This month, we are releasing fixes that impact our self-hosted product, Azure DevOps Server.
The following versions of the products have been patched. Check out the links for each version for more details.
Azure DevOps Server 2022.0.1 Patch 4
Note: If you have Azure DevOps Server 2022, you should first update to Azure DevOps Server 2022.0.1 and then install Azure DevOps Server 2022.0.1 Patch 4. If you have Azure DevOps 2022 and installed Patch 4, take a look at this post from the Developer Community before you install this patch.
If you have Azure DevOps Server 2022.0.1, you should install Azure DevOps Server 2022.0.1 Patch 4.
- Fixed a bug that caused pipelines to get stuck by upgrading pipeline execution model.
- Fixed a bug where “Analysis Owner” identity showed as Inactive Identity on patch upgrade machines.
- The build cleanup job contains many tasks, each of which deletes an artifact for a build. If any of these tasks failed, none of the subsequent tasks ran. We changed this behavior to ignore task failures and clean up as many artifacts as we can.
Verifying Installation
- Run
devops2022.0.1patch4.exe CheckInstall
,devops2022.0.1patch4.exe
is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.
Azure DevOps Server 2020.1.2 Patch 9
If you have Azure DevOps Server 2020.1.1, you should first update to Azure DevOps Server 2020.1.2. Once on 2020.1.2, install Azure DevOps Server 2020.1.2 Patch 9.
- Fixed a bug where “Analysis Owner” identity showed as Inactive Identity on patch upgrade machines.
Verifying Installation
- Run
devops2020.1.2patch9.exe CheckInstall
,devops2020.1.2patch9.exe
is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.
Azure DevOps Server 2020.0.2 Patch 5
If you have Azure DevOps Server 2020.0.1, you should first update to Azure DevOps Server 2020.0.2. Once on Update 2020.0.2, install Azure DevOps Server 2020.0.2 Patch 5.
- Fixed a bug where “Analysis Owner” identity showed as Inactive Identity on patch upgrade machines.
Verifying Installation
- Run
devops2020.0.2patch5.exe CheckInstall
,devops2020.0.2patch5.exe
is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.
I’ve upgraded 2020.1.1 to 2020.1.2 Patch 9, to resolve the various vulnerabilities however the log4j vulnerability is still appearing. Should this be resolved now on this version/patch?
Hi Dean,
The log4j vulnerability was resolved in 2020.1.1 Patch 4 (later patches also include this fix) with some additional Installation Steps. See link here: https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2020u1?view=azure-devops#installation-steps.
Since you are on 2020.1.2 Patch 9, updating TFSSearch / elasticsearch using the above installation steps should remove the log4j vulnerability.
Ms Morales
I am on 2020.1.2 patch 6. The ADS Admin Console shows 18.181.33921.3 (Azure DevOps Server 2020 Update 1.2).
I'm running ADS on an Amazon Web Services instance
- Windows Server 2022 Datacenter, 21H2. 64 Bit
- AMD EPYC 7571
I just attempted to install devops2020.1.2patch7.exe and got this error:
<code>
Can you help?
Alternatively, can I skip both 2020 1.2 patch 7 and 2020 1.2 patch 8 and skip from Patch 6 directly to 2020 1.2 patch 9?
Hi William, you can skip patch 7 but you will have to follow instructions provided in https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2020u1?view=azure-devops#install-patches for patch 8 since it includes Azure Pipelines Agent updates. Once you install patch 8, you can move forward with patch 9.
Hi,
The instructions on this page did not mention updating patch 8 and then going to patch 9, would it be possible to update that for other folks following this? I have went from 2020 1.2 base and applied 2020 1.2 patch 9, how should I go about doing the pipeline agent updates in patch 8 now?
Hi Marcus. You will have to follow the instructions in update the Azure Pipelines agent to update the agent. I added a clarifying note to the release notes based on your feedback.
After applying this patch vNext build wont be picked up by the agents
MS Ticket 2310140030000689
Update: We are not able tp reproduce the problem, it´s somehow vanished
But nevertheless, I thought as a rollback its enough to copy the replaced dlls from the "backup zip" back, but this didn´t worked because of some reasons (eg. RegKey, blocked files, ... ). It would be fine to add a remove option to the patches as well.
Second "But", this...
They actually updated the agents with Patch 3 last month, which again they didn’t mention, but i’m assuming it was due to the old ones using .net 3.1 still and some vulnerability caused them to force the upgrade.
It depends which version from Patch3 you use, when you have the "first" version its without Agent Version update
The old version has the hash "89E2B82F408F1D4E5E6797B21A175317E0D31FACAEE80E61D17C59951447BA98" the new version has "FDC912315B5DBB27E88487CA18B1DF9735447E3BDEF8E68E77B2EC9C58F8FF4A"
Looks like that the company cant handle its own tool very well, maybe I should offer them a training
Hi Markus, the discrepancy you see in the hash was due to an error in the download link. The download for hash 89E2B82F408F1D4E5E6797B21A175317E0D31FACAEE80E61D17C59951447BA98 was for Azure DevOps Server 2022.0.1 patch 2. I added a comment in the blog post to clarify. The FDC912315B5DBB27E88487CA18B1DF9735447E3BDEF8E68E77B2EC9C58F8FF4A hash corresponds to Azure DevOps Server 2022.0.1 patch 3. We apologize for the confusion.