Team Foundation Server Security Updates

1.0Azure DevOps Bloghttps://devblogs.microsoft.com/devopsErin Dormierhttps://devblogs.microsoft.com/devops/author/erindormier/Team Foundation Server Security Updates - Azure DevOps Blogrich600338<blockquote class="wp-embedded-content" data-secret="xsyZFA4RAQ"><a href="https://devblogs.microsoft.com/devops/team-foundation-server-security-updates/">Team Foundation Server Security Updates</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://devblogs.microsoft.com/devops/team-foundation-server-security-updates/embed/#?secret=xsyZFA4RAQ" width="600" height="338" title="“Team Foundation Server Security Updates” — Azure DevOps Blog" data-secret="xsyZFA4RAQ" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); //# sourceURL=https://devblogs.microsoft.com/devops/wp-includes/js/wp-embed.min.js /* ]]> */ </script> https://devblogs.microsoft.com/devops/wp-content/uploads/sites/6/2018/09/vsts_pricing_636x350.png636350Today, we are releasing updates for a cross site scripting (XSS) vulnerability and an issue where in some instances task groups may incorrectly show variables that are marked as secret. Team Foundation Server 2017 and 2018 are impacted. We have released patches for TFS 2017 Update 3.1 and TFS 2018 Update 1.2. We have also released […]