Features

• Business administrators can enable, disable, or no-policy repository creation, deletion, visibility change, forking, and permissions to all repositories and organizations.
• Automatically protect branches with regex patterns.
• Link repositories for your organization-owned projects to make searching faster and more relevant.
• Show the issue and pull request details from a project board.
• Resolve conversations in a pull request review.
• Sign commits using X.509 certificates and S/MIME signatures.
• Quote replies or copy permalinks in issue and pull request conversations.
• Hide off topic, outdated, or resolved comments in issue and pull request conversations.
• Pushes will be rejected if a Git LFS object hasn't been uploaded properly.
• Pull request URL is included in the output of a git push.
• Opt-in to the activity overview dashboard to view work across all your organizations and repositories.
• Clustering environments support an elasticsearch-server in a separate datacenter. (updated 2018-10-29)
• Wiki, search, and releases pages have been updated to be responsive.
• The + and - diff markers are no longer copied to your clipboard when copying content from a diff.
• Remove files directly from a pull request.
• Permalinked comments will be highlighted for easier discovery.
• Use a keyboard shortcut (e.g., ⌘ shift enter) to leave a pull request review comment.
• Collapse all diffs by using the alt shortcut and clicking the inverted caret icon in any file header.
• Edit a repository's README.md directly from the repository's root page.
• After pushing the changes, quickly create a pull request from the pull requests or code tab.
• Add members directly from the team discussion page using the + button.

Security Fixes

• HIGH: LDAP users could authenticate as another user because GitHub Enterprise was incorrectly encoding whitespaces from the relative distinguished name (RDN).
• LOW: The issues API could disclose private organization membership status. The organization membership information now requires the repo or read:org scope.
• The git package has been updated to detect malicious Git submodules that could be used to exploit CVE-2018-17456.
• Packages have been updated to the latest security versions.

Bug Fixes

• The access control list (ACL) of configuration files transferred to replica nodes could be lost when configuring High Availability replication.
• ghe-config-apply contained innocuous and misleading error messages about WARNING: Setting ES auto_expand_replicas failed.
• The Grafana monitor dashboard truncated background jobs in the graph's legend.
• Scheduling maintenance mode could cause a 500 Internal Sever Error.
• Pull request review requests weren't satisfied if a member of a subteam completed the review.
• Healthcheck requests from the provider (i.e., AWS, Azure, or GCP) were blocked.
• Users could get stuck choosing where to fork and be shown an indefinite spinning icon.

Changes

• The osqueryi utility has been added to the GitHub Enterprise environment.
• The diff lines are omitted for file deletions.
• Collapsed review threads are requested and loaded when uncollapsing the view.
• The agilezen, boxcar, codeportingcsharp2java, coffeedocinfo, coop, cube, distiller, hall, honbu, loggly, masterbranch, nma, notifymyandroid, pushalot, swiggle, stormpath, trajector, visualops, and yammer GitHub services have been deprecated.
• New REST API resources have been added.
• GraphQL API schema has been updated.
• New webhook events have been added.
• GitHub Apps has been updated to access more API resources and GraphQL queries.
• GitHub Enterprise is now available in Azure Government. (updated 2018-10-18)

Backups and Disaster Recovery

GitHub Enterprise 2.15 requires at least GitHub Enterprise Backup Utilities 2.15.0 for Backups and Disaster Recovery.

Upcoming deprecation of GitHub Enterprise 2.12

GitHub Enterprise 2.12 will be deprecated as of December 12, 2018. That means that no patch releases will be made, even for critical security issues, after this date. For better performance, improved security, and new features, upgrade to the newest version of GitHub Enterprise as soon as possible.

Upcoming deprecation of GitHub Services

Starting with GitHub Enterprise 2.17.0, support for GitHub Services will be deprecated and administrators will not be able to install or configure new GitHub Services. Existing GitHub Services from a previous version of GitHub Enterprise will continue to function but GitHub Enterprise will not be providing any security or bug fixes to the GitHub Services functionality. At this time, there will be no changes to the existing functionality, but a warning banner will be displayed with the deprecation announcement blog post. Administrators can see which repositories are using GitHub Services with ghe-legacy-github-services-report.

Deprecation of Internet Explorer 11 support Upcoming deprecation of Internet Explorer 11 support

Support for Internet Explorer 11 has been deprecated as of GitHub Enterprise 2.15.0. Internet Explorer is still supported in GitHub Enterprise 2.15.0. Support for Internet Explorer 11 will be deprecated in the next feature release, 2.16.0. (updated 2018-11-22)

Known Issues

• On a freshly set up GitHub Enterprise without any users, an attacker could create the first admin user.
• Custom firewall rules aren't maintained during an upgrade.
• svn checkout may timeout while the repository data cache is being built. In most cases, subsequent svn checkout attempts will succeed.
• Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
• The App request/response Grafana section is not reporting any metrics.
• The import of protected branches with ghe-migrator fails when the creator of the protected branch no longer exists on the source instance. (updated 2018-10-31)
• Creating a new organization may cause a 422 Unprocessable Entity error. (updated 2018-11-03)
• Some settings available on the /business page are inaccessible when the company name in the license file is comprised of multi byte strings. (updated 2018-11-7)
• Listing the GUIDs of migrations that are in progress with the ghe-migrator list command throws an error and fails. (updated 2018-11-21)
• The import of project boards with ghe-migrator fails when the creator of a card on the board no longer exists on the source instance. (updated 2018-11-21)
• Pull request review comments can be misplaced when the pull request has large diffs. (updated 2019-01-21)
• Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters. (updated 2019-03-07)
• Some pull requests and issues are purged completely when restoring the repository right after deleting it. (updated 2019-03-19)
• Resque workers may not be cleaned up following a configuration run leading to a growing number of stale workers which in turn could lead to high memory consumption. (updated 2019-05-08)

Errata

• elasticsearch-server was added as part of preliminary work needed for Elasticsearch indices replication under cluster disaster recovery. This update does not affect any instance of GitHub Enterprise at this time. (updated 2018-10-29)

Thanks!

The GitHub Team