GHES Patch Release Notes (#36482)

Co-authored-by: Release-Controller <runner@fv-az221-295.rdwmklopv5je1nmcb30mjggtwb.cx.internal.cloudapp.net> Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com> Co-authored-by: Melanie Yarbrough <11952755+myarb@users.noreply.github.com>
2023-04-19 14:07:46 +00:00 · 2023-04-19 14:07:46 +00:00 · f5f768f055
--- a/data/release-notes/enterprise-server/3-5/16.yml
+++ b/data/release-notes/enterprise-server/3-5/16.yml
@ -0,0 +1,21 @@
+date: '2023-04-18'
+sections:
+  bugs:
+    - In some cases, graphs on the Management Console's monitor dashboard failed to render. 
+    - On an instance with GitHub Connect enabled, if "Users can search GitHub.com" was enabled, issues in private and internal repositories were not included in users search results for GitHub.com. 
+  changes:
+    - To avoid a failure during a configuration run on a cluster, validation of `cluster.conf` with the `ghe-cluster-config-check` utility ensures that the `consul-datacenter` field for each node matches the top-level `primary-datacenter` field. 
+    - If a site administrator provides an invalid configuration for blob storage for GitHub Actions or GitHub Packages on an instance, the preflight checks page displays details and troubleshooting information. 
+  known_issues:
+    - |
+      Custom firewall rules are removed during the upgrade process.
+    - |
+      Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - |
+      The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - |
+      Actions services need to be restarted after restoring an appliance from a backup taken on a different host.
+    - |
+      {% data reusables.release-notes.2022-09-hotpatch-issue %}
+    - |
+      {% data reusables.release-notes.babeld-max-threads-performance-issue %}
--- a/data/release-notes/enterprise-server/3-6/12.yml
+++ b/data/release-notes/enterprise-server/3-6/12.yml
@ -0,0 +1,25 @@
+date: '2023-04-18'
+sections:
+  bugs:
+    - Download requests for Git LFS objects did not complete until reporting the final download size, which affected the latency of these requests, particularly on an instance with nodes functioning as repository caches. 
+    - In some cases, graphs on the Management Console's monitor dashboard failed to render. 
+    - On an instance with GitHub Connect enabled, if "Users can search GitHub.com" was enabled, issues in private and internal repositories were not included in users search results for GitHub.com. 
+    - After restoration of a deleted organization, the organization did not appear in the instance's list of organizations. 
+  changes:
+    - To avoid a failure during a configuration run on a cluster, validation of `cluster.conf` with the `ghe-cluster-config-check` utility ensures that the `consul-datacenter` field for each node matches the top-level `primary-datacenter` field. 
+    - If a site administrator provides an invalid configuration for blob storage for GitHub Actions or GitHub Packages on an instance, the preflight checks page displays details and troubleshooting information. 
+  known_issues:
+    - |
+      Custom firewall rules are removed during the upgrade process.
+    - |
+      Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - |
+      The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - |
+      {% data reusables.release-notes.babeld-max-threads-performance-issue %}
+    - |
+      In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
+    - |
+      Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
+    - |
+      {% data reusables.release-notes.repository-inconsistencies-errors %}
--- a/data/release-notes/enterprise-server/3-7/8.yml
+++ b/data/release-notes/enterprise-server/3-7/8.yml
@ -32,7 +32,7 @@ sections:
      An enterprise owner could not enable two-factor authentication (2FA) for an instance if any enterprise owners had not enabled 2FA for their user accounts. [Updated: 2023-04-17]
  changes:
    - When the dependency submission API received a submission with one or more dependencies without a version, the dependency graph will now correctly report this fact. 
-    - To avoid a failure during a configuration run on a cluster, validation of `cluster.conf` with the `ghe-cluster-config-check` utility ensures that the `consul-datacenter` field for each nodes matches the top-level `primary-datacenter` field. 
+    - To avoid a failure during a configuration run on a cluster, validation of `cluster.conf` with the `ghe-cluster-config-check` utility ensures that the `consul-datacenter` field for each node matches the top-level `primary-datacenter` field. 
    - On an instance in a cluster configuration, when a site administrator sets maintenance mode on a single cluster node using `ghe-maintenance -s`, the utility warns the administrator to use `ghe-cluster-maintenance -s` to set maintenance mode on all of the clusters nodes. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode#enabling-or-disabling-maintenance-mode-for-all-nodes-in-a-cluster)." 
    - When a site administrator configures an outbound web proxy server for GitHub Enterprise Server, the instance now validates top-level domains (TLDs) excluded from the proxy configuration. By default, you can exclude public TLDs that the IANA specifies. Site administrators can specify a list of unregistered TLDs to exclude using `ghe-config`. The `.` prefix is required for any public TLDs. For example, `.example.com` is valid, but `example.com` is invalid. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-an-outbound-web-proxy-server)." 
    - To avoid intermittent issues with the success of Git operations on an instance with multiple nodes, GitHub Enterprise Server checks the status of the MySQL container before attempting a SQL query. The timeout duration has also been reduced. 
--- a/data/release-notes/enterprise-server/3-7/9.yml
+++ b/data/release-notes/enterprise-server/3-7/9.yml
@ -0,0 +1,28 @@
+date: '2023-04-18'
+sections:
+  bugs:
+    - |
+      On an instance with GitHub Actions enabled, nested calls to reusable workflows within a reusable workflow job with a matrix correctly evaluate contexts within expressions, like `strategy: {% raw %}${{ inputs.strategies }}{% endraw %}`. 
+    - Download requests for Git LFS objects did not complete until reporting the final download size, which affected the latency of these requests, particularly on an instance with nodes functioning as repository caches. 
+    - For instances with both GitHub Connect and automatic access to GitHub.com actions enabled, Dependabot would fail to update actions hosted on GitHub.com. 
+    - In some cases on an instance with a GitHub Advanced Security license, users could not load the security analysis page and saw a `500` error. 
+    - On an instance with GitHub Connect enabled, if "Users can search GitHub.com" was enabled, issues in private and internal repositories were not included in users search results for GitHub.com. 
+    - After restoration of a deleted organization, the organization did not appear in the instance's list of organizations. 
+    - |
+      Collectd logs could grow rapidly in size due to the inclusion of `kredz.*` metrics, which can't be parsed by StatsD and resulted in error messages. 
+    - Dropped `launch.*` metrics that cant be parsed by statsd, as the resulting statsd errors caused collectd logs to grow rapidly in size. 
+  changes:
+    - If a site administrator provides an invalid configuration for blob storage for GitHub Actions or GitHub Packages on an instance, the preflight checks page displays details and troubleshooting information. 
+  known_issues:
+    - |
+      Custom firewall rules are removed during the upgrade process.
+    - |
+      The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - |
+      {% data reusables.release-notes.babeld-max-threads-performance-issue %}
+    - |
+      In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
+    - |
+      {% data reusables.release-notes.repository-inconsistencies-errors %}
+    - |
+      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
--- a/data/release-notes/enterprise-server/3-8/2.yml
+++ b/data/release-notes/enterprise-server/3-8/2.yml
@ -0,0 +1,35 @@
+date: '2023-04-18'
+sections:
+  bugs:
+    - |
+      On an instance with GitHub Actions enabled, nested calls to reusable workflows within a reusable workflow job with a matrix correctly evaluate contexts within expressions, like `strategy: {% raw %}${{ inputs.strategies }}{% endraw %}`.
+    - Download requests for Git LFS objects did not complete until reporting the final download size, which affected the latency of these requests, particularly on an instance with nodes functioning as repository caches. 
+    - On an instance in a high availability configuration, a `git push` operation could fail if GitHub Enterprise Server was simultaneously creating the repository on a replica node. 
+    - |
+      When a site administrator ran `ghe-btop` via SSH, the command did not run and a `/usr/bin/env: python3: No such file or directory` error occurred. 
+    - Site administrators who prepared to enable GitHub Actions could not run the `ghe-actions-precheck` utility because the scripts file was not executable. 
+    - In some cases on an instance with a GitHub Advanced Security license, users could not load the security analysis page and saw a `500` error. 
+    - On an instance with GitHub Connect enabled, if "Users can search GitHub.com" was enabled, issues in private and internal repositories were not included in users search results for GitHub.com. 
+    - After restoration of a deleted organization, the organization did not appear in the instance's list of organizations. 
+    - |
+      After a site administrator exported a migration archive to AWS S3 using GitHub Enterprise Importer's `gh-migrator` utility, the URL for the archive was inaccessible. 
+    - |
+      If a site administrator exported a migration archive to a bucket in AWS S3s us-east-1 region using GitHub Enterprise Importer's `gh-migrator` utility, the archive was inaccessible. 
+    - |
+      Collectd logs could grow rapidly in size due to the inclusion of `kredz.*` metrics, which can't be parsed by StatsD and resulted in error messages. 
+  changes:
+    - If a site administrator provides an invalid configuration for blob storage for GitHub Actions or GitHub Packages on an instance, the preflight checks page displays details and troubleshooting information. 
+    - |
+      After a site administrator exports a migration archive using GitHub Enterprise Importer's `gh-migrator` utility, the link to the archive remains accessible for 48 hours instead of one hour. 
+    - On an instance with a GitHub Advanced Security license, users who author custom patterns for secret scanning can provide expressions that must or must not match that are up to 2,000 characters. This limit is an increase from 1,000 characters. 
+  known_issues:
+    - |
+      Custom firewall rules are removed during the upgrade process.
+    - |
+      The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - |
+      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+    - |
+      {% data reusables.release-notes.ghe-cluster-config-apply-error %}
+    - |
+      If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](https://docs.github.com/en/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]