diff --git a/content/copilot/how-tos/use-copilot-for-common-tasks/use-copilot-to-create-issues.md b/content/copilot/how-tos/use-copilot-for-common-tasks/use-copilot-to-create-issues.md
index 897ae1fbe4dd..d62e0260b617 100644
--- a/content/copilot/how-tos/use-copilot-for-common-tasks/use-copilot-to-create-issues.md
+++ b/content/copilot/how-tos/use-copilot-for-common-tasks/use-copilot-to-create-issues.md
@@ -2,6 +2,7 @@
title: Using GitHub Copilot to create issues
shortTitle: Use Copilot to create issues
intro: 'Use {% data variables.product.prodname_copilot_short %} to quickly generate structured, high-quality issues from natural language or images, without filling out every field manually.'
+permissions: 'Anyone with a {% data variables.product.prodname_copilot_short %} license can use {% data variables.product.prodname_copilot_short %} to create issues.
Try {% data variables.product.prodname_copilot_short %} for free {% octicon "link-external" height:16 %}'
versions:
feature: copilot
topics:
diff --git a/content/copilot/reference/allowlist-reference.md b/content/copilot/reference/allowlist-reference.md
index 6d71371afef7..84745453dff4 100644
--- a/content/copilot/reference/allowlist-reference.md
+++ b/content/copilot/reference/allowlist-reference.md
@@ -18,20 +18,20 @@ If your company employs security measures like a firewall or proxy server, you s
## {% data variables.product.github %} public URLs
-| Domain and/or URL | Purpose |
-| :------------------------------------- | :--------------------------------- |
-| `https://github.com/login/*` | Authentication |
-| `https://github.com/enterprises/YOUR-ENTERPRISE/*` | Authentication for {% data variables.enterprise.prodname_managed_users %}, only required with {% data variables.product.prodname_emus %} |
-| `https://api.github.com/user` | User Management |
-| `https://api.github.com/copilot_internal/*` | User Management |
+| Domain and/or URL | Purpose |
+|:------------------------------------------------------------| :--------------------------------- |
+| `https://github.com/login/*` | Authentication |
+| `https://github.com/enterprises/YOUR-ENTERPRISE/*` | Authentication for {% data variables.enterprise.prodname_managed_users %}, only required with {% data variables.product.prodname_emus %} |
+| `https://api.github.com/user` | User Management |
+| `https://api.github.com/copilot_internal/*` | User Management |
| `https://copilot-telemetry.githubusercontent.com/telemetry` | Telemetry |
-| `https://default.exp-tas.com` | Telemetry |
-| `https://copilot-proxy.githubusercontent.com` | API service for {% data variables.product.prodname_copilot_short %} suggestions |
-| `https://origin-tracker.githubusercontent.com` | API service for {% data variables.product.prodname_copilot_short %} suggestions |
-| `https://*.githubcopilot.com`[^1] | API service for {% data variables.product.prodname_copilot_short %} suggestions |
-| `https://*.individual.githubcopilot.com`[^2] | API service for {% data variables.product.prodname_copilot_short %} suggestions |
-| `https://*.business.githubcopilot.com`[^3] | API service for {% data variables.product.prodname_copilot_short %} suggestions |
-| `https://*.enterprise.githubcopilot.com`[^4] | API service for {% data variables.product.prodname_copilot_short %} suggestions |
+| `https://default.exp-tas.com` | Telemetry |
+| `https://copilot-proxy.githubusercontent.com` | API service for {% data variables.product.prodname_copilot_short %} suggestions |
+| `https://origin-tracker.githubusercontent.com` | API service for {% data variables.product.prodname_copilot_short %} suggestions |
+| `https://*.githubcopilot.com/*`[^1] | API service for {% data variables.product.prodname_copilot_short %} suggestions |
+| `https://*.individual.githubcopilot.com`[^2] | API service for {% data variables.product.prodname_copilot_short %} suggestions |
+| `https://*.business.githubcopilot.com`[^3] | API service for {% data variables.product.prodname_copilot_short %} suggestions |
+| `https://*.enterprise.githubcopilot.com`[^4] | API service for {% data variables.product.prodname_copilot_short %} suggestions |
Depending on the security policies and editors your organization uses, you may need to allowlist additional domains and URLs. For more information on specific editors, see [Further reading](#further-reading).
diff --git a/content/copilot/tutorials/plan-a-project.md b/content/copilot/tutorials/plan-a-project.md
index 9d5786254456..2366589e5a84 100644
--- a/content/copilot/tutorials/plan-a-project.md
+++ b/content/copilot/tutorials/plan-a-project.md
@@ -2,7 +2,7 @@
title: Planning a project with GitHub Copilot
shortTitle: Plan a project
intro: 'Plan your next project by using {% data variables.product.prodname_copilot %} to turn your ideas into issues.'
-permissions: 'Anyone with a {% data variables.product.prodname_copilot_short %} license can use {% data variables.product.prodname_copilot_short %} to create issues.'
+permissions: 'Anyone with a {% data variables.product.prodname_copilot_short %} license can use {% data variables.product.prodname_copilot_short %} to create issues.
Try {% data variables.product.prodname_copilot_short %} for free {% octicon "link-external" height:16 %}'
topics:
- Copilot
- Issues
diff --git a/data/release-notes/enterprise-server/3-14/18.yml b/data/release-notes/enterprise-server/3-14/18.yml
new file mode 100644
index 000000000000..391e08e362c1
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-14/18.yml
@@ -0,0 +1,54 @@
+date: '2025-09-09'
+sections:
+ security_fixes:
+ - |
+ Packages have been updated to the latest security versions.
+ bugs:
+ - |
+ When generating a support bundle, site administrators could encounter errors if character escaping caused the bundle script to omit the URL parameter for `curl`.
+ - |
+ In some environments, `syslog-ng` could write excessive logs to a regular file named `tty10`, continuously filling disk space.
+ - |
+ Secret scanning backfills for pull requests and discussions did not run as expected during backfills of new secret types. Site administrators and security teams may have noticed incomplete secret scanning coverage or unworked queues after upgrading.
+ - |
+ Administrators saw daily `SignalException` errors in `github-stream-processors` when log rotation happened. Log rotation using "copytruncate" no longer sends SIGUSR1, preventing these errors and improving log management stability. No administrator action is required.
+ - |
+ Maintenance periods scheduled more than a week in advance were triggered on the first occurrence of the scheduled day-of-week rather than the intended specific date.
+ changes:
+ - |
+ For administrators managing logs, log folders are more consistently accessible from the administrative account without the need to use `sudo`.
+ - |
+ Azure VMs that use the NVMe disk controller are now supported, as well as Azure VMs that do not include temporary resource disks.
+ known_issues:
+ - |
+ During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+ - |
+ If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+ - |
+ On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
+ - |
+ {% data reusables.release-notes.large-adoc-files-issue %}
+ - |
+ Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised.
+ - |
+ When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed.
+ - |
+ Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps.
+ - |
+ {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %}
+ - |
+ When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`.
+ - |
+ An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning.
+ - |
+ In the header bar displayed to site administrators, some icons are not available.
+ - |
+ When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded.
+ - |
+ When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed.
+ - |
+ After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance.
+ - |
+ After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows.
+ - |
+ Unexpected elements may appear in the UI on the repo overview page for locked repositories.
diff --git a/data/release-notes/enterprise-server/3-15/13.yml b/data/release-notes/enterprise-server/3-15/13.yml
new file mode 100644
index 000000000000..be9acb5a1a9b
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-15/13.yml
@@ -0,0 +1,62 @@
+date: '2025-09-09'
+sections:
+ security_fixes:
+ - |
+ Packages have been updated to the latest security versions.
+ bugs:
+ - |
+ When generating a support bundle, site administrators could encounter errors if character escaping caused the bundle script to omit the URL parameter for `curl`.
+ - |
+ In some environments, `syslog-ng` could write excessive logs to a regular file named `tty10`, continuously filling disk space.
+ - |
+ Administrators saw daily `SignalException` errors in `github-stream-processors` when log rotation happened. Log rotation using "copytruncate" no longer sends SIGUSR1, preventing these errors and improving log management stability. No administrator action is required.
+ - |
+ Maintenance periods scheduled more than a week in advance were triggered on the first occurrence of the scheduled day-of-week rather than the intended specific date.
+ - |
+ Administrators debugging Elasticsearch index repairs previously did not see a "starting" log entry before a repair began, making it harder to track repair initiation in logs.
+ changes:
+ - |
+ For administrators managing logs, log folders are more consistently accessible from the administrative account without the need to use `sudo`.
+ - |
+ Administrators can no longer run the `ghe-upgrade` command on a replica node if a configuration apply is running or has failed on the primary node. This change helps prevent upgrade conflicts and ensures more reliable high availability maintenance workflows.
+ - |
+ Azure VMs that use the NVMe disk controller are now supported, as well as Azure VMs that do not include temporary resource disks.
+ - |
+ Administrators monitoring Elasticsearch index repair jobs benefit from improved log clarity. Log messages provide more detailed and actionable information, making it easier to troubleshoot and track the progress of index repair operations.
+ known_issues:
+ - |
+ Custom firewall rules are removed during the upgrade process.
+ - |
+ During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+ - |
+ If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+ - |
+ On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
+ - |
+ {% data reusables.release-notes.large-adoc-files-issue %}
+ - |
+ Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised.
+ - |
+ When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed.
+ - |
+ Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps.
+ - |
+ {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %}
+ - |
+ When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`.
+ - |
+ An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning.
+ - |
+ In the header bar displayed to site administrators, some icons are not available.
+ - |
+ When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded.
+ - |
+ When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed.
+ - |
+ When initializing a new GHES cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration.
+ - |
+ Admins setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories.
+ - |
+ After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance.
+ - |
+ Unexpected elements may appear in the UI on the repo overview page for locked repositories.
diff --git a/data/release-notes/enterprise-server/3-16/9.yml b/data/release-notes/enterprise-server/3-16/9.yml
new file mode 100644
index 000000000000..2ac69f148389
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-16/9.yml
@@ -0,0 +1,72 @@
+date: '2025-09-09'
+sections:
+ security_fixes:
+ - |
+ Packages have been updated to the latest security versions.
+ bugs:
+ - |
+ The Git service (babeld) could panic in some cases, causing it to become unresponsive.
+ - |
+ When generating a support bundle, site administrators could encounter errors if character escaping caused the bundle script to omit the URL parameter for `curl`.
+ - |
+ In some environments, `syslog-ng` could write excessive logs to a regular file named `tty10`, continuously filling disk space.
+ - |
+ When configuring primary and secondary NTP servers, only a hostname was expected. This prevented server options (see the [`chronyd` man page for options](https://chrony-project.org/doc/3.4/chrony.conf.html)) from being used which would cause `ghe-config-check` and `ghe-config-apply` to throw validation errors.
+ - |
+ When adding a new git data node in cluster environments, pre-receive hooks were not synchronized, causing missing hooks on the new node. Pre-receive hooks are now synced automatically when running `ghe-config-apply`.
+ - |
+ Administrators saw daily `SignalException` errors in `github-stream-processors` when log rotation happened. Log rotation using "copytruncate" no longer sends SIGUSR1, preventing these errors and improving log management stability. No administrator action is required.
+ - |
+ Maintenance periods scheduled more than a week in advance were triggered on the first occurrence of the scheduled day-of-week rather than the intended specific date.
+ - |
+ Users were unable to use the "/" key to focus the search bar on pages where a file tree is displayed.
+ - |
+ When users pushed to forked repositories from the command line, the users received incorrect links for creating push protection bypass requests. The links referenced the parent repository instead of the forked repository.
+ changes:
+ - |
+ For administrators managing logs, log folders are more consistently accessible from the administrative account without the need to use `sudo`.
+ - |
+ Administrators can no longer run the `ghe-upgrade` command on a replica node if a configuration apply is running or has failed on the primary node. This change helps prevent upgrade conflicts and ensures more reliable high availability maintenance workflows.
+ - |
+ Azure VMs that use the NVMe disk controller are now supported, as well as Azure VMs that do not include temporary resource disks.
+ known_issues:
+ - |
+ Custom firewall rules are removed during the upgrade process.
+ - |
+ During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+ - |
+ If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+ - |
+ On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
+ - |
+ {% data reusables.release-notes.large-adoc-files-issue %}
+ - |
+ Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised.
+ - |
+ When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed.
+ - |
+ Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps.
+ - |
+ {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %}
+ - |
+ When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`.
+ - |
+ An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning.
+ - |
+ When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded.
+ - |
+ When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed.
+ - |
+ When initializing a new GHES cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration.
+ - |
+ Admins setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories.
+ - |
+ In a cluster, the host running restore requires access the storage nodes via their private IPs.
+ - |
+ On an instance hosted on Azure, commenting on an issue via email meant the comment was not added to the issue.
+ - |
+ After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance.
+ - |
+ After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows.
+ - |
+ Unexpected elements may appear in the UI on the repo overview page for locked repositories.
diff --git a/data/release-notes/enterprise-server/3-17/6.yml b/data/release-notes/enterprise-server/3-17/6.yml
new file mode 100644
index 000000000000..5de448b6855e
--- /dev/null
+++ b/data/release-notes/enterprise-server/3-17/6.yml
@@ -0,0 +1,78 @@
+date: '2025-09-09'
+sections:
+ security_fixes:
+ - |
+ Packages have been updated to the latest security versions.
+ bugs:
+ - |
+ When configuring primary and secondary NTP servers, only a hostname was expected. This prevented server options (see the [`chronyd` man page for options](https://chrony-project.org/doc/3.4/chrony.conf.html)) from being used which would cause `ghe-config-check` and `ghe-config-apply` to throw validation errors.
+ - |
+ When adding a new git data node in cluster environments, pre-receive hooks were not synchronized, causing missing hooks on the new node. Pre-receive hooks are now synced automatically when running `ghe-config-apply`.
+ - |
+ Administrators saw daily `SignalException` errors in `github-stream-processors` when log rotation happened. Log rotation using "copytruncate" no longer sends SIGUSR1, preventing these errors and improving log management stability. No administrator action is required.
+ - |
+ Maintenance periods scheduled more than a week in advance were triggered on the first occurrence of the scheduled day-of-week rather than the intended specific date.
+ - |
+ Users were unable to use the "/" key to focus the search bar on pages where a file tree is displayed.
+ - |
+ After upgrading to 3.17.0, administrators encountered errors when using the `ghe-user-unsuspend` command-line utility to unsuspend users.
+ - |
+ When users pushed to forked repositories from the command line, the users received incorrect links for creating push protection bypass requests. The links referenced the parent repository instead of the forked repository.
+ - |
+ Users received an email for secret scanning alert dismissal requests if they had organization-level permission to review and manage dismissal requests, even if they lacked the necessary permission for the repository the request was for.
+ changes:
+ - |
+ Administrators can now invoke `ghe-storage-init-backup`, the backup initialization script introduced in [3.17](/enterprise-server@3.17/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/configuring-the-backup-service), from any location as it is installed in the system PATH instead of the `/usr/local/share/enterprise` directory.
+ - |
+ For administrators managing logs, log folders are more consistently accessible from the administrative account without the need to use `sudo`.
+ - |
+ Administrators can no longer run the `ghe-upgrade` command on a replica node if a configuration apply is running or has failed on the primary node. This change helps prevent upgrade conflicts and ensures more reliable high availability maintenance workflows.
+ - |
+ Azure VMs that use the NVMe disk controller are now supported, as well as Azure VMs that do not include temporary resource disks.
+ - |
+ Administrators and integrators who use release webhooks can track when assets are uploaded to or deleted from a release. The release webhook with the edited action triggers for asset changes, making it easier to audit asset updates.
+ - |
+ Webhook payloads for releases, pull request review threads, and pull request reviews include an `updated_at` field with the ISO8601 timestamp of the most recent modification. This makes it easier for integrators and other webhook consumers to track changes.
+ known_issues:
+ - |
+ Custom firewall rules are removed during the upgrade process.
+ - |
+ During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+ - |
+ If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+ - |
+ On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1.
+ - |
+ {% data reusables.release-notes.large-adoc-files-issue %}
+ - |
+ Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised.
+ - |
+ When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed.
+ - |
+ Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps.
+ - |
+ {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %}
+ - |
+ When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`.
+ - |
+ An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning.
+ - |
+ When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded.
+ - |
+ When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed.
+ - |
+ When initializing a new GHES cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration.
+ - |
+ Admins setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories.
+ - |
+ In a cluster, the host running restore requires access the storage nodes via their private IPs.
+ - |
+ On an instance hosted on Azure, commenting on an issue via email meant the comment was not added to the issue.
+ - |
+ After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance.
+ - |
+ After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows.
+ - |
+ Unexpected elements may appear in the UI on the repo overview page for locked repositories.
+ - |
+ When publishing npm packages in a workflow after restoring from a backup to GitHub Enterprise Server 3.13.5.gm4 or 3.14.2.gm3, you may encounter a `401 Unauthorized` error from the GitHub Packages service. This can happen if the restore is from an N-1 or N-2 version and the workflow targets the npm endpoint on the backup instance. To avoid this issue, ensure the access token is valid and includes the correct scopes for publishing to GitHub Packages.
diff --git a/src/graphql/data/fpt/schema.docs.graphql b/src/graphql/data/fpt/schema.docs.graphql
index e7929b2623dd..4706bc555fb0 100644
--- a/src/graphql/data/fpt/schema.docs.graphql
+++ b/src/graphql/data/fpt/schema.docs.graphql
@@ -25820,7 +25820,7 @@ type Mutation {
): RemoveEnterpriseIdentityProviderPayload
"""
- Removes a user from all organizations within the enterprise
+ Completely removes a user from the enterprise
"""
removeEnterpriseMember(
"""
diff --git a/src/graphql/data/fpt/schema.json b/src/graphql/data/fpt/schema.json
index e419ae375c86..3c939b351ad3 100644
--- a/src/graphql/data/fpt/schema.json
+++ b/src/graphql/data/fpt/schema.json
@@ -6024,7 +6024,7 @@
"kind": "mutations",
"id": "removeenterprisemember",
"href": "/graphql/reference/mutations#removeenterprisemember",
- "description": "Removes a user from all organizations within the enterprise.
",
+ "description": "Completely removes a user from the enterprise.
",
"inputFields": [
{
"name": "input",
diff --git a/src/graphql/data/ghec/schema.docs.graphql b/src/graphql/data/ghec/schema.docs.graphql
index e7929b2623dd..4706bc555fb0 100644
--- a/src/graphql/data/ghec/schema.docs.graphql
+++ b/src/graphql/data/ghec/schema.docs.graphql
@@ -25820,7 +25820,7 @@ type Mutation {
): RemoveEnterpriseIdentityProviderPayload
"""
- Removes a user from all organizations within the enterprise
+ Completely removes a user from the enterprise
"""
removeEnterpriseMember(
"""
diff --git a/src/graphql/data/ghec/schema.json b/src/graphql/data/ghec/schema.json
index e419ae375c86..3c939b351ad3 100644
--- a/src/graphql/data/ghec/schema.json
+++ b/src/graphql/data/ghec/schema.json
@@ -6024,7 +6024,7 @@
"kind": "mutations",
"id": "removeenterprisemember",
"href": "/graphql/reference/mutations#removeenterprisemember",
- "description": "Removes a user from all organizations within the enterprise.
",
+ "description": "Completely removes a user from the enterprise.
",
"inputFields": [
{
"name": "input",
diff --git a/src/observability/middleware/handle-errors.ts b/src/observability/middleware/handle-errors.ts
index 393f204f7b73..c9545cc61fb4 100644
--- a/src/observability/middleware/handle-errors.ts
+++ b/src/observability/middleware/handle-errors.ts
@@ -100,9 +100,13 @@ const handleError: ErrorRequestHandler = async function handleError(
// Special handling for when a middleware calls `next(404)`
if (error === 404) {
- // Note that if this fails, it will swallow that error.
- nextApp.render404(req, res)
- return
+ // Route to App Router for proper 404 handling
+ req.url = '/404'
+ res.status(404)
+ res.setHeader('x-pathname', req.path)
+ res.locals = res.locals || {}
+ res.locals.handledByAppRouter = true
+ return nextApp.getRequestHandler()(req, res)
}
if (typeof error === 'number') {
throw new Error("Don't use next(xxx) where xxx is any other number than 404")