Security - Scrum Bug

Subscribe

Security

A collection of 4 posts

Definitive solution for log4shell in Azure DevOps Server Search

Azure DevOps Server 2022

Definitive solution for log4shell in Azure DevOps Server Search

Last year around this time the log4shell bug in log4j was made public. Older versions of Team Foundation Server and Azure DevOps Server ship with Elastic Search to power its advanced search features. The version that ships with these versions is quite old and was never truly fixed, only patched.

What's GitHub's new require approval of the most recent push policy all about?

What's GitHub's new require approval of the most recent push policy all about?

The "require approval of the most recent push" protection rule was recently introduced (oct 2022).

Log4J – A 10 step mitigation plan

Log4J – A 10 step mitigation plan

There is already a lot of attention on the #Log4J vulnerability. It is all over the news while we write this blog. Many customers have asked us what to do. In this blog we give some advice on how to deal with the Log4j vulnerability and similar vulnerabilities in the future.

Azure DevOps 2020 and 2019 (and 2018) patch for log4j vulnerability

Azure DevOps Featured

Azure DevOps 2020 and 2019 (and 2018) patch for log4j vulnerability

Azure DevOps can be configured with advanced Code Search. That feature relies on Elastic Search. Depending on the age of your server, JVM version and Elastic Search version this may result in your setup being vulnerable to CVE-2021-44228.