← Back
GitHub
GitHub Enterprise Server 3.20 release candidate adds immutable releases and enterprise team management
GitHub · releasefeatureapisecurityplatform · github.blog ↗

Key Features

Immutable Releases and Security Enhancements

GitHub releases now support immutability, preventing release assets from being added, modified, or deleted after publication. The release tag itself is also protected from being moved or deleted. This feature helps protect distributed artifacts from supply chain attacks—a critical concern for enterprises managing software supply chains.

Enterprise Team Management

Enterprise owners can now create and manage enterprise teams directly through the API or enterprise settings UI. This enables simplified governance by allowing owners to:

  • Assign enterprise teams to organizations
  • Create and assign custom enterprise roles
  • Add teams to ruleset bypass lists

Organization and repository owners can assign roles to enterprise teams within their scope. This feature is currently in public preview and subject to change.

Secret Scanning Improvements

Secret scanning receives multiple enhancements to prevent credential leaks at scale:

  • Validity checks indicate whether secrets are still active
  • Enterprise-level push protection delegated bypass controls allow admins to manage bypass permissions
  • Alert assignment enables team collaboration on vulnerability resolution
  • Expanded default coverage blocks additional secret types during pushes, reducing credential leak risks
  • New detectors and improved detection for existing secret types

Advanced Security Role

The new Enterprise Security Manager role simplifies security policy and alert management across enterprises. This role is available for enterprises with up to 15,000 organizations and is currently in public preview.

Backup Service GA

The backup service, previously in public preview, is now generally available. This managed, built-in solution provides a simpler alternative to GHES backup utilities and eliminates the need for separate backup host infrastructure. Note that backup-utils will be retired starting in version 3.22.

Pull Request Improvements

The improved merge experience for pull requests is now generally available, featuring status checks grouped by status (with failing checks listed first), natural sorting, and enhanced accessibility with consistent keyboard navigation and focus management.

How to Get Started

Release candidates are available for early testing. Download the 3.20 release candidate and test in your environment before the general release. Feedback can be provided to GitHub's support team. For full release notes and additional details, consult the official GHES 3.20 documentation.