June patches for Azure DevOps Server and Team Foundation Server

Gloridel

This month, we are releasing fixes for security vulnerabilities that impact our self-hosted product, Azure DevOps Server 2019, as well as the following older Team Foundation Server releases: TFS 2017 and TFS 2018. The following vulnerabilities will be fixed with this patch:

  • CVE-2020-1327 – Ensure that Azure DevOps Server sanitizes user inputs.
  • Adding support for SHA2 in SSH on Azure DevOps.

Azure DevOps Server 2019.1.1 Patch 3

If you have Azure DevOps Server 2019 Update 1.1, you should install Azure DevOps Server 2019 Update 1.1 Patch 3.

Verifying Installation

  • Option 1: Run devops2019.1.1patch3.exe CheckInstall from a command prompt. devops2019.1.1patch3.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [INSTALL_DIR]\Azure DevOps Server 2019\Application Tier\Web Services\bin\Microsoft.VisualStudio.Services.Feed.Server.dll. By default, Azure DevOps Server 2019 is installed to c:\Program Files\Azure DevOps Server 2019. After installing Azure DevOps Server 2019.1.1 Patch 3, the version will be 17.153.30128.8.

Azure DevOps Server 2019.0.1 Patch 6

If you have Azure DevOps Server 2019, you should first update to Azure DevOps Server 2019.0.1. Once on 2019.0.1, install Azure DevOps Server 2019.0.1 Patch 6.

Verifying Installation

  • Option 1: Run devops2019.0.1patch6.exe CheckInstall from a command prompt. devops2019.0.1patch6.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Framework.Server.dll. By default, Azure DevOps Server 2019 is installed to c:\Program Files\Azure DevOps Server 2019. After installing Azure DevOps Server 2019.0.1 Patch 6, the version will be 17.143.30129.2.

TFS 2018 Update 3.2 Patch 11

If you have TFS 2018 Update 2 or Update 3, you should first update to TFS 2018 Update 3.2. Once on Update 3.2, install TFS 2018 Update 3.2 Patch 11.

Verifying Installation

  • Option 1: Run tfs2018.3.2patch11.exe CheckInstall from a command prompt. tfs2018.3.2patch11.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.WorkItemTracking.Web.dll. By default, TFS 2018 is installed to c:\Program Files\Microsoft Team Foundation Server 2018. After installing TFS 2018 Update 3.2 Patch 11, the version will be 16.131.30128.10.

TFS 2017 Update 3.1 Patch 11

If you have TFS 2017, you should first update to TFS 2017 Update 3.1. Once on Update 3.1, install TFS 2017 Update 3.1 Patch 11.

Verifying Installation

  • Option 1: Run tfs2017.3.1patch11.exe CheckInstall from a command prompt. tfs2017.3.1patch11.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Server.WebAccess.Admin.dll. TFS 2017 is installed to c:\Program Files\Microsoft Team Foundation Server 15.0 by default. After installing TFS 2017 Update 3.1 Patch 11, the version will be 15.117.30128.0.

8 comments

Comments are closed. Login to edit/delete your existing comments

  • Markus

    Hi,

    is there an reason why this blog entry was disappeared or resubmitted?

  • Filip Van Wulpen

    Hi,
    when installing patch 3, does it also include patches 1 and 2?

  • Shipchandler, Lovai

    Hi,

    I am new to devops 2019 and will be patching for the 1st time.

    What is the best practice to patch the servers?
    Does the patch change the sql database schema?

    Thx

    • Gloridel MoralesMicrosoft employee

      Hi Lovai. Patches don’t change SQL database schema, but having up to date backups is always recommended. You can follow instructions in this blog to install.

      • Shipchandler, Lovai

        Thanks Gloridel. I could not find the instructions in this blog email, but below are the steps I did for patching
        1. ran the exe file
        2. the app pool took about 1.5 minutes to stop running thru the command prompt.
        3. selected “yes” to get out of the command prompt after the patch was installed
        4. rebooted the server

        A few questions:
        1. Please let me know if this is the general process to follow?
        2. Also the app pool does not restart by itself that is why I rebooted the server. Is this normal?
        3. The patched version does not show up on the product version of the TFS admin console, should it? (I saw teh new version on the dll name mentioned above though)

        Apologies for bombarding you with so many questions, but since its my first time I wanted to be sure.

        thanks,
        Lovai