GitHub Upgrade – 2.17.2/2.17.3

The 2.17.2 update is a small update, targeting a few minor bugs and security patches, and one medium security patch.

Patch 2.17.3 fixes a critical security vulnerability. This patch has accelerated the normal patch schedule, and we will be moving the upgrade to today at 5:00PM.

Notable Bug Fixes

  • An attacker with direct network access to the server could send a specially crafted sequence of network packets that could cause a kernel panic or slow down the system causing a Denial of Service (DoS)
  • Internal API data values exceeded internal buffer sizes and caused access from the Git command-line to fail unconditionally for some users or deploy keys.
  • In single node appliances, the ghe-export-audit-logs command did not correctly detect the instance type in some cases, causing backups to fail.
  • The GraphQL API would only return 300 objects instead of the documented 3000.
  • In the GraphQL API, the suggestedReviewers field returned an error when queried in combination with some other fields (e.g., additions or deletions).

We will be applying the patch at 5:00 PM EST on June 26.