GitHub Upgrade – 3.3.2

This upgrade includes the 3.3.0 Feature release, as well as the two Patch releases: 3.3.1 and 3.3.2

The 3.3.0 upgrade is a Feature release, with a lot of changes! See below for details.


  • Security Manager Role
    • Organization owners can now grant teams the access to manage security alerts and settings on their repositories. The “security manager” role can be applied to any team and grants the team’s members the following access:
      • Read access on all repositories in the organization.
      • Write access on all security alerts in the organization.
      • Access to the organization-level security tab.
      • Write access on security settings at the organization level.
      • Write access on security settings at the repository level.
    • For more information, see “Managing security managers in your organization.”
  • Ephemeral Self-Hosted Runners for GitHub Actions & New Webhook for Auto-Scaling
    • GitHub Actions now supports ephemeral (single job) self-hosted runners and a new workflow_job webhook to make autoscaling runners easier.

      Ephemeral runners are good for self-managed environments where each job is required to run on a clean image. After a job is run, ephemeral runners are automatically unregistered from your GitHub Enterprise Server instance, allowing you to perform any post-job management.

      You can combine ephemeral runners with the new workflow_job webhook to automatically scale self-hosted runners in response to GitHub Actions job requests.

      For more information, see “Autoscaling with self-hosted runners” and “Webhook events and payloads.”
  • Dark High Contrast Theme
    • A dark high contrast theme, with greater contrast between foreground and background elements, is now available on GitHub Enterprise Server 3.3. This release also includes improvements to the color system across all GitHub themes.

      For more information about changing your theme, see “Managing your theme settings.”


  • Token Changes
    • An expiration date can now be set for new and existing personal access tokens. Setting an expiration date on personal access tokens is highly recommended to prevent older tokens from leaking and compromising security. Token owners will receive an email when it’s time to renew a token that’s about to expire. Tokens that have expired can be regenerated, giving users a duplicate token with the same properties as the original.
    • When using a personal access token with the GitHub API, a new GitHub-Authentication-Token-Expiration header is included in the response, which indicates the token’s expiration date. For more information, see “Creating a personal access token.”
  • Notification Changes
    • Notification emails from discussions now include (Discussion #xx) in the subject, so you can recognize and filter emails that reference discussions.
  • Repositories Changes
    • Public repositories now have a Public label next to their names like private and internal repositories. This change makes it easier to identify public repositories and avoid accidentally committing private code.
    • If you specify the exact name of a branch when using the branch selector menu, the result now appears at the top of the list of matching branches. Previously, exact branch name matches could appear at the bottom of the list.
    • When viewing a branch that has a corresponding open pull request, GitHub Enterprise Server now links directly to the pull request. Previously, there would be a prompt to contribute using branch comparison or to open a new pull request.
    • You can now click a button to copy the full raw contents of a file to the clipboard. Previously, you would need to open the raw file, select all, and then copy. To copy the contents of a file, navigate to the file and click  in the toolbar. Note that this feature is currently only available in some browsers.
    • When creating a new release, you can now select or create the tag using a dropdown selector, rather than specifying the tag in a text field. For more information, see “Managing releases in a repository.”
    • A warning is now displayed when viewing a file that contains bidirectional Unicode text. Bidirectional Unicode text can be interpreted or compiled differently than it appears in a user interface. For example, hidden bidirectional Unicode characters can be used to swap segments of text in a file. For more information about replacing these characters, see the GitHub changelog.
    • You can now use CITATION.cff files to let others know how you would like them to cite your work. CITATION.cff files are plain text files with human- and machine-readable citation information. GitHub Enterprise Server parses this information into common citation formats such as APA and BibTeX. For more information, see “About CITATION files.”
  • Markdown Changes
    • You can use new keyboard shortcuts for quotes and lists in Markdown files, issues, pull requests, and comments.
      • To add quotes, use cmd shift . on Mac, or ctrl shift . on Windows and Linux.
      • To add an ordered list, use cmd shift 7 on Mac, or ctrl shift 7 on Windows and Linux.
      • To add an unordered list, use cmd shift 8 on Mac, or ctrl shift 8 on Windows and Linux.See “Keyboard shortcuts” for a full list of available shortcuts.
    • You can now use footnote syntax in any Markdown field. Footnotes are displayed as superscript links that you can click to jump to the referenced information, which is displayed in a new section at the bottom of the document. For more information about the syntax, see “Basic writing and formatting syntax.”
    • When viewing Markdown files, you can now click  in the toolbar to view the source of a Markdown file. Previously, you needed to use the blame view to link to specific line numbers in the source of a Markdown file.
    • You can now add images and videos to Markdown files in gists by pasting them into the Markdown body or selecting them from the dialog at the bottom of the Markdown file. For information about supported file types, see “Attaching files.”
    • GitHub Enterprise Server now automatically generates a table of contents for Wikis, based on headings.
    • When dragging and dropping files into a Markdown editor, such as images and videos, GitHub Enterprise Server now uses the mouse pointer location instead of the cursor location when placing the file.
  • Issues and Pull Requests Changes
    • You can now search issues by label using a logical OR operator. To filter issues using logical OR, use the comma syntax. For example, label:"good first issue","bug" will list all issues with a label of good first issue or bug. For more information, see “Filtering and searching issues and pull requests.”
    • Improvements have been made to help teams manage code review assignments. You can now:
      • Limit assignment to only direct members of the team.
      • Continue with automatic assignment even if one or more members of the team are already requested.
      • Keep a team assigned to review even if one or more members is newly assigned.The timeline and reviewers sidebar on the pull request page now indicate if a review request was automatically assigned to one or more team members.For more information, see the GitHub changelog.
    • You can now filter pull request searches to only include pull requests you are directly requested to review.
    • Filtered files in pull requests are now completely hidden from view, and are no longer shown as collapsed in the “Files Changed” tab. The “File Filter” menu has also been simplified. For more information, see “Filtering files in a pull request.”
  • GitHub Actions Changes
    • You can now create “composite actions” which combine multiple workflow steps into one action, and includes the ability to reference other actions. This makes it easier to reduce duplication in workflows. Previously, an action could only use scripts in its YAML definition. For more information, see “Creating a composite action.”
    • GitHub Enterprise Server 3.3 contains performance improvements for job concurrency with GitHub Actions.
    • To mitigate insider man in the middle attacks when using actions resolved through GitHub Connect to from GitHub Enterprise Server, the actions namespace (owner/name) is retired on use. Retiring the namespace prevents that namespace from being created on your GitHub Enterprise Server instance, and ensures all workflows referencing the action will download it from
  • API and WebHook Changes
    • Most REST API previews have graduated and are now an official part of the API. Preview headers are no longer required for most REST API endpoints, but will still function as expected if you specify a graduated preview in the Accept header of a request. For previews that still require specifying the preview in the Accept header of a request, see “API previews.”
    • You can now use the REST API to configure custom autolinks to external resources. The REST API now provides beta GET/POST/DELETE endpoints which you can use to view, add, or delete custom autolinks associated with a repository. For more information, see “Autolinks.”
    • You can now use the REST API to sync a forked repository with its upstream repository. For more information, see “Branches” in the REST API documentation.
    • GitHub App user-to-server API requests can now read public resources using the REST API. This includes, for example, the ability to list a public repository’s issues and pull requests, and to access a public repository’s comments and content.
    • When creating or updating a repository, you can now configure whether forking is allowed using the REST and GraphQL APIs. Previously, APIs for creating and updating repositories didn’t include the fields allow_forking (REST) or forkingAllowed (GraphQL). For more information, see “Repositories” in the REST API documentation and “Repositories” in the GraphQL API documentation.
    • A new GraphQL mutation createCommitOnBranch makes it easier to add, update, and delete files in a branch of a repository. Compared to the REST API, you do not need to manually create blobs and trees before creating the commit. This allows you to add, update, or delete multiple files in a single API call.Commits authored using the new API are automatically GPG signed and are marked as verified in the GitHub Enterprise Server UI. GitHub Apps can use the mutation to author commits directly or on behalf of users.
    • When a new tag is created, the push webhook payload now always includes a head_commit object that contains the data of the commit that the new tag points to. As a result, the head_commit object will always contain the commit data of the payload’s after commit.
  • Performance Changes
    • Page loads and jobs are now significantly faster for repositories with many Git refs.

Security Fixes

  • Packages have been updated to the latest security versions.
  • Sanitize more secrets in the generated support bundles
  • Users on teams with the Security Manger role will now be notified about security alerts for repositories they are watching.
  • The security managers component will show a less-aggressive warning once the maximum number of teams has been reached.

Bug Fixes

  • Actions self hosted runners would fail to self-update or run new jobs after upgrading from an older GHES installation.
  • Actions would be left in a stopped state after an update with maintenance mode set.
  • Some webhook related jobs could generated large amount of logs.
  • Several documentation links resulted in a 404 Not Found error.

The update will be applied Monday Jan 24th , 2022 at 5:30PM.

See the complete upgrade notes at GitHub Enterprise: