If you are accessing this page from a non-English language version, and want to see the most up-to-date content, please visit this Release Notes page in English. You can change the language of this page by clicking the globe icon in the page footer and selecting your desired language.
In this article, you will find information regarding the newest release for Team Foundation Server 2018. Click the button to download.
To learn more about Team Foundation Server 2018, see the Team Foundation Server Requirements and Compatibility page. Visit the visualstudio.com/downloads page to download other TFS 2018 products.
Direct upgrade to Team Foundation Server 2018 Update 3 is supported from TFS 2012 and newer. If your TFS deployment is on TFS 2010 or earlier, you need to perform some interim steps before upgrading to TFS 2018 Update 3. Please see the chart below and the TFS Install page for more information.
You do not need to upgrade to TFS 2018 RTM before upgrading to TFS 2018 Update 3.
Release Date: July 9, 2019
Team Foundation Server 2018 Update 3.2 Patch 5
- CVE-2019-1072: Remote code execution vulnerability in work item tracking
- CVE-2019-1076: Cross site scripting (XSS) vulnerability in pull requests
Release Date: May 14, 2019
Team Foundation Server 2018 Update 3.2 Patch 4
- CVE-2019-0872: Cross site scripting (XSS) vulnerability in the Test Plans
- CVE-2019-0971: Information disclosure vulnerability in the Repos API
- CVE-2019-0979: Cross site scripting (XSS) vulnerability in the User hub
Release Date: April 9, 2019
Team Foundation Server 2018 Update 3.2 Patch 3
- CVE-2019-0866: Remote code execution vulnerability in Pipelines
- CVE-2019-0867: Cross site scripting (XSS) vulnerability in Pipelines
- CVE-2019-0868: Cross site scripting (XSS) vulnerability in Pipelines
- CVE-2019-0870: Cross site scripting (XSS) vulnerability in Pipelines
- CVE-2019-0871: Cross site scripting (XSS) vulnerability in Pipelines
Release Date: March 12, 2019
Team Foundation Server 2018 Update 3.2 Patch 2
We have released a security patch for TFS 2018 Update 3.2 that fixes the following bug. Please see the blog post for more information.
- CVE-2019-0777: Cross site scripting (XSS) vulnerability in Pipelines
Release Date: February 12, 2019
Team Foundation Server 2018 Update 3.2 Patch 1
We have released a security patch for TFS 2018 Update 3.2 that fixes the following bugs. Please see the blog post for more information.
- CVE-2019-0742: Cross site scripting (XSS) vulnerability in work items
- CVE-2019-0743: Cross site scripting (XSS) vulnerability in pull requests
Release Date: February 5, 2019
Team Foundation Server 2018 Update 3.2
We have updated Team Foundation Server 2018 Update 3.2 with a new build to fix an issue where customers may see errors doing a variety of Team Foundation Version Control (TFVC) operations such as: tracking changesets, checking history or any branch related operations. For more information, see the blog post.
Release Date: January 14, 2019
Team Foundation Server 2018 Update 3.2
The TFS Database Import Service currently doesn't support TFS 2018 Update 3.2. We're working on adding support, but that can take up to two weeks. You can see our list of currently supported versions for import here.
This release includes fixes for the following bugs. Please see the blog post for more information.
- CVE-2019-0646: Cross site scripting (XSS) vulnerability.
- CVE-2019-0647: Task groups may incorrectly show variables that are marked as secret.
- "TFS.WebApi.Exception: Service endpoint Url change requires all the confidential parameters to be provided. Please retry operation by providing value for parameter: Password." error when trying to update a SonarQube service endpoint.
- Some extensions cause a blank User hub.
- Database size continues to grow after builds are deleted.
It also includes performance improvements for Team Foundation Version Control.
Release Date: November 5, 2018
Team Foundation Server 2018 Update 3.1
This release includes a fix for a cross site scripting (XSS) vulnerability. We recommend upgrading to TFS 2018 Update 3.1. If TFS 2018 Update 3 is already installed, this patch includes the security fix.
Release Date: September 12, 2018
Summary of What's New in TFS 2018 Update 3
Team Foundation Server 2018 Update 3 includes bug fixes for Team Foundation Server 2018. It includes fixes in the following areas:
Details of the bugs fixed in TFS 2018 Update 3
- "There is a problem on the server" error appears in Visual Studio when doing a code review.
- Large TFVC repos take a long time for search indexing. Users can now exclude folders from indexing to speed it up.
- Code search may be slow on collections with a high number of files.
- When code search jobs fail, job yield data is deleted, which causes the next jobs to restart indexing.
- Code search considers the underscore as a special character when it shouldn't.
- A security patch for Git clients was released since TFS 2018 Update 2. To protect unpatched Git clients, we made a change in TFS 2018 Update 3 to reject pushes that exploit the vulnerability. For more information, see Remediating the May 2018 Git Security Vulnerability.
- The + icon is missing on the backlog page.
- The Name and DisplayName properties are not set in all legacy work items APIs.
- The attachments REST API does not support a FileID parameter to set the attachment URL.
- Work item resources and attachment resources sometimes returned project-scoped URLs, which were breaking backwards compatibility.
Build and Release
- Builds are not getting deleted based on the build retention policy.
- Deleting a build does not delete the drop location or symbols.
- A build will not queue if the build number format string results in an invalid build number.
- Build task versions get automatically updated when upgrading TFS.
- Performance issues in XAML builds with many build definitions.
- Build definitions migrated from TFS 2017 get a "definition.Repository.Mappings.Mapping.LocalPath" error.
- The link to Jira items from the Release Summary or Deploy Environment pop up does not work.
- A pending approval notification for a deployment is not delivered when TFS is installed in German locale.
- Task groups variable detection has started recognizing Build.BinariesDirectory as a system variable.
- "Cannot insert duplicate key row in object 'Release.tbl_TagString' with unique index 'PK_tbl_TagString'" error when adding a tag to a release.
- Deployments get cancelled if gates evaluation exceeds six hours.
- "TF400898 An internal error occurred. ActivityId" error occurs when adding or editing artifacts in release definitions.
- Release variables like Release.Reason can be used in custom phase conditions.
- "Lock Hierarchy violation" error occurs when deleting deployment pools.
- A release job fails when a path variable has square brackets.
- Azure Virtual Machine Scale Sets are not updated when the deployment script is updated.
- A release definition does not save when a user with edit release definition permissions, but no release approver permissions tries to edit the definition.
- The Azure App Service Deploy task version 3 is now available.
- The error, "Expecting end of string. The error is caused by <<->>" occurs when loading test suites.
- "Argument out of range" error occurs when clicking on the New Test Case button.
- The Release Path of a bug is incorrectly changed after linking it to a Test Result.
- The Test Run is In Progress even though the test is marked as pass or fail.
- When invoking the Update Test Result API and passing the same test result multiple times, a primary key violation exception is raised from SQL.
- Exporting a test case with shared steps to email may fail due to email size limits.
- The Title column pastes incorrectly from Excel when using Add New Tests with the grid.
- In the Test Plan grid view, the shared step names are not escaped correctly, such as with the '<' character.
- TFSConfig addProjectReports does not add reports if the folder already exists.
- When TFS databases are hosted on non-enterprise edition of SQL Server 2016 SP1 or above, page compression is not enabled on several tables during upgrade from TFS 2012 or 2013, which has a negative impact on upgrade and runtime performance.
- "Update PR Merge service hook subscriptions" error occurs when upgrading to TFS 2018.
- The Configure-GvfsCacheServer.psm1 file is being copied during TFS Proxy installs, even though the file cannot be used to configure the proxy.
- "TF400856: The following service is not registered in the database" error occurs when running TFSConfig OfflineDetach.
- Indexes are automatically enabled in the node configuration of Elastic Search.
- Re-indexing is not triggered when Elastic Search is newly configured and has stale data.
- In case of high-volume job failures, the search indexer pipeline does not throttle itself and has potential high resource usage.
- The Elastic Search service installation fails if the ES_JAVA_OPTS environment variable is set.
- When a collection is deleted, collection-level search records are not deleted.
- The process template editor displays errors such as "Requested value 'MANAGE_TEST_SUITES' was not found".
- The process template editor incorrectly shows the collection name in some identities while editing a workflow.
- When setting up a service hook on a code branch, the branch is set back to [Any] after saving.
- There are mail delivery errors due to a small timeout value.
- CVE-2018-8529: Basic authorization is now enabled on the communication between the TFS and Search services to make it more secure. Any user installing or upgrading to Update 3 will need to provide a user name / password while configuring Search (and also during Search Service setup in case of remote Search Service).
- "The user does not have a license for the extension" error occurs when purchasing or assigning licenses to extensions.
We would love to hear from you! You can report a problem and track it through Developer Community and get advice on Stack Overflow. As always, if you have ideas on things you would like to see us prioritize, head over to UserVoice to add your idea or vote for an existing one.