These release notes are for Zenhub Enterprise for Virtual Machine and Zenhub Enterprise for Kubernetes.

• For all users using Zenhub on github.com, please check out our new feature announcements on our product changelog.
• For administrators planning upgrades, please refer to the "Important Upgrade Instructions for Administrators" section.

GitHub Enterprise Server compatibility

Zenhub Enterprise 4.4.0 supports GitHub Enterprise versions: 3.14, 3.15, and 3.16

What's new in Zenhub Enterprise 4.4.0

We are thrilled to announce the release of Zenhub Enterprise 4.4.0 which contains a range of changes and security updates. Additionally, this release has been tested against the newly released Github Enterprise Server 3.16.0 and is compatible.

🚀 New and Updated Features

Issue Cards Redesign

We're kicking off 2025 with an exciting visual refresh of our issue cards, paving the way for our upcoming Work Breakdown System powered by Sub-issues. This isn't just a cosmetic update – it's a thoughtful redesign that puts productivity and user experience first.

Our redesigned issue cards bring several key improvements:

• Optimized space utilization for better information density
• Enhanced readability across all view modes
• More intuitive access to power-user features (pro tip: try bulk-selecting multiple issues!)
• Built-in support for Issue Types, Sub-issues, and Dependencies
• To Do / In Progress / Complete counts for cards with Sub-issues

Sidebar changes

We've renamed some of our Sidebar items to better describe what they do

• To prepare for additional views that will be coming, we've renamed "Board" to "Work Tracker"
• We moved the Roadmap up in the list
• We've renamed some of our reports to better describe what they do
  • Sprint Report → Sprint Burndown
  • Sprint Review → Sprint Summary
  • Velocity Tracking → Team Velocity
  • Milestone Report → Milestone Burndown
  • Control Chart → Lead / Cycle Time
  • Cumulative Flow → Bottleneck Tracking

Additionally, we've consolidated all settings items under the "Edit Workspace" dropdown

Daily Feed Changes

We've separated the Daily Feed into two distinct pages.

My Work
My Work gives you a streamlined view of all of the work assigned to you. You can pick which pipeline (status) of work to show.

Daily Standup
The "Team Feed" was always meant as a "Daily Standup" view, so that's what we've renamed it.

• Added the ability to shuffle the participant list for Daily Standups
• We've removed the tabs and streamlined what we show you
• We've removed the links and replaced them with metrics from "Today's Insights"
• You can pick which pipeline (status) of work to show

Sprint Burndown & Milestone Burndown

• We've removed the Insights & Recommendations panel as it was just too much on the screen at once - information overload! (we're taking a fresh look at how this can return)
• We've unified the layout of the reports
• We've streamlined how you filter these reports

Release Burnup Report Improvements

We've made several improvements to Release reports in the latest version:

• Releases with start dates in the future can now be loaded in the Release Burnup report. You won't be able to review progress towards the release (as it hasn't started yet) but you'll be able to see any issues added to the Release and its issue and story point totals.
• Fixed a bug where filtering the Release report by a label would not update the chart visualization with tracking progress for issue with that label
• Fixed a bug where selecting a Release would sometimes load the wrong Release

Improved Enterprise Management Features

• Added the ability to enable "Auto-reseat" Users from the "Manage your plan" page. If enabled, unseated users who previously had a license will be auto-assigned a seat (if licenses are available) upon their next login.
• Added the ability to export a CSV list of all seated users and their activity from the "Seats" page.
• Modified the "Usage Report" for ZHE admins to exclude users who have logged into Zenhub but have not been granted a valid license (NOTE: This change does not impact historical usage report number)

🐞 Bug Fixes

• Fixed a bug causing certain invitations not allowing users to join the target organization
• Fixed a bug which would fail to move issues when dragging & dropping issues with connected PRs on the board
• Fixed a bug where the Zenhub extension would not load reliably when navigating GitHub pages rapidly
• Fixed a bug where the Zenhub extension would sometimes duplicate content when navigating with browser Back/Forward buttons
• Fixed a bug where clicking on a video embed inside a Zenhub issue description would trigger edit mode rather than playing the video
• Fixed a bug closed epics would sometimes appear in the "Open" tab of the Epic selector dropdown
• Fixed a bug which caused extra scrollbars to appears for Zenhub extension users who were also GHE administrators

🔒 Security Fixes

• Package security updates
  • pgbouncer: docker.io/edoburu/pgbouncer:1.20.1-p0 -> docker.io/edoburu/pgbouncer:v1.23.1-p3
    • Updated OpenSSL Defaults
    • FIPS Compliance by utilizing OpenSSL for MD5 hash calculations when possible
  • redis: docker.io/bitnami/redis:7.0.12 -> docker.io/bitnami/redis:7.0.15
  • rabbitmq: docker.io/bitnami/rabbitmq:3.8.35 -> docker.io/bitnami/rabbitmq:3.12.14
  • golang: golang:1.19.13-bullseye -> golang:1.24.1-bullseye
    • Fixes CVE-2025-22870 and CVE-2024-45336
  • Kubernetes: v1.28.13 -> v1.32.1
    • Fixes CVE-2025-1974, CVE-2024-5321, CVE-2024-40635, and CVE-2025-0426
  • Postgresql: docker.io/bitnami/postgresql:15.3 -> docker.io/bitnami/postgresql:15.7
    • Fixes CVE-2025-1094 and CVE-2024-4317

Known Issues

• zhe-config --chrony-ntp does not properly configure a custom NTP endpoint

VM Embedded Component Versions

Important Upgrade Instructions for Administrators

Zenhub Enterprise for Virtual Machine

• You must be running 4.2.x or 4.3.x to perform the upgrade to ZHE 4.4.0
• For users currently running Zenhub Enterprise, contact our team for a download link for the upgrade package. The upgrade process is detailed in our documentation.

Important News for Administrators

1. You can now customize Postgres parameters and resource allocation. Please refer to the following readme to find out how to do so.
2. You can now perform a Fail2Ban basic configuration by running zhe-confg --fail2ban. Please refer to 3.3 Configure Zenhub here to view the configurable parameters.
3. We now provide support for resuming from a failing upgrade. You can read more about it here.
4. We fixed a bug where reloading the Zenhub application using zhe-config --reload didn't properly reflect the configurations in configuration.yaml. This has been fixed.

Zenhub Enterprise for Kubernetes

⚠️ NOTE: The minimum version of Kubernetes required to run ZHE 4.4 is now v1.32.

1. Prepare

• Get the kustomization.yaml you configured to setup Zenhub
• Perform a diff to make sure no outstanding changes are waiting to be applied

kustomize build . | kubectl diff -f-

It should exit 0 and only display a warning of unused variables. If changes are pending, apply them before starting the upgrade process.

• Make a copy of your existing kustomization.yaml and keep it handy for the next step

2. Update kustomization.yaml

• Check out the zenhub-enterprise repository at the tag of this release
• Populate the new kustomization.yaml with your existing configuration values

Be sure to replace any additional customized configuration (such as ingress, TLS configuration) with your original configuration from before as well.

• In ZHE 4.0 and onwards, secret_key_base is required to be a 42 byte string, any existing 38 byte string should be updated as described in kustomization.yaml
• If you are using your own registry and not Zenhub's registry, upload the new images tagged with this release to your registry.

3. Run configmap-generator.sh

Once you have setup all the configurations in your copy of kustomization.yaml and are ready to deploy to your cluster, you must run the configmap-generator.sh script that will fill placeholders in our Kubernetes manifests with your configuration values.

To run the script, navigate to the root of the directory containing your kustomization.yaml file, which also contains the configmap-generator.sh script. Then, run the script with these two commands:

chmod 700 configmap-generator.sh
./configmap-generator.sh

4. Application updates

In your new kustomization.yaml, confirm that the cluster image tags are set to the new images for this release:

If you are using your own registry, ensure that the newName fields are configured for that instead of Zenhub's

images:
  - name: kraken-webapp
    newName: us.gcr.io/zenhub-public/kraken-webapp
    newTag: zhe-4.4.0
  - name: kraken-extension
    newName: us.gcr.io/zenhub-public/kraken-extension
    newTag: zhe-4.4.0
  - name: kraken-zhe-admin
    newName: us.gcr.io/zenhub-public/kraken-zhe-admin
    newTag: zhe-4.4.0
  - name: raptor-backend
    newName: us.gcr.io/zenhub-public/raptor-backend
    newTag: zhe-4.4.0
  - name: toad-backend
    newName: us.gcr.io/zenhub-public/toad-backend
    newTag: zhe-4.4.0
  - name: sanitycheck
    newName: us.gcr.io/zenhub-public/sanitycheck
    newTag: zhe-4.4.0
  - name: devsite
    newName: us.gcr.io/zenhub-public/devsite
    newTag: zhe-4.4.0
  - name: busybox
    newName: docker.io/library/busybox
    newTag: latest
  - name: nginx
    newName: docker.io/library/nginx
    newTag: latest

• First, delete any raptor-db-migrate and sanitycheck jobs so they may be recreated without errors:

Make sure the status of the jobs are Complete and not Running

kubectl -n <your_dedicated_namespace> delete job/raptor-db-migrate job/sanitycheck

• Then perform a diff to check what the upgrade will do (this command must be run from the directory that contains your kustomization.yaml

kustomize build . | kubectl diff -f-

• If everything looks correct and there are no errors, you can deploy to the cluster via:

kustomize build . | kubectl apply -f-

7. Finalize

• Securely store the updated kustomization.yaml