зеркало из https://github.com/github/docs.git
New translation batch for cn (#32291)
This commit is contained in:
docubot
GitHub
Родитель
02601679da
Коммит
e43029a06a
|
|
@ -217,6 +217,129 @@ translations/zh-CN/content/sponsors/receiving-sponsorships-through-github-sponso
|
|||
translations/zh-CN/data/glossaries/internal.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/graphql/ghes-3.1/graphql_previews.enterprise.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/graphql/ghes-3.2/graphql_previews.enterprise.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/0.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/1.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/10.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/11.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/12.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/13.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/14.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/16.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/17.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/18.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/19.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/2.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/20.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/21.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/22.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/23.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/24.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/3.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/4.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/5.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/6.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/7.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/8.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/9.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/0.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/1.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/10.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/11.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/12.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/13.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/14.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/15.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/16.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/18.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/19.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/2.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/20.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/21.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/22.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/23.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/3.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/4.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/5.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/7.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/8.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/9.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/10.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/11.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/12.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/13.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/14.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/15.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/16.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/17.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/18.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/19.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/20.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/21.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/22.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/4.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/5.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/6.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/0-rc1.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/0-rc2.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/10.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/11.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/12.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/13.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/14.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/15.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/16.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/17.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/18.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/19.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/20.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/21.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/22.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/23.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/24.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/25.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/4.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/5.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/6.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/7.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/8.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/9.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/0-rc1.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/10.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/11.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/12.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/13.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/14.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/15.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/16.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/17.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/18.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/19.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/20.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/21.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/22.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/3.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/5.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/6.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/7.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/8.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/9.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/1.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/10.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/11.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/12.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/13.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/14.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/15.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/16.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/18.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/2.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/3.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/4.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/5.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/6.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/7.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/8.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/9.yml,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/reusables/actions/hardware-requirements-3.6.md,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/reusables/actions/link-to-example-library.md,file deleted because it no longer exists in main
|
||||
translations/zh-CN/data/reusables/actions/perform-blob-storage-precheck.md,file deleted because it no longer exists in main
|
||||
|
|
@ -520,7 +643,6 @@ translations/zh-CN/content/admin/user-management/migrating-data-to-and-from-your
|
|||
translations/zh-CN/content/admin/user-management/migrating-data-to-and-from-your-enterprise/migrating-data-to-your-enterprise.md,broken liquid tags
|
||||
translations/zh-CN/content/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on.md,rendering error
|
||||
translations/zh-CN/content/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on.md,rendering error
|
||||
translations/zh-CN/content/authentication/connecting-to-github-with-ssh/about-ssh.md,broken liquid tags
|
||||
translations/zh-CN/content/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account.md,rendering error
|
||||
translations/zh-CN/content/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys.md,rendering error
|
||||
translations/zh-CN/content/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md,rendering error
|
||||
|
|
@ -543,7 +665,6 @@ translations/zh-CN/content/authentication/managing-commit-signature-verification
|
|||
translations/zh-CN/content/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key.md,broken liquid tags
|
||||
translations/zh-CN/content/authentication/managing-commit-signature-verification/displaying-verification-statuses-for-all-of-your-commits.md,rendering error
|
||||
translations/zh-CN/content/authentication/managing-commit-signature-verification/index.md,broken liquid tags
|
||||
translations/zh-CN/content/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key.md,broken liquid tags
|
||||
translations/zh-CN/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md,broken liquid tags
|
||||
translations/zh-CN/content/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md,broken liquid tags
|
||||
translations/zh-CN/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md,rendering error
|
||||
|
|
@ -814,6 +935,7 @@ translations/zh-CN/content/organizations/managing-organization-settings/managing
|
|||
translations/zh-CN/content/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization.md,rendering error
|
||||
translations/zh-CN/content/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization.md,broken liquid tags
|
||||
translations/zh-CN/content/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators.md,rendering error
|
||||
translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization.md,broken liquid tags
|
||||
translations/zh-CN/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md,rendering error
|
||||
translations/zh-CN/content/organizations/managing-saml-single-sign-on-for-your-organization/configuring-saml-single-sign-on-and-scim-using-okta.md,broken liquid tags
|
||||
translations/zh-CN/content/organizations/organizing-members-into-teams/about-teams.md,broken liquid tags
|
||||
|
|
@ -894,7 +1016,6 @@ translations/zh-CN/content/repositories/releasing-projects-on-github/comparing-r
|
|||
translations/zh-CN/content/repositories/releasing-projects-on-github/linking-to-releases.md,rendering error
|
||||
translations/zh-CN/content/repositories/releasing-projects-on-github/managing-releases-in-a-repository.md,rendering error
|
||||
translations/zh-CN/content/repositories/working-with-files/managing-files/adding-a-file-to-a-repository.md,broken liquid tags
|
||||
translations/zh-CN/content/repositories/working-with-files/managing-large-files/about-git-large-file-storage.md,broken liquid tags
|
||||
translations/zh-CN/content/repositories/working-with-files/managing-large-files/about-large-files-on-github.md,broken liquid tags
|
||||
translations/zh-CN/content/repositories/working-with-files/using-files/getting-permanent-links-to-files.md,broken liquid tags
|
||||
translations/zh-CN/content/repositories/working-with-files/using-files/working-with-non-code-files.md,rendering error
|
||||
|
|
@ -948,29 +1069,6 @@ translations/zh-CN/data/glossaries/external.yml,broken liquid tags
|
|||
translations/zh-CN/data/learning-tracks/actions.yml,broken liquid tags
|
||||
translations/zh-CN/data/learning-tracks/admin.yml,broken liquid tags
|
||||
translations/zh-CN/data/learning-tracks/code-security.yml,broken liquid tags
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-20/15.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/17.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-21/6.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/0.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/1.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/2.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/22.yml,broken liquid tags
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/3.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/7.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/8.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/2-22/9.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/0.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/1.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/2.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-0/3.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/0-rc1.yml,broken liquid tags
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/0.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/1.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/2.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-1/4.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/0-rc1.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/0.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-2/17.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-3/0-rc1.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-3/0.yml,rendering error
|
||||
translations/zh-CN/data/release-notes/enterprise-server/3-3/12.yml,rendering error
|
||||
|
|
|
|||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
title: About SSH
|
||||
intro: 'Using the SSH protocol, you can connect and authenticate to remote servers and services. With SSH keys, you can connect to {% data variables.product.product_name %} without supplying your username and {% data variables.product.pat_generic %} at each visit.{% ifversion ssh-commit-verification %} You can also use an SSH key to sign commits.{% endif %}'
|
||||
title: 关于 SSH
|
||||
intro: '使用 SSH 协议可以连接远程服务器和服务并向它们验证。 利用 SSH 密钥可以连接到 {% data variables.product.product_name %},而无需在每次访问时都提供用户名和 {% data variables.product.pat_generic %}。{% ifversion ssh-commit-verification %}还可以使用 SSH 密钥对提交进行签名。{% endif %}'
|
||||
redirect_from:
|
||||
- /articles/about-ssh
|
||||
- /github/authenticating-to-github/about-ssh
|
||||
|
|
@ -12,27 +12,29 @@ versions:
|
|||
ghec: '*'
|
||||
topics:
|
||||
- SSH
|
||||
ms.openlocfilehash: 51a72821217e5d47092ed77e923b38f4cf248010
|
||||
ms.sourcegitcommit: a0ad3bfe2a99c3092e76ca9b3d476cf30988ca55
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: zh-CN
|
||||
ms.lasthandoff: 10/28/2022
|
||||
ms.locfileid: '148118977'
|
||||
---
|
||||
{% data reusables.ssh.about-ssh %} 有关 SSH 的详细信息,请参阅 Wikipedia 上的[安全外壳](https://en.wikipedia.org/wiki/Secure_Shell)。
|
||||
|
||||
{% data reusables.ssh.about-ssh %} For more information about SSH, see [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell) on Wikipedia.
|
||||
设置 SSH 时,需要生成新的 SSH 私钥并将其添加到 SSH 代理中。 使用密钥进行身份验证{% ifversion ssh-commit-verification %}或对提交进行签名{% endif %}之前,还必须将 SSH 公钥添加到 {% data variables.product.product_name %} 上的帐户中。 有关详细信息,请参阅“[生成新的 SSH 密钥并将其添加到 ssh-agent](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)”{% ifversion ssh-commit-verification %}、{% else %}和{% endif %}“[将新的 SSH 密钥添加到 {% data variables.product.prodname_dotcom %} 帐户](/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account)”{% ifversion ssh-commit-verification %}和“[关于提交签名验证](/articles/about-commit-signature-verification){% endif %}”。
|
||||
|
||||
When you set up SSH, you will need to generate a new private SSH key and add it to the SSH agent. You must also add the public SSH key to your account on {% data variables.product.product_name %} before you use the key to authenticate{% ifversion ssh-commit-verification %} or sign commits{% endif %}. For more information, see "[Generating a new SSH key and adding it to the ssh-agent](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)"{% ifversion ssh-commit-verification %}, {% else %} and{% endif %} "[Adding a new SSH key to your {% data variables.product.prodname_dotcom %} account](/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account){% ifversion ssh-commit-verification %}" and "[About commit signature verification](/articles/about-commit-signature-verification){% endif %}."
|
||||
您可以使用硬件安全密钥来进一步保护 SSH 密钥,当密钥对用于通过 SSH 进行身份验证时,需要将物理硬件安全密钥附加到计算机上。 您还可以通过将密钥添加到 ssh 代理并使用密码来保护您的 SSH 密钥。 有关详细信息,请参阅“[使用 SSH 密钥密码](/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases)”。
|
||||
|
||||
You can further secure your SSH key by using a hardware security key, which requires the physical hardware security key to be attached to your computer when the key pair is used to authenticate with SSH. You can also secure your SSH key by adding your key to the ssh-agent and using a passphrase. For more information, see "[Working with SSH key passphrases](/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases)."
|
||||
{% ifversion fpt or ghec %}若要将 SSH 密钥与使用 SAML 单一登录的组织拥有的存储库一起使用,必须授权该密钥。 有关详细信息,请参阅 {% data variables.product.prodname_ghe_cloud %} 文档中的“[授权 SSH 密钥用于 SAML 单一登录](/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on){% ifversion fpt %}”。{% else %}."{% endif %}{% endif %}
|
||||
|
||||
{% ifversion fpt or ghec %}To use your SSH key with a repository owned by an organization that uses SAML single sign-on, you must authorize the key. For more information, see "[Authorizing an SSH key for use with SAML single sign-on](/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}{% endif %}
|
||||
为了保持帐户安全,您可以定期检查您的 SSH 密钥列表,并撤销任何无效或已泄漏的密钥。 有关详细信息,请参阅“[查看 SSH 密钥](/github/authenticating-to-github/reviewing-your-ssh-keys)”。
|
||||
|
||||
To maintain account security, you can regularly review your SSH keys list and revoke any keys that are invalid or have been compromised. For more information, see "[Reviewing your SSH keys](/github/authenticating-to-github/reviewing-your-ssh-keys)."
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
If you haven't used your SSH key for a year, then {% data variables.product.prodname_dotcom %} will automatically delete your inactive SSH key as a security precaution. For more information, see "[Deleted or missing SSH keys](/articles/deleted-or-missing-ssh-keys)."
|
||||
{% ifversion fpt or ghec %} 如果一年没有使用 SSH 密钥,则作为安全预防措施,{% data variables.product.prodname_dotcom %} 将自动删除你的非活动 SSH 密钥。 有关详细信息,请参阅“[已删除或缺少的 SSH 密钥](/articles/deleted-or-missing-ssh-keys)”。
|
||||
{% endif %}
|
||||
|
||||
{% ifversion fpt %}
|
||||
Organizations that use {% data variables.product.prodname_ghe_cloud %} can provide SSH certificates, which members can use to access that organization's repositories without adding the certificate to their account on {% data variables.product.product_name %}. If you're using an SSH certificate, you cannot use the certificate to access forks of the organization's repositories, if the fork is owned by your personal account. For more information, see "[About SSH certificate authorities](/enterprise-cloud@latest/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
|
||||
{% else ghec or ghes or ghae %}
|
||||
If you're a member of an organization that provides SSH certificates, you can use your certificate to access that organization's repositories without adding the certificate to your account on {% data variables.product.product_name %}. You cannot use your certificate to access forks of the organization's repositories, if the forks is owned by your personal account. For more information, see "[About SSH certificate authorities](/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities)."
|
||||
{% ifversion fpt %} 使用 {% data variables.product.prodname_ghe_cloud %} 的组织可以提供 SSH 证书,成员可以使用该证书访问组织的存储库,而无需将其添加到他们在 {% data variables.product.product_name %} 上的帐户。 如果使用 SSH 证书,当分支为个人帐户所有时,将无法使用该证书访问组织存储库的分支。 有关详细信息,请参阅 {% data variables.product.prodname_ghe_cloud %} 文档中的“[关于 SSH 证书颁发机构](/enterprise-cloud@latest/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities)”。
|
||||
{% else ghec or ghes or ghae %} 如果你是提供 SSH 证书的组织成员,可以使用证书来访问组织的存储库,而无需添加证书到你在 {% data variables.product.product_name %} 上的帐户。 当分支为个人帐户所有时,将无法使用该证书访问组织存储库的分支。 有关详细信息,请参阅“[关于 SSH 证书颁发机构](/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities)”。
|
||||
{% endif %}
|
||||
## Further reading
|
||||
## 延伸阅读
|
||||
|
||||
- "[Troubleshooting SSH](/articles/troubleshooting-ssh)"
|
||||
- [SSH 故障排除](/articles/troubleshooting-ssh)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
title: Telling Git about your signing key
|
||||
intro: 'To sign commits locally, you need to inform Git that there''s a GPG{% ifversion ssh-commit-verification %}, SSH,{% endif %} or X.509 key you''d like to use.'
|
||||
title: 将您的签名密钥告知 Git
|
||||
intro: '要在本地对提交进行签名,需要向 Git 通知你要使用的 GPG{% ifversion ssh-commit-verification %}、SSH{% endif %} 或 X.509 密钥。'
|
||||
redirect_from:
|
||||
- /articles/telling-git-about-your-gpg-key
|
||||
- /articles/telling-git-about-your-signing-key
|
||||
|
|
@ -15,38 +15,39 @@ topics:
|
|||
- Identity
|
||||
- Access management
|
||||
shortTitle: Tell Git your signing key
|
||||
ms.openlocfilehash: e78306bb1519f2b7f51ab6bc039bff0b982e48cf
|
||||
ms.sourcegitcommit: a0ad3bfe2a99c3092e76ca9b3d476cf30988ca55
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: zh-CN
|
||||
ms.lasthandoff: 10/28/2022
|
||||
ms.locfileid: '148118993'
|
||||
---
|
||||
{% mac %}
|
||||
|
||||
## Telling Git about your GPG key
|
||||
## 将您的 GPG 密钥告知 Git
|
||||
|
||||
If you're using a GPG key that matches your committer identity and your verified email address associated with your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.location.product_location %}{% endif %}, then you can begin signing commits and signing tags.
|
||||
如果您使用与您的提交者身份以及 {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.location.product_location %}{% endif %} 上帐户关联的已验证电子邮件地址相匹配的 GPG 密钥,则可以开始对提交和标签进行签名。
|
||||
|
||||
{% note %}
|
||||
|
||||
If you don't have a GPG key that matches your committer identity, you need to associate an email with an existing key. For more information, see "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)".
|
||||
如果您没有与提交者身份匹配的 GPG 密钥,则需要将电子邮件与现有密钥关联。 有关详细信息,请参阅“[将电子邮件与 GPG 密钥关联](/articles/associating-an-email-with-your-gpg-key)”。
|
||||
|
||||
{% endnote %}
|
||||
|
||||
If you have multiple GPG keys, you need to tell Git which one to use.
|
||||
如果您有多个 GPG 密钥,则需要告知 Git 要使用哪一个。
|
||||
|
||||
{% data reusables.command_line.open_the_multi_os_terminal %}
|
||||
{% data reusables.gpg.configure-gpg-signing %}
|
||||
{% data reusables.gpg.list-keys-with-note %}
|
||||
{% data reusables.gpg.copy-gpg-key-id %}
|
||||
{% data reusables.gpg.paste-gpg-key-id %}
|
||||
{% data reusables.gpg.set-auto-sign %}
|
||||
1. If you aren't using the GPG suite, run the following command in the `zsh` shell to add the GPG key to your `.zshrc` file, if it exists, or your `.zprofile` file:
|
||||
{% data reusables.command_line.open_the_multi_os_terminal %} {% data reusables.gpg.configure-gpg-signing %} {% data reusables.gpg.list-keys-with-note %} {% data reusables.gpg.copy-gpg-key-id %} {% data reusables.gpg.paste-gpg-key-id %} {% data reusables.gpg.set-auto-sign %}
|
||||
1. 如果没有使用 GPG 套件,请在 `zsh` shell 中运行以下命令,将 GPG 密钥添加到 `.zshrc` 文件(如果存在)或 `.zprofile` 文件:
|
||||
```shell
|
||||
$ if [ -r ~/.zshrc ]; then echo 'export GPG_TTY=$(tty)' >> ~/.zshrc; \
|
||||
else echo 'export GPG_TTY=$(tty)' >> ~/.zprofile; fi
|
||||
```
|
||||
Alternatively, if you use the `bash` shell, run this command:
|
||||
或者,如果使用 `bash` shell,请运行以下命令:
|
||||
```shell
|
||||
$ if [ -r ~/.bash_profile ]; then echo 'export GPG_TTY=$(tty)' >> ~/.bash_profile; \
|
||||
else echo 'export GPG_TTY=$(tty)' >> ~/.profile; fi
|
||||
```
|
||||
1. Optionally, to prompt you to enter a PIN or passphrase when required, install `pinentry-mac`. For example, using [Homebrew](https://brew.sh/):
|
||||
1. (可选)若要在需要时提示你输入 PIN 或密码,请安装 `pinentry-mac`。 例如,使用 [Homebrew](https://brew.sh/):
|
||||
```shell
|
||||
$ brew install pinentry-mac
|
||||
$ echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
|
||||
|
|
@ -57,70 +58,56 @@ If you have multiple GPG keys, you need to tell Git which one to use.
|
|||
|
||||
{% windows %}
|
||||
|
||||
## Telling Git about your GPG key
|
||||
## 将您的 GPG 密钥告知 Git
|
||||
|
||||
If you're using a GPG key that matches your committer identity and your verified email address associated with your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.location.product_location %}{% endif %}, then you can begin signing commits and signing tags.
|
||||
如果您使用与您的提交者身份以及 {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.location.product_location %}{% endif %} 上帐户关联的已验证电子邮件地址相匹配的 GPG 密钥,则可以开始对提交和标签进行签名。
|
||||
|
||||
{% note %}
|
||||
|
||||
If you don't have a GPG key that matches your committer identity, you need to associate an email with an existing key. For more information, see "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)".
|
||||
如果您没有与提交者身份匹配的 GPG 密钥,则需要将电子邮件与现有密钥关联。 有关详细信息,请参阅“[将电子邮件与 GPG 密钥关联](/articles/associating-an-email-with-your-gpg-key)”。
|
||||
|
||||
{% endnote %}
|
||||
|
||||
If you have multiple GPG keys, you need to tell Git which one to use.
|
||||
如果您有多个 GPG 密钥,则需要告知 Git 要使用哪一个。
|
||||
|
||||
{% data reusables.command_line.open_the_multi_os_terminal %}
|
||||
{% data reusables.gpg.configure-gpg-signing %}
|
||||
{% data reusables.gpg.list-keys-with-note %}
|
||||
{% data reusables.gpg.copy-gpg-key-id %}
|
||||
{% data reusables.gpg.paste-gpg-key-id %}
|
||||
{% data reusables.gpg.set-auto-sign %}
|
||||
{% data reusables.command_line.open_the_multi_os_terminal %} {% data reusables.gpg.configure-gpg-signing %} {% data reusables.gpg.list-keys-with-note %} {% data reusables.gpg.copy-gpg-key-id %} {% data reusables.gpg.paste-gpg-key-id %} {% data reusables.gpg.set-auto-sign %}
|
||||
|
||||
{% endwindows %}
|
||||
|
||||
{% linux %}
|
||||
|
||||
## Telling Git about your GPG key
|
||||
## 将您的 GPG 密钥告知 Git
|
||||
|
||||
If you're using a GPG key that matches your committer identity and your verified email address associated with your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.location.product_location %}{% endif %}, then you can begin signing commits and signing tags.
|
||||
如果您使用与您的提交者身份以及 {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.location.product_location %}{% endif %} 上帐户关联的已验证电子邮件地址相匹配的 GPG 密钥,则可以开始对提交和标签进行签名。
|
||||
|
||||
{% note %}
|
||||
|
||||
If you don't have a GPG key that matches your committer identity, you need to associate an email with an existing key. For more information, see "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)".
|
||||
如果您没有与提交者身份匹配的 GPG 密钥,则需要将电子邮件与现有密钥关联。 有关详细信息,请参阅“[将电子邮件与 GPG 密钥关联](/articles/associating-an-email-with-your-gpg-key)”。
|
||||
|
||||
{% endnote %}
|
||||
|
||||
If you have multiple GPG keys, you need to tell Git which one to use.
|
||||
如果您有多个 GPG 密钥,则需要告知 Git 要使用哪一个。
|
||||
|
||||
{% data reusables.command_line.open_the_multi_os_terminal %}
|
||||
{% data reusables.gpg.configure-gpg-signing %}
|
||||
{% data reusables.gpg.list-keys-with-note %}
|
||||
{% data reusables.gpg.copy-gpg-key-id %}
|
||||
{% data reusables.gpg.paste-gpg-key-id %}
|
||||
{% data reusables.gpg.set-auto-sign %}
|
||||
1. To add your GPG key to your `.bashrc` startup file, run the following command:
|
||||
{% data reusables.command_line.open_the_multi_os_terminal %} {% data reusables.gpg.configure-gpg-signing %} {% data reusables.gpg.list-keys-with-note %} {% data reusables.gpg.copy-gpg-key-id %} {% data reusables.gpg.paste-gpg-key-id %} {% data reusables.gpg.set-auto-sign %}
|
||||
1. 若要将 GPG 密钥添加到 `.bashrc` 启动文件,请运行以下命令:
|
||||
```bash
|
||||
$ [ -f ~/.bashrc ] && echo 'export GPG_TTY=$(tty)' >> ~/.bashrc
|
||||
```
|
||||
{% endlinux %}
|
||||
{% ifversion ssh-commit-verification %}
|
||||
{% endlinux %} {% ifversion ssh-commit-verification %}
|
||||
|
||||
## Telling Git about your SSH key
|
||||
## 将 SSH 密钥告知 Git
|
||||
|
||||
You can use an existing SSH key to sign commits and tags, or generate a new one specifically for signing. For more information, see "[Generating a new SSH key and adding it to the ssh-agent](/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)."
|
||||
可以使用现有 SSH 密钥对提交和标记进行签名,或生成专用于签名的新密钥。 有关详细信息,请参阅“[生成新的 SSH 密钥并将其添加到 ssh-agent](/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)”。
|
||||
|
||||
{% data reusables.gpg.ssh-git-version %}
|
||||
|
||||
{% data reusables.command_line.open_the_multi_os_terminal %}
|
||||
{% data reusables.gpg.configure-ssh-signing %}
|
||||
{% data reusables.gpg.copy-ssh-public-key %}
|
||||
{% data reusables.gpg.paste-ssh-public-key %}
|
||||
{% data reusables.command_line.open_the_multi_os_terminal %} {% data reusables.gpg.configure-ssh-signing %} {% data reusables.gpg.copy-ssh-public-key %} {% data reusables.gpg.paste-ssh-public-key %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% data reusables.gpg.x-509-key %}
|
||||
## Further reading
|
||||
## 延伸阅读
|
||||
|
||||
- "[Adding a new SSH key to your GitHub account](/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account)."
|
||||
- "[Signing commits](/articles/signing-commits)"
|
||||
- "[Signing tags](/articles/signing-tags)"
|
||||
- “[为 GitHub 帐户添加新的 SSH 密钥](/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account)”。
|
||||
- [对提交签名](/articles/signing-commits)
|
||||
- [对标记签名](/articles/signing-tags)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,94 @@
|
|||
---
|
||||
title: 编写存储库安全公告的最佳做法
|
||||
intro: 在创建或编辑安全公告时,使用标准格式指定生态系统、包名称和受影响的版本后,更易于其他用户理解你提供的信息。
|
||||
versions:
|
||||
fpt: '*'
|
||||
ghec: '*'
|
||||
type: how_to
|
||||
miniTocMaxHeadingLevel: 3
|
||||
topics:
|
||||
- Security advisories
|
||||
- Vulnerabilities
|
||||
shortTitle: Best practices
|
||||
redirect_from:
|
||||
- /code-security/repository-security-advisories/best-practices-for-writing-repository-security-advisories
|
||||
ms.openlocfilehash: af1ab76e13f44f5b319cd560e1ae0aa3081742dc
|
||||
ms.sourcegitcommit: 27882d9b3f19979c817c25952a2fb4dc4c6f0a65
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: zh-CN
|
||||
ms.lasthandoff: 10/27/2022
|
||||
ms.locfileid: '148114003'
|
||||
---
|
||||
任何对存储库有管理员权限的人都可以创建和编辑安全公告。
|
||||
|
||||
{% data reusables.security-advisory.security-researcher-cannot-create-advisory %}
|
||||
|
||||
## 有关存储库的安全公告
|
||||
|
||||
{% data reusables.security-advisory.security-advisory-overview %} 有关详细信息,请参阅“[关于存储库安全公告](/code-security/repository-security-advisories/about-github-security-advisories-for-repositories)”。
|
||||
|
||||
## 最佳实践
|
||||
|
||||
编写存储库安全公告或为全局安全公告做出社区贡献时,建议采用 {% data variables.product.prodname_advisory_database %} 中使用的语法,尤其是版本格式设置。
|
||||
|
||||
如果按照 {% data variables.product.prodname_advisory_database %} 的语法,尤其是对受影响的版本进行定义时:
|
||||
- 发布存储库公告时,可以将公告添加到 {% data variables.product.prodname_advisory_database %} 作为“{% data variables.product.company_short %}-已审核”公告,而无需请求更多信息。
|
||||
- {% data variables.product.prodname_dependabot %} 将提供信息来准确识别受影响的存储库,并向其发送 {% data variables.product.prodname_dependabot_alerts %} 以通知它们。
|
||||
- 社区成员不太可能建议通过编辑公告来修复缺失或不正确的信息。
|
||||
|
||||
使用“草稿安全公告”表单添加或编辑存储库公告。 有关详细信息,请参阅“[创建存储库安全公告](/code-security/repository-security-advisories/creating-a-repository-security-advisory)”。
|
||||
|
||||
建议使用“改进安全公告”表单,完善现有全局公告。 有关详细信息,请参阅“[在 {% data variables.product.prodname_advisory_database %} 中编辑安全公告](/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database)”。
|
||||
|
||||
### 生态系统
|
||||
|
||||
需要使用“生态系统”字段将公告分配给受支持的生态系统之一。 有关我们支持的生态系统的详细信息,请参阅“[在 {% data variables.product.prodname_advisory_database %} 中浏览安全公告](/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database#github-reviewed-advisories)”。
|
||||
|
||||
|
||||
|
||||
### 包名称
|
||||
|
||||
建议使用“包名称”字段指定受影响的包,因为 {% data variables.product.prodname_advisory_database %} 中的“{% data variables.product.company_short %}-已审核”公告需要包信息。 包信息对于存储库级安全公告是可选的,但在发布安全公告时尽早包含此信息可简化审核过程。
|
||||
|
||||
|
||||
|
||||
### 受影响版本
|
||||
|
||||
建议使用“受影响的版本”字段指定受影响的版本,因为 {% data variables.product.prodname_advisory_database %} 中的“{% data variables.product.company_short %}-已审核”公告在需要此信息。 版本信息对于存储库级安全公告是可选的,但在发布安全公告时尽早包含此信息可简化审核过程。
|
||||
|
||||
|
||||
|
||||
- 有效的受影响的版本字符串包含以下内容之一:
|
||||
- 下限运算符序列。
|
||||
- 上限运算符序列。
|
||||
- 上限运算符序列和下限运算符序列。
|
||||
- 使用相等 (`=`) 运算符的特定版本序列。
|
||||
- 每个运算符序列都必须指定为运算符、单个空格,以及版本。
|
||||
- 有效运算符包括 `=`、`<`、`<=`、`>` 或 `>=`。
|
||||
- 版本必须以数字开头,其后为任意数量的数字、字母、点、短破折号或下划线字符(空格或逗号以外的任何内容)
|
||||
- 同时指定上限序列和下限序列后,下限必须先出现,其后为逗号和一个空格,然后是上限。
|
||||
{% note %}
|
||||
|
||||
注意:受影响的版本字符串不能包含前导空格或尾随空格。
|
||||
|
||||
{% endnote %}
|
||||
|
||||
- 上限运算符可以是非独占运算符或独占运算符,即分别是 `<=` 或 `<`。
|
||||
- 下限运算符可以是非独占运算符或独占运算符,即分别是 `>=` 或 `>`。 但是,如果你发布存储库公告,而我们将你的存储库公告升级为全局公告后,则会应用不同的规则:下限运算符只能是非独占的,即 `>=`。仅当版本为 `0` 时才能是独占下限运算符 (`>`),如 `> 0`。
|
||||
|
||||
{% note %}
|
||||
|
||||
注意:下限限制:
|
||||
- 是因为与 OSV(开放源代码漏洞)架构不兼容。
|
||||
- 仅在对 {% data variables.product.prodname_advisory_database %} 中的现有公告提出建议时才适用。
|
||||
|
||||
{% endnote %}
|
||||
|
||||
- 不能在同一字段中指定多个受影响的版本范围,例如 `> 2.0, < 2.3, > 3.0, < 3.2`。若要指定多个范围,必须通过单击“+ 添加另一个受影响的产品”按钮,为每个范围创建新的“受影响的产品”部分 。
|
||||
|
||||
|
||||
- 如果受影响的版本范围仅包含单个上限或下限:
|
||||
- 如果未显式指定下限,那么隐式值始终为 `> 0`。
|
||||
- 如果未显式指定上限,则隐式值始终为无穷大。
|
||||
|
||||
有关 {% data variables.product.prodname_advisory_database %} 的详细信息,请参阅 [https://github.com/github/advisory-database](https://github.com/github/advisory-database)。
|
||||
|
|
@ -48,7 +48,7 @@ Yes, the dependency graph has two categories of limits:
|
|||
|
||||
Manifests over 0.5 MB in size are only processed for enterprise accounts. For other accounts, manifests over 0.5 MB are ignored and will not create {% data variables.product.prodname_dependabot_alerts %}.
|
||||
|
||||
By default, {% data variables.product.prodname_dotcom %} will not process more than 20 manifests per repository. {% data variables.product.prodname_dependabot_alerts %} are not created for manifests beyond this limit. If you need to increase the limit, contact {% data variables.contact.contact_support %}.
|
||||
By default, {% data variables.product.prodname_dotcom %} will not process more than {% ifversion fpt %}150{% else %}600{% endif %} manifests per repository. {% data variables.product.prodname_dependabot_alerts %} are not created for manifests beyond this limit. If you need to increase the limit, contact {% data variables.contact.contact_support %}.
|
||||
|
||||
2. **Visualization limits**
|
||||
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@ When a student opens an assignment, the repository's README file includes their
|
|||
|
||||
|
||||
|
||||
Students can launch a new or existing codespace by clicking the **{% octicon "code" aria-label="The code icon" %} Code** button on the main page of the assignment repository, then selecting the **Codespaces** tab. For more information, see "[Creating a codespace](/codespaces/developing-in-codespaces/creating-a-codespace#creating-a-codespace)."
|
||||
Students can launch a new or existing codespace by clicking the **Open in GitHub Codespace** button in the README, or by clicking the **{% octicon "code" aria-label="The code icon" %} Code** button on the main page of the assignment repository, then selecting the **Codespaces** tab. From the **Codespaces** tab you can select an existing codespace or create a new one. For more information, see "[Creating a codespace](/codespaces/developing-in-codespaces/creating-a-codespace#creating-a-codespace)."
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -34,12 +34,12 @@ You can use the `git remote add` command to match a remote URL with a name.
|
|||
For example, you'd type the following in the command line:
|
||||
|
||||
```shell
|
||||
git remote add origin <REMOTE_URL>
|
||||
git remote add origin <REMOTE_URL>
|
||||
```
|
||||
|
||||
This associates the name `origin` with the `REMOTE_URL`.
|
||||
|
||||
You can use the command `git remote set-url` to [change a remote's URL](/github/getting-started-with-github/managing-remote-repositories).
|
||||
You can use the command `git remote set-url` to [change a remote's URL](/get-started/getting-started-with-git/managing-remote-repositories).
|
||||
|
||||
## Choosing a URL for your remote repository
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ There are several ways to clone repositories available on {% data variables.loca
|
|||
|
||||
When you view a repository while signed in to your account, the URLs you can use to clone the project onto your computer are available below the repository details.
|
||||
|
||||
For information on setting or changing your remote URL, see "[Managing remote repositories](/github/getting-started-with-github/managing-remote-repositories)."
|
||||
For information on setting or changing your remote URL, see "[Managing remote repositories](/get-started/getting-started-with-git/managing-remote-repositories)."
|
||||
|
||||
## Cloning with HTTPS URLs
|
||||
|
||||
|
|
|
|||
|
|
@ -15,8 +15,9 @@ topics:
|
|||
- Teams
|
||||
children:
|
||||
- /roles-in-an-organization
|
||||
- /maintaining-ownership-continuity-for-your-organization
|
||||
- /about-custom-repository-roles
|
||||
- /managing-custom-repository-roles-for-an-organization
|
||||
- /maintaining-ownership-continuity-for-your-organization
|
||||
- /adding-a-billing-manager-to-your-organization
|
||||
- /removing-a-billing-manager-from-your-organization
|
||||
- /managing-security-managers-in-your-organization
|
||||
|
|
|
|||
|
|
@ -1,176 +1,67 @@
|
|||
---
|
||||
title: 管理组织的自定义存储库角色
|
||||
intro: 通过创建自定义存储库角色,可以更精细地控制对组织存储库的访问。
|
||||
title: Managing custom repository roles for an organization
|
||||
intro: You can create, edit, or delete custom repository roles for your organization.
|
||||
permissions: Organization owners can manage custom repository roles.
|
||||
versions:
|
||||
feature: custom-repository-roles
|
||||
topics:
|
||||
- Organizations
|
||||
- Teams
|
||||
shortTitle: Custom repository roles
|
||||
shortTitle: Manage custom roles
|
||||
redirect_from:
|
||||
- /early-access/github/articles/managing-custom-repository-roles-for-an-organization
|
||||
ms.openlocfilehash: e37e7822abc378cd91fb719dd472edaf35af4465
|
||||
ms.sourcegitcommit: 478f2931167988096ae6478a257f492ecaa11794
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: zh-CN
|
||||
ms.lasthandoff: 09/09/2022
|
||||
ms.locfileid: '147858682'
|
||||
---
|
||||
## 关于自定义存储库角色
|
||||
|
||||
要对 {% data variables.product.product_name %} 执行任何操作,例如在存储库中创建拉取请求或更改组织的计费设置,人员必须具有对相关帐户或资源的足够访问权限。 此访问由权限控制。 权限是执行特定操作的能力。 例如,删除问题的能力是一种权限。 角色是你可以分配给个人或团队的一组权限。
|
||||
{% data reusables.organizations.custom-repo-roles-ghec-only %}
|
||||
|
||||
在组织内,您可以在组织、团队和存储库级别分配角色。 有关不同级别角色的详细信息,请参阅“[组织中的角色](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization)”。
|
||||
## About custom repository roles
|
||||
|
||||
通过创建最多三个自定义存储库角色,可以更精细地控制在存储库级授予的权限。 自定义存储库角色是一组可配置的权限,具有您选择的自定义名称。 创建自定义角色后,对存储库具有管理员访问权限的任何人都可以将该角色分配给个人或团队。 有关详细信息,请参阅“[管理个人对组织存储库的访问](/organizations/managing-access-to-your-organizations-repositories/managing-an-individuals-access-to-an-organization-repository)”和“[管理团队对组织存储库的访问](/organizations/managing-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)。”
|
||||
{% data reusables.organizations.about-custom-repo-roles %} For more information, see "[About custom repository roles](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-repository-roles)."
|
||||
|
||||
{% ifversion custom-repo-role-api %}
|
||||
## Creating a repository role
|
||||
|
||||
还可以使用 REST API 创建和管理自定义存储库角色。 有关详细信息,请参阅“[自定义存储库角色](/rest/orgs/custom-roles)。”
|
||||
To create a new repository role, you add permissions to an inherited role and give the custom role a name.
|
||||
|
||||
{% else %}
|
||||
{% data reusables.profile.access_profile %}
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.organizations.org_settings %}
|
||||
{% data reusables.organizations.org-list %}
|
||||
{% data reusables.organizations.org-settings-repository-roles %}
|
||||
5. Click **Create a Role**.
|
||||
|
||||
4. Under "Name", type the name of your repository role.
|
||||
|
||||
5. Under "Description", type a description of your repository role.
|
||||
|
||||
6. Under "Choose a role to inherit", select the role you want to inherit.
|
||||
|
||||
7. Under "Add Permissions", use the drop-down menu to select the permissions you want your custom role to include.
|
||||
|
||||
7. Click **Create role**.
|
||||
|
||||
|
||||
还可以使用 REST API 列出组织中可用的自定义存储库角色。 有关详细信息,请参阅“[自定义存储库角色 API](/rest/orgs/custom-roles)。”
|
||||
## Editing a repository role
|
||||
|
||||
{% endif %}
|
||||
{% data reusables.profile.access_profile %}
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.organizations.org_settings %}
|
||||
{% data reusables.organizations.org-list %}
|
||||
{% data reusables.organizations.org-settings-repository-roles %}
|
||||
3. To the right of the role you want to edit, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}, then click **Edit**.
|
||||
|
||||
4. Edit, then click **Update role**.
|
||||
|
||||
|
||||
## 关于继承的角色
|
||||
## Deleting a repository role
|
||||
|
||||
创建自定义存储库角色时,首先从一组预定义选项中选择继承的角色。 继承的角色确定自定义角色中包含的初始权限集。 然后,您可以通过选择其他权限来授予角色,从而进一步自定义角色。 有关可用权限的完整列表,请参阅“[自定义角色的其他权限](#additional-permissions-for-custom-roles)”。
|
||||
If you delete an existing repository role, all pending invitations, teams, and users with the custom role will be reassigned to the organization's base permissions.
|
||||
|
||||
继承角色的选项已针对存储库中不同类型的参与者进行了标准化。
|
||||
|
||||
| 继承的角色 | 用途 |
|
||||
|----|----|
|
||||
| **读取** | 想要查看或讨论项目的非代码参与者。 |
|
||||
| **会审** | 需要主动管理问题和在没有写入访问权限的情况下拉取请求的参与者。 |
|
||||
| **写入** | 积极推动项目的组织成员和协作者。 |
|
||||
| **维护** | 需要管理存储库而无法访问敏感或破坏性操作的项目经理。
|
||||
|
||||
## 自定义角色示例
|
||||
|
||||
以下是您可以配置的自定义存储库角色的一些示例。
|
||||
|
||||
| 自定义存储库角色 | 总结 | 继承的角色 | 其他权限 |
|
||||
|----|----|----|----|
|
||||
| 安全工程师 | 能够贡献代码并维护安全管道 | **维护** | 删除代码扫描结果 |
|
||||
| 承办商 | 能够开发 web 挂钩集成 | **写入** | 管理 web 挂钩 |
|
||||
| 社区经理 | 能够处理所有社区互动,而无需贡献代码 | **读取** | - 将问题标记为重复问题 <br> - 管理 GitHub 页面设置 <br> - 管理 Wiki 设置 <br> - 设置社交预览 <br> - 编辑存储库元数据 <br> - 会审讨论 |
|
||||
|
||||
## 自定义角色的其他权限
|
||||
|
||||
选择继承角色后,您可以为自定义角色选择其他权限。
|
||||
|
||||
仅当继承的角色中尚未包含其他权限时,才能选择该权限。 例如,如果继承的角色提供对存储库的写入访问权限,则“关闭拉取请求”权限将已包含在继承的角色中。
|
||||
|
||||
{% ifversion discussions %}
|
||||
### 讨论
|
||||
|
||||
- **创建讨论类别**:能够创建新的讨论类别。 有关详细信息,请参阅“[创建新的讨论类别](/discussions/managing-discussions-for-your-community/managing-categories-for-discussions#creating-a-category)”。
|
||||
- **编辑讨论类别**:能够编辑讨论类别。 有关详细信息,请参阅“[编辑讨论类别](/discussions/managing-discussions-for-your-community/managing-categories-for-discussions#editing-a-category)”。
|
||||
- **删除讨论类别**:能够删除讨论类别。 有关详细信息,请参阅“[删除讨论类别](/discussions/managing-discussions-for-your-community/managing-categories-for-discussions#deleting-a-category)”。
|
||||
- **标记或取消标记讨论答案**:如果讨论的类别可接受答案,则能够标记讨论的答案。 有关详细信息,请参阅“[将讨论中的评论标记或取消标记为答案](/discussions/managing-discussions-for-your-community/moderating-discussions#marking-a-comment-as-an-answer)”。
|
||||
- **隐藏或取消隐藏讨论评论**:能够在讨论中隐藏和取消隐藏评论。 有关详细信息,请参阅“[审查讨论](/communities/moderating-comments-and-conversations/managing-disruptive-comments#hiding-a-comment)”。
|
||||
- **将问题转换为讨论**:能够将问题转换为讨论。 有关详细信息,请参阅“[将问题转换为讨论](/discussions/managing-discussions-for-your-community/moderating-discussions#converting-an-issue-to-a-discussion)”。
|
||||
{% endif %}
|
||||
|
||||
### 议题和拉取请求
|
||||
|
||||
- **分配或删除用户**:将用户分配给问题或拉取请求,或从问题或拉取请求中删除用户。
|
||||
- **添加或删除标签**:向问题或拉取请求添加标签,或从问题或拉取请求中删除标签。
|
||||
|
||||
### 问题
|
||||
|
||||
- **关闭问题**
|
||||
- **重新打开已关闭的问题**
|
||||
- **删除问题**
|
||||
- **将问题标记为重复问题**
|
||||
|
||||
### 拉取请求
|
||||
|
||||
- **关闭拉取请求**
|
||||
- **重新打开已关闭的拉取请求**
|
||||
- **请求拉取请求评审**:请求用户或团队进行评审。
|
||||
|
||||
### 存储库
|
||||
|
||||
- **设置里程碑**:向问题或拉取请求添加里程碑。
|
||||
- **管理 Wiki 设置**:为存储库启用 Wiki。
|
||||
- **管理项目设置**:为存储库启用项目。
|
||||
- **管理拉取请求合并设置**:选择存储库中允许的合并提交类型,例如合并、压缩或变基。
|
||||
- **管理 {% data variables.product.prodname_pages %} 设置**:为存储库启用 {% data variables.product.prodname_pages %},然后选择要发布的分支。 有关详细信息,请参阅“[为 {% data variables.product.prodname_pages %} 站点配置发布源](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site)”。
|
||||
- **管理 Webhook**:将 Webhook 添加到存储库。
|
||||
- **管理部署密钥**:将部署密钥添加到存储库。
|
||||
- **编辑存储库元数据**:更新存储库说明以及存储库主题。
|
||||
{%- ifversion ghec %}
|
||||
- **设置交互限制**:暂时限制某些用户在公共存储库中发表评论、提出问题或创建拉取请求,以强制在一段时间内执行有限的活动。 有关详细信息,请参阅“[限制存储库中的交互](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository)。”
|
||||
{%- endif %}
|
||||
- **设置社交预览**:将识别图像添加到存储库,该图像在链接存储库时显示在社交媒体平台上。 有关详细信息,请参阅“[自定义存储库的社交媒体预览](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/customizing-your-repositorys-social-media-preview)”。
|
||||
- **将提交推送到受保护的分支**:推送到标记为受保护分支的分支。 分支保护规则仍将适用,并可能导致推送遭到拒绝。
|
||||
- **创建受保护的标记**:创建符合标记保护规则的标记。 有关详细信息,请参阅“[配置标记保护规则](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules)”。
|
||||
- **删除受保护的标记**:删除符合标记保护规则的标记。 有关详细信息,请参阅“[配置标记保护规则](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules)”。{% ifversion bypass-branch-protections %}
|
||||
- 绕过分支保护:无需遵守分支保护规则即可推送到受保护分支。{% endif %}
|
||||
|
||||
### 安全性
|
||||
|
||||
- **查看 {% data variables.product.prodname_code_scanning %} 结果**:能够查看 {% data variables.product.prodname_code_scanning %} 警报。
|
||||
- **关闭或重新打开 {% data variables.product.prodname_code_scanning %} 结果**:能够关闭或重新打开 {% data variables.product.prodname_code_scanning %} 警报。
|
||||
- **删除 {% data variables.product.prodname_code_scanning %} 结果**:能够删除 {% data variables.product.prodname_code_scanning %} 警报。
|
||||
- **查看 {% data variables.product.prodname_dependabot_alerts %}** :能够查看 {% data variables.product.prodname_dependabot_alerts %}。
|
||||
- **关闭或重新打开 {% data variables.product.prodname_dependabot_alerts %}** :能够关闭或重新打开 {% data variables.product.prodname_dependabot_alerts %}。
|
||||
- **查看 {% data variables.product.prodname_secret_scanning %} 结果**:能够查看 {% data variables.product.prodname_secret_scanning %} 警报。
|
||||
- **关闭或重新打开 {% data variables.product.prodname_secret_scanning %} 结果**:能够关闭或重新打开 {% data variables.product.prodname_secret_scanning %} 警报。
|
||||
|
||||
## 不同级别访问的优先级
|
||||
|
||||
如果通过不同的途径(如团队成员身份和组织的基本权限)为某人授予不同级别的访问权限,则最高访问权限将覆盖其他访问权限。 例如,如果组织所有者向组织成员提供使用“读取”继承角色的自定义角色,然后组织所有者将组织的基本权限设置为“写入”,则此自定义角色将具有写入权限以及自定义角色中包含的任何其他权限。
|
||||
|
||||
{% data reusables.organizations.mixed-roles-warning %}
|
||||
|
||||
要解决冲突的访问权限,您可以调整组织的基本权限或团队的访问权限,或编辑自定义角色。 有关详细信息,请参阅:
|
||||
- [为组织设置基本权限](/github/setting-up-and-managing-organizations-and-teams/setting-base-permissions-for-an-organization)
|
||||
- “[管理团队对组织存储库的访问](/organizations/managing-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)”
|
||||
- [编辑存储库角色](#editing-a-repository-role)
|
||||
|
||||
## 创建存储库角色
|
||||
|
||||
要创建新的存储库角色,请向继承的角色添加权限并为自定义角色命名。
|
||||
|
||||
{% ifversion ghec %} {% note %}
|
||||
|
||||
注意:只有使用 {% data variables.product.prodname_ghe_cloud %} 的组织才能创建自定义存储库角色。 {% data reusables.enterprise.link-to-ghec-trial %}
|
||||
|
||||
{% endnote %} {% endif %}
|
||||
|
||||
{% data reusables.profile.access_profile %} {% data reusables.profile.access_org %} {% data reusables.organizations.org_settings %} {% data reusables.organizations.org-list %} {% data reusables.organizations.org-settings-repository-roles %}
|
||||
5. 单击“创建角色”。
|
||||
|
||||
4. 在“Name(名称)”下,键入存储库角色的名称。
|
||||
|
||||
5. 在“Description(描述)”下,键入存储库角色的描述。
|
||||
|
||||
6. 在“Choose a role to inherit(选择要继承的角色)”下,选择要继承的角色。
|
||||
|
||||
7. 在“Add Permissions(添加权限)”下,使用下拉菜单选择您希望自定义角色包含的权限。
|
||||
|
||||
7. 单击“创建角色”。
|
||||
|
||||
|
||||
## 编辑存储库角色
|
||||
|
||||
{% data reusables.profile.access_profile %} {% data reusables.profile.access_org %} {% data reusables.organizations.org_settings %} {% data reusables.organizations.org-list %} {% data reusables.organizations.org-settings-repository-roles %}
|
||||
3. 在要编辑的角色右侧,单击 {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %},然后单击“编辑”。
|
||||
|
||||
4. 编辑,然后单击“更新角色”。
|
||||
|
||||
|
||||
## 删除存储库角色
|
||||
|
||||
如果您删除现有存储库角色,则所有具有自定义角色的待处理邀请、团队和用户都将被重新分配给组织的基本权限。
|
||||
|
||||
{% data reusables.profile.access_profile %} {% data reusables.profile.access_org %} {% data reusables.organizations.org_settings %} {% data reusables.organizations.org-list %} {% data reusables.organizations.org-settings-repository-roles %}
|
||||
3. 在要删除的角色右侧,单击 {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %},然后单击“删除”。
|
||||
|
||||
4. 查看要删除的角色的更改,然后单击“删除角色”。
|
||||
|
||||
{% data reusables.profile.access_profile %}
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.organizations.org_settings %}
|
||||
{% data reusables.organizations.org-list %}
|
||||
{% data reusables.organizations.org-settings-repository-roles %}
|
||||
3. To the right of the role you want to delete, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}, then click **Delete**.
|
||||
|
||||
4. Review changes for the role you want to remove, then click **Delete role**.
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
title: About Git Large File Storage
|
||||
intro: '{% data variables.product.product_name %} limits the size of files allowed in repositories. To track files beyond this limit, you can use {% data variables.large_files.product_name_long %}.'
|
||||
title: 关于 Git Large File Storage
|
||||
intro: '{% data variables.product.product_name %} 限制存储库中允许的文件大小。 要跟踪超出此限制的文件,您可以使用 {% data variables.large_files.product_name_long %}。'
|
||||
redirect_from:
|
||||
- /articles/about-large-file-storage
|
||||
- /articles/about-git-large-file-storage
|
||||
|
|
@ -12,33 +12,37 @@ versions:
|
|||
ghae: '*'
|
||||
ghec: '*'
|
||||
shortTitle: Git Large File Storage
|
||||
ms.openlocfilehash: f0ab54791645dc5c36cce2880ba3ae5c9b705f35
|
||||
ms.sourcegitcommit: 06726d24e73f1175f10749d6fdcf143d6094c9a5
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: zh-CN
|
||||
ms.lasthandoff: 10/28/2022
|
||||
ms.locfileid: '148118744'
|
||||
---
|
||||
## 关于 {% data variables.large_files.product_name_long %}
|
||||
|
||||
## About {% data variables.large_files.product_name_long %}
|
||||
{% data variables.large_files.product_name_short %} 处理大文件的方式是存储对仓库中文件的引用,而不实际文件本身。 为满足 Git 的架构要求,{% data variables.large_files.product_name_short %} 创建了“指针文件”,充当对实际文件(存储在其他位置)的引用。 {% data variables.product.product_name %} 在仓库中管理此指针文件。 克隆仓库时,{% data variables.product.product_name %} 使用指针文件作为映射来查找大文件。
|
||||
|
||||
{% data variables.large_files.product_name_short %} handles large files by storing references to the file in the repository, but not the actual file itself. To work around Git's architecture, {% data variables.large_files.product_name_short %} creates a pointer file which acts as a reference to the actual file (which is stored somewhere else). {% data variables.product.product_name %} manages this pointer file in your repository. When you clone the repository down, {% data variables.product.product_name %} uses the pointer file as a map to go and find the large file for you.
|
||||
{% ifversion fpt or ghec %} 使用 {% data variables.large_files.product_name_short %},可以将文件存储到:
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
Using {% data variables.large_files.product_name_short %}, you can store files up to:
|
||||
|
||||
| Product | Maximum file size |
|
||||
| 产品 | 文件大小上限 |
|
||||
|------- | ------- |
|
||||
| {% data variables.product.prodname_free_user %} | 2 GB |
|
||||
| {% data variables.product.prodname_pro %} | 2 GB |
|
||||
| {% data variables.product.prodname_team %} | 4 GB |
|
||||
| {% data variables.product.prodname_ghe_cloud %} | 5 GB |{% else %}
|
||||
Using {% data variables.large_files.product_name_short %}, you can store files up to 5 GB in your repository.
|
||||
使用 {% data variables.large_files.product_name_short %},可在仓库中存储最大 5 GB 的文件。
|
||||
{% endif %}
|
||||
|
||||
{% data reusables.repositories.git-lfs %}
|
||||
|
||||
You can also use {% data variables.large_files.product_name_short %} with {% data variables.product.prodname_desktop %}. For more information about cloning Git LFS repositories in {% data variables.product.prodname_desktop %}, see "[Cloning a repository from GitHub to GitHub Desktop](/desktop/guides/contributing-to-projects/cloning-a-repository-from-github-to-github-desktop)."
|
||||
您也可以将 {% data variables.large_files.product_name_short %} 与 {% data variables.product.prodname_desktop %} 结合使用。 有关在 {% data variables.product.prodname_desktop %} 中克隆 Git LFS 存储库的详细信息,请参阅“[将存储库从 GitHub 克隆到 GitHub 桌面](/desktop/guides/contributing-to-projects/cloning-a-repository-from-github-to-github-desktop)”。
|
||||
|
||||
{% data reusables.large_files.can-include-lfs-objects-archives %}
|
||||
|
||||
## Pointer file format
|
||||
## 指针文件格式
|
||||
|
||||
{% data variables.large_files.product_name_short %}'s pointer file looks like this:
|
||||
{% data variables.large_files.product_name_short %} 的指针文件看起来像:
|
||||
|
||||
```
|
||||
version {% data variables.large_files.version_name %}
|
||||
|
|
@ -46,16 +50,16 @@ oid sha256:4cac19622fc3ada9c0fdeadb33f88f367b541f38b89102a3f1261ac81fd5bcb5
|
|||
size 84977953
|
||||
```
|
||||
|
||||
It tracks the `version` of {% data variables.large_files.product_name_short %} you're using, followed by a unique identifier for the file (`oid`). It also stores the `size` of the final file.
|
||||
它会跟踪所用 {% data variables.large_files.product_name_short %} 的 `version`,后接文件的唯一标识符 (`oid`)。 它还会存储最终文件的 `size`。
|
||||
|
||||
{% note %}
|
||||
|
||||
**Notes**:
|
||||
- {% data variables.large_files.product_name_short %} cannot be used with {% data variables.product.prodname_pages %} sites.
|
||||
- {% data variables.large_files.product_name_short %} cannot be used with template repositories.
|
||||
**注释**:
|
||||
- {% data variables.large_files.product_name_short %} 不能用于 {% data variables.product.prodname_pages %} 站点。
|
||||
- {% data variables.large_files.product_name_short %} 不能用于模板仓库。
|
||||
|
||||
{% endnote %}
|
||||
|
||||
## Further reading
|
||||
## 延伸阅读
|
||||
|
||||
- "[Collaboration with {% data variables.large_files.product_name_long %}](/articles/collaboration-with-git-large-file-storage)"
|
||||
- [与 {% data variables.large_files.product_name_long %} 协作](/articles/collaboration-with-git-large-file-storage)
|
||||
|
|
|
|||
|
|
@ -1,44 +0,0 @@
|
|||
date: '2020-02-11'
|
||||
sections:
|
||||
features:
|
||||
- '在存储库分支上,存储库管理员可以使用[分支保护规则](https://help.github.com/en/github/administering-a-repository/enabling-branch-restrictions)启用“需要线性历史记录”,从而拒绝包含合并提交的任何推送。{% comment %} https://github.blog/changelog/2019-12-04-expanded-branch-protection-rules/ {% endcomment %}'
|
||||
- '存储库管理员可以使用[分支保护规则](https://help.github.com/en/github/administering-a-repository/enabling-branch-restrictions)启用“允许强制推送”,从而授予所有用户强制推送到受保护的分支的能力。{% comment %} https://github.blog/changelog/2019-12-04-expanded-branch-protection-rules/、https://github.com/github/ce-oss-happiness/issues/42、https://github.com/github/github/pull/125950 {% endcomment %}'
|
||||
- '存储库管理员可以使用[分支保护规则](https://help.github.com/en/github/administering-a-repository/enabling-branch-restrictions)启用“允许删除”,从而授予所有具有推送权限的用户删除受保护分支的能力。{% comment %} https://github.blog/changelog/2019-12-04-expanded-branch-protection-rules/ {% endcomment %}'
|
||||
- '管理员可以在存储库上设置 `maxobjectsize` 限制、对不在 [Git LFS](https://help.github.com/en/enterprise/admin/installation/configuring-git-large-file-storage-on-github-enterprise-server) 中的存储库[限制推送提交的大小](https://help.github.com/en/enterprise/admin/installation/setting-git-push-limits)。{% comment %} https://github.com/github/babeld/pull/864、https://team.githubapp.com/posts/33519、https://github.com/githubcustomers/Slack/issues/27 {% endcomment %}'
|
||||
- '组织所有者在创建新存储库时可以创建一组默认标签。{% comment %} https://github.com/github/issues-projects/issues/237、https://github.com/github/issues-projects/issues/179 {% endcomment %}'
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- '当组织的成员尝试查看该组织的公共存储库时,SSO 提示可能会中断页面显示。{% comment %} https://github.com/github/github/issues/126677、https://github.com/github/github/pull/127501 {% endcomment %}'
|
||||
- "查看用户配置文件时,指向该用户团队的链接可能会断开。{% comment %} https://github.com/github/github/issues/131771、https://github.com/github/github/pull/131865 {% endcomment %}"
|
||||
- '具有 `maintain` 角色的用户无法编辑存储库主题。{% comment %} https://github.com/github/github/pull/129503、https://github.com/github/github/issues/119456 {% endcomment %}'
|
||||
- "不是组织管理员的用户在尝试访问注册页面时将收到 500 个错误。{% comment %} https://github.com/github/github/pull/129213、https://github.com/github/github/issues/129210、https://github.com/github/github/issues/129212 {% endcomment %}"
|
||||
- '编辑历史记录弹出窗口不会显示在 Gist 注释上。{% comment %} https://github.com/github/github/pull/129134、https://github.com/github/github/issues/128496 {% endcomment %}'
|
||||
- '使用已注册的电子邮件地址可以注册新帐户。{% comment %} https://github.com/github/github/pull/127905、https://github.com/github/github/issues/127858 {% endcomment %}'
|
||||
- '存储服务达到文件描述符限制,并导致内核挂起和其他服务记录错误。{% comment %} https://github.com/github/enterprise2/pull/18775 {% endcomment %}'
|
||||
- '当自动链接引用是 URL 的一部分时,可以删除超链接。{% comment %} https://github.com/github/github/pull/126776 {% endcomment %}'
|
||||
- '向拉取请求添加注释时,侧边栏中的“链接的议题”部分可能会消失。{% comment %} https://github.com/github/issues-projects/issues/384、https://github.com/github/github/pull/130514 {% endcomment %}'
|
||||
- '编辑用户的现有组织邀请时,`Teams` 表上可能会显示重复的标头。{% comment %} https://github.com/github/github/issues/120381、https://github.com/github/github/pull/128939 {% endcomment %}'
|
||||
- '当队列变得太大时,`resqued` 服务可能会停止记录事件。{% comment %} https://github.com/github/github/pull/130087、https://github.com/github/business-support/issues/2696 {% endcomment %}'
|
||||
- '对于群集和高可用性配置运行 `ghe-config-apply` 命令时,不会自动生成自签名证书。{% comment %} https://github.com/github/enterprise2/pull/18773 {% endcomment %}'
|
||||
changes:
|
||||
- '如果尚未上传主题,则不会显示徽标。{% comment %} https://github.com/github/github/issues/130513、https://github.com/github/github/pull/130515 {% endcomment %}'
|
||||
- '在移动浏览器上查看问题时,问题元数据将列在页面顶部。{% comment %} https://github.com/github/github/pull/127560 {% endcomment %}'
|
||||
- 'Consul 的顶级域已从“.consul”更改为“.ghe.local”。{% comment %} https://github.com/github/enterprise2/pull/17443、https://github.com/github/enterprise2/issues/17701 {% endcomment %}'
|
||||
- 'Hookshot 服务不再依赖 ElasticSearch,只能使用 MySQL 作为数据库存储。{% comment %} https://github.com/github/enterprise2/pull/18158、https://github.com/github/hookshot/pull/1128、https://github.com/github/enterprise2/pull/15898 {% endcomment %}'
|
||||
- '在项目说明卡上改进了问题、项目及讨论之间的视觉区分。{% comment %} https://github.com/github/github/pull/132038 {% endcomment %}'
|
||||
- '在拉取请求审阅中,如果多行注释被截断,将显示通知。{% comment %} https://github.com/github/github/issues/125948、https://github.com/github/github/pull/128677 {% endcomment %}'
|
||||
- '用户可以在个人设置页面的“安全日志”选项卡上查看其审核日志。{% comment %} https://github.com/github/github/pull/123041{% endcomment %}'
|
||||
known_issues:
|
||||
- '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '推送到 Gist 时,可能会在后接收挂钩期间触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
|
||||
- "数据库中重复的 Webhook 条目可能会导致从早期版本的升级失败。(更新时间:2020-02-26)"
|
||||
- '如果自定义了后台工作进程配置,则升级和设置更新将失败。{% comment %} https://github.com/github/enterprise2/issues/19119 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '从早期版本升级时,可能无法生成后台作业工作进程,从而阻止合并拉取请求等基本功能。(更新时间:2020-04-07){% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}'
|
||||
- '推送到命令行上的存储库时,不会报告安全警报。(更新时间:2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '依赖项关系图在具有多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新时间:2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
date: '2020-02-27'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/19116, https://github.com/github/enterprise2/pull/19110, https://github.com/github/enterprise2/pull/19154, https://github.com/github/enterprise2/pull/19142 {% endcomment %}'
|
||||
bugs:
|
||||
- '从备份还原将会失败,并显示“RDB 版本号无效”错误。{% comment %} https://github.com/github/enterprise2/pull/19117, https://github.com/github/enterprise2/pull/19109 {% endcomment %}'
|
||||
- '升级 HA 副本将停止无限期等待 MySQL 启动。{% comment %} https://github.com/github/enterprise2/pull/19168, https://github.com/github/enterprise2/pull/19101 {% endcomment %}'
|
||||
- '具有意外“position”或“original_position”值的 PR 审核评论导致导入失败。{% comment %} https://github.com/github/github/pull/135439, https://github.com/github/github/pull/135374 {% endcomment %}'
|
||||
- '数据库中重复的 Webhook 条目可能导致先前版本的升级失败。{% comment %} https://github.com/github/hookshot/pull/1541, https://github.com/github/hookshot/pull/1426, https://github.com/github/hookshot/pull/1540 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '推送到 Gist 时,可能会在后接收挂钩时触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
|
||||
- '如果自定义了后台工作进程配置,则升级和设置更新将失败。{% comment %} https://github.com/github/enterprise2/issues/19119 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '从早期版本升级时,可能无法生成后台作业工作进程,从而阻止合并拉取请求等基本功能。(更新时间:2020-04-07){% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}'
|
||||
- '推送到命令行上的存储库时,不会报告安全警报。(更新时间于 2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '依赖项关系图在具有多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新时间时间:2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
date: '2020-06-23'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/20746, https://github.com/github/enterprise2/pull/20727 {% endcomment %}'
|
||||
bugs:
|
||||
- '当使用 UDP 作为传输机制时,过大的日志事件可能导致日志转发不稳定。{% comment %} https://github.com/github/enterprise2/pull/20457, https://github.com/github/enterprise2/pull/20445 {% endcomment %}'
|
||||
- "如果 SSH 密钥属性具有已与用户帐户关联的密钥,则用户通过 SSO 进行的自动取消暂停未完成。 {% comment %} https://github.com/github/github/pull/143474, https://github.com/github/github/pull/142927 {% endcomment %}"
|
||||
- '来自 REST API 的仓库权限哈希表示,对于可拉取访问内部仓库的业务成员,无法访问仓库。 {% comment %} https://github.com/github/github/pull/144755, https://github.com/github/github/pull/144292 {% endcomment %}'
|
||||
- '预览 Markdown 中写入的 GitHub 应用程序描述未正确呈现。{% comment %} https://github.com/github/github/pull/145038, https://github.com/github/github/pull/133360 {% endcomment %}'
|
||||
- '审核日志不包括分支保护更改事件。 {% comment %} https://github.com/github/github/pull/145995, https://github.com/github/github/pull/145014 {% endcomment %}'
|
||||
- "尝试将代码审核分配给空团队成员将导致“500内部服务器错误”。 {% comment %} https://github.com/github/github/pull/146328, https://github.com/github/github/pull/139330 {% endcomment %}"
|
||||
- '使用负载平衡算法的代码审核分配可能反复分配给同一团队成员。{% comment %} https://github.com/github/github/pull/146329, https://github.com/github/github/pull/136504 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '议题若是包含同一仓库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。 {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '推送到命令行上的仓库时,不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '依赖项关系图在多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新于 2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
date: '2020-07-09'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**中:** 将 nginx 更新到 1.16.1 并解决了 CV-2019-20372。(更新于 2020-07-22){% comment %} https://github.com/github/enterprise2/pull/21251 {% endcomment %}'
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/21088, https://github.com/github/enterprise2/pull/21036 {% endcomment %}'
|
||||
bugs:
|
||||
- '依赖项关系图在多个 Redis 节点的群集配置中部署时不会检测依赖项。{% comment %} https://github.com/github/enterprise2/pull/21260, https://github.com/github/enterprise2/pull/21102 {% endcomment %}'
|
||||
- '某些日志文件没有每 7 天轮换一次。 {% comment %} https://github.com/github/enterprise2/pull/21278, https://github.com/github/enterprise2/pull/21264 {% endcomment %}'
|
||||
- '快速重新使用 web 挂钩源端口导致拒绝连接。 {% comment %} https://github.com/github/enterprise2/pull/21289 {% endcomment %}'
|
||||
- '不正确的背景作业可能尝试在配置为被动副本的实例上运行。{% comment %} https://github.com/github/enterprise2/pull/21318, https://github.com/github/enterprise2/pull/21212, https://github.com/github/enterprise2/issues/21167 {% endcomment %}'
|
||||
- '内部仓库未正确地包含在启用 SAML 的组织的搜索结果中。 {% comment %} https://github.com/github/github/pull/147503, https://github.com/github/github/pull/145692 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '议题若是包含同一仓库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。 {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '推送到命令行上的仓库时,不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
date: '2020-07-21'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/21437, https://github.com/github/enterprise2/pull/21402, https://github.com/github/enterprise2/pull/21495, https://github.com/github/enterprise2/pull/21479 {% endcomment %}'
|
||||
bugs:
|
||||
- '管理控制台监视图有时无法在更大的屏幕上正确显示。 {% comment %} https://github.com/github/enterprise2/pull/21397, https://github.com/github/enterprise2/pull/21381 {% endcomment %}'
|
||||
- '应用 SameSite Cookie 策略时,GitHub 应用程序清单创建流在某些情况下无法使用。 {% comment %} https://github.com/github/github/pull/147826, https://github.com/github/github/pull/144121 {% endcomment %}'
|
||||
changes:
|
||||
- '改进 HAProxy 缩放。 {% comment %} https://github.com/github/enterprise2/pull/21383 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '议题若是包含同一仓库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。 {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '推送到命令行上的仓库时,不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
date: '2020-08-11'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '{% octicon "alert" aria-label="The alert icon" %} **关键:**在 GitHub Pages 中发现了一个远程执行代码漏洞,攻击者可利用该漏洞在构建 GitHub Pages 站点的过程中执行命令。此问题是由于在 Pages 构建过程中使用过时且易受攻击的依赖项造成的。要利用此漏洞,攻击者需要获得在 GitHub Enterprise Server 实例上创建和构建 GitHub Pages 站点的权限。 此漏洞影响 GitHub Enterprise Server 的所有版本。为了缓解此漏洞,Kramdown 已更新以解决 CVE-2020-14001。{% comment %} https://github.com/github/pages/pull/2836, https://github.com/github/pages/pull/2827 {% endcomment %}'
|
||||
- '**高:**在 GitHub Enterprise Server 上执行时,攻击者可以将恶意参数注入 Git 子命令。这可能使攻击者能够使用用户控制的部分内容覆盖任意文件,并可能在 GitHub Enterprise Server 实例上执行任意命令。要利用此漏洞,攻击者需要获得访问 GitHub Enterprise Server 实例中存储库的权限。但是,由于存在其他保护措施,我们无法确定积极利用此漏洞的方法。此漏洞通过 GitHub 安全 Bug 悬赏计划报告。{% comment %} https://github.com/github/github/pull/151097 {% endcomment %}'
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/21811, https://github.com/github/enterprise2/pull/21700 {% endcomment %}'
|
||||
bugs:
|
||||
- 'Consul 配置错误导致无法在独立实例上处理某些后台作业。{% comment %} https://github.com/github/enterprise2/pull/21464 {% endcomment %}'
|
||||
- '服务内存分配计算可能会将不正确或无限制的内存分配给某项服务,从而导致系统性能下降。{% comment %} https://github.com/github/enterprise2/pull/21716 {% endcomment %}'
|
||||
- '未正确检测到 oVirt KVM 系统的虚拟化平台,导致升级过程中出现问题。{% comment %} https://github.com/github/enterprise2/pull/21730, https://github.com/github/enterprise2/pull/21669 {% endcomment %}'
|
||||
- "通过 Git 命令行使用密码进行无效身份验证的错误消息未填充 URL 链接以添加适当的令牌或 SSH 密钥。{% comment %} https://github.com/github/github/pull/149714 {% endcomment %}"
|
||||
- 'GitHub Connect 使用的是已弃用的 GitHub.com API 终结点。{% comment %} https://github.com/github/github/pull/150828, https://github.com/github/github/pull/150545 {% endcomment %}'
|
||||
- '在迁移到新实例的存储库上,无法按 *最近更新* 对问题进行排序。{% comment %} https://github.com/github/github/pull/150843, https://github.com/github/github/pull/149330 {% endcomment %}'
|
||||
- '404 页面的页脚中包含 GitHub.com 联系人和状态链接。{% comment %} https://github.com/github/github/pull/151316 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
date: '2020-08-12'
|
||||
sections:
|
||||
bugs:
|
||||
- '解决了在生成系统配置模板时可能导致高 CPU 使用率的问题。{% comment %} https://github.com/github/enterprise2/pull/21784、https://github.com/github/enterprise2/pull/21741 {% endcomment %}'
|
||||
- '最近对内存分配的更改可能导致系统性能降低 {% comment %} https://github.com/github/enterprise2/pull/22067 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
date: '2020-08-26'
|
||||
sections:
|
||||
security_fixes:
|
||||
- >-
|
||||
{% octicon "alert" aria-label="The alert icon" %} **Critical:** A remote code execution vulnerability was identified in GitHub Pages that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program. We have issued CVE-2020-10518. {% comment %} https://github.com/github/pages/pull/2883, https://github.com/github/pages/pull/2902, https://github.com/github/pages/pull/2894, https://github.com/github/pages/pull/2877, https://github.com/github/pages-gem/pull/700,
|
||||
https://github.com/github/pages/pull/2890, https://github.com/github/pages/pull/2898, https://github.com/github/pages/pull/2909, https://github.com/github/pages/pull/2891, https://github.com/github/pages/pull/2884, https://github.com/github/pages/pull/2889 {% endcomment %}
|
||||
- '**MEDIUM:** An improper access control vulnerability was identified that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and has been assigned [CVE-2020-10517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10517). The vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com). {% comment %} https://github.com/github/github/pull/151987, https://github.com/github/github/pull/151713 {% endcomment %}'
|
||||
- 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/21852, https://github.com/github/enterprise2/pull/21828, https://github.com/github/enterprise2/pull/22153, https://github.com/github/enterprise2/pull/21920, https://github.com/github/enterprise2/pull/22215, https://github.com/github/enterprise2/pull/22190 {% endcomment %}'
|
||||
bugs:
|
||||
- 'A message was not logged when the ghe-config-apply process had finished running ghe-es-auto-expand. {% comment %} https://github.com/github/enterprise2/pull/22177, https://github.com/github/enterprise2/pull/22171 {% endcomment %}'
|
||||
- 'Excessive logging to the `syslog` file could occur on high-availability replicas if the primary appliance is unavailable. {% comment %} https://github.com/github/enterprise2/pull/22267, https://github.com/github/enterprise2/pull/22124 {% endcomment %}'
|
||||
- "Database re-seeding on a replica could fail with an error: `Got packet bigger than 'max_allowed_packet'` {% comment %} https://github.com/github/enterprise2/pull/22321, https://github.com/github/enterprise2/pull/20063 {% endcomment %}"
|
||||
- 'In some cases duplicate user data could cause a 500 error while running the ghe-license-usage script. {% comment %} https://github.com/github/github/pull/152638 {% endcomment %}'
|
||||
changes:
|
||||
- 'In a high availability or geo-replication configuration, replica instances would exit maintenance mode when ghe-config-apply ran. {% comment %} https://github.com/github/enterprise2/pull/21776, https://github.com/github/enterprise2/pull/21440 {% endcomment %}'
|
||||
- "We've added support for the R5a and R5n AWS instance types. {% comment %} https://github.com/github/enterprise2/pull/21902, https://github.com/github/enterprise2/pull/21173 {% endcomment %}"
|
||||
- 'Removed the license seat count information on the administrative SSH MOTD due to a performance issue impacting GitHub Enterprise Server clusters. {% comment %} https://github.com/github/enterprise2/pull/21993, https://github.com/github/enterprise2/pull/21870 {% endcomment %}'
|
||||
known_issues:
|
||||
- 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- 'When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.'
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
date: '2020-09-08'
|
||||
sections:
|
||||
bugs:
|
||||
- '服务运行状况检查会造成会话增加,从而耗尽文件系统 Inode。{% comment %} https://github.com/github/enterprise2/pull/22480, https://github.com/github/enterprise2/pull/22475 {% endcomment %}'
|
||||
- "使用热补丁的升级可能会失败,并显示错误:`'libdbi1' was not found` {% comment %} https://github.com/github/enterprise2/pull/22558,https://github.com/github/enterprise2/pull/22552 {% endcomment %}"
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
date: '2020-09-23'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '中****:ImageMagick 已更新,以解决 [DSA-4715-1](https://www.debian.org/security/2020/dsa-4715)。{% comment %} https://github.com/github/enterprise2/pull/22625, https://github.com/github/enterprise2/pull/22610 {% endcomment %}'
|
||||
- '包已更新到最新安全版本。{% comment %} https://github.com/github/enterprise2/pull/22601, https://github.com/github/enterprise2/pull/22592, https://github.com/github/enterprise2/pull/22605, https://github.com/github/enterprise2/pull/22426, https://github.com/github/enterprise2/pull/22718, https://github.com/github/enterprise2/pull/22699 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
date: '2020-10-09'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 'LDAP 目录用户名标准化为现有 GHES 帐户登录的用户可以验证现有帐户。{% comment %} https://github.com/github/github/pull/156518, https://github.com/github/github/pull/155512 {% endcomment %}'
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/22910, https://github.com/github/enterprise2/pull/22878 {% endcomment %}'
|
||||
bugs:
|
||||
- '管理控制台中的 NameID 格式下拉列表将在设置为“持久”之后重置为“未指定”。{% comment %} https://github.com/github/enterprise2/pull/22403, https://github.com/github/enterprise2/pull/22331, https://github.com/github/enterprise2/issues/13446 {% endcomment %}'
|
||||
- '通过[管理控制台](/admin/configuration/accessing-the-management-console)保存设置将附加一个新行到 [TLS/SSL 证书和密钥](/admin/configuration/configuring-tls)文件,这触发了某些服务的不必要重新加载。{% comment %} https://github.com/github/enterprise2/pull/22607, https://github.com/github/enterprise2/pull/22540 {% endcomment %}'
|
||||
- '依赖关系图的系统日志没有旋转,允许无限存储增长。{% comment %} https://github.com/github/enterprise2/pull/22765, https://github.com/github/enterprise2/pull/22733 {% endcomment %}'
|
||||
- '到 GitHub 安全通告的链接将使用 GitHub Enterprise Server 实例主机名的 URL 而不是 GitHub.com,将用户引导到不存在的 URL。{% comment %} https://github.com/github/github/pull/153444, https://github.com/github/github/pull/151301 {% endcomment %}'
|
||||
- '使用 `ghe-migrator` 导入存储库时,如果数据不一致,可能发生意外异常。{% comment %} https://github.com/github/github/pull/153848, https://github.com/github/github/pull/151552 {% endcomment %}'
|
||||
- '当使用 `ghe-migrator` 导入 PR 审核请求时,与删除用户相关的记录将产生外部数据库记录。{% comment %} https://github.com/github/github/pull/154958, https://github.com/github/github/pull/153169 {% endcomment %}'
|
||||
- '使用 `ghe-migrator` 导入用户时,如果系统生成的电子邮件地址超过 100 个字符,则会出现“电子邮件无效”的错误。{% comment %} https://github.com/github/github/pull/155112, https://github.com/github/github/pull/152418 {% endcomment %}'
|
||||
- '记录 Webhook 活动可能会使用大量的磁盘空间,并导致根盘变满。{% comment %} https://github.com/github/github/pull/155655, https://github.com/github/github/pull/154100 {% endcomment %}'
|
||||
changes:
|
||||
- '为 AWS EC2 实例类型 `m5.16xlarge` 添加了支持。{% comment %} https://github.com/github/enterprise2/pull/22500, https://github.com/github/enterprise2/pull/22473 {% endcomment %}'
|
||||
- '删除 `ghe-migrator` 档案中 SSH 指纹的要求,因为它可以随时计算。{% comment %} https://github.com/github/github/pull/156944, https://github.com/github/github/pull/155387 {% endcomment %}'
|
||||
- 'GitHub App 清单现在包含 `request_oauth_on_install` 字段。{% comment %} https://github.com/github/github/pull/156996, https://github.com/github/github/pull/155010, https://github.com/github/ecosystem-apps/issues/1055 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
date: '2020-10-20'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/23095, https://github.com/github/enterprise2/pull/23081 {% endcomment %}'
|
||||
bugs:
|
||||
- '企业帐户“确认双因素要求策略”消息不正确。{% comment %} https://github.com/github/github/pull/158737 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
date: '2020-03-10'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/19204, https://github.com/github/enterprise2/pull/19187 {% endcomment %}'
|
||||
bugs:
|
||||
- '在某些情况下,转发的日志条目(主要用于 audit.log)被截断。{% comment %} https://github.com/github/enterprise2/pull/19244, https://github.com/github/enterprise2/pull/19192, https://github.com/github/enterprise2/issues/16655 {% endcomment %}'
|
||||
- '`ghe-license-check` 命令行实用程序对某些有效的许可返回“无效的许可证文件”错误,导致配置更改失败。{% comment %} https://github.com/github/enterprise2/pull/19249, https://github.com/github/enterprise2/pull/19185, https://github.zendesk.com/agent/tickets/549903 {% endcomment %}'
|
||||
- 'Alambic 异常日志没有被 syslog 转发。{% comment %} https://github.com/github/enterprise2/pull/19263, https://github.com/github/enterprise2/pull/19123, https://github.com/github/enterprise2/issues/18734 {% endcomment %}'
|
||||
- '[`org_block event`](https://developer.github.com/v3/activity/events/types/#orgblockevent) 并非不可用,但在 GitHub Enterprise Server 上的 GitHub 应用中显示。{% comment %} https://github.com/github/github/pull/136227, https://github.com/github/github/pull/135640, https://github.com/github/ecosystem-apps/issues/693 {% endcomment %}'
|
||||
- 'GraphQL 查询响应有时返回 `ProtectedBranch` 对象的不匹配节点标识符。{% comment %} https://github.com/github/github/pull/136376, https://github.com/github/github/pull/136214, https://github.com/github/github/issues/135407 {% endcomment %}'
|
||||
- 'GitHub Connect 使用的 GitHub 应用凭据在过期后未能立即刷新。{% comment %} https://github.com/github/github/pull/136384, https://github.com/github/github/pull/136259 {% endcomment %}'
|
||||
- '在回复拉请求评论时留下评论会间歇性地创建挂起拉请求审查。{% comment %} https://github.com/github/github/pull/136454, https://github.com/github/github/pull/133697, https://github.com/github/github/issues/127401 {% endcomment %}'
|
||||
- '使用 ghe-migrator 或从 GitHub.com 导出时,导出非图片附件会自动失败。{% comment %} https://github.com/github/github/pull/136487, https://github.com/github/github/pull/134524, https://github.com/github/github/issues/134358 {% endcomment %}'
|
||||
- '在遇到 UTF-8 字符时,预接收挂钩会在 Web UI 上返回 500 错误。{% comment %} https://github.com/github/github/pull/136699, https://github.com/github/github/pull/136014, https://github.com/github/github/issues/133501 {% endcomment %}'
|
||||
changes:
|
||||
- '` ghe-license-usage ` 命令行实用程序新增了 `--unencrypted` 选项,用于查看导出的许可使用文件。{% comment %} https://github.com/github/github/pull/136134, https://github.com/github/github/pull/136000 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪的文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '推送到 Gist 时,可能会在后接收挂钩时触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
|
||||
- '如果自定义了后台工作进程配置,则升级和设置更新将失败。{% comment %} https://github.com/github/enterprise2/issues/19119 {% endcomment %}'
|
||||
- '对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '从早期版本升级时,可能无法生成后台作业工作进程,从而阻止合并拉取请求等基本功能。(更新时间:2020-04-07){% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}'
|
||||
- '推送到命令行上的仓库时,不会报告安全警报。(更新时间:2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '依赖项关系图在多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新时间:2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
date: '2020-11-03'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**中:**高 CPU 使用可能被特殊构建的 SVN 桥请求触发,导致 SVN 桥服务上的拒绝服务 (DoS)。{% comment %} https://github.com/github/slumlord/pull/1003, https://github.com/github/slumlord/pull/1000 {% endcomment %}'
|
||||
- "**低:**不正确的令牌验证导致身份验证期间匹配令牌的熵减少。分析表明,在实践中,这里没有重大的安全风险。{% comment %} https://github.com/github/github/pull/159453, https://github.com/github/github/pull/159193 {% endcomment %}"
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/23538, https://github.com/github/enterprise2/pull/23171, https://github.com/github/enterprise2/pull/23691, https://github.com/github/enterprise2/pull/23677 {% endcomment %}'
|
||||
bugs:
|
||||
- '推荐用户列表中包含已暂停的用户,其中可能隐藏未暂停的用户。{% comment %} https://github.com/github/github/pull/159809, https://github.com/github/github/pull/140563, https://github.com/github/github/pull/142146 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
date: '2020-11-17'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/23843、https://github.com/github/enterprise2/pull/23712 {% endcomment %}'
|
||||
bugs:
|
||||
- 'Babeld 日志在秒与微秒之间缺少分隔符。{% comment %} https://github.com/github/babeld/pull/1004、https://github.com/github/babeld/pull/1002 {% endcomment %}'
|
||||
- '当企业帐户“存储库可见性更改”策略设置为“启用”时,组织所有者无法更改组织内存储库的可见性。{% comment %} https://github.com/github/github/pull/160922、https://github.com/github/github/pull/160773 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
date: '2020-12-03'
|
||||
sections:
|
||||
bugs:
|
||||
- '由于启动中的争用条件导致服务重新启动,因此检测到授权服务不正常。{% comment %} https://github.com/github/authzd/pull/1279, {% endcomment %}'
|
||||
- '在热补丁升级过程中,一种基础行为导致服务不可用。{% comment %} https://github.com/github/enterprise2/pull/24053, https://github.com/github/enterprise2/issues/23947 {% endcomment %}'
|
||||
- '未正确应用部分日志转发 SSL 证书。{% comment %} https://github.com/github/enterprise2/pull/24112, https://github.com/github/enterprise2/pull/23981 {% endcomment %}'
|
||||
- '从团队或组织中移除暂停用户时向他们发送电子邮件通知。{% comment %} https://github.com/github/github/pull/163107, https://github.com/github/github/pull/162742 {% endcomment %}'
|
||||
- '组织和企业之间应用 SSH 证书的方式不一致。{% comment %} https://github.com/github/github/pull/163429, https://github.com/github/github/pull/159538, https://github.com/github/authentication/issues/115 {% endcomment %}'
|
||||
- '当帐户因使用不正确的密码而受到速率限制时,可能被锁定长达 24 小时。{% comment %} https://github.com/github/github/pull/163456, https://github.com/github/github/pull/162938, https://github.com/github/github-ds/pull/51 {% endcomment %}'
|
||||
- '在具有许多引用的存储库上进行拉取请求同步可能会导致工作线程队列落后。{% comment %} https://github.com/github/github/pull/163576, https://github.com/github/github/pull/163142 {% endcomment %}'
|
||||
- '在尝试访问特定页面后登录时,用户将发送到主页,而不是其预期目的地。{% comment %} https://github.com/github/github/pull/163785, https://github.com/github/github/pull/163579, https://github.com/github/github/pull/154117, https://github.com/github/ecosystem-apps/issues/1076 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
date: '2020-12-17'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '低:****高 CPU 使用可能被特殊构建的 SVN 桥请求触发,进而导致 SVN 桥服务上的拒绝服务 (DoS)。{% comment %} https://github.com/github/slumlord/pull/1020, https://github.com/github/slumlord/pull/1017 {% endcomment %}'
|
||||
- '包已更新到最新安全版本。{% comment %} https://github.com/github/enterprise2/pull/24351, https://github.com/github/enterprise2/pull/23866 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
date: '2021-03-02'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**高:**在 GitHub Enterprise Server 中发现了一个不适当的访问控制漏洞,允许经过验证的实例用户通过特殊构建的拉取请求和 REST API 请求获得对未授权存储库的写入权限。攻击者需要能够创建目标存储库分支,该设置默认为组织拥有的私有存储库禁用。分支保护(如所需的拉取请求审查或状态检查)将防止未经进一步审查或验证的未授权提交被合并。此漏洞已分配 CVE-2021-22861。这个问题是通过 [GitHub Bug 赏金计划](https://bounty.github.com)报告的。'
|
||||
- '**高:**在 GitHub Enterprise Server GraphQL API 中发现了一个不适当的访问控制漏洞,允许经过验证的实例用户在未经适当授权的情况下修改拉取请求的维护员协作权限。通过利用此漏洞,攻击者将能够访问在他们作为维护员的存储库上打开的拉取请求的头部分支。默认为组织拥有的私有存储库禁用分叉,并且可以防止此漏洞。此外,分支保护(如所需的拉取请求审查或状态检查)将防止未经进一步审查或验证的未授权提交被合并。此漏洞已分配 CVE-2021-22863。这个问题是通过 [GitHub Bug 赏金计划](https://bounty.github.com)报告的。'
|
||||
- '**高:**在 GitHub Enterprise Server 中发现了一个在构建 GitHub Pages 站点时可以利用的远程代码执行漏洞。GitHub Pages 使用的基础分析器的用户控制配置没有受到足够的限制,因此可以在 GitHub Enterprise Server 实例上执行命令。要利用此漏洞,攻击者需要获得在 GitHub Enterprise Server 实例上创建和构建 GitHub Pages 站点的权限。该漏洞编号为 CVE-2020-10519,是通过 [GitHub Bug 赏金计划](https://bounty.github.com/)报告的。'
|
||||
- '**低:**对 SVN 桥的特别设计请求可能会触发长时间的等待,然后再导致拒绝服务 (DoS)。'
|
||||
- '包已更新到最新的安全版本。'
|
||||
bugs:
|
||||
- '在 GitHub Enterprise 备份实用程序快照期间,信息性消息被无意中记录为错误,这导致在备份由侦听输出到 stderr 的 cron 作业安排时发送不必要的电子邮件。'
|
||||
- '在恢复大型备份时,与 Redis 内存耗尽相关的异常记录可能导致恢复由于完整磁盘而出现故障。'
|
||||
- '在编辑 wiki 页面时,用户单击“保存”按钮时可能会遇到 500 错误。'
|
||||
- '使用主题替代名称中具有多个名称的证书签名的 S/MIME 签名提交将错误地显示为提交徽章中的“未验证”。'
|
||||
- '被暂停的用户在添加到团队时收到电子邮件。'
|
||||
- '上传与之前许可证文件不同数量的新许可证文件时,席位差异在企业帐户的“设置”->“许可证”页面中未正确表示。'
|
||||
- '无法成功启用或禁用企业帐户设置中的“防止存储库管理员更改匿名 Git 读取访问权限”复选框。'
|
||||
- '在闰年,用户在尝试在星期一查看贡献活动时收到 404 响应。'
|
||||
changes:
|
||||
- '添加了 [AWS EC2 r5b 实例类型](https://aws.amazon.com/about-aws/whats-new/2020/12/introducing-new-amazon-ec2-r5b-instances-feuring-60-gbps-of-ebbandwidth-260K-iops/)支持。'
|
||||
- '调整的背景队列排列优先顺序,以更均匀地分配作业。'
|
||||
known_issues:
|
||||
- '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。'
|
||||
- '在升级期间不会维护自定义防火墙规则。'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。'
|
||||
- '如果问题包含文件路径长于 255 个字符的同一存储库中 blob 的永久链接,则问题无法关闭。'
|
||||
- '对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。'
|
||||
- '推送到命令行上的存储库时不报告安全警报。'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
date: '2020-03-12'
|
||||
sections:
|
||||
bugs:
|
||||
- '如果自定义了后台工作进程配置,升级和设置更新将失败。{% comment %} https://github.com/github/enterprise2/pull/19321, https://github.com/github/enterprise2/pull/19299 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '推送到 Gist 时,可能会在后接收挂钩时触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '从早期版本升级时,可能无法生成后台作业工作进程,从而阻止合并拉取请求等基本功能。(更新时间:2020-04-07){% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}'
|
||||
- '推送到命令行上的存储库时,不会报告安全警报。(更新时间于 2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '依赖项关系图在具有多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新时间时间:2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
date: '2020-03-25'
|
||||
sections:
|
||||
bugs:
|
||||
- 'SAML 身份验证请求和元数据没有严格编码,导致一些标识提供者无法正确处理服务提供者发起的身份验证请求。{% comment %} https://github.com/github/github/pull/137150, https://github.com/github/github/pull/136770, https://github.com/github/github/issues/136766 {% endcomment %}'
|
||||
- '`ghe-migrator` 导出不含里程碑用户,可能会中断导入操作。{% comment %} https://github.com/github/github/pull/138100, https://github.com/github/github/pull/137987, https://github.com/github/github/issues/137779 {% endcomment %}'
|
||||
- '推送到 Gist 时,可能会在后接收挂钩时触发异常。{% comment %} https://github.com/github/github/pull/138460, https://github.com/github/github/pull/138313 {% endcomment %}'
|
||||
- '在尝试显示未完全复制的存储库时,`ghe-repl-status` 可能会失败。{% comment %} https://github.com/github/github/pull/138463, https://github.com/github/github/pull/138388 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '推送到 Gist 时,可能会在后接收挂钩时触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '从早期版本升级时,可能无法生成后台作业工作进程,从而阻止合并拉取请求等基本功能。(更新时间:2020-04-07){% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}'
|
||||
- '推送到命令行上的存储库时,不会报告安全警报。(更新时间于 2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '依赖项关系图在具有多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新时间时间:2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
date: '2020-04-07'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/19536, https://github.com/github/enterprise2/pull/19494 {% endcomment %}'
|
||||
bugs:
|
||||
- '当全球企业帐户设置了 100MB 以外的 Git 对象大小选项时,无法为存储库选择 100MB 大小的最大 Git 对象选项。{% comment %} https://github.com/github/github/pull/138805, https://github.com/github/github/pull/138683 {% endcomment %}'
|
||||
- '当按 `updated_at` 字段排序时,问题和拉取请求 API 的结果可能存在不一致的行为。{% comment %} https://github.com/github/github/pull/139247, https://github.com/github/github/pull/138486 {% endcomment %}'
|
||||
- '无法通过 GraphQL API 查询 SecurityVulnerability `package` 字段。{% comment %} https://github.com/github/github/pull/139418, https://github.com/github/github/pull/138245 {% endcomment %}'
|
||||
- '将存储库从*公共*更改为*内部*会显示一条不相关的计费消息。{% comment %} https://github.com/github/github/pull/139531, https://github.com/github/github/pull/139492 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新设置的 GitHub Enterprise Server 上,,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '当推送到 Gist 时,可能会在后接收挂钩期间触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '从以前的版本升级时,可能不会生成后台作业工作者,从而阻止基本功能,例如合并拉取请求。{% comment %} https://github.com/github/enterprise2/issues/19232 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。(2020 年 6 月 23 日更新){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '依赖项关系图在具有多个 Redis 节点的群集配置中部署时不会检测依赖项。(2020 年 6 月 30 日更新){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
date: '2020-04-23'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**高**:OpenSSL 已更新以解决 [CVE-2020-1967](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967)。{% comment %} https://github.com/github/enterprise2/pull/19889、https://github.com/github/enterprise2/pull/19885 {% endcomment %}'
|
||||
- '**高**:Git 已更新以解决 [CVE-2020-5260](https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q) 和 [CVE-2020-11008](https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7)。新限制可防止恶意存储库被推入服务器实例,从而保护尚未修补的客户端。{% comment %} https://github.com/github/git/pull/990 {% endcomment %}'
|
||||
- '**低**:ImageMagick 已更新以解决 [CVE-2019-10131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10131)。{% comment %} https://github.com/github/enterprise2/pull/19655、https://github.com/github/enterprise2/pull/19617 {% endcomment %}'
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/19809、https://github.com/github/enterprise2/pull/19792、https://github.com/github/enterprise2/pull/19899、https://github.com/github/enterprise2/pull/19882 {% endcomment %}'
|
||||
bugs:
|
||||
- 'Git 用户没有权限调用使用 Subversion 将现有存储库从 v4 格式转换为 v3 LRS 所需的进程。{% comment %} https://github.com/github/enterprise2/pull/19465、https://github.com/github/enterprise2/pull/19150 {% endcomment %}'
|
||||
- 'MySQL 配置中的不匹配可能导致备份在大型安装中失败。{% comment %} https://github.com/github/enterprise2/pull/19688、https://github.com/github/enterprise2/pull/19409、https://github.com/github/enterprise2/issues/19055 {% endcomment %}'
|
||||
- '从以前的版本升级时,后台作业工作进程有时不会生成,从而阻止诸如合并拉取请求等基本功能。{% comment %} https://github.com/github/enterprise2/pull/19771、https://github.com/github/enterprise2/pull/19712 {% endcomment %}'
|
||||
- "当 GitHub Enterprise Server 许可证包含非 ASCII 字符时,对管理控制台的 API `/setup/api/settings` 终结点的 `GET` 请求将导致内部服务器错误。{% comment %} https://github.com/github/enterprise2/pull/19790 {% endcomment %}"
|
||||
- '即使根帐户已锁定,恢复控制台也会提示输入根密码。{% comment %} https://github.com/github/enterprise2/pull/19810、https://github.com/github/enterprise2/pull/19788、https://github.com/github/enterprise2/issues/18425 {% endcomment %}'
|
||||
- '具有前导 UTF-8 字节顺序标记的 CODEOWNERS 文件将导致忽略所有代码所有者规则。{% comment %} https://github.com/github/github/pull/140974、https://github.com/github/github/pull/140729 {% endcomment %}'
|
||||
changes:
|
||||
- '当业务流程协调程序-客户端 cron 作业失败时,将向根帐户发送多封电子邮件。{% comment %} https://github.com/github/enterprise2/pull/19761、https://github.com/github/enterprise2/pull/19748 {% endcomment %}'
|
||||
- "当外部标识提供者控制用户的站点管理员状态时,无法通过命令行实用程序降级用户。{% comment %} https://github.com/github/github/pull/140522、https://github.com/github/github/pull/137807、https://github.com/github/github/issues/42727 {% endcomment %}"
|
||||
known_issues:
|
||||
- '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '推送到 Gist 时,可能会在后接收挂钩期间触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '推送到命令行上的存储库时,不会报告安全警报。(更新时间:2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '依赖项关系图在具有多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新时间:2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
date: '2020-05-05'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/20027, https://github.com/github/enterprise2/pull/19997 {% endcomment %}'
|
||||
bugs:
|
||||
- '`ghe-repl-start` 和 `ghe-repl-status` 显示了语法错误。{% comment %} https://github.com/github/enterprise2/pull/19954, https://github.com/github/enterprise2/pull/19927 {% endcomment %}'
|
||||
- '如果仓库启用了“自动删除头分支”设置,则当 GitHub App 安装合并拉取请求时,头部分支不会自动删除。{% comment %} https://github.com/github/github/pull/141588, https://github.com/github/github/pull/133698, https://github.com/github/github/pull/133871, https://github.com/github/github/issues/132588 {% endcomment %}'
|
||||
- '当组织成员恢复时,web 挂钩有效负载将 `ghost` 用户报告为发送者,而不是执行恢复的实际用户。{% comment %} https://github.com/github/github/pull/141731, https://github.com/github/github/pull/140609 {% endcomment %}'
|
||||
- '如果仓库启用了“自动删除头部分支”设置,则在头部仓库不同于基础仓库的地方,头部分支不会被自动删除。{% comment %} https://github.com/github/github/pull/142096, https://github.com/github/github/pull/133871 {% endcomment %}'
|
||||
- '临时文件的垃圾收集可能导致许可证验证错误。{% comment %} https://github.com/github/github/pull/142209, https://github.com/github/github/pull/142189 {% endcomment %}'
|
||||
- '在某些情况下,包括在首次创建仓库时,接收前挂钩将在没有为 GITHUBHUBB_REPO_PUBLIC 环境变量填写值的情况下运行。{% comment %} https://github.com/github/github/pull/139419, https://github.com/github/github/pull/136228, https://github.com/github/github/pull/134363 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS 跟踪的 [通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories) 文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '当推送到 Gist 时,可能会在后接收挂钩期间触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '推送到命令行上的存储库时,不会报告安全警报。(更新时间:2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '依赖项关系图在具有多个 Redis 节点的群集配置中部署时不会检测依赖项。(2020 年 6 月 30 日更新){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
date: '2020-05-19'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/20108, https://github.com/github/enterprise2/pull/20086 {% endcomment %}'
|
||||
bugs:
|
||||
- '许可证文件更新后,未正确重新加载服务,导致功能丢失。{% comment %} https://github.com/github/enterprise2/pull/20072, https://github.com/github/enterprise2/pull/19989 {% endcomment %}'
|
||||
- '如果响应正文过大,内部 API 请求更新依赖项关系图信息可能会失败。{% comment %} https://github.com/github/enterprise2/pull/20231, https://github.com/github/enterprise2/pull/20208 {% endcomment %}'
|
||||
- '未遵从某些 GraphQL 存储库连接的 `affiliations` 参数。{% comment %} https://github.com/github/github/pull/142036, https://github.com/github/github/pull/140658 {% endcomment %}'
|
||||
- '如果 SAML 电子邮件属性与 GitHub 用户电子邮件大小写形式不同,则无法通过 SSO 自动取消暂停用户。{% comment %} https://github.com/github/github/pull/143321, https://github.com/github/github/pull/142915 {% endcomment %}'
|
||||
- '将用户的成员身份恢复为组织没有在 Webhook 和审核日志有效负载中检测参与者。{% comment %} https://github.com/github/github/pull/143231, https://github.com/github/github/pull/140849 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪的文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '推送到 Gist 时,可能会在后接收挂钩时触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
|
||||
- '对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '推送到命令行上的仓库时,不会报告安全警报。(更新时间:2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '依赖项关系图在多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新时间:2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
date: '2020-06-02'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**高:**在 GitHub Enterprise Server API 中发现了一个不适当的访问控制漏洞,该漏洞允许组织成员升级权限,获得对组织内未经授权的存储库的访问权限。此漏洞影响 GitHub Enterprise Server 2.21 之前的所有版本。 为应对此问题,我们发布了 [CVE-2020-10516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10516)。此漏洞通过 [GitHub Bug 赏金计划](https://bounty.github.com)报告。{% comment %} https://github.com/github/github/pull/144454, https://github.com/github/github/pull/143444 {% endcomment %}'
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/20421, https://github.com/github/enterprise2/pull/20315 {% endcomment %}'
|
||||
bugs:
|
||||
- '面向 Internet 的 GitHub Enterprise Server 实例可以通过搜索引擎编制索引。{% comment %} https://github.com/github/github/pull/145073, https://github.com/github/github/pull/144973 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪的文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '推送到 Gist 时,可能会在后接收挂钩时触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
|
||||
- '对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '推送到命令行上的仓库时,不会报告安全警报。(更新时间:2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '依赖项关系图在多个 Redis 节点的群集配置中部署时不会检测依赖项。(更新时间:2020-06-30){% comment %} https://github.com/github/dependency-graph/issues/81 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,73 +0,0 @@
|
|||
date: '2020-06-09'
|
||||
sections:
|
||||
features:
|
||||
- '用户可以在从网页通知导航时可以就议题、拉请求及其他主题[管理通知](https://help.github.com/en/enterprise/2.21/user/github/managing-subscriptions-and-notifications-on-github/about-notifications)。{% comment %} https://github.com/github/enterprise-releases/issues/2135#issuecomment-633905096 {% endcomment %}'
|
||||
- '用户可以[将拉取请求转换回“草稿”](https://github.blog/changelog/2020-04-08-convert-pull-request-to-draft/) {% comment %} https://github.com/github/releases/issues/800 {% endcomment %}'
|
||||
- '[多行建议](https://github.blog/changelog/2020-04-15-multi-line-code-sugutions-general-availability/)可让用户在审查拉取请求时建议对多行代码进行特定的更改。{% comment %} https://github.com/github/releases/issues/810 {% endcomment %}'
|
||||
- '可以写入存储库的用户可以[隐藏作为“重复项”的议题评论或拉取请求](https://help.github.com/en/enterprise/2.21/user/github/building-a-strong-community/managing-disrutive-comments#hiding-a-comment)。{% comment %}https://github.com/github/github/pull/131746 {% endcomment %}'
|
||||
- '当[从模板创建存储库](https://help.github.com/en/enterprise/2.21/user/github/creating-cloning-and-archiving-repositeries/creating-a-repository-from-a-template)时,用户可以选择性地选择包含所有分支,而不仅仅是默认分支。{% comment %} https://github.com/github/releases/issues/580 {% endcomment %}'
|
||||
- '[问题项目卡包含链接的拉取请求部分](https://github.blog/changelog/2020-02-04-project-issue-cards-include-linked-pull-requests/),因此用户能够看到哪些开发工作与直接来源于项目板的问题有关。{% comment %} https://github.com/github/releases/issues/743 {% endcomment %}'
|
||||
- '反应 API 中有一组新的[“删除反应”终结点](https://developer.github.com/changes/2020-02-26-new-delete-reactions-endpoints/)。现有的“删除反应”终结点将在 2021 年初弃用。{% comment %} https://developer.github.com/changes/2020-02-26-new-delete-reactions-endpoints/ {% endcomment %}'
|
||||
- '有一组新的 [Teams API 终结点](https://developer.github.com/changes/2020-01-21-moving-the-team-api-endpoints/),允许 GitHub 缩放并长期支持 Teams API。现有 API 终结点将在 2021 年初弃用。{% comment %} https://developer.github.com/changes/2020-01-21-moving-the-team-api-endpoints/ {% endcomment %}'
|
||||
- '用户可以[在问题与拉取请求之间创建链接](https://help.github.com/en/enterprise/2.21/user/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#manually-linking-a-pull-request-to-an-issue),而无需在拉取请求描述中使用结束关键词。{% comment %} https://github.com/github/releases/issues/704 {% endcomment %}'
|
||||
security_fixes:
|
||||
- '在 GitHub Enterprise Server API 中发现了一个不适当的访问控制漏洞,该漏洞允许组织成员升级权限,获得对组织内未经授权的存储库的访问权限。此漏洞影响 GitHub Enterprise Server 2.21 之前的所有版本。为应对此问题,我们发布了 [CVE-2020-10516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10516)。此漏洞通过 [GitHub Bug 赏金计划](https://bounty.github.com/) 报告。{% comment %} https://developer.github.com/changes/2020-02-26-new-delete-reactions-endpoints/ {% endcomment %}'
|
||||
bugs:
|
||||
- "如果具有推送访问权限的用户将另一个用户的评论最小化,则该评论的作者即使特权不足,也可以将其取消减小化。{% comment %} https://github.com/github/github/pull/141237 {% endcomment %}"
|
||||
- '用户可能会意外地从问题模板编辑器和 Blob 编辑器中合并到主分支。{% comment %} https://github.com/github/github/pull/134483, https://github.com/github/github/pull/134323 {% endcomment %}'
|
||||
- '当用户从 GitHub 中删除帐户时,审核日志记录没有正确显示组织删除记录。{% comment %} https://github.com/github/github/pull/140940 {% endcomment %}'
|
||||
- '当前用户的 gist 头像将链接到一个不存在的 URL。{% comment %} https://github.com/github/github/pull/140925 {% endcomment %}'
|
||||
- '组织存储库选项卡计数不包括内部存储库。{% comment %} https://github.com/github/github/pull/136323 {% endcomment %}'
|
||||
- '在转移存储库时单击“显示所有团队”按钮造成了 500 错误。{% comment %} https://github.com/github/github/pull/134455 {% endcomment %}'
|
||||
- "长文件名可能会在显示“自上次查看以来发生的变化”标签或在差异文件视图上显示“显示富”差异时造成溢出问题。{% comment %} https://github.com/github/github/pull/134453 {% endcomment %}"
|
||||
- '组织团队的悬停卡误报其成员大小。{% comment %} https://github.com/github/github/pull/133879 {% endcomment %}'
|
||||
- '拉取请求审查评论弹出窗口有滚动问题。{% comment %} https://github.com/github/github/pull/141157 {% endcomment %}'
|
||||
- 'Haproxy 可能会饱和,导致 git 操作减速。{% comment %} https://github.com/github/enterprise2/issues/19322 {% endcomment %}'
|
||||
- '在 HA 副本升级后不自动启用依赖关系图功能。{% comment %} https://github.com/github/enterprise2/issues/18698 {% endcomment %}'
|
||||
- '对于有数千个草稿拉取请求的存储库,在版本索引页面上可能会触发超时。{% comment %} https://github.com/github/github/pull/131802 {% endcomment %}'
|
||||
- '无法同时通过状态和草稿过滤拉取请求。{% comment %} https://github.com/github/github/pull/132567 {% endcomment %}'
|
||||
- '如果拉取请求更改了子模块指针,然后从拉取请求页面的“已更改的文件”选项卡单击该子模块文件上的“编辑文件”,会导致 404 错误。{% comment %} https://github.com/github/github/pull/132448 {% endcomment %}'
|
||||
- '在大量删除该组织的所有用户和管理员之后,无法将用户添加到组织或删除组织。{% comment %} https://github.com/github/github/pull/132238 {% endcomment %}'
|
||||
- '当页面重新加载时,对“已更改的文件”页面上文件名中包含变音符号和非拉丁字符的文件的审核评论将消失。{% comment %} https://github.com/github/github/pull/131836 {% endcomment %}'
|
||||
- '“已查看”复选框的状态对“已更改的文件”页面上文件名中包含变音符号和非拉丁字符的文件不会保留。{% comment %} https://github.com/github/github/pull/131836 {% endcomment %}'
|
||||
- '拉取请求所有必需审查尚未完成时显示“已批准”徽章。{% comment %} https://github.com/github/github/pull/131823 {% endcomment %}'
|
||||
- '当在拥有超过 100 个标签的存储库中搜索标签时,标签下拉菜单为空。{% comment %} https://github.com/github/github/pull/131914 {% endcomment %}'
|
||||
- '显示带有非 UTF-8 标题注释的拉取请求页面在视图渲染中可能遇到编码错误。{% comment %} https://github.com/github/github/pull/138534 {% endcomment %}'
|
||||
- '在 OAuth 页面上刷新的竞争条件可能导致重定向执行两次。{% comment %} https://github.com/github/github/pull/131964 {% endcomment %}'
|
||||
- '如果有超过 10 个令牌,“个人访问令牌”页面将超时。{% comment %} https://github.com/github/github/pull/132064 {% endcomment %}'
|
||||
- '计划的 LDAP 用户和团队同步任务可能会在先前计划的同步任务仍在进行中时开始。已经实施锁定机制来防止新的同步任务在运行时启动。{% comment %} https://github.com/github/github/pull/139205, https://github.com/github/support/issues/429, https://github.com/github/github/issues/54386, https://github.com/github/iam/issues/40 {% endcomment %}'
|
||||
changes:
|
||||
- 'Web 通知界面,包括新的[状态](https://help.github.com/en/enterprise/2.21/user/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#triaging-options)、[筛选器](https://help.github.com/en/enterprise/2.21/user/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#supported-queries-for-custom-filters)和[快捷方式](https://help.github.com/en/enterprise/2.21/user/github/getting-started-with-github/keyboard-shortcuts#notifications),已经更新。{% comment %} https://github.com/github/enterprise-releases/issues/2135#issuecomment-633905096 {% endcomment %}'
|
||||
- '现在可以禁用在 LDAP 同步时重新激活 LDAP 用户。{% comment %} https://github.com/github/github/pull/139023 {% endcomment %}'
|
||||
- '已更新推送受保护分支措辞,以明确管理员总是可以推送,当状态检查通过时,具有维护角色的用户可以推送。{% comment %} https://github.com/github/github/pull/141555 {% endcomment %}'
|
||||
- '当建议与原始文本相同时,防止空白提交。{% comment %} https://github.com/github/github/pull/138587 {% endcomment %}'
|
||||
- '支持分页作为一种通过 REST API 在与提交相关的差异中获取更多文件的方式。{% comment %} https://github.com/github/github/pull/134341 {% endcomment %}'
|
||||
- '管理员可以在命令行中使用 `ghe-webhook-manage` 启用、禁用、删除 Webhook 或使用 Webhook ID 搜索 Webhook。{% comment %} https://github.com/github/enterprise2/pull/19027 {% endcomment %}'
|
||||
- '在手动清理合并的拉取请求的头部引用后,将会进行自动基础重新定位。{% comment %} https://github.com/github/github/pull/142133 {% endcomment %}'
|
||||
- 'SVG 文件在差异查看器中处理为文本和图像。{% comment %} https://github.com/github/render/pull/1129 {% endcomment %}'
|
||||
- '使用 REST API 创建和更新存储库时,可以设置“合并时自动删除分支”设置。{% comment %} https://github.com/github/github/pull/131728 {% endcomment %}'
|
||||
- '已添加一个新的终结点来通过 REST API 删除部署。{% comment %} https://github.com/github/github/pull/128733 {% endcomment %}'
|
||||
- '管理员可以[启用安全警报](https://help.github.com/en/enterprise/2.21/admin/installation/enabling-security alerts-for-vulnerable-dependencies-on-github-enterprise-server#enabling-security-alerts-for-vulnerable-dependencies-for-vulnerable-dependencies-on-github-enterprise-server),但禁用来自这些警报的所有通知。{% comment %} https://github.com/github/releases/issues/841 {% endcomment %}'
|
||||
- '页面日志显示访问 GitHub Pages 网站的用户登录。{% comment %} https://github.com/github/enterprise2/pull/19905 {% endcomment %}'
|
||||
- '企业成员可以导航到 `https://[ghes-hostname]/enterprises/[account-name]`,从一个视图查看他们作业企业帐户一部分所属的所有组织。{% comment %} https://github.com/github/releases/issues/832 {% endcomment %}'
|
||||
- '[分类和维护角色的 REST API 支持](https://developer.github.com/changes/2020-04-07-explining-rest-api-support-for-the-triage-and-server-roles/)已扩展。{% comment %} https://github.com/github/releases/issues/748 {% endcomment %}'
|
||||
- '用户可以使用 `@me` 搜索语法创建和分享解析到当前用户的搜索查询。{% comment %} https://github.com/github/github/pull/129624 {% endcomment %}'
|
||||
- '新发行模板配置选项已[添加](https://github.blog/changelog/2019-10-28-new-issue-template-configuration-options/)。{% comment %} https://github.com/github/releases/issues/660 {% endcomment %}'
|
||||
- 'MySQL 备份和恢复可靠性以及完成时间已得到改善。{% comment %} https://github.com/github/ghes-infrastructure/issues/162 {% endcomment %}'
|
||||
- '问题侧边栏、问题卡和问题列表中拉取请求和问题引用的[可见性已改进](https://github.blog/2020-02-06-get-more-information-at-a-glance-with-issue-and-pull-request-linking/)。{% comment %} https://github.com/github/releases/issues/704 {% endcomment %}'
|
||||
- '用户可以通过 `linked:pr` 或 `linked:issue` 过滤和搜索。{% comment %} https://github.com/github/releases/issues/744 {% endcomment %}'
|
||||
- 'MySQL 现在可在单个区域内自动故障转移以进行群集部署。{% comment %} https://github.com/github/ghes-infrastructure/issues/136 {% endcomment %}'
|
||||
- '用户可以比较两个版本之间的标签来确定发行版页面上发生了哪些更改。{% comment %} https://github.com/github/github/issues/107054 {% endcomment %}'
|
||||
- '默认情况下,过时的评论不再在拉取请求时间线上折叠。它们可以通过解析线程来折叠。{% comment %} https://github.com/github/enterprise-web/pull/6389#issuecomment-634201583 {% endcomment %}'
|
||||
- '管理员可以通过导航到“保留登录”stafftools 选项卡来查看保留供内部使用的登录列表。{% comment %} https://github.com/github/enterprise-web/pull/6389#issuecomment-637846206 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '推送到 Gist 时,可能会在后接收挂钩期间触发异常。{% comment %} https://github.com/github/github/issues/129091 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '推送到命令行上的存储库时,不会报告安全警报。(更新时间:2020-06-23){% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
|
||||
- "将存储库的权限配置为“会审”或“维护”失败,并显示错误消息。"
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
date: '2020-06-23'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/20747, https://github.com/github/enterprise2/pull/20727 {% endcomment %}'
|
||||
bugs:
|
||||
- '当使用 UDP 作为传输机制时,过大的日志事件可能导致日志转发不稳定。{% comment %} https://github.com/github/enterprise2/pull/20458, https://github.com/github/enterprise2/pull/20445 {% endcomment %}'
|
||||
- '用于访问 MySQL 的内部通信服务可能会比预期更频繁地重启,包括在升级过程中,这可能会导致升级部分失败。我们降低了重启率并使代码更加稳健。{% comment %} https://github.com/github/enterprise2/pull/20957, https://github.com/github/enterprise2/pull/20972, https://github.com/github/github/pull/146974 {% endcomment %}'
|
||||
- "如果 SSH 密钥属性具有已与用户帐户关联的密钥,则用户通过 SSO 进行的自动取消暂停未完成。{% comment %} https://github.com/github/github/pull/143475, https://github.com/github/github/pull/142927 {% endcomment %}"
|
||||
- '来自 REST API 的存储库权限哈希表示,对于可拉取访问内部存储库的业务成员,无法访问存储库。{% comment %} https://github.com/github/github/pull/144756, https://github.com/github/github/pull/144292 {% endcomment %}'
|
||||
- '“存储库问题删除”企业帐户策略未反映当前保存的设置。{% comment %} https://github.com/github/github/pull/145218, https://github.com/github/github/pull/145067 {% endcomment %}'
|
||||
- '审核日志不包括分支保护更改事件。{% comment %} https://github.com/github/github/pull/145998, https://github.com/github/github/pull/145014 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
|
||||
- "将存储库的权限配置为“会审”或“维护”失败,并显示错误消息。"
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
date: '2020-10-20'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/23096, https://github.com/github/enterprise2/pull/23081 {% endcomment %}'
|
||||
bugs:
|
||||
- '企业帐户“确认双因素要求策略”消息不正确。{% comment %} https://github.com/github/github/pull/158736 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
date: '2020-11-03'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**中:**高 CPU 使用可能被特殊构建的 SVN 桥请求触发,导致 SVN 桥服务上的拒绝服务 (DoS)。{% comment %} https://github.com/github/slumlord/pull/1004, https://github.com/github/slumlord/pull/1000 {% endcomment %}'
|
||||
- "**低:**不正确的令牌验证导致身份验证期间匹配令牌的熵减少。分析表明,在实践中,这里没有重大的安全风险。{% comment %} https://github.com/github/github/pull/159455, https://github.com/github/github/pull/159193 {% endcomment %}"
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/23539, https://github.com/github/enterprise2/pull/23171, https://github.com/github/enterprise2/pull/23692, https://github.com/github/enterprise2/pull/23677 {% endcomment %}'
|
||||
bugs:
|
||||
- '使用包含非 ASCII 字符的文件名编辑问题模板将会失败,并显示“500 内部服务器错误”。{% comment %} https://github.com/github/github/pull/160589, https://github.com/github/github/pull/159747 {% endcomment %}'
|
||||
- '背景作业的指标收集方法提高了 CPU 利用率。(更新时间:2020-11-03){% comment %} https://github.com/github/github/pull/160109 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。{% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
date: '2020-11-17'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/23844, https://github.com/github/enterprise2/pull/23712 {% endcomment %}'
|
||||
bugs:
|
||||
- 'Babeld 日志在秒与微秒之间缺少分隔符。{% comment %} https://github.com/github/babeld/pull/1005, https://github.com/github/babeld/pull/1002 {% endcomment %}'
|
||||
- '当企业帐户“存储库可见性更改”策略设置为“启用”时,组织所有者无法更改组织内存储库的可见性。{% comment %} https://github.com/github/github/pull/160921, https://github.com/github/github/pull/160773 {% endcomment %}'
|
||||
- '审核日志可以归因于 127.0.0.1,而不是实际的源 IP 地址。{% comment %} https://github.com/github/github/pull/162436, https://github.com/github/github/pull/161215 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
date: '2020-12-03'
|
||||
sections:
|
||||
bugs:
|
||||
- '由于 bootstrap 中的争用条件导致服务重启,授权服务被检测为运行不正常。{% comment %} https://github.com/github/authzd/pull/1278 {% endcomment %}'
|
||||
- '在热补丁升级过程中,一种潜在的行为导致服务不可用。{% comment %} https://github.com/github/enterprise2/pull/24054, https://github.com/github/enterprise2/issues/23947 {% endcomment %}'
|
||||
- '未正确应用日志转发 SSL 证书的子集。{% comment %} https://github.com/github/enterprise2/pull/24113, https://github.com/github/enterprise2/pull/23981 {% endcomment %}'
|
||||
- '发送电子邮件通知给已经从团队或组织中移除的已停用用户。{% comment %} https://github.com/github/github/pull/162971, https://github.com/github/github/pull/162742 {% endcomment %}'
|
||||
- '组织和企业之间应用 SSH 证书的方式不一致。{% comment %} https://github.com/github/github/pull/163426, https://github.com/github/github/pull/159538, https://github.com/github/authentication/issues/115 {% endcomment %}'
|
||||
- '当帐户因使用不正确的密码而受到速率限制时,可能被锁定长达 24 小时。{% comment %} https://github.com/github/github/pull/163436, https://github.com/github/github/pull/162938, https://github.com/github/github-ds/pull/51 {% endcomment %}'
|
||||
- '在具有许多引用的存储库上进行拉取请求同步可能导致工作进程队列落后。{% comment %} https://github.com/github/github/pull/163575, https://github.com/github/github/pull/163142 {% endcomment %}'
|
||||
- '在尝试访问特定页面后登录时,用户被发送到主页,而不是其预期目的地。{% comment %} https://github.com/github/github/pull/163784, https://github.com/github/github/pull/163579, https://github.com/github/github/pull/154117, https://github.com/github/ecosystem-apps/issues/1076 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
date: '2020-12-17'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**低:**高 CPU 使用可能被特殊构建的 SVN 桥请求触发,导致 SVN 桥服务上的拒绝服务 (DoS)。{% comment %} https://github.com/github/slumlord/pull/1021, https://github.com/github/slumlord/pull/1017 {% endcomment %}'
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/24352, https://github.com/github/enterprise2/pull/23866 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS 跟踪的 [通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories) 文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
date: '2021-03-02'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**高:**在 GitHub Enterprise Server 中发现了一个不适当的访问控制漏洞,该漏洞允许已通过身份验证的实例用户通过专门制定的拉取请求和 REST API 请求获得对未经授权存储库的写入权限。攻击者需要能够创建目标存储库分支,该设置默认为组织拥有的专用存储库禁用。分支保护(如所需的拉取请求审查或状态检查)将防止未经授权的提交在未进行进一步审查或验证的情况下合并。此漏洞编号为 CVE-2021-22861。此问题通过 [GitHub Bug 赏金计划](https://bounty.github.com) 报告。'
|
||||
- '**高:**在 GitHub Enterprise Server GraphQL API 中发现了一个不适当的访问控制漏洞,该漏洞允许已通过身份验证的实例用户在未经适当授权的情况下修改拉取请求的维护员协作权限。攻击者利用此漏洞将能够访问在他们作为维护员的存储库上打开的拉取请求的头部分支。默认情况下会为组织拥有的专用存储库禁用分支,可以防止此漏洞。此外,分支保护(如所需的拉取请求审查或状态检查)将防止未经授权的提交在未进行进一步审查或验证的情况下合并。此漏洞编号为 CVE-2021-22863。此问题通过 [GitHub Bug 赏金计划](https://bounty.github.com) 报告。'
|
||||
- '**高:**在 GitHub Enterprise Server 中发现了一个远程代码执行漏洞,该漏洞在生成 GitHub Pages 站点时可能会被利用。GitHub Pages 使用的基础分析程序的用户控制配置没有受到足够的限制,因此可以在 GitHub Enterprise Server 实例上执行命令。若要利用此漏洞,攻击者需要获得在 GitHub Enterprise Server 实例上创建和生成 GitHub Pages 站点的权限。该漏洞编号为 CVE-2020-10519,通过 [GitHub Bug 赏金计划](https://bounty.github.com/) 报告。'
|
||||
- '**中:**来自 GitHub Pages 生成的 GitHub 令牌最终可能会出现在日志中。'
|
||||
- '**低:**对 SVN 桥的专门制定请求可能会在失败前触发长时间的等待,从而导致拒绝服务 (DoS)。'
|
||||
- '包已更新到最新的安全版本。'
|
||||
bugs:
|
||||
- '在某些情况下,负载均衡器运行状况检查可能导致 babld 日志全是有关代理协议的错误。'
|
||||
- '在 GitHub Enterprise 备份实用程序快照期间,信息性消息被无意中记录为错误,这导致侦听输出到 stderr 的 cron 作业在安排备份时发送不必要的电子邮件。'
|
||||
- '在还原大型备份时,与 Redis 内存耗尽相关的异常记录可能导致还原因磁盘已满而失败。'
|
||||
- '用户在编辑 wiki 页面时,如果单击“保存”按钮,可能会遇到 500 错误。'
|
||||
- '使用主题替代名称中具有多个名称的证书签名的 S/MIME 签名提交将在提交提示标记中错误地显示为“未验证”。'
|
||||
- '已暂停的用户在添加到团队时会收到电子邮件。'
|
||||
- '当存储库具有大量清单时,“见解 ->依赖项关系图”选项卡上会显示错误“已达到此存储库允许的最大清单文件数 (20)”。有关详细信息,请参阅[可视化效果限制](https://docs.github.com/en/github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies#are-there-limits-which-affect-the-dependency-graph-data)。'
|
||||
- '上传与之前许可证文件不同席位数的新许可证文件时,企业帐户的“设置”->“许可证”页面中不会正确表示席位差异。'
|
||||
- '无法成功启用或禁用企业帐户设置中的“禁止存储库管理员更改匿名 Git 读取访问权限”复选框。'
|
||||
- 'GitHub Pages 生成失败时,电子邮件通知包含了错误的支持位置链接。'
|
||||
- '在闰年,用户在星期一尝试查看贡献活动时收到 404 响应。'
|
||||
- '无法访问浏览**部分,出现 500 内部服务器错误。'
|
||||
changes:
|
||||
- '添加了对 [AWS EC2 r5b 实例类型](https://aws.amazon.com/about-aws/whats-new/2020/12/introducing-new-amazon-ec2-r5b-instances-feuring-60-gbps-of-ebbandwidth-260K-iops/)的支持。'
|
||||
- '调整后台队列优先级,以更均匀地分配作业。'
|
||||
known_issues:
|
||||
- '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。'
|
||||
- '在升级期间不会维护自定义防火墙规则。'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。'
|
||||
- '对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。'
|
||||
- '推送到命令行上的仓库时,不会报告安全警报。'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
date: '2021-03-16'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- 从 GitHub Enterprise Server 中导入正在丢失存储库文件的存储库存档将失败并报告错误。
|
||||
known_issues:
|
||||
- 在没有任何用户的新设置的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
|
||||
- 在升级期间不会维护自定义防火墙规则。
|
||||
- "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。
|
||||
- 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- 在命令行上推送到存储库时不会报告安全警报。
|
||||
- "当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
date: '2021-03-23'
|
||||
intro: Downloads have been disabled due to a major bug affecting multiple customers. A fix will be available in the next patch.
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**HIGH:** A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned CVE-2021-22864.'
|
||||
- Packages have been updated to the latest security versions.
|
||||
bugs:
|
||||
- The `ghe-cluster-config-init` run was not fully accounting for the exit code of background jobs leading to improper handling of preflight checks.
|
||||
changes:
|
||||
- Logs will rotate based on size in addition to time.
|
||||
- Use a relative number for consul and nomad `bootstrap_expect` allowing for a cluster to bootstrap even if a handful of nodes are down.
|
||||
known_issues:
|
||||
- On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are not maintained during an upgrade.
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
|
||||
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
|
||||
- Security alerts are not reported when pushing to a repository on the command line.
|
||||
- |
|
||||
Log rotation may fail to signal services to transition to new log files, leading to older log files continuing to be used, and eventual root disk space exhaustion.
|
||||
To remedy and/or prevent this issue, run the following commands in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH), or contact [GitHub Enterprise Support](https://support.github.com/contact) for assistance:
|
||||
|
||||
```
|
||||
printf "PATH=/usr/local/sbin:/usr/local/bin:/usr/local/share/enterprise:/usr/sbin:/usr/bin:/sbin:/bin\n29,59 * * * * root /usr/sbin/logrotate /etc/logrotate.conf\n" | sudo sponge /etc/cron.d/logrotate
|
||||
sudo /usr/sbin/logrotate -f /etc/logrotate.conf
|
||||
```
|
||||
- When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
date: '2021-04-01'
|
||||
sections:
|
||||
security_fixes:
|
||||
- "**高:** 在 GitHub Enterprise Server 中发现了一个不适当的访问控制漏洞,该漏洞允许根据 GitHub 应用的 [Web 身份验证流](https://docs.github.com/en/developers/apps/identifying-and-authorizing-users-for-github-apps#web-application-flow) 生成的访问令牌通过 REST API 读取专用存储库元数据,而无需获取适当的权限。若要攻击这个漏洞,攻击者需要在实例上创建 GitHub 应用,并让用户通过 Web 身份验证流对应用程序进行授权。返回的专用存储库元数据将仅限于令牌标识的用户拥有的存储库。此漏洞影响 GitHub Enterprise Server 3.0.4 之前的所有版本,并已在 3.0.4、2.22.10 和 2.21.18 版本中修复。此漏洞编号为 CVE-2021-22865,并通过 [GitHub Bug 赏金计划](https://bounty.github.com/) 进行报告。"
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- 服务未作为日志轮换的一部分转换到新的日志文件,导致磁盘使用量增加。
|
||||
- 内部存储库搜索结果上的标签显示为“专用”而不是“内部”。
|
||||
known_issues:
|
||||
- 在没有任何用户的新设置的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
|
||||
- 在升级期间不会维护自定义防火墙规则。
|
||||
- "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则问题无法关闭。
|
||||
- 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- 在命令行上推送到存储库时不会报告安全警报。
|
||||
- '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
date: '2021-04-14'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- '在副本升级期间可能会出现警告消息 `jq: error (at <stdin>:0): Cannot index number with string "settings"`。'
|
||||
- 访问 `/settings/email` 页面会存储在退出登录并重新登录时可能导致错误重定向的状态。
|
||||
- 对于其通告在 `vulnerable_version_ranges` 中具有大写包名称的一些组件,未显示依赖项关系图警报。
|
||||
- 用户在配置了 LDAP 身份验证的实例上执行 git 操作时会看到 500 错误。
|
||||
- 当 ghe-migrator 遇到导入错误时,它有时会中止整个进程,但日志中没有包含足够的上下文。
|
||||
known_issues:
|
||||
- 在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
|
||||
- 在升级期间不会维护自定义防火墙规则。
|
||||
- "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- 在命令行上推送到存储库时不会报告安全警报。
|
||||
- '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
date: '2020-07-09'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**中:** 将 nginx 更新到 1.16.1 并解决了 CVE-2019-20372。(更新于 2020-07-22){% comment %} https://github.com/github/enterprise2/pull/21252 {% endcomment %}'
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/21089, https://github.com/github/enterprise2/pull/21036 {% endcomment %}'
|
||||
bugs:
|
||||
- '一些特定日志文件不会每 7 天轮换一次。{% comment %} https://github.com/github/enterprise2/pull/21279, https://github.com/github/enterprise2/pull/21264 {% endcomment %}'
|
||||
- '快速重新使用 webhook 源端口导致拒绝连接。{% comment %} https://github.com/github/enterprise2/pull/21286, https://github.com/github/enterprise2/pull/21280 {% endcomment %}'
|
||||
- '不正确的背景作业可能尝试在配置为被动副本的实例上运行。{% comment %} https://github.com/github/enterprise2/pull/21317, https://github.com/github/enterprise2/pull/21212, https://github.com/github/enterprise2/issues/21167 {% endcomment %}'
|
||||
- '节点之间的 VPN 可能会变得不稳定,导致记录错误并且可用的根卷空间被耗尽。{% comment %} https://github.com/github/enterprise2/pull/21360, https://github.com/github/enterprise2/pull/21357 {% endcomment %}'
|
||||
- '内部仓库未正确包含在启用 SAML 的组织的搜索结果中。{% comment %} https://github.com/github/github/pull/147505, https://github.com/github/github/pull/145692 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
|
||||
- "将存储库的权限配置为“会审”或“维护”失败,并显示错误消息。"
|
||||
- '当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
date: '2021-04-28'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- 在 MySQL 副本上运行的安装脚本可能导致数据库故障转移期间不必要的数据库重新播种。
|
||||
- '由于不必要地调用 `rake db:migrate`,`config-apply` 可能需要更长的时间。'
|
||||
- Orchestrator 可能已故障转移到 MySQL 副本,当主数据库无法连接时,它无法在播种阶段从主数据库复制。
|
||||
- 出现错误的组织或项目阻止了迁移,无法排除。
|
||||
changes:
|
||||
- 默认情况下,预检检查允许所有 AWS 实例类型。
|
||||
known_issues:
|
||||
- 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
|
||||
- 在升级期间不会维护自定义防火墙规则。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含文件路径长于 255 个字符的同一存储库中 blob 的永久链接,则问题无法关闭。
|
||||
- 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- 推送到命令行上的存储库时不报告安全警报。
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
date: '2021-05-13'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- 在配置应用阶段可以启用 Orchestrator 自动故障转移。
|
||||
- 具有存储库维护员权限的用户会收到电子邮件验证警告,而不是在存储库 Pages 设置页面上构建成功的页面。
|
||||
known_issues:
|
||||
- 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
|
||||
- 在升级期间不会维护自定义防火墙规则。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- 推送到命令行上的仓库时,不会报告安全警报。
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
date: '2021-05-25'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**中:**在某些情况下,从团队或组织中删除的用户可以保留对已打开现有拉取请求的分支的写入权限。'
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- 管理员使用“创建白名单条目”按钮添加的 IP 地址仍可能被锁定。
|
||||
- 在群集或 HA 环境中,GitHub Pages 构建可能在将会失败的次要节点上触发。
|
||||
known_issues:
|
||||
- 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。
|
||||
- 在升级期间不会维护自定义防火墙规则。
|
||||
- "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- 推送到命令行上的存储库时,不会报告安全警报。
|
||||
- '当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能会将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
date: '2021-06-10'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- "从 非 GitHub 源导入组织或仓库失败可能会产生 `undefined method '[]' for nil:NilClass` 错误。"
|
||||
changes:
|
||||
- GraphQL API 用户可在 `PullRequest` 对象上查询公共字段 `closingIssuesReferences`。该字段检索将在合并拉取请求时自动关闭的问题。这种方法还将允许将来迁移这些数据,作为更高保真度迁移过程的一部分。
|
||||
known_issues:
|
||||
- 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。"
|
||||
- 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接,则议题无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。
|
||||
- 推送到命令行上的仓库时不报告安全警报。
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
date: '2020-07-21'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/21438, https://github.com/github/enterprise2/pull/21402, https://github.com/github/enterprise2/pull/21496, https://github.com/github/enterprise2/pull/21479 {% endcomment %}'
|
||||
bugs:
|
||||
- '管理控制台监视图有时无法在更大的屏幕上正确显示。{% comment %} https://github.com/github/enterprise2/pull/21398, https://github.com/github/enterprise2/pull/21381 {% endcomment %}'
|
||||
- '应用 SameSite Cookie 策略时,GitHub 应用部件清单 (manifest) 创建流在某些情况下无法使用。{% comment %} https://github.com/github/github/pull/147829, https://github.com/github/github/pull/144121 {% endcomment %}'
|
||||
- "在某些情况下,访问“探索”页面会引发应用程序错误。{% comment %} https://github.com/github/github/pull/149605, https://github.com/github/github/pull/148949 {% endcomment %}"
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
|
||||
- "将存储库的权限配置为“会审”或“维护”失败,并显示错误消息。"
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
date: '2020-08-11'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '{% octicon "alert" aria-label="The alert icon" %} **关键:**在 GitHub Pages 中发现了一个远程执行代码漏洞,攻击者可利用该漏洞在构建 GitHub Pages 站点的过程中执行命令。此问题是由于在 Pages 构建过程中使用过时且易受攻击的依赖项造成的。要利用此漏洞,攻击者需要获得在 GitHub Enterprise Server 实例上创建和构建 GitHub Pages 站点的权限。 此漏洞影响 GitHub Enterprise Server 的所有版本。为了缓解此漏洞,Kramdown 已更新以解决 CVE-2020-14001。{% comment %} https://github.com/github/pages/pull/2835, https://github.com/github/pages/pull/2827 {% endcomment %}'
|
||||
- '**高:**在 GitHub Enterprise Server 上执行时,攻击者可以将恶意参数注入 Git 子命令。这可能使攻击者能够使用部分用户控制的内容覆盖任意文件,并可能在 GitHub Enterprise Server 实例上执行任意命令。要利用此漏洞,攻击者需要获得访问 GHES 实例中存储库的权限。但是,由于存在其他保护措施,我们无法确定积极利用此漏洞的方法。此漏洞通过 GitHub 安全 Bug 悬赏计划报告。{% comment %} https://github.com/github/github/pull/150936, https://github.com/github/github/pull/150634 {% endcomment %}'
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/21679, https://github.com/github/enterprise2/pull/21542, https://github.com/github/enterprise2/pull/21812, https://github.com/github/enterprise2/pull/21700 {% endcomment %}'
|
||||
bugs:
|
||||
- 'Consul 配置错误导致无法在独立实例上处理某些后台作业。{% comment %} https://github.com/github/enterprise2/pull/21463 {% endcomment %}'
|
||||
- '服务内存分配计算可能会将不正确或无限制的内存分配给某项服务,导致系统性能差。{% comment %} https://github.com/github/enterprise2/pull/21689 {% endcomment %}'
|
||||
- '未正确检测到 oVirt KVM 系统的虚拟化平台,从而在升级过程中造成问题。{% comment %} https://github.com/github/enterprise2/pull/21731, https://github.com/github/enterprise2/pull/21669 {% endcomment %}'
|
||||
- "通过 Git 命令行使用密码进行无效身份验证的错误消息未填充 URL 链接以添加适当的令牌或 SSH 密钥。{% comment %} https://github.com/github/github/pull/149607, https://github.com/github/github/pull/149351 {% endcomment %}"
|
||||
- '使用问题模板功能在用户存储库上创建问题可能失败,并出现内部服务器错误。{% comment %} https://github.com/github/github/pull/150173, https://github.com/github/github/pull/149445 {% endcomment %}'
|
||||
- '访问“探索”部分失败,出现 500 内部服务器错误。{% comment %} https://github.com/github/github/pull/150512, https://github.com/github/github/pull/150504 {% endcomment %}'
|
||||
- '在迁移到新实例的存储库上,无法按 *最近更新* 对问题进行排序。{% comment %} https://github.com/github/github/pull/150688, https://github.com/github/github/pull/149330 {% endcomment %}'
|
||||
- 'GitHub Connect 使用的是已弃用的 GitHub.com API 终结点。{% comment %} https://github.com/github/github/pull/150827, https://github.com/github/github/pull/150545 {% endcomment %}'
|
||||
- '为后台作业收集的内部指标导致不必要的 CPU 和内存使用。{% comment %} https://github.com/github/github/pull/151182, https://github.com/github/github/pull/147695 {% endcomment %}'
|
||||
- '404 页面的页脚中包含 GitHub.com 联系人和状态链接。{% comment %} https://github.com/github/github/pull/151315 {% endcomment %}'
|
||||
- '未发布功能的后台作业已排队,尚未处理。{% comment %} https://github.com/github/github/pull/151395, https://github.com/github/github/pull/146248 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
|
||||
- "将存储库的权限配置为“会审”或“维护”失败,并显示错误消息。"
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
date: '2020-08-12'
|
||||
sections:
|
||||
bugs:
|
||||
- '解决了在生成系统配置模板时可能导致高 CPU 使用率的问题。{% comment %} https://github.com/github/enterprise2/pull/21786, https://github.com/github/enterprise2/pull/21741 {% endcomment %}'
|
||||
- '最近对内存分配的更改可能导致系统性能降低 {% comment %} https://github.com/github/enterprise2/pull/22066 {% endcomment %}'
|
||||
- '运行数据库迁移时的临时连接问题可能导致数据丢失。{% comment %} https://github.com/github/enterprise2/pull/22128, https://github.com/github/enterprise2/pull/22100 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '在命令行上推送到存储库时不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '审核日志可归于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
|
||||
- "将存储库的权限配置为“会审”或“维护”失败,并显示错误消息。"
|
||||
- '当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
date: '2020-08-26'
|
||||
sections:
|
||||
security_fixes:
|
||||
- >-
|
||||
{% octicon "alert" aria-label="The alert icon" %} **Critical:** A remote code execution vulnerability was identified in GitHub Pages that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program. We have issued CVE-2020-10518. {% comment %} https://github.com/github/pages/pull/2882, https://github.com/github/pages/pull/2902, https://github.com/github/pages/pull/2894, https://github.com/github/pages/pull/2877, https://github.com/github/pages-gem/pull/700,
|
||||
https://github.com/github/pages/pull/2889, https://github.com/github/pages/pull/2899, https://github.com/github/pages/pull/2903, https://github.com/github/pages/pull/2890, https://github.com/github/pages/pull/2891, https://github.com/github/pages/pull/2884 {% endcomment %}
|
||||
- '**Medium:** An improper access control vulnerability was identified that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and has been assigned [CVE-2020-10517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10517). The vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com). {% comment %} https://github.com/github/github/pull/151986, https://github.com/github/github/pull/151713 {% endcomment %}'
|
||||
- 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/21853, https://github.com/github/enterprise2/pull/21828, https://github.com/github/enterprise2/pull/22154, https://github.com/github/enterprise2/pull/21920, https://github.com/github/enterprise2/pull/22216, https://github.com/github/enterprise2/pull/22190 {% endcomment %}'
|
||||
bugs:
|
||||
- 'A message was not logged when the ghe-config-apply process had finished running ghe-es-auto-expand. {% comment %} https://github.com/github/enterprise2/pull/22178, https://github.com/github/enterprise2/pull/22171 {% endcomment %}'
|
||||
- 'Excessive logging to the `syslog` file could occur on high-availability replicas if the primary appliance is unavailable. {% comment %} https://github.com/github/enterprise2/pull/22268, https://github.com/github/enterprise2/pull/22124 {% endcomment %}'
|
||||
- "Database re-seeding on a replica could fail with an error: `Got packet bigger than 'max_allowed_packet'` {% comment %} https://github.com/github/enterprise2/pull/22322, https://github.com/github/enterprise2/pull/20063 {% endcomment %}"
|
||||
- 'In some cases duplicate user data could cause a 500 error while running the ghe-license-usage script. {% comment %} https://github.com/github/github/pull/152637 {% endcomment %}'
|
||||
- 'Using `ghe-migrator`, the `add` command would fail to lock a repository when using the `--lock` flag. {% comment %} https://github.com/github/github/pull/152780, https://github.com/github/github/pull/152588 {% endcomment %}'
|
||||
changes:
|
||||
- 'In a high availability or geo-replication configuration, replica instances would exit maintenance mode when ghe-config-apply ran. {% comment %} https://github.com/github/enterprise2/pull/21777, https://github.com/github/enterprise2/pull/21440 {% endcomment %}'
|
||||
- "We've added support for the R5a and R5n AWS instance types. {% comment %} https://github.com/github/enterprise2/pull/21903, https://github.com/github/enterprise2/pull/21173 {% endcomment %}"
|
||||
- 'Removed the license seat count information on the administrative SSH MOTD due to a performance issue impacting GitHub Enterprise Server clusters. {% comment %} https://github.com/github/enterprise2/pull/21994, https://github.com/github/enterprise2/pull/21870 {% endcomment %}'
|
||||
known_issues:
|
||||
- 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- 'Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- 'Security alerts are not reported when pushing to a repository on the command line. {% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- 'Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. (updated 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
|
||||
- "Configuring a repository's permission to `Triage` or `Maintain` fails with an error message."
|
||||
- 'When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.'
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
date: '2020-09-08'
|
||||
sections:
|
||||
bugs:
|
||||
- '服务运行状况检查会造成会话增加,从而耗尽文件系统 Inode。{% comment %} https://github.com/github/enterprise2/pull/22481, https://github.com/github/enterprise2/pull/22475 {% endcomment %}'
|
||||
- "使用热补丁的升级可能会失败,并显示错误:“未找到 'libdbi1'”{% comment %} https://github.com/github/enterprise2/pull/22556, https://github.com/github/enterprise2/pull/22552 {% endcomment %}"
|
||||
- "将存储库的权限配置为“会审”或“维护”不再失败。"
|
||||
known_issues:
|
||||
- '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪的文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '推送到命令行上的仓库时,不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
date: '2020-09-23'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**中**:ImageMagick 已经更新,可解决 [DSA-4715-1](https://www.debian.org/security/2020/dsa-4715). {% comment %} https://github.com/github/enterprise2/pull/22621, https://github.com/github/enterprise2/pull/22610 {% endcomment %}'
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/22571, https://github.com/github/enterprise2/pull/22426, https://github.com/github/enterprise2/pull/22602, https://github.com/github/enterprise2/pull/22592, https://github.com/github/enterprise2/pull/22719, https://github.com/github/enterprise2/pull/22699 {% endcomment %}'
|
||||
bugs:
|
||||
- '管理员无法看到已交付的存储库 Webhook,而是看到“抱歉,出错了,我们无法提取此挂钩的交付”。{% comment %} https://github.com/github/authzd/pull/1181, https://github.com/github/authzd/pull/980 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪的文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '推送到命令行上的仓库时,不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新时间:2020-11-02){% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
date: '2020-10-09'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**LDAP** 目录用户名标准化为现有 GHES 帐户登录的用户可以验证现有帐户。{% comment %} https://github.com/github/github/pull/156517, https://github.com/github/github/pull/155512 {% endcomment %}'
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/22911, https://github.com/github/enterprise2/pull/22878 {% endcomment %}'
|
||||
bugs:
|
||||
- '管理控制台中的 NameID 格式下拉列表将在设置为“持久”之后重置为“未指定”。 {% comment %} https://github.com/github/enterprise2/pull/22402, https://github.com/github/enterprise2/pull/22331, https://github.com/github/enterprise2/issues/13446 {% endcomment %}'
|
||||
- '通过[管理控制台](/admin/configuration/accessing-the-management-console) 保存设置将附加一个新行到 [TLS/SSL 证书和密钥](/admin/configuration/configuring-tls) 文件,这触发了某些服务的不必要重新加载。 {% comment %} https://github.com/github/enterprise2/pull/22608, https://github.com/github/enterprise2/pull/22540 {% endcomment %}'
|
||||
- '依赖项关系图的系统日志没有轮换,允许无限存储增长。{% comment %} https://github.com/github/enterprise2/pull/22766, https://github.com/github/enterprise2/pull/22733 {% endcomment %}'
|
||||
- '如果请求的工人覆盖设置在使用中,升级可能会失败。{% comment %} https://github.com/github/enterprise2/pull/22838, https://github.com/github/enterprise2/pull/22814 {% endcomment %}'
|
||||
- '使用 `ghe-migrator` 导入仓库时,如果数据不一致,可能发生意外异常。{% comment %} https://github.com/github/github/pull/153849, https://github.com/github/github/pull/151552 {% endcomment %}'
|
||||
- '到 GitHub 安全通告的链接将使用 GitHub Enterprise Server 实例主机名的 URL 而不是 GitHub.com,将用户引导到不存在的 URL。{% comment %} https://github.com/github/github/pull/153853, https://github.com/github/github/pull/151301 {% endcomment %}'
|
||||
- '当使用的身份验证模式不支持内置双重身份验证时,企业帐户安全设置页面显示用于“双重身份验证”设置的“查看组织当前配置”链接。{% comment %} https://github.com/github/github/pull/153861 {% endcomment %}'
|
||||
- '当使用 `ghe-migrator` 导入 PR 审核请求时,与删除用户相关的记录将产生外部数据库记录。 {% comment %} https://github.com/github/github/pull/154959, https://github.com/github/github/pull/153169 {% endcomment %}'
|
||||
- '使用 "ghe-migrator" 导入用户时,如果系统生成的电子邮件地址超过 100 个字符,则会出现“电子邮件无效”的错误。{% comment %} https://github.com/github/github/pull/155110, https://github.com/github/github/pull/152418 {% endcomment %}'
|
||||
- '记录 web 挂钩活动可能会使用大量的磁盘空间,并导致根盘变满。{% comment %} https://github.com/github/github/pull/155656, https://github.com/github/github/pull/154100 {% endcomment %}'
|
||||
changes:
|
||||
- '为 AWS EC2 实例类型 `m5.16xlarge` 添加了支持。{% comment %} https://github.com/github/enterprise2/pull/22501, https://github.com/github/enterprise2/pull/22473 {% endcomment %}'
|
||||
- '删除 `ghe-migrator` 档案中 SSH 指纹的要求,因为它可以随时计算。{% comment %} https://github.com/github/github/pull/156945, https://github.com/github/github/pull/155387 {% endcomment %}'
|
||||
- 'GitHub App 清单现在包含 `request_oauth_on_install` 字段。{% comment %} https://github.com/github/github/pull/156994, https://github.com/github/github/pull/155010, https://github.com/github/ecosystem-apps/issues/1055 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- 'Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '议题若是包含同一仓库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。 {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '推送到命令行上的仓库时,不会报告安全警报。{% comment %} https://github.com/github/github/issues/143190 {% endcomment %}'
|
||||
- '审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。(更新于 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,143 +0,0 @@
|
|||
intro: GitHub is excited to present GitHub Enterprise Server 2.22.0.
|
||||
date: '2020-09-23'
|
||||
sections:
|
||||
features:
|
||||
- heading: GitHub Actions Beta
|
||||
notes:
|
||||
- |
|
||||
[GitHub Actions](https://github.com/features/actions) is a powerful, flexible solution for CI/CD and workflow automation. GitHub Actions on Enterprise Server includes tools to help you manage the service, including key metrics in the Management Console, audit logs and access controls to help you control the roll out.
|
||||
|
||||
You will need to provide your own [storage](https://docs.github.com/en/enterprise/2.22/admin/github-actions/enabling-github-actions-and-configuring-storage) and runners for GitHub Actions. AWS S3, Azure Blob Storage and MinIO are supported. Please review the [updated minimum requirements for your platform](https://docs.github.com/en/enterprise/2.22/admin/installation/setting-up-a-github-enterprise-server-instance) before you turn on GitHub Actions. To learn more, contact the GitHub Sales team or [sign up for the beta](https://resources.github.com/beta-signup/). {% comment %} https://github.com/github/releases/issues/775 {% endcomment %}
|
||||
|
||||
- heading: GitHub Packages Beta
|
||||
notes:
|
||||
- |
|
||||
[GitHub Packages](https://github.com/features/packages) is a package hosting service, natively integrated with GitHub APIs, Actions, and webhooks. Create an [end-to-end DevOps workflow](https://docs.github.com/en/enterprise/2.22/admin/packages/configuring-packages-support-for-your-enterprise) that includes your code, continuous integration, and deployment solutions.
|
||||
|
||||
Supported storage back ends include AWS S3 and MinIO with support for Azure blob coming in a future release. Please note that the current Docker support will be replaced by a beta of the new GitHub Container Registry in the next release. Please review the [updated minimum requirements for your platform](https://docs.github.com/en/enterprise/2.22/admin/installation/setting-up-a-github-enterprise-server-instance) before you turn on GitHub Packages. To learn more, contact the GitHub Sales team or [sign up for the beta](https://resources.github.com/beta-signup/). {% comment %} https://github.com/github/releases/issues/773 {% endcomment %}
|
||||
|
||||
- heading: Advanced Security Code Scanning Beta
|
||||
notes:
|
||||
- |
|
||||
[GitHub Advanced Security code scanning](https://github.com/features/security) is a developer-first, GitHub-native static application security testing (SAST). Easily find security vulnerabilities before they reach production, all powered by the world’s most powerful code analysis engine: CodeQL.
|
||||
|
||||
Administrators using GitHub Advanced Security can [sign up for](https://resources.github.com/beta-signup/) and [enable](https://docs.github.com/en/enterprise/2.22/admin/configuration/configuring-code-scanning-for-your-appliance) GitHub Advanced Security code scanning beta. Please review the [updated minimum requirements for your platform](https://docs.github.com/en/enterprise/2.22/admin/installation/setting-up-a-github-enterprise-server-instance) before you turn on GitHub Advanced Security code scanning. {% comment %} https://github.com/github/releases/issues/768 {% endcomment %}
|
||||
|
||||
- heading: Pull Request Retargeting
|
||||
notes:
|
||||
- |
|
||||
When a [pull request's head branch](https://docs.github.com/en/enterprise/2.22/user/github/collaborating-with-issues-and-pull-requests/about-branches#working-with-branches) is merged and deleted, all other open pull requests in the same repository that target this branch are now retargeted to the merged pull request's base branch. Previously these pull requests were closed. {% comment %} https://github.com/github/releases/issues/801 {% endcomment %}
|
||||
|
||||
- heading: Suspend and Unsuspend an App Installation
|
||||
notes:
|
||||
- |
|
||||
Administrators and users can [suspend any GitHub App’s access](https://docs.github.com/enterprise/2.22/user/rest/reference/apps#suspend-an-app-installation) for as long as needed, and [unsuspend the app](https://docs.github.com/enterprise/2.22/user/rest/reference/apps#unsuspend-an-app-installation) on command through Settings and the API. Suspended apps cannot access the GitHub API or webhook events. You can use this instead of uninstalling an application, which deauthorises every user. {% comment %} https://github.com/github/github/pull/138316 https://github.com/github/github/pull/150869 {% endcomment %}''
|
||||
|
||||
- heading: Improved Large Scale Performance
|
||||
notes:
|
||||
- |
|
||||
We have revised the approach we take to scheduling network maintenance for repositories, ensuring large monorepos are able to avoid failure states. {% comment %} https://github.com/github/github/pull/146789, https://github.com/github/github/pull/147931, https://github.com/github/github/pull/146724, https://github.com/github/git-protocols/issues/94 {% endcomment %}''
|
||||
|
||||
Passive replicas are now [supported and configurable on GitHub Enterprise Server cluster deployments](https://docs.github.com/en/enterprise/2.22/admin/enterprise-management/configuring-high-availability-replication-for-a-cluster). These changes will enable faster failover, reducing RTO and RPO. {% comment %} https://github.com/github/releases/issues/905 {% endcomment %}
|
||||
|
||||
- heading: View All of Your Users
|
||||
notes:
|
||||
- |
|
||||
For exceptionally large teams, administrators can [adjust the 1,500 default maximum for user lists](https://docs.github.com/en/enterprise/2.22/admin/configuration/command-line-utilities#ghe-config). {% comment %} https://github.com/github/github/pull/146508 {% endcomment %}''
|
||||
|
||||
changes:
|
||||
- heading: Administration Changes
|
||||
notes:
|
||||
- Shared workers have been enabled to make live updates more resilient by sharing connections across tabs. {% comment %} https://github.com/github/releases/issues/914 {% endcomment %}
|
||||
- The "Contact Support" link on `50x` error pages now links to the support email or link configured in the Management Console. {% comment %} https://github.com/github/github/pull/142123 {% endcomment %}
|
||||
- It's now possible to [manage global announcements and expiration dates through the enterprise account settings](https://docs.github.com/en/enterprise/2.22/admin/installation/command-line-utilities#ghe-announce). {% comment %} https://github.com/github/releases/issues/945, https://github.com/github/github/pull/148475, https://github.com/github/github/pull/148494 {% endcomment %}
|
||||
- You can now [exempt certain users from the default API rate limits configured in the management console](https://docs.github.com/en/enterprise/2.22/admin/configuration/configuring-rate-limits), if necessary. {% comment %} https://github.com/github/github/pull/148673 {% endcomment %}
|
||||
- Repository administrators can now [set their repository to any available visibility option](https://docs.github.com/en/enterprise/2.22/user/github/administering-a-repository/setting-repository-visibility) from a single dialog in the repository's settings. Previously, you had to navigate separate sections, buttons, and dialog boxes for changing between public and private and between private and internal. {% comment %} https://github.com/github/releases/issues/882 {% endcomment %}
|
||||
- A new Enterprise settings link on the user dropdown menu makes it easier to navigate to Enterprise Account Settings. {% comment %} https://github.com/github/releases/issues/946, https://github.com/github/github/pull/150595, https://github.com/github/github/pull/150520, https://github.com/github/github/pull/151121, https://github.com/github/hydro-schemas/pull/1244 {% endcomment %}
|
||||
- The legacy "Admin Center" link on the /stafftools page has been removed. The "Enterprise" link is now the best way to navigate to the Enterprise Account from the /stafftools page. {% comment %} https://github.com/github/github/pull/147633 {% endcomment %}
|
||||
- The Options sub-menu item in the Enterprise Account settings has been moved from the Settings section to the Policies section. {% comment %} https://github.com/github/releases/issues/944, https://github.com/github/github/pull/148477 {% endcomment %}
|
||||
- '[Accessing resources by using a personal access token or SSH key now counts as user activity](https://docs.github.com/en/enterprise/2.22/admin/user-management/managing-dormant-users). This relieves administrators from the burden of filtering out certain users from the user dormancy reports and makes it safer to use the "Suspend all" button without accidentally suspending users who only accessed GitHub in a read-only way over the APIs with a Personal Access Token (PAT) or SSH key. {% comment %} https://github.com/github/github/pull/140433, https://github.com/github/help-docs/pull/14853, https://github.com/github/customer-feedback/issues/174, https://github.com/github/supportability/issues/14 {% endcomment %}'
|
||||
|
||||
- heading: Security Changes
|
||||
notes:
|
||||
- Two-factor recovery codes can no longer be used during the two-factor sign in process. One-Time-Passwords are the only acceptable values. {% comment %} https://github.com/github/github/pull/145016, https://github.com/github/github/pull/140208 {% endcomment %}
|
||||
- When a user is signed into GitHub Enterprise Server through single sign-on, the [default repository visibility selection is Private](https://docs.github.com/en/enterprise/2.22/user/github/administering-a-repository/setting-repository-visibility). {% comment %} https://github.com/github/releases/issues/872 {% endcomment %}
|
||||
- Owners of GitHub Apps can now choose to have their [user-to-server access tokens expire after 8 hours](https://developer.github.com/changes/2020-04-30-expiring-user-to-server-access-tokens-for-github-apps/), to help enforce regular token rotation and reduce the impact of a compromised token. {% comment %} https://github.com/github/releases/issues/966 {% endcomment %}
|
||||
|
||||
- heading: Developer Changes
|
||||
notes:
|
||||
- '[The GitHub UI has undergone a design refresh](https://github.blog/changelog/2020-06-23-design-updates-to-repositories-and-github-ui/), and the repositories homepage has been redesigned, including a responsive layout and improved mobile web experience. {% comment %} https://github.com/github/releases/issues/886 {% endcomment %}'
|
||||
- In the "Clone with SSH" repository dropdown menu, users will now be notified if they do not have any keys setup. {% comment %} https://github.com/github/github/pull/149098 {% endcomment %}
|
||||
- Commits are now ordered chronologically in the pull request timeline and commits tab. This new ordering is also reflected in the ["List commits on a pull request"](https://docs.github.com/en/enterprise/2.22/user/rest/reference/pulls#list-commits-on-a-pull-request) REST API and GraphQL ["PullRequest object"](https://docs.github.com/en/enterprise/2.22/user/graphql/reference/objects#pullrequest) timeline connection. {% comment %} https://github.com/github/releases/issues/867 {% endcomment %}
|
||||
- Users can now [set a skin tone default for emoji autocomplete results](https://github.blog/changelog/2020-07-17-customizable-skin-tones-in-emoji-autocomplete/) in comment text areas. {% comment %} https://github.com/github/releases/issues/916 {% endcomment %}
|
||||
- '[Tree-sitter](https://github.com/tree-sitter/tree-sitter) improves syntax highlighting and is now the default library used for language parsing. {% comment %} https://github.com/github/releases/issues/918, https://github.com/github/windrose/issues/44 {% endcomment %}'
|
||||
|
||||
- heading: Users and organizations can add Twitter usernames to their GitHub profiles
|
||||
notes:
|
||||
- '[Developers and organizations can now add their Twitter username to their profile](https://github.blog/changelog/2020-07-22-users-and-organizations-can-now-add-twitter-usernames-to-their-github-profiles/) {% comment %} https://github.com/github/github/pull/145127 {% endcomment %}'
|
||||
|
||||
- heading: API Changes
|
||||
notes:
|
||||
- |
|
||||
#### Graduated Previews
|
||||
|
||||
The following previews are now an official part of the API:
|
||||
* The GitHub Apps API and endpoints that returned the `performed_via_github_app` property no longer require the [`machine-man`](https://developer.github.com/changes/2020-08-20-graduate-machine-man-and-sailor-v-previews/) preview header. {% comment %} https://github.com/github/releases/issues/965 {% endcomment %}
|
||||
* To add and view a lock reason to an issue, you no longer need to use the [`sailor-v`](https://developer.github.com/changes/2020-08-20-graduate-machine-man-and-sailor-v-previews/) preview header. {% comment %} https://github.com/github/github/pull/143676 {% endcomment %}
|
||||
|
||||
- |
|
||||
#### GraphQL Schema Changes
|
||||
|
||||
* [The GraphQL schema changes](https://docs.github.com/enterprise/2.22/user/graphql/overview/changelog) include backwards-compatible changes, schema previews, and upcoming breaking changes.
|
||||
|
||||
- heading: VMware Network Driver Changes
|
||||
notes:
|
||||
- |
|
||||
The GitHub Enterprise Server default network adapter type for VMware customers has been changed from E1000 to VMXNET3, starting with release 2.22.0. When upgrading from an earlier release to 2.22.0 or newer, if an E1000 network adapter is detected during the pre-upgrade check, the following message will be displayed at the command line:
|
||||
|
||||
```
|
||||
WARNING: Your virtual appliance is currently using an emulated Intel E1000 network adapter.
|
||||
For optimal performance, please update the virtual machine configuration on your VMware host to use the VMXNET3 driver.
|
||||
Proceed with installation? [y/N]
|
||||
```
|
||||
|
||||
The administrator can choose to update the network adapter type to VMXNET3 either before or after the GitHub Enterprise Server upgrade. The virtual appliance will need to be shutdown for this change. Customers should follow the VMware recommended steps for [changing the virtual machine network adapter configuration](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-3719A0BE-4B4A-44FF-8A21-290950918FBD.html) to VMXNET3. Please note that `VMXNET3` will not be an option if the OS version for the virtual appliance is set to `Other Linux (64-bit)`. In that case, the OS version would first need to be changed from `Other Linux (64-bit)` to `Other 2.6.x Linux (64-bit)` or if available, `Debian GNU/Linux 9` . We recommend testing these changes on a [staging instance](https://docs.github.com/en/enterprise-server@2.22/admin/installation/setting-up-a-staging-instance) before it is performed on a production GitHub Enterprise Server. {% comment %} https://github.com/github/ghes-infrastructure/issues/781 {% endcomment %}
|
||||
|
||||
bugs:
|
||||
- The stafftools page for viewing pending collaborator showed a `500 Internal Server Error` when there was a pending email invite. {% comment %} https://github.com/github/github/pull/150836 {% endcomment %}
|
||||
- The Repository Health Check in stafftools could give incorrect results on busy repositories. {% comment %} https://github.com/github/github/pull/151160 {% endcomment %}
|
||||
- A logged in user trying to accept an email invitation could get a `404 Not Found` error. {% comment %} https://github.com/github/github/pull/150848 {% endcomment %}
|
||||
- If a user navigated to a repository whose name started with "repositories.", they were redirected to the owner's "Repositories" tab instead of landing on the repository overview page. {% comment %} https://github.com/github/github/pull/149704 {% endcomment %}
|
||||
- Labels in the dashboard timeline did not have enough contrast. {% comment %} https://github.com/github/github/pull/146749 {% endcomment %}
|
||||
|
||||
deprecations:
|
||||
- heading: Upcoming Deprecation of GitHub Enterprise Server 2.19
|
||||
notes:
|
||||
- '**GitHub Enterprise Server 2.19 will be deprecated as of November 12, 2020** That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, [upgrade to the newest version of GitHub Enterprise Server](https://help.github.com/enterprise/admin/guides/installation/upgrading-github-enterprise/) as soon as possible.'
|
||||
- heading: Deprecation of Legacy GitHub App Webhook Events
|
||||
notes:
|
||||
- Starting with GitHub Enterprise Server 2.21.0 two legacy GitHub Apps-related webhook events have been deprecated and will be removed in GitHub Enterprise Server 2.25.0. The deprecated events `integration_installation` and `integration_installation_repositories` have equivalent events which will be supported. More information is available in the [deprecation announcement blog post](https://developer.github.com/changes/2020-04-15-replacing-the-installation-and-installation-repositories-events/). {% comment %} https://github.com/github/enterprise-web/pull/6419#issuecomment-668303461 {% endcomment %}
|
||||
- heading: Deprecation of Legacy GitHub Apps Endpoint
|
||||
notes:
|
||||
- Starting with GitHub Enterprise Server 2.21.0 the legacy GitHub Apps endpoint for creating installation access tokens was deprecated and will be removed in GitHub Enterprise Server 2.25.0. More information is available in the [deprecation announcement blog post](https://developer.github.com/changes/2020-04-15-replacing-create-installation-access-token-endpoint/). {% comment %} https://github.com/github/enterprise-web/pull/6419#issuecomment-668303461 {% endcomment %}
|
||||
- heading: Deprecation of OAuth Application API
|
||||
notes:
|
||||
- GitHub no longer supports the OAuth application endpoints that contain `access_token` as a path parameter. We have introduced new endpoints that allow you to securely manage tokens for OAuth Apps by moving `access_token` to the request body. While deprecated, the endpoints are still accessible in this version. We intend to remove these endpoints on GitHub Enterprise Server 3.4. For more information, see the [deprecation announcement blog post](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/).
|
||||
|
||||
backups:
|
||||
- GitHub Enterprise Server 2.22 requires at least [GitHub Enterprise Backup Utilities](https://github.com/github/backup-utils) 2.22.0 for [Backups and Disaster Recovery](https://help.github.com/enterprise/2.22/admin/guides/installation/backups-and-disaster-recovery/).
|
||||
|
||||
known_issues:
|
||||
- On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}
|
||||
- Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}
|
||||
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}
|
||||
- The Name ID Format dropdown in the Management Console resets to "unspecified" after setting instance to "persistent". {% comment %} https://github.com/github/enterprise2/issues/13446 {% endcomment %}
|
||||
- The repository Settings page of a repository for a user or organization GitHub Pages sites will fail with a "500 Internal Server Error". {% comment %} https://github.com/github/github/issues/156183 {% endcomment %}
|
||||
- Users may experience slower Git clone and fetch performance on an instance with high availability replicas due to reads being forwarded to a different node. {% comment %} https://github.com/github/spokesd/issues/746 {% endcomment %}
|
||||
- '[Creating a GitHub App from a manifest](https://docs.github.com/en/enterprise/2.22/user/developers/apps/creating-a-github-app-from-a-manifest) fails. To work around this issue, users can follow the manual instructions for [creating a GitHub App](https://docs.github.com/en/enterprise/2.22/user/developers/apps/creating-a-github-app). {% comment %} https://github.com/github/enterprise2/issues/22849 {% endcomment %}'
|
||||
- GitHub usernames may change unintentionally when using SAML authentication, if the GitHub username does not match the value of the attribute mapped to the `username` field in the Management Console. (updated 2020-10-08) {% comment %} https://github.com/github/external-identities/issues/335 {% endcomment %}
|
||||
- On a freshly set up 2.22.0 instance or after upgrading to 2.22.0, the activity feed on an organization's dashboard will no longer update. (updated 2020-10-27) {% comment %}https://github.com/github/enterprise2/issues/23050{% endcomment %}
|
||||
- Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. (updated 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}
|
||||
- When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
|
||||
|
|
@ -1,74 +0,0 @@
|
|||
date: '2020-10-09'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**MEDIUM**: ImageMagick has been updated to address [DSA-4715-1](https://www.debian.org/security/2020/dsa-4715). {% comment %} https://github.com/github/enterprise2/pull/22623, https://github.com/github/enterprise2/pull/22610 {% endcomment %}'
|
||||
- 'Requests from a GitHub App integration to refresh an OAuth access token would be accepted if sent with a different, valid OAuth client ID and client secret than was used to create the refresh token. {% comment %} https://github.com/github/github/pull/154921, https://github.com/github/github/pull/154423, https://github.com/github/ecosystem-apps/issues/1066 {% endcomment %}'
|
||||
- 'A user whose LDAP directory username standardizes to an existing GHES account login could authenticate into the existing account. {% comment %} https://github.com/github/github/pull/156513, https://github.com/github/github/pull/155512 {% endcomment %}'
|
||||
- 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/22912, https://github.com/github/enterprise2/pull/22878 {% endcomment %}'
|
||||
|
||||
bugs:
|
||||
- |
|
||||
The NameID Format dropdown in the Management Console would be reset to "unspecified" after setting it to "persistent". {% comment %} https://github.com/github/enterprise2/pull/22376, https://github.com/github/enterprise2/pull/22331, https://github.com/github/enterprise2/issues/13446 {% endcomment %}
|
||||
- |
|
||||
Upgrading using a hotpatch could fail with an error: `'libdbi1' was not found` {% comment %} https://github.com/github/enterprise2/pull/22557, https://github.com/github/enterprise2/pull/22552 {% endcomment %}
|
||||
- |
|
||||
Saving settings via the [management console](/admin/configuration/accessing-the-management-console) would append a newline to the [TLS/SSL certificate and key](/admin/configuration/configuring-tls) files which triggered unnecessary reloading of some services. {% comment %} https://github.com/github/enterprise2/pull/22570, https://github.com/github/enterprise2/pull/22540 {% endcomment %}
|
||||
- |
|
||||
System logs for Dependency Graph were not rotating, allowing unbounded storage growth. {% comment %} https://github.com/github/enterprise2/pull/22767, https://github.com/github/enterprise2/pull/22733 {% endcomment %}
|
||||
- |
|
||||
The MS SQL Server performance graph showed statistics from the primary instance even when a replica was selected. {% comment %} https://github.com/github/enterprise2/pull/22778, https://github.com/github/enterprise2/pull/22750 {% endcomment %}
|
||||
- |
|
||||
`ghe-actions-precheck` would silently exit without running the storage checks if Actions was not enabled. {% comment %} https://github.com/github/enterprise2/pull/22787, https://github.com/github/enterprise2/pull/22742 {% endcomment %}
|
||||
- |
|
||||
Upgrade could fail if the resqued workers override setting is in use. {% comment %} https://github.com/github/enterprise2/pull/22836, https://github.com/github/enterprise2/pull/22814 {% endcomment %}
|
||||
- |
|
||||
Some services running in containers were not sending logs to the journal. {% comment %} https://github.com/github/enterprise2/pull/22994, https://github.com/github/enterprise2/pull/22518 {% endcomment %}
|
||||
- |
|
||||
Links to GitHub Security Advisories would use a URL with the hostname of the GitHub Enterprise Server instance instead of GitHub.com, directing the user to a nonexistent URL. {% comment %} https://github.com/github/github/pull/153316, https://github.com/github/github/pull/151301 {% endcomment %}
|
||||
- |
|
||||
When importing a repository with `ghe-migrator`, an unexpected exception could occur when inconsistent data is present. {% comment %} https://github.com/github/github/pull/153850, https://github.com/github/github/pull/151552 {% endcomment %}
|
||||
- |
|
||||
The enterprise account security settings page showed a "View your organizations' current configurations" link for the "Two-factor authentication" setting when the authentication mode in use does not support built in two-factor authentication. {% comment %} https://github.com/github/github/pull/153860 {% endcomment %}
|
||||
- |
|
||||
OAuth refresh tokens would be removed prematurely. {% comment %} https://github.com/github/github/pull/154271, https://github.com/github/github/pull/153694 {% endcomment %}
|
||||
- |
|
||||
Search repair tasks would generate exceptions during the migration phase of configuration. {% comment %} https://github.com/github/github/pull/154573, https://github.com/github/github/pull/153392 {% endcomment %}
|
||||
- |
|
||||
On the settings page for GitHub Apps, the "Beta Features" tab was not visible in some circumstances. {% comment %} https://github.com/github/github/pull/154612, https://github.com/github/github/pull/154417 {% endcomment %}
|
||||
- |
|
||||
When using `ghe-migrator` to import PR review requests, records associated with deleted users would result in extraneous database records. {% comment %} https://github.com/github/github/pull/154960, https://github.com/github/github/pull/153169 {% endcomment %}
|
||||
- |
|
||||
When importing users with `ghe-migrator`, an error of "Emails is invalid" would occur if the system-generated email address were longer than 100 characters. {% comment %} https://github.com/github/github/pull/155109, https://github.com/github/github/pull/152418 {% endcomment %}
|
||||
- |
|
||||
Logging webhook activity could use large amounts of disk space and cause the root disk to become full. {% comment %} https://github.com/github/github/pull/155657, https://github.com/github/github/pull/154100 {% endcomment %}
|
||||
- |
|
||||
Users experienced slower Git clone and fetch performance on an instance with high availability replicas due to reads being forwarded to a different node. {% comment %} https://github.com/github/github/pull/156195, https://github.com/github/github/pull/156016, https://github.com/github/spokesd/issues/746 {% endcomment %}
|
||||
- |
|
||||
The repository Settings page of a repository for a user or organization GitHub Pages sites would fail with a "500 Internal Server Error". {% comment %} https://github.com/github/github/pull/156439, https://github.com/github/github/issues/156183 {% endcomment %}
|
||||
- |
|
||||
Repository network maintenance operations could become stuck in a `running` state. {% comment %} https://github.com/github/github/pull/156669, https://github.com/github/github/pull/156036 {% endcomment %}
|
||||
- |
|
||||
A repository being deleted immediately after uploading a code scanning result could cause a stall in the processing of code scanning results for all repositories. {% comment %} https://github.com/github/github/pull/157063, https://github.com/github/github/pull/156437 {% endcomment %}
|
||||
- |
|
||||
When a large number of code scanning results were submitted at the same time, processing of batches could time out resulting in a stall in processing of code scanning results. {% comment %} https://github.com/github/github/pull/157065, https://github.com/github/github/pull/156462 {% endcomment %}
|
||||
- |
|
||||
[Creating a GitHub App from a manifest](https://docs.github.com/en/enterprise/2.22/user/developers/apps/creating-a-github-app-from-a-manifest) would fail. {% comment %} https://github.com/github/github/pull/157133, https://github.com/github/github/pull/156904, https://github.com/github/enterprise2/issues/22849 {% endcomment %}
|
||||
- |
|
||||
GitHub usernames were changed unintentionally when using SAML authentication, when the GitHub username did not match the value of the attribute mapped to the `username` field in the Management Console. {% comment %} https://github.com/github/github/pull/158131, https://github.com/github/github/pull/157936, https://github.com/github/external-identities/issues/335 {% endcomment %}
|
||||
|
||||
changes:
|
||||
- Support is added for the AWS EC2 instance type `m5.16xlarge`. {% comment %} https://github.com/github/enterprise2/pull/22502, https://github.com/github/enterprise2/pull/22473 {% endcomment %}
|
||||
- Remove the requirement for SSH fingerprints in `ghe-migrator` archives as it can always be computed. {% comment %} https://github.com/github/github/pull/156946, https://github.com/github/github/pull/155387 {% endcomment %}
|
||||
- GitHub App Manifests now include the `request_oauth_on_install` field. {% comment %} https://github.com/github/github/pull/156991, https://github.com/github/github/pull/155010, https://github.com/github/ecosystem-apps/issues/1055 {% endcomment %}
|
||||
|
||||
known_issues:
|
||||
- On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}
|
||||
- Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}
|
||||
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}
|
||||
- Configuration updates will fail when restoring data to a GitHub Actions-enabled instance if the original backup source did not have the feature enabled. {% comment %} https://github.com/github/c2c-actions-runtime/issues/915 {% endcomment %}
|
||||
- GitHub Actions can fail to start up successfully if it was previously enabled on an instance running 2.22.0 and is upgraded to 2.22.1. (updated 2020-10-23) {% comment %} https://github.com/github/c2c-actions/issues/1680 {% endcomment %}
|
||||
- On a freshly set up 2.22.1 instance or after upgrading to 2.22.1, the activity feed on an organization's dashboard will no longer update. (updated 2020-10-27) {% comment %}https://github.com/github/enterprise2/issues/23050{% endcomment %}
|
||||
- Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. (updated 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}
|
||||
- When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
date: '2021-04-01'
|
||||
sections:
|
||||
security_fixes:
|
||||
- "**高:**在 GitHub Enterprise Server 中发现了一个不适当的访问控制漏洞,该漏洞允许根据 GitHub 应用的 [Web 身份验证流](https://docs.github.com/en/developers/apps/identifying-and-authorizing-users-for-github-apps#web-application-flow) 生成的访问令牌通过 REST API 读取专用存储库元数据,而无需获取适当的权限。若要攻击这个漏洞,攻击者需要在实例上创建 GitHub 应用,并让用户通过 Web 身份验证流对应用程序进行授权。返回的专用存储库元数据将仅限于令牌标识的用户拥有的存储库。此漏洞影响 GitHub Enterprise Server 3.0.4 之前的所有版本,并已在 3.0.4、2.22.10 和 2.21.18 版本中修复。此漏洞编号为 CVE-2021-22865,并通过 [GitHub Bug 赏金计划](https://bounty.github.com) 进行报告。"
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- 某些默认为 UTC 时间的服务未使用在 GitHub Enterprise 11.10.x 或更早版本上设置的时区。
|
||||
- 服务未作为日志轮换的一部分转换到新的日志文件,导致磁盘使用量增加。
|
||||
- 内部存储库搜索结果上的标签显示为“专用”而不是“内部”。
|
||||
known_issues:
|
||||
- 在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
|
||||
- 在升级期间不会维护自定义防火墙规则。
|
||||
- "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
date: '2021-04-14'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- '警告消息 `jq: error (at <stdin>:0): Cannot index number with string "settings"` 可能在副本升级期间出现。'
|
||||
- 由于 MySQL 副本无法连接到主数据库,因此将备份连续还原到群集可能会失败。
|
||||
- 由于 Treelights 容器内存不足,语法高亮可能失败。
|
||||
- 访问 `/settings/email` 页面会存储状态,在退出登录并重新登录时可能导致错误的重定向。
|
||||
- 对于其通告在 `vulnerable_version_ranges` 中具有大写包名称的一些组件,未显示依赖项关系图警报。
|
||||
- 在问题评论中通过提及功能直接提及团队时,GitHub 集成应用程序无法通知团队。
|
||||
- 当 ghe-migrator 遇到导入错误时,它有时会中止整个进程,但日志中没有包含足够的上下文。
|
||||
known_issues:
|
||||
- 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
|
||||
- 在升级期间不会维护自定义防火墙规则。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含文件路径长于 255 个字符的同一存储库中 blob 的永久链接,则问题无法关闭。
|
||||
- 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
date: '2021-04-28'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- 在升级过程中,进程将在 `cleanup nomad job` 之后无限期暂停。
|
||||
- '`ghe-cluster-failover` 失败,出现错误消息 `Trilogy::Error: trilogy_connect`。'
|
||||
- '`ghe-cluster-status-mysql` 将有关故障转移的警告显示为错误。'
|
||||
- 在 MySQL 副本上运行的安装脚本可能导致数据库故障转移期间不必要的数据库重新播种。
|
||||
- '由于不必要地调用 `rake db:migrate`,`config-apply` 可能需要更长的时间。'
|
||||
- Orchestrator 可能已故障转移到 MySQL 副本,当主数据库无法连接时,它无法在播种阶段从主数据库复制。
|
||||
- 出现错误的组织或项目阻止了迁移,无法排除。
|
||||
- 由于选择了最完整的磁盘而不是空节点,存储主机超过三个的客户无法恢复到其灾难恢复群集。
|
||||
changes:
|
||||
- 默认情况下,预运行检查允许所有 AWS 实例类型。
|
||||
known_issues:
|
||||
- 在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。
|
||||
- 在升级期间不会维护自定义防火墙规则。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
date: '2021-05-13'
|
||||
sections:
|
||||
security_fixes:
|
||||
- "**高:**在 GitHub Enterprise Server 中发现 UI 表述错误漏洞,在审批阶段,该问题会导致在 GitHub 应用用户授权 Web 流中授予超过 UI 显示的权限。要利用这个漏洞,攻击者需要在实例上创建 GitHub 应用,并让用户通过 Web 身份验证流对应用程序进行授权。所有被授予的权限将在第一次授权时正确显示,但在某些情况下,如果用户在 GitHub 应用已配置额外的用户级别权限后重新访问授权流,这些额外的权限可能不会显示,这样会导致授予可能超过用户初衷的权限。此漏洞影响 GitHub Enterprise Server 3.0.x 到 3.0.7 版本以及 2.22.x 到 2.22.13 版本。3.0.7 和 2.22.13 版本中修复了该问题。该漏洞编号为 CVE-2021-22866,通过 [GitHub Bug 赏金计划](https://bounty.github.com/) 报告。"
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- 在配置应用阶段可以启用 Orchestrator 自动故障转移。
|
||||
- 具有存储库维护员权限的用户会收到电子邮件验证警告,而不是在存储库 Pages 设置页面上构建成功的页面。
|
||||
- 通配符规则的代码所有者将被错误地添加到代码所有者徽章的所有者列表中,即使该路径优先使用较新的规则。
|
||||
- OpenAPI 文档引用了无效的标头。
|
||||
changes:
|
||||
- 添加了 HAProxy 重载时配置更改的日志记录。
|
||||
- 添加了仓库创建的日志记录。
|
||||
known_issues:
|
||||
- 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
|
||||
- 在升级期间不会维护自定义防火墙规则。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
date: '2021-05-25'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**中:**在某些情况下,从团队或组织中删除的用户可以保留对已打开现有拉取请求的分支的写入权限。'
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- MSSQL 中的正常复制延迟会生成警告。
|
||||
- 管理员使用“创建白名单条目”按钮添加的 IP 地址仍可能被锁定。
|
||||
- '`spokesd` 创建了过多的日志条目,包括“修复位置已跳过”短语。'
|
||||
changes:
|
||||
- 超过 4 个月的检查注释将存档。
|
||||
known_issues:
|
||||
- 在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。
|
||||
- 在升级期间不会维护自定义防火墙规则。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
date: '2021-06-10'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- "从非 GitHub 源导入组织或存储库失败可能会产生 `undefined method '[]' for nil:NilClass` 错误。"
|
||||
- 使用 SAML 身份验证时,如果 GitHub 配置文件名称不匹配管理控制台中映射到 `Full name` 字段的属性值,GitHub 配置文件名称可能已无意中更改。
|
||||
changes:
|
||||
- GraphQL API 用户可在 `PullRequest` 对象上查询公共字段 `closingIssuesReferences`。该字段检索将在合并相关拉取请求时自动关闭的问题。这种方法还将允许将来迁移这些数据,作为更高保真度迁移过程的一部分。
|
||||
known_issues:
|
||||
- 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含文件路径长于 255 个字符的同一存储库中 blob 的永久链接,则问题无法关闭。
|
||||
- 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
date: '2021-06-24'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- sshd 服务有时无法从 Google Cloud Platform 上运行的实例启动。
|
||||
- 旧的升级文件将保留在用户磁盘上,有时会导致空间不足。
|
||||
- 如果导出存档包含来自存档中不存在的团队的审查请求,则导出存档将无法导入拉取请求并且无提示。
|
||||
known_issues:
|
||||
- 在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
|
||||
- 将在升级过程中删除自定义防火墙规则。
|
||||
- "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含指向同一存储库中 blob 文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
date: '2021-07-14'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**高:**在 GitHub Enterprise Server 中发现了一个在构建 GitHub Pages 站点时可以利用的路径遍历漏洞。GitHub Pages 使用的用户控制配置选项没有受到足够的限制,因此可以读取 GitHub Enterprise Server 实例上的文件。要利用此漏洞,攻击者需要获得在 GitHub Enterprise Server 实例上创建和构建 GitHub Pages 站点的权限。此漏洞影响 3.1.3 之前的所有 GitHub Enterprise Server 版本,编号为 CVE-2021-22867。此漏洞通过 GitHub Bug 赏金计划报告。'
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- '如果启用了 HTTP 代理,则 `ghe-cluster-config-node-init` 会在群集设置期间失败。'
|
||||
- Collectd 在初始启动后不会解析转发目标主机名。
|
||||
- 如果其中部分存储库因受法律保护而无法被删除,则清除陈旧的已删除存储库的作业可能会失败。
|
||||
- 在使用 LDAP 身份验证模式的实例的用户协调过程中,Git 推送可能导致 500 内部服务器错误。
|
||||
- 如果未启用依赖项关系图,则每当用户访问存储库的 `/settings` 页时,都会记录大量 503 错误。
|
||||
changes:
|
||||
- 通过跳过未更改的 IP 允许防火墙规则,提高了配置应用效率,可在大型群集上节省大量时间。
|
||||
known_issues:
|
||||
- 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能会将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
date: '2021-07-27'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- 如果在未启用依赖项关系图但启用了内容分析的情况下尝试运行将漏洞与 GitHub.com 同步的计划作业,则会生成大量 503 错误。
|
||||
- 对于使用 HTTP 代理的所有用户,不支持使用未经身份验证的 HTTP 代理来进行页面容器构建。
|
||||
changes:
|
||||
- "`babeld` 的日志现在包含一个用于 HTTP ref 广告请求的 `cmd` 字段,而不是仅在协商请求期间包含该字段。"
|
||||
known_issues:
|
||||
- "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
date: '2021-08-10'
|
||||
sections:
|
||||
bugs:
|
||||
- 对“存储库创建”组织设置所做更改的审核日志条目不准确。
|
||||
changes:
|
||||
- 滥用速率限制现在称为辅助速率限制,因为它们限制的行为并不总是滥用。
|
||||
known_issues:
|
||||
- "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
date: '2020-10-20'
|
||||
sections:
|
||||
security_fixes:
|
||||
- Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/23097, https://github.com/github/enterprise2/pull/23081 {% endcomment %}
|
||||
|
||||
bugs:
|
||||
- |
|
||||
If the storage account settings failed to validate while configuring GitHub Actions, running `ghe-actions-teardown` was required before making a new attempt. {% comment %} https://github.com/github/enterprise2/pull/23057, https://github.com/github/enterprise2/pull/22981 {% endcomment %}
|
||||
- |
|
||||
A custom proxy configuration could adversely affect the GitHub Actions environment. {% comment %} https://github.com/github/enterprise2/pull/23121, https://github.com/github/enterprise2/pull/23092, https://github.com/github/c2c-actions-platform/issues/2254 {% endcomment %}
|
||||
- |
|
||||
On a change of an address on eth0, Nomad and Consul could get unresponsive. {% comment %} https://github.com/github/enterprise2/pull/23227, https://github.com/github/enterprise2/pull/23153 {% endcomment %}
|
||||
- |
|
||||
When using self-signed certificates, GHES could have SSL validation exceptions upon configuring GitHub Actions. {% comment %} https://github.com/github/enterprise2/pull/23381 {% endcomment %}
|
||||
- |
|
||||
Using a GitHub Action from a branch name with a `+` or `/` character resulted in an error: `Unable to resolve action`. {% comment %} https://github.com/github/github/pull/157942, https://github.com/github/github/pull/157819, https://github.com/github/launch/pull/3463 {% endcomment %}
|
||||
- |
|
||||
The enterprise account "Confirm two-factor requirement policy" messaging was incorrect. {% comment %} https://github.com/github/github/pull/158735 {% endcomment %}
|
||||
- |
|
||||
On certain requests above 100MB, Kafka's buffer could be over-allocated. {% comment %} https://github.com/github/kafka-lite/pull/286, https://github.com/github/kafka-lite/pull/285 {% endcomment %}
|
||||
|
||||
known_issues:
|
||||
- On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}
|
||||
- Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}
|
||||
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}
|
||||
- GitHub Actions can fail to start up successfully if it was previously enabled on an instance running 2.22.0 and is upgraded to 2.22.2. (updated 2020-10-23) {% comment %} https://github.com/github/c2c-actions/issues/1680 {% endcomment %}
|
||||
- On a freshly set up 2.22.2 instance or after upgrading to 2.22.2, the activity feed on an organization's dashboard will no longer update. (updated 2020-10-27) {% comment %}https://github.com/github/enterprise2/issues/23050{% endcomment %}
|
||||
- Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. (updated 2020-11-02) {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}
|
||||
- When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
date: '2021-08-24'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- 与自动更新相关的日志消息(`添加 h/m/s 随机时间。`)被记录到系统日志中。
|
||||
- "导致请求失败的内部 API 的 Git 挂钩返回异常`未定义 \"success\":String 的方法主体(NoMethodError)`,而不是返回显式的 `nil`。"
|
||||
known_issues:
|
||||
- "在没有任何用户的新建 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
|
||||
- 自定义防火墙规则在升级过程中被移除。
|
||||
- "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
date: '2021-09-07'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
known_issues:
|
||||
- "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可能创建第一个管理员用户。"
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能会将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
date: '2021-09-24'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**HIGH:** A path traversal vulnerability was identified in {% data variables.product.prodname_ghe_server %} that could be exploited when building a {% data variables.product.prodname_pages %} site. User-controlled configuration options used by {% data variables.product.prodname_pages %} were not sufficiently restricted and made it possible to read files on the {% data variables.product.prodname_ghe_server %} instance. To exploit this vulnerability, an attacker would need permission to create and build a {% data variables.product.prodname_pages %} site on the {% data variables.product.prodname_ghe_server %} instance. This vulnerability affected all versions of {% data variables.product.prodname_ghe_server %} prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This is the result of an incomplete fix for CVE-2021-22867. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned CVE-2021-22868. {% comment %} https://github.com/github/pages/pull/3359, https://github.com/github/pages/pull/3357 {% endcomment %}'
|
||||
bugs:
|
||||
- 'The {% data variables.product.prodname_github_connect %} configuration of the source instance was always restored to new instances even when the `--config` option for `ghe-restore` was not used. This would lead to a conflict with the {% data variables.product.prodname_github_connect %} connection and license synchronization if both the source and destination instances were online at the same time. {% comment %} https://github.com/github/github/pull/192247, https://github.com/github/github/pull/191951, https://github.com/github/enterprise2/pull/26870, https://github.com/github/backup-utils/pull/770, https://github.com/github/connected-enterprise/issues/208 {% endcomment %}'
|
||||
- 'Fixes {% data variables.product.prodname_pages %} builds so they take into account the NO_PROXY setting of the appliance. This is relevant to appliances configured with an HTTP proxy only. {% comment %} https://github.com/github/github/pull/192380 {% endcomment %}'
|
||||
known_issues:
|
||||
- On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are removed during the upgrade process.
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
|
||||
- When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in GitHub.com search results.
|
||||
- When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
date: '2020-11-03'
|
||||
sections:
|
||||
security_fixes:
|
||||
- |
|
||||
**LOW:** High CPU usage could be triggered by a specially crafted request to the SVN bridge resulting in Denial of Service (DoS) on the SVN bridge service. (updated 2020-11-16) {% comment %} https://github.com/github/slumlord/pull/1005, https://github.com/github/slumlord/pull/1000 {% endcomment %}
|
||||
- |
|
||||
**LOW:** Incorrect token validation resulted in a reduced entropy for matching tokens during authentication. Analysis shows that in practice there's no significant security risk here. {% comment %} https://github.com/github/github/pull/159457, https://github.com/github/github/pull/159193 {% endcomment %}
|
||||
- |
|
||||
Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/23540, https://github.com/github/enterprise2/pull/23171, https://github.com/github/enterprise2/pull/23693, https://github.com/github/enterprise2/pull/23677 {% endcomment %}
|
||||
|
||||
bugs:
|
||||
- GitHub Actions could fail to start up successfully if it was previously enabled on an instance running 2.22.0 and was upgraded to 2.22.1 or 2.22.2. {% comment %} https://github.com/github/enterprise2/pull/23622, https://github.com/github/enterprise2/pull/23490, https://github.com/github/c2c-actions/issues/1680 {% endcomment %}
|
||||
- Configuration files for GitHub Actions were not copied to the replica when setting up high availability replicas potentially leading to errors during `ghe-repl-promote`. {% comment %} https://github.com/github/enterprise2/pull/23703, https://github.com/github/enterprise2/pull/23683 {% endcomment %}
|
||||
- On a freshly set up 2.22.1 or 2.22.2 instance or after upgrading to 2.22.1 or 2.22.2, the activity feed on an organization's dashboard would not update. {% comment %} https://github.com/github/github/pull/159376, https://github.com/github/github/pull/159235, https://github.com/github/enterprise2/issues/23050 {% endcomment %}
|
||||
- Editing issues templates with filenames containing non-ASCII characters would fail with a "500 Internal Server Error". {% comment %} https://github.com/github/github/pull/160588, https://github.com/github/github/pull/159747 {% endcomment %}
|
||||
- A metric gathering method for background jobs increased CPU utilization. (updated 2020-11-03) {% comment %} https://github.com/github/github/pull/160109 {% endcomment %}
|
||||
|
||||
known_issues:
|
||||
- On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user. {% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}
|
||||
- Custom firewall rules are not maintained during an upgrade. {% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository. {% comment %} https://github.com/github/github/issues/54684 {% endcomment %}
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. {% comment %} https://github.com/github/github/issues/107731 {% endcomment %}
|
||||
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results. {% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}
|
||||
- Audit logs may be attributed to 127.0.0.1 instead of the actual source IP address. {% comment %} https://github.com/github/enterprise2/issues/21514 {% endcomment %}
|
||||
- When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
date: '2020-11-17'
|
||||
sections:
|
||||
security_fixes:
|
||||
- "包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/23845, https://github.com/github/enterprise2/pull/23712 {% endcomment %}"
|
||||
|
||||
bugs:
|
||||
- "babeld 日志在秒与微秒之间缺少分隔符。{% comment %} https://github.com/github/babeld/pull/1006, https://github.com/github/babeld/pull/1002 {% endcomment %}"
|
||||
- "在使用热补丁升级 GHES 之后,`ghe-actions-precheck` 和 `ghe-packages-precheck` 命令将会失败,并显示错误“\"docker load\" 不接受参数”。{% comment %} https://github.com/github/enterprise2/pull/23760, https://github.com/github/enterprise2/pull/23745 {% endcomment %}"
|
||||
- "当企业帐户“存储库可见性更改”策略设置为“启用”时,组织所有者无法更改组织内存储库的可见性。{% comment %} https://github.com/github/github/pull/160920, https://github.com/github/github/pull/160773 {% endcomment %}"
|
||||
- "审核日志可归因于 127.0.0.1,而不是实际源 IP 地址。{% comment %} https://github.com/github/github/pull/162438, https://github.com/github/github/pull/161215 {% endcomment %}"
|
||||
|
||||
known_issues:
|
||||
- "在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}"
|
||||
- "自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}"
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}"
|
||||
- "问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}"
|
||||
- "在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}"
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
date: '2020-12-03'
|
||||
sections:
|
||||
bugs:
|
||||
- '由于启动时争用条件导致服务重新启动,因此检测到授权服务不正常。{% comment %} https://github.com/github/authzd/pull/1275, https://github.com/github/authzd/pull/1274 {% endcomment %}'
|
||||
- 'Ghe-diagnattics 未捕获到 Elasticsearch 的升级过程。{% comment %} https://github.com/github/enterprise2/pull/23905, https://github.com/github/enterprise2/pull/23874 {% endcomment %}'
|
||||
- '在升级的高可用性配置上启用 GitHub Actions 导致复制出错。{% comment %} https://github.com/github/enterprise2/pull/23979, https://github.com/github/c2c-actions-platform/issues/2479 {% endcomment %}'
|
||||
- '在热补丁升级过程中,一种潜在的行为导致服务不可用。{% comment %} https://github.com/github/enterprise2/pull/24055 {% endcomment %}'
|
||||
- '连接到活动副本的用户在连接到实时 Websocket 时出错。{% comment %} https://github.com/github/enterprise2/pull/24079, https://github.com/github/enterprise2/pull/24058 {% endcomment %}'
|
||||
- '未正确应用部分日志转发 SSL 证书。{% comment %} https://github.com/github/enterprise2/pull/24114, https://github.com/github/enterprise2/pull/23981 {% endcomment %}'
|
||||
- '发送电子邮件通知给已经从团队或组织中移除的已停用用户。{% comment %} https://github.com/github/github/pull/162973, https://github.com/github/github/pull/162742 {% endcomment %}'
|
||||
- '组织和企业之间应用 SSH 证书的方式不一致。{% comment %} https://github.com/github/github/pull/163423, https://github.com/github/github/pull/159538, https://github.com/github/authentication/issues/115 {% endcomment %}'
|
||||
- '当帐户因使用不正确的密码而受到速率限制时,可能被锁定长达 24 小时。{% comment %} https://github.com/github/github/pull/163433, https://github.com/github/github/pull/162938, https://github.com/github/github-ds/pull/51 {% endcomment %}'
|
||||
- '在具有许多引用的存储库上进行拉取请求同步可能导致工作进程队列落后。{% comment %} https://github.com/github/github/pull/163573, https://github.com/github/github/pull/163142 {% endcomment %}'
|
||||
- '在尝试访问特定页面后,当使用本地用户名和密码(内置身份验证)登录时,用户将进入到主页,而不是其预期页面。{% comment %} https://github.com/github/github/pull/163782, https://github.com/github/github/pull/163579, https://github.com/github/github/pull/154117, https://github.com/github/ecosystem-apps/issues/1076 {% endcomment %}'
|
||||
- '对于使用内部 SAML 标识提供者的内置身份验证的 GHES 实例,没有关联电子邮件地址的用户无法从 Web 界面创建提交。{% comment %} https://github.com/github/github/pull/164009, https://github.com/github/github/pull/163530, https://github.com/github/github/issues/163524 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '在升级期间不会维护自定义防火墙规则。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪的文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
date: '2020-12-17'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**低:**高 CPU 使用可能被特殊构建的 SVN 桥请求触发,导致 SVN 桥服务上的拒绝服务 (DoS)。{% comment %} https://github.com/github/slumlord/pull/1022, https://github.com/github/slumlord/pull/1017 {% endcomment %}'
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/24353, https://github.com/github/enterprise2/pull/23866 {% endcomment %}'
|
||||
bugs:
|
||||
- '对某些文件资源(如 zip 存档或原始文件)的请求可能会进入重定向循环。{% comment %} https://github.com/github/enterprise2/pull/24193, https://github.com/github/enterprise2/pull/24075 {% endcomment %}'
|
||||
- '超时可能会阻止某些问题和拉取请求搜索提供完整的搜索结果。{% comment %} https://github.com/github/github/pull/164155, https://github.com/github/github/pull/163845 {% endcomment %}'
|
||||
- '小屏幕上带有非字母字符的自定义选项卡未正确呈现。{% comment %} https://github.com/github/github/pull/164310, https://github.com/github/github/pull/164159 {% endcomment %}'
|
||||
- '当将内容推送到启用 Git LFS 的仓库时,基本行为导致失败。{% comment %} https://github.com/github/github/pull/164663, https://github.com/github/github/pull/150179 {% endcomment %}'
|
||||
- '在某些罕见情况下,通过 Web 界面访问时,问题可能会导致 500 错误。{% comment %} https://github.com/github/github/pull/165298, https://github.com/github/github/pull/159674 {% endcomment %}'
|
||||
known_issues:
|
||||
- '在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。{% comment %} https://github.com/github/enterprise2/issues/1889 {% endcomment %}'
|
||||
- '自定义防火墙规则在升级期间没有维护。{% comment %} https://github.com/github/enterprise2/issues/2823 {% endcomment %}'
|
||||
- '[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。{% comment %} https://github.com/github/github/issues/54684 {% endcomment %}'
|
||||
- '问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。{% comment %} https://github.com/github/github/issues/107731 {% endcomment %}'
|
||||
- '在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。{% comment %} https://github.com/github/admin-experience/issues/571 {% endcomment %}'
|
||||
- '当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。'
|
||||
|
|
@ -1,57 +0,0 @@
|
|||
date: '2021-03-02'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**HIGH:** An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability has been assigned CVE-2021-22861. This issue was reported via the [GitHub Bug Bounty Program](https://bounty.github.com).'
|
||||
- '**HIGH:** An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability has been assigned CVE-2021-22863. This issue was reported via the [GitHub Bug Bounty Program](https://bounty.github.com).'
|
||||
- '**HIGH:** A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability has been assigned CVE-2020-10519 and was reported via the [GitHub Bug Bounty Program](https://bounty.github.com).'
|
||||
- '**MEDIUM:** GitHub Tokens from GitHub Pages builds could end up in logs.'
|
||||
- '**LOW:** A specially crafted request to the SVN bridge could trigger a long wait before failure resulting in Denial of Service (DoS).'
|
||||
- 'Packages have been updated to the latest security versions.'
|
||||
bugs:
|
||||
- 'The load-balancer health checks in some cases could cause the babeld logs to fill up with errors about the PROXY protocol.'
|
||||
- 'An informational message was unintentionally logged as an error during GitHub Enterprise Backup Utilities snapshots, which resulted in unnecessary emails being sent when backups were scheduled by cron jobs that listen for output to stderr.'
|
||||
- 'While restoring a large backup, exception logging related to Redis memory exhaustion could cause the restore to fail due to a full disk.'
|
||||
- 'When first setting up a new instance, if you selected "Configure as Replica" you would be unable to start replication.'
|
||||
- 'When GitHub Actions was enabled, disabling maintenance mode in the management console failed.'
|
||||
- 'When editing a wiki page a user could experience a 500 error when clicking the Save button.'
|
||||
- 'An S/MIME signed commit using a certificate with multiple names in the subject alternative name would incorrectly show as "Unverified" in the commit badge.'
|
||||
- 'Suspended user was sent emails when added to a team.'
|
||||
- 'User saw 500 error when executing git operations on an instance configured with LDAP authentication.'
|
||||
- 'The `remove_org_member_package_access` background job was visible in the management console and would continually increase.'
|
||||
- 'When a repository had a large number of manifests an error `You have reached the maximum number of allowed manifest files (20) for this repository.` was shown on the Insights -> Dependency graph tab. For more information, see [Visualization limits](https://docs.github.com/en/github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies#are-there-limits-which-affect-the-dependency-graph-data).'
|
||||
- 'When uploading a new license file with a different number of seats from the previous license file, the seat difference was not correctly represented in the enterprise account Settings -> License page.'
|
||||
- 'The "Prevent repository admins from changing anonymous Git read access" checkbox available in the enterprise account settings could not be successfully enabled or disabled.'
|
||||
- 'When a GitHub Pages build failed, the email notification contained an incorrect link for support location.'
|
||||
- 'During a leap year, the user was getting a 404 response when trying to view Contribution activity on a Monday.'
|
||||
changes:
|
||||
- 'Added support for [AWS EC2 r5b instance types](https://aws.amazon.com/about-aws/whats-new/2020/12/introducing-new-amazon-ec2-r5b-instances-featuring-60-gbps-of-ebs-bandwidth-and-260K-iops/).'
|
||||
- 'Adjusted background queue prioritization to more evenly distribute jobs.'
|
||||
known_issues:
|
||||
- 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.'
|
||||
- 'Custom firewall rules are not maintained during an upgrade.'
|
||||
- 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.'
|
||||
- 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.'
|
||||
- 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.'
|
||||
- |
|
||||
Users may experience assets such as avatars not loading, or a failure to push/pull code. This may be caused by a PID mismatch in the `haproxy-cluster-proxy` service. To determine if you have an affected instance:
|
||||
|
||||
**Single instance**
|
||||
|
||||
1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
|
||||
|
||||
```
|
||||
if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi
|
||||
```
|
||||
|
||||
2. If it shows that there is a mismatch, reboot the instance.
|
||||
|
||||
**Cluster or High Availability configuration**
|
||||
|
||||
1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
|
||||
|
||||
```
|
||||
ghe-cluster-each -- 'if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi'
|
||||
```
|
||||
|
||||
2. If it shows one or more nodes are affected, reboot the affected nodes.
|
||||
- When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
date: '2021-03-16'
|
||||
sections:
|
||||
security_fixes:
|
||||
- Packages have been updated to the latest security versions.
|
||||
bugs:
|
||||
- Systemd journal logs were duplicated in multiple places.
|
||||
- A site admin could get a 500 error page while trying to view issues referenced from private repositories.
|
||||
- Importing of repository archives from GitHub Enterprise Server that are missing repository files would fail with an error.
|
||||
known_issues:
|
||||
- On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are not maintained during an upgrade.
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
|
||||
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
|
||||
- |
|
||||
Users may experience assets such as avatars not loading, or a failure to push/pull code. This may be caused by a PID mismatch in the `haproxy-cluster-proxy` service. To determine if you have an affected instance:
|
||||
|
||||
**Single instance**
|
||||
|
||||
1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
|
||||
|
||||
```
|
||||
if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi
|
||||
```
|
||||
|
||||
2. If it shows that there is a mismatch, reboot the instance.
|
||||
|
||||
**Cluster or High Availability configuration**
|
||||
|
||||
1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
|
||||
|
||||
```
|
||||
ghe-cluster-each -- 'if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi'
|
||||
```
|
||||
|
||||
2. If it shows one or more nodes are affected, reboot the affected nodes.
|
||||
- When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
date: '2021-03-23'
|
||||
intro: Downloads have been disabled due to a major bug affecting multiple customers. A fix will be available in the next patch.
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**HIGH:** A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned CVE-2021-22864.'
|
||||
- Packages have been updated to the latest security versions.
|
||||
bugs:
|
||||
- Running `ghe-cluster-config-init` could cause a cluster to become inoperable.
|
||||
- Systemd could lose track of HAProxy's PID.
|
||||
- The mysql-failover warning was displayed indefinitely after a successful failover.
|
||||
- The `ghe-cluster-config-init` run was not fully accounting for the exit code of background jobs leading to improper handling of preflight checks.
|
||||
- A Security & Analysis link did not appear in the left-side navigation on the Settings page for repositories.
|
||||
- After disabling GitHub Packages, some organization pages would return an HTTP 500 error response.
|
||||
changes:
|
||||
- Improves reliability of nomad services by implementing the same restart policy introduced in GitHub Enterprise Server 3.0.
|
||||
- Use a relative number for consul and nomad `bootstrap_expect` allowing for a cluster to bootstrap even if a handful of nodes are down.
|
||||
- Logs will rotate based on size in addition to time.
|
||||
- Added kafka-lite to the `ghe-cluster-status` command.
|
||||
known_issues:
|
||||
- On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are not maintained during an upgrade.
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
|
||||
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
|
||||
- |
|
||||
Log rotation may fail to signal services to transition to new log files, leading to older log files continuing to be used, and eventual root disk space exhaustion.
|
||||
To remedy and/or prevent this issue, run the following commands in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH), or contact [GitHub Enterprise Support](https://support.github.com/contact) for assistance:
|
||||
|
||||
```
|
||||
printf "PATH=/usr/local/sbin:/usr/local/bin:/usr/local/share/enterprise:/usr/sbin:/usr/bin:/sbin:/bin\n29,59 * * * * root /usr/sbin/logrotate /etc/logrotate.conf\n" | sudo sponge /etc/cron.d/logrotate
|
||||
sudo /usr/sbin/logrotate -f /etc/logrotate.conf
|
||||
```
|
||||
- 'When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.'
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
date: '2021-01-12'
|
||||
release_candidate: true
|
||||
deprecated: true
|
||||
intro: "应在非生产环境中测试候选发布版。有关候选发布计划的更多信息,请参阅 [GitHub 博客](https://github.blog/2020-12-03-improving-the-ghes-release-process-release-candidates/)或“[关于升级到新版本](/admin/overview/about-upgrades-to-new-releases)”。"
|
||||
sections:
|
||||
bugs:
|
||||
- 已更改几个日志文件的格式,包括为不同的日志类型添加了一个 PID。此更改不会影响 GitHub Enterprise Support 使用支持包来解决问题的方法。
|
||||
- 对 Web 挂钩配置 API 的 PATCH 请求不再清除 Web 挂钩机密。
|
||||
known_issues:
|
||||
- "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
|
||||
- 候选发布版 1 不支持群集模式。
|
||||
- 在升级期间不会维护自定义防火墙规则。
|
||||
- "Git LFS 跟踪的文件[通过 Web 界面上传](https://github.blog/2016-02-18-upload-files-to-your-repositories/)被错误地直接添加到存储库。"
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- 在尝试设置 Actions 未成功后,如果禁用 Actions,你将无法创建第一个用户,也无法使用设备
|
||||
- 未保存“必要消息已查看”审核日志事件
|
||||
- '第一次设置时必须在副本上运行 `ghe-config-apply`,然后才可运行 `ghe-repl-setup` 以开始复制。'
|
||||
- 备份工具可能会触发向管理员发送不必要的电子邮件
|
||||
- 在“组织成员”视图页面中显示不正确的 Packages 设置
|
||||
- 删除作为企业所有者的自己后,你将被重定向到 404 页面。操作成功。
|
||||
- '`ghe-config-apply` 偶尔失败,并出现“错误: 等待 nomad 作业应用失败”,直到 Nomad 作业队列被清除。此问题目前需要以管理员身份删除 `/etc/nomad-jobs/queue`。'
|
||||
- 在配置多个副本节点时,副本的状态可能会错误同步。
|
||||
- 尝试将 3.0 备份还原到新实例的客户不应预先配置实例,因为它可能导致用户登录状态不佳。建议恢复到全新的未配置实例。
|
||||
- GitHub Enterprise Server 3.0 候选发布版尚未在 Azure 市场中提供。要在过渡环境中测试候选发布版,请启动 2.21 或 2.22 实例,然后在下载页面上使用 Azure 升级软件包进行。
|
||||
- 映像和升级包下载大小已增加。Internet 连接速度较慢的客户可能会发现下载软件包需要更长的时间。
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
date: '2021-01-29'
|
||||
release_candidate: true
|
||||
deprecated: true
|
||||
intro: "应在非生产环境中测试候选发布版。有关候选发布计划的更多信息,请参阅 [GitHub 博客](https://github.blog/2020-12-03-improving-the-ghes-release-process-release-candidates/)或“[关于升级到新版本](/admin/overview/about-upgrades-to-new-releases)”。"
|
||||
sections:
|
||||
bugs:
|
||||
- heading: 修复候选发布 1 中的已知问题
|
||||
notes:
|
||||
- 如果在尝试设置 GitHub Actions 失败后禁用 GitHub Actions,则无法创建第一个用户,也无法使用该设备。
|
||||
- 未保存“必要消息已查看”审核日志事件。
|
||||
- '初次设置时,需要在副本上运行 `ghe-config-apply`,然后才可运行 `ghe-repl-setup` 以开始复制。'
|
||||
- 删除作为企业所有者的自己将返回 404。
|
||||
- heading: 其他问题的修复
|
||||
notes:
|
||||
- 迁移和升级到 3.0.0 的问题已修复。
|
||||
- 备份实用程序版本控制现在适用于候选发布版本。
|
||||
- 生成支持包导致业务流程协调程序日志中出现错误。
|
||||
- 大型还原可能会导致 Redis 运行内存不足。
|
||||
- 现在,使用任何身份验证方法都可以看到管理控制台中启用 GitHub Actions 的复选框。
|
||||
- 仅在配置了所需存储时才可启用 GitHub Actions。
|
||||
- '如果未配置 MSSQL 复制,`ghe-repl-status` 可能会失败而不出现提示。'
|
||||
|
||||
known_issues:
|
||||
- 候选发布 1 的已知问题仍然适用,不包括列出的 Bug 修复。
|
||||
|
|
@ -1,160 +0,0 @@
|
|||
date: '2021-02-16'
|
||||
intro: The minimum infrastructure requirements have increased for {% data variables.product.prodname_ghe_server %} 3.0+. For more information, see "[About minimum requirements for GitHub Enterprise Server 3.0 and later](/admin/enterprise-management/upgrading-github-enterprise-server#about-minimum-requirements-for-github-enterprise-server-30-and-later)."
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**HIGH:** A remote code execution vulnerability was identified in {% data variables.product.prodname_ghe_server %} that could be exploited when building a {% data variables.product.prodname_pages %} site. User-controlled configuration of the underlying parsers used by {% data variables.product.prodname_pages %} were not sufficiently restricted and made it possible to execute commands on the {% data variables.product.prodname_ghe_server %} instance. To exploit this vulnerability, an attacker would need permission to create and build a {% data variables.product.prodname_pages %} site on the {% data variables.product.prodname_ghe_server %} instance. This vulnerability has been assigned CVE-2020-10519 and was reported via the [GitHub Bug Bounty Program](https://bounty.github.com).'
|
||||
features:
|
||||
- heading: GitHub Actions
|
||||
notes:
|
||||
- |
|
||||
[{% data variables.product.prodname_actions %}](https://github.com/features/actions) is now generally available on {% data variables.product.prodname_ghe_server %} 3.0+. Build, test, and deploy your code from {% data variables.product.prodname_dotcom %}. Submit code reviews, branch management, and issue triaging work the way you want.
|
||||
|
||||
This release includes several improvements from the beta of {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_server %}:
|
||||
|
||||
- Enterprise, organization, and repository admins can create security policies for access to {% data variables.product.prodname_actions %} on {% data variables.product.prodname_dotcom_the_website %}.
|
||||
- Enterprise, organization, and repository admins can allow public repositories to use self-hosted runners.
|
||||
- Enterprise, organization, and repository admins can now allow workflows to [run on pull requests raised from forks of private repositories](/enterprise-server@3.0/github/setting-up-and-managing-organizations-and-teams/disabling-or-limiting-github-actions-for-your-organization#enabling-workflows-for-private-repository-forks).
|
||||
- The `workflow_run` event is [now supported](/enterprise-server@3.0/actions/reference/events-that-trigger-workflows#workflow_run)
|
||||
- Users now have the ability to [disable workflows and enable them at a later date](/enterprise-server@3.0/actions/managing-workflow-runs/disabling-and-enabling-a-workflow).
|
||||
- Workflow logs have been enhanced for a [better user experience](/enterprise-server@3.0/actions/managing-workflow-runs/using-workflow-run-logs).
|
||||
- Users can now use private images in container jobs and services.
|
||||
- The max retention days for [artifacts and logs can now be customized](/enterprise-server@3.0/github/setting-up-and-managing-your-enterprise/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account).
|
||||
- The runner group API now includes [labels](/enterprise-server@3.0/actions/hosting-your-own-runners/using-labels-with-self-hosted-runners).
|
||||
- You can now create reusable actions using shell scripts with compose run steps.
|
||||
- [Encrypted secrets for an organization](/enterprise-server@3.0/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-an-organization) allows you to consolidate secrets across repositories.
|
||||
- [Workflow templates for an organization](/enterprise-server@3.0/actions/learn-github-actions/sharing-workflows-with-your-organization) streamlines and promotes best practices and consistency across your organization.
|
||||
|
||||
{% data variables.product.prodname_actions %} is not currently supported for enterprises using cluster configurations.
|
||||
|
||||
- heading: GitHub Packages
|
||||
notes:
|
||||
- |
|
||||
[{% data variables.product.prodname_registry %}](https://github.com/features/packages) is a package hosting service, natively integrated with GitHub APIs, Actions, and webhooks. Create an [end-to-end DevOps workflow](/enterprise/3.0/admin/packages/configuring-packages-support-for-your-enterprise) that includes your code, continuous integration, and deployment solutions.
|
||||
|
||||
Supported storage back ends include AWS S3 and MinIO with support for Azure blob coming in a future release. Please note that the current Docker support will be replaced by a beta of the new GitHub Container Registry in the next release. Please review the [updated minimum requirements for your platform](/enterprise/3.0/admin/installation/setting-up-a-github-enterprise-server-instance) before you turn on {% data variables.product.prodname_registry %}.
|
||||
|
||||
When publishing packages to NuGet, users can now use the `--api-key` option to pass their authentication token instead of writing it into a file. For more information, see [Configuring dotnet CLI for use with GitHub Packages](/enterprise-server@3.0/packages/guides/configuring-dotnet-cli-for-use-with-github-packages#publishing-a-package)
|
||||
|
||||
{% data variables.product.prodname_registry %} is not currently supported for enterprises using cluster configurations.
|
||||
|
||||
- heading: GitHub Mobile beta
|
||||
notes:
|
||||
- |
|
||||
[{% data variables.product.prodname_mobile %}](https://github.com/features/) beta allows you to triage notifications and manage issues and pull requests from your device. You can be simultaneously signed into mobile with one user account on {% data variables.product.prodname_dotcom_the_website %} and one user account on {% data variables.product.prodname_ghe_server %}.
|
||||
|
||||
{% data variables.product.prodname_mobile %} beta is now available for {% data variables.product.prodname_ghe_server %}. Sign in with our [Android](https://play.google.com/store/apps/details?id=com.github.android) and [iOS](https://apps.apple.com/app/github/id1477376905) apps to triage notifications and manage issues and pull requests on the go. Administrators can disable mobile support for their Enterprise using the management console or by running `ghe-config app.mobile.enabled false`.
|
||||
|
||||
- heading: Advanced Security Secret Scanning beta
|
||||
notes:
|
||||
- |
|
||||
[Secret Scanning beta](https://github.com/features/security) scans public and private repositories for committed credentials, finds secrets, and notifies the secret provider or admin the moment they are committed into a repository.
|
||||
|
||||
Administrators using {% data variables.product.prodname_GH_advanced_security %} can [enable and configure](/enterprise-server@3.0/admin/configuration/configuring-secret-scanning-for-your-appliance) {% data variables.product.prodname_GH_advanced_security %} secret scanning. You can review the [updated minimum requirements for your platform](/enterprise/3.0/admin/installation/setting-up-a-github-enterprise-server-instance) before you turn on {% data variables.product.prodname_GH_advanced_security %} secret scanning.
|
||||
|
||||
- heading: Advanced Security Code Scanning
|
||||
notes:
|
||||
- |
|
||||
[GitHub Advanced Security code scanning](https://github.com/features/security) is now generally available on GitHub Enterprise Server. Organizations who have purchased Advanced Security can use this capability to do static analysis security testing against their code, and prevent vulnerabilities from making it to their production code using CodeQL, our semantic analysis engine. For more information, see "[Configuring code scanning on your appliance](/en/enterprise-server@3.0/admin/configuration/configuring-code-scanning-for-your-appliance#running-code-scanning-using-github-actions)"
|
||||
|
||||
changes:
|
||||
- heading: Administration Changes
|
||||
notes:
|
||||
- The webhook events delivery system has been rearchitected for higher throughput, faster deliveries, and fewer delayed messages. It also uses less CPU and memory in {% data variables.product.prodname_ghe_server %} 3.0+.
|
||||
- Organization and Enterprise owners can now see when a team member has been promoted to or demoted from being a team maintainer in the audit log through the new `team.promote_maintainer` and `team.demote_maintainer` audit log events. For more information, see "[Audited actions](/enterprise-server@3.0/admin/user-management/audited-actions)."
|
||||
- Repository maintainers with existing {% data variables.product.prodname_pages %} sites can [easily update their prior default branch name](/enterprise-server@3.0/github/working-with-github-pages/about-github-pages#publishing-sources-for-github-pages-sites).
|
||||
- Additional hardware resources are required to run {% data variables.product.prodname_ghe_server %} with any of Actions, Packages or Advanced Security enabled. For more information on the minimum required resources for each supported platform, see "[Setting up a {% data variables.product.prodname_ghe_server %} instance](/enterprise-server@3.0/admin/installation/setting-up-a-github-enterprise-server-instance)."
|
||||
- Administrators can now [publish a message](/enterprise-server@3.0/admin/user-management/customizing-user-messages-for-your-enterprise), which all users must accept. This can help to onboard new users and surface other organization-specific information and policies.
|
||||
|
||||
- heading: Security Changes
|
||||
notes:
|
||||
- Organization owners can now disable publication of {% data variables.product.prodname_pages %} sites from repositories in the organization. Disabling {% data variables.product.prodname_pages %} for the organization will prevent members from creating new Pages sites but will not unpublish existing sites. For more information, see "[Disabling publication of {% data variables.product.prodname_pages %} sites for your organization](/enterprise-server@3.0/github/setting-up-and-managing-organizations-and-teams/disabling-publication-of-github-pages-sites-for-your-organization)."
|
||||
- A datacenter must be explicitly defined on all nodes before enabling an active replica.
|
||||
- All usage of SSH fingerprints has been switched to use SHA256 fingerprints as they are used with OpenSSH since version 6.8 as well. This applies to the web interface and also the API where fingerprints are returned such as in GraphQL. The fingerprints follow the OpenSSH format.
|
||||
- SHA-1 and SHA-256 signature headers (two headers) are sent on webhooks.
|
||||
|
||||
- heading: Developer Changes
|
||||
notes:
|
||||
- Majority of the services running in {% data variables.product.prodname_ghe_server %} 3.0+ are now on containers which internally enables GitHub to iterate fast and ship high quality releases
|
||||
- The webhook events delivery system has been rearchitected for higher throughput, faster deliveries, and fewer delayed messages.
|
||||
|
||||
- heading: API Changes
|
||||
notes:
|
||||
- Administrators can now configure and manage the site-wide announcement banner via the REST API. For more information, see the endpoints for "[GitHub Enterprise administration](/enterprise-server@3.0/rest/reference/enterprise-admin#annoucements)."
|
||||
- A new API endpoint enables the exchange of a user to server token for a user to server token scoped to specific repositories. For more information, see "[Apps](/enterprise-server@3.0/rest/reference/apps#create-a-scoped-access-token)" in the {% data variables.product.prodname_dotcom %} REST API documentation.
|
||||
|
||||
- heading: Default branch renaming
|
||||
notes:
|
||||
- |
|
||||
Enterprise and organization administrators can now set the default branch name for new repositories. Enterprise administrators can also enforce their choice of default branch name across all organizations or allow individual organizations to choose their own.
|
||||
|
||||
Existing repositories are unaffected by these settings, and their default branch name will not be changed.
|
||||
|
||||
{% note %}
|
||||
|
||||
The default branch for newly-created repositories will be set to `main` in GHES 3.1, unless you opt out by setting the default branch setting at the enterprise level.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
This change is one of many changes GitHub is making to support projects and maintainers that want to rename their default branch. To learn more about the changes we're making, see [github/renaming](https://github.com/github/renaming).
|
||||
|
||||
bugs:
|
||||
- heading: Fixes for known issues from Release Candidates
|
||||
notes:
|
||||
- All known issues from Release Candidate 1 and Release Candidate 2 have been fixed, except those listed in the Known Issues section below.
|
||||
- heading: Fixes for other issues
|
||||
notes:
|
||||
- Issues with migrations and upgrades to 3.0.0 have been fixed.
|
||||
- Backup Utilities versioning now works for release candidate versions.
|
||||
- Generating a support bundle resulted in an error in the orchestrator logs.
|
||||
- A large restore could result in Redis running out of memory.
|
||||
- The checkbox to enable GitHub Actions in the Management Console is now visible with any authentication method.
|
||||
- GitHub Actions could be enabled if the required storage was also configured.
|
||||
- '`ghe-repl-status` could silently fail if MSSQL replication was not configured.'
|
||||
- The format of several log files have changed, including the addition of a PID for different log types. This does not affect how GitHub Enterprise Support uses support bundles to troubleshoot issues.
|
||||
- A PATCH request to the webhook configuration API no longer erases the webhook secret.
|
||||
- Certain types of pre-receive hooks were failing.
|
||||
- 'The Packages NuGet service now normalizes semantic versions on publish. An invalid semantic version (for example: v1.0.0.0.0.0) is not downloadable by NuGet clients and therefore a NuGet service is expected to normalize those versions (for example: v1.0.0.0.0.0 --> v1.0.0). Any original, non-normalized, version will be available in the `verbatimVersion` field. No changes to client configurations are required.'
|
||||
|
||||
known_issues:
|
||||
- On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are not maintained during an upgrade.
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.blog/2016-02-18-upload-files-to-your-repositories/) are incorrectly added directly to the repository.
|
||||
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
|
||||
- When maintenance mode is enabled, some services continue to be listed as "active processes". The services identified are expected to run during maintenance mode. If you experience this issue and are unsure, contact {% data variables.contact.contact_ent_support %}.
|
||||
- When GitHub Actions is enabled, use '`ghe-maintenance -u`' to unset maintenance mode.
|
||||
- 'Duplicated logging to `/var/log/messages`, `/var/log/syslog`, and `/var/log/user.log` results in increased root volume utilization.'
|
||||
- Users can dismiss a mandatory message without checking all checkboxes.
|
||||
- '[Pre-receive hook scripts](/admin/policies/enforcing-policy-with-pre-receive-hooks) cannot write temporary files, which may cause script execution to fail. Users who use pre-receive hooks should test in a staging environment to see if scripts require write access.'
|
||||
- Repository [deploy keys](/developers/overview/managing-deploy-keys) are unable to be used with repositories containing LFS objects.
|
||||
- Jupyter Notebook rendering in the web UI may fail if the notebook includes non-ASCII UTF-8 characters.
|
||||
- reStructuredText (RST) rendering in the web UI may fail and instead display raw RST markup text.
|
||||
- Dependency graph fails to parse `setup.py` Python manifest files, resulting in HTTP 500 errors in logs. This, combined with the duplicated logging issue, results in increased root volume utilization.
|
||||
- A race condition can cause dependency graph database migrations to appear to fail.
|
||||
- Instances with a custom timezone that were upgraded from an earlier release of GitHub Enterprise Server may have incorrect timestamps in the web UI.
|
||||
- Old builds of Pages are not cleaned up, which could fill up the user disk (`/data/user/`).
|
||||
- When deleting a branch after merging a pull request, an error message appears although the branch deletion succeeds.
|
||||
- When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
|
||||
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
|
||||
|
||||
deprecations:
|
||||
- heading: Deprecation of GitHub Enterprise Server 2.19
|
||||
notes:
|
||||
- '**{% data variables.product.prodname_ghe_server %} 2.19 is deprecated as of November 12, 2020**. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, [upgrade to the newest version of {% data variables.product.prodname_ghe_server %}](https://help.github.com/enterprise/admin/guides/installation/upgrading-github-enterprise/) as soon as possible.'
|
||||
- heading: Deprecation of Legacy GitHub App Webhook Events
|
||||
notes:
|
||||
- Starting with {% data variables.product.prodname_ghe_server %} 2.21.0 two legacy GitHub Apps-related webhook events have been deprecated and will be removed in {% data variables.product.prodname_ghe_server %} 3.2.0. The deprecated events `integration_installation` and `integration_installation_repositories` have equivalent events which will be supported. More information is available in the [deprecation announcement blog post](https://developer.github.com/changes/2020-04-15-replacing-the-installation-and-installation-repositories-events/).
|
||||
- heading: Deprecation of Legacy GitHub Apps Endpoint
|
||||
notes:
|
||||
- Starting with {% data variables.product.prodname_ghe_server %} 2.21.0 the legacy GitHub Apps endpoint for creating installation access tokens was deprecated and will be removed in {% data variables.product.prodname_ghe_server %} 3.2.0. More information is available in the [deprecation announcement blog post](https://developer.github.com/changes/2020-04-15-replacing-create-installation-access-token-endpoint/).
|
||||
- heading: Deprecation of OAuth Application API
|
||||
notes:
|
||||
- GitHub no longer supports the OAuth application endpoints that contain `access_token` as a path parameter. We have introduced new endpoints that allow you to securely manage tokens for OAuth Apps by moving `access_token` to the request body. While deprecated, the endpoints are still accessible in this version. We intend to remove these endpoints on {% data variables.product.prodname_ghe_server %} 3.4. For more information, see the [deprecation announcement blog post](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/).
|
||||
- heading: Deprecation of support for Semiotic
|
||||
notes:
|
||||
- The service supported a "Find by Symbol" experience in the pull request view that was not widely used.
|
||||
- heading: Deprecation of workflow commands
|
||||
notes:
|
||||
- '{% data variables.product.prodname_actions %} `set-env` and `add-path` workflow commands have been deprecated. For more information, see the [changelog](https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/).'
|
||||
|
||||
backups:
|
||||
- '{% data variables.product.prodname_ghe_server %} 3.0 requires at least [GitHub Enterprise Backup Utilities 3.0.0](https://github.com/github/backup-utils) for [Backups and Disaster Recovery](/enterprise-server@3.0/admin/configuration/configuring-backups-on-your-appliance).'
|
||||
|
|
@ -1,71 +0,0 @@
|
|||
date: '2021-03-02'
|
||||
intro: The minimum infrastructure requirements have increased for {% data variables.product.prodname_ghe_server %} 3.0+. For more information, see "[About minimum requirements for GitHub Enterprise Server 3.0 and later](/admin/enterprise-management/upgrading-github-enterprise-server#about-minimum-requirements-for-github-enterprise-server-30-and-later)."
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**HIGH:** An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability has been assigned CVE-2021-22861. This issue was reported via the [GitHub Bug Bounty Program](https://bounty.github.com).'
|
||||
- '**HIGH:** An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability has been assigned CVE-2021-22863. This issue was reported via the [GitHub Bug Bounty Program](https://bounty.github.com).'
|
||||
- '**HIGH:** An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server versions 3.0.0, 3.0.0.rc2, and 3.0.0.rc1 and has been assigned CVE-2021-22862. This vulnerability was reported via the GitHub Bug Bounty program.'
|
||||
- '**MEDIUM:** GitHub Tokens from GitHub Pages builds could end up in logs.'
|
||||
- 'Packages have been updated to the latest security versions.'
|
||||
bugs:
|
||||
- 'The load-balancer health checks in some cases could cause the babeld logs to fill up with errors about the PROXY protocol.'
|
||||
- 'The HTTP headers were not compliant with HTTP RFC standards in specific responses like 304 status for archives.'
|
||||
- 'On instances that host Python repositories with the Dependency Graph feature enabled, the instance could become unresponsive due to the root disk filling with error logs.'
|
||||
- 'An informational message was unintentionally logged as an error during GitHub Enterprise Backup Utilities snapshots, which resulted in unnecessary emails being sent when backups were scheduled by cron jobs that listen for output to stderr.'
|
||||
- 'On VMWare ESX 6.7 the initial configuration could hang while creating host keys which left the instance inaccessible via SSH.'
|
||||
- 'When GitHub Actions was enabled, disabling maintenance mode in the management console failed.'
|
||||
- 'The Package creation setting was shown on the organization member settings page, though this feature is not yet available.'
|
||||
- 'While enabling secret scanning on the Security & Analysis page the dialog incorrectly mentions private repositories.'
|
||||
- 'When editing a wiki page a user could experience a 500 error when clicking the Save button.'
|
||||
- 'An S/MIME signed commit using a certificate with multiple names in the subject alternative name would incorrectly show as "Unverified" in the commit badge.'
|
||||
- 'User saw 500 error when executing git operations on an instance configured with LDAP authentication.'
|
||||
- 'Suspended user was sent emails when added to a team.'
|
||||
- 'When a repository had a large number of manifests an error `You have reached the maximum number of allowed manifest files (20) for this repository.` was shown on the Insights -> Dependency graph tab. For more information, see [Visualization limits](https://docs.github.com/en/github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies#are-there-limits-which-affect-the-dependency-graph-data).'
|
||||
- 'Fixes users being shown the option to set up the Code Scanning CodeQL Action even if Actions was not enabled for their repository.'
|
||||
- 'The "Prevent repository admins from changing anonymous Git read access" checkbox available in the enterprise account settings could not be successfully enabled or disabled.'
|
||||
- 'The modal used to display a mandatory message contained no vertical scrollbar, meaning longer messages could not be viewed in full.'
|
||||
- 'Redis would sometimes fail to start after a hard reboot or application crash.'
|
||||
- 'Dependency graph fails to parse `setup.py` Python manifest files, resulting in HTTP 500 errors in logs. This, combined with the duplicated logging issue, results in increased root volume utilization.'
|
||||
changes:
|
||||
- 'Satisfy requests concurrently when multiple users are downloading the same archive, resulting in improved performance.'
|
||||
known_issues:
|
||||
- 'On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.'
|
||||
- 'Custom firewall rules are not maintained during an upgrade.'
|
||||
- 'Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.'
|
||||
- 'Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.'
|
||||
- 'When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.'
|
||||
- 'When maintenance mode is enabled, some services continue to be listed as "active processes". The services identified are expected to run during maintenance mode. If you experience this issue and are unsure, contact [GitHub Enterprise Support](https://support.github.com/contact).'
|
||||
- 'Duplicated logging to `/var/log/messages`, `/var/log/syslog`, and `/var/log/user.log` results in increased root volume utilization.'
|
||||
- 'Users can dismiss a mandatory message without checking all checkboxes.'
|
||||
- '[Pre-receive hook scripts](/admin/policies/enforcing-policy-with-pre-receive-hooks) cannot write temporary files, which may cause script execution to fail. Users who use pre-receive hooks should test in a staging environment to see if scripts require write access.'
|
||||
- 'Repository [deploy keys](/developers/overview/managing-deploy-keys) are unable to be used with repositories containing LFS objects.'
|
||||
- Jupyter Notebook rendering in the web UI may fail if the notebook includes non-ASCII UTF-8 characters.
|
||||
- 'reStructuredText (RST) rendering in the web UI may fail and instead display raw RST markup text.'
|
||||
- 'Dependency graph fails to parse `yarn.lock` Javascript manifest files, resulting in HTTP 500 errors in logs.'
|
||||
- 'Instances with a custom timezone that were upgraded from an earlier release of GitHub Enterprise Server may have incorrect timestamps in the web UI.'
|
||||
- 'Old builds of Pages are not cleaned up, which could fill up the user disk (`/data/user/`).'
|
||||
- 'When deleting a branch after merging a pull request, an error message appears although the branch deletion succeeds.'
|
||||
- |
|
||||
Users may experience assets such as avatars not loading, or a failure to push/pull code. This may be caused by a PID mismatch in the `haproxy-cluster-proxy` service. To determine if you have an affected instance:
|
||||
|
||||
**Single instance**
|
||||
|
||||
1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
|
||||
|
||||
```
|
||||
if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi
|
||||
```
|
||||
|
||||
2. If it shows that there is a mismatch, reboot the instance.
|
||||
|
||||
**Cluster or High Availability configuration**
|
||||
|
||||
1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
|
||||
|
||||
```
|
||||
ghe-cluster-each -- 'if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi'
|
||||
```
|
||||
|
||||
2. If it shows one or more nodes are affected, reboot the affected nodes.
|
||||
- 'When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.'
|
||||
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
date: '2021-06-24'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- 管理控制台中可能会积累大量 `gauge-dependency-graph-api-dispatch_dispatch` 指标。
|
||||
- sshd 服务有时无法从 Google Cloud Platform 上运行的实例启动。
|
||||
- 旧的升级文件将保留在用户磁盘上,有时会导致空间不足。
|
||||
- 日志轮换有时会中断后台作业。
|
||||
- '`gh-migrator` 显示其日志输出的路径不正确。'
|
||||
- 如果导出存档包含来自不在存档中的团队的审查请求,则导出存档将无法导入。
|
||||
known_issues:
|
||||
- 在新建的没有任何用户的 GitHub Enterprise Server 上,攻击者可以创建第一个管理员用户。
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
- 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
date: '2021-07-14'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**高:**在 GitHub Enterprise Server 中发现了一个在构建 GitHub Pages 站点时可以利用的路径遍历漏洞。GitHub Pages 使用的用户控制配置选项没有受到足够的限制,因此可以读取 GitHub Enterprise Server 实例上的文件。要利用此漏洞,攻击者需要获得在 GitHub Enterprise Server 实例上创建和构建 GitHub Pages 站点的权限。此漏洞影响 3.1.3 之前的所有 GitHub Enterprise Server 版本,编号为 CVE-2021-22867。此漏洞通过 GitHub Bug 悬赏计划报告。'
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- 未配置 SAML 到期日期变量。
|
||||
- 应用程序服务在配置应用期间的运行状况检查将失败,然后才能进入正常状态。
|
||||
- '如果启用了 HTTP 代理,则 `ghe-cluster-config-node-init` 会在群集设置期间失败。'
|
||||
- 预接收挂钩可能会遇到错误“未能解析当前可执行文件的完整路径”,因为 `/proc` 未装载至容器上。
|
||||
- Collectd 在初始启动后不会解析转发目标主机名。
|
||||
- 如果其中部分仓库因受法律保护而无法被清除,则清除陈旧的已删除仓库的作业可能会失败。
|
||||
- 运行 `git nw-gc --pristine` 会导致错误。
|
||||
- 后台作业将排入 `spam` 队列,这些作业不会得到处理。
|
||||
- 当 PR 合并失败后重新尝试时,首选合并方法将被重置。
|
||||
- 在使用 LDAP 身份验证模式的实例的用户协调过程中,Git 推送可能导致 500 内部服务器错误。
|
||||
changes:
|
||||
- 通过跳过未更改的 IP 允许防火墙规则,提高了配置应用效率,可在大型集群上节省大量时间。
|
||||
known_issues:
|
||||
- 在没有任何用户的新建 GitHub Enterprise Server 上,攻击者可能创建第一个管理员用户。
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
- 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
date: '2021-07-27'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- '自定义预接收挂钩可能会导致这样的错误:“错误:/data/user/repositories/0/nw/12/34/56/7890/network.git/objects 对象目录不存在,请查看 .git/objects/info/alternates”。'
|
||||
- 对于使用 HTTP 代理的所有用户,不支持使用未经身份验证的 HTTP 代理来进行页面容器构建。
|
||||
- 如果未启用依赖项关系图,则每当用户访问存储库的 `/settings` 页时,都会记录大量 503 错误。
|
||||
- 仅当用户通过团队或通过协作者状态与存储库有关联,或使用 `?type=internal` 参数查询时,才会返回内部存储库。
|
||||
- 失败的后台作业有无限制的重试,这可能会导致大的队列深度。
|
||||
- 如果在未启用依赖项关系图但启用了内容分析的情况下尝试运行将漏洞与 GitHub.com 同步的计划作业,则会生成大量 503 错误。
|
||||
changes:
|
||||
- "`babeld` 的日志现在包含一个用于 HTTP ref 广告请求的 `cmd` 字段,而不是仅在协商请求期间包含该字段。"
|
||||
known_issues:
|
||||
- "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
- 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
date: '2021-08-10'
|
||||
sections:
|
||||
bugs:
|
||||
- 如果在不运行定期计划备份的情况下启用 GitHub Actions,则 MSSQL 事务日志可能会无限增长,并且会占用设备数据磁盘上的所有可用空间,从而可能导致中断。
|
||||
- 对“存储库创建”组织设置所做更改的审核日志条目不准确。
|
||||
- "过多记录 `ActionController::UnknownFormat` 异常会导致不必要的磁盘使用。"
|
||||
- "LDAP `group_dn` 值超过 255 个字符将导致记录错误:`Data truncated for column 'group_dn' at row 1`。"
|
||||
changes:
|
||||
- 滥用速率限制现在称为辅助速率限制,因为它们限制的行为并不总是滥用。
|
||||
known_issues:
|
||||
- "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可能创建第一个管理员用户。"
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含指向同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能会将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
- 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
date: '2021-08-24'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- 将非常大的图像或动态 GIF 附加到图像或拉取请求将会失败。
|
||||
- 与自动更新相关的日志消息 (`Adding h/m/s random time.`) 被记录到系统日志中。
|
||||
- '使用 bash 子 shell 的自定义预接收挂钩将返回错误:`No such file or directory`。'
|
||||
- 创建命名管道 (FIFO) 的自定义预接收挂钩会崩溃或挂起,从而导致超时错误。
|
||||
- 向审核日志高级搜索页面添加筛选器时,不会使用正确的 Facet 前缀和值来实时填充查询文本框。
|
||||
- "导致请求失败的内部 API 的 Git 挂钩返回异常 `undefined method body for \"success\":String (NoMethodError)`,而不是返回显式的 `nil`。"
|
||||
- 删除集成时,可能还会删除不相关的 OAuth 应用程序或集成。
|
||||
- 添加包含表情符号字符的必填消息后,尝试查看或更改消息将返回 500 内部服务器错误。
|
||||
known_issues:
|
||||
- "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
|
||||
- 将在升级过程中删除自定义防火墙规则。
|
||||
- "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含指向同一存储库中 blob 文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
- 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
date: '2021-09-07'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- 如果未启动复制,则尝试通过使用 `ghe-repl-teardown` 为新添加的副本节点指定 UUID 来拆解该节点将失败,且不会报告错误。
|
||||
- GitHub Pages 生成将通过外部代理(如果配置了外部代理)进行传递。
|
||||
- 创建子进程的自定义预接收挂钩在其环境中缺少 `PATH` 变量,从而导致“无此类文件或目录”错误。
|
||||
- 如果启用了 `mysql-auto-failover`,则 MySQL 可在升级期间进行故障转移。
|
||||
known_issues:
|
||||
- "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
- 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
date: '2021-09-24'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '**高:**在 {% data variables.product.prodname_ghe_server %} 中发现了一个在构建 {% data variables.product.prodname_pages %} 站点时可以利用的路径遍历漏洞。{% data variables.product.prodname_pages %} 使用的用户控制配置选项没有受到足够的限制,因此可以读取 {% data variables.product.prodname_ghe_server %} 实例上的文件。要利用此漏洞,攻击者需要获得在 {% data variables.product.prodname_ghe_server %} 实例上创建和构建 {% data variables.product.prodname_pages %} 站点的权限。此漏洞影响 3.1.8 之前的所有 {% data variables.product.prodname_ghe_server %} 版本,并在 3.1.8、3.0.16 和 2.22.22 中修复。这是 CVE-2021-22867 修复不完整的结果。此漏洞通过 GitHub Bug 悬赏计划报告,编号为 CVE-2021-22868。{% comment %} https://github.com/github/pages/pull/3360, https://github.com/github/pages/pull/3357 {% endcomment %}'
|
||||
- '**中:**{% data variables.product.prodname_ghe_server %} 中的不正确访问控制漏洞允许工作流作业在其不应访问的自承载运行器组中执行。这会影响使用自承载运行器组进行访问控制的客户。由于请求期间的身份验证检查不正确,有权访问一个企业运行器组的存储库可以访问组织内的所有企业运行器组。这可能会导致代码被不正确的运行器组无意运行。此漏洞影响 3.0.0-3.0.15 以及 3.1.0-3.1.7 的所有 {% data variables.product.prodname_ghe_server %} 版本,并在 3.0.16 和 3.1.8 中修复。其编号为 CVE-2021-22869。{% comment %} https://github.com/github/enterprise2/pull/27003 {% endcomment %}'
|
||||
bugs:
|
||||
- '在维护模式期间,Resque 工作进程计数显示不正确。{% comment %} https://github.com/github/enterprise2/pull/26898, https://github.com/github/enterprise2/pull/26883 {% endcomment %}'
|
||||
- '在群集模式下,分配的 memcached 内存可能为零。{% comment %} https://github.com/github/enterprise2/pull/26927, https://github.com/github/enterprise2/pull/26832 {% endcomment %}'
|
||||
- '请修复 {% data variables.product.prodname_pages %} 构建,以便考虑设备的 NO_PROXY 设置。这仅与配置了 HTTP 代理的设备有关。(更新时间:2021-09-30){% comment %} https://github.com/github/pages/pull/3360 {% endcomment %}'
|
||||
- '即使不使用 `ghe-restore` 的 `--config` 选项,源实例的 GitHub Connect 配置也始终恢复到新实例。如果源实例和目标实例同时联机,这将导致与 GitHub Connect 连接和许可证同步发生冲突。该修复还需要将 backup-utils 更新到 3.2.0 或更高版本。[更新时间:2021-11-18]'
|
||||
known_issues:
|
||||
- "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
- 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
date: '2021-10-12'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '包已更新到最新的安全版本。{% comment %} https://github.com/github/enterprise2/pull/27034, https://github.com/github/enterprise2/pull/27010 {% endcomment %}'
|
||||
bugs:
|
||||
- '由于过于严格的虚拟内存或 CPU 时间限制,自定义预接收挂钩可能会失败。{% comment %} https://github.com/github/enterprise2/pull/26971, https://github.com/github/enterprise2/pull/26955 {% endcomment %}'
|
||||
- '通过尝试使用 `ghe-cleanup-settings` 擦除所有现有配置设置,未能重启管理控制台服务。{% comment %} https://github.com/github/enterprise2/pull/26986, https://github.com/github/enterprise2/pull/26901 {% endcomment %}'
|
||||
- '在通过 `ghe-repl-teardown` 拆解复制期间,Memcached 未能重启。{% comment %} https://github.com/github/enterprise2/pull/26992, https://github.com/github/enterprise2/pull/26983 {% endcomment %}'
|
||||
- '在高负载期间,当上游服务未通过内部运行状况检查时,用户将收到 HTTP 503 状态代码。{% comment %} https://github.com/github/enterprise2/pull/27081, https://github.com/github/enterprise2/pull/26999 {% endcomment %}'
|
||||
- '禁止预接收挂钩环境通过 Alpine 上的 BusyBox 调用 cat 命令。{% comment %} https://github.com/github/enterprise2/pull/27114, https://github.com/github/enterprise2/pull/27094 {% endcomment %}'
|
||||
- '外部数据库密码以明文形式记录。{% comment %} https://github.com/github/enterprise2/pull/27172, https://github.com/github/enterprise2/pull/26413 {% endcomment %}'
|
||||
- '运行 `ghe-config-apply` 时可能会显示错误的 `jq` 错误消息。{% comment %} https://github.com/github/enterprise2/pull/27203, https://github.com/github/enterprise2/pull/26784 {% endcomment %}'
|
||||
- '从主群集数据中心故障转移到辅助群集数据中心成功,但随后故障转移回原始主群集数据中心时未能提升 Elasticsearch 索引。{% comment %} https://github.com/github/github/pull/193180, https://github.com/github/github/pull/192447 {% endcomment %}'
|
||||
- '存储库自承载运行器的“站点管理员”页面返回 HTTP 500。{% comment %} https://github.com/github/github/pull/194205 {% endcomment %}'
|
||||
- '在某些情况下,尝试查看“休眠用户”页面的 GitHub Enterprise 管理员会收到“502 网关错误”或“504 网关超时”响应。{% comment %} https://github.com/github/github/pull/194259, https://github.com/github/github/pull/193609 {% endcomment %}'
|
||||
changes:
|
||||
- '更有效地删除超出 Webhook 日志保留时段的 Webhook 日志。{% comment %} https://github.com/github/enterprise2/pull/27157 {% endcomment %}'
|
||||
known_issues:
|
||||
- "在没有任何用户的新建 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
|
||||
- 自定义防火墙规则在升级过程中被移除。
|
||||
- "Git LFS 跟踪的[通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories)文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 在 GitHub Connect 中启用了“用户可以搜索 GitHub.com”时,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
- 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
date: '2021-10-28'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '多个已知弱 SSH 公钥已添加到拒绝列表中,无法再进行注册。此外,已知会生成弱 SSH 密钥的 GitKraken 版本(7.6.x、7.7.x 和 8.0.0)已被阻止注册新的公钥。'
|
||||
- '包已更新到最新的安全版本。'
|
||||
bugs:
|
||||
- '拥有许多组织的用户无法使用应用程序的多个部分。'
|
||||
known_issues:
|
||||
- "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
- 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
date: '2021-11-09'
|
||||
sections:
|
||||
security_fixes:
|
||||
- "在 {% data variables.product.prodname_pages %} 中发现了一个在构建 {% data variables.product.prodname_ghe_server %} 时攻击者可利用来读取系统文件的路径遍历漏洞。要利用此漏洞,攻击者需要获得在 {% data variables.product.prodname_ghe_server %} 实例上创建和构建 {% data variables.product.prodname_pages %} 站点的权限。此漏洞影响 3.3 之前的所有 {% data variables.product.prodname_ghe_server %} 版本,并在 3.0.19、3.1.11 和 3.2.3 中修复。该漏洞通过 {% data variables.product.company_short %} Bug 悬赏计划报告,编号为 CVE-2021-22870。"
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- "部分 Git 操作在升级 {% data variables.product.prodname_ghe_server %} 3.x 群集后失败,原因在于 HAProxy 配置。"
|
||||
- 在群集模式下,Unicorn 工作线程计数可能会设置错误。
|
||||
- 在群集模式下,Resqued 工作线程计数可能会设置错误。
|
||||
- 如果 Ubuntu 简单防火墙 (UFW) 状态为非活动状态,则客户端无法在日志中清楚地看到它。
|
||||
- 某些页面和与 Git 相关的后台作业可能无法在具有某些群集配置的群集模式下运行。
|
||||
- "企业审核日志页面不会显示 {% data variables.product.prodname_secret_scanning %} 的审核事件。"
|
||||
- '在查看文件时,不会警告用户有潜在危险的双向 unicode 字符。有关详细信息,请参阅 {% data variables.product.prodname_blog %} 中的“[有关双向 Unicode 文本的警告](https://github.co/hiddenchars)”。'
|
||||
- Hookshot Go 发送了 Collectd 无法处理的分布类型指标,这导致解析错误激增。
|
||||
- "公共存储库显示来自 {% data variables.product.prodname_secret_scanning %} 的意外结果,类型为“未知令牌”。"
|
||||
known_issues:
|
||||
- "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
- 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
|
||||
|
|
@ -1,57 +0,0 @@
|
|||
date: '2021-03-16'
|
||||
intro: The minimum infrastructure requirements have increased for {% data variables.product.prodname_ghe_server %} 3.0+. For more information, see "[About minimum requirements for GitHub Enterprise Server 3.0 and later](/admin/enterprise-management/upgrading-github-enterprise-server#about-minimum-requirements-for-github-enterprise-server-30-and-later)."
|
||||
sections:
|
||||
security_fixes:
|
||||
- Packages have been updated to the latest security versions.
|
||||
bugs:
|
||||
- During a backup an error "Warning: One or more storage objects were not found on the source appliance." was occurring when attempting to clean up purgeable storage objects.
|
||||
- Dependency graph failed to parse `yarn.lock` JavaScript manifest files, resulting in HTTP 500 errors in logs.
|
||||
- Disabling GitHub Actions would sometimes fail.
|
||||
- Custom pre-receive hooks weren't allowed to write to `/tmp`, preventing some scripts from running correctly.
|
||||
- Systemd journal logs were duplicated in multiple places.
|
||||
- A timezone set on GitHub Enterprise 11.10.x or earlier was reset to UTC time after upgrading to 3.0 which caused timestamps to shift in some instances.
|
||||
- Clicking "Publish your first package" in the packages sidebar on a repository would lead to an empty page.
|
||||
- A site admin could get a 500 error page while trying to view issues referenced from private repositories.
|
||||
- After disabling GitHub Packages, some organization pages would return an HTTP 500 error response.
|
||||
- Importing of repository archives from GitHub Enterprise Server that are missing repository files would fail with an error.
|
||||
- Repository [deploy keys](/developers/overview/managing-deploy-keys) were unable to be used with repositories containing LFS objects.
|
||||
- In the packages sidebar of a repository, the Docker icon was gray and a tool tip displayed "This service is deprecated".
|
||||
- Webhooks configured with a content type of `application/x-www-form-urlencoded` did not receive query parameters in the POST request body.
|
||||
- Users could dismiss a mandatory message without checking all checkboxes.
|
||||
- In some cases after upgrading from a 2.22.X instance, the web interface assets were missing and the page would not render correctly.
|
||||
- Running `ghe-config-apply` could time out with `Failure waiting for nomad jobs to apply` due to `'job' stanza not found`.
|
||||
known_issues:
|
||||
- On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are not maintained during an upgrade.
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
|
||||
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
|
||||
- When maintenance mode is enabled, some services continue to be listed as "active processes". The services identified are expected to run during maintenance mode. If you experience this issue and are unsure, contact [GitHub Enterprise Support](https://support.github.com/contact).
|
||||
- Jupyter Notebook rendering in the web UI may fail if the notebook includes non-ASCII UTF-8 characters.
|
||||
- reStructuredText (RST) rendering in the web UI may fail and instead display raw RST markup text.
|
||||
- Old builds of Pages are not cleaned up, which could fill up the user disk (`/data/user/`).
|
||||
- When deleting a branch after merging a pull request, an error message appears although the branch deletion succeeds.
|
||||
- |
|
||||
Users may experience assets such as avatars not loading, or a failure to push/pull code. This may be caused by a PID mismatch in the `haproxy-cluster-proxy` service. To determine if you have an affected instance:
|
||||
|
||||
**Single instance**
|
||||
|
||||
1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
|
||||
|
||||
```
|
||||
if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi
|
||||
```
|
||||
|
||||
2. If it shows that there is a mismatch, reboot the instance.
|
||||
|
||||
**Cluster or High Availability configuration**
|
||||
|
||||
1. Run this in the [administrative shell](https://docs.github.com/en/enterprise-server/admin/configuration/accessing-the-administrative-shell-ssh) (SSH):
|
||||
|
||||
```
|
||||
ghe-cluster-each -- 'if [ $(cat /var/run/haproxy-cluster-proxy.pid) -ne $(systemctl show --property MainPID --value haproxy-cluster-proxy) ]; then echo 'Main PID of haproxy-cluster-proxy does not match /var/run/haproxy-cluster-proxy.pid'; fi'
|
||||
```
|
||||
|
||||
2. If it shows one or more nodes are affected, reboot the affected nodes.
|
||||
- When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
|
||||
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
date: '2021-11-23'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 包已更新到最新的安全版本。
|
||||
bugs:
|
||||
- 如果未定义 `PATH`,预接收挂钩会失败。
|
||||
- '如果曾将实例配置为副本,运行 `ghe-repl-setup` 会返回错误:“无法创建目录 /data/user/elasticsearch:文件已存在”。'
|
||||
- 在大型群集环境中,某部分前端节点可能无法使用身份验证后端。
|
||||
- 在 GHES 群集的后端节点上,一些关键服务可能不可用。
|
||||
changes:
|
||||
- 在使用 `ghe-cluster-suport-bundle` 创建群集支持包时,现在会默认关闭额外一层的外部 `gzip` 压缩。使用 `ghe-cluster-suport-bundle -c` 命令行选项可以选择应用此外部压缩。
|
||||
- 我们在管理控制台添加了额外的文本,以提醒用户移动应用的数据收集,目的是改善体验。
|
||||
- "{% data variables.product.prodname_github_connect %} 数据连接记录现在会列出已启用的 {% data variables.product.prodname_github_connect %} 功能。[更新时间:2021-12-09]"
|
||||
known_issues:
|
||||
- "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
- 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
date: '2021-12-07'
|
||||
sections:
|
||||
security_fixes:
|
||||
- 支持包可以包含敏感文件,前提是它们满足一组特定条件。
|
||||
- "在 GitHub Enterprise Server 中发现了一个 UI 虚假陈述漏洞,该漏洞允许在 GitHub 应用程序的用户授权 Web 流期间授予比在审批期间向用户显示的更多权限。此漏洞影响 GitHub Enterprise Server 3.3 之前的所有版本,已在 3.2.5、3.1.13 和 3.0.21 中修复。此漏洞通过 GitHub Bug 赏金计划报告,编号为 [CVE-2021-41598](https://www.cve.org/CVERecord?id=CVE-2021-41598)。"
|
||||
- "在 GitHub Enterprise Server 中发现了一个在构建 GitHub Pages 站点时可以利用的远程代码执行漏洞。此漏洞影响 GitHub Enterprise Server 3.3 之前的所有版本,已在 3.0.21、3.1.13 和 3.2.5 中修复。此漏洞通过 GitHub Bug 赏金计划报告,编号为 [CVE-2021-41599](https://www.cve.org/CVERecord?id=CVE-2021-41599)。更新时间:2022 年 2 月 17 日。"
|
||||
bugs:
|
||||
- 由于 `/data/user/tmp/pages` 中存在权限问题,运行 `ghe-config-apply` 有时可能会失败。
|
||||
- 管理控制台中的错误配置导致了调度错误。
|
||||
- Docker 会在日志轮换后保持日志文件打开。
|
||||
- GraphQL 请求未在预接收挂钩环境中设置 GITHUB_USER_IP 变量。
|
||||
changes:
|
||||
- 阐明了文档中对 Actions 路径样式的解释。
|
||||
- 更新支持联系 URL 以使用当前支持站点 support.github.com。
|
||||
known_issues:
|
||||
- "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
|
||||
- 将在升级过程中删除自定义防火墙规则。
|
||||
- "Git LFS 跟踪的 [通过 Web 界面上传的](https://github.com/blog/2105-upload-files-to-your-repositories) 文件被错误地直接添加到存储库。"
|
||||
- 如果问题包含指向同一存储库中 Blob 的永久链接,且 Blob 的文件路径长度超过 255 个字符,则无法关闭问题。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置中脱机时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到脱机节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
- 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
date: '2021-12-13'
|
||||
sections:
|
||||
security_fixes:
|
||||
- '{% octicon "alert" aria-label="The alert icon" %} **严重:**在 Log4j 库中发现远程代码执行漏洞,该漏洞会影响 3.3.1 之前的所有 {% data variables.product.prodname_ghe_server %} 版本,漏洞编号为[CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228)。Log4j 库用于在 {% data variables.product.prodname_ghe_server %} 实例上运行的开源服务。已在 {% data variables.product.prodname_ghe_server %} 3.0.22、3.1.14、3.2.6 和 3.3.1 中修复该漏洞。 有关详细信息,请参阅 GitHub 博客[文章](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/)。'
|
||||
- '**2021 年 12 月 17 日更新**:此版本中的修复也能缓解在该版本之后发布的 [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046)。无需再升级 {% data variables.product.prodname_ghe_server %},即可缓解 CVE-2021-44228 和 CVE-2021-45046。'
|
||||
known_issues:
|
||||
- "在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 上,攻击者可以创建第一个管理员用户。"
|
||||
- 自定义防火墙规则在升级过程中被删除。
|
||||
- "[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories)的 Git LFS 跟踪文件被错误地直接添加到存储库。"
|
||||
- 问题若是包含同一存储库中文件路径长于 255 个字符的 blob 的永久链接,则无法关闭。
|
||||
- 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后,专用和内部存储库中的问题不包括在 GitHub.com 搜索结果中。
|
||||
- "当副本节点在高可用性配置下离线时,{% data variables.product.product_name %} 仍可能将 {% data variables.product.prodname_pages %} 请求路由到离线节点,从而减少用户的 {% data variables.product.prodname_pages %} 可用性。"
|
||||
- 特定于处理预接收挂钩的资源限制可能导致部分预接收挂钩失败。
|
||||
Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше
Загрузка…
Ссылка в новой задаче