Merge pull request #32178 from github/repo-sync

Repo sync

content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md

@@ -53,4 +53,4 @@ For more information about contacting {% data variables.contact.github_support %
 
 ## Working with {% data variables.contact.github_support %} for Actions Runner Controller
 
-{% data variables.contact.github_support %} may ask questions about your Actions Runner Controller deployment and request that you collect and attach [the controller and listener logs](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors#checking-the-logs-of-the-controller-and-runner-set-listener) to the support ticket.
+{% data variables.contact.github_support %} may ask questions about your Actions Runner Controller deployment and request that you collect and attach the [controller, listener](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors#checking-the-logs-of-the-controller-and-runner-set-listener), and runner logs to the support ticket.

content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md

@@ -35,6 +35,7 @@ You can deploy runner scale sets with ARC's Helm charts or by deploying the nece
 - {% data reusables.actions.actions-runner-controller-security-practices-namespace %}
 - {% data reusables.actions.actions-runner-controller-security-practices-secret %}
 - We recommend running production workloads in isolation. {% data variables.product.prodname_actions %} workflows are designed to run arbitrary code, and using a shared Kubernetes cluster for production workloads could pose a security risk.
+- Ensure you have implemented a way to collect and retain logs from the controller, listeners, and ephemeral runners.
 
 {% endnote %}
 

content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller.md

@@ -36,6 +36,7 @@ In order to use ARC, ensure you have the following.
 
 - Helm 3
   - For more information, see [Installing Helm](https://helm.sh/docs/intro/install/) in the Helm documentation.
+- While it is not required for ARC to be deployed, we recommend ensuring you have implemented a way to collect and retain logs from the controller, listeners, and ephemeral runners before deploying ARC in production workflows.
 
 ## Installing Actions Runner Controller
 

data/release-notes/enterprise-server/3-12/1.yml

@@ -5,8 +5,6 @@ sections:
       **HIGH:** An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. GitHub has requested CVE ID [CVE-2024-2469](https://www.cve.org/cverecord?id=CVE-2024-2469) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
     - |
       **HIGH:** An attacker with an editor role in the Management Console could gain SSH access to the instance by command injection when configuring GeoJSON settings. GitHub has requested CVE ID [CVE-2024-2443](https://www.cve.org/cverecord?id=CVE-2024-2443) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **MEDIUM:** An attacker could maintain admin access to a detached repository in a race condition by making a GraphQL mutation to alter repository permissions while the repository is detached. GitHub has requested CVE ID [CVE-2024-2440](https://nvd.nist.gov/vuln/detail/CVE-2024-2440) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
     - |
       **MEDIUM**: An attacker could execute CSRF attacks to perform unauthorized actions on behalf of an unsuspecting user, using the GraphQL mutations. A mitigating factor is that user interaction is required. GitHub has requested CVE ID [CVE-2024-2748](https://nvd.nist.gov/vuln/detail/CVE-2024-2748) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
     - |