Due to an issue with the packages from GitHub, the 2.19.0 and 2.19.1 releases were pulled, so we’re jumping straight to 2.19.2.
- Organization and repository administrators can assign the
maintainroles to users and teams.
- When an issue is referenced with a closing keyword in a pull request description, the referenced issue will now surface the relevant pull request information in its header.
- The dependency graph supports
.fsprojfiles that list NuGet dependencies in their PackageReference section.
- Users can change the project board columns of issues directly from the issue sidebar.
- GitHub Pages supports adding a remote theme using Jekyll.
- The dependency graph supports scoped npm packages.
- Repositories can be set to delete the head branch of a pull request once it has merged into the base branch.
Notable Bug Fixes
- Team maintainers could not add child teams to their teams if “Allow members to create teams” was disabled.
- Pull requests authors with read permissions could not re-request reviews.
- A label could be shown as removed from a pull request that it was never added to.
- Unsubscribe email notification language was inconsistent with the language used in the web interface.
script-src: 'unsafe-inline'CSP header was applied to all paths for Enterprise Manager.
- The legacy avatar upgrade functionality was vulnerable to a Server-Side Request Forgery (SSRF) vulnerability when fetching image content from third-party avatar services.
- The web notification retention policy has been increased to 5 months for all notification types.
- Users will only be able to see the Secret teams they are part of in the list of teams.
- Users will be listed as owners of the organizations they own when logged in.
- Pull requests are shown under Recent Activity when they’ve recently been reviewed.
We will be applying the patch at 5:00 PM EST on Nov 25th.