February patches for Azure DevOps Server

Gloridel Morales

This month, we are releasing fixes that impact our self-hosted product, Azure DevOps Server.

The following versions of the products have been patched. Check out the links for each version for more details.

Azure DevOps Server 2022.1 Patch 2

If you have Azure DevOps Server 2022.1, you should install Azure DevOps Server 2022.1 Patch 2.

Release notes

  • CVE-2024-20667: Azure DevOps Server Remote Code Execution Vulnerability.
  • Fixing details page rendering issue on Search extension.
  • Fixed a bug where the disk space used by the proxy cache folder was calculated incorrectly and the folder was not cleaned up.

Verifying Installation

  • Run devops2022.1patch2.exe CheckInstall, devops2022.1patch2.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.

Azure DevOps Server 2020.1.2 Patch 12

If you have Azure DevOps Server 2020.1.2, you should install Azure DevOps Server 2020.1.2 Patch 12.

Release notes

  • CVE-2024-20667: Azure DevOps Server Remote Code Execution Vulnerability.
  • Fixed a bug where the disk space used by the proxy cache folder was calculated incorrectly and the folder was not cleaned up.

Verifying Installation

  • Run devops2020.1.2patch12.exe CheckInstall, devops2020.1.2patch12.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.

Azure DevOps Server 2019.1.2 Patch 7

If you have Azure DevOps Server 2019.1.2, you should install Azure DevOps Server 2019.1.2 Patch 7.

Release notes

  • CVE-2024-20667: Azure DevOps Server Remote Code Execution Vulnerability.
  • Fixed a bug where the disk space used by the proxy cache folder was calculated incorrectly and the folder was not cleaned up.

Verifying Installation

  • Run devops2019.1.2patch7.exe CheckInstall, devops2019.1.2patch7.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.

5 comments

Discussion is closed. Login to edit/delete existing comments.

  • Markus 3

    Again a prove how high the quality is at Microsoft

    Don´t install this patch on your AzDO proxies. Afterwards you will get following error message:

    Field not found: ‘Microsoft.TeamFoundation.Framework.Server.FileCacheService.s_md5HashHeader’

    And you have to roll back the patch

  • Ninad Patil 0

    Hello Team,

    I have version Azure DevOps server 2022.1 , no patch installed as such,

    can you please confirm if i can directly jump to patch 2 instead of installing patch 1.

  • Curt Koch 0

    Hello,

    We’re trying to install Azure Devops Server 2019 Update 1.2 Patch 6 before doing Patch 7. We are getting the following error when running:
    tfx build tasks upload –task-zip-path AzureFileCopyV1.1.230.0.zip
    error: TypeError: Cannot read property ‘async’ of undefined.
    We had no problem running similar commands in Patch 5.

    I did try the other tasks and they uploaded successfully.

    Regards,
    Curt

    • Marcel Vermeulen 0

      I have exactly the same with the updated tasks which are mentioned in the release notes of Azure DevOps Server 2020 update 1.2 patch 10.

      uploading AzureFileCopyV1.1.230.0.zip gives “error: TypeError: Cannot read property ‘async’ of undefined.”

Feedback usabilla icon