GitHub Enterprise - The best way to build and ship software

The 2.18 series release notes contain important changes in this release series.

Security Fixes

MEDIUM: The repository import functionality was vulnerable to a Server Side Request Forgery (SSRF) issue when importing TFS repositories.
Packages have been updated to the latest security versions.

The storage objects were incorrectly deleted from non-voting replicas.
In some cases systemd would fail to start services after a reboot.
Submitting the form to request to change a team's parent team with an empty value caused an error.
The GitHub App installation page returned a timeout error for some users and Apps.
Unsubscribe email notification language was inconsistent with the language used in the web interface.

On a freshly set up GitHub Enterprise Server without any users, an attacker could create the first admin user.
Custom firewall rules are not maintained during an upgrade.
Subversion (SVN) checkout may timeout while the repository data cache is being built. In most cases, subsequent Subversion checkout attempts will succeed.
Git LFS tracked files uploaded through the web interface are incorrectly added directly to the repository.
Issues cannot be closed if they contain a permalink to a blob in the same repository where the file path is longer than 255 characters.
When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
Security alerts are not reported when pushing to a repository on the command line. (updated 2020-06-23)

Thanks!

The GitHub Team