diff --git a/data/release-notes/enterprise-server/3-2/18.yml b/data/release-notes/enterprise-server/3-2/18.yml
new file mode 100644
index 0000000000..818d03df01
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-2/18.yml
@@ -0,0 +1,16 @@
+date: '2022-08-30'
+sections:
+ bugs:
+ - Duplicate administrative SSH keys could appear in both the Management Console and the `/home/admin/.ssh/authorized_keys` file.
+ - In some cases, background tasks could stall due to a library that was used concurrently despite not being thread-safe.
+ changes:
+ - Generation of support bundles is faster as a result of parallelized log sanitization. For more information about support bundles, see "[Providing data to GitHub Support](/support/contacting-github-support/providing-data-to-github-support)."
+ known_issues:
+ - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+ - Custom firewall rules are removed during the upgrade process.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
+ - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+ - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+ - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'
diff --git a/data/release-notes/enterprise-server/3-3/13.yml b/data/release-notes/enterprise-server/3-3/13.yml
new file mode 100644
index 0000000000..7072e70f12
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-3/13.yml
@@ -0,0 +1,23 @@
+date: '2022-08-30'
+sections:
+ bugs:
+ - After unlocking a repository for temporary access, a site administrator was unable to manage settings for security products in the repository.
+ - Duplicate administrative SSH keys could appear in both the Management Console and the `/home/admin/.ssh/authorized_keys` file.
+ - In some cases, running `ghe-cluster-config-apply` could replicate an empty configuration to existing nodes in a cluster.
+ - In some cases, configuration runs started with `ghe-config-apply` did not complete, or returned a `Container count mismatch` error.
+ - After updating a self-signed TLS certificate on a GitHub Enterprise Server instance, UI elements on some pages in the web interface did not appear.
+ - In some cases, background tasks could stall due to a library that was used concurrently despite not being thread-safe.
+ changes:
+ - Generation of support bundles is faster as a result of parallelized log sanitization. For more information about support bundles, see "[Providing data to GitHub Support](/support/contacting-github-support/providing-data-to-github-support)."
+ - The enterprise audit log now includes more user-generated events, such as `project.create`. The REST API also returns additional user-generated events, such as `repo.create`. For more information, see "[Accessing the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise)" and "[Using the audit log API for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise#querying-the-audit-log-rest-api)."
+ known_issues:
+ - After upgrading to {% data variables.product.prodname_ghe_server %} 3.3, {% data variables.product.prodname_actions %} may fail to start automatically. To resolve this issue, connect to the appliance via SSH and run the `ghe-actions-start` command.
+ - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+ - Custom firewall rules are removed during the upgrade process.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
+ - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+ - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+ - '{% data variables.product.prodname_actions %} storage settings cannot be validated and saved in the {% data variables.enterprise.management_console %} when "Force Path Style" is selected, and must instead be configured with the `ghe-actions-precheck` command line utility.'
+ - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'
diff --git a/data/release-notes/enterprise-server/3-4/8.yml b/data/release-notes/enterprise-server/3-4/8.yml
new file mode 100644
index 0000000000..6353897f97
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-4/8.yml
@@ -0,0 +1,26 @@
+date: '2022-08-30'
+sections:
+ bugs:
+ - After unlocking a repository for temporary access, a site administrator was unable to manage settings for security products in the repository.
+ - Duplicate administrative SSH keys could appear in both the Management Console and the `/home/admin/.ssh/authorized_keys` file.
+ - The site admin page for individual users at http(s)://HOSTNAME/stafftools/users/USERNAME/admin contained functionality not intended for GitHub Enterprise Server.
+ - In some cases, running `ghe-cluster-config-apply` could replicate an empty configuration to existing nodes in a cluster.
+ - In some cases, configuration runs started with `ghe-config-apply` did not complete, or returned a `Container count mismatch` error.
+ - After updating a self-signed TLS certificate on a GitHub Enterprise Server instance, UI elements on some pages in the web interface did not appear.
+ - In some cases, background tasks could stall due to a library that was used concurrently despite not being thread-safe.
+ changes:
+ - Generation of support bundles is faster as a result of parallelized log sanitization. For more information about support bundles, see "[Providing data to GitHub Support](/support/contacting-github-support/providing-data-to-github-support)."
+ - APIs that contain the `organization` or `org` route now accept either the organization's slug or ID. Previously, the APIs only accepted slugs, which caused `Link` headers for GitHub Advanced Security endpoints to be inaccessible. For more information, see "[Organizations](https://docs.github.com/rest/orgs/orgs)" in the REST API documentation.
+ - The enterprise audit log now includes more user-generated events, such as `project.create`. The REST API also returns additional user-generated events, such as `repo.create`. For more information, see "[Accessing the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise)" and "[Using the audit log API for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise#querying-the-audit-log-rest-api)."
+ known_issues:
+ - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+ - Custom firewall rules are removed during the upgrade process.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
+ - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+ - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+ - |
+ After registering a self-hosted runner with the `--ephemeral` parameter on more than one level (for example, both enterprise and organization), the runner may get stuck in an idle state and require re-registration. [Updated: 2022-06-17]
+ - After upgrading to {% data variables.product.prodname_ghe_server %} 3.4, releases may appear to be missing from repositories. This can occur when the required Elasticsearch index migrations have not successfully completed.
+ - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'
diff --git a/data/release-notes/enterprise-server/3-5/5.yml b/data/release-notes/enterprise-server/3-5/5.yml
new file mode 100644
index 0000000000..1864d8e999
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-5/5.yml
@@ -0,0 +1,27 @@
+date: '2022-08-30'
+sections:
+ bugs:
+ - After unlocking a repository for temporary access, a site administrator was unable to manage settings for security products in the repository.
+ - Duplicate administrative SSH keys could appear in both the Management Console and the `/home/admin/.ssh/authorized_keys` file.
+ - The site admin page for individual users at http(s)://HOSTNAME/stafftools/users/USERNAME/admin contained functionality not intended for GitHub Enterprise Server.
+ - In some cases, running `ghe-cluster-config-apply` could replicate an empty configuration to existing nodes in a cluster.
+ - In some cases, configuration runs started with `ghe-config-apply` did not complete, or returned a `Container count mismatch` error.
+ - After updating a self-signed TLS certificate on a GitHub Enterprise Server instance, UI elements on some pages in the web interface did not appear.
+ - The site admin bar at the top of the web interface contained a broken link to the SHA for the currently running version of the application.
+ - In some cases, background tasks could stall due to a library that was used concurrently despite not being thread-safe.
+ - Alerts from secret scanning for GitHub Advanced Security customers were missing in the web UI and REST API if a site administrator did not upgrade directly to GitHub Enterprise Server 3.4. The alerts are now visible.
+ - When a user forked a repository into an organization, a long list of organizations would not render properly.
+ changes:
+ - Generation of support bundles is faster as a result of parallelized log sanitization. For more information about support bundles, see "[Providing data to GitHub Support](/support/contacting-github-support/providing-data-to-github-support)."
+ - APIs that contain the `organization` or `org` route now accept either the organization's slug or ID. Previously, the APIs only accepted slugs, which caused `Link` headers for GitHub Advanced Security endpoints to be inaccessible. For more information, see "[Organizations](https://docs.github.com/rest/orgs/orgs)" in the REST API documentation.
+ - The enterprise audit log now includes more user-generated events, such as `project.create`. The REST API also returns additional user-generated events, such as `repo.create`. For more information, see "[Accessing the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise)" and "[Using the audit log API for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise#querying-the-audit-log-rest-api)."
+ - In some cases, cache replicas could reject some Git operations on recently updated repositories. For more information about repository caching, see "[About repository caching](/admin/enterprise-management/caching-repositories/about-repository-caching)."
+ known_issues:
+ - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+ - Custom firewall rules are removed during the upgrade process.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+ - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+ - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+ - Actions services need to be restarted after restoring an appliance from a backup taken on a different host.
diff --git a/data/release-notes/enterprise-server/3-6/1.yml b/data/release-notes/enterprise-server/3-6/1.yml
new file mode 100644
index 0000000000..f31b9cb734
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-6/1.yml
@@ -0,0 +1,33 @@
+date: '2022-08-30'
+sections:
+ bugs:
+ - After unlocking a repository for temporary access, a site administrator was unable to manage settings for security products in the repository.
+ - Duplicate administrative SSH keys could appear in both the Management Console and the `/home/admin/.ssh/authorized_keys` file.
+ - The site admin page for individual users at http(s)://HOSTNAME/stafftools/users/USERNAME/admin contained functionality not intended for GitHub Enterprise Server.
+ - In some cases, running `ghe-cluster-config-apply` could replicate an empty configuration to existing nodes in a cluster.
+ - In some cases, configuration runs started with `ghe-config-apply` did not complete, or returned a `Container count mismatch` error.
+ - After updating a self-signed TLS certificate on a GitHub Enterprise Server instance, UI elements on some pages in the web interface did not appear.
+ - In some cases, background tasks could stall due to a library that was used concurrently despite not being thread-safe.
+ - The site admin bar at the top of the web interface contained a broken link to the SHA for the currently running version of the application.
+ - Organization owners were unable to set the level of access required to create discussions.
+ - Discussions users were incorrectly directed to the community guidelines for GitHub.com.
+ - In some cases, users were incorrectly instructed to verify their email before creating a discussion.
+ - Alerts from secret scanning for GitHub Advanced Security customers were missing in the web UI and REST API if a site administrator did not upgrade directly to GitHub Enterprise Server 3.4. The alerts are now visible.
+ changes:
+ - Generation of support bundles is faster as a result of parallelized log sanitization. For more information about support bundles, see "[Providing data to GitHub Support](/support/contacting-github-support/providing-data-to-github-support)."
+ - APIs that contain the `organization` or `org` route now accept either the organization's slug or ID. Previously, the APIs only accepted slugs, which caused `Link` headers for GitHub Advanced Security endpoints to be inaccessible. For more information, see "[Organizations](https://docs.github.com/rest/orgs/orgs)" in the REST API documentation.
+ - The enterprise audit log now includes more user-generated events, such as `project.create`. The REST API also returns additional user-generated events, such as `repo.create`. For more information, see "[Accessing the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise)" and "[Using the audit log API for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise#querying-the-audit-log-rest-api)."
+ - In some cases, cache replicas could reject some Git operations on recently updated repositories. For more information about repository caching, see "[About repository caching](/admin/enterprise-management/caching-repositories/about-repository-caching)."
+ - You can now configure the global announcement banner to be dismissable using the REST API. For more information, see "[Customizing user messages for your enterprise](/admin/user-management/managing-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner)."
+ known_issues:
+ - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+ - Custom firewall rules are removed during the upgrade process.
+ - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+ - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+ - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+ - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+ - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+ - Actions services need to be restarted after restoring an instance from a backup taken on a different host.
+ - In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
+ - In some cases, users cannot convert existing issues to discussions.
+ - Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
diff --git a/data/reusables/release-notes/ghas-3.4-secret-scanning-known-issue.md b/data/reusables/release-notes/ghas-3.4-secret-scanning-known-issue.md
index 14f4157528..04d9906902 100644
--- a/data/reusables/release-notes/ghas-3.4-secret-scanning-known-issue.md
+++ b/data/reusables/release-notes/ghas-3.4-secret-scanning-known-issue.md
@@ -1,8 +1,8 @@
{% ifversion ghes < 3.5 %}
-In some cases, GitHub Advanced Security customers who upgrade to GitHub Enterprise Server 3.5 or later may notice that alerts from secret scanning are missing in the web UI and REST API. To ensure the alerts remain visible, do not skip 3.4 when you upgrade from an earlier release to 3.5 or later. A fix will be available in upcoming patch releases.
+In some cases, GitHub Advanced Security customers who upgrade to GitHub Enterprise Server 3.5 or later may notice that alerts from secret scanning are missing in the web UI and REST API. To ensure the alerts remain visible, do not skip 3.4 when you upgrade from an earlier release to 3.5 or later. A fix is available in the [3.5.5](/enterprise-server@3.5/admin/release-notes#3.5.5) and [3.6.1](/enterprise-server@3.6/admin/release-notes#3.6.1) patch releases.
-To plan an upgrade through 3.4, see the [Upgrade assistant](https://support.github.com/enterprise/server-upgrade). [Updated: 2022-08-26]
+To plan an upgrade through 3.4, see the [Upgrade assistant](https://support.github.com/enterprise/server-upgrade). [Updated: 2022-09-01]
{% elsif ghes = 3.5 or ghes = 3.6 %}
@@ -11,6 +11,6 @@ In some cases, GitHub Advanced Security customers who upgrade to GitHub Enterpri
- To display the missing alerts for all repositories owned by an organization, organization owners can navigate to the organization's **Code security and analysis** settings, then click **Enable all** for secret scanning. For more information, see "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories)."
- To display the missing alerts for an individual repository, people with admin access to the repository can disable then enable secret scanning for the repository. For more information, see "[Managing security and analysis settings for your repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)."
-A fix will be available in an upcoming patch release. [Updated: 2022-08-26]
+A fix is available in the {% ifversion ghes = 3.5 %}[3.5.5](/admin/release-notes#3.5.5){% elsif ghes = 3.6 %}[3.6.1](/admin/release-notes#3.6.1){% endif %} patch release. [Updated: 2022-09-01]
{% endif %}