Enterprise bug fix hour for week of February 19, 2024 (#49495)

mattpollard · digimangos · web-flow · commit b594690ff55b · 2024-03-11T21:44:03.000Z
Co-authored-by: Damien Hardy &lt;49808393+digimangos@users.noreply.github.com&gt;
diff --git a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md b/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md
@@ -24,6 +24,10 @@ redirect_from:
 
 For more information about using OIDC with {% data variables.product.prodname_emus %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users)" and "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-from-saml-to-oidc)."
 
+## About CAP and deploy keys
+
+A deploy key is an SSH key that grants access to an individual repository. Because deploy keys do not perform operations on behalf of a user, CAP IP conditions do not apply to any requests authenticated with a deploy key. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys)."
+
 ## Considerations for integrations and automations
 
 {% data variables.product.prodname_dotcom %} sends the originating IP address to your IdP for validation against your CAP. To make sure  actions and apps are not blocked by your IdP's CAP, you will need to make changes to your configuration.
@@ -49,3 +53,7 @@ When {% data variables.product.prodname_github_apps %} call {% data variables.pr
 You can contact the owners of the apps you want to use, ask for their IP ranges, and configure your IdP's CAP to allow access from those IP ranges. If you're unable to contact the owners, you can review your IdP sign-in logs to review the IP addresses seen in the requests, then allow-list those addresses.
 
 If you do not wish to allow all of the IP ranges for all of your enterprise's apps, you can also exempt installed {% data variables.product.prodname_github_apps %} and authorized {% data variables.product.prodname_oauth_apps %} from the IdP allow list. If you do so, these apps will continue working regardless of the originating IP address. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#allowing-access-by-github-apps)."
+
+## Further reading
+
+- [Using the location condition in a Conditional Access policy](https://learn.microsoft.com/entra/identity/conditional-access/location-condition) on Microsoft Learn
diff --git a/content/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise.md b/content/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise.md
@@ -51,6 +51,12 @@ You can view the number of {% data variables.product.prodname_enterprise %} lice
 
 You can also see pending {% data variables.product.prodname_enterprise %} invitations to subscribers in {% data variables.visual_studio.prodname_vss_admin_portal_with_url %}.
 
+## About licenses for {% data variables.product.prodname_ghe_server %}
+
+{% data reusables.enterprise.ghe-includes-ghec-and-ghes %} For more information, see "[AUTOTITLE](/admin/overview/about-github-for-enterprises#about-deployment-options)."
+
+If you use {% data variables.product.prodname_ghe_server %}, you can ensure that each {% data variables.product.prodname_vs %} subscriber consumes only one license seat, regardless of whether the subscriber uses {% data variables.product.prodname_ghe_server %}, {% data variables.product.prodname_ghe_cloud %}, or both. If a subscriber only uses {% data variables.product.prodname_ghe_server %}, the subscriber does not also need a user account for {% data variables.product.prodname_ghe_cloud %}. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)."
+
 ## Further reading
 
 - [{% data variables.product.prodname_vs %} subscriptions with {% data variables.product.prodname_enterprise %}](https://docs.microsoft.com/visualstudio/subscriptions/access-github) in Microsoft Docs
diff --git a/content/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise.md b/content/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise.md
@@ -21,7 +21,7 @@ shortTitle: About licenses
 
 {% endif %}
 
-{% data reusables.enterprise-licensing.unique-user-licensing-model %}
+{% data reusables.enterprise-licensing.unique-user-licensing-model %} For more information about per-user pricing, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/about-per-user-pricing)." For more about the price of {% data variables.product.prodname_enterprise %} licenses, see [Pricing](https://github.com/pricing) on the {% data variables.product.prodname_dotcom %} website.
 
 To ensure the same user isn't consuming more than one license for multiple enterprise deployments, you can synchronize license usage between your {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %} deployments.
 
diff --git a/content/repositories/creating-and-managing-repositories/about-repositories.md b/content/repositories/creating-and-managing-repositories/about-repositories.md
@@ -110,15 +110,8 @@ All enterprise members have read permissions to the internal repository, but int
 
 {% data reusables.repositories.internal-repo-default %}
 
-{% ifversion ghec %}Unless your enterprise uses {% data variables.product.prodname_emus %}, members{% else %}Members{% endif %} of the enterprise can fork any internal repository owned by an organization in the enterprise. The forked repository will belong to the member's personal account, and the visibility of the fork will be private. If a user is removed from all organizations owned by the enterprise, that user's forks of internal repositories are removed automatically.
+By default, enterprise members can fork an internal repository into any organization where the user can create repositories. Organization owners can also allow users to create a fork owned by a user account, and can manage the forking policy for an organization. Enterprise owners can manage the forking policy for some or all organizations within an enterprise. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization)" and "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-forking-private-or-internal-repositories)."
 
-{% ifversion ghec %}
-{% note %}
-
-**Note:** {% data variables.enterprise.prodname_managed_users_caps %} cannot fork internal repositories. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users#abilities-and-restrictions-of-managed-user-accounts)."
-
-{% endnote %}
-{% endif %}
 {% endif %}
 
 ## Next steps
diff --git a/data/features/team-discussions-migration.yml b/data/features/team-discussions-migration.yml
@@ -1,4 +1,4 @@
 # Reference: #8869
 # Team Discussions migration and eventual deprecation announcement (for GHES - already deprecated for Dotcom and GHEC)
 versions:
-  ghes: '>3.9'
+  ghes: '>3.9 <3.13'
diff --git a/data/features/team-discussions.yml b/data/features/team-discussions.yml
@@ -1,4 +1,4 @@
 # Reference: #8869
 # Versions for which team discussions is still supported (deprecated for all other versions)
 versions:
-  ghes: '<3.12'
+  ghes: '<3.13'
diff --git a/data/release-notes/enterprise-server/3-10/0.yml b/data/release-notes/enterprise-server/3-10/0.yml
@@ -316,4 +316,4 @@ sections:
     - heading: Upcoming deprecation of team discussions
       notes:
         - |
-          GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.12. In GitHub Enterprise Server 3.10, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)."
+          GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.10, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." [Updated: 2024-03-04]
diff --git a/data/release-notes/enterprise-server/3-11/0.yml b/data/release-notes/enterprise-server/3-11/0.yml
@@ -353,5 +353,11 @@ sections:
 
            For more information about Python releases, see [Status of Python versions](https://devguide.python.org/versions) on the Python website. For more information about supported package managers for Dependabot, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)."
 
+    # https://github.com/github/releases/issues/2605
+    - heading: Upcoming deprecation of team discussions
+      notes:
+        - |
+          GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.11, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." [Updated: 2024-03-04]
+
   errata:
     - 'The "[Changes](/admin/release-notes#3.11.0-changes)" section previously indicated that users should update GitHub Actions workflows and actions to run on Node.js 16. Node.js 16 has reached end of life, and users should instead update actions and workflows to run on Node.js 20 or later. [Updated: 2024-03-05]'
diff --git a/data/release-notes/enterprise-server/3-12/0-rc1.yml b/data/release-notes/enterprise-server/3-12/0-rc1.yml
@@ -178,3 +178,11 @@ sections:
       {% data reusables.release-notes.2023-11-cluster-ha-failover-git-push-failure %}
     - |
       Restoring backups with `ghe-restore` on a GHES cluster will exit prematurely if `redis` has not restarted properly.
+
+  deprecations:
+    # https://github.com/github/releases/issues/2605
+    - heading: Upcoming deprecation of team discussions
+      notes:
+        - |
+          GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.12, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." [Updated: 2024-03-04]
+
diff --git a/data/reusables/enterprise-accounts/emu-cap-validates.md b/data/reusables/enterprise-accounts/emu-cap-validates.md
@@ -1 +1 @@
-When your enterprise uses OIDC SSO, {% data variables.product.prodname_dotcom %} will automatically use your IdP's conditional access policy (CAP) IP conditions to validate user interactions with {% data variables.product.prodname_dotcom %}, when members change IP addresses, and each time a {% data variables.product.pat_generic %} or SSH key is used.
+When your enterprise uses OIDC SSO, {% data variables.product.prodname_dotcom %} will automatically use your IdP's conditional access policy (CAP) IP conditions to validate interactions with {% data variables.product.prodname_dotcom %} when members change IP addresses, and for each authentication with a {% data variables.product.pat_generic %} or SSH key associated with a user account.
diff --git a/data/reusables/enterprise_clustering/network-latency.md b/data/reusables/enterprise_clustering/network-latency.md
@@ -1 +1 @@
-For high availability, the latency between the network with the active nodes and the network with the replica nodes must be less than 70 milliseconds. We don't recommend configuring a firewall between the two networks.
+The latency between primary and replica nodes must be less than 70 milliseconds. We don't recommend configuring a firewall between the nodes' networks.
diff --git a/data/reusables/organizations/team-discussions-api-deprecation.md b/data/reusables/organizations/team-discussions-api-deprecation.md
@@ -2,7 +2,7 @@
 
 {% note %}
 
-The team discussions and team discussion comments endpoints will be deprecated in {% data variables.product.prodname_ghe_server %} 3.12 in favor of {% data variables.product.prodname_discussions %}. For more information about {% data variables.product.prodname_discussions %}, see "[AUTOTITLE](/discussions)."
+The team discussions and team discussion comments endpoints will be deprecated in {% data variables.product.prodname_ghe_server %} 3.13 in favor of {% data variables.product.prodname_discussions %}. For more information about {% data variables.product.prodname_discussions %}, see "[AUTOTITLE](/discussions)."
 
 {% endnote %}
 
diff --git a/data/reusables/organizations/team-discussions-migration.md b/data/reusables/organizations/team-discussions-migration.md
@@ -1,7 +1,7 @@
 
 {% note %}
 
-**Note**: Team discussions will be deprecated in {% data variables.product.prodname_ghe_server %} 3.12 in favor of {% data variables.product.prodname_discussions %}. You can transfer your existing team discussions to a repository's discussions by using a migration tool that allows team admins to migrate both public and private team discussions. Click the "Transfer" button in the banner at the top of your team discussions page, then choose the repository in your organization that you want to migrate the discussions to.
+**Note**: Team discussions will be deprecated in {% data variables.product.prodname_ghe_server %} 3.13 in favor of {% data variables.product.prodname_discussions %}. You can transfer your existing team discussions to a repository's discussions by using a migration tool that allows team admins to migrate both public and private team discussions. Click the "Transfer" button in the banner at the top of your team discussions page, then choose the repository in your organization that you want to migrate the discussions to.
 
 For more information about {% data variables.product.prodname_discussions %}, see "[AUTOTITLE](/discussions)."
 

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-When your enterprise uses OIDC SSO, {% data variables.product.prodname_dotcom %} will automatically use your IdP's conditional access policy (CAP) IP conditions to validate user interactions with {% data variables.product.prodname_dotcom %}, when members change IP addresses, and each time a {% data variables.product.pat_generic %} or SSH key is used.`
	`1`	`+When your enterprise uses OIDC SSO, {% data variables.product.prodname_dotcom %} will automatically use your IdP's conditional access policy (CAP) IP conditions to validate interactions with {% data variables.product.prodname_dotcom %} when members change IP addresses, and for each authentication with a {% data variables.product.pat_generic %} or SSH key associated with a user account.`