diff --git a/content/admin/configuration/configuring-your-enterprise/command-line-utilities.md b/content/admin/configuration/configuring-your-enterprise/command-line-utilities.md
index bbd29e52aabb..3335f4cc4d56 100644
--- a/content/admin/configuration/configuring-your-enterprise/command-line-utilities.md
+++ b/content/admin/configuration/configuring-your-enterprise/command-line-utilities.md
@@ -673,6 +673,12 @@ This utility manually repackages a repository network to optimize pack storage.
You can add the optional `--prune` argument to remove unreachable Git objects that aren't referenced from a branch, tag, or any other ref. This is particularly useful for immediately removing [previously expunged sensitive information](/enterprise/user/articles/remove-sensitive-data/).
+{% warning %}
+
+**Warning**: Before using the `--prune` argument to remove unreachable Git objects, put {% data variables.product.product_location %} into maintenance mode, or ensure the repository is offline. For more information, see "[Enabling and scheduling maintenance mode](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)."
+
+{% endwarning %}
+
```shell
ghe-repo-gc username/reponame
```
diff --git a/content/admin/enterprise-management/caching-repositories/configuring-a-repository-cache.md b/content/admin/enterprise-management/caching-repositories/configuring-a-repository-cache.md
index b071b281ac0b..00fe89ba84f4 100644
--- a/content/admin/enterprise-management/caching-repositories/configuring-a-repository-cache.md
+++ b/content/admin/enterprise-management/caching-repositories/configuring-a-repository-cache.md
@@ -33,12 +33,13 @@ Then, when told to fetch `https://github.example.com/myorg/myrepo`, Git will ins
## Configuring a repository cache
-1. During the beta, you must enable the feature flag for repository caching on your primary {% data variables.product.prodname_ghe_server %} appliance.
+{% ifversion ghes = 3.3 %}
+1. On your primary {% data variables.product.prodname_ghe_server %} appliance, enable the feature flag for repository caching.
```
$ ghe-config cluster.cache-enabled true
```
-
+{%- endif %}
1. Set up a new {% data variables.product.prodname_ghe_server %} appliance on your desired platform. This appliance will be your repository cache. For more information, see "[Setting up a {% data variables.product.prodname_ghe_server %} instance](/admin/guides/installation/setting-up-a-github-enterprise-server-instance)."
{% data reusables.enterprise_installation.replica-steps %}
1. Connect to the repository cache's IP address using SSH.
@@ -46,7 +47,13 @@ Then, when told to fetch `https://github.example.com/myorg/myrepo`, Git will ins
```shell
$ ssh -p 122 admin@REPLICA IP
```
-
+{%- ifversion ghes = 3.3 %}
+1. On your cache replica, enable the feature flag for repository caching.
+
+ ```
+ $ ghe-config cluster.cache-enabled true
+ ```
+{%- endif %}
{% data reusables.enterprise_installation.generate-replication-key-pair %}
{% data reusables.enterprise_installation.add-ssh-key-to-primary %}
1. To verify the connection to the primary and enable replica mode for the repository cache, run `ghe-repl-setup` again.
diff --git a/content/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md b/content/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md
index b0c87d6303e1..71706449ff14 100644
--- a/content/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md
+++ b/content/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md
@@ -27,12 +27,22 @@ You can access your resources in {% data variables.product.product_name %} in a
## Authenticating in your browser
-You can authenticate to {% data variables.product.product_name %} in your browser {% ifversion ghae %}using your IdP. For more information, see "[About authentication with SAML single sign-on](/github/authenticating-to-github/about-authentication-with-saml-single-sign-on)."{% else %}in different ways.
+{% ifversion ghae %}
+
+You can authenticate to {% data variables.product.product_name %} in your browser using your IdP. For more information, see "[About authentication with SAML single sign-on](/github/authenticating-to-github/about-authentication-with-saml-single-sign-on)."
+
+{% else %}
{% ifversion fpt or ghec %}
-- If you're a member of an {% data variables.product.prodname_emu_enterprise %}, you will authenticate to {% data variables.product.product_name %} in your browser using your IdP. For more information, see "[Authenticating as a managed user](/enterprise-cloud@latest/admin/authentication/managing-your-enterprise-users-with-your-identity-provider/about-enterprise-managed-users#authenticating-as-a-managed-user){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
- If you're not a member of an {% data variables.product.prodname_emu_enterprise %}, you will authenticate using your {% data variables.product.prodname_dotcom_the_website %} username and password. You may also be required to enable two-factor authentication.
+If you're a member of an {% data variables.product.prodname_emu_enterprise %}, you will authenticate to {% data variables.product.product_name %} in your browser using your IdP. For more information, see "[Authenticating as a managed user](/enterprise-cloud@latest/admin/authentication/managing-your-enterprise-users-with-your-identity-provider/about-enterprise-managed-users#authenticating-as-a-managed-user){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
+
+If you're not a member of an {% data variables.product.prodname_emu_enterprise %}, you will authenticate using your {% data variables.product.prodname_dotcom_the_website %} username and password. You may also use two-factor authentication and SAML single sign-on, which can be required by organization and enterprise owners.
+
+{% else %}
+
+You can authenticate to {% data variables.product.product_name %} in your browser in a number of ways.
+
{% endif %}
- **Username and password only**
@@ -42,9 +52,12 @@ You can authenticate to {% data variables.product.product_name %} in your browse
After providing your username and password, you will be asked to provide a verification code that we will send to you via email. If you have the GitHub Mobile application installed, you'll receive a notification there instead.{% endif %}
- **Two-factor authentication (2FA)** (recommended)
- If you enable 2FA, after you successfully enter your username and password, we'll also prompt you to provide a code that's generated by a time-based one time password (TOTP) application on your mobile device{% ifversion fpt or ghec %} or sent as a text message (SMS){% endif %}. For more information, see "[Accessing {% data variables.product.prodname_dotcom %} using two-factor authentication](/github/authenticating-to-github/accessing-github-using-two-factor-authentication#providing-a-2fa-code-when-signing-in-to-the-website)."
- - In addition to authentication with a TOTP application{% ifversion fpt or ghec %} or a text message{% endif %}, you can optionally add an alternative method of authentication with {% ifversion fpt or ghec %}{% data variables.product.prodname_mobile %} or{% endif %} a security key using WebAuthn. For more information, see {% ifversion fpt or ghec %}"[Configuring two-factor authentication with {% data variables.product.prodname_mobile %}](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-github-mobile)" and {% endif %}"[Configuring two-factor authentication using a security key](/github/authenticating-to-github/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key)."{% endif %}{% ifversion ghes %}
-- **Identity provider (IdP) authentication**
- - Your site administrator may configure {% data variables.product.product_location %} to use authentication with an IdP instead of a username and password. For more information, see "[External authentication methods](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#external-authentication)."
+ - In addition to authentication with a TOTP application{% ifversion fpt or ghec %} or a text message{% endif %}, you can optionally add an alternative method of authentication with {% ifversion fpt or ghec %}{% data variables.product.prodname_mobile %} or{% endif %} a security key using WebAuthn. For more information, see {% ifversion fpt or ghec %}"[Configuring two-factor authentication with {% data variables.product.prodname_mobile %}](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-github-mobile)" and {% endif %}"[Configuring two-factor authentication using a security key](/github/authenticating-to-github/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key)."{% ifversion ghes %}
+- **External authentication**
+ - Your site administrator may configure {% data variables.product.product_location %} to use external authentication instead of a username and password. For more information, see "[External authentication methods](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#external-authentication)."{% endif %}{% ifversion fpt or ghec %}
+- **SAML single sign-on**
+ - Before you can access resources owned by an organization or enterprise account that uses SAML single sign-on, you may need to also authenticate through an IdP. For more information, see "[About authentication with SAML single sign-on](/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}{% endif %}
+
{% endif %}
## Authenticating with {% data variables.product.prodname_desktop %}
diff --git a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md
index 385e8c165a3a..d706fb6c7b5c 100644
--- a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md
+++ b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md
@@ -24,9 +24,9 @@ You can remove the file from the latest commit with `git rm`. For information on
{% warning %}
-This article tells you how to make commits with sensitive data unreachable from any branches or tags in your repository on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.product.product_location %}{% endif %}. However, it's important to note that those commits may still be accessible in any clones or forks of your repository, directly via their SHA-1 hashes in cached views on {% data variables.product.product_name %}, and through any pull requests that reference them. You cannot remove sensitive data from other users' clones or forks of your repository, but you can permanently remove cached views and references to the sensitive data in pull requests on {% data variables.product.product_name %} by contacting {% data variables.contact.contact_support %}.
+**Warning**: This article tells you how to make commits with sensitive data unreachable from any branches or tags in your repository on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.product.product_location %}{% endif %}. However, those commits may still be accessible in any clones or forks of your repository, directly via their SHA-1 hashes in cached views on {% data variables.product.product_name %}, and through any pull requests that reference them. You cannot remove sensitive data from other users' clones or forks of your repository, but you can permanently remove cached views and references to the sensitive data in pull requests on {% data variables.product.product_name %} by contacting {% data variables.contact.contact_support %}.
-**Warning: Once you have pushed a commit to {% data variables.product.product_name %}, you should consider any sensitive data in the commit compromised.** If you committed a password, change it! If you committed a key, generate a new one. Removing the compromised data doesn't resolve its initial exposure, especially in existing clones or forks of your repository. Consider these limitations in your decision to rewrite your repository's history.
+**Once you have pushed a commit to {% data variables.product.product_name %}, you should consider any sensitive data in the commit compromised.** If you committed a password, change it! If you committed a key, generate a new one. Removing the compromised data doesn't resolve its initial exposure, especially in existing clones or forks of your repository. Consider these limitations in your decision to rewrite your repository's history.
{% endwarning %}
@@ -151,7 +151,7 @@ To illustrate how `git filter-repo` works, we'll show you how to remove your fil
After using either the BFG tool or `git filter-repo` to remove the sensitive data and pushing your changes to {% data variables.product.product_name %}, you must take a few more steps to fully remove the data from {% data variables.product.product_name %}.
-1. Contact {% data variables.contact.contact_support %}, asking them to remove cached views and references to the sensitive data in pull requests on {% data variables.product.product_name %}. Please provide the name of the repository and/or a link to the commit you need removed.
+1. Contact {% data variables.contact.contact_support %}, asking them to remove cached views and references to the sensitive data in pull requests on {% data variables.product.product_name %}. Please provide the name of the repository and/or a link to the commit you need removed.{% ifversion ghes %} For more information about how site administrators can remove unreachable Git objects, see "[Command line utilities](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-repo-gc)."{% endif %}
2. Tell your collaborators to [rebase](https://git-scm.com/book/en/Git-Branching-Rebasing), *not* merge, any branches they created off of your old (tainted) repository history. One merge commit could reintroduce some or all of the tainted history that you just went to the trouble of purging.
diff --git a/content/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization.md b/content/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization.md
index 3e53f6b979b7..9ac00d4bc7bc 100644
--- a/content/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization.md
+++ b/content/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization.md
@@ -5,8 +5,6 @@ permissions: Organization owners can export member information for their organiz
versions:
fpt: '*'
ghec: '*'
- ghes: '>=3.3'
- ghae: issue-5146
topics:
- Organizations
- Teams
diff --git a/data/reusables/repositories/copy-clone-url.md b/data/reusables/repositories/copy-clone-url.md
index 423aff685900..6890b61434cd 100644
--- a/data/reusables/repositories/copy-clone-url.md
+++ b/data/reusables/repositories/copy-clone-url.md
@@ -1,6 +1,8 @@
1. Above the list of files, click {% octicon "download" aria-label="The download icon" %} **Code**.
-1. To clone the repository using HTTPS, under "Clone with HTTPS", click {% octicon "clippy" aria-label="The clipboard icon" %}. To clone the repository using an SSH key, including a certificate issued by your organization's SSH certificate authority, click **Use SSH**, then click {% octicon "clippy" aria-label="The clipboard icon" %}. To clone a repository using {% data variables.product.prodname_cli %}, click **Use {% data variables.product.prodname_cli %}**, then click {% octicon "clippy" aria-label="The clipboard icon" %}.
- 
- {% ifversion fpt or ghes or ghae or ghec %}
- {% endif %}
+1. Copy the URL for the repository.
+
+ - To clone the repository using HTTPS, under "HTTPS", click {% octicon "clippy" aria-label="The clipboard icon" %}.
+ - To clone the repository using an SSH key, including a certificate issued by your organization's SSH certificate authority, click **SSH**, then click {% octicon "clippy" aria-label="The clipboard icon" %}.
+ - To clone a repository using {% data variables.product.prodname_cli %}, click **{% data variables.product.prodname_cli %}**, then click {% octicon "clippy" aria-label="The clipboard icon" %}.
+ 
diff --git a/data/reusables/ssh/key-type-support.md b/data/reusables/ssh/key-type-support.md
index 57b5241f889f..05e444cc2bb6 100644
--- a/data/reusables/ssh/key-type-support.md
+++ b/data/reusables/ssh/key-type-support.md
@@ -1,3 +1,4 @@
+{% ifversion fpt or ghec %}
{% note %}
**Note:** {% data variables.product.company_short %} improved security by dropping older, insecure key types on March 15, 2022.
@@ -7,3 +8,4 @@ As of that date, DSA keys (`ssh-dss`) are no longer supported. You cannot add ne
RSA keys (`ssh-rsa`) with a `valid_after` before November 2, 2021 may continue to use any signature algorithm. RSA keys generated after that date must use a SHA-2 signature algorithm. Some older clients may need to be upgraded in order to use SHA-2 signatures.
{% endnote %}
+{% endif %}
\ No newline at end of file
diff --git a/lib/redirects/static/redirect-exceptions.txt b/lib/redirects/static/redirect-exceptions.txt
index 2541000fcaf3..4228a87474f1 100644
--- a/lib/redirects/static/redirect-exceptions.txt
+++ b/lib/redirects/static/redirect-exceptions.txt
@@ -539,4 +539,9 @@
- /articles/enabling-githubcom-repository-search-in-github-enterprise-server
- /github/searching-for-information-on-github/enabling-githubcom-repository-search-in-github-enterprise-server
- /github/searching-for-information-on-github/getting-started-with-searching-on-github/enabling-githubcom-repository-search-in-github-enterprise-server
-- /enterprise-cloud@latest/search-github/getting-started-with-searching-on-github/enabling-githubcom-repository-search-from-your-private-enterprise-environment
\ No newline at end of file
+- /enterprise-cloud@latest/search-github/getting-started-with-searching-on-github/enabling-githubcom-repository-search-from-your-private-enterprise-environment
+
+/enterprise-cloud@latest/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization
+- /enterprise-server@3.3/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization
+- /enterprise-server@3.4/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization
+- /enterprise-server@3.5/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization
\ No newline at end of file
diff --git a/middleware/index.js b/middleware/index.js
index 62cd1517e474..d2961cf4f67a 100644
--- a/middleware/index.js
+++ b/middleware/index.js
@@ -122,7 +122,7 @@ export default function (app) {
// Only used in production because our tests can overload the server
if (
process.env.NODE_ENV === 'production' &&
- !JSON.parse(process.env.DISABLE_OVERLOAD_PROTECTION | 'false')
+ !JSON.parse(process.env.DISABLE_OVERLOAD_PROTECTION || 'false')
) {
app.use(protect)
}