Improving GitHub’s SSL setup
To keep GitHub as secure as possible for every user, we will remove RC4 support in our SSL configuration on github.com and in the GitHub API on January 5th 2015.…
To keep GitHub as secure as possible for every user, we will remove RC4 support in our SSL configuration on github.com and in the GitHub API on January 5th 2015.…
A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows…
Since we introduced the Status API, you’ve been able to improve the quality of your code by including the status of a pull request within the conversation timeline, for every…
Today, we’re releasing an all-new GitHub Enterprise designed to make it even easier for developers and businesses around the world to use GitHub at work. Now available on Amazon Web…
We’ve just released some major improvements to our organization audit logs. As an organization admin, you can now see a running list of events as they’re generated across your organization,…
We’ve changed the process for adding new GitHub users to your organization. Starting today, users you add will be sent an email invitation. Once they accept this invitation, they’ll become…
GitHub Enterprise releases are all about offering large companies more of GitHub to deploy in their own environments, and today’s release is no exception. We’ve added a number of features…
On Tuesday, March 11th, GitHub was largely unreachable for roughly 2 hours as the result of an evolving distributed denial of service (DDoS) attack. I know that you rely on…
As we announced previously we’ve improved our SSL setup by deploying forward secrecy and improving the list of supported ciphers. Deploying forward secrecy and up to date cipher lists comes…
Some GitHub user accounts with weak passwords were recently compromised due to a brute force password-guessing attack. I want to take this opportunity to talk about our response to this…
To follow up with our recent two-factor authentication security feature, we are giving users more insight into their active browser sessions. Under Account settings > Security History you will see…
Today we’re adding two-factor authentication to GitHub. When you enable this feature, it adds an additional layer of security to your account. When logging in to GitHub, after providing your…
In the ongoing effort to keep our users safe, we recently took inspiration from the Unix sudo command. We wanted to require password confirmation for dangerous actions on GitHub.com, but…
We work very hard to keep GitHub fast. Ruby is not the fastest programming language, so we go to great lengths benchmarking and optimizing our large codebase: our goal is…
Last Friday we announced and performed a migration of all GitHub Pages to their own github.io domain. This was a long-planned migration, with the specific goal of mitigating phishing attacks…
Beginning today, all GitHub Pages sites are moving to a new, dedicated domain: github.io. This is a security measure aimed at removing potential vectors for cross domain attacks targeting the…
Earlier today a routine system email was incorrectly sent to many of our GitHub Enterprise customers. In these errant emails, customer email addresses were included in the To: field, making…
There are a more than a million open issues to be found across all public repositories hosted on GitHub right now. Finding a specific issue can be a tedious process…
We’re excited to announce the latest release of GitHub Enterprise. We’re shipping this version with our new Command Bar, User Profile Pages, and much more. Along with a variety of…
We hosted our first OctoGala here in San Francisco at Brick and Mortar. Not only did we have a night of glitz and glamor, but we were able to raise…
There has been some confusion over today’s security vulnerability and our policy on responsible disclosure and account suspension that I’d like to clear up. Three days ago, user @homakov opened…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Get tickets to the 10th anniversary of our global developer event on AI, DevEx, and security.