diff --git a/content/account-and-profile/how-tos/account-management/managing-multiple-accounts.md b/content/account-and-profile/how-tos/account-management/managing-multiple-accounts.md
index 16e34ca99d2f..ddc18dece97f 100644
--- a/content/account-and-profile/how-tos/account-management/managing-multiple-accounts.md
+++ b/content/account-and-profile/how-tos/account-management/managing-multiple-accounts.md
@@ -101,6 +101,57 @@ For example, the following command sets the `GIT_SSH_COMMAND` environment variab
GIT_SSH_COMMAND='ssh -i PATH/TO/KEY/FILE -o IdentitiesOnly=yes' git clone git@github.com:OWNER/REPOSITORY
```
+## Contributing to multiple accounts using SSH and multiple keys
+
+If you are a member of an {% data variables.enterprise.prodname_emu_enterprise %}, but also want to collaborate outside your enterprise using a personal account, you can use different SSH keys for each account. For more information about using SSH, see [AUTOTITLE](/authentication/connecting-to-github-with-ssh).
+> [!WARNING]
+> You cannot use the same SSH key to contribute to both repositories inside your {% data variables.enterprise.prodname_emu_org %} and outside the enterprise.
+
+1. Generate a different SSH key for the repositories in your {% data variables.enterprise.prodname_emu_org %}. See [AUTOTITLE](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key). When you save the key, give it a different filename from your existing key (for instance, add -emu to the suggested name of the file).
+
+1. Add the new ssh key to your {% data variables.enterprise.prodname_managed_user %}. See [AUTOTITLE](/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account)
+
+1. Configure your SSH Config File `~/.ssh/config` to use the different keys. For example, if your personal SSH key is `~/.ssh/id_ed25519` and your {% data variables.enterprise.prodname_emu_enterprise %} SSH key is `~/.ssh/id_ed25519-emu`
+
+ ```text copy
+ Host github.com
+ IdentityFile ~/.ssh/id_ed25519
+ IdentitiesOnly yes
+
+ Host github-emu.com
+ Hostname github.com
+ IdentityFile ~/.ssh/id_ed25519-emu
+ IdentitiesOnly yes
+ ```
+
+ > [!NOTE]
+ > The `IdentitiesOnly` line ensures that if the ssh-agent has loaded multiple keys, ssh uses the correct key when connecting.
+
+1. Test your SSH configuration by running the following command to connect using the SSH key associated with your personal account - see [AUTOTITLE](/authentication/connecting-to-github-with-ssh/testing-your-ssh-connection) for further details
+
+ ```shell copy
+ ssh -T git@github.com
+ ```
+
+ Test to see if you can connect to ({% data variables.product.github %}) using your {% data variables.enterprise.prodname_emu_enterprise %} SSH key
+
+ ```shell copy
+ ssh -T git@github-emu.com
+ ```
+
+1. Tell `git` to use the correct key when downloading or uploading a repository in an {% data variables.enterprise.prodname_emu_org %}.
+ To list the organizations in your {% data variables.enterprise.prodname_emu_enterprise %},
+ {% data reusables.profile.access_org %}
+ 1. For each organization listed tell `git` to use the `github-emu.com` host.
+
+ For example, if one of your organizations is called `octocat-emu` then to tell `git` to use the host `github-emu.com` for repositories in the `octocat-emu` organization, run the following command
+
+ ```shell copy
+ git config --global url."git@github-emu.com:octocat-emu/".insteadOf "git@github.com:octocat-emu/"
+ ```
+
+Now, when you clone a repository using SSH, in the `octocat-emu` organization, `git` will use the SSH key associated with your {% data variables.enterprise.prodname_emu_enterprise %} instead of your personal key.
+
## Next steps
For reference information, see [AUTOTITLE](/account-and-profile/reference/personal-account-reference).
diff --git a/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md b/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md
index 9e8ca00dd003..5a6f1b69d23a 100644
--- a/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md
+++ b/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md
@@ -38,10 +38,10 @@ These metrics appear directly in the {% data variables.product.prodname_copilot_
| Language usage per day | Daily breakdown of languages used. |
| Model usage | Distribution of AI models used for chat. |
| Model usage per day | Daily breakdown of chat model usage. |
-| Model usage per chat mode | Model usage by {% data variables.product.prodname_copilot_short %} feature (ask, edit, agent). |
+| Model usage per chat mode | Model usage by {% data variables.product.prodname_copilot_short %} feature (ask, edit, plan, agent). |
| Model usage per language | Distribution of languages broken down by model. |
| Most used chat model | The most frequently used chat model in the last 28 days. |
-| Requests per chat mode | Number of chat requests by mode (ask, edit, agent). |
+| Requests per chat mode | Number of chat requests by mode (ask, edit, plan, agent). |
## Code generation dashboard metrics
@@ -72,7 +72,7 @@ These fields appear in the exported NDJSON reports and in the {% data variables.
| `enterprise_id` | Unique ID of the enterprise. |
| `organization_id` (API only) | Unique ID of the organization. |
| `user_id` / `user_login` | Unique identifier and {% data variables.product.github %} username for the user. |
-| `user_initiated_interaction_count` | Number of explicit prompts sent to {% data variables.product.prodname_copilot_short %}.
Only counts messages or prompts actively sent to the model. Does **not** include opening the chat panel, switching modes (for example, ask, edit, or agent), using keyboard shortcuts to open the inline UI, or making configuration changes. |
+| `user_initiated_interaction_count` | Number of explicit prompts sent to {% data variables.product.prodname_copilot_short %}.
Only counts messages or prompts actively sent to the model. Does **not** include opening the chat panel, switching modes (for example, ask, edit, plan, or agent), using keyboard shortcuts to open the inline UI, or making configuration changes. |
| `chat_panel_agent_mode` | Captures user-initiated interactions in the chat panel with agent mode selected. |
| `chat_panel_ask_mode` | Captures user-initiated interactions in the chat panel with ask mode selected. |
| `chat_panel_custom_mode` | Captures user-initiated interactions in the chat panel with a custom agent selected. |
diff --git a/content/copilot/reference/copilot-usage-metrics/interpret-copilot-metrics.md b/content/copilot/reference/copilot-usage-metrics/interpret-copilot-metrics.md
index fdb3784a928f..d9b8eec83367 100644
--- a/content/copilot/reference/copilot-usage-metrics/interpret-copilot-metrics.md
+++ b/content/copilot/reference/copilot-usage-metrics/interpret-copilot-metrics.md
@@ -34,7 +34,7 @@ The "Requests per chat mode" and "Agent adoption" charts show how developers are
| Signal | What it tells you | What to look for |
|:--|:--|:--|
-| Requests per chat mode | Breakdown of chat interactions by mode—Ask, Edit, or Agent. | A balanced distribution suggests users are exploring multiple capabilities. Heavy use of one mode can highlight where enablement should focus. |
+| Requests per chat mode | Breakdown of chat interactions by mode—Ask, Edit, Plan, or Agent. | A balanced distribution suggests users are exploring multiple capabilities. Heavy use of one mode can highlight where enablement should focus. |
| Agent adoption | Percentage of active users who used {% data variables.copilot.copilot_agent_short %}. | Growth over time shows that developers are progressing from basic completions to more advanced {% data variables.product.prodname_copilot_short %} features. |
## Reviewing model adoption
@@ -44,7 +44,7 @@ The "Model usage per day" and "Model usage per chat mode" charts help you unders
| Chart | Description | Insights to derive |
|:--|:--|:--|
| Model usage per day | Shows which AI models power {% data variables.copilot.copilot_chat_short %} activity. | Identify whether users are primarily engaging with default models or experimenting with newer ones. |
-| Model usage per chat mode | Breaks down model usage by chat mode (Ask, Edit, Agent). | Monitor how model adoption evolves as new models are released. |
+| Model usage per chat mode | Breaks down model usage by chat mode (Ask, Edit, Plan, Agent). | Monitor how model adoption evolves as new models are released. |
> [!NOTE]
> Model usage charts currently represent chat activity only. Completions data is not included in model breakdowns.
diff --git a/content/copilot/reference/copilot-usage-metrics/lines-of-code-metrics.md b/content/copilot/reference/copilot-usage-metrics/lines-of-code-metrics.md
index 539062092d19..9ded9e5a833b 100644
--- a/content/copilot/reference/copilot-usage-metrics/lines-of-code-metrics.md
+++ b/content/copilot/reference/copilot-usage-metrics/lines-of-code-metrics.md
@@ -42,17 +42,17 @@ LoC metrics require specific minimum versions of IDEs and {% data variables.prod
| IDE | Feature | Minimum IDE version | Minimum {% data variables.copilot.copilot_chat_short %} extension version |
|:--|:--|:--|:--|
| Eclipse | | 4.31 | 0.9.3.202507240902 |
-| | - `chat_panel` (Ask, Edit, Agent)
| 4.31 | 0.11.0.202508291001 |
+| | - `chat_panel` (Ask, Edit, Plan, Agent)
| 4.31 | 0.11.0.202508291001 |
| | | 4.31 | 0.10.0.202508110512 |
-| IntelliJ/JetBrains | - `code_completion`
- `chat_panel` (Ask, Edit, Agent)
- `chat_inline`
- `agent_edit`
| 2024.2.6 | 1.5.52-241 |
-| {% data variables.product.prodname_vs %} | - `code_completion`
- `chat_panel` (Ask, Edit, Agent)
| 17.14.13 | 18.0.471.29466 |
+| IntelliJ/JetBrains | - `code_completion`
- `chat_panel` (Ask, Edit, Plan, Agent)
- `chat_inline`
- `agent_edit`
| 2024.2.6 | 1.5.52-241 |
+| {% data variables.product.prodname_vs %} | - `code_completion`
- `chat_panel` (Ask, Edit, Plan, Agent)
| 17.14.13 | 18.0.471.29466 |
| | - `chat_inline`
- `agent_edit`
| 17.14.14 | 18.0.471.29466 |
| {% data variables.product.prodname_vscode_shortname %} | | 1.104.0 | 0.31.0 |
-| | - `chat_panel` (Ask, Edit, Agent)
| 1.102.0 | 0.29.0 |
+| | - `chat_panel` (Ask, Edit, Plan, Agent)
| 1.102.0 | 0.29.0 |
| | | 1.103.2 | 0.30.3 |
| | | 1.103.0 | 0.30.0 |
| XCode | | 14.3.1 | 0.40.0 |
-| | - `chat_panel` (Ask, Edit, Agent)
| 15.0 | 0.43.0 |
+| | - `chat_panel` (Ask, Edit, Plan, Agent)
| 15.0 | 0.43.0 |
| | | 15.2 | 0.41.0 |
## How agent mode affects LoC metrics
diff --git a/content/copilot/tutorials/roll-out-at-scale/assign-licenses/track-usage-and-adoption.md b/content/copilot/tutorials/roll-out-at-scale/assign-licenses/track-usage-and-adoption.md
index 6939a3499496..f14bd2329bd9 100644
--- a/content/copilot/tutorials/roll-out-at-scale/assign-licenses/track-usage-and-adoption.md
+++ b/content/copilot/tutorials/roll-out-at-scale/assign-licenses/track-usage-and-adoption.md
@@ -54,7 +54,7 @@ Once licenses are active, focus on the metrics that indicate healthy early adopt
| Signal | Where to find it in the dashboard | What to look for |
|:--|:--|:--|
| Consistent DAU growth | “IDE daily active users” graph | Steady increase in daily users over the first month. |
-| Feature variety | “Requests per chat mode” graph | Developers trying multiple chat modes (Ask, Edit, Agent) suggests curiosity and engagement. |
+| Feature variety | “Requests per chat mode” graph | Developers trying multiple chat modes (Ask, Edit, Plan, Agent) suggests curiosity and engagement. |
| Initial agent usage | “Agent adoption” card | Even small agent adoption (5–10%) early on is a positive signal of experimentation. |
Healthy early adoption usually looks like 60–80% of assigned users showing activity within the first month.
diff --git a/content/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry.md b/content/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry.md
index c6878960ce42..e3dd8c7f8f36 100644
--- a/content/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry.md
+++ b/content/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry.md
@@ -296,6 +296,61 @@ If you're using a nuspec file, ensure that it has a `repository` element with th
If you're using a `GITHUB_TOKEN` to authenticate to a {% data variables.product.prodname_registry %} registry within a {% data variables.product.prodname_actions %} workflow, the token cannot access private repository-based packages in a different repository other than where the workflow is running in. To access packages associated with other repositories, instead generate a {% data variables.product.pat_v1 %} with the `read:packages` scope and pass this token in as a secret.
+### Intermittent 403 errors when restoring public packages
+
+If you're using {% data variables.product.prodname_registry %} alongside _nuget.org_ and experiencing intermittent 403 Forbidden errors when restoring standard public packages (like `Microsoft.Extensions.*`), this may occur because NuGet queries all configured package sources for every package. If {% data variables.product.prodname_registry %} authentication fails temporarily, it can block the entire restore—even for packages that don't exist on {% data variables.product.prodname_registry %}.
+
+To avoid this, use [NuGet Package Source Mapping](https://learn.microsoft.com/nuget/consume-packages/package-source-mapping) to route packages to specific sources.
+
+Replace:
+* `NAMESPACE` with the name of the personal account or organization that owns your {% data variables.product.prodname_registry %} NuGet feed.
+* `PACKAGE-ID-PREFIX` with the NuGet package ID prefix that you use for packages hosted on {% data variables.product.prodname_registry %}. If you use multiple prefixes, add additional `` entries for each prefix.{% ifversion ghes %}
+* `HOSTNAME` with the host name for {% data variables.location.product_location %}.{% endif %}
+
+{% ifversion ghes %}If your instance has subdomain isolation enabled:
+{% endif %}
+
+```xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+```
+
+{% ifversion ghes %}
+If your instance has subdomain isolation disabled:
+
+```xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+```
+
+{% endif %}
+
+NuGet uses the [most specific matching pattern](https://learn.microsoft.com/nuget/consume-packages/package-source-mapping#package-pattern-precedence), so packages matching `PACKAGE-ID-PREFIX.*` are fetched only from {% data variables.product.prodname_registry %}, while all other packages are fetched from _nuget.org_. This also helps prevent dependency confusion attacks by ensuring your private packages can only come from your {% data variables.product.prodname_registry %} feed.
+
## Further reading
* [AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)
diff --git a/data/release-notes/enterprise-server/3-14/20.yml b/data/release-notes/enterprise-server/3-14/20.yml
index 9e93d741c475..c64ffc7c0f59 100644
--- a/data/release-notes/enterprise-server/3-14/20.yml
+++ b/data/release-notes/enterprise-server/3-14/20.yml
@@ -5,8 +5,6 @@ sections:
**HIGH:** An attacker could execute code within a victim's browser, potentially accessing sensitive information, by causing malicious HTML to be injected into the DOM when content is rendered by the Filter component found across GitHub. GitHub has requested CVE ID [CVE-2025-13744](https://www.cve.org/cverecord?id=CVE-2025-13744) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2026-01-06]
- |
**HIGH:** A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker could replace system binaries during hook cleanup and execute a payload that adds their own SSH key to the root user’s authorized keys—thereby granting themselves root SSH access to the server. To exploit this vulnerability, the attacker needed to have enterprise admin privileges. This vulnerability has been assigned [CVE-2025-11578](https://nvd.nist.gov/vuln/detail/CVE-2025-11578) and was reported through the GitHub Bug Bounty program.
- - |
- Authenticated users could target the internal aqueduct-lite endpoints by using a domain name to circumvent checks. To mitigate this issue, a Server-Side Request Forgery (SSRF) vulnerability has been fixed by blocking connections to loopback addresses after resolving the domain name for the webhook delivery address.
- |
Packages have been updated to the latest security versions.
bugs:
diff --git a/data/release-notes/enterprise-server/3-14/22.yml b/data/release-notes/enterprise-server/3-14/22.yml
index 91a829021df0..e99e5be7499a 100644
--- a/data/release-notes/enterprise-server/3-14/22.yml
+++ b/data/release-notes/enterprise-server/3-14/22.yml
@@ -1,5 +1,8 @@
date: '2026-01-06'
sections:
+ security_fixes:
+ - |
+ **HIGH:** An authenticated attacker with permission to configure webhooks could perform SSRF to access internal-only services on the instance, potentially disrupting background job processing. Exploitation required webhook configuration privileges and the ability to craft valid service requests. GitHub has requested CVE ID [CVE-2026-1999](https://www.cve.org/cverecord?id=CVE-2026-1999) for this vulnerability, which was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
bugs:
- |
On instances with GitHub Actions enabled, when administrators deleted a self-hosted runner from the service, the runner process continued running on the host and did not exit automatically.
diff --git a/data/release-notes/enterprise-server/3-15/15.yml b/data/release-notes/enterprise-server/3-15/15.yml
index 442f67f1afb8..02dc73055cbb 100644
--- a/data/release-notes/enterprise-server/3-15/15.yml
+++ b/data/release-notes/enterprise-server/3-15/15.yml
@@ -5,8 +5,6 @@ sections:
**HIGH:** An attacker could execute code within a victim's browser, potentially accessing sensitive information, by causing malicious HTML to be injected into the DOM when content is rendered by the Filter component found across GitHub. GitHub has requested CVE ID [CVE-2025-13744](https://www.cve.org/cverecord?id=CVE-2025-13744) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). [Updated: 2026-01-06]
- |
**HIGH:** A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker could replace system binaries during hook cleanup and execute a payload that adds their own SSH key to the root user’s authorized keys—thereby granting themselves root SSH access to the server. To exploit this vulnerability, the attacker needed to have enterprise admin privileges. This vulnerability has been assigned [CVE-2025-11578](https://nvd.nist.gov/vuln/detail/CVE-2025-11578) and was reported through the GitHub Bug Bounty program.
- - |
- Authenticated users could target the internal aqueduct-lite endpoints by using a domain name to circumvent checks. To mitigate this issue, this fixes a Server-Side Request Forgery (SSRF) vulnerability by blocking connections to loopback addresses after resolving the domain name for the webhook delivery address.
- |
Packages have been updated to the latest security versions.
bugs:
diff --git a/data/release-notes/enterprise-server/3-15/17.yml b/data/release-notes/enterprise-server/3-15/17.yml
index 610c1e93fd77..a0b300de3be4 100644
--- a/data/release-notes/enterprise-server/3-15/17.yml
+++ b/data/release-notes/enterprise-server/3-15/17.yml
@@ -1,5 +1,8 @@
date: '2026-01-06'
sections:
+ security_fixes:
+ - |
+ **HIGH:** An authenticated attacker with permission to configure webhooks could perform SSRF to access internal-only services on the instance, potentially disrupting background job processing. Exploitation required webhook configuration privileges and the ability to craft valid service requests. GitHub has requested CVE ID [CVE-2026-2304](https://www.cve.org/cverecord?id=CVE-2026-2304) for this vulnerability, which was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
bugs:
- |
On instances with GitHub Actions enabled, when administrators deleted a self-hosted runner from the service, the runner process continued running on the host and did not exit automatically.
diff --git a/data/release-notes/enterprise-server/3-16/10.yml b/data/release-notes/enterprise-server/3-16/10.yml
index d2723a60d290..7f1e3d08e484 100644
--- a/data/release-notes/enterprise-server/3-16/10.yml
+++ b/data/release-notes/enterprise-server/3-16/10.yml
@@ -5,8 +5,6 @@ sections:
**CRITICAL:** Redis has been upgraded to version 6.2.20 to address CVE-2025-49844 (also known as RediShell). Administrators should apply this update promptly to mitigate potential security risks.
- |
**HIGH:** An attacker could execute arbitrary code in the context of other users' browsers by supplying a malicious `label:` value that was injected into the DOM without proper sanitization. This could be triggered when a user visits a crafted Issues search URL, enabling session hijacking, account takeover, and recovery code exfiltration. GitHub has requested CVE ID [CVE-2025-11892](https://www.cve.org/cverecord?id=CVE-2025-11892) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- Authenticated users could target the internal aqueduct-lite endpoints by using a domain name to circumvent checks. This fix addresses this Server-Side Request Forgery (SSRF) vulnerability by blocking connections to loopback addresses after resolving the domain name for the webhook delivery address.
- |
Packages have been updated to the latest security versions.
bugs:
diff --git a/data/release-notes/enterprise-server/3-16/13.yml b/data/release-notes/enterprise-server/3-16/13.yml
index 388686a17f70..0a44004f595d 100644
--- a/data/release-notes/enterprise-server/3-16/13.yml
+++ b/data/release-notes/enterprise-server/3-16/13.yml
@@ -1,5 +1,8 @@
date: '2026-01-06'
sections:
+ security_fixes:
+ - |
+ **HIGH:** An authenticated attacker with permission to configure webhooks could perform SSRF to access internal-only services on the instance, potentially disrupting background job processing. Exploitation required webhook configuration privileges and the ability to craft valid service requests. GitHub has requested CVE ID [CVE-2026-1999](https://www.cve.org/cverecord?id=CVE-2026-1999) for this vulnerability, which was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
bugs:
- |
On instances with GitHub Actions enabled, when administrators deleted a self-hosted runner from the service, the runner process continued running on the host and did not exit automatically.
diff --git a/data/release-notes/enterprise-server/3-17/10.yml b/data/release-notes/enterprise-server/3-17/10.yml
index b4427a69808e..76e6a3f3fc7b 100644
--- a/data/release-notes/enterprise-server/3-17/10.yml
+++ b/data/release-notes/enterprise-server/3-17/10.yml
@@ -1,5 +1,8 @@
date: '2026-01-06'
sections:
+ security_fixes:
+ - |
+ **HIGH:** An authenticated attacker with permission to configure webhooks could perform SSRF to access internal-only services on the instance, potentially disrupting background job processing. Exploitation required webhook configuration privileges and the ability to craft valid service requests. GitHub has requested CVE ID [CVE-2026-1999](https://www.cve.org/cverecord?id=CVE-2026-1999) for this vulnerability, which was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
bugs:
- |
On instances with GitHub Actions enabled, when administrators deleted a self-hosted runner from the service, the runner process continued running on the host and did not exit automatically.
diff --git a/data/release-notes/enterprise-server/3-17/7.yml b/data/release-notes/enterprise-server/3-17/7.yml
index 5d3fb0876da0..da6a5f4bbf76 100644
--- a/data/release-notes/enterprise-server/3-17/7.yml
+++ b/data/release-notes/enterprise-server/3-17/7.yml
@@ -5,8 +5,6 @@ sections:
**CRITICAL:** Redis has been upgraded to version 6.2.20 to address CVE-2025-49844 (also known as RediShell). Administrators should apply this update promptly to mitigate potential security risks.
- |
**HIGH:** An attacker could execute arbitrary code in the context of other users' browsers by supplying a malicious `label:` value that was injected into the DOM without proper sanitization. This could be triggered when a user visits a crafted Issues search URL, enabling session hijacking, account takeover, and recovery code exfiltration. GitHub has requested CVE ID [CVE-2025-11892](https://www.cve.org/cverecord?id=CVE-2025-11892) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- Authenticated users could target the internal aqueduct-lite endpoints by using a domain name to circumvent checks. This fix addresses this Server-Side Request Forgery (SSRF) vulnerability by blocking connections to loopback addresses after resolving the domain name for the webhook delivery address.
- |
Packages have been updated to the latest security versions.
bugs:
diff --git a/data/release-notes/enterprise-server/3-18/1.yml b/data/release-notes/enterprise-server/3-18/1.yml
index 8f01a6d6f4b3..132ea8cdf274 100644
--- a/data/release-notes/enterprise-server/3-18/1.yml
+++ b/data/release-notes/enterprise-server/3-18/1.yml
@@ -5,8 +5,6 @@ sections:
**CRITICAL:** Redis has been upgraded to version 6.2.20 to address CVE-2025-49844 (also known as RediShell). Administrators should apply this update promptly to mitigate potential security risks.
- |
**HIGH:** An attacker could execute arbitrary code in the context of other users' browsers by supplying a malicious `label:` value that was injected into the DOM without proper sanitization. This could be triggered when a user visits a crafted Issues search URL, enabling session hijacking, account takeover, and recovery code exfiltration. GitHub has requested CVE ID [CVE-2025-11892](https://www.cve.org/cverecord?id=CVE-2025-11892) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
- - |
- Authenticated users could target the internal aqueduct-lite endpoints by using a domain name to circumvent checks. This fix addresses this Server-Side Request Forgery (SSRF) vulnerability by blocking connections to loopback addresses after resolving the domain name for the webhook delivery address.
- |
**LOW:** When a user updated a classic {% data variables.product.pat_generic_title_case %} (PAT) to remove all scopes instead of revoking the PAT, the change was silently ignored and the PAT continued to grant its previously held permissions. To mitigate this issue, GitHub updated the token management logic to correctly clear scopes when no scope is provided.
- |
diff --git a/data/release-notes/enterprise-server/3-18/4.yml b/data/release-notes/enterprise-server/3-18/4.yml
index a654815383a8..288f232922cc 100644
--- a/data/release-notes/enterprise-server/3-18/4.yml
+++ b/data/release-notes/enterprise-server/3-18/4.yml
@@ -1,5 +1,8 @@
date: '2026-01-06'
sections:
+ security_fixes:
+ - |
+ **HIGH:** An authenticated attacker with permission to configure webhooks could perform SSRF to access internal-only services on the instance, potentially disrupting background job processing. Exploitation required webhook configuration privileges and the ability to craft valid service requests. GitHub has requested CVE ID [CVE-2026-1999](https://www.cve.org/cverecord?id=CVE-2026-1999) for this vulnerability, which was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
bugs:
- |
On instances with GitHub Actions enabled, when administrators deleted a self-hosted runner from the service, the runner process continued running on the host and did not exit automatically.
diff --git a/data/release-notes/enterprise-server/3-19/1.yml b/data/release-notes/enterprise-server/3-19/1.yml
index c5878bb8249d..0fd33afefff3 100644
--- a/data/release-notes/enterprise-server/3-19/1.yml
+++ b/data/release-notes/enterprise-server/3-19/1.yml
@@ -1,6 +1,8 @@
date: '2026-01-06'
sections:
security_fixes:
+ - |
+ **HIGH:** An authenticated attacker with permission to configure webhooks could perform SSRF to access internal-only services on the instance, potentially disrupting background job processing. Exploitation required webhook configuration privileges and the ability to craft valid service requests. GitHub has requested CVE ID [CVE-2026-1999](https://www.cve.org/cverecord?id=CVE-2026-1999) for this vulnerability, which was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
- |
**HIGH:** An attacker could execute code within a victim's browser, potentially accessing sensitive information, by causing malicious HTML to be injected into the DOM when content is rendered by the Filter component found across GitHub. GitHub has requested CVE ID [CVE-2025-13744](https://www.cve.org/cverecord?id=CVE-2025-13744) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
bugs:
diff --git a/data/reusables/copilot/coding-agent-required-hosts.md b/data/reusables/copilot/coding-agent-required-hosts.md
index baca1d51b1bf..1acc40c0b7f1 100644
--- a/data/reusables/copilot/coding-agent-required-hosts.md
+++ b/data/reusables/copilot/coding-agent-required-hosts.md
@@ -2,5 +2,4 @@
* `user-images.githubusercontent.com`
* `api.individual.githubcopilot.com` (if you expect {% data variables.copilot.copilot_pro_short %} or {% data variables.copilot.copilot_pro_plus_short %} users to use {% data variables.copilot.copilot_coding_agent %} in your repository)
* `api.business.githubcopilot.com` (if you expect {% data variables.copilot.copilot_business_short %} users to use {% data variables.copilot.copilot_coding_agent %} in your repository)
-* `api.enterprise.githubcopilot.com` (if you expect {% data variables.copilot.copilot_enterprise_short %} users to use {% data variables.copilot.copilot_coding_agent %} in your repository)
-* `api.githubcopilot.com` (*no longer required after February 27, 2026*)
\ No newline at end of file
+* `api.enterprise.githubcopilot.com` (if you expect {% data variables.copilot.copilot_enterprise_short %} users to use {% data variables.copilot.copilot_coding_agent %} in your repository)
\ No newline at end of file