Skip to content

GitHub Enterprise Server: Issuing CVEs

Starting today, we will assign CVE IDs to security vulnerabilities affecting GitHub Enterprise Server. We will continue to document security fixes in the release notes as they are today, and now we will also mention if a CVE has been assigned to the issue.

As a CVE Numbering Authority for our products, GitHub can issue CVEs for security vulnerabilities affecting GitHub Enterprise Server. By doing so, we will give administrators a consistent way to be aware of and identify the security risks of outdated versions.

Learn more about CVE Identifiers and stay up to date with the latest GitHub Enterprise Server releases

We have released an improvement to the Actions tab which makes it easier to distinguish workflow runs from each other. For example, you can now see the commit message associated with push events.

event specific details

The new information includes:

  • The workflow run number.
  • What triggered the workflow, which can be a release, a pull request, a push, an issue, a deployment… A link to it is provided as well.
  • A descriptive title based on what triggered the workflow. This can be the title of a pull request or an issue, the name of a release, the message of a commit, etc.
  • What action triggered the workflow. For example a pull request can be reopened, merged,… A release can be published, created or released. This value comes from the action field in the webhook payload that was triggered for the specific event.

This new information is available for new workflow runs. Older runs are not affected by this change.

See more