Patch for Teamcity 2023.11.3
Good morning,
In the event that the latest vulnerabiliites in Teamcity 2023.11.3 are patched (instead of applying an update), would there be downtime involved?
Please sign in to leave a comment.
Hi,
If you're referring to the security patch plugins mentioned in this blog post, https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now, TeamCity 2018.2+ can be patched with the provided security patch plugins without a restart or downtime. Older releases of TeamCity will require a server restart.
Thanks, Eric. Yes, that is what I was referring to. From a compliance standpoint, I am curious how I can demonstrate that a system has been patched if there is no change in version number.
In order to validate the system has been patched, you can check to see that the security patch plugin is installed and enabled. Please note, while this security patch does protect your system from these specific vulnerabilities, it is still recommended to keep your TeamCity server up-to-date to ensure that you have all of the latest security patches.
I would recommend using the provided security patch plugin to help give you time to plan for your next TeamCity upgrade. Since you're on TeamCity 2023.11.3, it is only a minor bug-fix upgrade to the latest release of 2023.11.4. To aid in your upgrade, please check our Upgrade Notes to see if any of the known issues would affect how you use TeamCity.