Microsoft confirmed yesterday that Azure DevOps server & Azure DevOps has been impacted by Log4j vulnerability. Azure DevOps uses elastic search and based on the investigation, Azure DevOps team decided to patch the Log4j version to the latest and also update the Web application firewall rules. It seems Log4j affects TFS2017 or later and Azure DevOps 2020 server as the product uses Elastic search. The team is currently working on the patches for all the TFS and Azure DevOps versions
| Azure DevOps Product | Status | Mitigation/Patch |
| Azure DevOps | Affected | Fixed |
| Azure DevOps Server 2020 | Affected | Not yet Fixed |
| Azure DevOps Server 2019 | Affected | Not yet Fixed |
| TFS Server 2018 | Affected | Not yet Fixed |
| TFS Server 2017 | Affected | Not yet Fixed |