Azure-pipelines-agent: Update Agent to Latest Git Version 2.30.2
When could we expect to see the agent get bundled with the latest git version 2.30.2 that was just released on 3/9/21? Wanting to get the latest git vulnerabilities fixed in the agents. Thanks!
ChristopherMank
All 8 comments
There is a CVE for Git (https://nvd.nist.gov/vuln/detail/CVE-2021-21300) which is resolved in 2.30.2.
Can we get an urgent patch upgrade to resolve this vulnerability please, @anatolybolshakov ?
james-flynn-ie
on 17 Mar 2021
And actually Git 2.31.0 was just released. I'm assuming we'd go to the latest.
ChristopherMank
on 17 Mar 2021
Hi @EzzhevNikita , do you know when this update is likely to be released, please? It's a security vulnerability which we would urgently like to patch.
james-flynn-ie
on 19 Mar 2021
Hi @james-flynn-ie, this update will be released during the next sprint, after about 4 - 5 weeks
EzzhevNikita
on 22 Mar 2021
4-5 weeks for a security vulnerability fix seems a little long (the Git patch itself was released two weeks ago already). Do you guys have a process in place for security patches, @EzzhevNikita and @anatolybolshakov ?
james-flynn-ie
on 22 Mar 2021
@james-flynn-ie We have revised our plans to deploy the current version of the agent, and have included this fix in it, the agent with the new version of the git will be available sometime early next week.
EzzhevNikita
on 23 Mar 2021
@james-flynn-ie We have revised our plans to deploy the current version of the agent, and have included this fix in it, the agent with the new version of the git will be available sometime early next week.
That's great news, thank you for bringing forward the release, @EzzhevNikita ! 馃憤
james-flynn-ie
on 23 Mar 2021
@james-flynn-ie @ChristopherMank Agent v2.184.2 which contains git version 2.30.2 has been deployed
EzzhevNikita
on 5 Apr 2021
Related issues
fernisoites
路
4Comments
riezebosch
路
4Comments
TLaborde
路
3Comments
muthurathinam
路
3Comments
bzuu
路
4Comments