{"id":57625,"date":"2019-09-10T09:11:34","date_gmt":"2019-09-10T17:11:34","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/devops\/?p=57625"},"modified":"2019-09-11T09:40:16","modified_gmt":"2019-09-11T17:40:16","slug":"september-patches-for-azure-devops-server-and-team-foundation-server","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/devops\/september-patches-for-azure-devops-server-and-team-foundation-server\/","title":{"rendered":"September patches for Azure DevOps Server and Team Foundation Server"},"content":{"rendered":"

This month, we are releasing fixes for security vulnerabilities that impact TFS 2015, TFS 2017, TFS 2018, and Azure DevOps Server 2019.<\/p>\n

CVE-2019-1305<\/a>: cross site scripting (XSS) vulnerability in Repos<\/p>\n

CVE-2019-1306<\/a>: remote code execution vulnerability in Wiki<\/p>\n

Here are the versions impacted:<\/p>\n

\"\"<\/p>\n

Azure DevOps Server 2019 Update 1 Patch 1<\/h3>\n

If you have Azure DevOps Server 2019 Update 1, you should install Azure DevOps Server 2019 Update 1 Patch 1<\/a>.<\/p>\n

Verifying Installation<\/strong><\/p>\n

To verify if you have this update installed, you can check the version of the following file: [INSTALL_DIR]\\Application Tier\\Web Services\\bin\\Microsoft.VisualStudio.Services.Search.Common.dll. Azure DevOps Server 2019 is installed to c:\\Program Files\\Azure DevOps Server 2019 by default.<\/p>\n

After installing Azure DevOps Server 2019.1 Patch 1, the version will be 17.153.29226.8.<\/p>\n

Azure DevOps Server 2019.0.1 Patch 3<\/h3>\n

If you have Azure DevOps Server 2019, you should first update to Azure DevOps Server 2019.0.1<\/a>. Once on 2019.0.1, install Azure DevOps Server 2019.0.1 Patch 3<\/a>.<\/p>\n

Verifying Installation<\/strong><\/p>\n

To verify if you have this update installed, you can check the version of the following file: [INSTALL_DIR]\\Application Tier\\Web Services\\bin\\Microsoft.TeamFoundation.Framework.Server.dll. Azure DevOps Server 2019 is installed to c:\\Program Files\\Azure DevOps Server 2019 by default.<\/p>\n

After installing Azure DevOps Server 2019.0.1 Patch 3, the version will be 17.143.29226.4.<\/p>\n

TFS 2018 Update 3.2 Patch 7<\/h3>\n

If you have TFS 2018 Update 2 or Update 3, you should first update to TFS 2018 Update 3.2<\/a>. Once on Update 3.2, install TFS 2018 Update 3.2 Patch 7<\/a>.<\/p>\n

Verifying Installation<\/strong><\/p>\n

To verify if you have this update installed, you can check the version of the following file: [TFS_INSTALL_DIR]\\Application Tier\\Web Services\\bin\\Microsoft.TeamFoundation.WorkItemTracking.Web.dll. TFS 2018 is installed to c:\\Program Files\\Microsoft Team Foundation Server 2018 by default.<\/p>\n

After installing TFS 2018 Update 3.2 Patch 7, the version will be 16.131.29226.5.<\/p>\n

TFS 2018 Update 1.2 Patch 6<\/h3>\n

If you have TFS 2018 RTW or Update 1, you should first update to TFS 2018 Update 1.2<\/a>. Once on Update 1.2, install TFS 2018 Update 1.2 Patch 6<\/a>.<\/p>\n

Verifying Installation<\/strong><\/p>\n

To verify if you have this update installed, you can check the version of the following file: [TFS_INSTALL_DIR]\\Application Tier\\Web Services\\bin\\Microsoft.TeamFoundation.Server.WebAccess.Admin.dll. TFS 2018 is installed to c:\\Program Files\\Microsoft Team Foundation Server 2018 by default.<\/p>\n

After installing TFS 2018 Update 1.2 Patch 6, the version will be 16.122.29226.6.<\/p>\n

TFS 2017 Update 3.1 Patch 8<\/h3>\n

If you have TFS 2017, you should first update to TFS 2017 Update 3.1<\/a>. Once on Update 3.1, install TFS 2017 Update 3.1 Patch 8<\/a>.<\/p>\n

Verifying Installation<\/strong><\/p>\n

To verify if you have a patch installed, you can check the version of the following file: [TFS_INSTALL_DIR]\\Application Tier\\Web Services\\bin\\Microsoft.TeamFoundation.Server.WebAccess.Admin.dll. TFS 2017 is installed to c:\\Program Files\\Microsoft Team Foundation Server 15.0 by default.<\/p>\n

After installing TFS 2017 Update 3.1 Patch 8, the version will be 15.117.29226.0.<\/p>\n

TFS 2015 Update 4.2 Patch 3<\/h3>\n

If you have TFS 2015, you should first update to TFS 2015 Update 4.2<\/a>. Once on Update 4.2, install TFS 2015 Update 4.2 Patch 3<\/a>.<\/p>\n

Verifying Installation<\/strong><\/p>\n

To verify if you have a patch installed, you can check the version of the following file: [TFS_INSTALL_DIR]\\Application Tier\\Web Services\\bin\\Microsoft.TeamFoundation.Framework.Server.dll. TFS 2015 is installed to c:\\Program Files\\Microsoft Team Foundation Server 14.0 by default.<\/p>\n

After installing TFS 2015 Update 4.2 Patch 3, the version will be 14.114.29226.0.<\/p>\n","protected":false},"excerpt":{"rendered":"

This month, we are releasing fixes for security vulnerabilities that impact TFS 2015, TFS 2017, TFS 2018, and Azure DevOps Server 2019. CVE-2019-1305: cross site scripting (XSS) vulnerability in Repos CVE-2019-1306: remote code execution vulnerability in Wiki Here are the versions impacted: Azure DevOps Server 2019 Update 1 Patch 1 If you have Azure DevOps […]<\/p>\n","protected":false},"author":78,"featured_media":56420,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[253],"tags":[],"class_list":["post-57625","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure-devops-server"],"acf":[],"blog_post_summary":"

This month, we are releasing fixes for security vulnerabilities that impact TFS 2015, TFS 2017, TFS 2018, and Azure DevOps Server 2019. CVE-2019-1305: cross site scripting (XSS) vulnerability in Repos CVE-2019-1306: remote code execution vulnerability in Wiki Here are the versions impacted: Azure DevOps Server 2019 Update 1 Patch 1 If you have Azure DevOps […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/57625","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/users\/78"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/comments?post=57625"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/57625\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media\/56420"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media?parent=57625"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/categories?post=57625"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/tags?post=57625"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}