GitHub Upgrade – 3.4.3

This update is a medium security and bugfix patch which addresses a few minor issues.

Security Fixes

  • Medium security risk related to CVE-2021-23017
  • Updated the actions/checkout@v2 and actions/checkout@v3 actions to address new vulnerabilities announced in the Git security enforcement blog post.
  • Packages have been updated to the latest security versions.

Bug Fixes

  • When adding custom patterns and providing non-UTF8 test strings, match highlighting was incorrect.
  • LDAP users with an underscore character (_) in their user names can now login successfully.
  • For instances configured with SAML authentication and built-in fallback enabled, built-in users would get stuck in a “login” loop when attempting to sign in from the page generated after logging out.
  • Character key shortcut preferences weren’t respected.
  • When using SAML encrypted assertions, some assertions were not correctly marking SSH keys as verified.
  • Videos uploaded to issue comments would not be rendered properly.
  • When using GitHub Enterprise Importer to import a repository, some issues would fail to import due to incorrectly configured project timeline events.

The update will be applied Monday, May 23rd , 2022 at 5:30PM.

See the complete upgrade notes at GitHub Enterprise:
https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.3