The 2.16.9 update is a small update, targeting a few minor bugs and security patches.
Notable Bug Fixes
- An endpoint in the GitHub API would disclose sensitive user information in its error response. The disclosed information included authentication tokens that could be used to authenticate as unauthorized users. An authenticated user on the instance would be required to access to the affected API.
- The
/var/log/github/exceptions.logfile could include a large number ofQueryWarningLogger::QueryWarningerrors. - Organizations imported with
ghe-migratorwere not added to the global enterprise account. - The diff context for diffs that included submodules would sometimes load incorrect content.
We will be applying the patch at 5:00 PM EST on May 24.