Octopus Deploy Security Advisory - 10 June 2021

Hi,

I got email to upgrade Octopus as a result of CVE-2021-31818. Currently we are running 2019.13.7 on SQL Server 2016. As recommended, we need to upgrade to 2020.6.5106 and otherwise to the latest 2021.1.7274. I saw Octopus 2020.2.4 requires SQL Server 2017 or newer. Does this mean, I require SQL Server 2017 to upgrade from 2019.13.7 to 2020.6.5106? does the latest 2021.1.7274 require SQL Server 2017? we want to upgrade ultimately to the latest…but we dont want to change our SQL version.

Please advise

Hi @endashaw.adane,

Thanks for getting in touch! I’m sorry for this confusion we’ve caused here. We did briefly bump the minimum SQL version to 2017 in Octopus v2020.2, but we ended up relaxing this back to SQL Server 2016+. Octopus versions 2020.6.5106 and 2021.1.7274 have minimum requirement of 2016+ so you will not need to upgrade your SQL version for either of those upgrades.

The brief window where 2017 is required are 2020.2.1 -> 2020.2.18 and 2020.3.1 -> 2020.3.5. You can also refer to this doc page. :slight_smile:

I hope that clarifies things, and please let me know if we can try to help with anything else going forward.

Best regards,

Kenny

Hi @Kenneth_Bates ,

Thanks for the response. I am able to upgrade to the latest. However, I noticed the “Reorder Steps” is missing. Is this on purpose? If so, how can I reorder steps?

ha. I found it. thanks

1 Like