| date: '2025-05-27' | |
| intro: | | |
| {% warning %} | |
| **Warning**: We received a few reports of performance issues with GitHub Enterprise Server versions 3.15, 3.16, and 3.17 and have shipped performance fixes to the affected versions. You can now upgrade to 3.15.12, 3.16.8, 3.17.5, or later. We do not recommend upgrading to earlier releases of 3.15, 3.16, or 3.17. [Updated: 2025-08-25] | |
| {% endwarning %} | |
| sections: | |
| security_fixes: | |
| - | | |
| **MEDIUM:** An attacker could inject HTML in the instances web UI because the web commit dialog did not properly sanitize repository rule violation messages. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). | |
| - | | |
| Packages have been updated to the latest security versions. | |
| bugs: | |
| - | | |
| Ephemeral runner registrations for GitHub Actions were not fully cleaned up after deletion. | |
| - | | |
| The alive process intermittently experienced segmentation faults (SIGSEGV) due to a `panic: runtime error: invalid memory address or nil pointer dereference` in the alive daemon during restore operations. These crashes caused services, such as mps, to appear unhealthy, leading to restore operation failures after 20 attempts. | |
| - | | |
| A pre-receive hook could fail due to blocked system calls. | |
| - | | |
| After updating the TLS certificate from the Management Console, users encountered 502 errors when creating releases and uploading artifacts. Running `ghe-config-apply` did not resolve the issue, as the alambic service required a manual restart. | |
| - | | |
| The sidebar menu did not display on the "Retired namespaces" page on the site admin dashboard. | |
| - | | |
| When migrating from an instance with S3 on AWS Gov Cloud, an incorrect URL was generated. | |
| - | | |
| Deleted discussions could potentially prevent a repository from being exported using the export API or `ghe-migrator`. | |
| - | | |
| During an import, missing assignee models caused incomplete imports of issues, pull requests, and their dependent models. | |
| - | | |
| When the GitHub Enterprise Server application attempted to create an Elasticsearch index that already existed but lacked a routing configuration, the operation failed. This resulted in a state where the index appeared to exist, but the application could not write documents to it. | |
| - | | |
| The security configuration page returned a 404 error when a user deleted a reviewer without first removing them as a bypass reviewer in the secret protection push protection settings. | |
| - | | |
| On instances where vulnerability alerts were not configured, server usage metrics did not upload as expected. | |
| - | | |
| For instances with secret scanning disabled through `ghe-config`, navigating to the "Risk" page on the "Security" tab for the organization or enterprise level, resulted in a 500 error. | |
| - | | |
| Instances using Azure for migration API storage without a proxy configured could not export migration archives because the system incorrectly attempted to route requests through a proxy. | |
| - | | |
| When administrators downloaded large Advanced Security committer CSV files, the operation would fail due to insufficient timeout settings. The timeout duration has been increased to ensure successful downloads. | |
| - | | |
| The "Grouped security updates" button was not being displayed in the Dependabot settings at the organization and repository levels. | |
| - | | |
| Actions workflows were not able to access up to 1,000 organization variables when the total size of all variables was under 10 MB. | |
| - | | |
| Fetches from repository caches returned a "Repository not found" error when the cache is out of sync. | |
| - | | |
| Secret scanning alerts would sometimes incorrectly identify the location of a secret in a file after a custom pattern was edited. | |
| changes: | |
| - | | |
| Support tools now redact proxy credentials from their outputs in the admin terminal during connectivity checks. | |
| - | | |
| Live updates to the GitHub site were sometimes blocked by per-IP address rate limits, especially in environments where users access the GitHub Enterprise Server instance through a proxy. | |
| - | | |
| Merging a pull request using the "Rebase and merge" option is now limited to 100 commits. If you have a pull request with more than 100 commits, you can create a merge commit, or squash and merge, or split the commits into multiple pull requests. | |
| closing_down: | |
| - | | |
| Microsoft Exchange Online is retiring SMTP basic authentication during March-April 2026. If your GitHub Enterprise Server instance uses this method to send email, delivery may fail after the retirement date. Microsoft recommends switching to a supported alternative. As another option, you may consider using an SMTP OAuth proxy such as [email-oauth2-proxy](https://github.com/simonrob/email-oauth2-proxy), though this is not officially supported. For details and configuration guidance, see the [Microsoft announcement](https://techcommunity.microsoft.com/blog/exchange/exchange-online-to-retire-basic-auth-for-client-submission-smtp-auth/4114750) and the proxy’s [documentation](https://github.com/simonrob/email-oauth2-proxy/blob/main/emailproxy.config). [Updated: 2025-09-03] | |
| known_issues: | |
| - | | |
| Customers operating at high scale or near capacity may experience unexpected performance degradation, such as slow response times, background job queue spikes, elevated CPU usage, and increased MySQL load. Consider upgrading to 3.16 with caution. [Updated: 2025-07-28] | |
| - | | |
| Custom firewall rules are removed during the upgrade process. | |
| - | | |
| During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. | |
| - | | |
| If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). | |
| - | | |
| On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. | |
| - | | |
| {% data reusables.release-notes.large-adoc-files-issue %} | |
| - | | |
| Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. | |
| - | | |
| When following the instructions for [Replacing the primary database node](/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-database-node-mysql-or-mysql-and-mssql), `ghe-cluster-config-apply` might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. | |
| - | | |
| Running `ghe-cluster-config-apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. | |
| - | | |
| {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} | |
| - | | |
| When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. The reindexing can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. | |
| - | | |
| An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. | |
| - | | |
| When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. | |
| - | | |
| When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. | |
| - | | |
| When initializing a new GHES cluster, nodes with the `consul-server` role should be added to the cluster before adding more nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. | |
| - | | |
| Administrators setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. | |
| - | | |
| In a cluster, the host running restore requires access the storage nodes via their private IPs. | |
| - | | |
| On an instance hosted on Azure, commenting on an issue via email meant the comment was not added to the issue. | |
| - | | |
| After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. | |
| - | | |
| After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows. | |
| - | | |
| Upgrading to this version from GHES 3.14.19 and higher or 3.15.14 and higher will cause the upgrade to fail due to this version containing an older version of MySQL. To avoid this issue please upgrade to GHES 3.16.10 or higher. | |
| [Updated: 2025-11-24] | |
| errata: | |
| - | | |
| The [Known issues](/admin/release-notes#3.16.3-known-issues) section previously indicated that `repository cache replicas return "Repository not found" when changes have been pushed to the primary instance that have not yet synchronized to the cache replica` is still an issue. The issue is resolved and is documented in the [Bug fixes](/admin/release-notes#3.16.3-bugs) section. [Updated: 2025-06-19] | |