GitHub Upgrade – 2.20.6

The 2.20.6 update is a security update, fixing several CVEs in underlying software, fixing a few bugs and applying OS package upgrades.

Security Fixed

  • HIGH: OpenSSL has been updated to address CVE-2020-1967.
  • HIGH: Git has been updated to address CVE-2020-5260 and CVE-2020-11008. New restrictions prevent malicious repositories from being pushed to the server instance, protecting clients which have not yet been patched.
  • LOW: ImageMagick has been updated to address CVE-2019-10131.

Notable Bug Fixes

  • The git user lacked permissions to invoke the processes required to convert existing repositories using Subversion from the v4 format to v3 LRS.
  • A CODEOWNERS file with a leading UTF-8 Byte Order Mark would cause all codeowner rules to be ignored

We will be applying the patch at 5:00 PM EST on May 1st.