Closed
Description
openedon Jan 18, 2023
As described in https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/ the git version 2.38.1 currently shipped with the agent is vulnerable to two critical CVEs. Namely: CVE-2022-23521, CVE-2022-41903
The agent should be updated to ship a patched version like the most recent 2.39.1 to fix this.
It would also be interesting to know when/whether there will be a corresponding azure devops server security update.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
