This article outlines VMware's recommendations and policies on VMware Virtual Appliances and customizations to the operating system and/or included packages.
VMware virtual appliances are bundled with an OS and an application. VMware maintains and supports this entire bundle “OS and Application” including upgrading OS subcomponents and patching security vulnerabilities per the VMware product lifecycle policy support phase dates specified in the https://support.broadcom.com/group/ecx/productlifecycle#/
VMware does not support any modifications or customizations to the underlying operating system and packages included in a VMware-branded Virtual Appliance. This includes adding, updating, or removing of packages, as well as utilizing custom scripts within the operating system of the appliance. All VMware appliances are thoroughly tested and qualified based on the components and versions included, as well as hardened to the best of the vendors ability using best practices for the industry. Updating or changing any components may result in unexpected behavior of the system.
If security issues are identified to affect a supported VMware product, or the Operating System of an Appliance, VMware will release a patch to address the issues. Do not install patches supplied by other vendors.
In situations where an appliance has been modified by the customer, VMware reserves the right to request all modifications be reverted and that the issue be reproduced on the base release that was originally provided.