ASP.Net vulnerability affects TFS

All versions of TFS are affected by the ASP.net security vulnerability discovered recently. Brian Harry has blogged about this and attached a document on how to work around this problem until a patch is released. If you are a TFS admin you have some work to do…

Advertisements

Another reason for moving to TFS 2010

Recently one of my clients (who uses TFS 2008) encountered the TF14083 warning when merging two branches. This is the warning message:

The item ‘{0}’ has a pending merge from the current merge operation, please resolve and check in the current merge and merge again to pick up this change.

In most cases this is nothing to worry about, all you need to do is just what it says in the message. Resolve, check in and merge again.
But a cautious user might start to think along the lines of “so,what happens if the second merge fails? I’ve already checked in the first part of the merge!”. The simple answer would be that you do a rollback to the previous changeset using TFS 2008 Power Tools.
However, in TFS 2008 the rollback will only rollback the actual changes but the merge history will not be affected and this will cause trouble when you try to redo the merge operation as TFS believes the two branches have already been merged. You can probably solve this dilemma by doing the merge using TFS command line tool and use the /force option but by now most people are thinking something along the lines of “this is stupid, TFS should be able to handle all this”.

And if you move to TFS 2010 it can! Not only has one of the main reasons for the error above been fixed, but rollback is now part of the standard TFS command line tools and has an option for keeping merge history or not. There, another good reason why you should move to TFS 2010! Ler