The GitHub Blog: Enterprise

We are excited to announce the release of GitHub Enterprise 2.5. With this release, we’re introducing features and updates that will help development teams build software at scale with a focus on scalability, security, and management of GitHub Enterprise for development teams of any size.

It's important that your GitHub Enterprise instance can support the way you work without skipping a beat, even if your team is 10,000 strong and growing exponentially. In this release, we're introducing a better way to add new users to large installations, more ways to collaborate safely, and other tools and updates that will help support your team as it gets bigger.

You'll also find a round of updates from a clean and simple design refresh to added support for Subversion, and more. Ready to upgrade? Download GitHub Enterprise 2.5.

A better way to grow

As your team grows, so does your GitHub Enterprise installation. For our customers with teams of tens of thousands of developers, the 2.5 release introduces clustering—a framework that helps administrators add more users to large installations.

Clustering was specifically designed for very large installations but requires some additional administrative resources. Check out the documentation to see how it works or contact your GitHub account manager to discuss scaling options.

A new way to cache intensive operations

For teams working on bigger software projects, large CI farms or similar collections of clients that perfom git fetch for large amounts of data at almost the same time can cause a substantial CPU and RAM load on our fileservers. With GitHub Enterprise 2.5, we have improved our resilience to the degraded performance that can happen with "thundering herds."

More ways to protect your branches

GitHub Enterprise 2.4 included Protected Branches and Required Statuses to help teams collaborate safely: When you protect a branch, other developers can't delete or force-push to it. You can also specify status checks that collaborators need to pass before merging a pull request.

With GitHub Enterprise 2.5, we are kicking off a preview period for the Protected Branches API—allowing instance administrators to help maintain a project’s conventions at scale and make sure no one loses any work.

Protected branches and required status checks are configurable per repository. To start using the API, check out the documentation.

Design updates

When you upgrade to GitHub Enterprise 2.5, parts of GitHub will look different. The repository and sign-in screens have updated designs that will make it easier to sign in and use GitHub from your browser.

A new look for repositories

The new repository design improves navigation, simplifies the page layout, and improves code performance under the hood. You can learn more about what's changed from our recent blog post on the new design. In the meantime, here’s a summary:

The collapsing side menu is now a single, always present navigation, which improves accessibility and frees up more space for what matters to you—issues and pull requests.
The Code tab now more prominently emphasizes cloning and comes with a redesigned protocol switcher containing explicit menu items with explanatory text for each cloning method.

Simple sign-in and authentication screens

In addition to updating how repositories look, we have simplified the sign-in and authentication screens, so you can access your account more efficiently. The sign-up screen also includes a clearer sign-up link for new developers on your team who do not have a GitHub account, yet.

Enhanced Subversion support

For teams who use SVN commands to interact with their repositories, the latest version of GitHub Enterprise extends support for Subversion to versions 1.8 and 1.9. You can now use newer Subversion clients with GitHub, including features from 1.8 and 1.9.

Upgrade today

Check out the release notes to see what else is new or download GitHub Enterprise 2.5 now. You can also enable update checks to automatically update your instance whenever there is a new release.

GitHub Enterprise is the on-premises version of GitHub, which you can deploy and manage in your own, secure environment. The GitHub Enterprise 2.4 release offers users and administrators greater control over their instance—and their workflows. From protected branches to simplified asset management, our latest release includes features and updates that make GitHub more flexible.

Protected branches and required statuses

With protected branches, administrators now have the ability to disable force pushes to specific branches. Required status checks on protected branches make integrations that use our Status API enforceable, and you can disable the merge button until they pass.

Improved organization permissions

Improved permissions give your organization the flexibility to work the way you want. New customizable member privileges, fine-grained team permissions, managed access, and transparent communication with team mentions make it even easier for your team to work together. Learn more about GitHub’s improved organization permissions.

Easier asset management with Git Large File Storage

With the inclusion of Git LFS you can integrate large binary files into your Git workflow. Large files are stored on your server and the custom API allows you to transfer any number of files with ease. Learn more about Git LFS.

More flexibility with GitHub Pages

Your GitHub Pages sites can be public even if your Enterprise instance is private. With the new jekyll-feed plugin, you can automatically generate an Atom (RSS-like) feed of your most recent posts, making it easier for people to subscribe. Learn more about easier feeds for GitHub Pages.

Keep your instance current

Ensure your GitHub Enterprise instance is up-to-date with new features, security patches, and bug fixes by opting in to automatic downloads of new releases, which you can then apply from the management console.

Render map data within GitHub Enterprise

With GeoJSON support, any GeoJSON file in a GitHub repository will now be automatically rendered as an interactive, browsable map, annotated with your geographic data. You can even customize the way your data is displayed, such as coloring and sizing individual markers, or specifying a more descriptive icon.

Merge with confidence

The area above the merge button now contains information on automated status checks, making it easier to see if your proposed changes are ready to go or need more work.

Universal 2nd Factor authentication

Earlier this month we announced that we expanded GitHub's authentication system to support FIDO Universal 2nd Factor (U2F), and this security feature is now available with the GitHub Enterprise 2.4 release. Read more about how U2F keys work or take a look at the documentation to learn how to associate a U2F key with your instance.

For the full list of features and updates, check out the release notes. If you're currently using GitHub Enterprise, you can download this release now. If you want to give GitHub Enterprise a try, request a 45-day free trial.

We want to free up your administrator's time by providing a tool that requires little maintenance and great out-of-the-box security. By following a few simple steps, GitHub Enterprise can be ready for your developers to test the same day it you install it.

Sometimes in the excitement to get up and running, it is easy to pass over simple solutions for security. This post will guide you through some of the settings GitHub Enterprise provides to ensure your company's installation is secure without inhibiting collaboration. We will also discuss monitoring and auditing tools that give greater insight into the health and security of your installation.

Initial instance setup

Instance password

The password for the Enterprise Management Console, as shown in step #8 of this guide, is the main gateway to administer GitHub Enterprise. This shared password gives a user unfettered access to the GitHub Enterprise environment, so we recommend that you only share it with a select few individuals and save it in an encrypted vault such as 1Password or a similar password management tool. Using this password, you can establish SSH keys through the /setup page in GitHub Enterprise. After setting up a key, an administrator can SSH into the GitHub Enterprise instance and gain access to all the ghe- command line utilities available.

Private Mode

In the /setup page of GitHub Enterprise you will find a setting that enables Private Mode. With this setting enabled, GitHub Enterprise hides all content from users who are not authenticated, including public repositories.

Enabling Private Mode is required for GitHub Enterprise instances that are accessible to users outside of the firewall without a VPN. This helps to ensure a user does not inadvertently make a repository public externally that should remain private within a company.

If your GitHub Enterprise install is only available from a VPN outside of your firewall Private Mode does not need to be turned on. This lets unauthenticated people within the firewall view public repositories and public GitHub Pages.

Subdomain isolation

We strongly recommend that everyone turn on subdomain isolation for their GitHub Enterprise instance. Subdomain isolation securely separates user-supplied content from other portions of your GitHub Enterprise appliance, which mitigates cross-site scripting and other related vulnerabilities. You can make these changes by creating a wildcard DNS entry or by whitelisting each subdomain individually. A full list of these subdomains is available in the link above.

Improved monitoring

If you navigate to the /setup/monitor page in GitHub Enterprise you will notice GitHub Enterprise now ships (as of Enterprise version 2.3) with more graphs to monitor activity on the instance. This permits an administrator to spot suspicious activity and maintain stability in the environment.

Another feature that helps you keep GitHub Enterprise secure is the audit log, which is available at the /stafftools/audit_log endpoint. It records actions that are occurring and makes them visible to a site administrator. These audit logs reveal what action occurred (for instance, a user login), who performed the action, and the IP address of the request. This gives you great visibility into what is happening on an instance level.

Authentication

Certain authentication methods provide additional levels of security and control. Two we'll highlight here are restricted user groups and universal two-factor authentication.

Restricted user groups

Both LDAP Sync and SAML with Okta allow GitHub Enterprise administrators to segment users and fine-tune control of GitHub Enterprise. In addition to securing your instance, these tools let you control the number of licensed seats in use at any given time.

LDAP Sync permits an administrator to set up a Restricted Group (in Active Directory, for example) that limits access to GitHub Enterprise to only users found in that group.

SAML with Okta lets an administrator control access to GitHub Enterprise by setting it up as an "application" and assigning users to that application to give them access.

With fine tuned controls over who can access the instance, and great reporting from those tools about group membership, an administrator can feel confident in both controlling and monitoring access.

Universal second factor authentication

In partnership with Yubico, GitHub also supports Universal Second Factor Authentication (U2F). If you are not using GitHub's built in authentication in your instance, however, your identity management provider must provide U2F.

We strongly encourage companies and individuals to reach out to their identity providers and request support for U2F if it is not yet supported.

Organizational security options

GitHub's revamped organizations and teams are another way to secure your GitHub Enterprise installation. Administrators of GitHub Enterprise will now have the ability to set access levels for a team on a per repository basis. This granularity will reduce the number of teams that administrators must set up and maintain.

Any questions, don't hesitate to reach out

If you are administering GitHub Enterprise for your team, putting these best practices into play is a great step toward ensuring that your instance stays healthy, secure, and as easy to maintain as it was to install. For a deeper dive into securing your GitHub Enterprise installation, check out this recording from GitHub Universe.

If you have any questions about securing your GitHub Enterprise installation you can reach out to enterprise@github.com to get clarifications or help.

The GitHub Services team is happy to help get you up and running with GitHub Enterprise. We can help you get GitHub Enterprise deployed quickly while following the best practices for security, availability and redundancy. If you would like to learn more about how we can help, don't hesitate to reach out to services@github.com.

GitHub Enterprise 2.3 offers users and administrators greater control over their instance—and their workflows. From expanded monitoring to a hi-fidelity migration tool, our latest release includes features, APIs, and ongoing security updates that make GitHub more flexible and secure.

New Administrator APIs

New enterprise-only APIs give administrators more flexibility when setting up and provisioning new accounts, as well as when listing details about their users and organizations. You can check out the full list of APIs included in GitHub Enterprise 2.3 the release notes.

Simpler migrations

Whether you’re consolidating GitHub Enterprise instances or moving your organization from GitHub.com, the ability to easily migrate data is important. To simplify this process, you can now use ghe-migrator—a hi-fidelity tool for migrating repositories and all of their supporting data from one GitHub instance to another.

Advanced monitoring

With more ways to monitor your instance, your team can react to small issues before they get bigger. Administators can now see the current state of queues for background jobs and emails, along with more extensive request metrics and additional dashboard information for MySQL, Redis, and ElasticSearch.

Filter pull requests by status

You can sort pull requests by the status of commits with the status: filter—giving you greater control over an important part of the development process. This works especially well if you're using The Status API or an integration service that does.

And more

Outbound HTTP proxies for third party tools and services
Previewing for comments
Better RSA key validations that prevent weak SSH keys
Read-only deploy keys
Referrer sanitization

For the full list of features and updates, check out the release notes. If you're currently using GitHub Enterprise, you can download this release now. If you want to give GitHub Enterprise a try, request a 45-day free trial.

It's a new year and we couldn't think of a better way to start it off than with a new release of GitHub Enterprise. We've included a number of highly-requested features, along with some of the best stuff recently shipped on GitHub.com - all to give developers and admins the best tools to build and ship software at work.

Let's talk about some of the features you'll find in this release.

Automate user and team management with LDAP Sync

Many of you have told us that you want it to be easier to use GitHub Enterprise with LDAP, especially for organizations managing lots of users. With this release, GitHub Enterprise integrates with your LDAP directory more deeply than ever before, automating identity and access management for your organization. This means you can provision and deprovision user accounts in GitHub Enterprise directly from LDAP with user sync, and automatically grant users access to repositories with team sync. While we were at it, we also improved LDAP performance across the board, increasing reliability and throughput.

Deploy GitHub Enterprise on OpenStack KVM

One of our goals with last year's rebuild of GitHub Enterprise was to make it available in more of the environments where you want to run it, whether you're managing your infrastructure on servers you own or on an internal cloud-based platform. That's why we're excited to announce that with this release, GitHub Enterprise is available on OpenStack KVM, in addition to Amazon Web Services and VMware. If your tech stack is built on KVM, you can now easily set up GitHub Enterprise and integrate with other parts of your internal system.

Audit all user actions across your instance

The Organization Audit Log that shipped with the November release of GitHub Enterprise has now been expanded to the instance level, giving administrators a skimmable and searchable record of every action performed across GitHub Enterprise in the past 90 days. Events like repository creation, team deletion, the addition of webhooks, and more are surfaced in a running log, along with information about who performed the action and when it occurred. These events can be filtered for deeper analysis, and you can create a wide range of custom search queries to make sure you're always aware of what's taking place on your instance.

Monitor the performance of GitHub Enterprise

If you're administering GitHub Enterprise, you should be able to identify whether your instance is performing correctly and quickly locate what's wrong when it isn't. With the new Instance Monitoring Dashboard, you now can. With data displayed for things like data disk usage, memory, CPUs, and more, you'll be able to answer questions like:

Are my users experiencing errors?
Are things fast or slow for my users?
What is a typical traffic pattern? What is abnormal?
Should I upgrade CPU, memory, or IO to improve the performance of my instance?
When should I plan to increase my disk space given my current growth rate?

Even more betterness

GitHub Enterprise 2.1.0 also includes:

To see the full list of features and bug fixes, check out the release notes for GitHub Enterprise 2.1.0.

Take 2.1.0 for a spin

If you're an existing GitHub Enterprise customer, you can download the latest release from the GitHub Enterprise website. If you want to give GitHub Enterprise a try, start a 45-day free trial on OpenStack KVM, AWS, or VMware.

Today we're releasing the fastest and most flexible version of GitHub Enterprise ever, including high availability and disaster recovery options, dramatically improved LDAP and SAML integration, major improvements to features like code review and project management, and support for deploying on Amazon Web Services.

We're proud to share this release with you not just because it's our finest work yet, but because it represents a major milestone in our mission to change the way the world builds software together.

Over seven million people and hundreds of thousands of organizations are working together on over 17 million repositories on github.com, but that only begins to scratch the surface. With this release of GitHub Enterprise we're making social coding available to anyone who wants to host code in their AWS-powered cloud, while also shipping a better product experience for the thousands of administrators and developers already using GitHub Enterprise daily.

When GitHub launched in 2008, it was all about sharing. You could quickly sign up for an account and share your open source with the world, or, purchase private repositories and control precisely who has access to your source code. But our goal wasn't workflow or collaboration - it was making it easy to share your git repositories with others.

As GitHub grew we saw the power in working together. This led us to create Organizations in 2010: group accounts which allow open source projects, non-profits, schools, governments, companies, and teams of all kinds to create a presence on GitHub and more easily build software together. Our focus expanded from simply publishing git repositories to helping people build software together.

People quickly created thousands of Organization accounts, but the feedback from larger organizations was resounding: they loved features like Pull Requests, yet many wanted data isolation for their code and support for enterprise-level features such as integration with their authentication system. This led us to create GitHub Enterprise, a VM-based on-premises version of GitHub we released in November 2011.

In the three years since that release, we've seen GitHub Enterprise change the way entire companies build software together. We've witnessed cultures evolve, companies thrive, and developers rave about how GitHub has changed their workflow. But we've also spent countless hours talking to our customers about how we can improve, and we've taken that feedback seriously.

Today's release is the culmination of months of hard work to make GitHub Enterprise more accessible to more people and even better for our current customers. Whether you're hacking on open source on github.com or coding the next version of your company's Android app using GitHub Enterprise, our goal is to help you build better software.

We hope you love this release as much as we do.

Today, we’re releasing an all-new GitHub Enterprise designed to make it even easier for developers and businesses around the world to use GitHub at work.

Now available on Amazon Web Services (AWS)

Since GitHub Enterprise launched in 2011, AWS's popularity has grown. Many companies want to host code in their AWS-powered cloud and with good reason. Using AWS reduces hardware costs, provides immediate access to a highly scalable infrastructure, and addresses a wide variety of compliance standards, from healthcare's HIPAA standards to government's FedRAMP. And now you can run GitHub Enterprise on AWS too! We like to think it feels a little bit like this:

Infrastructure improvements, high availability, & backups

We've rewritten the infrastructure behind GitHub Enterprise, improving stability and redundancy regardless of how you choose to deploy it. Some highlights:

GitHub Enterprise now utilizes Ubuntu 12.04 LTS, taking advantage of long-term updates and security fixes for the base components provided by Ubuntu.
Online backup utilities give you a number of advanced capabilities for backing up and restoring your data. With these utilities your appliance doesn't need to be put in maintenance mode for the duration of the backup run, meaning there's no downtime for your development team.
Achieving redundancy with GitHub Enterprise is much easier. With replication mode enabled, you can configure a second, identical instance (failover with warm standby) to jump into action should anything happen to your primary instance.

SAML support & security audit log

With our improved organization audit log, admins can now see a running list of events as they're generated across each organization and search for specific activities performed by users. This data provides your company with better security insights and gives you the ability to audit account, team, and repository access over time as needed.

We've also added support for SAML, including OneLogin, PingIdentity, Okta, and Shibboleth. Single sign-on with these identity providers allows you to manage your organization's users from one place or manage app access for groups of users at a time, rather than individually.

...and more!

This release also includes a number of features to help your company build and ship high-quality software, including:

To see a full list of features, check out the release notes for GitHub Enterprise 2.0.0.

Give GitHub Enterprise a whirl

If you're an existing GitHub Enterprise customer, you can download the latest release from the Enterprise website. If you want to give GitHub Enterprise a try, you can start a 45-day free trial on AWS or VMware.

Come visit us at AWS re:Invent

We’ll be demoing the all-new GitHub Enterprise this week at AWS re:Invent in Las Vegas. Stop by booth #1229 to say hi, check out this release in action, and grab some stickers and other great stuff. If you're attending re:Invent and would like a more in depth look at how this release of GitHub Enterprise might help your company, sign up for a meeting with our GitHub Enterprise sales team.

GitHub Enterprise releases are all about offering large companies more of GitHub to deploy in their own environments, and today's release is no exception. We've added a number of features that improve speed, flexibility, security, administration, and more.

Faster Git operations

Smarter caching on the server side now optimizes the initial counting objects phase of all Git network operations. This drastically reduces the CPU time required by Git network operations, allowing more simultaneous clones and fetches without increasing the load on the Virtual Machine. You'll also find Git clone, fetch, and pull to be an order of magnitude faster, especially for large repositories.

Activity data across all your projects

See what's happening across all projects on GitHub Enterprise in one place, from users and organizations to issues, pull requests, and code review comments. The Activity Dashboard compiles all this data and presents it in easy-to-read graphs, along with past data from the same time period.

LDAP configuration improvements

You can now better configure GitHub Enterprise to your company's LDAP setup. Nested user groups are supported, users can change their username and still be mapped to the same distinguished name, and you can specify the name of attributes to map to imported fields.

Advanced settings for blocking force pushes

More options for blocking force pushes enable you to configure settings as you need. You can now block force pushing for a specific user, on the default branch of an organization's repositories, and for all branches on a single repository.

... and so much more!

Better organization and team management
Mobile line notes and mobile pull request merging
Two factor authentication status for user reports
Webhooks configuration and customization improvements
Updated Services UI
Releases API
Enhanced OAuth security for SSH keys
Recent activity audits for authentication credentials
Active browser sessions auditing
Forward secrecy and authenticated encryption ciphers
Soft-wrapping and rendered views for prose diffs
Embedded YAML metadata rendering in prose documents
Expanded task list support and nesting in prose documents
Expanding context in diffs
Redesigned conversations
Wikis UI improvements
Metadata, sitemaps, build feedback, and pagebuild events in Pages
3D file rendering and diffing

If you're currently using GitHub Enterprise, you can download this release from the Enterprise website. If you want to give GitHub Enterprise a try, request a 45-day free trial.

Update: After this morning's announcement, we noticed an issue with the original 11.10.340 release and have issued a patch release with a fix. All links in the blog post above now redirect to the correct release notes and download page. We're sorry for any confusion this may have caused. If you have any issues with the newest release, please contact us at enterprise@github.com.

Open source software development practices are growing all over Japan, and one company at the forefront of these efforts is GREE. Their mobile social gaming platform connects 230 million users worldwide, and they've been building it using GitHub Enterprise since 2012. We recently had the pleasure of talking with GREE for our latest episode of OctoTales.

オープンソース・ソフトウェアの手法を用いた開発ワークフローは日本中に浸透して行っていますがこの開発スタイルを取り入れている企業の中にGREE社があります。GREEのソーシャルゲームプラットフォームは世界中で2億3千万人以上のユーザーが利用していまして、2012年からGitHub Enterprise を活用しています。OctoTalesの最新エピソードではGREEのメンバーとお話をしました。

Are you using GitHub in Japan and looking for some resources? We've translated our Git Cheat Sheet into Japanese, and our GitHub & Git Foundations videos now have Japanese subtitles.

GitHubの日本語のリソースも増えています。Git Cheat Sheet を日本語に訳しましたし、 GitHub と Gitの基礎のビデオシリーズにも日本語の字幕を追加しました。

Fresh from the streets of Tokyo, Japan, we're excited to share our latest video in the OctoTales series. This episode features DeNA, creators of the mobile gaming platform, Mobage.

DeNA has been using GitHub Enterprise since 2012 to build and ship software across offices in seven countries. DeNA's team of developers relies on real-world user research and a culture of collaboration to build a platform that brings 40 million users together through mobile games.

If you would like to be a part of the OctoTales series, tell us your story at tales@github.com.

OctoTalesシリーズではGitHubを活用している会社を紹介しています。今回はモバイルゲームプラットフォームのモバゲーを開発しているDeNAを東京から特集するOctoTaleです。

DeNAは2012年から7カ国にあるオフィス間のコラボレーションのためにGitHub Enterpriseを利用しています。DeNAで活躍している開発者の皆さまはユーザーリサーチとコラボレーションの文化を基礎にしてモバイルゲームを通じて4千万人のユーザーが繋がるプラットフォームを構築しています。

OctoTalesに参加したい企業は tales@github.com までご連絡をください。

To help kick off the new year, we're happy to announce that GitHub for Mac now supports CAS authentication with GitHub Enterprise as of version 11.10.328 or later!

The sign-in process is almost exactly the same. Open GitHub for Mac's Preferences, switch to the “Accounts” tab, and then enter the URL for your GitHub Enterprise server:

If your server uses single sign-on, the username and password fields will be automatically grayed out, and clicking “Sign In” will open your web browser to finish the process.

Upon success, you'll be redirected back to GitHub for Mac, now signed in:

If you run into any problems signing in, or have any comments or suggestions, please contact support.

Enjoy!

We've been working hard over the last few months, and are happy to announce the latest release of GitHub Enterprise. It includes some exciting new Enterprise-specific features, as well as a set of features integrated from GitHub.com.

Repository Next

GitHub Enterprise now includes a new UI for interacting with your repositories that's been available on GitHub.com for a while. It's designed to focus on your content and tries to get out of the way and let you get your day-to-day work done.

Improved LDAP Integration

GitHub Enterprise now supports LDAP group authentication. This means that you can specify your Domain Base and then restrict who can login using groups rather than OUs. You can add as many groups as you like. In fact, you can even set an admin group where members are automatically given Site Admin permissions on the installation.

You can also view all LDAP users who should have access and create them if they haven't already tried logging in:

Two-factor Authentication

Last week we added two-factor authentication to GitHub.com. With today's release, this feature is now available in GitHub Enterprise, including full support for TOTP in applications like Google Authenticator (available for iOS and Android phones).

CSV Rendering

CSV rendering is now available so you can view these files in an easy to read format. Try searching them too!

Identicons

If your installation has been languishing without avatars for a while now, good news! Identicons are shipping with this release of Enterprise, so prepare yourself for a much more colorful experience.

Mobile Views

Need to view a Pull Request linked to from a notification while away from your desk? Not a problem! GitHub Enterprise now supports mobile views.

Collectd Monitoring

We've added collectd to the appliance so you can send graph data to an external server and better monitor server health and performance. This data is also included in Support Bundles so we can better help diagnose server-side problems.

File Size Limits

GitHub.com has had file size limits for a while now. This release includes soft limits for files over 50MB. Unlike GitHub.com, no pushes will be rejected right now.

remote: warning: Large files detected.
remote: warning: File big_file is 55.00 MB; this is larger than GitHub Enterprise's recommended maximum file size of 50 MB

New Gist

The new version of Gist has been available on GitHub.com for a while now. Starting with this release we're including the updated Gist in Enterprise!

Along with a variety of general improvements and adjustments, this new release also includes the following features from GitHub.com:

Existing customers can download this update from the Enterprise website. If you want to give GitHub Enterprise a try, you can request a free trial from https://enterprise.github.com.

We hope you enjoy these features as much as we do. Don't forget that there is more information available about GitHub Enterprise at https://enterprise.github.com. You can also see the full release notes here.

We're excited to announce the latest release of GitHub Enterprise. Along with a variety of general improvements and adjustments, this new release brings the following features from GitHub.com:

In addition, we're also including several new Enterprise specific features:

64-bit Appliance Image

We've been working for some time on 64-bit support and some customers have had early access to these images for quite a while now. We're happy to announce that all new OVA image downloads starting with this release will be 64-bit. GHPs for 32-bit systems will still be available for the foreseeable future to give people running on older appliances the opportunity to migrate at their leisure. You can get more information about how to migrate from a 32-bit appliance to a 64-bit appliance here.

New Management Console Interface

The Management Console interface has remained largely unchanged since we launched GitHub Enterprise nearly a year and a half ago. It worked fairly well, but definitely looked dated and had some problems rendering in Firefox and Internet Explorer. This design refresh was geared largely toward making it work more consistently across browsers, so users who had difficulties using it in browsers other than Chrome should have a better experience now!

GitHub OAuth Authentication

We've added a new authentication method. You can now hook your Enterprise installation up to GitHub.com via OAuth for authentication. You do this by setting up a new OAuth application that belongs to your organization on GitHub.com and then use its client id and secret. After hooking that up, users who are members of your GitHub.com organization will be able to login automatically via the standard OAuth approval process. All their public user information on GitHub.com will be pulled in along with their email addresses and SSH public keys.

Improved Upgrade Process

Perhaps the most common upgrade problem that's encountered involved a timeout being reached during the initial GHP unpacking step. This started happening as the GHP grew in size. To solve this issue, we've moved the GHP unpacking stage into a background job, so the request will no longer timeout, which should improve the upgrade experience dramatically going forward. However, due to how the upgrade process works, you won't see the benefit for this until your next upgrade after 11.10.310. We've also made some improvements that will help prevent cases where successful upgrades were detected as failures.

Better Reporting

In previous releases, it wasn't really possible to get full reports about all repositories, users, or organizations in an installation via the Admin Tools dashboard. Now you can get CSV reports with all of this information easily via the new Reports section.

Suspending Dormant Users in Bulk

The idea of a dormant user check was updated to work more closely to what a GitHub Enterprise admin would expect by removing some checks that made a lot of sense for GitHub.com, but not so much in a dedicated installation. It's not uncommon to want to see what users are dormant so you know who you want to suspend to free up seats, so in addition to being able to get a report about who's dormant, you can browse dormant users and perform a bulk suspension of all dormant users if you want now.

Improved Search Tooling

We've added a new Indexing section to the Admin Tools dashboard that allows for additional management of search functionality. You can now disable code searching or code search indexing, initiate code search backfill or issue search index repair jobs. You can also see the status of the ElasticSearch cluster on your appliance.

We hope you enjoy these features as much as we do. Don't forget that there is more information available about GitHub Enterprise at https://enterprise.github.com/. The latest release can always be downloaded from here.

Earlier today a routine system email was incorrectly sent to many of our GitHub Enterprise customers. In these errant emails, customer email addresses were included in the To: field, making them visible to anyone who received the message.

We are very sorry about this. We have determined what caused this incident and contacted all affected customers directly.

Background

The incident occured in the Rails application we use to manage trials and customer contact information for GitHub Enterprise, not the product itself. No GitHub Enterprise installations were affected, and no license keys or any other data were exposed. GitHub.com was not affected.

As part of a routine daily process, the system notifies the members of any organization whose license is about to expire about the upcoming need for renewal. The app builds an email message including the addresses of all of the active accounts tied to the given organization, putting them in the To: field to enhance deliverability. This morning, the email included a great many more addresses than expected.

Technical details

Yesterday the Rails core team released four security patches (CVE-2013-1854, CVE-2013-1855, CVE-2013-1856, CVE-2013-1857). We immediately reviewed the patches and updated our Rails applications to stay current. Unfortunately one of these security patches included a change that caused certain SQL queries to behave unexpectedly.

Here's an example of this change in behavior:

class Organization < ActiveRecord::Base
  has_many :teams

  attr_accessible :name, :has_octocats

  scope :has_octocats_scope, lambda { where(:has_octocats => true) }

  def self.has_octocats_class_method
    where(:has_octocats => true)
  end
end

class Team < ActiveRecord::Base
  belongs_to :organization
  attr_accessible :name

  def self.using_octocats_scope
    where(:organization_id => Organization.has_octocats_scope.select(:id))
  end

  def self.using_octocats_class_method
    where(:organization_id => Organization.has_octocats_class_method.select(:id))
  end
end

> github = Organization.create(:name => "GitHub", :has_octocats => true)
> acme   = Organization.create(:name => "Acme",   :has_octocats => false)
> github.teams.create(:name => "Supportocats")
> acme.teams.create(:name => "Roadrunners")
> github.id
#=> 1
> acme.id
#=> 2

So, an Organization owns a number of Team records. We've defined a couple of methods to help us scope queries for teams to only those organizations that have octocats. Ideally, both of these methods will scope to the same thing: only Team records with an organization_id of 1, the GitHub Organization. And prior to this latest Rails release, they did.

But the latest release of Rails introduced a subtle change to this behavior. Let's try to make some queries based on the Organization's teams:

> teams = github.teams
  Team Load (0.4ms)  SELECT `teams`.* FROM `teams` WHERE `teams`.`organization_id` = 1
> teams.length       # => 1
> teams.first.name   # => "Supportocats"

Great. Here we've asked for the GitHub organization's teams, and we've gotten the correct one, "Supportocats", back. All is good so far. Now let's use one of our scopes, just to be extra specific:

> teams = github.teams.using_octocats_class_method
  Team Load (0.4ms)  SELECT `teams`.* FROM `teams` WHERE `teams`.`organization_id` = 1 AND `teams`.`organization_id` IN (1)
> teams.length       # => 1
> teams.first.name   # => "Supportocats"

The results are the same, but the query is different. By going through an extra scope, we've added an additional SQL predicate, one that says the returned Team records must belong to an Organization that has octocats. Since the GitHub team has them, the result is the same.

Let's try our scope that is restricted to octocat-having teams on the Acme org:

> teams = acme.teams.using_octocats_class_method
  Team Load (0.4ms)  SELECT `teams`.* FROM `teams` WHERE `teams`.`organization_id` = 2 AND `teams`.`organization_id` IN (1)
> teams.length   # => 0

Here we see a different result, as expected, and a similar query, again asking for all of the Acme organization's teams that also belong to an Organization that has octocats. The Acme Organization has none, so no teams are returned.

But now we come to an unexpected difference. In the last couple of examples, we were using an Arel scope on Organization that was defined as a normal class method. But if we change to using the scope defined with ActiveRecord's scope method, we get unexpected and potentially dangerous results:

> teams = acme.teams.using_octocats_scope
  Team Load (0.4ms)  SELECT `teams`.* FROM `teams` WHERE `teams`.`organization_id` IN (1)
> teams.length       # => 1
> teams.first.name   # => "Supportocats"

Now the Acme organization is returning the GitHub organization's teams! This is obviously bad behavior. What's happening? In this case, when using the scope method to define an Arel scope on Organization, the where clause of the scope is overriding the condition imposed by the Organization#teams association. The part of the WHERE clause meant to restrict the query to Team records related to the Acme organization was dropped.

We've narrowed down this change in behavior to this commit. We have fixed this issue on our affected applications and are working with the Rails core team to determine if this change was intentional as well as what action other users should take.

What we're doing about it

We're reviewing every piece of GitHub code that touches email so we can keep this from happening in the future. We're focusing on more stringent automated tests, sanity checks on email recipients, and even more careful review when we upgrade an external dependency like Rails.

We're excited to announce the latest release of GitHub Enterprise. We're shipping this version with Issue Attachments, Contributions, and much more. Along with a variety of general improvements and adjustments, this new release brings the following features from GitHub.com:

In addition, we're also including several new Enterprise specific features:

Repository Archives

This has been a frequently requested feature since we launched GitHub Enterprise, and we're happy to announce that it's now available! Each repository will have a link to download a zip archive of the master branch, along with the ability to download tarball or zip archives of the repository for any tags that have been set. This functionality is backed by the same Nodeload service that serves these files for GitHub.com. You can get more background information about Nodeload here and here.

Support for Multiple Admin SSH Keys

You can now add more than one SSH authorized key for the admin user on the installation. It will automatically detect any existing keys that are installed as well.

Management Console API

A new API for managing GitHub Enterprise settings and maintenances has been added. This new API allows you to update configuration settings, add admin SSH authorized keys, upgrade, and enable or disable maintenance mode. You can find full documentation for the API here. This API has actually existed since the 11.10.280 release, so anyone on 11.10.280 or higher should be able to take advantage of the API. This will be especially useful when you need to upgrade an Enterprise appliance on a remote network, so you don't have to upload new GHPs over slow connections.

Updated Admin Tools Dashboard

The Admin Tools dashboard has had a major overhaul! It now has a look and feel that better matches the rest of the site.

Faster Configuration Runs

Prior to 11.10.300, making any settings changes would cause a full configuration run. The config run would take around 10 minutes to complete, even for minor changes. Now only the initial configuration run and upgrades take the full amount of time. If you're only making a settings change, runs can take 30 seconds or less now!

Deleted Repository Restoration

When a repository is deleted, it's now banished to purgatory. Repositories in purgatory wait in limbo for a month before being fully deleted. While in purgatory, any admin can restore the repository with the push of a single button -- including all issues, pull requests, and any associated comments. Purgatory is accessible from the Admin Tools view of any user on a GitHub Enterprise installation.

Search Indexing API

With the addition of improvements to the search that shipped in this release, a new API is now available to queue up repositories and users for indexing. You can use this API to integrate into whatever other tools you use at your company. Documentation for this API is available here.

We hope you enjoy these features as much as we do. Don't forget that there is more information available about GitHub Enterprise at https://enterprise.github.com/. You can also see the full release notes here.