June 10th, 2020

June patches for Azure DevOps Server and Team Foundation Server

Gloridel Morales
Gloridel Morales
Senior Technical Program Manager

This month, we are releasing fixes for security vulnerabilities that impact our self-hosted product, Azure DevOps Server 2019, as well as the following older Team Foundation Server releases: TFS 2017 and TFS 2018. The following vulnerabilities will be fixed with this patch:

  • CVE-2020-1327 – Ensure that Azure DevOps Server sanitizes user inputs.
  • Adding support for SHA2 in SSH on Azure DevOps.

Azure DevOps Server 2019.1.1 Patch 3

If you have Azure DevOps Server 2019 Update 1.1, you should install Azure DevOps Server 2019 Update 1.1 Patch 3.

Verifying Installation

  • Option 1: Run devops2019.1.1patch3.exe CheckInstall from a command prompt. devops2019.1.1patch3.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [INSTALL_DIR]\Azure DevOps Server 2019\Application Tier\Web Services\bin\Microsoft.VisualStudio.Services.Feed.Server.dll. By default, Azure DevOps Server 2019 is installed to c:\Program Files\Azure DevOps Server 2019. After installing Azure DevOps Server 2019.1.1 Patch 3, the version will be 17.153.30128.8.

Azure DevOps Server 2019.0.1 Patch 6

If you have Azure DevOps Server 2019, you should first update to Azure DevOps Server 2019.0.1. Once on 2019.0.1, install Azure DevOps Server 2019.0.1 Patch 6.

Verifying Installation

  • Option 1: Run devops2019.0.1patch6.exe CheckInstall from a command prompt. devops2019.0.1patch6.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Framework.Server.dll. By default, Azure DevOps Server 2019 is installed to c:\Program Files\Azure DevOps Server 2019. After installing Azure DevOps Server 2019.0.1 Patch 6, the version will be 17.143.30129.2.

TFS 2018 Update 3.2 Patch 11

If you have TFS 2018 Update 2 or Update 3, you should first update to TFS 2018 Update 3.2. Once on Update 3.2, install TFS 2018 Update 3.2 Patch 11.

Verifying Installation

  • Option 1: Run tfs2018.3.2patch11.exe CheckInstall from a command prompt. tfs2018.3.2patch11.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.WorkItemTracking.Web.dll. By default, TFS 2018 is installed to c:\Program Files\Microsoft Team Foundation Server 2018. After installing TFS 2018 Update 3.2 Patch 11, the version will be 16.131.30128.10.

TFS 2017 Update 3.1 Patch 11

If you have TFS 2017, you should first update to TFS 2017 Update 3.1. Once on Update 3.1, install TFS 2017 Update 3.1 Patch 11.

Verifying Installation

  • Option 1: Run tfs2017.3.1patch11.exe CheckInstall from a command prompt. tfs2017.3.1patch11.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Server.WebAccess.Admin.dll. TFS 2017 is installed to c:\Program Files\Microsoft Team Foundation Server 15.0 by default. After installing TFS 2017 Update 3.1 Patch 11, the version will be 15.117.30128.0.

Category
Azure DevOps ServerDevOps

Author

Gloridel Morales
Gloridel Morales
Senior Technical Program Manager

Gloridel is a Senior Technical Program Manager on the Azure DevOps team.

8 comments

Discussion is closed. Login to edit/delete existing comments.

  • Shipchandler, Lovai

    Hi,

    I am new to devops 2019 and will be patching for the 1st time.

    What is the best practice to patch the servers?
    Does the patch change the sql database schema?

    Thx

    • Gloridel MoralesMicrosoft employee Author

      Hi Lovai. Patches don’t change SQL database schema, but having up to date backups is always recommended. You can follow instructions in this blog to install.

      • Shipchandler, Lovai

        Thanks Gloridel. I could not find the instructions in this blog email, but below are the steps I did for patching
        1. ran the exe file
        2. the app pool took about 1.5 minutes to stop running thru the command prompt.
        3. selected "yes" to get out of the command prompt after the patch was installed
        4. rebooted the server

        A few questions:
        1. Please let me know if this is the general process to follow?
        2. Also the app pool does not restart by itself that is why I rebooted the server. Is this normal?
        3. The patched version does...

        Read more
  • Filip Van Wulpen

    Hi,
    when installing patch 3, does it also include patches 1 and 2?

    • Gloridel MoralesMicrosoft employee Author

      Hi Filip, it does. Every patch holds all of the changes from previous patches.

  • Markus

    Hi,

    is there an reason why this blog entry was disappeared or resubmitted?

    • Gloridel MoralesMicrosoft employee Author

      Hi Markus, there was an issue with WordPress that required us to republish the blog.

      • Markus

        THX for the feedback

Read next