The 2.19.5 update is a small update, fixing a few bugs and applying OS package upgrades.
Security Fixes
- Git has been updated to address CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, and CVE-2019-19604. These vulnerabilities could not be triggered on the GitHub Enterprise Server instance itself, but new restrictions prevent malicious repositories from being pushed to the server instance, protecting clients which have not yet been patched.
Notable Bug Fixes
- The Alambic storage service could hit a file descriptor limit that could cause the kernel to hang and other services to log errors.
- Importing of teams with nested teams with security visibility could fail. Nested teams will now be imported as top-level teams if they are imported as children of a team with secret visibility.
- A team created via the API V3 would not automatically add its creator as a maintainer, which caused it to be inaccessible to that person.
- A GitHub App with the proper set of permissions was not able to create teams with LDAP.
We will be applying the patch at 5:00 PM EST on Jan 24th.