April patches for Azure DevOps Server and Team Foundation Server

Avatar

This month, we are releasing fixes for security vulnerabilities that impact our self-hosted product, Azure DevOps Server, as well as the following older Team Foundation Server releases: TFS 2017 and TFS 2018.

The following vulnerability and bug will be fixed with this patch:

  • CVE-2021-27067: Information disclosure

  • CVE-2021-28459: Spoofing vulnerability

  • Resolve the issue reported in this Developer Community feedback ticket | New Test Case button not working. The fix for this issue was applied to Azure DevOps Server 2020 and 2020.0.1 with the February patch. With this patch we are fixing this issue for Azure DevOps Server 2019.1.1.

Azure DevOps Server 2020.0.1 Patch 2

To implement fixes for this patch you will have to follow steps to install Azure DevOps Server 2020.0.1 Patch 2. In addition, you will have to install the AzureResourceGroupDeploymentV2 and AzureResourceGroupDeploymentV3 tasks. Please see the release notes for installation instructions.

Azure DevOps Server 2020

If you have Azure DevOps Server 2020, you should first update to Azure DevOps Server 2020.0.1. Once on 2020.0.1, install Azure DevOps Server 2020.0.1 Patch 2. In addition, you will have to install the AzureResourceGroupDeploymentV2 and AzureResourceGroupDeploymentV3 tasks. Please see the release notes for installation instructions.

Azure DevOps Server 2019.1.1 Patch 8

To apply Patch 8 you will have to install Azure DevOps Server 2019.1.1 Patch 8 and AzureResourceGroupDeploymentV2 task. Please see the release notes for task installation instructions.

Azure DevOps Server 2019.0.1 Patch 10

To apply Patch 10 you will have to install the AzureResourceGroupDeploymentV2 task. Please see the release notes for task installation instructions.

TFS 2018 Update 3.2 Patch 15

To apply Patch 15 you will have to install the AzureResourceGroupDeploymentV2 task. Please see the release notes for task installation instructions.

TFS 2018 Update 1.2 Patch 10

To apply Patch 10 you will have to install the AzureResourceGroupDeployment task. Please see the release notes for task installation instructions.

TFS 2017 Update 3.1 Patch 13

To apply Patch 13 you will have to install the AzureResourceGroupDeployment task. Please see the release notes for task installation instructions.

27 comments

Leave a comment