[Question]: Reporting OpenSSL security recommendations in Microsoft Defender Endpoint related to AzureCopyFile@6

[pratiksoni1408]

Task name

AzureCopyFile@6

Task version

6

Environment type (Please select at least one enviroment where you face this issue)

• Self-Hosted
• Microsoft Hosted
• VMSS Pool
• Container

Azure DevOps Server type

dev.azure.com (formerly visualstudio.com)

Azure DevOps Server Version (if applicable)

No response

Operation system

Windows Server 2019

Question

Hello GitHub Team,

Reporting Vulnerabilities in OpenSSL with AzureFileCopy@6 task. 

We noticed that fix for vulnerability in OpenSSL with AzureFileCopy@1-6 task has been released past week. 

GitHub Reported Incidents:
 
Updating the Azure-arm-rest pacakge to use latest openssl ver… by Deekshitha981 · Pull Request #20928 · microsoft/azure-pipelines-tasks · GitHub
 
Updating azure-arm-rest versions for all openssl related tasks by Deekshitha981 · Pull Request #20938 · microsoft/azure-pipelines-tasks · GitHub

Therefore, I told one of my customers to regenerate the vulnerability report in Microsoft Defender by doing security scan.

Our customer is stilling noticing the security recommendations at Microsoft Defender Endpoint portal- vulnerability in OpenSSL.

Requesting to kindly release a patch to fix the issue. 

Regards,
Pratik Soni.

[Deekshitha981]

Hi @pratiksoni1408, Deployments are still pending for the PRs you mentioned, we will update once fix is rolled out.