This update is a medium security and bugfix patch which addresses a few minor issues.
- Medium security risk related to CVE-2021-23017
- Updated the actions/checkout@v2 and actions/checkout@v3 actions to address new vulnerabilities announced in the Git security enforcement blog post.
- Packages have been updated to the latest security versions.
- When adding custom patterns and providing non-UTF8 test strings, match highlighting was incorrect.
- LDAP users with an underscore character (_) in their user names can now login successfully.
- For instances configured with SAML authentication and built-in fallback enabled, built-in users would get stuck in a “login” loop when attempting to sign in from the page generated after logging out.
- Character key shortcut preferences weren’t respected.
- When using SAML encrypted assertions, some assertions were not correctly marking SSH keys as verified.
- Videos uploaded to issue comments would not be rendered properly.
- When using GitHub Enterprise Importer to import a repository, some issues would fail to import due to incorrectly configured project timeline events.
The update will be applied Monday, May 23rd , 2022 at 5:30PM.
See the complete upgrade notes at GitHub Enterprise: