This patch provides product fixes and addresses security vulnerabilities identified in VMSA-2021-0028.

This article contains a list of known issues that are resolved in the latest patch available for vRealize Automation 8.5

Current Patch Version:  Patch #1

List of issues resolved in this patch:

Security

• (fix) Address log4j issue described in VMSA-2021-0028
• (fix) Other libraries updated to consume latest security & functional fixes

Provisioning Engine

• (enh) Enhance reservation limits functionality
• (fix) No placement exists that satisfies all of the request requirements in certain case
• (fix) Fix NPE in allocation when there are no datastores for a disk

Migration and Assessment Services

• (fix) Fix Migration failing due to not encoded '&' in URI
• (fix) Propagate component type to on-boarded resources
• (fix) Unable to create json file for v2t migration in certain case
• (fix) Update in the NicDescription creation logic.
• (fix) Remove extra default network edges from Blueprint
• (fix) Fixing network gaps for Deployment scale out.

Virtual Appliance

• (fix) Do not dump verbose output when archiving upgrade-root-dir after upgrade

vRealize Orchestrator

• (fix) Address log4j issue described in VMSA-2021-0028 across vRO plugins.

VMware vRealize Automation 8.5.x

The steps to install vRealize Automation 8.5 P1 using vRealize Suite Lifecycle Manager are as follows:

1. Login to the vRealize Suite Lifecycle Manager UI.
2. (Offline) Download the vRealize Automation patch by downloading the patch from the Broadcom Support portal.
3. Download the file.patch 
4. Upload the file.patch file to the vRSLCM appliance under /data.
5. Navigate to Settings > Binary Mappings
6. Click Patch Binaries > Add Patch Binary and specify /data in the input field.
7. Click Discover.
8. Select file.patch and select Add to add it to the mapping.
9. (When Online) To check if there are patches available on the internet, click CHECK PATCHES ONLINE. 
10. Once Check Patches Online request is completed, to download the online patch, Click the Download icon of the vRealize Automation 8.5 patch present under the Product Patch Binaries list.
11. Trigger the patch installation for vRealize Automation from the product details within the Environments page using the product actions, click Patches > Install Patch.
12. Select the patch from the list.
13. Click Next.
14. Select the check box I have taken care of the above storage requirement and am ready to proceed.
15. Click Next.
16. Review and install the available patch and click Finish.
17. The patch install request progress can be tracked under Requests.
18. To view the history of patches from Environments, click Patches > History.

See Workaround instructions to address CVE-2021-44228, CVE-2021-45046 in vRealize Automation and vRealize Orchestrator 8.x.

Impact/Risks:
Important: Once this patch is installed, upgrades from 8.5 P1 to 8.5.1, 8.6 or 8.6.1 are not supported.  Future upgrades must upgrade to version 8.6.2 or higher.