Security related fixes in scope of vRealize Log Insight 8.1.1
search cancel

Security related fixes in scope of vRealize Log Insight 8.1.1

book

Article ID: 325006

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

The following security fixes and updates have been implemented in vRealize Log Insight 8.1.1 :

 

Environment

VMware vRealize Log Insight 8.1.x

Resolution

  • Resolved CVE-2020-3953. For more information on this vulnerability, please see VMSA-2020-0007
  • Photon OS kernel has been upgraded to version 4.19.112-1.ph3
  • The following static key ciphers have been disabled: TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256
  • log4j upgraded from log4j 1.2.16, log4j 1.2.17 to log4j2
  • Apache Tomcat upgraded from 8.5.51 to 8.5.55
  • sqlite3 upgraded from 3.31.1 to 3.31.1-3.ph3
  • netty upgraded from 4.0.47 to 4.1.49
  • PyYAML upgraded from 3.13-4.ph3 to 3.13-5
  • JRE upgraded from 8u241 to 8u251
  • commons-beanutils upgraded from 1.9.3 to 1.9.4

 

Additional Information

Powered by Wolken Software