For Azure DevOps, our analysis pointed towards the Search service not being vulnerable. Even so, we are following the guidance and upgrading to the latest Log4j version and reviewing our network security group rules for the Search service as part of a defense in depth strategy. We will continue posting updates to this blog post as we learn mor
This month, we are releasing fixes that impact our self-hosted product, Azure DevOps Server.
The following will be fixed with this patch:
Azure DevOps Server 2020.1.1 Patch 2
If you have Azure DevOps Server 2020.1.1, you should install Azure DevOps Server 2020.1.1 Patch 2. Check out the release notes for more details.
Azure DevOps was recently informed by GitKraken's development team, Axosoft, of a security vulnerability in GitKarken's key generation algorithm. This vulnerability led to the generation of insecure SSH keys. We identified customers affected by this vulnerability and revoked their SSH keys. Check out the blog post for more details.