As previously announced, the npm registry now requires TLS 1.2 or higher for all requests, including package installation.
Recover Accounts Elsewhere allows a user to store a recovery token with a third-party recovery partner to use as a recovery method when their account is protected by two-factor authentication. Effective immediately, we will no longer be allowing new recovery tokens to be stored using Recover Accounts Elsewhere.
On December 1st, 2021, account recovery tokens stored using Recover Accounts Elsewhere will no longer be accepted as a recovery option when contacting support to recover access to your account. You will still be able to use our other recovery mechanisms to recover your account.
If you have registered an account recovery token using this feature, we recommend you take this opportunity to download your two-factor recovery codes. You can also revoke your recovery tokens using these steps:
- Navigate to the Account Security page.
- Scroll down to "Recovery tokens" and client "Edit".
- Click "Revoke token" for each token.
We'll be sending occasional email notifications throughout the deprecation period to all users with recovery tokens registered.
Questions? Take a look at our updated documentation on account recovery, or contact GitHub Support.
GitHub will stop supporting API Authentication via Query Parameters with Actions on October 6th 2021 at 14:00 UTC. If you are passing credentials via query or path parameters, GitHub will respond with client errors. Please refer to this blog post for details on authenticating API requests to GitHub using the Authorization header.
Removal
- October 6 2021 at 14:00 UTC
As previously announced, on September 8th 2021 at 14:00 UTC, GitHub will stop supporting API Authentication via Query Parameters.
If you are passing credentials via query or path parameters, GitHub will respond with client errors. Please refer to this blog post for details on authenticating API requests to GitHub using the Authorization header.
Removal
- September 8 2021 at 14:00 UTC
Please check the latest Enterprise release notes to learn in which version API Authentication via Query Parameters will be removed.
As previously announced, starting on August 13, 2021, at 09:00 PST, we will no longer accept account passwords when authenticating Git operations on GitHub.com. Instead, token-based authentication (for example, personal access, OAuth, SSH Key, or GitHub App installation token) will be required for all authenticated Git operations.
Please refer to this blog post for instructions on what you need to do to continue using git operations securely.
Removal
- August 13, 2021, at 09:00 PST
As previously announced, on August 11 2021 at 14:00 UTC, GitHub will be removing the OAuth Application API to avoid unintentional logging of in-transit access tokens.
Please refer to this blog post on migrating to the replacement endpoints.
Removal
- August 11 2021 at 14:00 UTC
Please check the latest Enterprise release notes to learn in which version the OAuth Application API will be removed.
As previously communicated, on August 11, 2021 at 14:00 UTC for 48 hours, GitHub will be conducting the third and final scheduled brownout for API Authentication via Query Parameters.
If you are passing credentials via query or path parameters, GitHub will intermittently respond with client errors. Please refer to this blog post for details on authenticating API requests to GitHub using the Authorization header.
Brownouts
- August 11, 2021: For 48 hours starting at 14:00 UTC
Removal
- September 8 2021 at 14:00 UTC
Please check the latest Enterprise release notes to learn in which version API Authentication via Query Parameters will be removed.
As previously communicated, on June 9th, 2021 at 14:00 UTC we will be conducting the second scheduled brownout for API Authentication via Query Parameters and the OAuth Applications API. If you are passing credentials via query or path parameters, we will intermittently respond with client errors.
OAuth Application API
Please refer to this blog post on migrating to the replacement endpoints.
Brownouts
- June 9, 2021: For 24 hours starting at 14:00 UTC
Removal
- August 11 2021 at 14:00 UTC
Authentication via Query Parameters
Please refer to this blog post for authentication via headers.
Brownouts
- June 9, 2021: For 24 hours starting at 14:00 UTC
- August 11, 2021: For 48 hours starting at 14:00 UTC
Removal
- September 8 2021 at 14:00 UTC
Please check the latest Enterprise release notes to learn in which version these functionalities will be removed.
As previously communicated, on May 5th, 2021 we will be conducting the first scheduled brownout for API Authentication via Query Parameters and the OAuth Applications API. If you are passing credentials via query or path parameters, we will intermittently respond with client errors.
OAuth Application API
Please refer to this blog post on migrating to the replacement endpoints.
Brownouts
- May 5, 2021: For 12 hours starting at 14:00 UTC
- June 9, 2021: For 24 hours starting at 14:00 UTC
Removal
- August 11 2021 at 14:00 UTC
Authentication via Query Parameters
Please refer to this blog post for authentication via headers.
Brownouts
- May 5, 2021: For 12 hours starting at 14:00 UTC
- June 9, 2021: For 24 hours starting at 14:00 UTC
- August 11, 2021: For 48 hours starting at 14:00 UTC
Removal
- September 8 2021 at 14:00 UTC
Please check the latest Enterprise release notes to learn in which version these functionalities will be removed.
In February 2020, to strengthen the security of our API, we deprecated API Authentication via Query Parameters and the OAuth Application API to avoid unintentional logging of in-transit access tokens. In the coming months, we'll be removing these endpoints and authentication flow according to the following schedule:
OAuth Application API
Please refer to this blog post on migrating to the replacement endpoints.
Brownouts
- May 5, 2021: For 12 hours starting at 14:00 UTC
- June 9, 2021: For 24 hours starting at 14:00 UTC
Removal
- August 11 2021 at 14:00 UTC
Authentication via Query Parameters
Please refer to this blog post for authentication via headers.
Brownouts
- May 5, 2021: For 12 hours starting at 14:00 UTC
- June 9, 2021: For 24 hours starting at 14:00 UTC
- August 11, 2021: For 48 hours starting at 14:00 UTC
Removal
- September 8 2021 at 14:00 UTC
Please check the latest Enterprise release notes to learn in which version these functionalities will be removed.
Update: As of March 21, 2024,
https://jobs.github.com/has been sunset.
Today we are announcing the deprecation of GitHub Jobs and, on August 19th, will sunset the site entirely. Over the past year, we've seen that most of the positions listed on GitHub Jobs are already posted elsewhere, and most developers who use GitHub are looking elsewhere. To best serve the GitHub developer community, we will be sunsetting the site.
The deprecation and shutdown of GitHub Jobs will follow this timeline:
- April 19, 2021: Every page on GitHub Jobs will display a banner indicating the deprecation and shutdown dates and linking to this post.
- May 19, 2021: New job postings will no longer be accepted by GitHub Jobs.
- June 9-10, June 29 – July 1, July 20-22, August 2-6: The JSON and Atom APIs will brownout so they will return only an error message indicating the deprecation and shutdown dates and linking to this post.
- August 19, 2021:
https://jobs.github.com/will redirect to this blog post. - March 21, 2024:
https://jobs.github.com/has been sunset.