Today we are releasing patches that impact our self-hosted product, Azure DevOps Server, as well as Team Foundation Server 2018.3.2. We strongly encourage and recommend that all customers use the latest, most secure release of Azure DevOps Server. You can download the latest version of the product, Azure DevOps Server 2022.2 from the Azure DevOps Server download page.
Previously, the Azure DevOps Agent used the Edgio CDN with endpoint vstsagentpackage.azureedge.net. As part of Edgio’s retirement, the vstsagentpackage.azureedge.net domain is being decommissioned. To ensure continued availability, we have migrated to an Akamai-backed CDN with a new endpoint download.agent.dev.azure.com. This patch includes the necessary changes to fetch the Agent binaries from the new CDN endpoint, thereby migrating away from the previous CDN endpoint.
Note: Domain retirement applies to the
vstsagentpackage.azureedge.netdomain only and not all*.azureedge.netdomains. You can learn more about the Azure CDN from Edgio retirement in the FAQ documentation.Important: The CDN Domain URL change for Agents in Pipelines blog provides steps to follow before installing this patch.
Azure DevOps Server 2022.2 Patch 5
If you have Azure DevOps Server 2022.2, you should install Azure DevOps Server 2022.2 Patch 5 to have the most secure product experience. Check out the Release notes for details.
Note: Azure DevOps Server 2022.2 is the latest version of Azure DevOps Server. If you have installed Azure DevOps Server 2022 or Azure DevOps Server 2022.1, you should first upgrade to Azure DevOps Server 2022.2 and then install Azure DevOps Server 2022.2 Patch 5.
Verifying Installation
Run devops2022.2patch5.exe CheckInstall, devops2022.2patch5.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.
Additional versions that we patched
The versions of Azure DevOps Server and Team Foundation Server listed in the table below have also been patched. Check out the links in the Release Notes column for each version to install each patch.
| Version | Release Notes |
|---|---|
| Azure DevOps Server 2020.1.2 | Patch 16 |
| Azure DevOps Server 2019.1.2 | Patch 11 |
| Team Foundation Server 2018.3.2 | Patch 20 |
Hello, I am trying the azure webhook api calls that found on your documention for creating webhooks via ui or api calls. My question is like that: I was able to create webhook by an api post request with not specifing the projectid . This created webhook on the organization level and i was able to get events on any change on any project in this organization. I could not find any documentation on your site about creating webhooks on organization but only on project.
Also the ui shows only in project this webhooks tab with this option....
Can you say if the RC you speak of is a major version or only an update release for 2022?
Hi Travis, it will be a major version.
Hello Gloridel,
can you please clarify the status of "CVE-2025-29813" - Azure DevOps Server Elevation of Privilege Vulnerability.
On the one hand it says "Server" on the other it says "This vulnerability has already been fully mitigated by Microsoft. "
That sounds little bit strange. If it was for Azure Devops Services Microsoft could fully mitigate problems, but how should this work on Azure Devops Server?
Looks for like either the CVE mentions Server instead of Services or that a patch for the server is needed.
Since this is CVE 10.0 vulnerability it would be nice to know when/if a patch is available to...
I’ve got an answer from the product group. The vulnerability is not related to Azure Devops Server but only Services.
The CVE entry will be fixed
hello - I am currently running Azure DevOps Server 2022 - Base patch 4- v19.205.33802.4 installed/applied. No updates to the base ,i.e. (devops2022.0.1patchX) are installed nor any devops2022.1(Update 1), nor devops2022.2(Update 2) patches are installed. No one kept up with patch management. This is disconnected system(standalone). I've downloaded at least 17 executables.Read more
- Can I do the lastest patch for each segment to step this up to current release?
-Must I install a RC or RTW when going up a major release ?
-Must I also perform a backup in server admin console prior to applying a update / patch?
Hi Karen,
pay attention that Azure DevOps Server 2022.2 no longer supports SQL Server 2017 and you need to upgrade to SQL Server 2019 or higher
Hi Karen, the patch is applicable to Azure DevOps Server 2022.2. You will have to upgrade to the latest version of Azure DevOps Server 2022 (2022.2) to apply the patch. You can download the latest from our Download Page and then install Patch 5. We recommend that you back up the databases regularly but it is not required before installing a patch.