Repositories may now specify a security policy by creating a file named SECURITY.MD. This file should be used to instruct users about how and when to report security vulnerabilities to the repository maintainers. When included, this file will be shown in the repository’s “Security” tab, and in the new issue workflow.
GitHub Enterprise Server 2.17
The 2.17.0 release of GitHub Enterprise Server is now available for download. The latest release includes draft pull requests, security vulnerability alerts, batching suggested changes, and more.
Source code stored on GitHub.com will be encrypted at rest, by default. Any source code previously stored on GitHub.com has been converted over to hosts with encrypted disks. For GitHub Enterprise Server customers, encryption at rest is dependent on the host in which Enterprise Server is running, not a function of the Server software itself.