GitHub’s CSP journey
We shipped subresource integrity a few months back to reduce the risk of a compromised CDN serving malicious JavaScript. That is a big win, but does not address related content…
GitHub Blog Search
Search Results for: Authentication
GitHub Enterprise 2.5 is now available
We are excited to announce the release of GitHub Enterprise 2.5. With this release, we’re introducing features and updates that will help development teams build software at scale with a…
Two years of bounties
Despite the best efforts of its writers, software has vulnerabilities, and GitHub is no exception. Finding, fixing, and learning from past bugs is a critical part of keeping our users…
GitHub Enterprise 2.4 is now available
GitHub Enterprise is the on-premises version of GitHub, which you can deploy and manage in your own, secure environment. The GitHub Enterprise 2.4 release offers users and administrators greater control…
GitHub Enterprise security best practices
We want to free up your administrator's time by providing a tool that requires little maintenance and great out-of-the-box security. By following a few simple steps, GitHub Enterprise can be…
GitHub Universe: Mission Report
Last week we launched GitHub Universe, a two-day conference where developers from all over the world convened at Pier 70 to discuss how to build, collaborate on, and deploy great…
Benchmarking GitHub Enterprise
The release of GitHub Enterprise 2.0 brought more than just new features and support for deployment on Amazon Web Services. It also included a rework of our virtual machine architecture…
The story behind the new GitHub Enterprise
Today we're releasing the fastest and most flexible version of GitHub Enterprise ever, including high availability and disaster recovery options, dramatically improved LDAP and SAML integration, major improvements to features…
GitHub Enterprise 11.10.341 Release
GitHub Enterprise releases are all about offering large companies more of GitHub to deploy in their own environments, and today's release is no exception. We've added a number of features…
Security: Heartbleed vulnerability
On April 7, 2014 information was released about a new vulnerability (CVE-2014-0160) in OpenSSL, the cryptography library that powers the vast majority of private communication across the Internet. This library…
Better Organizations
Today we’re making it easier to manage GitHub organizations. Whether your organization is a large private company or a small open source project, these improvements will help keep your teams…
More Enterprise support in GitHub for Mac
To help kick off the new year, we're happy to announce that GitHub for Mac now supports CAS authentication with GitHub Enterprise as of version 11.10.328 or later! The sign-in…
Weak passwords brute forced
Some GitHub user accounts with weak passwords were recently compromised due to a brute force password-guessing attack. I want to take this opportunity to talk about our response to this…
Modeling your App’s User Session
If you've been keeping an eye on your cookies, you may have noticed some recent changes GitHub has made to how we track your session. You shouldn't notice any difference…
View Active Browser Sessions
To follow up with our recent two-factor authentication security feature, we are giving users more insight into their active browser sessions. Under Account settings > Security History you will see…
GitHub Enterprise 11.10.320 Release
We've been working hard over the last few months, and are happy to announce the latest release of GitHub Enterprise. It includes some exciting new Enterprise-specific features, as well as…
GitHub Enterprise 11.10.310 Release
We're excited to announce the latest release of GitHub Enterprise. Along with a variety of general improvements and adjustments, this new release brings the following features from GitHub.com: Relative links…
GitHub Enterprise 11.10.290 Release
We're excited to announce the latest release of GitHub Enterprise. We're shipping this version with our new Command Bar, User Profile Pages, and much more. Along with a variety of…
Easier builds and deployments using Git over HTTPS and OAuth
We first introduced OAuth2 tokens in the GitHub API starting in v3. Unlike usernames and passwords, OAuth tokens provide additional benefits: Revocable access. Tokens can be revoked at any time…
Surviving the SSHpocolypse
Over the past few days, we have had some issues with our SSH infrastructure affecting a small number of Git SSH operations. We apologize for the inconvenience, and are happy…
Introducing GitHub Enterprise
Today we're launching GitHub Enterprise: a self-hosted GitHub for your company. Easy, Secure, and Powerful GitHub Enterprise has all the great stuff you've come to expect from GitHub: commit histories,…