This month, we are releasing fixes that impact our self-hosted product, Azure DevOps Server.
The following will be fixed with this patch:
- CVE-2023-21564: Azure DevOps Server Cross-Site Scripting Vulnerability
- CVE-2023-21553: Azure DevOps Server Remote Code Execution Vulnerability
- Updated MSBuild and VSBuild tasks to support Visual Studio 2022.
- Update methodology of loading reauthentication to prevent XSS attack vector.
- Azure DevOps Server 2022 Proxy reports the following error: VS800069: This service is only available in on-premises Azure DevOps.
- Fixed shelvesets accessibility issue via web UI.
- Addressed issue that required restarting tfsjobagent service and Azure DevOps Server application pool after updating SMTP-related setting in the Azure DevOps Server Management Console.
Azure DevOps Server 2022 Patch 2
If you have Azure DevOps Server 2022, you should install Azure DevOps Server 2022 Patch 2. Check out the release notes for more details.
Verifying Installation
- Run
devops2022patch2.exe CheckInstall
,devops2022patch2.exe
is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.
Azure DevOps Server 2020.1.2 Patch 5
If you have Azure DevOps Server 2020.1.1, you should first update to Azure DevOps Server 2020.1.2. Once on 2020.1.2, install Azure DevOps Server 2020.1.2 Patch 5. Check out the release notes for more details.
Verifying Installation
- Run
devops2020.1.2patch5.exe CheckInstall
,devops2020.1.2patch5.exe
is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that it is not installed.
0
the link for release notes point to an internal protected website: review.learn.microsoft.com