GitHub Security was notified about an issue where users still had access to organizations after being removed. Our Security team investigated potential instances and determined there were occasional instances where users’ permissions were not fully removed when teams were deleted or they were part of a team when they were removed from the organization. While we investigated the root causes, which stemmed from background job and permissions issues, a manual fix has been implemented since October 20, 2022. We have addressed the underlying issues and the need for the previously implemented manual fix. We have also cleaned up any users that were not removed when they should have been. There is no further action that is required by any organization.
SSH Certificate requirement update
The "Require SSH certificates" policy now allows GitHub apps to call Git APIs using a user-to-server token, bringing them up to parity with OAuth app support.
The SSH certificate requirement mandates that users in your organization call Git APIs using an SSH certificate issued by your organization, in place of their own SSH key or a PAT.
To support automation, it has an exception in place for OAuth apps and GitHub app server-to-server tokens, which allows applications you've approved to call Git APIs for your organization.
With this change, we are extending that exception to GitHub app user-to-server tokens, for when a user has signed into a GitHub app that's installed in your organization.
This change also applies when the enterprise-level setting requires SSH certificates across all organizations in the enterprise.
To learn more, see "Managing your organization's SSH certificate authorities" or "Managing SSH certificate authorities for your enterprise".
GitHub users write a lot of Markdown; so much so that we render 2 billion Markdown files everyday; at peak times, we're processing 1,300 Markdown files a second! Any opportunity we have to shave a few seconds off of the Markdown authoring experience on GitHub is time well-spent.
Introducing Markdown Helpers powered by Slash Commands
To use Markdown Helpers, simply type / on Issues, Pull Requests, or Discussion descriptions/comments and use the subsequent dialog to choose from a number of useful Markdown shortcuts.
Use shortcuts like /table to make Markdown tables a breeze, or /details to make selectively showing content to readers much easier than remembering the HTML formatting.
As part of our first release, we've included 6 out-of-the-box features which we hope will help teams author Markdown faster and with less context switching:
- Code Block
- Support for language-specific syntax highlighting
- Details
- Specify details that the reader can open and close on demand
- Saved Replies
- Access your saved replies directly from Slash Commands
- Table
- Easily insert Markdown Tables
- Templates
- Easily populate your Repository's Issue or Pull Request templates directly from Slash Commands!
- Tasklist
- Easily insert a Tasklist
- Note: Tasklists are currently in Private Beta, only users in organizations added to the Private Beta will see this option)
We'd love to hear from you!
Be sure to check out the official Slash Commands documentation for more details on the commands we're releasing today.
Anything we missed? Got an idea for a great Slash Commands feature?
Please leave us some feedback in our Feedback Discussion about how you'd like to use Slash Commands on GitHub.