GitHub releases
GitHub changelog, platform updates, and Copilot coding-assistant releases. New features, breaking changes, security advisories and deprecations - each summarised in plain English and updated continuously.
Tracking 72 GitHub releases · Updated
- GitHub Changelog infragaengineer ·
GitHub Repository Switcher GA in Global Navigation
The repository switcher in GitHub's global navigation is now generally available, allowing users to seamlessly transition between repositories without leaving their current page. This feature is designed to significantly reduce the time spent navigating across multiple codebases, benefiting engineers who manage numerous projects. Users can access it by clicking the chevron next to the repository name in the navigation breadcrumb.
feature announcement - GitHub Changelog infraengineer ·
GitHub Actions custom images gain layered build support
GitHub Actions now allows building custom runner images on top of other custom images, enabling layered image workflows. This feature offers teams greater flexibility in managing image-generation pipelines, reducing duplication, and speeding up builds. It also introduces conditional logic for the snapshot keyword, giving more control over image version generation. These enhancements are available now for teams using GitHub-hosted runners with custom images.
feature - GitHub Changelog securityinfraengineer ·
GitHub Actions checkout v7 enhances security for pull_request_target
GitHub Actions checkout v7 now defaults to refusing common 'pwn request' patterns, preventing vulnerabilities in workflows triggered by pull_request_target events from forks. This change is crucial for supply-chain security, affecting users who rely on checking out unreviewed pull request code. The update is available now for workflows pinned to floating major tags, with enforcement backported to supported major versions by July 2026.
feature security - GitHub Changelog securityinfraengineer ·
GitHub Secret Scanning Enhancements in June 2026
GitHub has updated its secret scanning capabilities with expanded detection coverage, including new partners like Cloudsmith and Meraki, and enhanced GitLab token support. Push protection now defaults to blocking more secret types, improving security for all repositories. Additionally, validity checks and richer metadata have been added for certain leaked credentials, aiding faster remediation for affected users.
feature patch - GitHub Changelog governanceinfraengineer ·
GitHub Copilot Enterprise Admins Can Now Disable Permission Bypass
Enterprise administrators can now disable automatic permission bypass (yolo mode) for GitHub Copilot CLI and VS Code using the new `disableBypassPermissionsMode` setting in enterprise-managed settings. This provides enhanced governance for AI features, ensuring users adhere to permission prompts. This capability is available for GitHub Copilot Business and Enterprise licenses and requires VS Code v1.122+.
feature - GitHub Changelog governanceinfraengineer ·
GitHub: Limit open PRs for users without write access
GitHub now allows repository maintainers to set a maximum number of open pull requests for users without write access, helping to manage contribution volume and reduce noise. This feature enables maintainers to proactively control the influx of contributions, with options to bypass the limit for trusted users. Draft PRs are excluded from the limit, and the change aims to reduce review and CI overhead for busy repositories.
feature - GitHub Changelog securityinfraengineer ·
Copilot code review: Enhanced configuration and content controls
GitHub Copilot code review now offers expanded configuration options, including organization-level runner controls and content exclusion support for specified files or directories. These updates aim to simplify setup and provide greater control over how Copilot analyzes code within repositories and organizations. Previously, custom instructions were limited by a character count, which has now been removed, allowing for more extensive customization.
feature - GitHub Changelog infra ·
GitHub Actions enforces minimum self-hosted runner versions starting July/September 2026
GitHub Actions is resuming enforcement of minimum version requirements for self-hosted runners on github.com and GitHub Enterprise Cloud. This change is necessary to support the new backend architecture that has increased reliability and performance. Users must ensure runners are on version 2.329.0 or later for registration and updated within 30 days of new releases to continue executing jobs. Enforcement begins with brownouts in July/August 2026, with full enforcement on July 31, 2026, for Data Residency instances and September 25, 2026, for others.
breaking announcement - GitHub Changelog governanceinfragaengineer ·
GitHub Enterprise Server 3.21 Released
GitHub Enterprise Server 3.21 is now generally available, bringing enhancements to deployment efficiency, monitoring, code security, and policy management. Key updates include the general availability of organization custom properties and hierarchy view for GitHub Projects, alongside a new REST API version with breaking changes. These updates benefit enterprise administrators and developers by improving metadata tagging, project visualization, and workflow management.
feature patch breaking - GitHub Changelog infrapreviewengineer ·
GitHub Actions runner images in public preview
GitHub Actions is releasing new Ubuntu 26.04 and Windows 11 arm64 runner images in public preview for all users. This allows early testing of workflows on the latest platforms before general availability, with Ubuntu 26.04 supporting both x64 and arm64 architectures. Users should update their workflow files to use the new image labels and may observe differences in tool versions.
feature announcement - GitHub Changelog securityinfraengineer ·
Bot-created pull requests can run workflows with approval
Pull requests created by github-actions[bot] can now trigger CI/CD workflows upon user approval. This security enhancement prevents unreviewed generated code from automatically executing potentially sensitive workflows. The behavior now aligns with Copilot-generated pull requests, addressing a previous gap where bot-generated changes could be merged without CI checks.
feature - GitHub Changelog aiinfraengineer ·
GitHub Agentic Workflows now use GITHUB_TOKEN, no PAT needed
GitHub Agentic Workflows have been updated to use GitHub Actions' built-in GITHUB_TOKEN, eliminating the need for personal access tokens (PATs). This change simplifies management, reduces security risks, and allows AI credit consumption to be billed directly to organizations. Configuration requires enabling a Copilot policy and updating workflow permissions, with cost management options available for organizations.
feature - GitHub Changelog infraengineer ·
CodeQL incremental analysis speeds up C/C++ and Go scans
CodeQL scans for C/C++ and Go now run incrementally, significantly reducing analysis time for pull requests. This feature, previously released for other languages, is now available for C/C++ and Go, and also integrated into the CodeQL CLI. Incremental analysis is enabled by default for projects using the default CodeQL query suite and the build mode none extraction mechanism on GitHub.com, and is available in the CodeQL CLI starting with version 2.25.5.
feature - GitHub Changelog infraengineer ·
GitHub CLI adds commands for managing Discussions
GitHub CLI version 2.94.0 introduces a new `gh discussion` command group, allowing users to list, view, create, edit, and comment on repository discussions directly from the terminal. This feature aims to integrate discussions into developers' existing workflows, reducing the need for direct API calls. The new commands are available for any repository with GitHub Discussions enabled.
feature - GitHub Changelog infraengineer ·
Dependabot version updates now support Deno
Dependabot's version update functionality has been expanded to include the Deno ecosystem. This enhancement allows developers using Deno to automate dependency updates through pull requests, streamlining project maintenance. To enable this, users need to add a Deno entry to their `.github/dependabot.yml` configuration file. This feature currently only applies to version updates, not security updates.
feature - GitHub Changelog infraengineer ·
npm v12 to enforce stricter security defaults for package installation
npm v12, slated for July 2026, introduces security enhancements by defaulting to stricter controls for package installation scripts and Git/remote dependencies. These changes aim to mitigate code execution risks by requiring explicit user opt-in for potentially risky operations. Users on npm 11.16.0 or newer can prepare by reviewing warnings and using `npm approve-scripts` to manage trusted packages.
breaking feature security - GitHub Changelog securityinfraengineer ·
CodeQL 2.25.5 improves query accuracy for GitHub Actions
CodeQL 2.25.5, the static analysis engine powering GitHub code scanning, has been released with accuracy improvements for C/C++ codebases. These enhancements help to better detect and remediate security vulnerabilities within code. This patch is relevant to developers and security teams using GitHub Actions for code scanning.
patch - GitHub Changelog infraengineer ·
Dependabot adds support for sbt ecosystem
Dependabot now supports the sbt package ecosystem, allowing it to monitor build.sbt files and automatically open pull requests for dependency updates. This feature benefits developers using sbt for their Scala projects by automating dependency management and improving security by highlighting available patches. To enable it, users need to add sbt to their dependabot.yml configuration.
feature