June patches for Azure DevOps Server and Team Foundation Server

Gloridel Morales

This month, we are releasing fixes for security vulnerabilities that impact our self-hosted product, Azure DevOps Server 2019, as well as the following older Team Foundation Server releases: TFS 2017 and TFS 2018. The following vulnerabilities will be fixed with this patch:

  • CVE-2020-1327 – Ensure that Azure DevOps Server sanitizes user inputs.
  • Adding support for SHA2 in SSH on Azure DevOps.

Azure DevOps Server 2019.1.1 Patch 3

If you have Azure DevOps Server 2019 Update 1.1, you should install Azure DevOps Server 2019 Update 1.1 Patch 3.

Verifying Installation

  • Option 1: Run devops2019.1.1patch3.exe CheckInstall from a command prompt. devops2019.1.1patch3.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [INSTALL_DIR]\Azure DevOps Server 2019\Application Tier\Web Services\bin\Microsoft.VisualStudio.Services.Feed.Server.dll. By default, Azure DevOps Server 2019 is installed to c:\Program Files\Azure DevOps Server 2019. After installing Azure DevOps Server 2019.1.1 Patch 3, the version will be 17.153.30128.8.

Azure DevOps Server 2019.0.1 Patch 6

If you have Azure DevOps Server 2019, you should first update to Azure DevOps Server 2019.0.1. Once on 2019.0.1, install Azure DevOps Server 2019.0.1 Patch 6.

Verifying Installation

  • Option 1: Run devops2019.0.1patch6.exe CheckInstall from a command prompt. devops2019.0.1patch6.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Framework.Server.dll. By default, Azure DevOps Server 2019 is installed to c:\Program Files\Azure DevOps Server 2019. After installing Azure DevOps Server 2019.0.1 Patch 6, the version will be 17.143.30129.2.

TFS 2018 Update 3.2 Patch 11

If you have TFS 2018 Update 2 or Update 3, you should first update to TFS 2018 Update 3.2. Once on Update 3.2, install TFS 2018 Update 3.2 Patch 11.

Verifying Installation

  • Option 1: Run tfs2018.3.2patch11.exe CheckInstall from a command prompt. tfs2018.3.2patch11.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.WorkItemTracking.Web.dll. By default, TFS 2018 is installed to c:\Program Files\Microsoft Team Foundation Server 2018. After installing TFS 2018 Update 3.2 Patch 11, the version will be 16.131.30128.10.

TFS 2017 Update 3.1 Patch 11

If you have TFS 2017, you should first update to TFS 2017 Update 3.1. Once on Update 3.1, install TFS 2017 Update 3.1 Patch 11.

Verifying Installation

  • Option 1: Run tfs2017.3.1patch11.exe CheckInstall from a command prompt. tfs2017.3.1patch11.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Server.WebAccess.Admin.dll. TFS 2017 is installed to c:\Program Files\Microsoft Team Foundation Server 15.0 by default. After installing TFS 2017 Update 3.1 Patch 11, the version will be 15.117.30128.0.