forked from github/docs
-
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request github#35219 from github/repo-sync
Repo sync
- Loading branch information
Showing
122 changed files
with
4,477 additions
and
2,463 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# This file is a template for what your untracked .env file might look like for local development. | ||
# Please copy this to a new .env file and fill in the values as needed. | ||
|
||
# Requires a running local Elasticsearch service. Can be started via Docker, see https://github.com/github/docs-engineering/blob/main/docs/elasticsearch/elasticsearch-locally.md | ||
# When this value is unset searches will be proxied to the production Elasticsearch endpoint | ||
ELASTICSEARCH_URL=http://localhost:9200 | ||
|
||
# Set for sending events in local development. See https://github.com/github/docs-engineering/blob/main/docs/analytics/hydro-mock.md | ||
HYDRO_ENDPOINT= | ||
HYDRO_SECRET= | ||
|
||
# Localization variables | ||
# See https://github.com/github/docs-internal/tree/main/src/languages#working-with-translated-content-locally | ||
ENABLED_LANGUAGES= | ||
TRANSLATIONS_ROOT= | ||
|
||
# For running the src/search/scripts/scrape script | ||
# You may want a lower value depending on your CPU | ||
BUILD_RECORDS_MAX_CONCURRENT=100 | ||
BUILD_RECORDS_MIN_TIME= | ||
|
||
# Set to true to enable the /fastly-cache-test route for debugging Fastly headers | ||
ENABLE_FASTLY_TESTING= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
date: '2024-11-07' | ||
sections: | ||
security_fixes: | ||
- | | ||
**HIGH**: An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing unauthorized provisioning of users and access to the instance, by exploiting an improper verification of cryptographic signatures vulnerability in GitHub Enterprise Server. This is a follow up fix for [CVE-2024-9487](https://www.cve.org/cverecord?id=CVE-2024-9487) to further harden the encrypted assertions feature against this type of attack. Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO, or utilizing SAML SSO authentication without encrypted assertions, are not impacted. Additionally, an attacker would require direct network access as well as a signed SAML response or metadata document to exploit this vulnerability. | ||
known_issues: | ||
- | | ||
Custom firewall rules are removed during the upgrade process. | ||
- | | ||
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. | ||
- | | ||
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." | ||
- | | ||
The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. | ||
- | | ||
{% data reusables.release-notes.2023-11-aws-system-time %} | ||
- | | ||
On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. | ||
- | | ||
{% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} | ||
- | | ||
{% data reusables.release-notes.large-adoc-files-issue %} | ||
- | | ||
{% data reusables.release-notes.2024-01-haproxy-upgrade-causing-increased-errors %} | ||
- | | ||
The `reply.[HOSTNAME]` subdomain is falsely always displaying as having no SSL and DNS record, when testing the domain settings via the Management Console without subdomain isolation. | ||
- | | ||
Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. | ||
- | | ||
{% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} | ||
- | | ||
When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. | ||
- | | ||
Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run. |
Oops, something went wrong.