GitHub Upgrade – 2.19.2

Due to an issue with the packages from GitHub, the 2.19.0 and 2.19.1 releases were pulled, so we’re jumping straight to 2.19.2.

All features and changes from 2.19.0 and 2.19.1 are included in the 2.19.2 patch, and this post will highlight features and changes from all three.

New Features

  • Organization and repository administrators can assign the triage and maintain roles to users and teams.
  • When an issue is referenced with a closing keyword in a pull request description, the referenced issue will now surface the relevant pull request information in its header.
  • The dependency graph supports .vcxproj and .fsproj files that list NuGet dependencies in their PackageReference section.
  • Users can change the project board columns of issues directly from the issue sidebar.
  • GitHub Pages supports adding a remote theme using Jekyll.
  • The dependency graph supports scoped npm packages.
  • Repositories can be set to delete the head branch of a pull request once it has merged into the base branch.

Notable Bug Fixes

  • Team maintainers could not add child teams to their teams if “Allow members to create teams” was disabled.
  • Pull requests authors with read permissions could not re-request reviews.
  • A label could be shown as removed from a pull request that it was never added to.
  • Unsubscribe email notification language was inconsistent with the language used in the web interface.

Security Fixes

  • The script-src: 'unsafe-inline' CSP header was applied to all paths for Enterprise Manager.
  • The legacy avatar upgrade functionality was vulnerable to a Server-Side Request Forgery (SSRF) vulnerability when fetching image content from third-party avatar services.


  • The web notification retention policy has been increased to 5 months for all notification types.
  • Users will only be able to see the Secret teams they are part of in the list of teams.
  • Users will be listed as owners of the organizations they own when logged in.
  • Pull requests are shown under Recent Activity when they’ve recently been reviewed.

We will be applying the patch at 5:00 PM EST on Nov 25th.