This month, we are releasing fixes that impact our self-hosted product, Azure DevOps Server.
The following will be fixed with this patch:
- CVE-2023-21564: Azure DevOps Server Cross-Site Scripting Vulnerability
- CVE-2023-21553: Azure DevOps Server Remote Code Execution Vulnerability
- Updated MSBuild and VSBuild tasks to support Visual Studio 2022.
- Update methodology of loading reauthentication to prevent XSS attack vector.
- Azure DevOps Server 2022 Proxy reports the following error: VS800069: This service is only available in on-premises Azure DevOps.
- Fixed shelvesets accessibility issue via web UI.
- Addressed issue that required restarting tfsjobagent service and Azure DevOps Server application pool after updating SMTP-related setting in the Azure DevOps Server Management Console.
Azure DevOps Server 2022 Patch 2
devops2022patch2.exeis the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.
Azure DevOps Server 2020.1.2 Patch 5
If you have Azure DevOps Server 2020.1.1, you should first update to Azure DevOps Server 2020.1.2. Once on 2020.1.2, install Azure DevOps Server 2020.1.2 Patch 5. Check out the release notes for more details.
devops2020.1.2patch5.exeis the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.