On July 3rd, 2023 at 5PM EST, the GitHub Service Team will upgrade the GitHub Enterprise appliance to version 3.8.5. The service may be unavailable for up to an hour. If longer downtime is expected, additional information will be posted via the service portal.
During the maintenance period, no users will be able to access the service or hosted repositories in any way.
Security fixes
- MEDIUM: Scoped installation tokens for a GitHub App kept approved permissions after the permissions on the integration installation were downgraded or removed. GitHub has requested CVE ID CVE-2023-23765 for this vulnerability, which was reported via the GitHub Bug Bounty program.
- MEDIUM: Updated Git to include fixes from 2.40.1.
- If a user’s request to the instance’s API included authentication credentials within a URL parameter, administrators could see the credentials in JSON within the instance’s audit log.
- Packages have been updated to the latest security versions.
Questions regarding this upgrade may be sent via the NC State IT Service Portal via github@help.ncsu.edu or (919) 515-4357.
A full changelog is available via the GitHub Enterprise Release Notes – https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.5