GitHub Enterprise – 3.14.1

Please note this list of changes is not exhaustive, but has been curated to changes which affect users of the NC State GitHub service.

A full list of changes can be found on the official GitHub Enterprise 3.14 Release Notes.

Features

Organization owners can create and assign custom organization roles, delegating administrative duties to trusted teams and users. See "Managing custom organization roles."

Dependabot can access Cargo private registries to provide updates to Rust dependencies. See "Guidance for the configuration of private registries for Dependabot."
Dependabot pauses scheduled jobs after 15 failures. This gives an earlier indication of potential issues while still ensuring that critical security updates continue to be applied without interruption.
Dependabot uses private registry configurations specified in the dependabot.yml file as expected, even if there is a configuration with target-branch. This ensures that security updates are applied correctly, regardless of your repository's configuration settings. See "Configuring access to private registries for Dependabot."

The security overview dashboard for organizations is now generally available.
On the security overview dashboard, users can view alert trends grouped by tool. The group-by option is designed to improve the ability to track and analyze the effectiveness of scanning tools, enabling more strategic decision-making. See "Viewing security insights."
On the security overview dashboard, users can filter by security tool. This feature is in public beta and subject to change.
In the dependency graph, a software bill of materials (SBOM) generated for a package now includes the package URL for more packages. Previously, the package URL was not included if the manifest file referenced a package with a version range.

For self-hosted GitHub Actions runners on this GitHub Enterprise Server release, the minimum required version of the GitHub Actions Runner application is 2.317.0. See the release notes for this version in the actions/runner repository. If your instance uses ephemeral self-hosted runners and you've disabled automatic updates, you must upgrade your runners to this version of the Runner application before upgrading your instance to this GitHub Enterprise Server release.
Deployment views across environments are now generally available. Users can pin environments and use additional filters to filter the views. See "Viewing deployment history."

Users can configure custom GitHub Actions workflows to build and deploy sites on GitHub Pages. See "Configuring a publishing source for your GitHub Pages site."

Users can enhance security by adding deploy keys as a bypass type to rulesets. See "Creating rulesets for a repository."
Users can select Dependabot in the bypass list of a ruleset. See "Creating rulesets for a repository."

Users can use the auto-close issue workflow to automatically close issues when a project item moves to a specific "completed" status. See "Using the built-in automations."

Users can set their styling preference for link underlines in the web interface, on their “Accessibility” settings page.

MEDIUM: An attacker could steal sensitive information by exploiting a Cross-Site Scripting vulnerability in the repository transfer feature. This exploitation would require social engineering. GitHub has requested CVE ID CVE-2024-8770 for this vulnerability, which was reported via the GitHub Bug Bounty program.
Packages have been updated to the latest security versions.

Fixes and improvements for the git core module.
In organizations with a large number of repositories, when an administrator used repository properties to target repositories in an organization ruleset, the ruleset index page timed out.
After a user created a Projects Insights chart with time as the X-axis, the chart became hidden and inaccessible.
Fixes a known issue where some links to GitHub Docs from GitHub Enterprise Server may lead to a “Page not found.” Previously, the links incorrectly added enterprise-cloud@latest to the URL.
A bug introduced in 3.12 which prevented the search input in the global navigation from displaying a dropdown of search suggestions has been fixed. The search input functionality prior to 3.12 has been restored, and users are once again able to see and submit suggested search queries, including scope suggestions.
Custom links to other repositories displayed incorrect breadcrumbs.