diff --git a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-applications.md b/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-applications.md index b2c8c7f69532..3e6836664214 100644 --- a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-applications.md +++ b/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-applications.md @@ -6,7 +6,6 @@ redirect_from: - /enterprise/admin/configuration/configuring-applications - /admin/configuration/configuring-applications - /admin/configuration/configuring-your-enterprise/configuring-applications - - /admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps versions: ghes: '*' type: how_to @@ -40,17 +39,11 @@ You can enable a retention policy for checks, actions, and associated data by se {% endif %} {% ifversion azure-maps %} +{% ifversion ghes < 3.13 %} ## Enabling interactive maps -You can allow users to create interactive maps using GeoJSON or TopoJSON syntax. For more information, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-geojson-and-topojson-maps)." +You can enable the display of interactive maps in the web interface for users of {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)." -To enable interactive maps on {% data variables.location.product_location %}, you must enable the feature and provide a public authentication token for Azure. For more information, see [Authentication with Azure Maps](https://learn.microsoft.com/en-us/azure/azure-maps/azure-maps-authentication) in the Microsoft Docs. - -{% data reusables.enterprise_site_admin_settings.access-settings %} -{% data reusables.enterprise_site_admin_settings.management-console %} -1. In the "Settings" sidebar, click **Privacy**. -1. To enable interactive maps, select "Enable GeoJSON rendering". -1. To configure authentication, under "Azure Maps API Token", paste your token. -{% data reusables.enterprise_management_console.save-settings %} +{% endif %} {% endif %} diff --git a/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md b/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md new file mode 100644 index 000000000000..f93e005249f2 --- /dev/null +++ b/content/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md @@ -0,0 +1,139 @@ +--- +title: Configuring interactive maps +intro: 'You can enable the display of interactive maps in the web interface for {% data variables.location.product_location %}.' +shortTitle: Configure interactive maps +permissions: "People with access to the {% data variables.enterprise.management_console %} can configure interactive maps." +versions: + feature: azure-maps +type: how_to +topics: + - Enterprise +--- + +## About interactive maps + +You can allow users of {% data variables.location.product_location %} to create interactive maps using GeoJSON or TopoJSON syntax. For more information about creation of interactive maps, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-geojson-and-topojson-maps)." + +To enable interactive maps, you must provide authentication credentials for Azure Maps. + +{% ifversion azure-maps-auth-2023 %} +{% ifversion ghes < 3.13 %} + +{% warning %} + +**Warning**: Authentication with Azure Maps using an API token is deprecated in {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.7 %}19{% elsif ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} and later. If you upgrade to the latest release of {% data variables.product.product_name %} on an instance already configured to authenticate with an API token, interactive maps will be disabled. You must reconfigure authentication using role-based access control (RBAC) for an application on an Entra ID tenant. {% data reusables.enterprise.azure-maps-auth-deprecation-link %} + +{% endwarning %} + +{% endif %} +{% endif %} + +## Prerequisites + +{% ifversion azure-maps-auth-2023 %} + +{% ifversion ghes < 3.12 %} + +The following prerequisites apply if your instance runs {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.7 %}19{% elsif ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later. + +{% endif %} + +- To configure interactive maps for your instance, you must have {% ifversion azure-maps-auth-2023 %}administrative access to a tenant in Microsoft Entra ID. For more information, contact the administrator for Microsoft resources at your company, or see [Quickstart: Create a new tenant in Microsoft Entra ID](https://learn.microsoft.com/entra/fundamentals/create-new-tenant) in the Entra ID documentation{% else %}an API token for Azure Maps{% endif %}. + +- You must know the tenant ID for your tenant in Entra ID. For more information, see [Get subscription and tenant IDs in the Azure portal](https://learn.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-microsoft-entra-tenant) in the Azure documentation. + +- Your instance must be able to access https://login.microsoftonline.com. + +{% endif %} + +{% ifversion ghes < 3.12 %} + +If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.product_name %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.product_name %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.7 %}18{% elsif ghes = 3.8 %}11{% elsif ghes = 3.9 %}6{% elsif ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, you must provide an API token for Azure Maps instead. + +{% data reusables.enterprise.azure-maps-auth-warning %} + +{% endif %} + +{% ifversion azure-maps-auth-2023 %} + +## Generating credentials for Azure Maps + +{% ifversion ghes < 3.12 %} + +To configure authentication for Azure Maps using RBAC, your instance must run {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.7 %}19{% elsif ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later. + +{% endif %} + +To generate credentials for Azure Maps, you must create an application for your tenant in Entra ID, provide the application access to an Azure Maps account, and configure role-based access control (RBAC). + +1. Register a new application on your Entra ID tenant. For more information, see [Quickstart: Register an application with the Microsoft identity platform](https://learn.microsoft.com/entra/identity-platform/quickstart-register-app#register-an-application) in the Entra documentation. + + - When you specify supported account types, select **Accounts in this organizational directory only**. +1. Add a client secret. For more information, see [Quickstart: Register an application with the Microsoft identity platform](https://learn.microsoft.com/entra/identity-platform/quickstart-register-app#add-a-client-secret) in the Entra documentation. +1. Store the value of the secret in a secure location that you can reference when you configure authentication on {% data variables.location.product_location %}. Entra will never display the value after you leave the page. +1. Configure access to the secret by Azure Maps. + + 1. While viewing the details for the application you configured on your Entra ID tenant, in the left-hand sidebar, click **API permissions**. + 1. Click **Add a permission**. + 1. Click **Azure Maps**. + 1. Select **Delegated permissions**. + 1. Under "Select permissions", select "`user_impersonation`". + 1. To save the permissions, click **Add permissions**. +1. Sign into an Azure Maps account. If you don't have an account, you can create one. For more information, see the [Azure Maps Account](https://www.microsoft.com/maps/azure/get-started) website. +1. Configure RBAC for Azure Maps. For more information, see [Authentication with Azure Maps](https://learn.microsoft.com/azure/azure-maps/azure-maps-authentication#authorization-with-role-based-access-control) and [Assign Azure roles using the Azure portal](https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal) in the Azure documentation. + + - On your Entra ID tenant, from **Access control (IAM)**, you must assign the role of "Azure Maps Data Reader" to "User, group, or service principal", select the application you created earlier in these instructions, and complete the form. + +{% endif %} + +## Enabling interactive maps + +{% ifversion azure-maps-auth-2023 %} + +After you create an application on your Entra ID tenant and generate a secret for the use of Azure Maps, you can configure interactive maps on {% data variables.location.product_location %}. + +{% endif %} + +{% data reusables.enterprise_site_admin_settings.access-settings %} +{% data reusables.enterprise_site_admin_settings.management-console %} +{% data reusables.enterprise_management_console.privacy %} +1. To enable interactive maps, select "Enable GeoJSON rendering". +1. Generate a 32-character string to use as a secret to prevent cross-site request forgery (CSRF). For example, you can access the administrative shell and use `openssl` on {% data variables.location.product_location %} to generate a string. For more information, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/accessing-the-administrative-shell-ssh)." + + ```shell copy + openssl rand -hex 32 + ``` + + Store the string in a secure location that you can reference in the next step. +{%- ifversion azure-maps-auth-2023 %} +1. {% ifversion ghes > 3.11 %}Below the headings, type or paste{% else %}Enter{% endif %} your authentication details for Azure Maps. + + {%- ifversion ghes < 3.11 %} + - If your instance runs {% ifversion ghes < 3.11 %}a release of {% data variables.product.product_name %} in the {{ allVersions[currentVersion].currentRelease }} series earlier than {% else %}{% data variables.product.product_name %} {% endif %}{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.7 %}18{% elsif ghes = 3.8 %}11{% elsif ghes = 3.9 %}6{% elsif ghes = 3.10 %}3{% elsif ghes = 3.11 %}0{% endif %}, below "Azure Maps API Token", type or paste your token. + + {% data reusables.enterprise.azure-maps-auth-warning %} + - If your instance runs {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.7 %}19{% elsif ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later, below the headings, type or paste the following information. + + {%- endif %} + - Optionally, to change the style of rendered maps, under "Basemap ID", type the ID for the style you'd like to use. + - Under the headings, type or paste your authentication details. + + | Value | Description | More information | + | :- | :- | :- | + | Azure Map Client ID | Client ID for your Azure Maps account | [Manage authentication in Azure Maps](https://learn.microsoft.com/azure/azure-maps/how-to-manage-authentication#view-authentication-details) in the Azure documentation | + | Azure App Client ID | Application (client) ID for the application you created on your Entra ID tenant | [Create a Microsoft Entra application and service principal that can access resources](https://learn.microsoft.com/entra/identity-platform/howto-create-service-principal-portal#sign-in-to-the-application) in the Entra documentation | + | Azure Tenant ID | ID for your tenant on Entra ID | "[Prerequisites](#prerequisites)" | + | Azure App Client Secret | Client secret that you generated for the application on your Entra ID tenant | "[Generating credentials for Azure Maps](#generating-credentials-for-azure-maps)" + | CSRF Secret | 32-character string to prevent CSRF attacks | See previous step. | +{%- else %} +1. To configure authentication, under "Azure Maps API Token", paste your token. +{%- endif %} +{% data reusables.enterprise_management_console.save-settings %} + +## Disabling interactive maps + +{% data reusables.enterprise_site_admin_settings.access-settings %} +{% data reusables.enterprise_site_admin_settings.management-console %} +{% data reusables.enterprise_management_console.privacy %} +1. To disable interactive maps, deselect "Enable GeoJSON rendering". +{% data reusables.enterprise_management_console.save-settings %} diff --git a/content/admin/configuration/configuring-user-applications-for-your-enterprise/index.md b/content/admin/configuration/configuring-user-applications-for-your-enterprise/index.md index 990e05ab53fd..2bd46ab15dde 100644 --- a/content/admin/configuration/configuring-user-applications-for-your-enterprise/index.md +++ b/content/admin/configuration/configuring-user-applications-for-your-enterprise/index.md @@ -14,6 +14,7 @@ children: - /configuring-github-pages-for-your-enterprise - /configuring-rate-limits - /configuring-web-commit-signing + - /configuring-interactive-maps - /managing-github-mobile-for-your-enterprise - /verifying-or-approving-a-domain-for-your-enterprise diff --git a/data/features/azure-maps-auth-2023.yml b/data/features/azure-maps-auth-2023.yml new file mode 100644 index 000000000000..2b2c2276582a --- /dev/null +++ b/data/features/azure-maps-auth-2023.yml @@ -0,0 +1,4 @@ +# Reference: #12932 +# Changes to authentication for configuration of interactive maps from Azure on a GHES instance +versions: + ghes: '>= 3.7' diff --git a/data/release-notes/enterprise-server/3-10/4.yml b/data/release-notes/enterprise-server/3-10/4.yml new file mode 100644 index 000000000000..3cb27a147a67 --- /dev/null +++ b/data/release-notes/enterprise-server/3-10/4.yml @@ -0,0 +1,169 @@ +date: '2023-12-21' +intro: | + {% warning %} + + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.10.4-known-issues)" section of these release notes. + + {% endwarning %} +sections: + security_fixes: + - | + **HIGH**: An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of private mode by using a specially crafted API request. Private mode is the mechanism that enforces authentication for publicly-scoped resources. For more information, see "[AUTOTITLE](/admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode)." + + This vulnerability would allow unauthenticated attackers to gain access to various types of resources set as public on the instance. To exploit this vulnerability, an attacker would need network access to the GitHub Enterprise Server instance configured in private mode. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-6847](https://www.cve.org/cverecord?id=CVE-2023-6847). + - | + **HIGH**: An attacker with access to a Management Console user account with the editor role could escalate privileges by making requests to the endpoint used for bootstrapping the instance, and then reset the root site administrator password. GitHub has requested CVE ID [CVE-2023-46647](https://nvd.nist.gov/vuln/detail/CVE-2023-46647) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server backend service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server instance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. GitHub has requested CVE ID [CVE-2023-6746](https://nvd.nist.gov/vuln/detail/CVE-2023-6746) for this vulnerability. + - | + **MEDIUM:** Due to an insufficient entropy vulnerability, an attacker could brute force a user invitation to the Management Console. To exploit this vulnerability, an attacker would have needed knowledge that a user invitation was pending. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-46648](https://www.cve.org/CVERecord?id=CVE-2023-46648). + - | + **MEDIUM**: Due to an improper access control, an attacker could view private repository names by enumerating check run IDs with the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content other than the name. GitHub has requested CVE ID [CVE-2023-46646](https://nvd.nist.gov/vuln/detail/CVE-2023-46646) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM:** An attacker could maintain admin access to a transferred repository in a race condition by making a GraphQL mutation to alter repository permissions during the transfer. GitHub has requested CVE ID [CVE-2023-6690](https://nvd.nist.gov/vuln/detail/CVE-2023-6690) for this vulnerability, which reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped personal access token. To exploit this, a workflow must have already existed in the target repository. GitHub has requested CVE ID [CVE-2023-6804](https://nvd.nist.gov/vuln/detail/CVE-2023-6804) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required `contents.write` and `issues.read` permissions. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51379](https://www.cve.org/CVERecord?id=CVE-2023-51379). + - | + **MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be read with an improperly scoped token. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51380](https://www.cve.org/CVERecord?id=CVE-2023-51380). + - | + **LOW:** Pre-receive hooks have been further hardened against shell command injections. + - | + **LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)." + - | + To address scenarios that could lead to denial of service, HAProxy has been upgraded to version 2.8.4. + - | + Packages have been updated to the latest security versions. + bugs: + - | + In rare cases, on an instance with GitHub Actions enabled, a failed check on a deleted repository could cause upgrades to a new version of GitHub Enterprise Server to fail. + - | + On an instance in a high availability configuration, site administrators using the `ghe-repl-status` command-line utility may have seen a status of `UNKNOWN` for the MSSQL service. + - | + When an administrator ran the `ghe-support-bundle` or `ghe-cluster-support-bundle` command, the `-p` flag did not produce bundles with log durations as specified. The duration period can now only be specified in `days`. Additionally, unnecessary files were sanitized by the commands. + - | + On an instance with GitHub Actions enabled, some maintenance tasks could fail due to incomplete upgrade steps during previous upgrades to new releases of GitHub Enterprise Server. + - | + On an instance in a cluster configuration, site administrators using the `ghe-config-apply` utility may have seen the extraneous message "Error: Server closed the connection" in the logs for the utility. + - | + Some OAuth applications did not have device code flow (DCF) explicitly enabled, which prevented DCF from running correctly. + - | + On an instance in a cluster configuration, upgrades could fail due to a background job running during database migration. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, site administrators using the `ghe-secret-scanning` command would not see a relevant error message if their input was invalid. + - | + On an instance in a high availability configuration, the `ghe-repl-teardown` command failed when provided with a UUID. + - | + Support for authenticating to GitHub Enterprise Server from Visual Studio Code with a device code was unintentionally disabled. + - | + In some environments, stale `.backup` log files could accumulate in the system. + - | + On an instance hosted on AWS, when configuring GitHub Packages, virtual-hosted-style AWS S3 URLs would default to path-style URLs if a `region-code` was included. For more information, see [Virtual hosting of buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html) in the AWS documentation. + - | + In some cases, when an administrator uploaded a custom TLS certificate, the certificate was not correctly installed on the instance. + - | + Because the `|` character was not permitted, administrators could not add an SMTP username to authenticate with the Azure Communication Service. + - | + On an instance with a GitHub Advanced Security license, users with the security manager role could not update custom links for push protection using the REST API. + - | + On an instance with the dependency graph enabled, some security products were not automatically enabled for new public repositories. + - | + Pull request review threads at the file level, rather than the individual line level, were not included in exports from `ghe-migrator` or the Organization Migrations API. + - | + Some responses from the REST API included an incorrect URL in the `link` header. + - | + After importing a migration archive using `ghe-migrator` or REST API endpoints for organization migrations, in some cases, some review comments within pull requests were not associated with lines of code. + - | + In some cases, `/stafftools/users/:login` incorrectly displayed trade screening information. + - | + Deprecated `resource_activity` jobs were not processed and accumulated over time in the queue, causing possible memory issues. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, secret scanning alert emails were sent to organization owners even if their email address did not comply with domain restrictions. + - | + After a user started a repository transfer, if another user viewed the repository before the transfer finished, the repository overview rendered incorrectly. + - | + On an instance with GitHub Connect and unified search enabled, users trying to view the unified search code results would get a 500 error. + - | + On some instances, the user interface displayed a codespace button, even though GitHub Codespaces is not supported on GitHub Enterprise Server. + - | + On an instance with GitHub Actions enabled, users occasionally got a 500 error when viewing a job with a pending deployment. + - | + On an instance with GitHub Actions enabled, an issue with `GH_TOKEN` sometimes prevented GitHub Pages sites from building successfully in workflows. + - | + An administrator could enable GitHub Connect on an instance with a license that does not support GitHub Connect. + - | + On an instance GitHub Connect enabled, some system users were incorrectly counted as consuming a license following license sync. + - | + The enterprise account pages on some installations rendered very slowly. + - | + A user in the process of being converted into an organization could be added as a collaborator on a repository. This resulted in the new organizations owners unexpectedly receiving access to the repository. + - | + When using `ghe-migrator` to import repositories into GitHub Enterprise Server, the `conflicts` and `audit` subcommands produced an invalid CSV file due to an extra log line appended to the file. + - | + Pre-receive hook failures were not visible in the administrator audit log. + - | + Running `ghe-spokesctl gov info` without any arguments caused a `panic` response. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, dry runs sometimes incorrectly reported no results for custom patterns. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, webhooks for alert locations did not contain information about push protection bypasses. + - | + On an instance with a GitHub Advanced Security license, code scanning would report an incorrect number of files scanned on the "Tools" status page. + changes: + - | + On an instance with Dependabot updates enabled, Dependabot relies on the node installation provided by the actions runner instead of dynamically downloading. + - | + When adding a node to an instance, performance is improved during initial database replication. + - | + An administrator can run the new `ghe-check-background-upgrade-jobs` command to ensure all upgrade jobs that run in the background have finished. This allows the administrator to know when they can start the next upgrade to their GitHub Enterprise Server instance. + - | + To avoid negative effects on disk utilization, `babeld` log files have a maximum size of 15 GB. + - | + To improve reliability of release uploads in low-bandwidth environments, the time-to-live (TTL) value of the token for uploading release assets has increased from 1 hour to 3 hours. + - | + When using `ghe-migrator prepare` to import an archive, a missing `schema.json` file results in an `UnsupportedArchive` error rather than an `UnsupportedSchemaVersion` error. + - | + The audit log now tracks all failed password attempts individually. Previously, duplicate failed password attempts in sequence within the same day would be grouped into one failed password attempt, with a `count` field. + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. + - | + The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. + - | + {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} + - | + {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %} + - | + {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} + - | + {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %} + - | + After an administrator enables maintenance mode from the instance's Management Console UI using Firefox, the administrator is redirected to the Settings page, but maintenance mode is not enabled. To work around this issue, use a different browser. + - | + On an instance hosted in AWS, system time may lose synchronization with Amazon's servers after an administrator reboots the instance. + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} + - | + {% data reusables.release-notes.2023-10-actions-upgrade-bug %} + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Restoring backups with `ghe-restore` on a GHES cluster will exit prematurely if `redis` has not restarted properly. + deprecations: + - heading: Interactive maps in the web UI no longer allow authentication using an Azure Maps API key + notes: + - | + To allow users to render interactive maps in an instance's web UI by writing GeoJSON or TopoJSON syntax, GitHub Enterprise Server previously required a potentially unsecure API key for authentication with Azure Maps. If an administrator previously enabled interactive maps on an instance, the feature is disabled upon upgrade to this release. + + To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)" and the security fixes for this release. diff --git a/data/release-notes/enterprise-server/3-11/0.yml b/data/release-notes/enterprise-server/3-11/0.yml index 902038a472f3..f3926c146f86 100644 --- a/data/release-notes/enterprise-server/3-11/0.yml +++ b/data/release-notes/enterprise-server/3-11/0.yml @@ -299,6 +299,14 @@ sections: Users create can create issues in a project view that's grouped by repository in the board layout by clicking "Create new issue", or by starting to type the issue's title. known_issues: + - | + An upgrade to GitHub Enterprise Server 3.11.0 may fail, hanging on the "Reloading system services" screen. The following error will appear in `/var/log/syslog`. + + ```text + agent: Error starting agent: error="Failed to start Consul server: Failed to start Raft: failed to load any existing snapshots" + ``` + + This issue is resolved in GitHub Enterprise Server 3.11.1. When upgrading to a release in the 3.11 series, upgrade to 3.11.1 or later. [Updated 2023-12-21] - | Custom firewall rules are removed during the upgrade process. - | diff --git a/data/release-notes/enterprise-server/3-11/1.yml b/data/release-notes/enterprise-server/3-11/1.yml new file mode 100644 index 000000000000..85ef55abcba4 --- /dev/null +++ b/data/release-notes/enterprise-server/3-11/1.yml @@ -0,0 +1,95 @@ +date: '2023-12-21' +sections: + security_fixes: + - | + **HIGH**: An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of private mode by using a specially crafted API request. Private mode is the mechanism that enforces authentication for publicly-scoped resources. For more information, see "[AUTOTITLE](/admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode)." + + This vulnerability would allow unauthenticated attackers to gain access to various types of resources set as public on the instance. To exploit this vulnerability, an attacker would need network access to the GitHub Enterprise Server instance configured in private mode. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-6847](https://www.cve.org/cverecord?id=CVE-2023-6847). + - | + **HIGH**: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-46645](https://www.cve.org/cverecord?id=CVE-2023-46645). + - | + **MEDIUM**: Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped personal access token. To exploit this, a workflow must have already existed in the target repository. GitHub has requested CVE ID [CVE-2023-6804](https://nvd.nist.gov/vuln/detail/CVE-2023-6804) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required `contents.write` and `issues.read` permissions. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51379](https://www.cve.org/CVERecord?id=CVE-2023-51379). + - | + **MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be read with an improperly scoped token. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51380](https://www.cve.org/CVERecord?id=CVE-2023-51380). + - | + **LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)." + - | + To address scenarios that could lead to denial of service, HAProxy has been upgraded to version 2.8.4. + - | + Packages have been updated to the latest security versions. + bugs: + - | + In rare cases, on an instance with GitHub Actions enabled, a failed check on a deleted repository could cause upgrades to a new version of GitHub Enterprise Server to fail. + - | + Error messages were not shown when `ghe-config-apply` encountered specific kinds of errors. + - | + In some environments, stale `.backup` log files could accumulate in the system. + - | + On an instance hosted on AWS, when configuring GitHub Packages, virtual-hosted-style AWS S3 URLs would default to path-style URLs if a `region-code` was included. For more information, see [Virtual hosting of buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html) in the AWS documentation. + - | + In some cases, when an administrator uploaded a custom TLS certificate, the certificate was not correctly installed on the instance. + - | + Because the `|` character was not permitted, administrators could not add an SMTP username to authenticate with the Azure Communication Service. + - | + In some cases, upgrades to GitHub Enterprise Server 3.11 could fail due to the Consul server failing to start. + - | + Endpoints for the REST API's Manage GitHub Enterprise Server operation returned `internal service error` if `cluster.conf` was not found on the instance. + - | + On an instance with GitHub Actions enabled, an issue with `GH_TOKEN` sometimes prevented GitHub Pages sites from building successfully in workflows. + - | + An administrator could enable GitHub Connect on an instance with a license that does not support GitHub Connect. + - | + On an instance GitHub Connect enabled, some system users were incorrectly counted as consuming a license following license sync. + - | + A user in the process of being converted into an organization could be added as a collaborator on a repository. This resulted in the new organizations owners unexpectedly receiving access to the repository. + - | + When using `ghe-migrator` to import repositories into GitHub Enterprise Server, the `conflicts` and `audit` subcommands produced an invalid CSV file due to an extra log line appended to the file. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, dry runs sometimes incorrectly reported no results for custom patterns. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, webhooks for alert locations did not contain information about push protection bypasses. + changes: + - | + On an instance with Dependabot updates enabled, Dependabot relies on the node installation provided by the actions runner instead of dynamically downloading. + - | + To avoid negative effects on disk utilization, `babeld` log files have a maximum size of 15 GB. + - | + When using `ghe-migrator prepare` to import an archive, a missing `schema.json` file results in an `UnsupportedArchive` error rather than an `UnsupportedSchemaVersion` error. + - | + The audit log now tracks all failed password attempts individually. Previously, duplicate failed password attempts in sequence within the same day would be grouped into one failed password attempt, with a `count` field. + - | + On an instance in a cluster configuration, administrators can identify the repository networks or gists that are common across a specified set of storage nodes using the `spokesctl find-on-replicas` command. + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. + - | + The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. + - | + On an instance hosted in AWS, system time may lose synchronization with Amazon's servers after an administrator reboots the instance. + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + {% data reusables.release-notes.2023-11-cluster-ha-failover-git-push-failure %} + - | + Restoring backups with `ghe-restore` on a GHES cluster will exit prematurely if `redis` has not restarted properly. + deprecations: + - heading: Interactive maps in the web UI no longer allow authentication using an Azure Maps API key + notes: + - | + To allow users to render interactive maps in an instance's web UI by writing GeoJSON or TopoJSON syntax, GitHub Enterprise Server previously required a potentially unsecure API key for authentication with Azure Maps. If an administrator previously enabled interactive maps on an instance, the feature is disabled upon upgrade to this release. + + To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)" and the security fixes for this release. diff --git a/data/release-notes/enterprise-server/3-7/19.yml b/data/release-notes/enterprise-server/3-7/19.yml new file mode 100644 index 000000000000..c88501f06e87 --- /dev/null +++ b/data/release-notes/enterprise-server/3-7/19.yml @@ -0,0 +1,83 @@ +date: '2023-12-21' +sections: + security_fixes: + - | + **MEDIUM**: An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server backend service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server instance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. GitHub has requested CVE ID [CVE-2023-6746](https://nvd.nist.gov/vuln/detail/CVE-2023-6746) for this vulnerability. + - | + **MEDIUM**: Due to an improper access control, an attacker could view private repository names by enumerating check run IDs with the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content other than the name. GitHub has requested CVE ID [CVE-2023-46646](https://nvd.nist.gov/vuln/detail/CVE-2023-46646) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required `contents.write` and `issues.read` permissions. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51379](https://www.cve.org/CVERecord?id=CVE-2023-51379). + - | + **LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)." + - | + Packages have been updated to the latest security versions. + bugs: + - | + When an administrator ran the `ghe-support-bundle` or `ghe-cluster-support-bundle` command, the `-p` flag did not produce bundles with log durations as specified. The duration period can now only be specified in `days`. Additionally, unnecessary files were sanitized by the commands. + - | + On an instance in a cluster configuration, upgrades could fail due to a background job running during database migration. + - | + On an instance in a high availability configuration, the `ghe-repl-teardown` command failed when provided with a UUID. + - | + In some environments, stale `.backup` log files could accumulate in the system. + - | + On an instance hosted on AWS, when configuring GitHub Packages, virtual-hosted-style AWS S3 URLs would default to path-style URLs if a `region-code` was included. For more information, see [Virtual hosting of buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html) in the AWS documentation. + - | + Because the `|` character was not permitted, administrators could not add an SMTP username to authenticate with the Azure Communication Service. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, site administrators using the `ghe-secret-scanning` command would not see a relevant error message if their input was invalid. + - | + After importing a migration archive using `ghe-migrator` or REST API endpoints for organization migrations, in some cases, some review comments within pull requests were not associated with lines of code. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, secret scanning alert emails were sent to organization owners even if their email address did not comply with domain restrictions. + - | + A missing executable on the PATH caused the `ghe-spokesctl ssh` command to fail. + - | + On an instance GitHub Connect enabled, some system users were incorrectly counted as consuming a license following license sync. + - | + A user in the process of being converted into an organization could be added as a collaborator on a repository. This resulted in the new organizations owners unexpectedly receiving access to the repository. + - | + Pre-receive hook failures were not visible in the administrator audit log. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, dry runs sometimes incorrectly reported no results for custom patterns. + changes: + - | + When adding a node to an instance, performance is improved during initial database replication. + - | + An administrator can run the new `ghe-check-background-upgrade-jobs` command to ensure all upgrade jobs that run in the background have finished. This allows the administrator to know when they can start the next upgrade to their GitHub Enterprise Server instance. + - | + When using `ghe-migrator prepare` to import an archive, a missing `schema.json` file results in an `UnsupportedArchive` error rather than an `UnsupportedSchemaVersion` error. + - | + As a security measure, GitHub Pages does not build sites that contain symbolic links except when using custom GitHub Actions workflows. When the page builder encounters a symbolic link, the build will fail with an error indicating that the symbolic link should be dereferenced. Custom workflows for GitHub Pages are available in GitHub Enterprise Server 3.7 and later. + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues. + - | + In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality. + - | + Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter. + - | + {% data reusables.release-notes.repository-inconsistencies-errors %} + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. + - | + When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`. + - | + {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} + - | + On an instance hosted in AWS, system time may lose synchronization with Amazon's servers after an administrator reboots the instance. + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + Restoring backups with `ghe-restore` on a GHES cluster will exit prematurely if `redis` has not restarted properly. + deprecations: + - heading: Interactive maps in the web UI no longer allow authentication using an Azure Maps API key + notes: + - | + To allow users to render interactive maps in an instance's web UI by writing GeoJSON or TopoJSON syntax, GitHub Enterprise Server previously required a potentially unsecure API key for authentication with Azure Maps. If an administrator previously enabled interactive maps on an instance, the feature is disabled upon upgrade to this release. + + To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)" and the security fixes for this release. diff --git a/data/release-notes/enterprise-server/3-8/12.yml b/data/release-notes/enterprise-server/3-8/12.yml new file mode 100644 index 000000000000..5adae2c45d66 --- /dev/null +++ b/data/release-notes/enterprise-server/3-8/12.yml @@ -0,0 +1,115 @@ +date: '2023-12-21' +sections: + security_fixes: + - | + **HIGH**: An attacker with access to a Management Console user account with the editor role could escalate privileges by making requests to the endpoint used for bootstrapping the instance, and then reset the root site administrator password. GitHub has requested CVE ID [CVE-2023-46647](https://nvd.nist.gov/vuln/detail/CVE-2023-46647) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server backend service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server instance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. GitHub has requested CVE ID [CVE-2023-6746](https://nvd.nist.gov/vuln/detail/CVE-2023-6746) for this vulnerability. + - | + **MEDIUM:** Due to an insufficient entropy vulnerability, an attacker could brute force a user invitation to the Management Console. To exploit this vulnerability, an attacker would have needed knowledge that a user invitation was pending. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-46648](https://www.cve.org/CVERecord?id=CVE-2023-46648). + - | + **MEDIUM**: Due to an improper access control, an attacker could view private repository names by enumerating check run IDs with the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content other than the name. GitHub has requested CVE ID [CVE-2023-46646](https://nvd.nist.gov/vuln/detail/CVE-2023-46646) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped personal access token. To exploit this, a workflow must have already existed in the target repository. GitHub has requested CVE ID [CVE-2023-6804](https://nvd.nist.gov/vuln/detail/CVE-2023-6804) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM:** An attacker could maintain admin access to a transferred repository in a race condition by making a GraphQL mutation to alter repository permissions during the transfer. GitHub has requested CVE ID [CVE-2023-6690](https://nvd.nist.gov/vuln/detail/CVE-2023-6690) for this vulnerability, which reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required `contents.write` and `issues.read` permissions. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51379](https://www.cve.org/CVERecord?id=CVE-2023-51379). + - | + **LOW:** Pre-receive hooks have been further hardened against shell command injections. + - | + **LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)." + - | + Packages have been updated to the latest security versions. + bugs: + - | + In rare cases, on an instance with GitHub Actions enabled, a failed check on a deleted repository could cause upgrades to a new version of GitHub Enterprise Server to fail. + - | + When an administrator ran the `ghe-support-bundle` or `ghe-cluster-support-bundle` command, the `-p` flag did not produce bundles with log durations as specified. The duration period can now only be specified in `days`. Additionally, unnecessary files were sanitized by the commands. + - | + On an instance in a cluster configuration, upgrades could fail due to a background job running during database migration. + - | + On an instance in a high availability configuration, the `ghe-repl-teardown` command failed when provided with a UUID. + - | + In some environments, stale `.backup` log files could accumulate in the system. + - | + On an instance hosted on AWS, when configuring GitHub Packages, virtual-hosted-style AWS S3 URLs would default to path-style URLs if a `region-code` was included. For more information, see [Virtual hosting of buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html) in the AWS documentation. + - | + Because the `|` character was not permitted, administrators could not add an SMTP username to authenticate with the Azure Communication Service. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, site administrators using the `ghe-secret-scanning` command would not see a relevant error message if their input was invalid. + - | + On an instance with a GitHub Advanced Security license, users with the security manager role could not update custom links for push protection using the REST API. + - | + On an instance with the dependency graph enabled, some security products were not automatically enabled for new public repositories. + - | + Pull request review threads at the file level, rather than the individual line level, were not included in exports from `ghe-migrator` or the Organization Migrations API. + - | + After importing a migration archive using `ghe-migrator` or REST API endpoints for organization migrations, in some cases, some review comments within pull requests were not associated with lines of code. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, secret scanning alert emails were sent to organization owners even if their email address did not comply with domain restrictions. + - | + After a user started a repository transfer, if another user viewed the repository before the transfer finished, the repository overview rendered incorrectly. + - | + A missing executable on the PATH caused the `ghe-spokesctl ssh` command to fail. + - | + On an instance with GitHub Actions enabled, users occasionally got a 500 error when viewing a job with a pending deployment. + - | + An administrator could enable GitHub Connect on an instance with a license that does not support GitHub Connect. + - | + On an instance GitHub Connect enabled, some system users were incorrectly counted as consuming a license following license sync. + - | + A user in the process of being converted into an organization could be added as a collaborator on a repository. This resulted in the new organizations owners unexpectedly receiving access to the repository. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, dry runs sometimes incorrectly reported no results for custom patterns. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, webhooks for alert locations did not contain information about push protection bypasses. + changes: + - | + On an instance with Dependabot updates enabled, Dependabot relies on the node installation provided by the actions runner instead of dynamically downloading. + - | + When adding a node to an instance, performance is improved during initial database replication. + - | + An administrator can run the new `ghe-check-background-upgrade-jobs` command to ensure all upgrade jobs that run in the background have finished. This allows the administrator to know when they can start the next upgrade to their GitHub Enterprise Server instance. + - | + To avoid negative effects on disk utilization, `babeld` log files have a maximum size of 15 GB. + - | + To improve reliability of release uploads in low-bandwidth environments, the time-to-live (TTL) value of the token for uploading release assets has increased from 1 hour to 3 hours. + - | + When using `ghe-migrator prepare` to import an archive, a missing `schema.json` file results in an `UnsupportedArchive` error rather than an `UnsupportedSchemaVersion` error. + - | + The audit log now tracks all failed password attempts individually. Previously, duplicate failed password attempts in sequence within the same day would be grouped into one failed password attempt, with a `count` field. + - | + As a security measure, GitHub Pages does not build sites that contain symbolic links except when using custom GitHub Actions workflows. When the page builder encounters a symbolic link, the build will fail with an error indicating that the symbolic link should be dereferenced. Custom workflows for GitHub Pages are available in GitHub Enterprise Server 3.7 and later. + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. + - | + When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`. + - | + {% data reusables.release-notes.mermaid-rendering-known-issue %} + - | + {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} + - | + On an instance hosted in AWS, system time may lose synchronization with Amazon's servers after an administrator reboots the instance. + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} + - | + Restoring backups with `ghe-restore` on a GHES cluster will exit prematurely if `redis` has not restarted properly. + deprecations: + - heading: Interactive maps in the web UI no longer allow authentication using an Azure Maps API key + notes: + - | + To allow users to render interactive maps in an instance's web UI by writing GeoJSON or TopoJSON syntax, GitHub Enterprise Server previously required a potentially unsecure API key for authentication with Azure Maps. If an administrator previously enabled interactive maps on an instance, the feature is disabled upon upgrade to this release. + + To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)" and the security fixes for this release. diff --git a/data/release-notes/enterprise-server/3-9/7.yml b/data/release-notes/enterprise-server/3-9/7.yml new file mode 100644 index 000000000000..3df27a1d33ed --- /dev/null +++ b/data/release-notes/enterprise-server/3-9/7.yml @@ -0,0 +1,165 @@ +date: '2023-12-21' +intro: | + {% warning %} + + **Warning**: A change to MySQL in GitHub Enterprise Server 3.9 and later may impact the performance of your instance. Before you upgrade, make sure you've read the "[Known issues](#3.9.7-known-issues)" section of these release notes. + + {% endwarning %} +sections: + security_fixes: + - | + **HIGH**: An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of private mode by using a specially crafted API request. Private mode is the mechanism that enforces authentication for publicly-scoped resources. For more information, see "[AUTOTITLE](/admin/configuration/hardening-security-for-your-enterprise/enabling-private-mode)." + + This vulnerability would allow unauthenticated attackers to gain access to various types of resources set as public on the instance. To exploit this vulnerability, an attacker would need network access to the GitHub Enterprise Server instance configured in private mode. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-6847](https://www.cve.org/cverecord?id=CVE-2023-6847). + - | + **HIGH**: An attacker with access to a Management Console user account with the editor role could escalate privileges by making requests to the endpoint used for bootstrapping the instance, and then reset the root site administrator password. GitHub has requested CVE ID [CVE-2023-46647](https://nvd.nist.gov/vuln/detail/CVE-2023-46647) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server backend service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server instance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. GitHub has requested CVE ID [CVE-2023-6746](https://nvd.nist.gov/vuln/detail/CVE-2023-6746) for this vulnerability. + - | + **MEDIUM:** Due to an insufficient entropy vulnerability, an attacker could brute force a user invitation to the Management Console. To exploit this vulnerability, an attacker would have needed knowledge that a user invitation was pending. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-46648](https://www.cve.org/CVERecord?id=CVE-2023-46648). + - | + **MEDIUM**: Due to an improper access control, an attacker could view private repository names by enumerating check run IDs with the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content other than the name. GitHub has requested CVE ID [CVE-2023-46646](https://nvd.nist.gov/vuln/detail/CVE-2023-46646) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM:** An attacker could maintain admin access to a transferred repository in a race condition by making a GraphQL mutation to alter repository permissions during the transfer. GitHub has requested CVE ID [CVE-2023-6690](https://nvd.nist.gov/vuln/detail/CVE-2023-6690) for this vulnerability, which reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped personal access token. To exploit this, a workflow must have already existed in the target repository. GitHub has requested CVE ID [CVE-2023-6804](https://nvd.nist.gov/vuln/detail/CVE-2023-6804) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required `contents.write` and `issues.read` permissions. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51379](https://www.cve.org/CVERecord?id=CVE-2023-51379). + - | + **MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be read with an improperly scoped token. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51380](https://www.cve.org/CVERecord?id=CVE-2023-51380). + - | + **LOW:** Pre-receive hooks have been further hardened against shell command injections. + - | + **LOW:** To render interactive maps in an instance's web UI using Azure Maps, GitHub Enterprise Server has migrated from use of an unsecure Azure Maps API token to a more secure access token provided by role-based access control (RBAC) in Entra ID. After upgrading to this release, to re-enable interactive maps, an administrator must reconfigure authentication to Azure Maps in the Management Console. For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)." + - | + To address scenarios that could lead to denial of service, HAProxy has been upgraded to version 2.8.4. + - | + Packages have been updated to the latest security versions. + bugs: + - | + In rare cases, on an instance with GitHub Actions enabled, a failed check on a deleted repository could cause upgrades to a new version of GitHub Enterprise Server to fail. + - | + Threads in the Git proxy service `babeld` could crash while reading Git packet lines. + - | + When an administrator ran the `ghe-support-bundle` or `ghe-cluster-support-bundle` command, the `-p` flag did not produce bundles with log durations as specified. The duration period can now only be specified in `days`. Additionally, unnecessary files were sanitized by the commands. + - | + On an instance in a cluster configuration, site administrators using the `ghe-config-apply` utility may have seen the extraneous message "Error: Server closed the connection" in the logs for the utility. + - | + Some OAuth applications did not have device code flow (DCF) explicitly enabled, which prevented DCF from running correctly. + - | + On an instance in a cluster configuration, upgrades could fail due to a background job running during database migration. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, site administrators using the `ghe-secret-scanning` command would not see a relevant error message if their input was invalid. + - | + On an instance with GitHub Actions enabled, some maintenance tasks could fail due to incomplete upgrade steps during previous upgrades to new releases of GitHub Enterprise Server. + - | + On an instance in a high availability configuration, the `ghe-repl-teardown` command failed when provided with a UUID. + - | + Support for authenticating to GitHub Enterprise Server from Visual Studio Code with a device code was unintentionally disabled. + - | + In some environments, stale `.backup` log files could accumulate in the system. + - | + On an instance hosted on AWS, when configuring GitHub Packages, virtual-hosted-style AWS S3 URLs would default to path-style URLs if a `region-code` was included. For more information, see [Virtual hosting of buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html) in the AWS documentation. + - | + In some cases, when an administrator uploaded a custom TLS certificate, the certificate was not correctly installed on the instance. + - | + Because the `|` character was not permitted, administrators could not add an SMTP username to authenticate with the Azure Communication Service. + - | + On an instance with a GitHub Advanced Security license, users with the security manager role could not update custom links for push protection using the REST API. + - | + On an instance with the dependency graph enabled, some security products were not automatically enabled for new public repositories. + - | + Deprecated `resource_activity` jobs were not processed and accumulated over time in the queue, causing possible memory issues. + - | + Pull request review threads at the file level, rather than the individual line level, were not included in exports from `ghe-migrator` or the Organization Migrations API. + - | + After importing a migration archive using `ghe-migrator` or REST API endpoints for organization migrations, in some cases, some review comments within pull requests were not associated with lines of code. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, secret scanning alert emails were sent to organization owners even if their email address did not comply with domain restrictions. + - | + After a user started a repository transfer, if another user viewed the repository before the transfer finished, the repository overview rendered incorrectly. + - | + On an instance with GitHub Connect and unified search enabled, users trying to view the unified search code results would get a 500 error. + - | + On an instance with GitHub Actions enabled, users occasionally got a 500 error when viewing a job with a pending deployment. + - | + On an instance with GitHub Actions enabled, an issue with `GH_TOKEN` sometimes prevented GitHub Pages sites from building successfully in workflows. + - | + An administrator could enable GitHub Connect on an instance with a license that does not support GitHub Connect. + - | + On an instance GitHub Connect enabled, some system users were incorrectly counted as consuming a license following license sync. + - | + The enterprise account pages on some installations rendered very slowly. + - | + A user in the process of being converted into an organization could be added as a collaborator on a repository. This resulted in the new organizations owners unexpectedly receiving access to the repository. + - | + When using `ghe-migrator` to import repositories into GitHub Enterprise Server, the `conflicts` and `audit` subcommands produced an invalid CSV file due to an extra log line appended to the file. + - | + On an instance with subdomain isolation disabled, a notebook could not be loaded due to incorrect asset paths. + - | + Running `ghe-spokesctl gov info` without any arguments caused a `panic` response. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, dry runs sometimes incorrectly reported no results for custom patterns. + - | + On an instance with a GitHub Advanced Security license and secret scanning enabled, webhooks for alert locations did not contain information about push protection bypasses. + - | + On an instance with a GitHub Advanced Security license, code scanning would report an incorrect number of files scanned on the "Tools" status page. + changes: + - | + On an instance with Dependabot updates enabled, Dependabot relies on the node installation provided by the actions runner instead of dynamically downloading. + - | + When adding a node to an instance, performance is improved during initial database replication. + - | + An administrator can run the new `ghe-check-background-upgrade-jobs` command to ensure all upgrade jobs that run in the background have finished. This allows the administrator to know when they can start the next upgrade to their GitHub Enterprise Server instance. + - | + To avoid negative effects on disk utilization, `babeld` log files have a maximum size of 15 GB. + - | + Instance administrators can manage search indices for GitHub Discussions from the site admin dashboard. + - | + To improve reliability of release uploads in low-bandwidth environments, the time-to-live (TTL) value of the token for uploading release assets has increased from 1 hour to 3 hours. + - | + When using `ghe-migrator prepare` to import an archive, a missing `schema.json` file results in an `UnsupportedArchive` error rather than an `UnsupportedSchemaVersion` error. + - | + The audit log now tracks all failed password attempts individually. Previously, duplicate failed password attempts in sequence within the same day would be grouped into one failed password attempt, with a `count` field. + known_issues: + - | + Custom firewall rules are removed during the upgrade process. + - | + The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail. + - | + When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`. + - | + The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning. + - | + When enabling CodeQL via default setup [at scale](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale), some checks related to GitHub Actions are omitted, potentially preventing the process from completing. + - | + {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-mysql-cannot-start-up %} + - | + {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %} + - | + {% data reusables.release-notes.2023-08-mssql-replication-known-issue %} + - | + {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %} + - | + On an instance hosted in AWS, system time may lose synchronization with Amazon's servers after an administrator reboots the instance. + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.2023-10-git-push-made-but-not-registered %} + - | + {% data reusables.release-notes.2023-10-actions-upgrade-bug %} + - | + Restoring backups with `ghe-restore` on a GHES cluster will exit prematurely if `redis` has not restarted properly. + deprecations: + - heading: Interactive maps in the web UI no longer allow authentication using an Azure Maps API key + notes: + - | + To allow users to render interactive maps in an instance's web UI by writing GeoJSON or TopoJSON syntax, GitHub Enterprise Server previously required a potentially unsecure API key for authentication with Azure Maps. If an administrator previously enabled interactive maps on an instance, the feature is disabled upon upgrade to this release. + + To re-enable interactive maps for your instance, you must configure an application on an Entra ID tenant that has access to Azure Maps using role-based access control (RBAC). For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)" and the security fixes for this release. diff --git a/data/reusables/advanced-formatting/administrator-must-enable-mapping.md b/data/reusables/advanced-formatting/administrator-must-enable-mapping.md index a224c43b122f..fc2f5ff2abd7 100644 --- a/data/reusables/advanced-formatting/administrator-must-enable-mapping.md +++ b/data/reusables/advanced-formatting/administrator-must-enable-mapping.md @@ -1,5 +1,5 @@ {% ifversion azure-maps %} -To display interactive maps, a site administrator must configure the feature for {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-applications#enabling-interactive-maps)." +To display interactive maps, a site administrator must configure the feature for {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-interactive-maps)." {% endif %} diff --git a/data/reusables/enterprise/azure-maps-auth-deprecation-link.md b/data/reusables/enterprise/azure-maps-auth-deprecation-link.md new file mode 100644 index 000000000000..04cfd2ffe7de --- /dev/null +++ b/data/reusables/enterprise/azure-maps-auth-deprecation-link.md @@ -0,0 +1 @@ +For more information, see the "[Deprecations](/admin/release-notes#{{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.7 %}19{% elsif ghes = 3.8 %}12{% elsif ghes = 3.9 %}7{% elsif ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %}-deprecations)" section in the release notes. diff --git a/data/reusables/enterprise/azure-maps-auth-warning.md b/data/reusables/enterprise/azure-maps-auth-warning.md new file mode 100644 index 000000000000..f86641cfc9dc --- /dev/null +++ b/data/reusables/enterprise/azure-maps-auth-warning.md @@ -0,0 +1,5 @@ +{% warning %} + +**Warning**: {% data variables.product.company_short %} does not recommend the use of an Azure Maps API token for authentication. To improve security, upgrade to the latest patch release of {% data variables.product.product_name %} and reconfigure Azure Maps authentication. After you upgrade, interactive maps will be disabled for your instance until you reconfigure authentication. {% data reusables.enterprise.azure-maps-auth-deprecation-link %} + +{% endwarning %}