The 2.16.9 update is a small update, targeting a few minor bugs and security patches.
Notable Bug Fixes
- An endpoint in the GitHub API would disclose sensitive user information in its error response. The disclosed information included authentication tokens that could be used to authenticate as unauthorized users. An authenticated user on the instance would be required to access to the affected API.
- The
/var/log/github/exceptions.log
file could include a large number ofQueryWarningLogger::QueryWarning
errors. - Organizations imported with
ghe-migrator
were not added to the global enterprise account. - The diff context for diffs that included submodules would sometimes load incorrect content.
We will be applying the patch at 5:00 PM EST on May 24.