The 2.13 series release notes contain important changes in this release series.

Security Fixes

• The git package has been updated to detect malicious Git submodules that could be used to exploit CVE-2018-17456.
• Packages have been updated to the latest security versions.

Bug Fixes

• The access control list (ACL) of configuration files transferred to replica nodes could be lost when configuring High Availability replication.
• The Grafana monitor dashboard truncated background jobs in the graph's legend.
• Organization migrations could fail to be exported if a pull request review comment could not be encoded properly.
• Pull request review requests weren't satisfied if a member of a subteam completed the review.

Changes

• The osqueryi utility has been added to the GitHub Enterprise environment.
• GitHub Enterprise is now available in Azure Government. (updated 2018-10-18)

Known Issues

• Images uploaded to issues save with an absolute URL, so they can be broken if the hostname changes.
• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• Pull request review comments are missing from an import with ghe-migrator.
• The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
• The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)

Thanks!

The GitHub Team