April patches for Azure DevOps Server and Team Foundation Server
Gloridel Morales
This month, we are releasing fixes for security vulnerabilities that impact our self-hosted product, Azure DevOps Server, as well as the following older Team Foundation Server releases: TFS 2017 and TFS 2018.
The following vulnerability and bug will be fixed with this patch:
CVE-2021-27067: Information disclosure
CVE-2021-28459: Spoofing vulnerability
Resolve the issue reported in this Developer Community feedback ticket | New Test Case button not working. The fix for this issue was applied to Azure DevOps Server 2020 and 2020.0.1 with the February patch. With this patch we are fixing this issue for Azure DevOps Server 2019.1.1.
Azure DevOps Server 2020.0.1 Patch 2
To implement fixes for this patch you will have to follow steps to install Azure DevOps Server 2020.0.1 Patch 2. In addition, you will have to install the AzureResourceGroupDeploymentV2 and AzureResourceGroupDeploymentV3 tasks. Please see the release notes for installation instructions.
Azure DevOps Server 2020
If you have Azure DevOps Server 2020, you should first update to Azure DevOps Server 2020.0.1. Once on 2020.0.1, install Azure DevOps Server 2020.0.1 Patch 2. In addition, you will have to install the AzureResourceGroupDeploymentV2 and AzureResourceGroupDeploymentV3 tasks. Please see the release notes for installation instructions.
Azure DevOps Server 2019.1.1 Patch 8
To apply Patch 8 you will have to install Azure DevOps Server 2019.1.1 Patch 8 and AzureResourceGroupDeploymentV2 task. Please see the release notes for task installation instructions.
Azure DevOps Server 2019.0.1 Patch 10
To apply Patch 10 you will have to install the AzureResourceGroupDeploymentV2 task. Please see the release notes for task installation instructions.
TFS 2018 Update 3.2 Patch 15
To apply Patch 15 you will have to install the AzureResourceGroupDeploymentV2 task. Please see the release notes for task installation instructions.
TFS 2018 Update 1.2 Patch 10
To apply Patch 10 you will have to install the AzureResourceGroupDeployment task. Please see the release notes for task installation instructions.
TFS 2017 Update 3.1 Patch 13
To apply Patch 13 you will have to install the AzureResourceGroupDeployment task. Please see the release notes for task installation instructions.
Light
Dark
27 comments
Is there a possibility to install the new versions for AzureResourceGroupDeploymentV2 and AzureResourceManagerTemplateDeploymentV3 on a server level?
Because I needed to do the “tfx build task upload” for all of my collections. Otherwise a collection would still display old version.
And what about, when I create new collections? Will the old versions of the tasks be used?
Or do I have to use a special service url? Uploading worked only with “https://devopsserver/{CollectionName}”and not with “https://devopsserver/” as Service-URL.
Hi
The above section about Azure DevOps Server 2020.0.1 Patch 2 mentions the following two tasks:
AzureResourceGroupDeploymentV2
AzureResourceGroupDeploymentV3
Whereas the release notes for the same mentions:
AzureResourceGroupDeploymentV2
AzureResourceManagerTemplateDeploymentV3
I guess that the release notes are correct, right?
Do I even need to install them if I do not need them? I am primarily installing the patch to fix the build retention. Then I would just get them when eventually upgrading to 2020.1 or a later version.