The 2.18.0 update is a large update, introducing a lot of useful features and package updates. We will also be installing the 2.18.1 update, which is a small update fixing a few bugs.
- Issues can be assigned to read-only contributors that have commented on the issue.
- Milestones are now visible on project boards.
- User-owned repositories are automatically watched for updates upon creation.
- Users can receive notifications for conversations occurring on Gists.
- Users can limit the types of notifications they receive for any issue and pull request to be specific to
- Users can transfer issues from one repository to another that they have write access to.
- Security alerts are supported for repositories using Yarn for dependency management.
- Repository admins can make an existing repository a template so users can generate new repositories with the same directory structure and files.
- Organization owners can choose to display their member’s profile names in comments on private repositories.
- Cards can be converted to issues on user owned projects.
- Users have the option to toggle annotations in the diff view.
- An attacker could inject potentially malicious options into Git sub-commands when executed on the server. This could allow an attacker to truncate existing files on the server or execute other unintended functionality of affected Git sub-commands. To exploit this vulnerability, an attacker would need permission to create a branch within a repository on the GitHub Enterprise Server instance. This vulnerability was reported through the GitHub Security Bug Bounty program.
- GitHub App permissions could be incorrectly set by the user.
Notable Bug Fixes
- GitHub Enterprise Server was incorrectly using
firstname.lastname@example.org the sender of notification emails if a URL was used for the support link instead of an email address.
- GitHub app managers were able to access and manage applications for the organization after being removed from it.
- Lines in gists were not selectable.
- On appliances that send a lot of notifications, GitHub Enterprise opened too many connections to the configured email server which delayed delivery in certain cases.
We will be applying the patch at 5:00 PM EST on Aug 30th.