June patches for Azure DevOps Server

Gloridel Morales

This month, we are releasing fixes that impact our self-hosted product, Azure DevOps Server.

The following versions of the products have been patched. Check out the links for each version for more details.

Azure DevOps Server 2022.0.1 Patch 1

If you have Azure DevOps Server 2022.0.1, you should install Azure DevOps Server 2022.0.1 Patch 1.

Release notes

  • CVE-2023-21565 – Azure DevOps Server Spoofing Vulnerability.

  • CVE-2023-21569 – Azure DevOps Server Spoofing Vulnerability.

  • Fixed a bug that interfered with pushing packages when upgrading from Team Foundation Server 2018 or earlier.

  • Fixed a bug where detach or attach collection fails reporting the following error: ‘TF246018: The database operation exceeded the timeout limit and has been cancelled.

Verifying Installation

  • Run devops2022.0.1patch1.exe CheckInstall, devops2022.0.1patch1.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.

Azure DevOps Server 2022 Patch 4

If you have Azure DevOps Server 2022, you should install Azure DevOps Server 2022 Patch 4.

Note: This will be the last patch for Azure DevOps Server 2022. Going forward, you should first update to Azure DevOps Server 2022.0.1 and then install the latest patches.

Release notes

  • CVE-2023-21565 – Azure DevOps Server Spoofing Vulnerability.

  • CVE-2023-21569 – Azure DevOps Server Spoofing Vulnerability.

  • Fixed a bug with service connections editor. Now draft endpoint state flushes on component dismiss.

  • Fixed a bug where detach or attach collection fails reporting the following error: ‘TF246018: The database operation exceeded the timeout limit and has been cancelled.

Verifying Installation

  • Run devops2022patch4.exe CheckInstall, devops2022patch4.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.

Azure DevOps Server 2020.1.2 Patch 6

If you have Azure DevOps Server 2020.1.1, you should first update to Azure DevOps Server 2020.1.2. Once on 2020.1.2, install Azure DevOps Server 2020.1.2 Patch 6.

Release notes

  • CVE-2023-21565 – Azure DevOps Server Spoofing Vulnerability.

  • CVE-2023-21569 – Azure DevOps Server Spoofing Vulnerability.

  • Fixed a bug that interfered with pushing packages when upgrading from 2018 or earlier.

  • Fixed a bug where detach or attach collection fails reporting the following error: ‘TF246018: The database operation exceeded the timeout limit and has been cancelled.

Verifying Installation

  • Run devops2020.1.2patch6.exe CheckInstall, devops2020.1.2patch6.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.

Azure DevOps Server 2020.0.2 Patch 2

If you have Azure DevOps Server 2020.0.1, you should first update to Azure DevOps Server 2020.0.2. Once on Update 2020.0.2, install Azure DevOps Server 2020.0.2 Patch 2.

Release notes

  • Fixed a bug that interfered with pushing packages when upgrading from 2018 or earlier.

Verifying Installation

  • Run devops2020.0.2patch2.exe CheckInstall, devops2020.0.2patch2.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.

Azure DevOps Server 2019.1.2 Patch 3

If you have Azure DevOps Server 2019.1.1, you should first update to Azure DevOps Server 2019.1.2. Once on Update 2019.1.2, install Azure DevOps Server 2019.1.2 Patch 3.

Release notes

  • Fixed a bug that interfered with pushing packages when upgrading from 2018 or earlier.

Verifying Installation

  • Run devops2019.1.2patch3.exe CheckInstall, devops2019.1.2patch3.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.

10 comments

Comments are closed. Login to edit/delete your existing comments

  • Mike Fourie 2

    Thanks for the continued support for the on-prem product Gloridel. My teams remain eager to see releases that bring in the sprint work of the SAAS product. It would be helpful for us if there was more transparency with the server roadmap. If I remember correctly the server product used to be updated more frequently than we see today. Quarterly releases would be great so we can utilize the value that is being delivered to the SAAS product. In terms of transparency, something like this would be great

    • 2022.1 – Targeted for July 2023 with features up to sprint 220
    • 2022.2 – Targeted for October 2023 with features up to sprint 230
    • Tore Østergaard Jensen (TORE) 0

      I totally agree with you Mike!

    • Gloridel MoralesMicrosoft employee 2

      Hi Mike, thank you for the feedback. We are currently working on the schedule for the next release, and we are targeting a release candidate in Q3.

      • Seyyed Soroosh Hosseinalipour 0

        ITNOA

        I totally agree with you Mike!

        I think on-prem products is very critical for many customers of Microsoft, and I hope to Microsoft make better investment into on-perm eco-system in IT Pro and Dev community

        thanks

  • Paweł Borkowski 0

    After migration from Azure DevOps Server 2020 to Azure DevOps Server 2022 Update 1 Patch 1 automatic refreshing in Pipelines->Releases -> Stages is no more working, and we need to click at “Refresh” button to see current progress. We’ve tried different browsers (also in inprivate mode) with same result. Does anbody know how to fix that issue?

    • Gloridel MoralesMicrosoft employee 0

      Hi Pawel, our team is investigating this and will provide an update as soon as we have more information.

  • William Charlton 0

    Ms Morales:

    Back in Oct, 2022, I upgraded my on-prem ADS to ADS 2020.0.2, patch 1

    Tomorrow, I’ll upgrade to ADS 2020.0.2, patch 2.

    How do I get from ADS 2020.0.2, patch 2 to ADS 2020.1.2, patch 6?

    Thank-you

  • Carsten Krüger 0

    Hi, where do I find the security patch for CVE-2023-36869 – Azure DevOps Server Spoofing Vulnerability?

Feedback usabilla icon