Repository level notification controls for security alerts

We are implementing a change to the default notification settings for security alerts. Previously, if you had permission to view security alerts in a repository, you would receive notifications for that repository as long as your settings allowed for security alert notifications. Starting today, we are moving to a model where you must opt-in to security alert notifications by watching the repository. You will be notified as long as you select All Activity or configure Custom to include Security alerts. You will have 30 days to opt-in to these security alert notifications, or you will stop receiving them.

If you want to continue to receive security alert notifications for all of the repositories that you currently receive them for, you can find a migration experience at the bottom of the watching page. Click Subscribe to security alerts to easily opt-in.

Watching control with new security alerts setting

As previously communicated, on May 5th, 2021 we will be conducting the first scheduled brownout for API Authentication via Query Parameters and the OAuth Applications API. If you are passing credentials via query or path parameters, we will intermittently respond with client errors.

OAuth Application API

Please refer to this blog post on migrating to the replacement endpoints.

Brownouts

  • May 5, 2021: For 12 hours starting at 14:00 UTC
  • June 9, 2021: For 24 hours starting at 14:00 UTC

Removal

  • August 11 2021 at 14:00 UTC

Authentication via Query Parameters

Please refer to this blog post for authentication via headers.

Brownouts

  • May 5, 2021: For 12 hours starting at 14:00 UTC
  • June 9, 2021: For 24 hours starting at 14:00 UTC
  • August 11, 2021: For 48 hours starting at 14:00 UTC

Removal

  • September 8 2021 at 14:00 UTC

Please check the latest Enterprise release notes to learn in which version these functionalities will be removed.

See more