1

I have a server which is registered with an Azure DevOps Pipeline Environment which has come up in a security scan that a few npm packages used by CopyFiles task have vulnerabilities. The version of the task on the server is 2.246, checked the latest version 2.256 & it seems like the packages have been updated.

My problem is I can't seem to get the deployment job to download a latter version than [email protected], I've deleted the task to which causes a redownload of v2.246.

I've updated the pipeline to specify [email protected] but still downloaded v2.246.

How do I update the copy files task to a newer version?

Deployment job YAML below besides paths.

- deployment: DeployJob
  dependsOn: CreateArtifactJob
  condition: eq(variables['Build.SourceBranch'], 'refs/heads/main')
  workspace:
    clean: all
  environment: 
    name: Asset
    resourceType: virtualMachine
  strategy:
    runOnce:
      deploy:
        steps:
        - task: CopyFiles@2
          displayName: 'Copy website'
          inputs:
            SourceFolder: '$(Pipeline.Workspace)\Artifact\subfolder\'
            Contents: '**'
            TargetFolder: 'dest path'
            OverWrite: True

        - task: CopyFiles@2
          displayName: 'Copy application'
          inputs:
            SourceFolder: '$(Pipeline.Workspace)\Artifact\subfolder\'
            Contents: '**'
            TargetFolder: 'dest path'
            OverWrite: True

Edit: We use Azure DevOps Services.

Improve this question
4
  • Agent OS? Can you clarify what you mean by "deleted the task" and "specified @2.256.0"? Commented Oct 31 at 19:15
  • Can you clarify which Azure DevOps Server version (on-prem) you are using, or if you're using Azure DevOps Services (dev.azure.com)? Commented Oct 31 at 19:16
  • Changed the task from CopyFiles@2 to [email protected]. By deleted I mean gone to the agent folder on the server we’re deploying to, _work/tasks/ then deleted the copy task directory in there. We’re on Azure DevOps Services. Commented Oct 31 at 23:38
  • Assuming you can see 2.256 in https://dev.azure.com/<your-org>/_apis/distributedtask/tasks?api=verion=7.0 ? Please provide more information about your self-hosted build agent. Commented 17 hours ago

1 Answer 1

Reset to default
2

If you're using Azure DevOps Server, the built-in tasks are frozen with the installed version.

You can confirm which version your Azure DevOps Server is using by using https://<server>/<org>/_apis/distributedtask/tasks?api-version=7.0.

There have been several version updates of CopyFiles@2 task since 2.246. By comparing the task version updates to the available Server releases, you can potentially infer the version that was released at that time. There are some * on this list because the commit is very close to the release date:

Azure DevOps Server Version CopyFiles version
ADO Server 2022 Update 2 Patch 6 (June 10, 2025) 2.256.0
ADO Server 2022 Update 2 Patch 5 (April 8, 2025) 2.254.0
ADO Server 2022 Update 2 Patch 4 (March 11, 2025) 2.253.0*
ADO Server 2022 Update 2 Patch 3 (Feb 11, 2025) 2.246
ADO Server 2022 Update 2 Patch 2 (Nov 12, 2024) 2.246
ADO Server 2022 RTW (July 9, 2024) 2.238
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Sorry I should have said in my question originally but we use Azure DevOps services.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.