Last week, we released a cumulative update for TFS 2010 SP1.  You can get it here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=bca68e8d-4612-48cd-9418-1b973d41073f.  The KB article is in the process of being published and should be available soon.

*UPDATE* - This update prereqs SP1 and should be installed on TFS application tiers and build servers.  It need not be installed elsewhere (clients or proxies).

*IMPORTANT UPDATE* - Don't install this patch on a TFS proxy!  It will break the proxy.  We'll fix the patch and address the issue but for now just don't install it on a proxy.  The issue is very narrowly affecting proxies.  We added a new defense-in-depth security check to some low level TFS infrastructure that happens to be shared between the app tier and the proxy.  It turns out the logic will only work in the AT code paths and not in proxy code paths.  We're still trying to figure out why our testing missed it but my speculation is that it is because our client is resilient to proxy failures - it just falls back to accessing the server directly.  I suspect the test logic just didn't notice the fallback to the server but we'll investigate, confirm and fix it, whatever it is.  I appologize for the inconvenience.

A couple of years ago, SQL Server moved to a model of quarterly cumulative updates as a way to make it as easy as possible for customers to stay up to date with the latest SQL fixes.  I liked the model a great deal but wasn’t ready to invest the effort and time to make a significant change to the TFS servicing model.  Rather, I’ve been gradually moving the team in that direction.  We did a big cumulative update last fall when we released the Lab Management capabilities.  And now we are releasing another one.

Basically the model we’re in now is that we’ll release cumulative updates periodically when we believe we have a critical mass of fixes that warrant asking the customer base to update.  They’ll include all of the QFEs (hot fixes) that we’ve released since the previous cumulative update and any really important issues we’ve found internally.  You can almost think of them as mini service packs.  I strongly encourage you to stay up to date with them.  As a general rule, they will contain fixes that we really believe you should have – they may be security fixes, performance fixes or fixes that will save you from a problem down the road.

Over time, my goal is to get to a predictable quarterly schedule for them.  For now, we’ll do them on demand and I expect we’ll have a couple per year.  I don’t have a list of the fixes that this one contains but I know it’s all the QFEs since SP1 plus fixes for 3 or 4 bugs we’ve found internally in the process of developing V.Next.

Please let me know if you have any issues installing it.  You shouldn’t really notice any difference after you do – nothing visible has changed.  It’s all under the covers stuff but it’s still important that you update.

Thanks,

Brian