February patches for Azure DevOps Server
This month, we are releasing fixes that impact our self-hosted product, Azure DevOps Server.
The following versions of the products have been patched. Check out the links for each version for more details.
Azure DevOps Server 2022.1 Patch 2
If you have Azure DevOps Server 2022.1, you should install Azure DevOps Server 2022.1 Patch 2.
- CVE-2024-20667: Azure DevOps Server Remote Code Execution Vulnerability.
- Fixing details page rendering issue on Search extension.
- Fixed a bug where the disk space used by the proxy cache folder was calculated incorrectly and the folder was not cleaned up.
Verifying Installation
- Run
devops2022.1patch2.exe CheckInstall,devops2022.1patch2.exeis the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.
Azure DevOps Server 2020.1.2 Patch 12
If you have Azure DevOps Server 2020.1.2, you should install Azure DevOps Server 2020.1.2 Patch 12.
- CVE-2024-20667: Azure DevOps Server Remote Code Execution Vulnerability.
- Fixed a bug where the disk space used by the proxy cache folder was calculated incorrectly and the folder was not cleaned up.
Verifying Installation
- Run
devops2020.1.2patch12.exe CheckInstall,devops2020.1.2patch12.exeis the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.
Azure DevOps Server 2019.1.2 Patch 7
If you have Azure DevOps Server 2019.1.2, you should install Azure DevOps Server 2019.1.2 Patch 7.
- CVE-2024-20667: Azure DevOps Server Remote Code Execution Vulnerability.
- Fixed a bug where the disk space used by the proxy cache folder was calculated incorrectly and the folder was not cleaned up.
Verifying Installation
- Run
devops2019.1.2patch7.exe CheckInstall,devops2019.1.2patch7.exeis the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.
Light
Dark
5 comments
Again a prove how high the quality is at Microsoft
Don´t install this patch on your AzDO proxies. Afterwards you will get following error message:
Field not found: ‘Microsoft.TeamFoundation.Framework.Server.FileCacheService.s_md5HashHeader’
And you have to roll back the patch
We had something similar when upgrading to the original Azure DevOps Server 2022 release:
https://developercommunity.visualstudio.com/t/Proxy-upgrade-to-2022-breaks-its-functio/10264792
It would be nice with a little information from the product team about the strategy for the proxy functionality and perhaps how they are tested.
Hello Team,
I have version Azure DevOps server 2022.1 , no patch installed as such,
can you please confirm if i can directly jump to patch 2 instead of installing patch 1.
Hello,
We’re trying to install Azure Devops Server 2019 Update 1.2 Patch 6 before doing Patch 7. We are getting the following error when running:
tfx build tasks upload –task-zip-path AzureFileCopyV1.1.230.0.zip
error: TypeError: Cannot read property ‘async’ of undefined.
We had no problem running similar commands in Patch 5.
I did try the other tasks and they uploaded successfully.
Regards,
Curt
I have exactly the same with the updated tasks which are mentioned in the release notes of Azure DevOps Server 2020 update 1.2 patch 10.
uploading AzureFileCopyV1.1.230.0.zip gives “error: TypeError: Cannot read property ‘async’ of undefined.”