October patches for Azure DevOps Server

Gloridel Morales

October 10th, 202310 2

This month, we are releasing fixes that impact our self-hosted product, Azure DevOps Server.

The following versions of the products have been patched. Check out the links for each version for more details.

Azure DevOps Server 2022.0.1 Patch 4

Note: If you have Azure DevOps Server 2022, you should first update to Azure DevOps Server 2022.0.1 and then install Azure DevOps Server 2022.0.1 Patch 4. If you have Azure DevOps 2022 and installed Patch 4, take a look at this post from the Developer Community before you install this patch.

If you have Azure DevOps Server 2022.0.1, you should install Azure DevOps Server 2022.0.1 Patch 4.

Release notes

Fixed a bug that caused pipelines to get stuck by upgrading pipeline execution model.
Fixed a bug where “Analysis Owner” identity showed as Inactive Identity on patch upgrade machines.
The build cleanup job contains many tasks, each of which deletes an artifact for a build. If any of these tasks failed, none of the subsequent tasks ran. We changed this behavior to ignore task failures and clean up as many artifacts as we can.

Verifying Installation

Run devops2022.0.1patch4.exe CheckInstall, devops2022.0.1patch4.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.

Azure DevOps Server 2020.1.2 Patch 9

If you have Azure DevOps Server 2020.1.1, you should first update to Azure DevOps Server 2020.1.2. Once on 2020.1.2, install Azure DevOps Server 2020.1.2 Patch 9.

Release notes

Fixed a bug where “Analysis Owner” identity showed as Inactive Identity on patch upgrade machines.

Verifying Installation

Run devops2020.1.2patch9.exe CheckInstall, devops2020.1.2patch9.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.

Azure DevOps Server 2020.0.2 Patch 5

If you have Azure DevOps Server 2020.0.1, you should first update to Azure DevOps Server 2020.0.2. Once on Update 2020.0.2, install Azure DevOps Server 2020.0.2 Patch 5.

Release notes

Fixed a bug where “Analysis Owner” identity showed as Inactive Identity on patch upgrade machines.

Verifying Installation

Run devops2020.0.2patch5.exe CheckInstall, devops2020.0.2patch5.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.

Gloridel Morales Senior Program Manager, Azure DevOps

10 comments

Discussion is closed. Login to edit/delete existing comments.

Markus October 14, 2023 5:00 am 1

After applying this patch vNext build wont be picked up by the agents
MS Ticket 2310140030000689

Update: We are not able tp reproduce the problem, it´s somehow vanished

But nevertheless, I thought as a rollback its enough to copy the replaced dlls from the “backup zip” back, but this didn´t worked because of some reasons (eg. RegKey, blocked files, … ). It would be fine to add a remove option to the patches as well.

Second “But”, this patch is also modifying the database, after applying the patch Build agent 3.255.0 is set as the default version. Some information about this would be fine because we got many complains from our users because of that. Especially it only configures the version and doesn´t copy this already in the need folder, of course this would make the patch even bigger, but also an information about this would be fine than we could have done it manually before users are complaining

This patch was not a masterpiece in terms of documentation and working methods. The patches have to often hidden “features”
- Jonathan Gillette October 19, 2023 11:23 am 1
  
  They actually updated the agents with Patch 3 last month, which again they didn’t mention, but i’m assuming it was due to the old ones using .net 3.1 still and some vulnerability caused them to force the upgrade.
  - Markus October 27, 2023 3:25 am 0
    
    It depends which version from Patch3 you use, when you have the “first” version its without Agent Version update
    The old version has the hash “89E2B82F408F1D4E5E6797B21A175317E0D31FACAEE80E61D17C59951447BA98” the new version has “FDC912315B5DBB27E88487CA18B1DF9735447E3BDEF8E68E77B2EC9C58F8FF4A”
    
    Looks like that the company cant handle its own tool very well, maybe I should offer them a training
    - Gloridel Morales October 30, 2023 3:30 pm 0
      
      Hi Markus, the discrepancy you see in the hash was due to an error in the download link. The download for hash 89E2B82F408F1D4E5E6797B21A175317E0D31FACAEE80E61D17C59951447BA98 was for Azure DevOps Server 2022.0.1 patch 2. I added a comment in the blog post to clarify. The FDC912315B5DBB27E88487CA18B1DF9735447E3BDEF8E68E77B2EC9C58F8FF4A hash corresponds to Azure DevOps Server 2022.0.1 patch 3. We apologize for the confusion.
William Charlton October 17, 2023 4:37 am 0
Ms Morales

I am on 2020.1.2 patch 6. The ADS Admin Console shows 18.181.33921.3 (Azure DevOps Server 2020 Update 1.2).

I’m running ADS on an Amazon Web Services instance
– Windows Server 2022 Datacenter, 21H2. 64 Bit
– AMD EPYC 7571

I just attempted to install devops2020.1.2patch7.exe and got this error:
```
Starting process E:\Program Files\Azure DevOps Server 2020\Tools\tfsconfig updateTasks
Error running a command: System.ComponentModel.Win32Exception (0x80004005): The specified executable is not a valid application for this OS platform.
```
Can you help?

Alternatively, can I skip both 2020 1.2 patch 7 and 2020 1.2 patch 8 and skip from Patch 6 directly to 2020 1.2 patch 9?
- Gloridel Morales October 18, 2023 8:03 am 0
  
  Hi William, you can skip patch 7 but you will have to follow instructions provided in https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2020u1?view=azure-devops#install-patches for patch 8 since it includes Azure Pipelines Agent updates. Once you install patch 8, you can move forward with patch 9.
  - marcus anderson October 21, 2023 7:29 am 0
    
    Hi,
    The instructions on this page did not mention updating patch 8 and then going to patch 9, would it be possible to update that for other folks following this? I have went from 2020 1.2 base and applied 2020 1.2 patch 9, how should I go about doing the pipeline agent updates in patch 8 now?
    - Gloridel Morales October 30, 2023 6:01 pm 0
      
      Hi Marcus. You will have to follow the instructions in update the Azure Pipelines agent to update the agent. I added a clarifying note to the release notes based on your feedback.
Dean Oldfield October 18, 2023 4:39 am 0

I’ve upgraded 2020.1.1 to 2020.1.2 Patch 9, to resolve the various vulnerabilities however the log4j vulnerability is still appearing. Should this be resolved now on this version/patch?
- Patrick Woo-Sam October 18, 2023 8:55 am 0
  
  Hi Dean,
  
  The log4j vulnerability was resolved in 2020.1.1 Patch 4 (later patches also include this fix) with some additional Installation Steps. See link here: https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2020u1?view=azure-devops#installation-steps.
  
  Since you are on 2020.1.2 Patch 9, updating TFSSearch / elasticsearch using the above installation steps should remove the log4j vulnerability.