Earlier today, a routine system email was mistakenly sent to numerous GitHub Enterprise customers, inadvertently revealing customer email addresses by including them in the visible "To:" field. The incident, which did not affect GitHub Enterprise installations or expose any license keys or other sensitive data, originated from a Rails application used to manage trials and customer contact information. A recent update to Rails, intended to address security issues, introduced an unexpected change in SQL query behavior that contributed to the email mishap. The problem arose when the Rails scope method altered intended query conditions, leading to incorrect data retrieval. GitHub has addressed the issue in its applications and is collaborating with the Rails core team to assess the nature of this change and its broader implications. To prevent future occurrences, GitHub is enhancing its code review processes, implementing more rigorous automated testing, and introducing stricter sanity checks for email recipients.