Within the last couple of weeks, we released an important update to the Team System Web Access 2008 SP1 Power Tool. The update includes only one change and it fixes a significant security issue that we discovered. I’m not going to describe it in detail, for obvious reasons, however, I encourage anyone who had previously installed TSWA 2008 SP1 to uninstall it and install the updated version. The link is here:
If you go to “Help -> About” in TSWA you can tell whether or not you have the correct version. Build 9.0.3275 is the latest “patched” version. Anything before that is unpatched. Specifically, 9.0.3160 was the original TSWA SP1 release build number.
*** UPDATE ***
Clearly some of the feedback in this post indicates that the uninstall/reinstall approach is problematic for people. First, I’ll point out that the install is only about 5 minutes but none-the-less, I understand. As I said in the comments, we really can’t do hot-fix style servicing of PowerTools because the cost to do that is too high. However, this fix, in particular is a pretty contained change and one approach is for you to manually update the affected files. To do this you can install the update on another machine and get them from there or you can use:
msiexec /a TeamSystemWebAccess.msi /qb TARGETDIR=c:\temp\tswa
to extract all of the files from the MSI (obviously replace the TARGETDIR value with whatever you prefer to use).
The files you need to update are:
The updated files need to be placed in both:
- %Program Files%\Microsoft Visual Studio 2008 Team Sytem Web Access\Web\bin
- %Program Files%\Microsoft Visual Studio 2008 Team Sytem Web Access\WIWA\bin
The following script also needs to be updated:
- %Program Files%\Microsoft Visual Studio 2008 Team Sytem Web Access\Web\Resources\Scripts
- %Program Files%\Microsoft Visual Studio 2008 Team Sytem Web Access\WIWA\Resources\Scripts
We appologize for the inconvenience.