TFS Security updates
On Wednesday, we released a roll up of fixes for security vulnerabilities for several versions of Team Foundation Server. There are no new features in this update. Most of the vulnerabilities are related to cross site scripting (XSS), some of which were customer reported. The others include an improperly encoded API, a service endpoint editing experience which exposes a previously configured password, and a regex denial of service vulnerability in our web portal. We recommend customers install these updates. These fixes are included in the recently released Team Foundation Server 2018 Update 1. The release on Wednesday was for older versions and for customers who are not yet ready to update to the TFS 2018.