We will be applying the 3.9.3 upgrade patch on Monday, August 21 at 5:00 PM EST.
Some changes have been omitted for brevity. See the complete upgrade notes at GitHub Enterprise: https://email@example.com/admin/release-notes#3.9.3
If you have any questions or concerns, please contact the GitHub Service Team at firstname.lastname@example.org.
- LOW: An attacker could circumvent branch protection by changing a PR base branch to an invalid ref name. This vulnerability was reported via the GitHub Bug Bounty program.
- API results were incomplete, and ordering of results was incorrect if
descappeared in lowercase within the API query.
- The checks in the merge box for a pull request did not always match the the checks for the most recent commit in the pull request.
- A collaborator with the “Set the social preview” permission inherited from the “Read” role could not upload the social preview image of a repository.
- The security settings page for a repository would return an error when enterprise-level runners were assigned to the repository.