[BUG]: FileTransformV2 task using outdated version of 7Zip

[AGweinj]

New issue checklist

• I searched for existing GitHub issues
• I read pipeline troubleshooting guide
• I checked how to collect logs

Task name

File transform

Task version

2.253.0

Issue Description

Please can this task be updated to use the latest version of 7Zip 24.09?

We are using the File Transform V2 task in our DevOps pipelines, this uses an old version of 7Zip - 23.01 which contains security vulnerabilities and so is being blocked by Windows Defender.

The vulnerabilities include:

• CVE-2025-0411 which affects 7Zip versions < 24.09
• CVE-2024-11477 which affects 7Zip version < 24.07

This is similar to the previous issue BUG: Azure App Service Deploy task using the older version of 7zip, required to be use 18.0.0.0 or higher #19136

Looking at our agents directory some other tasks we use also contain old versions of 7Zip, which may also need updating.
Please see the task name and task version and 7Zip version extracted from the 7Z.exe file path in the Agent directory below:

• UseDotNet 2.254.1 23.01
• AzureRmWebAppDeployment 4.255.1 23.01
• NuGetCommand 2.253.0 16.00
• Powershell 2.247.1 23.01
• NuGetToolInstaller 1.247.1 16.00
• NPM 1.247.1 13.01
• DotNetCoreCLI 2.247.3 23.01
• AzureFunctionApp 2.247.1 23.01
• IISWebAppDeploymentOnMachineGroup 0.246.1 23.01

Environment type (Please select at least one environment where you face this issue)

• Self-Hosted
• Microsoft Hosted
• VMSS Pool
• Container

Azure DevOps Server type

dev.azure.com (formerly visualstudio.com)

Azure DevOps Server Version (if applicable)

No response

Operation system

Windows

Relevant log output

2025-04-11T14:18:42.1436681Z ##[section]Starting: Transform appsettings
2025-04-11T14:18:42.1445955Z ==============================================================================
2025-04-11T14:18:42.1446124Z Task         : File transform
2025-04-11T14:18:42.1446217Z Description  : Replace tokens with variable values in XML or JSON configuration files
2025-04-11T14:18:42.1446365Z Version      : 2.253.0
2025-04-11T14:18:42.1446467Z Author       : Microsoft Corporation
2025-04-11T14:18:42.1446581Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/file-transform
2025-04-11T14:18:42.1446733Z ==============================================================================
2025-04-11T14:18:42.5360998Z [command]E:\agent\_work\_tasks\FileTransform_8ce97e91-56cc-4743-bfab-9a9315be5f27\2.253.0\node_modules\azure-pipelines-tasks-webdeployment-common\7zip\7zip\7z.exe x -oE:\agent\_work\_temp\temp_web_package_8698874922848572 E:\agent\_work\r4\a\Ag.AntiBriberyRegister\Ag.AntiBriberyRegister\Ag.AntiBriberyRegister.Service.zip
2025-04-11T14:18:42.5931492Z 
2025-04-11T14:18:42.5932456Z 7-Zip 23.01 (x64) : Copyright (c) 1999-2023 Igor Pavlov : 2023-06-20

Full task logs with system.debug enabled

 [REPLACE THIS WITH YOUR INFORMATION] 

Repro steps

[ivanduplenskikh]

Hi @AGweinj, thank you for creating the issue.
I have created the PR in the related common-package.
Once the PR is merged, I will update the task.