Release history
azure-pipelines-tasks releases
Tasks for Azure Pipelines
All releases
17 shown
v273
Breaking risk
Breaking changes
- AzureCLIV1, DownloadGitHubNpmPackageV1, and DownloadGitHubNugetPackageV1 tasks deprecated
Security fixes
- @azure/msal-browser 4.27.0 vulnerability (MVS-2026-vmmw-f85q) patched across multiple tasks including AppServiceManage, AzureCLI, AzureFunctionApp, and AzureKeyVault
- Invoke-Expression security exploit prevented in SqlAzureDacpacDeploymentV1 and SqlDacpacDeploymentOnMachineGroupV0
- basic-ftp package vulnerability patched in FtpUploadV2
Notable features
- AzureCLIV3: Added support for installing Azure DevOps CLI extension from wheel files
Full changelog
Sprint 273
AppCenterDistribute (V3)
- Node 24 migration for AppCenterDistributeV3 (#21972) (2026-04-16)
AzureAppServiceManage (V0)
- Fix CG alerts 396991/396992: Resolve
@azure/msal-browser4.x vulnerability (MVS-2026-vmmw-f85q) (#21986) (2026-04-15)
AzureAppServiceSettings (V1)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzureCLI (V1)
- Deprecate AzureCLIV1, DownloadGitHubNpmPackageV1 & DownloadGitHubNugetPackageV1 tasks (#21950) (2026-04-16)
AzureCLI (V2)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzureCLI (V3)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)- Add empty stdout fallback for az version in AzureCLIV3 (#22009) (2026-04-16)
- Add support for installing the Azure DevOps CLI extension from a wheel file in the AzureCLIV3 task (#22010) (2026-04-16)
AzureFileCopy (V4)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzureFileCopy (V5)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzureFileCopy (V6)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzureFunctionAppContainer (V1)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzureFunctionApp (V1)
- Fix CG alerts 396991/396992: Resolve
@azure/msal-browser4.x vulnerability (MVS-2026-vmmw-f85q) (#21986) (2026-04-15)
AzureFunctionApp (V2)
- Fix CG alerts 396991/396992: Resolve
@azure/msal-browser4.x vulnerability (MVS-2026-vmmw-f85q) (#21986) (2026-04-15)
AzureFunctionOnKubernetes (V0)
- Fix CG alert 396992: Update dependencies to resolve
@azure/msal-browser4.x vulnerability (#21981) (2026-04-09)
AzureFunctionOnKubernetes (V1)
- Fix CG alert 396992: Update dependencies to resolve
@azure/msal-browser4.x vulnerability (#21981) (2026-04-09)
AzureFunction (V2)
- Users/rm dmiri/azure function v2 (#21925) (2026-04-14)
AzureKeyVault (V2)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzureMysqlDeployment (V1)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzurePowerShell (V4)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzurePowerShell (V5)
- Fix AzurePowerShellV5 parser error when endpoint data contains special character like “(“ (#21958) (2026-04-06)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzureResourceGroupDeployment (V2)
- Fix CG alerts 396991/396992: Resolve
@azure/msal-browser4.x vulnerability (MVS-2026-vmmw-f85q) (#21986) (2026-04-15)
AzureResourceManagerTemplateDeployment (V3)
- Fix CG alerts 396991/396992: Resolve
@azure/msal-browser4.x vulnerability (MVS-2026-vmmw-f85q) (#21986) (2026-04-15)
AzureRmWebAppDeployment (V3)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzureRmWebAppDeployment (V4)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzureRmWebAppDeployment (V5)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzureSpringCloud (V0)
- Update AzureSpringCloudV0 dependencies to fix vulnerabilities (#21945) (2026-04-06)
- Upgrade Node version to 24 for AzureSpringCloudV0 (#21971) (2026-04-13)
AzureVmssDeployment (V0)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzureVmssDeployment (V1)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzureWebAppContainer (V1)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
AzureWebApp (V1)
- Update package versions and increment task version for AzureWebApp task (#21959) (2026-04-08)
DownloadBuildArtifacts (V0)
- Add Node 24 migration for DownloadBuildArtifactsV0 (#22000) (2026-04-15)
DownloadGitHubNpmPackage (V1)
- Deprecate AzureCLIV1, DownloadGitHubNpmPackageV1 & DownloadGitHubNugetPackageV1 tasks (#21950) (2026-04-16)
DownloadGitHubNugetPackage (V1)
- Deprecate AzureCLIV1, DownloadGitHubNpmPackageV1 & DownloadGitHubNugetPackageV1 tasks (#21950) (2026-04-16)
FtpUpload (V2)
- updated basic-ftp package version to fix vulnerability in FtpUploadV2 task (#21957) (2026-04-06)
- Bump basic-ftp to version 5.3.0 in FtpUploadV2 task for vulnerability fixes (#22017) (2026-04-20)
JenkinsDownloadArtifacts (V1)
- Fix CG alerts 396991/396992: Resolve
@azure/msal-browser4.x vulnerability (MVS-2026-vmmw-f85q) (#21986) (2026-04-15)
JenkinsDownloadArtifacts (V2)
- Fix CG alerts 396991/396992: Resolve
@azure/msal-browser4.x vulnerability (MVS-2026-vmmw-f85q) (#21986) (2026-04-15)
KubeloginInstaller (V0)
Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability(#21990) (2026-04-15)
PowerShellOnTargetMachines (V3)
- Fix security issue for PowerShellOnTargetMachines@3 (#21968) (2026-04-15)
PublishSymbols (V2)
- Update azure-arm-rest in PublishSymbolsV2 (#21983) (2026-04-09)
SqlAzureDacpacDeployment (V1)
- Prevent security exploit in SqlAzureDacpacDeploymentV1 and SqlDacpacDeploymentOnMachineGroupV0 where Invoke-Expression is used (#21947) (2026-04-16)
- Fix /OutputPath conflict in DeployReport, DriftReport, and Script actions in SqlAzureDacpacDeploymentV1 (#21982) (2026-04-15)
SqlDacpacDeploymentOnMachineGroup (V0)
- Prevent security exploit in SqlAzureDacpacDeploymentV1 and SqlDacpacDeploymentOnMachineGroupV0 where Invoke-Expression is used (#21947) (2026-04-16)
UniversalPackages (V1)
- UniversalPackagesV1: Move AgentTool Install to preexecution step (#21948) (2026-04-08)
VsTest (V2)
- Fix vstest version parsing to handle non-numeric version strings (#22005) (2026-04-17)
VsTest (V3)
- Fix vstest version parsing to handle non-numeric version strings (#22005) (2026-04-17)
v272
Maintenance
Minor fixes and improvements.
Full changelog
Sprint 272
AzureAppServiceManage (V0)
- update task-lib and azure-arm-rest common package (#21942) (2026-03-27)
AzureAppServiceSettings (V1)
- update task-lib and azure-arm-rest common package (#21942) (2026-03-27)
AzureCLI (V2)
- Update task-lib version to 5.2.8 (#21941) (2026-03-27)
AzureCLI (V3)
- Update task-lib version to 5.2.8 (#21941) (2026-03-27)
AzureFunctionApp (V1)
- update task-lib and azure-arm-rest common package (#21942) (2026-03-27)
AzureFunctionApp (V2)
- update task-lib and azure-arm-rest common package (#21942) (2026-03-27)
AzureFunctionAppContainer (V1)
- update task-lib and azure-arm-rest common package (#21942) (2026-03-27)
AzureKeyVault (V2)
- Update task-lib version to 5.2.8 (#21941) (2026-03-27)
AzurePowerShell (V4)
- Update task-lib version to 5.2.8 (#21941) (2026-03-27)
AzurePowerShell (V5)
- Update task-lib version to 5.2.8 (#21941) (2026-03-27)
AzureResourceGroupDeployment (V2)
- update task-lib and azure-arm-rest common package (#21942) (2026-03-27)
AzureResourceManagerTemplateDeployment (V3)
- update task-lib and azure-arm-rest common package (#21942) (2026-03-27)
AzureRmWebAppDeployment (V3)
- update task-lib and azure-arm-rest common package (#21942) (2026-03-27)
AzureVmssDeployment (V0)
- update task-lib and azure-arm-rest common package (#21942) (2026-03-27)
AzureVmssDeployment (V1)
- update task-lib and azure-arm-rest common package (#21942) (2026-03-27)
AzureWebAppContainer (V1)
- update task-lib and azure-arm-rest common package (#21942) (2026-03-27)
DownloadPackage (V1)
- L0 functional coverage for DownloadPackageV1, and NuGetToolInstaller (V0/V1) (#21918) (2026-04-01)
JenkinsDownloadArtifacts (V1)
- update task-lib and azure-arm-rest common package (#21942) (2026-03-27)
JenkinsDownloadArtifacts (V2)
- update task-lib and azure-arm-rest common package (#21942) (2026-03-27)
KubeloginInstaller (V0)
- update task-lib and azure-arm-rest common package (#21942) (2026-03-27)
NuGetToolInstaller (V0)
- L0 functional coverage for DownloadPackageV1, and NuGetToolInstaller (V0/V1) (#21918) (2026-04-01)
NuGetToolInstaller (V1)
- L0 functional coverage for DownloadPackageV1, and NuGetToolInstaller (V0/V1) (#21918) (2026-04-01)
PublishTestResults (V2)
- Read retry-detection flag from pipeline variable/env (#21934) (2026-04-02)
UniversalPackages (V0)
- UniversalPackagesV0: Move ArtifactTool install to pre-execution step (#21939) (2026-03-26)
VSTest (V2)
- Fixing the Vstest issue with Powershell GetItemProperty (#21480) (2026-04-01)
VSTest (V3)
- Fixing the Vstest issue with Powershell GetItemProperty (#21480) (2026-04-01)
v271
Breaking risk
Breaking changes
- NodeToolV0, NpmV0, PipAuthV0, TwineAuthV0 tasks deprecated
Security fixes
- Command injection fixes in CMake, CopyFilesOverSSH, and Ssh tasks
Notable features
- Windows ARM64 architecture support across multiple tasks
- New Bicep Deploy Task V0 added
v270
Breaking risk
Breaking changes
- OpenSSL feature flag renamed in AzureFileCopy V1-6, AzurePowerShell V2-5, AzureCloudPowerShellDeployment V1-2
Security fixes
- Common package updates and OpenSSL version enhancements across tasks
Notable features
- Support for .NET 10 isolated model runtime
- Node 24 migration for multiple deployment tasks
v269
Breaking risk
Breaking changes
- PyPIPublisher V0 task deprecated
Security fixes
- OpenSSL version upgrades in VstsAzureRestHelpers
- jws package security patches across Azure and file copy tasks
Notable features
- Telemetry for RETIRE_AZURERM_POWERSHELL_MODULE flag
- HelmDeploy flag compatibility fixes for Helm 4.x
v268
Breaking risk
Breaking changes
- CondaEnvironmentV0 and PyPIPublisherV0 tasks deprecated
Security fixes
- Vulnerability fixes in AzureRmWebAppDeployment V3, V4, V5
- jws package security patches across multiple tasks
Notable features
- Late-bound idToken support with telemetry in AzureCLIV3
- Node 24 runtime migration across 70+ tasks
v267
Breaking risk
Breaking changes
- USE_FIXED_AZ_CONFIG_INIT flag removed from multiple Azure authentication tasks
Security fixes
- Vulnerability fixes in AzureFunctionApp, AzureFunctionOnKubernetes, and node-forge dependencies
Notable features
- Visual Studio 2026 MSBuild 18 support in SqlAzureDacpacDeployment and VSTest
- GitHub API rate limit error handling in KubeloginInstaller
v266
Security relevant
Security fixes
- Package vulnerability fixes in ANTV1 task
Notable features
- JDK 17 and JDK 20 support in ANTV1
- MSBuild V18 support in MSBuildV1 and VSBuildV1
- HelmInstaller pre-release filter improvements
v265
Maintenance
Notable features
- 7zip version updated to 25.01
- Docker common package version updated across tasks
- Fixed linuxfxversion mapping in AzureWebAppContainer
v263
Maintenance
OpenSSL and library dependencies updated across numerous tasks.
v262
Security relevant
Security fixes
- Form-data package vulnerability patched across Android, AppCenter, Docker, Helm, and authentication tasks
Notable features
- Azure App Service sidecar and blessed scenario support
- Secure files updated to newer version
- Artifact-common package updated across authentication tasks
v261
Security relevant
Security fixes
- Form-data package vulnerability fixes across Jenkins, Maven, VsTest, and Xcode tasks
- CG security fixes in AzureFunctionApp, AzureVmssDeployment, and AzureSpringCloud tasks
Notable features
- java-client upgrade from 7.6.0 to 9.4.0 in appcenter-cli
- Resolve-Error fix in AzurePowerShell V5
v260
Breaking risk
Breaking changes
- DeployVisualStudioTestAgentV2 task removed
Security fixes
- Lodash package CG fix in AzureSpringCloud and ContainerBuild
- qs package vulnerability fix for v6.5.2
Notable features
- New Az account check feature flag in AzureFileCopy V6
- Gradle V3 logging improvements
v259
Breaking risk
Breaking changes
- Msal-node dependency upgraded from v2 to v3 in authentication tasks
Notable features
- Playwright JavaScript and TypeScript support added to AzureTestPlanV0
- Tool version validation added before execution
- XML target parameter warning in FileTransform V2
v258
Security relevant
Security fixes
- minimatch version upgraded to address MSRC vulnerability in multiple file handling tasks
Notable features
- AzCopy.exe upgraded to 10.29.1 with version-based Az.accounts module selection
- Site extension installation versioning support in AzureAppServiceManage