The 2.17.2 update is a small update, targeting a few minor bugs and security patches, and one medium security patch.
Patch 2.17.3 fixes a critical security vulnerability. This patch has accelerated the normal patch schedule, and we will be moving the upgrade to today at 5:00PM.
Notable Bug Fixes
- An attacker with direct network access to the server could send a specially crafted sequence of network packets that could cause a kernel panic or slow down the system causing a Denial of Service (DoS)
- Internal API data values exceeded internal buffer sizes and caused access from the Git command-line to fail unconditionally for some users or deploy keys.
- In single node appliances, the
ghe-export-audit-logscommand did not correctly detect the instance type in some cases, causing backups to fail. - The GraphQL API would only return 300 objects instead of the documented 3000.
- In the GraphQL API, the
suggestedReviewersfield returned an error when queried in combination with some other fields (e.g.,additionsordeletions).
We will be applying the patch at 5:00 PM EST on June 26.