the "Rebase and merge" option is now limited to 100 commits. If you have a pull request with more than 100 commits, you can create a merge commit, or squash and merge, or split the commits into multiple pull requests. + closing_down: + - | + Microsoft Exchange Online is retiring SMTP basic authentication in September 2025. If your GitHub Enterprise Server instance uses this method to send email, delivery may fail after the retirement date. Microsoft recommends switching to a supported alternative. As another option, you may consider using an SMTP OAuth proxy such as [email-oauth2-proxy](https://github.com/simonrob/email-oauth2-proxy), though this is not officially supported. For details and configuration guidance, see the [Microsoft announcement](https://techcommunity.microsoft.com/blog/exchange/exchange-online-to-retire-basic-auth-for-client-submission-smtp-auth/4114750) and the proxy’s [documentation](https://github.com/simonrob/email-oauth2-proxy/blob/main/emailproxy.config). + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following instructions for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), the step that includes running `ghe-cluster-config-apply` might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running `ghe-cluster-config-apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. The reindexing can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new GHES cluster, nodes with the `consul-server` role should be added to the cluster before adding more nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Administrators setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + In a cluster, the host running restore requires access the storage nodes via their private IPs. + - | + On an instance hosted on Azure, commenting on an issue via email meant the comment was not added to the issue. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. + - | + Repository cache replicas return `Repository not found` when changes have been pushed to the primary instance that have not yet synchronized to the cache replica. This issue can also occur in all previous patches of this release.