VMware Aria Operations 8.14 Hot Fix 1 is a public Hot Fix that addresses the following issues:
Dashboard names are missing in the generated report
[CP] After cluster reboot CP failed to reconnect to cluster
"Internal Error" when navigating to a resource summary page.
Disable new repo files coming with PhotonOS-4.0 update
OpenManage Management Pack fails at validation phase
Upgrade to 8.14 fails with error "resource key=pak_manager.action_failed, resource args=[run admin first boot scripts]"
[Notifications] Notification is sent regardless of the "Status" defined in the "Define Criteria" tab
[App Monitoring] The Ping check configuration not working when Timeout value is not an float 8.14 & Cloud
vSphere SCG 7u3 and vSphere SCG 8.0 Compliance Symptom Definition for ESXi.set-hyperthread-security-warning is incorrect
Application Monitoring on upgraded setup is broken
Custom Script unique parameter check changed in 8.14 release
Issues with k8s namespace cost and k8s cluster cost
Host System objects are monitoring with more than one adapter instances
Modifying adapter instance without giving credential ID
[App Monitoring] Failed to edit non-unique identifier for telegraf services
Need to reconfigure "/var/log/messages" file rotation.
The allocation costs are not published for private cloud clusters when allocation model is enabled.
Case sensitive comparision of resource kind name fills logs with errors
SDDC MP is not installed on all Aria Operations nodes
Open source telegraf should not be configured with CP FQDN when CP configured using static IP
[What if analysis] Add VM and Remove VM scenario shows cost as 0 for both traditional and hyperconverged scenarios
Exclude Unicorn firstboot execution during b2b upgrade
AppOSAdapter going down due to concurrent modification exceptions
CIS compliance Policy is not getting imported correctly.
Handle 4 unhandled exceptions seen in AppOSAdapter
KPI latency metrics for vSAN clusters in vCenter reporting 0
[Telemetry] SustainabilityConsumer optimized (port from platform scale branch)
UI shows an internal server error when user tries to fetch component properties for last week, last month, last 6 months and last year.
Collector group side-details-panel isn't load in case of many CPs configured
OOM on applicationParserTasks part of AppOSAdapter
Performance Degradation because of unnecessary DB calls
vROps collector has high CPU usage
The following CVEs have been resolved as of version 8.14 Hot Fix 1: Note: Inclusion of a given CVE in the following table does not imply exploitability of said CVE.
Component
CVE
apr-util
CVE-2022-25147
ch.qos.logback:logback-core
CVE-2023-6378
CVE-2023-6481
chromium
CVE-2023-3727
CVE-2023-4072
CVE-2023-4073
CVE-2023-4076
CVE-2023-4353
CVE-2023-4354
CVE-2023-4427
CVE-2023-4428
CVE-2023-4429
CVE-2023-4430
CVE-2023-4431
CVE-2023-4572
CVE-2023-45853
CVE-2023-4761
CVE-2023-4762
CVE-2023-4763
CVE-2023-4764
CVE-2023-4863
CVE-2023-4900
CVE-2023-4901
CVE-2023-4902
CVE-2023-4903
CVE-2023-4904
CVE-2023-4905
CVE-2023-4906
CVE-2023-4907
CVE-2023-4908
CVE-2023-4909
CVE-2023-5186
CVE-2023-5187
CVE-2023-5217
CVE-2023-5218
CVE-2023-5346
CVE-2023-5472
CVE-2023-5473
CVE-2023-5474
CVE-2023-5475
CVE-2023-5476
CVE-2023-5477
CVE-2023-5478
CVE-2023-5479
CVE-2023-5480
CVE-2023-5481
CVE-2023-5482
CVE-2023-5483
CVE-2023-5484
CVE-2023-5485
CVE-2023-5486
CVE-2023-5487
CVE-2023-5849
CVE-2023-5850
CVE-2023-5851
CVE-2023-5852
CVE-2023-5853
CVE-2023-5854
CVE-2023-5855
CVE-2023-5856
CVE-2023-5857
CVE-2023-5858
CVE-2023-5859
CVE-2023-5996
CVE-2023-5997
CVE-2023-6112
CVE-2023-6346
CVE-2023-6348
CVE-2023-6512
golang-runtime
CVE-2023-45287
io.netty:netty-common
CVE-2023-34462
libwebp
CVE-2023-4863
linux_kernel
CVE-2023-45863
CVE-2023-46813
CVE-2023-5178
CVE-2023-5717
CVE-2023-6610
log4j:log4j
CVE-2019-17571
CVE-2020-9493
CVE-2022-23302
CVE-2022-23305
CVE-2022-23307
CVE-2023-26464
org.apache.poi:poi
CVE-2022-26336
org.apache.struts:struts2-core
CVE-2023-34149
CVE-2023-34396
CVE-2023-41835
CVE-2023-50164
Not Exploitable *
org.apache.tiles:tiles-core
CVE-2009-1275
CVE-2023-49735
org.apache.tomcat:tomcat-util
CVE-2023-42794
org.json:json
CVE-2023-5072
org.springframework:spring-core
CVE-2023-20861
perl
CVE-2023-47100
postgresql
CVE-2020-21469
CVE-2023-39417
CVE-2023-39418
CVE-2023-5868
CVE-2023-5869
CVE-2023-5870
vim
CVE-2023-46246
CVE-2023-48231
CVE-2023-48232
CVE-2023-48233
CVE-2023-48234
CVE-2023-48235
CVE-2023-48236
CVE-2023-48237
CVE-2023-48706
Note: Inclusion of a given CVE in the table above does not imply exploitability of said CVE.
Environment
VMware Aria Operations 8.14.x
Resolution
VMware Aria Operations 8.14 Hot Fix 1 can be applied to any 8.14.x environment. Note: Upgrading from older versions directly to this Hot Fix is not supported. You must upgrade to 8.14.x before applying this Hot Fix.
Log in to the primary node VMware Aria Operations Administrator interface of your cluster at https://master-node-FQDN-or-IP-address/admin.
Click Software Update in the left panel.
Click Install a Software Update in the main panel.
Follow the steps in the wizard to locate and install your PAK file.
Install the product update PAK file. Wait for the software update to complete. When it does, the Administrator interface logs you out.
Log back into the primary node Administrator interface. The main Cluster Status page appears and cluster goes online automatically. The status page also displays the Bring Online button, but do not click it.
Clear the browser caches and if the browser page does not refresh automatically, refresh the page. The cluster status changes to Going Online. When the cluster status changes to Online, the upgrade is complete.
Note: If a cluster fails and the status changes to offline during the installation process of a PAK file update then some nodes become unavailable. To fix this, you can access the Administrator interface and manually take the cluster offline and click Finish Installation to continue the installation process.
Click Software Update to check that the update is done. A message indicating that the update completed successfully appears in the main pane.
Once the update is complete delete the snapshots you made before the software update.