GitHub releases
GitHub changelog, platform updates, and Copilot coding-assistant releases. New features, breaking changes, security advisories and deprecations - each summarised in plain English and updated continuously.
Tracking 72 GitHub releases · Updated
- GitHub Changelog securityinfraengineer ·
GitHub Actions checkout v7 enhances security for pull_request_target
GitHub Actions checkout v7 now defaults to refusing common 'pwn request' patterns, preventing vulnerabilities in workflows triggered by pull_request_target events from forks. This change is crucial for supply-chain security, affecting users who rely on checking out unreviewed pull request code. The update is available now for workflows pinned to floating major tags, with enforcement backported to supported major versions by July 2026.
feature security - GitHub Changelog securitypreviewengineer ·
GitHub Actions workflow execution protections now in public preview
GitHub Actions workflow execution protections are now in public preview, allowing administrators to define allow lists for workflow triggers. This feature enhances security by preventing unauthorized users or events from initiating workflows, which could otherwise be exploited to run malicious code. Initially available for GitHub Enterprise, organizations, and repositories, it helps mitigate common attack patterns like poisoned pipeline execution and manual-trigger abuse.
feature announcement - GitHub Changelog securityinfraengineer ·
GitHub Secret Scanning Enhancements in June 2026
GitHub has updated its secret scanning capabilities with expanded detection coverage, including new partners like Cloudsmith and Meraki, and enhanced GitLab token support. Push protection now defaults to blocking more secret types, improving security for all repositories. Additionally, validity checks and richer metadata have been added for certain leaked credentials, aiding faster remediation for affected users.
feature patch - GitHub Changelog securityinfraengineer ·
Copilot code review: Enhanced configuration and content controls
GitHub Copilot code review now offers expanded configuration options, including organization-level runner controls and content exclusion support for specified files or directories. These updates aim to simplify setup and provide greater control over how Copilot analyzes code within repositories and organizations. Previously, custom instructions were limited by a character count, which has now been removed, allowing for more extensive customization.
feature - GitHub Changelog securityinfraengineer ·
Bot-created pull requests can run workflows with approval
Pull requests created by github-actions[bot] can now trigger CI/CD workflows upon user approval. This security enhancement prevents unreviewed generated code from automatically executing potentially sensitive workflows. The behavior now aligns with Copilot-generated pull requests, addressing a previous gap where bot-generated changes could be merged without CI checks.
feature - GitHub Changelog securitypreviewengineer ·
GitHub Copilot CLI adds experimental security review command
GitHub Copilot CLI now includes a new `/security-review` slash command for local code changes, shipping as an experimental public preview feature. This AI-driven command analyzes code to find high-confidence security vulnerabilities and offers actionable suggestions directly within the terminal. It complements existing GitHub security tools by providing a lightweight, on-demand scan focused on common vulnerability classes, accessible to engineers using Copilot CLI.
feature announcement - GitHub Changelog securitygaengineer ·
GitHub EMU IP Allow List Now Generally Available
GitHub Enterprise Cloud now offers general availability for IP allow list configuration within Enterprise Managed User (EMU) namespaces. This enhancement allows organizations to enforce network access policies directly within their managed user environments. The feature is now production-ready for all EMU customers.
feature announcement - GitHub Changelog aisecuritygaengineer ·
GitHub Security Validation for Third-Party Coding Agents GA
GitHub's security validation for third-party coding agents is now generally available, allowing external tools like Claude and OpenAI Codex to integrate directly with repositories. This feature enhances security by validating the actions of these AI agents before they modify code. The general availability means this capability is production-ready for all users.
feature announcement - GitHub Changelog securityengineer ·
GitHub adds scheduled code scanning for inactive repos
GitHub code scanning now offers scheduled security scans for repositories that have been inactive for six months. This feature helps organizations maintain continuous security posture by ensuring even dormant codebases are regularly checked for vulnerabilities. It is available for organizations seeking to enhance their security practices on the platform.
feature - GitHub Changelog securityengineer ·
CodeQL 2.25.6 adds Swift 6.3.2 support, improves C# coverage
CodeQL, GitHub's static analysis engine, has released version 2.25.6. This update introduces support for Swift 6.3.2 and enhances existing C# coverage. The release is part of ongoing efforts to improve code scanning capabilities for security issue detection. It impacts developers and security engineers using GitHub code scanning.
patch - GitHub Changelog securitygovernanceengineer ·
GitHub Advanced Security gets hard budget limits
GitHub Advanced Security now supports hard budget limits for enterprise administrators and billing managers, preventing teams from exceeding allocated license budgets. This new feature aims to provide better cost control for GHAS usage. It is now available for enterprise customers.
feature - GitHub Changelog securityinfraengineer ·
CodeQL 2.25.5 improves query accuracy for GitHub Actions
CodeQL 2.25.5, the static analysis engine powering GitHub code scanning, has been released with accuracy improvements for C/C++ codebases. These enhancements help to better detect and remediate security vulnerabilities within code. This patch is relevant to developers and security teams using GitHub Actions for code scanning.
patch - GitHub Changelog securityengineer ·
GitHub secret scanning: Filter approval requests by sort order and bypass status
GitHub has enhanced secret scanning's delegated workflows by adding the ability to sort bypass and dismissal requests in the UI. This change allows users to better manage approval requests by choosing between ascending and descending order. These improvements are rolling out this week and are applicable to users leveraging delegated workflows for secret scanning.
feature