Merge pull request #18898 from github/repo-sync

repo sync

Author: Octomerger

data/release-notes/enterprise-server/3-2/15.yml

@@ -0,0 +1,19 @@
+date: '2022-06-28'
+sections:
+  security_fixes:
+    - "**MEDIUM**: Ensures that `github.company.com` and `github-company.com` are not evaluated by internal services as identical hostnames, preventing a potential server-side security forgery (SSRF) attack."
+    - "**LOW**: An attacker could access the Management Console with a path traversal attack via HTTP even if external firewall rules blocked HTTP access."
+    - Packages have been updated to the latest security versions.
+  bugs:
+    - In some cases, site administrators were not automatically added as enterprise owners. 
+    - After merging a branch into the default branch, the "History" link for a file would still link to the previous branch instead of the target branch.
+  changes:
+    - Creating or updating check runs or check suites could return `500 Internal Server Error` if the value for certain fields, like the name, was too long.
+  known_issues:
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.

data/release-notes/enterprise-server/3-3/10.yml

@@ -0,0 +1,21 @@
+date: '2022-06-28'
+sections:
+  security_fixes:
+    - "**MEDIUM**: Ensures that `github.company.com` and `github-company.com` are not evaluated by internal services as identical hostnames, preventing a potential server-side security forgery (SSRF) attack."
+    - "**LOW**: An attacker could access the Management Console with a path traversal attack via HTTP even if external firewall rules blocked HTTP access."
+    - Packages have been updated to the latest security versions.
+  bugs:
+    - In some cases, site administrators were not automatically added as enterprise owners.
+    - After merging a branch into the default branch, the "History" link for a file would still link to the previous branch instead of the target branch. 
+  changes:
+    - Creating or updating check runs or check suites could return `500 Internal Server Error` if the value for certain fields, like the name, was too long. 
+  known_issues:
+    - After upgrading to {% data variables.product.prodname_ghe_server %} 3.3, {% data variables.product.prodname_actions %} may fail to start automatically. To resolve this issue, connect to the appliance via SSH and run the `ghe-actions-start` command.
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+    - '{% data variables.product.prodname_actions %} storage settings cannot be validated and saved in the {% data variables.enterprise.management_console %} when "Force Path Style" is selected, and must instead be configured with the `ghe-actions-precheck` command line utility.'

data/release-notes/enterprise-server/3-4/3.yml

@@ -18,6 +18,7 @@ sections:
     - When using GitHub Enterprise Importer to import a repository, some issues would fail to import due to incorrectly configured project timeline events.
     - When using `ghe-migrator`, a migration would fail to import video file attachments in issues and pull requests.
     - 'The Releases page would return a 500 error when the repository has tags that contain non-ASCII characters. [Updated: 2022-06-10]'
+    - 'Upgrades would sometimes fail while migrating dependency graph data. [Updated: 2022-06-30]'
   changes:
     - In high availability configurations, clarify that the replication overview page in the Management Console only displays the current replication configuration, not the current replication status.
     - The Nomad allocation timeout for Dependency Graph has been increased to ensure post-upgrade migrations can complete.

data/release-notes/enterprise-server/3-4/5.yml

@@ -0,0 +1,34 @@
+date: '2022-06-28'
+sections:
+  security_fixes:
+    - "**MEDIUM**: Prevents an attack where an `org` query string parameter can be specified for a GitHub Enterprise Server URL that then gives access to another organization's active committers."
+    - "**MEDIUM**: Ensures that `github.company.com` and `github-company.com` are not evaluated by internal services as identical hostnames, preventing a potential server-side security forgery (SSRF) attack."
+    - "**LOW**: An attacker could access the Management Console with a path traversal attack via HTTP even if external firewall rules blocked HTTP access."
+    - Packages have been updated to the latest security versions.
+  bugs:
+    - Files inside an artifact archive were unable to be opened after decompression due to restrictive permissions.
+    - Redis timeouts no longer halt database migrations while running `ghe-config-apply`.
+    - Background job processors would get stuck in a partially shut-down state, resulting in certain kinds of background jobs (like code scanning) appearing stuck.
+    - In some cases, site administrators were not automatically added as enterprise owners.
+    - A rendering issue could affect the dropdown list for filtering secret scanning alerts in a repository.
+  changes:
+    - Improved the performance of Dependabot version updates after first enabled.
+    - The GitHub Pages build and synchronization timeouts are now configurable in the Management Console.
+    - Creating or updating check runs or check suites could return `500 Internal Server Error` if the value for certain fields, like the name, was too long.
+    - When [deploying cache-server nodes](/admin/enterprise-management/caching-repositories/configuring-a-repository-cache#configuring-a-repository-cache), it is now mandatory to describe the datacenter topology (using the `--datacenter` argument) for every node in the system. This requirement prevents situations where leaving datacenter membership set to "default" leads to workloads being inappropriately balanced across multiple datacenters.
+  known_issues:
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+    - |
+      After registering a self-hosted runner with the `--ephemeral` parameter on more than one level (for example, both enterprise and organization), the runner may get stuck in an idle state and require re-registration. [Updated: 2022-06-17]
+    - |
+      When using SAML encrypted assertions with {% data variables.product.prodname_ghe_server %} 3.4.0 and 3.4.1, a new XML attribute `WantAssertionsEncrypted` in the `SPSSODescriptor` contains an invalid attribute for SAML metadata. IdPs that consume this SAML metadata endpoint may encounter errors when validating the SAML metadata XML schema. A fix will be available in the next patch release. [Updated: 2022-04-11]
+      
+      To work around this problem, you can take one of the two following actions.
+      - Reconfigure the IdP by uploading a static copy of the SAML metadata without the `WantAssertionsEncrypted` attribute.
+      - Copy the SAML metadata, remove `WantAssertionsEncrypted` attribute, host it on a web server, and reconfigure the IdP to point to that URL.

data/release-notes/enterprise-server/3-5/2.yml

@@ -0,0 +1,35 @@
+date: '2022-06-28'
+sections:
+  security_fixes:
+    - "**MEDIUM**: Prevents an attack where an `org` query string parameter can be specified for a GitHub Enterprise Server URL that then gives access to another organization's active committers."
+    - "**MEDIUM**: Ensures that `github.company.com` and `github-company.com` are not evaluated by internal services as identical hostnames, preventing a potential server-side security forgery (SSRF) attack."
+    - "**LOW**: An attacker could access the Management Console with a path traversal attack via HTTP even if external firewall rules blocked HTTP access."
+    - Packages have been updated to the latest security versions.
+  bugs:
+    - Files inside an artifact archive were unable to be opened after decompression due to restrictive permissions.
+    - In some cases, packages pushed to the Container registry were not visible in GitHub Enterprise Server's web UI.
+    - Management Console would appear stuck on the _Starting_ screen after upgrading an under-provisioned instance to GitHub Enterprise Server 3.5.
+    - Redis timeouts no longer halt database migrations while running `ghe-config-apply`.
+    - Background job processors would get stuck in a partially shut-down state, resulting in certain kinds of background jobs (like code scanning) appearing stuck.
+    - In some cases, site administrators were not automatically added as enterprise owners.
+    - Actions workflows calling other reusable workflows failed to run on a schedule.
+    - Resolving Actions using GitHub Connect failed briefly after changing repository visibility from public to internal.
+  changes:
+    - Improved the performance of Dependabot Updates when first enabled.
+    - Increase maximum concurrent connections for Actions runners to support [the GHES performance target](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server#review-hardware-requirements).
+    - The GitHub Pages build and synchronization timeouts are now configurable in the Management Console.
+    - Added environment variable to configure Redis timeouts.
+    - Creating or updating check runs or check suites could return `500 Internal Server Error` if the value for certain fields, like the name, was too long.
+    - Improves performance in pull requests' "Files changed" tab when the diff includes many changes.
+    - The Actions repository cache usage policy no longer accepts a maximum value less than 1 for [`max_repo_cache_size_limit_in_gb`](/rest/actions/cache#set-github-actions-cache-usage-policy-for-an-enterprise).
+    - When [deploying cache-server nodes](/admin/enterprise-management/caching-repositories/configuring-a-repository-cache#configuring-a-repository-cache), it is now mandatory to describe the datacenter topology (using the `--datacenter` argument) for every node in the system. This requirement prevents situations where leaving datacenter membership set to "default" leads to workloads being inappropriately balanced across multiple datacenters.
+  known_issues:
+      - On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
+      - Custom firewall rules are removed during the upgrade process.
+      - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+      - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+      - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+      - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+      - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
+      - Actions services need to be restarted after restoring an appliance from a backup taken on a different host.
+      - 'Deleted repositories will not be purged from disk automatically after the 90-day retention period ends. This issue is resolved in the 3.5.1 release. [Updated: 2022-06-10]'

lib/search/indexes/github-docs-3.1-cn-records.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:72d8732ec4d189481fa9bff17e6d60f6b4748b0bf0b7a421b5e1b4d8237babe1
-size 744007
+oid sha256:52e9fe1f3a448ea58b7607dfc24497d98dee7d5585c45ae52c5adf274e2e0c33
+size 744013

lib/search/indexes/github-docs-3.1-cn.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:8f76a1d0c276c3a31aa9cde10da2fa3788f1548f5752f71ac53de676ca2d1d64
-size 1568116
+oid sha256:548a1e892b0c15f72277a4a506a46bc0a31431e52bf1d0d437003c844e4c19f5
+size 1568096

lib/search/indexes/github-docs-3.1-en-records.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:bd9f234fa676b1b41078463c7134303d9c8bc461376b88c2e16405ab8a868d47
-size 1002962
+oid sha256:d8b5d49750df4d34cbee8a2ebfb161b28d1ee13fd16de320d627b5519975f641
+size 1002022

lib/search/indexes/github-docs-3.1-en.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:2eb0bf8e359cce29010b210b324e56295c37b5f4c80093abc5202f7e2c9dfba5
-size 4022096
+oid sha256:cafd652ecbeb1232c3166ba7efc4f978c3a5bafa3abc05af3418f533c13e8bb1
+size 4022880

lib/search/indexes/github-docs-3.1-es-records.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:6f2c73ec648c7abd66bf86167b246378bad405f56b0230654dd7600430a3fa88
-size 684468
+oid sha256:b887a9ad0be00d98d6d089f39e19c0416c709cecd3cb05e9c7a580e9d0414853
+size 684450

lib/search/indexes/github-docs-3.1-es.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:b6aa955ff1dd97d368d3f503fa0a5343aaa57ad8e8cff617cb732f7480828d25
-size 2980045
+oid sha256:8e4fd3aa05690043cfc8a7f248f07ceeec926697379824d502954cb9776cb029
+size 2979921

lib/search/indexes/github-docs-3.1-ja-records.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:f011bdf68aace2adf21da6d1b37c6cfd82bcd5013f93ad34304f045ab2d0886d
-size 753208
+oid sha256:5b0236975ba3efa6806383e2bfd62a4acaafb52f5b122bae65c537a40b0a5b76
+size 752936

lib/search/indexes/github-docs-3.1-ja.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:aee2cf4e70428d3aa1ec6bffd880cfb210d69a66408f804f4fc55042456b31eb
-size 4139905
+oid sha256:0c378bd70c599cd0675d0b9598fa6fdf0820c5f8a3236f2c6e30e04e0c8e6b90
+size 4140669

lib/search/indexes/github-docs-3.1-pt-records.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:6e710d6fdd9bf85db92bfa5569857e5675948e43fe1aa1989fbec14499f58b03
-size 675815
+oid sha256:ca04f061a2de3fc3897f33435916e2cf3e214b95fb200363419c4416f4c78fad
+size 675794

lib/search/indexes/github-docs-3.1-pt.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:58efd3f00a9446cfff9ee0d9cf2c683be55661aa973a73ed86919fc44599b1fb
-size 2881601
+oid sha256:b89904c409ee501ade28e9b7e277b5fc302f592efc5dcacd1fa74e6a1fd868fe
+size 2881713

lib/search/indexes/github-docs-3.2-cn-records.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:ef208351937f2a12930f809f69ad77991539c11cda347b292d35d25cb697b23e
-size 765454
+oid sha256:b7a8337e96c599decd8789fe89302af133441e9c166fe01fa8abebcc347ba55f
+size 765516

lib/search/indexes/github-docs-3.2-cn.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:95fe113ce09b8ce91a160424d3dcd23ca0e6cdb8fcab107bde440896605048e7
-size 1607725
+oid sha256:40b2646ad69f0e2be710d6c515c85e03c1855039e0774d224c6949f2f26706fc
+size 1608046

lib/search/indexes/github-docs-3.2-en-records.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:a519c95305d7ef224e366e97c27c13d1582d5a1b0b4cf54ee938a91b577a291a
-size 1033622
+oid sha256:7d53991cf80e5d0a7446ddcdf5a7afe223105a83ec0d3c826517b24a380aea69
+size 1038785

lib/search/indexes/github-docs-3.2-en.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:925b1853ed748f72d2f71a8f90dff62b6fc553d0a9ca85526aaafedff01188f2
-size 4176330
+oid sha256:10e22ebc065687fa29b274c2f36af27a02c73b74b6e8cec3f0767b27cc622dd5
+size 4176300

lib/search/indexes/github-docs-3.2-es-records.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:835bd362536b6857e807bd2bf63253ec96aacbd1fc0d85c89a0f7f48f63cce08
-size 704484
+oid sha256:90c3fea30480f93e3e5f28e70e727ada9f1c33141d3c1237de75f3376277562b
+size 704337

lib/search/indexes/github-docs-3.2-es.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:47ad1813dcf86fc165fbf0870f503c33993c6186df167336365ea6f672fa9138
-size 3067815
+oid sha256:802a19e59d867389c59f12dbd44981856b4e0e99d5bb7bc5adb1e8d69c3b83df
+size 3067572

lib/search/indexes/github-docs-3.2-ja-records.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:f8ab2ac81518ac6e2e4f17786cdbe5e8d2b3ddbf5a0d137e588ca468bb71eb64
-size 774200
+oid sha256:e1ac306c5dc520c6ad8f5328baac9aa514b451df90bc7ae8e35ece226ae09548
+size 774192

lib/search/indexes/github-docs-3.2-ja.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:a85f105509891acacce2b6c01c1aae95e676e2e932ab8fe9b42ba78ea720a085
-size 4257118
+oid sha256:a25b9a0c3de4ab453e93c73a5c32762fafd24bbd4e46717ffd9dbb8cd764570a
+size 4257405

lib/search/indexes/github-docs-3.2-pt-records.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:3597db0571c03c68aac646b166443fe8d19d1046186e414bb40ceca94e2de442
-size 695330
+oid sha256:6686fbaef13e5964bbd54ce9351a667dd3d76a49128c7fc2372004160904aecf
+size 695354

lib/search/indexes/github-docs-3.2-pt.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:f6cf152ae0f0da1f4557f9a0542fb98228526106c5f87a78817d800d88e310f8
-size 2961591
+oid sha256:7dc387c490798857576821ebebeae44c5ea9a3c9bcdfc5528d7ae26962bfda5c
+size 2961610

lib/search/indexes/github-docs-3.3-cn-records.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:9126282bf66304a8baf3befd9c17fc9e2e4b7acd22a0b5fd9cd25ff98c1ac74e
-size 789356
+oid sha256:9f89788c0b08014b4c347d07e6dea8691e5b1374402f350674139960d7cf2642
+size 789397

lib/search/indexes/github-docs-3.3-cn.json.br

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:f308c5a35db370abfa6b78886c9176ee6fa79a9a0f03d004b7f4f1d5ab667199
-size 1648850
+oid sha256:e6667d270161fe03900c2a791f0a63efa3d9f68c599b1673e9cc4910072ca0d7
+size 1649165