GitHub Upgrade – 2.16.9

The 2.16.9 update is a small update, targeting a few minor bugs and security patches.

Notable Bug Fixes

  • An endpoint in the GitHub API would disclose sensitive user information in its error response. The disclosed information included authentication tokens that could be used to authenticate as unauthorized users. An authenticated user on the instance would be required to access to the affected API.
  • The /var/log/github/exceptions.log file could include a large number of QueryWarningLogger::QueryWarning errors.
  • Organizations imported with ghe-migrator were not added to the global enterprise account.
  • The diff context for diffs that included submodules would sometimes load incorrect content.

We will be applying the patch at 5:00 PM EST on May 24.