Skip to content

Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Copilot content exclusions – Temporary rollback and upcoming fix

Shortly after releasing Copilot content exclusions on November 8, 2023, our team observed that the feature was causing clients to be incorrectly blocked from using Copilot. This necessitated an immediate rollback of this feature.

What Happened?
Once the feature was enabled for all Copilot Business customers, we observed a spike in errors and some end-users being completely blocked from using Copilot. The problem was related to the way content exclusions policies are fetched from the client.

Current Actions and Next Steps:
Our engineering team is engaged in deploying the necessary fixes. We have identified the faulty code in the client and are also deploying more verifications both server and client side to ensure this does not happen again. However, we want to approach the reintroduction of this feature with caution. Customers who had previously setup a content exclusions configuration are not affected by the rollback.

We expect to re-deploy the feature within the next few weeks.

Join the discussion within GitHub Community.

See more

Dependabot auto-triage rules support CVE IDs and GHSA IDs

Auto-triage rules are a powerful tool to help you reduce false positives and alert fatigue substantially, while better managing your alerts at scale. We've heard your feedback, which is helping us improve throughout this beta period.

Starting today, you can now create Dependabot auto-triage rules using CVE IDs or GHSA IDs to target subsets of alerts.

How do I learn more?

How do I provide feedback?

Let us know what you think by providing feedback — we’re listening!

See more

Custom Organization Roles are now GA

Organization owners can now create and assign custom organization roles, which grant members and teams specific sets of privileges within the organization. Like custom repository roles, organization roles are made up of one or more fine-grained permissions, such as “read audit logs” or “manage repository rulesets”, and apply to the organization itself rather than the repository. This feature is available in all Enterprise Cloud organizations and will come to GitHub Enterprise Server by version 3.13.

A screenshot of the role creation page, with a new role called "Auditor" that grants access to just the audit log permission.

Today, organization custom roles supports 10 permissions:

Roles can be assigned by an organization owner only, to prevent accidental escalation of privileges, and can be assigned to users and teams. Multiple organization roles can be assigned directly to a user or team. Users and teams inherit roles from the teams they are a part of.

A screenshot showing a user that's assigned to two different roles.

More organization permissions will be built over time, similar to how repository permissions were added as well. If you have a specific permission you’d like to see added please get in touch with your account team or let us know in the discussion below. Everything you can see in the organization settings menu is an option, and we’ll be working with teams across GitHub to get those permissions created.

To learn more about custom organization roles, see “About custom organization roles“, and for the REST APIs to manage and assign these roles programmatically see “Organization roles“. For feedback and suggestions for organization permissions, please join the discussion within GitHub Community.

See more

The GitHub Enterprise Server 3.11 Release Candidate is available

The GitHub Enterprise Server 3.11 release candidate is here

GitHub Enterprise Server 3.11 gives customers more visibility of their instance. Here are some highlights:

  • Code scanning's default setup now does even more to protect your code, by performing scans on a weekly scheudule (in addition to scanning pushes and pull requests) and allowing you to include Swift in your analysis.
  • View repository history using the new Activity view, to see repository activity like pushes, merges, force pushes, tag changes, and branch changes, and associate them with commits and users.
  • The value of secret scanning is now much more clear thanks to push protection metrics that are available in an organization's security overview pages.
  • A GitHub CLI extension for the Manage GitHub Enterprise Server API allows customers to interact with their GitHub Enterprise Server instance via the gh command-line interface.

Release Candidates are a way for you to try the latest features early, and they help us gather feedback to
ensure the release works in your environment. They should be tested on non-production environments.
Read more about the release candidate process.

Read more about GitHub Enterprise Server 3.11 in the release notes,
or download the release candidate now.
If you have any feedback or questions, please contact our Support team.

See more

Dependabot will no longer automatically re-run failed jobs when package manifest changes

We're simplifying how Dependabot operates! Previously, if Dependabot encountered errors in its last run, it would automatically re-run the job when there were changes in the package manifest (like adding or changing dependencies). This often led to Dependabot running more than needed and creating unscheduled pull requests. To streamline the process and stick to the schedules you set, this automated re-run feature is being deprecated.

Dependabot will still run jobs according to your schedule, and you'll have the option to manually trigger jobs whenever necessary.

See more

Codespaces Prebuilds New Region: Australia

In the upcoming days, Codespaces will be adding the Australia region to prebuild configurations under region availability. This will enable users to have prebuilds specifically in Australia.

How do I get access to Prebuilds in the Australia region?

If you would like to have Australia selected as a region, go to your prebuilds and select the Australia region.

What if I already have all regions selected for my Prebuilds?

If you have all regions currently selected you will have all regions except for Australia selected once this change is implemented. This will be change to ensure users do not get billed in a region they do not want.

If you would like to have all regions, including Australia, selected, please go to your prebuilds and select all regions again.

What if I am already using the Southeast Asia as a region?

Prebuild configurations with Southeast Asia already selected as a region with users in Australia may experience decreased codespace creation time as Australia will now be a separate region from Southeast Asia. To continue to get improved codespace creation time, add Australia as a region under region availability.

Please contact support if you have any issues.

See more

GitHub Copilot in the CLI now in public beta

copilot in the cli banner image

Learn your way around the command line with GitHub Copilot by your side!

We’re excited to announce the launch of a brand new GitHub CLI extension that’s now available as public beta — GitHub Copilot in the CLI.

GitHub Copilot in the CLI brings GitHub Copilot right to your terminal, where you can ask it to do things like explain how a command works or suggest a command for a task you want to perform. Learn more about the extension in our docs and provide us your feedback on our repo.

See more

Secret scanning detects generic passwords with AI (limited beta)

Secret scanning will now use AI to detect unstructured passwords in git content and generate an alert. Alerts for passwords appear in a separated tab from regular secret scanning alerts.

Generic secret detection is available for repositories with a GitHub Advanced Security license. The feature is in a limited beta and access will be granted through a waitlist.

screenshot of a secret scanning alert for an AI-detected password

See more

Copilot Content Exclusion is now available in Public Beta

Copilot Content Exclusion is now available in Public Beta

Starting now and over the next few days GitHub Copilot Business customers will be able to prevent specified files or repositories from being used to inform code completion suggestions made by GitHub Copilot. GitHub Copilot will not be available in excluded files. Organization administrators or repository owners can choose which files or repositories are excluded. During the beta program the feature is limited to Copilot Code Completion and VSCode only. Copilot Chat and the other IDEs will shortly follow.

Screenshot of content exclusion settings

You can learn more about Copilot Content Exclusion or join the discussion in the GitHub Community.

See more

Generate custom patterns for secret scanning with AI

Secret scanning has a new, AI-powered regular expression generator for custom patterns. Within the existing custom patterns page, GitHub Advanced Security users can launch a generative AI experience where you input a text description of what pattern you would like to detect, include optional example strings that should be detected, and get matching regular expressions in return.

The generator is in a limited beta and access will be granted through a waitlist.

screenshot of the regular expression generator

See more

[Public Beta] Guest collaborators for enterprise managed users

GitHub Enterprise Cloud customers that use Enterprise Managed Users (EMUs) can now participate in a public beta for a new user role that has restricted visibility of internal repositories. The guest collaborator role is defined via SCIM and assigned to users by the identity provider. Guest collaborators helps companies who work with contractors and other short-term partners in a flexible and managed fashion on specific projects, while also sharing code and ideas without restrictions amongst full enterprise members. When a guest collaborator is added to an organization they will only receive access to internal visibility repositories within that organization.

add a guest collaborator

Learn more about guest collaborators.

See more

EMU repository access for non organization members waitlist

GitHub Enterprise Cloud Enterprise Managed User customers can join a limited beta waitlist to enable individual repository access for users within their enterprise without granting organization membership. This is useful in cases where you intend to limit repository access for a specific user to the least number of repositories and combines well with features like guest collaborators to execute a least privilege access strategy. Any enterprise member is eligible to be added to an organization-owned repository and will result in use of a seat license if the user is not already a member of any other organization.

Learn more about EMU repository access for non organization members and join the waitlist!

See more

Code security insights on the organization-level Security tab (Beta)

Banner announcing the new overview dashboard states prioritization made simple with security insights

A new asset in security management is now available for GitHub enterprise users. Reinforcing the “shift left” philosophy, this feature is designed to integrate security into the heart of the development lifecycle, empowering your organization to proactively identify and address vulnerabilities.

Key advantages

Historical context

By comparing historical and current data, you can visibly track improvements in your security landscape and demonstrate the value of security investments.

Reporting period drop-down menu for the new overview dashboard

Customized focus

Sharpen your focus with filters that dissect your security data by teams, repositories, or any categorization that aligns with your goals. Whether it’s tracking team performance or monitoring metrics across a core group of repositories with the repository topic filter, there’s a plethora of options available to meet your needs.

Drop-down of filters for the new overview dashboard

Prioritization made simple

With clear insights into severity and net resolve rate—security’s version of developer velocity—the dashboard shows you if your resources are aligned with the most severe threats and if remediation speed is in harmony with security demands.

Security alerts trends graph grouped by severity and the net resolve rate tile from the new overview dashboard

Strategic alignment

Gain a strategic perspective with the Repositories “Top 10” list, which shows you repositories with the largest number of open alert counts, to understand where to direct your attention first.

Repositories top 10 list from the new overview dashboard

Shift left

The dashboard, which is accessible by everyone in the organization, helps you drive best security practices by understanding potential issues as early as possible, reducing risk and workload down the line.

New overview dashboard

This overview dashboard is now available as a beta on GitHub Enterprise Cloud and will be available in GitHub Enterprise Server 3.13.

Learn more about the new overview dashboard and send us your feedback

See more

Copilot in JetBrains IDEs – Chat is now available in private beta + New welcome guide

Copilot Chat in JetBrains IDEs is now available in Private Beta

We are happy to announce that a private beta of GitHub Copilot Chat is now available for users of JetBrains IDEs, including IntelliJ, PyCharm, WebStorm, Android Studio, and more.
GitHub Copilot Chat is a powerful AI-assistant capable of helping every developer build at the speed of their minds in the natural language of their choice.

This private beta is available to Copilot Business customers and Copilot Individual users.

To get access to the private beta, sign up for this waitlist.

GitHub Enterprise Cloud (GHEC) administrators interested in participating in the private beta should reach out to your GitHub account manager or contact our sales team to make the feature available for your enterprise.

We’d love your feedback on this new release. Please use this link to share your feedback or ideas on how to improve the product.

Copilot Chat in IntelliJ

A new Copilot welcome guide is available for JetBrains IDEs

We recently introduced a new welcome guide in our Copilot for JetBrains IDEs extension. Now you will be guided through the various features of GitHub Copilot and how to make the most of it!

Copilot welcome guide in IntelliJ

The welcome guide will activate when you install the GitHub Copilot plugin.

See more

Secret scanning expands detection to include non-provider patterns (beta)

Secret scanning will now detect the following non-provider patterns:

  • HTTP basic authentication header
  • HTTP bearer authentication header
  • MongoDB connection string
  • MySQL connection string
  • Postgres connection string
  • OpenSSH private key
  • PGP private key
  • RSA private key

Detection of these patterns must be enabled within a repository or organization’s security settings by checking the box next to “Scan for non-provider patterns.” Resulting secrets will appear in a new, separate tab on the secret scanning alert list called “Other.”

screenshot of secret scanning alerts showing a tab called Other with alerts for five non-provider patterns

Detection of non-provider patterns is currently in beta and is available for enterprises with a GitHub Advanced Security license only. Additional patterns will be added throughout the beta.

See more

Subversion brownouts

As announced earlier this year, GitHub is removing support for the Subversion protocol. Before permanent removal, we're running two brownouts where we will temporarily disable Subversion support.

Those brownouts are scheduled for:

  • An 8 hour period on November 13, 2023, from 14:00 – 22:00 UTC / 7:00am – 3:00pm Pacific
  • A 24 hour period beginning December 5, 2023 at 10:00 UTC / 2:00am Pacific and ending at the same time on December 6

As a reminder, Subversion support will be permanently removed on January 8, 2024.

See more

Multi-account support on GitHub.com

GitHub.com now remembers multiple accounts in your browser. You can find the account switcher in your profile picture context menu, letting you more easily switch between user accounts without re-entering your credentials.

image

The account switcher helps developers alternate between Enterprise Managed User accounts provided by an employer and personal accounts for use with personal projects and open source contributions. It also helps administrators manage service accounts they use for automation and integration purposes.

Because these accounts often have significantly different privileges, there's never any mixing of user permissions between saved accounts. When you visit a page that your current account can't access, you'll see a prompt to switch accounts if you have more than one signed in.

When you switch accounts, you won't need to sign in again or perform 2FA unless the account session has expired. Session expiration occurs after two weeks without activity. SAML/OIDC SSO authorization is also saved for sessions, but often expires every 1 or 24 hours, and may need to be done again before you can access your organization resources.

To learn more, see "Switching between accounts".

See more

[Public Beta] Administrative enhancements to Enterprise Managed Users SCIM

GitHub Enterprise Cloud customers with Enterprise Managed Users (EMU) now have access to additional administrative capabilities for SCIM information. Troubleshooting user management at scale can take time and effort. To make this easier on administrators, we have added several new audit log fields, external identity metadata, and a new team membership synchronization status. The audit log field updates include the following:

  • New field external_group.update_display_name: Our logs will now capture and report any changes made to an external group’s display name.
  • New field external_group.add_member: When a team member is added to an external group, this action will be audit logged.
  • New field external_group.remove_member: When a team member is removed from an external group, this action will be audit logged.
  • Enhancements to external_group.update and external_identity.update to ensure consistency whenever an external group or identity is updated.

The SSO page for each user also now includes SCIM metadata for that user in addition to existing SAML metadata. Check out what’s new by filling in this url https://github.com/enterprises/your-enterprise/people/username/sso with your enterprise and a valid username.

Team membership synchronization status checks GitHub’s understanding of identity groups against the current members of linked teams. This allows us to flag mismatches for administrators related to license allocation or other concerns.

image

Learn more about external group audit log fields and troubleshooting EMU team memberships.

See more

GitHub Actions – Enforcing workflow scope when creating a release

Starting today, apps and tokens used to create a release via the REST API endpoint will require the workflow scope or workflows:write permission in certain cases.

The workflow scope or workflows:write will be required when creating a release that targets a commit SHA (target_commitish) that modifies an Actions workflow file and that SHA does not have an existing ref (branch head or tag).

For more details see the REST API documentation or visit the GitHub Actions community if you have any questions.

See more

Filter secret scanning alerts by validity in the alert list view

GitHub Advanced Security users can now filter their secret scanning alerts by validity in the UI at the repository, organization, and enterprise level. Valid statuses are active, inactive, or unknown. Validity checks must be enabled for the repository, organization, or enterprise.

See more
View more changes