Skip to content

azure-pipelines-tasks

Pipelines

Tasks for Azure Pipelines

Track releases GitHub Website
TypeScript Latest v274 · 20d ago Security brief →

Features

  • Provides open examples for writing Azure Pipelines build/release tasks
  • Shows how to integrate custom tool runners (MSBuild, VSTest) into pipelines
  • Offers guidance on uploading custom tasks via TFS Cross Platform CLI or as an extension

Recent releases

View all 17 releases →
Upgrade now
v274 Breaking risk
Dependencies Crypto / TLS

Removed AppCenter tasks

Open
v273 Breaking risk
Breaking changes
  • AzureCLIV1, DownloadGitHubNpmPackageV1, and DownloadGitHubNugetPackageV1 tasks deprecated
Security fixes
  • @azure/msal-browser 4.27.0 vulnerability (MVS-2026-vmmw-f85q) patched across multiple tasks including AppServiceManage, AzureCLI, AzureFunctionApp, and AzureKeyVault
  • Invoke-Expression security exploit prevented in SqlAzureDacpacDeploymentV1 and SqlDacpacDeploymentOnMachineGroupV0
  • basic-ftp package vulnerability patched in FtpUploadV2
Notable features
  • AzureCLIV3: Added support for installing Azure DevOps CLI extension from wheel files
Full changelog

Sprint 273

AppCenterDistribute (V3)

  • Node 24 migration for AppCenterDistributeV3 (#21972) (2026-04-16)

AzureAppServiceManage (V0)

  • Fix CG alerts 396991/396992: Resolve @azure/msal-browser 4.x vulnerability (MVS-2026-vmmw-f85q) (#21986) (2026-04-15)

AzureAppServiceSettings (V1)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzureCLI (V1)

  • Deprecate AzureCLIV1, DownloadGitHubNpmPackageV1 & DownloadGitHubNugetPackageV1 tasks (#21950) (2026-04-16)

AzureCLI (V2)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzureCLI (V3)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)
  • Add empty stdout fallback for az version in AzureCLIV3 (#22009) (2026-04-16)
  • Add support for installing the Azure DevOps CLI extension from a wheel file in the AzureCLIV3 task (#22010) (2026-04-16)

AzureFileCopy (V4)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzureFileCopy (V5)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzureFileCopy (V6)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzureFunctionAppContainer (V1)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzureFunctionApp (V1)

  • Fix CG alerts 396991/396992: Resolve @azure/msal-browser 4.x vulnerability (MVS-2026-vmmw-f85q) (#21986) (2026-04-15)

AzureFunctionApp (V2)

  • Fix CG alerts 396991/396992: Resolve @azure/msal-browser 4.x vulnerability (MVS-2026-vmmw-f85q) (#21986) (2026-04-15)

AzureFunctionOnKubernetes (V0)

  • Fix CG alert 396992: Update dependencies to resolve @azure/msal-browser 4.x vulnerability (#21981) (2026-04-09)

AzureFunctionOnKubernetes (V1)

  • Fix CG alert 396992: Update dependencies to resolve @azure/msal-browser 4.x vulnerability (#21981) (2026-04-09)

AzureFunction (V2)

  • Users/rm dmiri/azure function v2 (#21925) (2026-04-14)

AzureKeyVault (V2)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzureMysqlDeployment (V1)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzurePowerShell (V4)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzurePowerShell (V5)

  • Fix AzurePowerShellV5 parser error when endpoint data contains special character like “(“ (#21958) (2026-04-06)
  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzureResourceGroupDeployment (V2)

  • Fix CG alerts 396991/396992: Resolve @azure/msal-browser 4.x vulnerability (MVS-2026-vmmw-f85q) (#21986) (2026-04-15)

AzureResourceManagerTemplateDeployment (V3)

  • Fix CG alerts 396991/396992: Resolve @azure/msal-browser 4.x vulnerability (MVS-2026-vmmw-f85q) (#21986) (2026-04-15)

AzureRmWebAppDeployment (V3)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzureRmWebAppDeployment (V4)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzureRmWebAppDeployment (V5)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzureSpringCloud (V0)

  • Update AzureSpringCloudV0 dependencies to fix vulnerabilities (#21945) (2026-04-06)
  • Upgrade Node version to 24 for AzureSpringCloudV0 (#21971) (2026-04-13)

AzureVmssDeployment (V0)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzureVmssDeployment (V1)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzureWebAppContainer (V1)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

AzureWebApp (V1)

  • Update package versions and increment task version for AzureWebApp task (#21959) (2026-04-08)

DownloadBuildArtifacts (V0)

  • Add Node 24 migration for DownloadBuildArtifactsV0 (#22000) (2026-04-15)

DownloadGitHubNpmPackage (V1)

  • Deprecate AzureCLIV1, DownloadGitHubNpmPackageV1 & DownloadGitHubNugetPackageV1 tasks (#21950) (2026-04-16)

DownloadGitHubNugetPackage (V1)

  • Deprecate AzureCLIV1, DownloadGitHubNpmPackageV1 & DownloadGitHubNugetPackageV1 tasks (#21950) (2026-04-16)

FtpUpload (V2)

  • updated basic-ftp package version to fix vulnerability in FtpUploadV2 task (#21957) (2026-04-06)
  • Bump basic-ftp to version 5.3.0 in FtpUploadV2 task for vulnerability fixes (#22017) (2026-04-20)

JenkinsDownloadArtifacts (V1)

  • Fix CG alerts 396991/396992: Resolve @azure/msal-browser 4.x vulnerability (MVS-2026-vmmw-f85q) (#21986) (2026-04-15)

JenkinsDownloadArtifacts (V2)

  • Fix CG alerts 396991/396992: Resolve @azure/msal-browser 4.x vulnerability (MVS-2026-vmmw-f85q) (#21986) (2026-04-15)

KubeloginInstaller (V0)

  • Fix CG alert 396990: Update azure-arm-rest to resolve @azure/msal-browser 4.27.0 vulnerability (#21990) (2026-04-15)

PowerShellOnTargetMachines (V3)

  • Fix security issue for PowerShellOnTargetMachines@3 (#21968) (2026-04-15)

PublishSymbols (V2)

  • Update azure-arm-rest in PublishSymbolsV2 (#21983) (2026-04-09)

SqlAzureDacpacDeployment (V1)

  • Prevent security exploit in SqlAzureDacpacDeploymentV1 and SqlDacpacDeploymentOnMachineGroupV0 where Invoke-Expression is used (#21947) (2026-04-16)
  • Fix /OutputPath conflict in DeployReport, DriftReport, and Script actions in SqlAzureDacpacDeploymentV1 (#21982) (2026-04-15)

SqlDacpacDeploymentOnMachineGroup (V0)

  • Prevent security exploit in SqlAzureDacpacDeploymentV1 and SqlDacpacDeploymentOnMachineGroupV0 where Invoke-Expression is used (#21947) (2026-04-16)

UniversalPackages (V1)

  • UniversalPackagesV1: Move AgentTool Install to preexecution step (#21948) (2026-04-08)

VsTest (V2)

  • Fix vstest version parsing to handle non-numeric version strings (#22005) (2026-04-17)

VsTest (V3)

  • Fix vstest version parsing to handle non-numeric version strings (#22005) (2026-04-17)
View release on GitHub
v272 Maintenance

Minor fixes and improvements.

Full changelog

Sprint 272

AzureAppServiceManage (V0)

  • update task-lib and azure-arm-rest common package (#21942) (2026-03-27)

AzureAppServiceSettings (V1)

  • update task-lib and azure-arm-rest common package (#21942) (2026-03-27)

AzureCLI (V2)

  • Update task-lib version to 5.2.8 (#21941) (2026-03-27)

AzureCLI (V3)

  • Update task-lib version to 5.2.8 (#21941) (2026-03-27)

AzureFunctionApp (V1)

  • update task-lib and azure-arm-rest common package (#21942) (2026-03-27)

AzureFunctionApp (V2)

  • update task-lib and azure-arm-rest common package (#21942) (2026-03-27)

AzureFunctionAppContainer (V1)

  • update task-lib and azure-arm-rest common package (#21942) (2026-03-27)

AzureKeyVault (V2)

  • Update task-lib version to 5.2.8 (#21941) (2026-03-27)

AzurePowerShell (V4)

  • Update task-lib version to 5.2.8 (#21941) (2026-03-27)

AzurePowerShell (V5)

  • Update task-lib version to 5.2.8 (#21941) (2026-03-27)

AzureResourceGroupDeployment (V2)

  • update task-lib and azure-arm-rest common package (#21942) (2026-03-27)

AzureResourceManagerTemplateDeployment (V3)

  • update task-lib and azure-arm-rest common package (#21942) (2026-03-27)

AzureRmWebAppDeployment (V3)

  • update task-lib and azure-arm-rest common package (#21942) (2026-03-27)

AzureVmssDeployment (V0)

  • update task-lib and azure-arm-rest common package (#21942) (2026-03-27)

AzureVmssDeployment (V1)

  • update task-lib and azure-arm-rest common package (#21942) (2026-03-27)

AzureWebAppContainer (V1)

  • update task-lib and azure-arm-rest common package (#21942) (2026-03-27)

DownloadPackage (V1)

  • L0 functional coverage for DownloadPackageV1, and NuGetToolInstaller (V0/V1) (#21918) (2026-04-01)

JenkinsDownloadArtifacts (V1)

  • update task-lib and azure-arm-rest common package (#21942) (2026-03-27)

JenkinsDownloadArtifacts (V2)

  • update task-lib and azure-arm-rest common package (#21942) (2026-03-27)

KubeloginInstaller (V0)

  • update task-lib and azure-arm-rest common package (#21942) (2026-03-27)

NuGetToolInstaller (V0)

  • L0 functional coverage for DownloadPackageV1, and NuGetToolInstaller (V0/V1) (#21918) (2026-04-01)

NuGetToolInstaller (V1)

  • L0 functional coverage for DownloadPackageV1, and NuGetToolInstaller (V0/V1) (#21918) (2026-04-01)

PublishTestResults (V2)

  • Read retry-detection flag from pipeline variable/env (#21934) (2026-04-02)

UniversalPackages (V0)

  • UniversalPackagesV0: Move ArtifactTool install to pre-execution step (#21939) (2026-03-26)

VSTest (V2)

  • Fixing the Vstest issue with Powershell GetItemProperty (#21480) (2026-04-01)

VSTest (V3)

  • Fixing the Vstest issue with Powershell GetItemProperty (#21480) (2026-04-01)
View release on GitHub
v271 Breaking risk
Breaking changes
  • NodeToolV0, NpmV0, PipAuthV0, TwineAuthV0 tasks deprecated
Security fixes
  • Command injection fixes in CMake, CopyFilesOverSSH, and Ssh tasks
Notable features
  • Windows ARM64 architecture support across multiple tasks
  • New Bicep Deploy Task V0 added
View release on GitHub
v270 Breaking risk
Breaking changes
  • OpenSSL feature flag renamed in AzureFileCopy V1-6, AzurePowerShell V2-5, AzureCloudPowerShellDeployment V1-2
Security fixes
  • Common package updates and OpenSSL version enhancements across tasks
Notable features
  • Support for .NET 10 isolated model runtime
  • Node 24 migration for multiple deployment tasks
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
3,642
Forks
2,689
Languages
TypeScript PowerShell JavaScript
Downloads/week
2
NPM Maintainers
1
Contributors
100
View on GitHub View on npm Homepage

Install & Platforms

Platforms
windows macos linux

Similar tools

azure-pipelines-agent
pipeline
tasks
raiyanyahya/build-pipe

Beta — feedback welcome: [email protected]