Azure Pipeline Host Azure CLI version outdated

JoelP 201 Reputation points
2023-10-26T07:14:53.7733333+00:00

Hi,

Just received some security alerts regarding our azure subscription using an old azure cli version. Found out that it was our Azure DevOps pipelines host agent using the old version (2.53.0)

Checking on the az cli release, there was a hotfix released on 24/10/2023 for the azure cli which is 2.53.1.

Question is how do we manually update the version of the Azure Pipelines host? or should we just wait for Microsoft to update the host? if yes, how long does it take ?

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
32,673 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deepanshu katara 1,410 Reputation points
    2023-10-26T07:47:23.9866667+00:00

    Hi , hope doing well

    To answer your query

    Use the Azure CLI Installer Task: If you want to ensure a specific version of the Azure CLI is used in your pipelines, you can use the "Azure CLI Installer" task. This task allows you to specify the version of the Azure CLI to be used in your pipeline. You can include this task at the beginning of your pipeline to ensure that the correct version is available

    Here's an example YAML snippet of how you can use the "Azure CLI Installer" task:

    - task: UseAzureCLI@2
  inputs:
    azureSubscription: 'YourServiceConnection'
    scriptType: 'bash'
    scriptLocation: 'inlineScript'
    inlineScript: |
      # Install a specific version of Azure CLI
      curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash -s -- -y --upgrade <desired_version>

    Replace <desired_version> with the specific version you want to install, in this case, "2.53.1". This task will ensure that the specified version of the Azure CLI is used in your pipeline.

    Please try this and let me know , Thanks!

  2. AirGordon 6,775 Reputation points
    2023-10-26T08:03:16.8933333+00:00

    The cycle for the Azure DevOps agents images being updated to the latest Azure CLI can take several weeks. There is no specific SLO that I am aware of.

    You can run a standard shell task on the agent to manually upgrade the version of the agent: https://learn.microsoft.com/en-us/cli/azure/update-azure-cli#manual-update

    Grab the current version installed AZVER=$(az version | jq -r ".[\"azure-cli\"]") then check to see if it's equal to 2.53.0 and if so, az upgrade. This way you won't unnecessarily be updating the version.

  3. JoelP 201 Reputation points
    2023-10-26T23:01:30.0033333+00:00

    just checked today... MS has upgraded the az cli version of the host probably due to the criticality...

    0 comments