Sprint 274
AndroidSigning (V3)
- Patch security vulnerabilities by bumping package dependencies (#22108)
ANT (V1)
- Patch security vulnerabilities by bumping package dependencies (#22108)
- Localization update (#22166)
AppCenterDistribute (V3)
- Updated basic-ftp package to fix vulnerability in AppCenterDistributeV3 task (#22087)
ArchiveFiles (V2)
- Patch security vulnerabilities by bumping package dependencies (#22108)
AzureAppServiceManage (V0)
- Update openssl to 3.5.6 (#22072)
AzureAppServiceSettings (V1)
AzureCLI (V2)
- feat(AzureCLI): Implement security enhancements for scriptArguments validation (#22066)
- Update openssl to 3.5.6 (#22072)
- Update package dependencies and fix security vulnerabilities (#22100)
- Localization update (#22166)
AzureCLI (V3)
- feat(AzureCLI): Implement security enhancements for scriptArguments validation (#22066)
- Update openssl to 3.5.6 (#22072)
- Update package dependencies and fix security vulnerabilities (#22100)
- AzureCLIV3: Add PIP_NO_DEPS fallback for azure-devops extension installation (#22160)
- Localization update (#22166)
AzureContainerApps (V1)
- Add parameter array to prevent command injection (#21920)
- Patch security vulnerabilities by bumping package dependencies (#22108)
- Localization update (#22166)
AzureFileCopy (V4)
- Update openssl to 3.5.6 (#22072)
AzureFileCopy (V5)
- Update openssl to 3.5.6 (#22072)
AzureFileCopy (V6)
AzureFunctionAppContainer (V1)
- Update openssl to 3.5.6 (#22072)
- Fix CVE-2026-41672: Update @xmldom/xmldom 0.8.12 to 0.8.13 (CG Alert 433157) (#22096)
- Localization update (#22166)
AzureFunctionApp (V1)
- Update openssl to 3.5.6 (#22072)
- Fix CVE-2026-41672: Update @xmldom/xmldom 0.8.12 to 0.8.13 (CG Alert 433157) (#22096)
- Add L0 tests for AzureFunctionAppV1 and AzureFunctionAppV2 (#22125)
- Localization update (#22166)
- Fix symlink regression: bump webdeployment-common to ^4.274.1 in AzureFunctionAppV1 and V2 (#22168)
AzureFunctionApp (V2)
- Update openssl to 3.5.6 (#22072)
- Fix CVE-2026-41672: Update @xmldom/xmldom 0.8.12 to 0.8.13 (CG Alert 433157) (#22096)
- Add L0 tests for AzureFunctionAppV1 and AzureFunctionAppV2 (#22125)
- Fix symlink regression: bump webdeployment-common to ^4.274.1 in AzureFunctionAppV1 and V2 (#22168)
AzureFunctionOnKubernetes (V1)
- Update openssl to 3.5.6 (#22072)
AzureFunction (V1)
- Localization update (#22166)
AzureIoTEdge (V2)
- Updated required version to fix vulnerabilities in AzureIoTEdgeV2 task (#22129)
- Localization update (#22166)
AzureKeyVault (V2)
AzureMysqlDeployment (V1)
- Update openssl to 3.5.6 (#22072)
- Fix CVE-2026-41672: Update @xmldom/xmldom 0.8.12 to 0.8.13 (CG Alert 433157) (#22096)
- Localization update (#22166)
AzureMysqlDeployment (V2)
- Update openssl to 3.5.6 (#22072)
- Fix CVE-2026-41672: Upgrade webdeployment-common to 4.274.0 in AzureMysqlDeploymentV2 (#22098)
AzurePowerShell (V4)
- Update openssl to 3.5.6 (#22072)
- Update package dependencies and fix security vulnerabilities (#22100)
AzurePowerShell (V5)
- Update openssl to 3.5.6 (#22072)
- Update package dependencies and fix security vulnerabilities (#22100)
- Localization update (#22166)
AzureResourceGroupDeployment (V2)
AzureResourceManagerTemplateDeployment (V3)
- Add parameter array to prevent command injection (#21920)
- Update openssl to 3.5.6 (#22072)
- Localization update (#22166)
AzureRmWebAppDeployment (V4)
- Update openssl to 3.5.6 (#22072)
- Fix CVE-2026-41672: Update @xmldom/xmldom 0.8.12 to 0.8.13 (CG Alert 433157) (#22096)
- Localization update (#22166)
AzureRmWebAppDeployment (V5)
- Update openssl to 3.5.6 (#22072)
- Fix CVE-2026-41672: Update @xmldom/xmldom 0.8.12 to 0.8.13 (CG Alert 433157) (#22096)
AzureSpringCloud (V0)
- Bump azure-pipelines-tasks-webdeployment-common to version 4.274.0 in AzureSpringCloudV0 (#22094)
- Updated required version to fix vulnerabilities in AzureSpringCloudV0 (#22115)
AzureStaticWebApp (V0)
- Localization update (#22166)
AzureTestPlan (V0)
- Update docker-common package in AzureTestPlanV0 and ContainerStructureTestV0 tasks (#21985)
- Upgrade dependencies to resolve security issues (#22137)
- Localization update (#22166)
- Update Task AzureTestPlanV0 & PublishTestResultsV1 versions to align with repository versioning scheme (#22175)
AzureVmssDeployment (V0)
- Update openssl to 3.5.6 (#22072)
- Update package dependencies and fix security vulnerabilities (#22100)
- Localization update (#22166)
AzureVmssDeployment (V1)
- Update openssl to 3.5.6 (#22072)
- Update package dependencies and fix security vulnerabilities (#22100)
AzureWebAppContainer (V1)
- Update openssl to 3.5.6 (#22072)
- Fix CVE-2026-41672: Update @xmldom/xmldom 0.8.12 to 0.8.13 (CG Alert 433157) (#22096)
- Localization update (#22166)
AzureWebApp (V1)
- Update openssl to 3.5.6 (#22072)
- Fix CG alert: update webdeployment-common to 4.274.0 to resolve @xmldom issue (#22093)
- Update package dependencies and fix security vulnerabilities (#22100)
- Localization update (#22166)
Bash (V3)
- Patch security vulnerabilities by bumping package dependencies (#22108)
- Localization update (#22166)
BicepDeploy (V0)
- Localization update (#22166)
CacheBeta (V1)
- Localization update (#22166)
Cache (V2)
- Localization update (#22166)
CMake (V1)
- Patch security vulnerabilities by bumping package dependencies (#22108)
CmdLine (V2)
- Patch security vulnerabilities by bumping package dependencies (#22108)
CocoaPods (V0)
- Patch security vulnerabilities by bumping package dependencies (#22108)
CondaAuthenticate (V0)
- Localization update (#22166)
ContainerBuild (V0)
- Update openssl to 3.5.6 (#22072)
ContainerStructureTest (V0)
- Update docker-common package in AzureTestPlanV0 and ContainerStructureTestV0 tasks (#21985)
- Deprecating the ContainerStructureTest task (#22088)
- Upgrade dependencies to resolve security issues (#22137)
CopyFilesOverSSH (V0)
- Patch security vulnerabilities by bumping package dependencies (#22108)
CopyFiles (V2)
- Localization update (#22166)
CUrlUploader (V2)
- Patch security vulnerabilities by bumping package dependencies (#22108)
DecryptFile (V1)
- Patch security vulnerabilities by bumping package dependencies (#22108)
- Localization update (#22166)
DeleteFiles (V1)
- Patch security vulnerabilities by bumping package dependencies (#22108)
- Localization update (#22166)
DockerCompose (V1)
- Updated Docker tasks to docker-common 2.274.0 after EnableDockerReservedNameCheck removal (#22177)
Docker (V1)
- Updated Docker tasks to docker-common 2.274.0 after EnableDockerReservedNameCheck removal (#22177)
Docker (V2)
- Update package dependencies and fix security vulnerabilities (#22100)
- Updated Docker tasks to docker-common 2.274.0 after EnableDockerReservedNameCheck removal (#22177)
DotNetCoreCLI (V2)
- Fix findGlobalJsonFile boundary check for custom checkout paths (#22001)
- Localization update (#22166)
DownloadFileshareArtifacts (V1)
- Update package dependencies and fix security vulnerabilities (#22100)
DownloadGitHubNpmPackage (V1)
- Localization update (#22166)
DownloadGitHubNugetPackage (V1)
- Localization update (#22166)
DownloadSecureFile (V1)
- Patch security vulnerabilities by bumping package dependencies (#22108)
ExtractFiles (V1)
- Patch security vulnerabilities by bumping package dependencies (#22108)
FileTransform (V2)
- Fix CG alert: update webdeployment-common to 4.274.0 to resolve @xmldom issue (#22093)
- Update package dependencies and fix security vulnerabilities (#22100)
- Localization update (#22166)
FtpUpload (V2)
- Patch security vulnerabilities by bumping package dependencies (#22108)
FuncToolsInstaller (V0)
- Update package dependencies and fix security vulnerabilities (#22100)
GitHubComment (V0)
- Localization update (#22166)
GitHubRelease (V1)
- Update package dependencies and fix security vulnerabilities (#22100)
- Add tests for issueregex in GithubReleaseV1 (#22107)
- Localization update (#22166)
GoTool (V0)
Go (V0)
- Update package dependencies and fix security vulnerabilities (#22100)
Gradle (V3)
- Localization update (#22166)
Grunt (V0)
- Patch security vulnerabilities by bumping package dependencies (#22108)
Gulp (V0)
- Patch security vulnerabilities by bumping package dependencies (#22108)
Gulp (V1)
- Patch security vulnerabilities by bumping package dependencies (#22108)
HelmDeploy (V0)
- Update openssl to 3.5.6 (#22072)
- Update package dependencies and fix security vulnerabilities (#22100)
HelmDeploy (V1)
- Update openssl to 3.5.6 (#22072)
- Update package dependencies and fix security vulnerabilities (#22100)
HelmInstaller (V1)
- Update package dependencies and fix security vulnerabilities (#22100)
IISWebAppDeploymentOnMachineGroup (V0)
- Fix CG alert: update webdeployment-common to 4.274.0 to resolve @xmldom issue (#22093)
- Update package dependencies and fix security vulnerabilities (#22100)
- Localization update (#22166)
InstallAppleCertificate (V2)
- Patch security vulnerabilities by bumping package dependencies (#22108)
- Localization update (#22166)
InstallAppleProvisioningProfile (V1)
- Patch security vulnerabilities by bumping package dependencies (#22108)
InstallSSHKey (V0)
- Patch security vulnerabilities by bumping package dependencies (#22108)
InvokeRestApi (V1)
- Add Azure DevOps service connection (WorkloadIdentityUser) support to InvokeRestAPI@1 (#22147)
- Localization update (#22166)
JavaToolInstaller (V0)
- Add parameter array to prevent command injection (#21920)
- Patch security vulnerabilities by bumping package dependencies (#22108)
- Localization update (#22166)
JavaToolInstaller (V1)
- Patch security vulnerabilities by bumping package dependencies (#22108)
- Localization update (#22166)
JenkinsDownloadArtifacts (V1)
- Update openssl to 3.5.6 (#22072)
JenkinsDownloadArtifacts (V2)
- Update openssl to 3.5.6 (#22072)
- Update package dependencies and fix security vulnerabilities (#22100)
- JenkinsDownloadArtifactsV2: include Node 24 in extract-zip path (AB#2392160) (#22164)
JenkinsQueueJob (V2)
- Localization update (#22166)
KubectlInstaller (V0)
- Update package dependencies and fix security vulnerabilities (#22100)
KubeloginInstaller (V0)
KubernetesManifest (V1)
- Update openssl to 3.5.6 (#22072)
- Update package dependencies and fix security vulnerabilities (#22100)
- Localization update (#22166)
Kubernetes (V1)
- Update openssl to 3.5.6 (#22072)
- Update package dependencies and fix security vulnerabilities (#22100)
ManualValidation (V1)
- Localization update (#22166)
MavenAuthenticate (V0)
- Localization update (#22166)
Maven (V4)
- Patch security vulnerabilities by bumping package dependencies (#22108)
- Localization update (#22166)
MSBuild (V1)
- Localization update (#22166)
MysqlDeploymentOnMachineGroup (V1)
Notation (V0)
- Patch security vulnerabilities by bumping package dependencies (#22108)
- Localization update (#22166)
NpmAuthenticate (V0)
- Localization update (#22166)
Npm (V0)
- Localization update (#22166)
NuGetAuthenticate (V1)
- Localization update (#22166)
NuGetCommand (V2)
NuGetToolInstaller (V0)
- Localization update (#22166)
PackerBuild (V1)
- Localization update (#22166)
PipAuthenticate (V0)
- Localization update (#22166)
PowerShell (V2)
- Patch security vulnerabilities by bumping package dependencies (#22108)
PublishBuildArtifacts (V1)
- Patch security vulnerabilities by bumping package dependencies (#22108)
PublishCodeCoverageResults (V2)
- Localization update (#22166)
PublishPipelineMetadata (V0)
- Update package dependencies and fix security vulnerabilities (#22100)
PublishSymbols (V2)
- Update openssl to 3.5.6 (#22072)
- Upgrade PublishSymbolsV2 to Node24 (#22097)
- Update node24 publishsymbolsv2 task changes as suggested (#22120)
- Localization update (#22166)
PublishTestResults (V2)
- Upgrade dependencies to resolve security issues (#22137)
PublishToAzureServiceBus (V1)
- Localization update (#22166)
PythonScript (V0)
- Patch security vulnerabilities by bumping package dependencies (#22108)
- Localization update (#22166)
ServiceFabricUpdateManifests (V2)
- Localization update (#22166)
ShellScript (V2)
- Patch security vulnerabilities by bumping package dependencies (#22108)
SqlAzureDacpacDeployment (V1)
- Update openssl to 3.5.6 (#22072)
SqlDacpacDeploymentOnMachineGroup (V0)
- Import missing helper functions used in V2 commands (#22158)
Ssh (V0)
- Patch security vulnerabilities by bumping package dependencies (#22108)
TwineAuthenticate (V0)
- Localization update (#22166)
UniversalPackages (V0)
- UniversalPackagesV0/V1 - Validate ArtifactTool Installation within main task (#22099)
- Localization update (#22166)
UniversalPackages (V1)
- UniversalPackagesV0/V1 - Validate ArtifactTool Installation within main task (#22099)
- Localization update (#22166)
UseDotNet (V2)
- Fix
checkForExistingVersionignoring installed SDKs withuseGlobalJson+rollForward(#22060) - Patch security vulnerabilities by bumping package dependencies (#22108)
- Localization update (#22166)
UseNode (V1)
- Patch security vulnerabilities by bumping package dependencies (#22108)
- Localization update (#22166)
UsePythonVersion (V0)
- Patch security vulnerabilities by bumping package dependencies (#22108)
- Localization update (#22166)
UseRubyVersion (V0)
- Patch security vulnerabilities by bumping package dependencies (#22108)
VSBuild (V1)
- Localization update (#22166)
VsTest (V2)
- Localization update (#22166)
VsTest (V3)
- Update TestAgent.zip blob URL to build 31482278 (VsTestV3 only) (#22155)
- Localization update (#22166)
VsTestPlatformToolInstaller (V1)
- Upgrade dependencies to resolve security issues (#22137)
Xcode (V5)
- Patch security vulnerabilities by bumping package dependencies (#22108)
Contributors
xmldom