diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md index f3cebe3110d9..875d270b10c3 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md @@ -53,4 +53,4 @@ For more information about contacting {% data variables.contact.github_support % ## Working with {% data variables.contact.github_support %} for Actions Runner Controller -{% data variables.contact.github_support %} may ask questions about your Actions Runner Controller deployment and request that you collect and attach [the controller and listener logs](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors#checking-the-logs-of-the-controller-and-runner-set-listener) to the support ticket. +{% data variables.contact.github_support %} may ask questions about your Actions Runner Controller deployment and request that you collect and attach the [controller, listener](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors#checking-the-logs-of-the-controller-and-runner-set-listener), and runner logs to the support ticket. diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md index e8d484df47f3..b03515df8517 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md @@ -35,6 +35,7 @@ You can deploy runner scale sets with ARC's Helm charts or by deploying the nece - {% data reusables.actions.actions-runner-controller-security-practices-namespace %} - {% data reusables.actions.actions-runner-controller-security-practices-secret %} - We recommend running production workloads in isolation. {% data variables.product.prodname_actions %} workflows are designed to run arbitrary code, and using a shared Kubernetes cluster for production workloads could pose a security risk. +- Ensure you have implemented a way to collect and retain logs from the controller, listeners, and ephemeral runners. {% endnote %} diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller.md index 223b02608403..6c04b7432cc4 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller.md @@ -36,6 +36,7 @@ In order to use ARC, ensure you have the following. - Helm 3 - For more information, see [Installing Helm](https://helm.sh/docs/intro/install/) in the Helm documentation. +- While it is not required for ARC to be deployed, we recommend ensuring you have implemented a way to collect and retain logs from the controller, listeners, and ephemeral runners before deploying ARC in production workflows. ## Installing Actions Runner Controller diff --git a/data/release-notes/enterprise-server/3-12/1.yml b/data/release-notes/enterprise-server/3-12/1.yml index a801d590f81a..5f1d6a11861a 100644 --- a/data/release-notes/enterprise-server/3-12/1.yml +++ b/data/release-notes/enterprise-server/3-12/1.yml @@ -5,8 +5,6 @@ sections: **HIGH:** An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. GitHub has requested CVE ID [CVE-2024-2469](https://www.cve.org/cverecord?id=CVE-2024-2469) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). - | **HIGH:** An attacker with an editor role in the Management Console could gain SSH access to the instance by command injection when configuring GeoJSON settings. GitHub has requested CVE ID [CVE-2024-2443](https://www.cve.org/cverecord?id=CVE-2024-2443) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). - - | - **MEDIUM:** An attacker could maintain admin access to a detached repository in a race condition by making a GraphQL mutation to alter repository permissions while the repository is detached. GitHub has requested CVE ID [CVE-2024-2440](https://nvd.nist.gov/vuln/detail/CVE-2024-2440) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). - | **MEDIUM**: An attacker could execute CSRF attacks to perform unauthorized actions on behalf of an unsuspecting user, using the GraphQL mutations. A mitigating factor is that user interaction is required. GitHub has requested CVE ID [CVE-2024-2748](https://nvd.nist.gov/vuln/detail/CVE-2024-2748) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). - |