June patches for Azure DevOps Server and Team Foundation Server

Gloridel Morales

June 10th, 20208 0

This month, we are releasing fixes for security vulnerabilities that impact our self-hosted product, Azure DevOps Server 2019, as well as the following older Team Foundation Server releases: TFS 2017 and TFS 2018. The following vulnerabilities will be fixed with this patch:

CVE-2020-1327 – Ensure that Azure DevOps Server sanitizes user inputs.
Adding support for SHA2 in SSH on Azure DevOps.

Azure DevOps Server 2019.1.1 Patch 3

If you have Azure DevOps Server 2019 Update 1.1, you should install Azure DevOps Server 2019 Update 1.1 Patch 3.

Verifying Installation

Option 1: Run devops2019.1.1patch3.exe CheckInstall from a command prompt. devops2019.1.1patch3.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.
Option 2: Check the version of the following file: [INSTALL_DIR]\Azure DevOps Server 2019\Application Tier\Web Services\bin\Microsoft.VisualStudio.Services.Feed.Server.dll. By default, Azure DevOps Server 2019 is installed to c:\Program Files\Azure DevOps Server 2019. After installing Azure DevOps Server 2019.1.1 Patch 3, the version will be 17.153.30128.8.

Azure DevOps Server 2019.0.1 Patch 6

If you have Azure DevOps Server 2019, you should first update to Azure DevOps Server 2019.0.1. Once on 2019.0.1, install Azure DevOps Server 2019.0.1 Patch 6.

Verifying Installation

Option 1: Run devops2019.0.1patch6.exe CheckInstall from a command prompt. devops2019.0.1patch6.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.
Option 2: Check the version of the following file: [INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Framework.Server.dll. By default, Azure DevOps Server 2019 is installed to c:\Program Files\Azure DevOps Server 2019. After installing Azure DevOps Server 2019.0.1 Patch 6, the version will be 17.143.30129.2.

TFS 2018 Update 3.2 Patch 11

If you have TFS 2018 Update 2 or Update 3, you should first update to TFS 2018 Update 3.2. Once on Update 3.2, install TFS 2018 Update 3.2 Patch 11.

Verifying Installation

Option 1: Run tfs2018.3.2patch11.exe CheckInstall from a command prompt. tfs2018.3.2patch11.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.
Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.WorkItemTracking.Web.dll. By default, TFS 2018 is installed to c:\Program Files\Microsoft Team Foundation Server 2018. After installing TFS 2018 Update 3.2 Patch 11, the version will be 16.131.30128.10.

TFS 2017 Update 3.1 Patch 11

If you have TFS 2017, you should first update to TFS 2017 Update 3.1. Once on Update 3.1, install TFS 2017 Update 3.1 Patch 11.

Verifying Installation

Option 1: Run tfs2017.3.1patch11.exe CheckInstall from a command prompt. tfs2017.3.1patch11.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.
Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Server.WebAccess.Admin.dll. TFS 2017 is installed to c:\Program Files\Microsoft Team Foundation Server 15.0 by default. After installing TFS 2017 Update 3.1 Patch 11, the version will be 15.117.30128.0.

Gloridel Morales Senior Program Manager, Azure DevOps

8 comments

Markus June 14, 2020 11:39 pm 0

Hi,

is there an reason why this blog entry was disappeared or resubmitted?

Gloridel Morales June 15, 2020 8:27 am 0

Hi Markus, there was an issue with WordPress that required us to republish the blog.
- Markus June 18, 2020 2:49 am 0
  
  THX for the feedback

Filip Van Wulpen June 23, 2020 5:26 am 0

Hi,
when installing patch 3, does it also include patches 1 and 2?

Gloridel Morales June 23, 2020 5:38 am 0

Hi Filip, it does. Every patch holds all of the changes from previous patches.

Shipchandler, Lovai June 29, 2020 7:10 pm 0

Hi,

I am new to devops 2019 and will be patching for the 1st time.

What is the best practice to patch the servers?
Does the patch change the sql database schema?

Thx

Gloridel Morales June 30, 2020 4:33 am 0

Hi Lovai. Patches don’t change SQL database schema, but having up to date backups is always recommended. You can follow instructions in this blog to install.
- Shipchandler, Lovai July 5, 2020 12:05 am 0
  
  Thanks Gloridel. I could not find the instructions in this blog email, but below are the steps I did for patching
  1. ran the exe file
  2. the app pool took about 1.5 minutes to stop running thru the command prompt.
  3. selected “yes” to get out of the command prompt after the patch was installed
  4. rebooted the server
  
  A few questions:
  1. Please let me know if this is the general process to follow?
  2. Also the app pool does not restart by itself that is why I rebooted the server. Is this normal?
  3. The patched version does not show up on the product version of the TFS admin console, should it? (I saw teh new version on the dll name mentioned above though)
  
  Apologies for bombarding you with so many questions, but since its my first time I wanted to be sure.
  
  thanks,
  Lovai

Comments are closed. Login to edit/delete your existing comments

Markus June 14, 2020 11:39 pm 0

Hi,

is there an reason why this blog entry was disappeared or resubmitted?
- Gloridel Morales June 15, 2020 8:27 am 0
  
  Hi Markus, there was an issue with WordPress that required us to republish the blog.
  - Markus June 18, 2020 2:49 am 0
    
    THX for the feedback
Filip Van Wulpen June 23, 2020 5:26 am 0

Hi,
when installing patch 3, does it also include patches 1 and 2?
- Gloridel Morales June 23, 2020 5:38 am 0
  
  Hi Filip, it does. Every patch holds all of the changes from previous patches.
Shipchandler, Lovai June 29, 2020 7:10 pm 0

Hi,

I am new to devops 2019 and will be patching for the 1st time.

What is the best practice to patch the servers?
Does the patch change the sql database schema?

Thx
- Gloridel Morales June 30, 2020 4:33 am 0
  
  Hi Lovai. Patches don’t change SQL database schema, but having up to date backups is always recommended. You can follow instructions in this blog to install.
  - Shipchandler, Lovai July 5, 2020 12:05 am 0
    
    Thanks Gloridel. I could not find the instructions in this blog email, but below are the steps I did for patching
    1. ran the exe file
    2. the app pool took about 1.5 minutes to stop running thru the command prompt.
    3. selected “yes” to get out of the command prompt after the patch was installed
    4. rebooted the server
    
    A few questions:
    1. Please let me know if this is the general process to follow?
    2. Also the app pool does not restart by itself that is why I rebooted the server. Is this normal?
    3. The patched version does not show up on the product version of the TFS admin console, should it? (I saw teh new version on the dll name mentioned above though)
    
    Apologies for bombarding you with so many questions, but since its my first time I wanted to be sure.
    
    thanks,
    Lovai

June patches for Azure DevOps Server and Team Foundation Server

Azure DevOps Server 2019.1.1 Patch 3

Azure DevOps Server 2019.0.1 Patch 6

TFS 2018 Update 3.2 Patch 11

TFS 2017 Update 3.1 Patch 11

Gloridel Morales Senior Program Manager, Azure DevOps

Read next

8 comments