The NC State GitHub Enterprise service will be taken offline Monday, July 25th at 5PM EST to apply this update. This changelog is not exhaustive, and was modified to omit changes not relevant to end-users of our instance. A full list of changes can be found on the GitHub Enterprise website.
Security Fixes
- MEDIUM: Prevents an attack where a server-side request forgery (SSRF) could potentially force the Subversion (SVN) bridge to execute remote code by injecting arbitrary data into Memcached.
- MEDIUM: Prevents an attacker from executing Javascript code by exploiting a cross-site scripting (XSS) vulnerability in dropdown UI elements within the GitHub Enterprise Server web interface.
- Updates Grafana to version 7.5.16, which addresses various security vulnerabilities including CVE-2020-13379 and CVE-2022-21702.
- Packages have been updated to the latest security versions.
Bug Fixes
- In some cases where a protected branch required more than one approving review, a pull request could be merged with fewer than the required number of approving reviews.
- The GitHub Enterprise Importer did not correctly migrate settings for projects within repositories.
- The Billing API’s “Get GitHub Advanced Security active committers for an organization” endpoint now returns
Link
headers to provide information about pagination. - The Billing API’s “Get GitHub Advanced Security active committers for an organization” endpoint now returns the correct number of total committers.
- In the sidebar for an organization’s settings, the Archive navigation item contained no children.