diff --git a/.azure-pipelines/azure-pipelines-UpgrateVersion.yml b/.azure-pipelines/azure-pipelines-UpgrateVersion.yml
index b60d46b2a2..4e22ce4801 100644
--- a/.azure-pipelines/azure-pipelines-UpgrateVersion.yml
+++ b/.azure-pipelines/azure-pipelines-UpgrateVersion.yml
@@ -47,8 +47,8 @@ stages:
   jobs:
   - template: azure-pipelines-build.yml
     parameters:
-      buildOptions: '${{ variables.VERSION_CONTROL_OPTIONS }} SONIC_BUILD_JOBS=$(nproc) ENABLE_IMAGE_SIGNATURE=y'
       jobFilters: ${{ parameters.jobFilters }}
+      buildOptions: '${{ variables.VERSION_CONTROL_OPTIONS }} ENABLE_DOCKER_BASE_PULL=n SONIC_BUILD_JOBS=$(nproc) ENABLE_IMAGE_SIGNATURE=y'
       preSteps:
       - template: .azure-pipelines/template-clean-sonic-slave.yml@buildimage
 - stage: UpgradeVersions
diff --git a/scripts/docker_version_control.sh b/scripts/docker_version_control.sh
index da8cd0484f..e94370d0e2 100755
--- a/scripts/docker_version_control.sh
+++ b/scripts/docker_version_control.sh
@@ -23,7 +23,7 @@ tag=`echo $image_tag | cut -f2 -d:`
 
 if [[ ",$SONIC_VERSION_CONTROL_COMPONENTS," == *,all,* ]] || [[ ",$SONIC_VERSION_CONTROL_COMPONENTS," == *,docker,* ]]; then
     # if docker image not in white list, exit
-    if [[ "$image_tag" != */debian:* ]] && [[ "$image_tag" != multiarch/debian-debootstrap:* ]];then
+    if [[ "$image_tag" != */debian:* ]] && [[ "$image_tag" != debian:* ]] && [[ "$image_tag" != multiarch/debian-debootstrap:* ]];then
         exit 0
     fi
     if [ -f $version_file ];then
@@ -40,7 +40,7 @@ if [[ ",$SONIC_VERSION_CONTROL_COMPONENTS," == *,all,* ]] || [[ ",$SONIC_VERSION
     sed -i "s/$oldimage/$newimage/" $DOCKERFILE
 else
     hash_value=`docker pull $image_tag 2> ${new_version_file}.log | grep Digest | awk '{print$2}'`
-    if [ -z hash_value ];then
+    if [ -z "$hash_value" ];then
         hash_value=unknown
     fi
 fi