Skip to content

azure-pipelines-tasks

v274 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 20d Pipelines
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 3 known CVEs

Affected surfaces

deps crypto_tls

Summary

AI summary

AppCenterTestV1, AppCenterDistributeV1, and AppCenterDistributeV2 tasks are removed.

Full changelog

Sprint 274

ANT (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AndroidSigning (V2)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

AndroidSigning (V3)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

AppCenterDistribute (V1)

  • Remove AppCenterTestV1, AppCenterDistributeV1, AppCenterDistributeV2 task from the repository (#22031) (2026-04-28)

AppCenterDistribute (V2)

  • Remove AppCenterTestV1, AppCenterDistributeV1, AppCenterDistributeV2 task from the repository (#22031) (2026-04-28)

AppCenterDistribute (V3)

  • Updated basic-ftp package to fix vulnerability in AppCenterDistributeV3 task (#22087) (2026-04-30)

AppCenterTest (V1)

  • Remove AppCenterTestV1, AppCenterDistributeV1, AppCenterDistributeV2 task from the repository (#22031) (2026-04-28)

ArchiveFiles (V2)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

AzureAppServiceManage (V0)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)

AzureAppServiceSettings (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureCLI (V1)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureCLI (V2)

  • feat(AzureCLI): Implement security enhancements for scriptArguments validation (#22066) (2026-04-28)
  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureCLI (V3)

  • feat(AzureCLI): Implement security enhancements for scriptArguments validation (#22066) (2026-04-28)
  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureCloudPowerShellDeployment (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)

AzureCloudPowerShellDeployment (V2)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)

AzureContainerApps (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

AzureContainerApps (V1)

  • Add parameter array to prevent command injection (#21920) (2026-05-07)
  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureFileCopy (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)

AzureFileCopy (V2)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)

AzureFileCopy (V3)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)

AzureFileCopy (V4)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)

AzureFileCopy (V5)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)

AzureFileCopy (V6)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureFunctionAppContainer (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Fix CVE-2026-41672: Update @xmldom/xmldom 0.8.12 to 0.8.13 (CG Alert 433157) (#22096) (2026-05-05)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureFunctionApp (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Fix CVE-2026-41672: Update @xmldom/xmldom 0.8.12 to 0.8.13 (CG Alert 433157) (#22096) (2026-05-05)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)
  • Fix symlink regression: bump webdeployment-common to ^4.274.1 in AzureFunctionAppV1 and V2 (#22168) (2026-05-14)

AzureFunctionApp (V2)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Fix CVE-2026-41672: Update @xmldom/xmldom 0.8.12 to 0.8.13 (CG Alert 433157) (#22096) (2026-05-05)
  • Fix symlink regression: bump webdeployment-common to ^4.274.1 in AzureFunctionAppV1 and V2 (#22168) (2026-05-14)

AzureFunctionOnKubernetes (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)

AzureFunction (V1)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureIoTEdge (V2)

  • Update docker-common package in AzureIoTEdgeV2 task (#21848) (2026-04-28)
  • Localization update (#22128) (2026-05-05)
  • Updated required version to fix vulnerabilities in AzureIoTEdgeV2 task (#22129) (2026-05-07)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureKeyVault (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)

AzureKeyVault (V2)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Users/razvanmanole/fix crlf smuggling keyvault v2 (#22146) (2026-05-07)

AzureMysqlDeployment (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Fix CVE-2026-41672: Update @xmldom/xmldom 0.8.12 to 0.8.13 (CG Alert 433157) (#22096) (2026-05-05)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureMysqlDeployment (V2)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Fix CVE-2026-41672: Upgrade webdeployment-common to 4.274.0 in AzureMysqlDeploymentV2 (#22098) (2026-05-05)

AzurePowerShell (V2)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)

AzurePowerShell (V3)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)

AzurePowerShell (V4)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)

AzurePowerShell (V5)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureResourceGroupDeployment (V2)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureResourceManagerTemplateDeployment (V3)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureRmWebAppDeployment (V3)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Fix CVE-2026-41672: Update @xmldom/xmldom 0.8.12 to 0.8.13 (CG Alert 433157) (#22096) (2026-05-05)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureRmWebAppDeployment (V4)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Fix CVE-2026-41672: Update @xmldom/xmldom 0.8.12 to 0.8.13 (CG Alert 433157) (#22096) (2026-05-05)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureRmWebAppDeployment (V5)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Fix CVE-2026-41672: Update @xmldom/xmldom 0.8.12 to 0.8.13 (CG Alert 433157) (#22096) (2026-05-05)

AzureSpringCloud (V0)

  • Bump azure-pipelines-tasks-webdeployment-common to version 4.274.0 an… (#22094) (2026-05-05)
  • Updated required version to fix vulnerabilities in AzureSpringCloudV0 (#22115) (2026-05-06)

AzureStaticWebApp (V0)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureTestPlan (V0)

  • Update docker-common package in AzureTestPlanV0 and ContainerStructureTestV0 tasks (#21985) (2026-04-29)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureVmssDeployment (V0)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureVmssDeployment (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)

AzureWebAppContainer (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Fix CVE-2026-41672: Update @xmldom/xmldom 0.8.12 to 0.8.13 (CG Alert 433157) (#22096) (2026-05-05)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

AzureWebApp (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Fix CG alert: update webdeployment-common to 4.274.0 to resolve @xmld… (#22093) (2026-05-01)
  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

Bash (V3)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

BicepDeploy (V0)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

CMake (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

CUrlUploader (V2)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

CacheBeta (V1)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

Cache (V2)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

CmdLine (V2)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

CocoaPods (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

CondaAuthenticate (V0)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

CondaEnvironment (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

CondaEnvironment (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

ContainerBuild (V0)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)

ContainerStructureTest (V0)

  • Update docker-common package in AzureTestPlanV0 and ContainerStructureTestV0 tasks (#21985) (2026-04-29)
  • Deprecating the ContainerStructureTest task (#22088) (2026-04-29)

CopyFilesOverSSH (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

CopyFiles (V2)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

DecryptFile (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

DeleteFiles (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

Docker (V2)

  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)

DotNetCoreCLI (V2)

  • Fix findGlobalJsonFile boundary check for custom checkout paths (#21989) (#22001) (2026-05-11)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

DotNetCoreInstaller (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

DotNetCoreInstaller (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

DownloadFileshareArtifacts (V1)

  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)

DownloadGitHubNpmPackage (V1)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

DownloadGitHubNugetPackage (V1)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

DownloadSecureFile (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

ExtractFiles (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

FileTransform (V1)

  • Fix CG alert: update webdeployment-common to 4.274.0 to resolve @xmld… (#22093) (2026-05-01)

FileTransform (V2)

  • Fix CG alert: update webdeployment-common to 4.274.0 to resolve @xmld… (#22093) (2026-05-01)
  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

FtpUpload (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

FtpUpload (V2)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

FuncToolsInstaller (V0)

  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)

GitHubComment (V0)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

GitHubRelease (V1)

  • Fix GitHubReleaseV1 issueid regex to avoid referencing incorrect issues (#22073) (2026-04-28)
  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)
  • Add tests for issueregex in GithubReleaseV1 (#22107) (2026-05-04)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

GoTool (V0)

  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

Go (V0)

  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)

Gradle (V2)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

Gradle (V3)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

Grunt (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

Gulp (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

Gulp (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

HelmDeploy (V0)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)

HelmDeploy (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)

HelmInstaller (V1)

  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)

IISWebAppDeploymentOnMachineGroup (V0)

  • Fix CG alert: update webdeployment-common to 4.274.0 to resolve @xmld… (#22093) (2026-05-01)
  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

InstallAppleCertificate (V2)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

InstallAppleProvisioningProfile (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

InstallSSHKey (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

InvokeRestApi (V1)

  • Add Azure DevOps service connection (WorkloadIdentityUser) support to InvokeRestAPI@1 (#22147) (2026-05-08)
  • Localization update (#22166) (2026-05-12)

JavaToolInstaller (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

JavaToolInstaller (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

JenkinsDownloadArtifacts (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)

JenkinsDownloadArtifacts (V2)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)
  • JenkinsDownloadArtifactsV2: include Node 24 in extract-zip path (AB#2392160) (#22164) (2026-05-12)

JenkinsQueueJob (V2)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

KubectlInstaller (V0)

  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)

KubeloginInstaller (V0)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

KubernetesManifest (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

Kubernetes (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)

MSBuild (V1)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

ManualValidation (V1)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

MavenAuthenticate (V0)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

Maven (V4)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

MysqlDeploymentOnMachineGroup (V1)

  • Fix CG alert: update webdeployment-common to 4.274.0 to resolve @xmld… (#22093) (2026-05-01)

NodeTool (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

Notation (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

NpmAuthenticate (V0)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

Npm (V0)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

NuGetAuthenticate (V1)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

NuGetCommand (V2)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Add timeout option to nuget command task (#22152) (2026-05-09)
  • Localization update (#22166) (2026-05-12)

NuGetRestore (V1)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

NuGetToolInstaller (V0)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

PackerBuild (V1)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

PipAuthenticate (V0)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

PowerShell (V2)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

PublishBuildArtifacts (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

PublishCodeCoverageResults (V2)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

PublishPipelineMetadata (V0)

  • Update package dependencies and fix security vulnerabilities (#22100) (2026-05-04)

PublishSymbols (V2)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)
  • Upgrade PublishSymbolsV2 to Node24 (#22097) (2026-05-01)
  • Update node24 publishsymbolsv2 task changes as suggested (#22120) (2026-05-05)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

PublishTestResults (V1)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

PublishToAzureServiceBus (V1)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

PyPIPublisher (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

PythonScript (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

ServiceFabricUpdateManifests (V2)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

ShellScript (V2)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

SqlAzureDacpacDeployment (V1)

  • Update openssl to 3.5.6 (#22072) (2026-04-29)

SqlDacpacDeploymentOnMachineGroup (V0)

  • Import missing helper functions used in V2 commands (#22158) (2026-05-12)

Ssh (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

TwineAuthenticate (V0)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

UniversalPackages (V0)

  • UniversalPackagesV0/V1 - Validate ArtifactTool Installation within main task (#22099) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

UniversalPackages (V1)

  • UniversalPackagesV0/V1 - Validate ArtifactTool Installation within main task (#22099) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

UseDotNet (V2)

  • Fix checkForExistingVersion ignoring installed SDKs with useGlobalJson + rollForward (#22060) (2026-04-28)
  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

UseNode (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

UsePythonVersion (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)
  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

UseRubyVersion (V0)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

VSBuild (V1)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

VsTest (V2)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Localization update (#22166) (2026-05-12)

VsTest (V3)

  • Localization update (#22128) (2026-05-05)
  • Revert "Localization update (#22128)" (#22132) (2026-05-05)
  • Update TestAgent.zip blob URL to build 31482278 (VsTestV3 only) (#22155) (2026-05-12)
  • Localization update (#22166) (2026-05-12)

XamarinAndroid (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

XamarinTestCloud (V1)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

XamariniOS (V2)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

Xcode (V5)

  • Patch security vulnerabilities by bumping package dependencies (#22108) (2026-05-06)

Breaking Changes

  • Removed AppCenterTestV1, AppCenterDistributeV1, and AppCenterDistributeV2 tasks from the repository.

Security Fixes

  • CVE-2026-41672 – Updated @xmldom/xmldom from 0.8.12 to 0.8.13.
  • dep: Patch security vulnerabilities by bumping package dependencies (issue #22108).
  • Update openssl to version 3.5.6.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track azure-pipelines-tasks

Get notified when new releases ship.

Sign up free

About azure-pipelines-tasks

Tasks for Azure Pipelines

All releases →

Related context

Beta — feedback welcome: [email protected]