We will be applying the 3.9.3 upgrade patch on Monday, August 21 at 5:00 PM EST.
Some changes have been omitted for brevity. See the complete upgrade notes at GitHub Enterprise: https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.3
If you have any questions or concerns, please contact the GitHub Service Team at github@help.ncsu.edu.
Security fixes
- LOW: An attacker could circumvent branch protection by changing a PR base branch to an invalid ref name. This vulnerability was reported via the GitHub Bug Bounty program.
Bug fixes
- API results were incomplete, and ordering of results was incorrect if
asc
ordesc
appeared in lowercase within the API query. - The checks in the merge box for a pull request did not always match the the checks for the most recent commit in the pull request.
- A collaborator with the “Set the social preview” permission inherited from the “Read” role could not upload the social preview image of a repository.
- The security settings page for a repository would return an error when enterprise-level runners were assigned to the repository.