This article provides instructions for upgrading VMware Identity Manager 3.3.7 to the CSP-102092 patch. It also covers the subsequent installation of VMware Aria Suite Lifecycle 8.18 Patch 5, which is a required step after patching Identity Manager.
Applying these patches addresses known issues, improves security, and enhances system stability.
Before proceeding, you must complete the following prerequisites to ensure a successful patch process and prevent service interruptions.
Retain Snapshots
Do not delete the snapshots taken in the first step until the entire patching process for both products has been completed and you have verified that the environment is fully functional.
Note: This is a cumulative patch and will apply all previous fixes if they are not already installed.
sshuser
.sudo su -
/db/vidm-upgrade
folder) using SCP or WinSCP.unzip CSP-102092-Appliance-3.3.7-Patch.zip
rm -f CSP-102092-Appliance-3.3.7-Patch.zip
cd CSP-102092-Appliance-3.3.7-Patch
./CSP-102092-patch-automation.sh -f CSP-102092-Appliance-3.3.7.zip -r
root@vidm-machine [ /db/CSP-102092-Appliance-3.3.7-Patch ]# ./CSP-102092-patch-automation.sh -f CSP-102092-Appliance-3.3.7.zip -r
YYYY-MM-DD 07:17:48 - All checks passed for ZIP '/db/CSP-102092-Appliance-3.3.7.zip'.
YYYY-MM-DD 07:17:48 - Running on node: <vidm-machine.domain.com>
YYYY-MM-DD 07:17:48 - grub2 detected: /boot/grub2/grub.cfg exists
YYYY-MM-DD 07:17:49 - Cluster size detected: 3
YYYY-MM-DD 07:17:49 - Extracting patch bundle
YYYY-MM-DD 07:18:30 - Running prepare-vidm-patch.sh on this node (once per cluster)
YYYY-MM-DD 07:18:30 - Running patch script: CSP-102092-applyPatch.sh
YYYY-MM-DD 07:18:30 - Tail the log file /opt/vmware/var/log/update/vidm-CSP-102092-update.log for live logs..
YYYY-MM-DD 07:18:30 - Pre-checks passed successfully.
YYYY-MM-DD 07:18:31 - Previous patches are not applied, applying now...
YYYY-MM-DD 07:21:37 - Previous patches applied successfully
YYYY-MM-DD 07:21:37 - Applying current patch CSP-102092...
YYYY-MM-DD 07:25:44 - Created update.success marker file.
YYYY-MM-DD 07:25:55 - Patch CSP-102092 applied successfully.
YYYY-MM-DD 07:26:05 - Validating CSP-102092 patch status...
YYYY-MM-DD 07:26:05 - CSP-102092 Patch applied successfully and flag file is present.
YYYY-MM-DD 07:26:05 - Rebooting system...
IMPORTANT: VMware Identity Manager services will not be operational until VMware Aria Suite Lifecycle 8.18 Patch 5 is also applied.
After applying both patches, complete the following tasks:
Life Cycle Operations > Environments > Global Environment > View Details > Patch Postgres Cluster
identity-manager-3.3.7.0-24966008_OVF10.ova
) and map the binary in Aria Suite Lifecycle to ensure future lifecycle operations function correctly./etc/init.d/opensearch status
/etc/init.d/opensearch start
systemctl enable [email protected]
systemctl start [email protected]
https://<vidm-hostname>:8443
) for full functionality.3.3.7.0 Build 24966008
.To revert this patch, restore the VMware Identity Manager appliance(s) and the Aria Suite Lifecycle appliance from the snapshots taken during the prerequisite phase.
This cumulative update includes all fixes from the following previously released patches. For a detailed list of CVEs or components addressed by a specific patch, refer to its original knowledge base article.
Patch ID | Summary of Fixes | Link |
---|---|---|
CSP-99024 | Addresses numerous security vulnerabilities in Photon OS and third-party components. | KB 387748 |
CSP-97727 | Upgrades Photon OS, Tomcat, and RabbitMQ to address vulnerabilities. | KB 380348 |
CSP-97577 | Upgrades multiple platform components, including Java and Tomcat. | KB 404054 |
CSP-96928 | Upgrades Photon OS, Tomcat, and RabbitMQ to address several vulnerabilities. | KB 377094 |
CSP-95247 | Addresses two security vulnerabilities in Photon OS. | KB 373159 |
CSP-93316 | Upgrades the Java version to address multiple vulnerabilities. | KB 369294 |
CSP-91401 | Upgrades OpenSSH to fix CVE-2023-38408. | KB 327324 |
CSP-90495 | Upgrades Angular XLTS to address licensing and CVEs. | KB 327323 |
HW-189454 | Upgrades JQuery and Java versions to address multiple vulnerabilities. | KB 327326 |
HW-170932 | Addresses VMSA-2023-0011 (CVE-2023-20884) and updates the connector. | KB 369609 |