From 089283f84e1cc002a766b28ba3ce74e6ae8c3d0b Mon Sep 17 00:00:00 2001
From: Gio Fernandez <grmtek@github.com>
Date: Mon, 8 Dec 2025 09:17:19 -0500
Subject: [PATCH 1/4] Enhance troubleshooting details for webhook delivery
 errors (#58741)

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .../troubleshooting-webhooks.md                               | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/content/webhooks/testing-and-troubleshooting-webhooks/troubleshooting-webhooks.md b/content/webhooks/testing-and-troubleshooting-webhooks/troubleshooting-webhooks.md
index 43633de31457..21ca00b20f5a 100644
--- a/content/webhooks/testing-and-troubleshooting-webhooks/troubleshooting-webhooks.md
+++ b/content/webhooks/testing-and-troubleshooting-webhooks/troubleshooting-webhooks.md
@@ -46,10 +46,12 @@ To deliver webhooks to your local server for testing, you can use a webhook forw
 
 ## Failed to connect to host
 
-The `failed to connect to host` error occurs when {% data variables.product.company_short %} attempts a webhook delivery but could not resolve the webhook's URL to an IP address.
+The `failed to connect to host` error occurs when {% data variables.product.company_short %} attempts a webhook delivery but could not resolve the webhook's URL to an IP address or there are network restrictions preventing connection to the host.
 
 To check whether a host name resolves to an IP address, you can use `nslookup`. For example, if your payload URL is `https://octodex.github.com/webhooks`, you can run `nslookup octodex.github.com`. If the host name could not be resolved to an IP address, the nslookup command will indicate that the server can't find the host name.
 
+You should make sure that your server allows connections from {% data variables.product.company_short %}'s IP addresses. You can use the `GET /meta` endpoint to find the current list of {% data variables.product.company_short %}'s IP addresses. See [AUTOTITLE](/rest/meta/meta#get-github-meta-information). Ensure connectivity is allowed from the IP addresses listed in the `hooks` section. {% data variables.product.company_short %} occasionally makes changes to its IP addresses, so you should update your IP allow list periodically.
+
 ## Failed to connect to network
 
 The `failed to connect to network` error indicates that your server refused the connection when {% data variables.product.company_short %} attempted to deliver a webhook.

From 41f47d51711ce5353b0aeaa10d95ee656dadeed7 Mon Sep 17 00:00:00 2001
From: Allan Guigou <34221163+AllanGuigou@users.noreply.github.com>
Date: Mon, 8 Dec 2025 09:36:11 -0500
Subject: [PATCH 2/4] Update environment branch protection rules documentation
 (#57383)

Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
---
 .../workflows-and-actions/deployments-and-environments.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/actions/reference/workflows-and-actions/deployments-and-environments.md b/content/actions/reference/workflows-and-actions/deployments-and-environments.md
index c09c1eab9e1d..21f214414dd3 100644
--- a/content/actions/reference/workflows-and-actions/deployments-and-environments.md
+++ b/content/actions/reference/workflows-and-actions/deployments-and-environments.md
@@ -56,7 +56,7 @@ Use deployment branches and tags to restrict which branches and tags can deploy
 
 * **Selected branches and tags:** Only branches and tags that match your specified name patterns can deploy to the environment.
 
-  If you specify `releases/*` as a deployment branch or tag rule, only a branch or tag whose name begins with `releases/` can deploy to the environment. (Wildcard characters will not match `/`. To match branches or tags that begin with `release/` and contain an additional single slash, use `release/*/*`.) If you add `main` as a branch rule, a branch named `main` can also deploy to the environment. For more information about syntax options for deployment branches, see the [Ruby `File.fnmatch` documentation](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch).
+  The deployment branch or tag rule is matched against the `GITHUB_REF` of the workflow run. For values of `GITHUB_REF` for each workflow trigger, see [AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows). If you specify `releases/*` as a deployment branch or tag rule, only a `GITHUB_REF` whose name begins with `releases/` can deploy to the environment. Adding another branch rule for `refs/pull/*/merge` would also allow workflows triggered by `pull_request` events to deploy to the environment. Wildcard characters will not match `/`, to match branches or tags that begin with `release/` and contain an additional single slash, use `release/*/*`. For more information about syntax options for deployment branches, see the [Ruby `File.fnmatch` documentation](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch).
 
   {% data reusables.actions.branch-and-tag-deployment-rules-configuration %}
 

From 69dd2224088bf1e882284457e6ec642c229a3a96 Mon Sep 17 00:00:00 2001
From: Khanh Tran <99679174+khanhgee@users.noreply.github.com>
Date: Mon, 8 Dec 2025 09:40:23 -0500
Subject: [PATCH 3/4] Add section on configuring backups from replica node
 (#58696)

Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
---
 .../configuring-the-backup-service.md         | 26 ++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/configuring-the-backup-service.md b/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/configuring-the-backup-service.md
index 2d762ff24ebf..e3c2e09b6032 100644
--- a/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/configuring-the-backup-service.md
+++ b/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/configuring-the-backup-service.md
@@ -125,7 +125,7 @@ If you're migrating from {% data variables.product.prodname_enterprise_backup_ut
 
    Use the `--dry-run` flag to preview changes without applying them.
 
-### Scheduling automated backups
+#### Scheduling automated backups
 
 Once the service is configured, you can define a backup schedule.
 
@@ -134,3 +134,27 @@ Once the service is configured, you can define a backup schedule.
 1. Click **Save** to apply the changes.
 
 The first run will be a full backup. Future runs will be incremental. If a new backup attempt starts while a previous one is still running, it may be skipped or fail. In that case, adjust the schedule to avoid overlap.
+
+{% ifversion ghes > 3.19 %}
+
+### Configuring backups from a replica node
+
+For high availability, you can designate a replica node as your backup server. To minimize latency, {% data variables.product.github %} recommends picking a replica node in the same region or datacenter as your primary node.
+
+> [!IMPORTANT] 
+> Backups from cache replica nodes or active geo replica nodes are not supported.
+
+To configure your backup server, run the following commands, replacing `HOSTNAME` with the hostname of the node:
+
+```shell
+ghe-config cluster.HOSTNAME.backup-server true
+
+ghe-config-apply
+```
+
+You can now run `ghe-backup` directly on your replica node.
+
+> [!WARNING]
+> Due to the latency between primary and replica nodes, you may lose data when backing up from a replica node.
+
+{% endif %}

From 5255280bb0fc4df84b8349b3a64abd57877ac673 Mon Sep 17 00:00:00 2001
From: Dani Brooks <104226514+danibrooks@users.noreply.github.com>
Date: Mon, 8 Dec 2025 06:55:40 -0800
Subject: [PATCH 4/4] Add Elasticsearch as a subprocessors entry (#58737)

---
 content/site-policy/privacy-policies/github-subprocessors.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/content/site-policy/privacy-policies/github-subprocessors.md b/content/site-policy/privacy-policies/github-subprocessors.md
index dcd098f7641b..fa8a0e205533 100644
--- a/content/site-policy/privacy-policies/github-subprocessors.md
+++ b/content/site-policy/privacy-policies/github-subprocessors.md
@@ -31,6 +31,7 @@ If you have questions about this list, please contact us at <privacy@github.com>
 | Anthropic PBC                 | AI Inference and AI Services                                                   | United States                                     | United States      |
 | Cloudflare                    | Content delivery service                                                       | United States                                     | United States      |
 | CoreWeave, Inc.               | Cloud Hosted Infrastructure                                                    | United States                                     | United States      |
+| Elasticsearch, Inc.           | Cloud Hosted Infrastructure                                                    | United States                                     | United States      |
 | Fastly                        | Content delivery service                                                       | United States                                     | United States      |
 | Fireworks AI                  | AI Inference and AI Services                                                   | United States, Iceland, Germany                   | United States      |
 | FullStory, Inc.               | Customer support ticketing analysis                                            | United States                                     | United States      |