Newsletter Alerts

GitHub releases

GitHub changelog, platform updates, and Copilot coding-assistant releases. New features, breaking changes, security advisories and deprecations - each summarised in plain English and updated continuously.

Tracking 72 GitHub releases · Updated

Filter: Show all AI (39)Azure (1)Deprecation (4)Education (2)Engineer (70)GA (16)Governance (12)Infra (18)Preview (16)Security (13)
Type Breaking Feature Security Patch Deprecated Announcement Clear ×
  • GitHub Changelog securityinfraengineer ·

    GitHub Actions checkout v7 enhances security for pull_request_target

    GitHub Actions checkout v7 now defaults to refusing common 'pwn request' patterns, preventing vulnerabilities in workflows triggered by pull_request_target events from forks. This change is crucial for supply-chain security, affecting users who rely on checking out unreviewed pull request code. The update is available now for workflows pinned to floating major tags, with enforcement backported to supported major versions by July 2026.

    feature security
  • GitHub Changelog infra ·

    GitHub Actions enforces minimum self-hosted runner versions starting July/September 2026

    GitHub Actions is resuming enforcement of minimum version requirements for self-hosted runners on github.com and GitHub Enterprise Cloud. This change is necessary to support the new backend architecture that has increased reliability and performance. Users must ensure runners are on version 2.329.0 or later for registration and updated within 30 days of new releases to continue executing jobs. Enforcement begins with brownouts in July/August 2026, with full enforcement on July 31, 2026, for Data Residency instances and September 25, 2026, for others.

    breaking announcement
  • GitHub Changelog governanceinfragaengineer ·

    GitHub Enterprise Server 3.21 Released

    GitHub Enterprise Server 3.21 is now generally available, bringing enhancements to deployment efficiency, monitoring, code security, and policy management. Key updates include the general availability of organization custom properties and hierarchy view for GitHub Projects, alongside a new REST API version with breaking changes. These updates benefit enterprise administrators and developers by improving metadata tagging, project visualization, and workflow management.

    feature patch breaking
  • GitHub Changelog infraengineer ·

    npm v12 to enforce stricter security defaults for package installation

    npm v12, slated for July 2026, introduces security enhancements by defaulting to stricter controls for package installation scripts and Git/remote dependencies. These changes aim to mitigate code execution risks by requiring explicit user opt-in for potentially risky operations. Users on npm 11.16.0 or newer can prepare by reviewing warnings and using `npm approve-scripts` to manage trusted packages.

    breaking feature security