Update 4 provides various fixes to known issues in VMware Aria Automation and VMware Aria Automation Orchestrator.

Note: VMware Aria Automation 8.18.1 Cumulative Update 4 is now available. This release includes VMware Aria Automation 8.18.1 Update 4 and VMware Aria Automation Orchestrator 8.18.1 Update 5 bundle 

VMware Aria Automation 8.18.1

VMware Aria Automation Orchestrator 8.18.1

VMware Aria Automation

Resolved Issues:

• Updated multiple libraries and components to consume fixes for security vulnerabilities.
• Updated OpenSSL libraries to the latest version due to CVE-2025-11187.
• VA - Updated to include the latest build of PhotonOS.
• Enhanced the vracli status first-boot command to wait for kubelet health, resolving hiccups with Virtual Appliance (VA) startup.
• Resolved an issue with increased PostgreSQL memory usage that led to memory pressure.
• Fixed license key support to accept newly generated keys.
• Fixed intermittent failures that occurred when deleting a SaltStack resource during deployment destruction.
• Fixed a UI glitch: Deployment progress bar is no longer displayed after the Change Lease action is complete.
• Fixed a UI glitch: Pagination error on the Deployments page.
• Fixed a UI glitch: Issue causing the Overall and Details tabs to go missing in the Deployment > Price tab > Price Analysis section.
• Fixed the error: I/O error on POST request for "http://idem-service...": Read timed out.
• Fixed an issue where enterprise groups were not displayed for role assignment under Identity and Access Management despite being synced.
• Fixed provisioning failures caused when NSX restores from backup generated new IDs for DVPGs (Distributed Virtual Port Groups).
• Corrected an issue where NSX network segments added to a Network Profile in Aria Automation only displayed one type of gateway IP.
• Resolved VM deployment failures with the error No placement exists that satisfies all of the request requirement when the target cluster had over 1000 nodes in the Transport Zone (TZ).
• Fixed errors caused by the groupResourcePlacementLink changing after a VM was vMotion-ed, as the new link was not updated in disk_state.
• Fixed an issue where Onboarded Resources were not counted toward the Cloud Zone limit or VM count after vMotion.
• Fixed a resize error for CPU when the requested number was below the flavor mapping maximal value.
• Fixed Storage Profile datastore selection failures with the error Could not find storage profile for regionLink.
• Resolved an issue where the externalId attribute for a vraVm was missing after upgrading to vmware-aria-suite-lifecycle-818-patch-3, and the resource_Id was added.
• Fixed an issue where the vRA IaaS API was ignoring sourceReference as part of the BlockDeviceSpecification for GCP cloud support.
• Fixed an issue causing Deployments to incorrectly show an Expiry date as Never even after a lease policy was applied.
• Fixed an issue preventing the removal of the Update Disk tags Day 2 Action in certain scenarios.
• Terraform provider: Fixed deployment update request not advertising HTTP code 400.
• Added an option to prevent the automatic re-run of an Ansible playbook upon failure.
• Added pagination support when retrieving projects in Cloud Consumption Interface (CCI).
• Added pagination to the StorageProfileAssociation API to allow fetching more than 100 results.

Automation Orchestrator

Resolved Issues:

• Implemented Tomcat security updates to resolve critical vulnerabilities (CVE-2025-52434, CVE-2025-52520, CVE-2025-53506).
• Updated multiple libraries to consume fixes for security vulnerabilities.
• Resolved an issue preventing standalone Orchestrator from being licensed, which previously resulted in a Your subscription has expired error.
• Fixed an issue where vCenter Plugin objects with static methods were not populating in auto-completion.
• Corrected an issue where Orchestrator did not correctly implement a line feed on the first line of an Action or Scriptable Task.
• Fixed the 400 Bad Request error that occurred when attempting to import a package from test to a production environment.
• Resolved an issue where existing SQL databases would vanish from the Orchestrator client inventory view, and the Add a database workflow would fail with a DatabaseException: Name already exists!.
• Implemented fixes for the Active Directory (AD) plugin threadpool.
• Fixed incorrect workflow behavior that occurred when an Orchestrator k8s pod was restarted.

This patch is cumulative. It includes all fixes and updates from Update 1, Update 2, and Update 3, and for Orchestrator, Update 4.

Known Issues

None.

Step 1: Important Pre-Patch Instructions

Before proceeding, you must complete the following prerequisites to ensure a successful patch process and prevent service interruptions.

• You must back up all VMware Aria Automation or Orchestrator appliances simultaneously for all nodes.
  • If you are creating the snapshots manually, you must start the snapshots of the second and third node no more than 40 seconds after you start the snapshots for the first node.
    • If the quiesced state was not achieved for all three nodes within the ~40-second timeframe, you will find the following strings in the logs: Freeze synchronization failed and Sync failed, making inconsistent snapshot.
      • Run the following command from one of the nodes to filter for all vmtoolsd messages:

        journalctl --identifier=vmtoolsd

• When you back up the VMware Aria Automation or Orchestrator appliance, disable in-memory snapshots and enable quiescing.
• Verify the integrity of downloaded files. For instructions on how to perform an integrity check, see this KB.

Step 2: Patch Installation

Option A: For VMware Aria Automation (managed by Aria Suite Lifecycle):

• See the official Aria Suite Lifecycle product documentation for patch installation instructions (link).
• You can download the vrlcm-vra-8.18.1-8.18.1.37222.patch file (link).
• You can find general instructions on how to download files from our Support Portal (link).
• See the API application instructions (link).

Option B: For Standalone VMware Automation Orchestrator (managed or not managed by Aria Suite Lifecycle):

Procedure:

1. Log in to the Automation Orchestrator Appliance command line as root.
2. Make a copy of the LCM upgrade profile:

   cp /etc/vmware-prelude/upgrade-lcm.conf /etc/vmware-prelude/upgrade-lcm-b2b.conf

3. Modify the /etc/vmware-prelude/upgrade-lcm-b2b.conf file by adding the following value:

   workflow.step.vami-postupdate.reboot.skip=false

4. Mount the CD-ROM using mount /dev/xxx /mnt/cdrom:

   mount /dev/sr0 /mnt/cdrom

5. Run the upgrade in the command line with the new LCM profile:

   vracli upgrade exec -y --profile lcm-b2b --repo cdrom://

Review Installed Patch History:

1. To view the history of patches, click Patches > History.
2. Click on History.

   Note: Alternatively, you can use the vracli version patch command to validate that the patch is installed.

   Note: The product version and build numbers reported via the Aria Automation GUI do not change after installing any patches. Use the steps below to validate the patch installation.

   1. Log in to one of the Aria Automation appliances via an SSH session.
   2. Run the following command:

      vracli version patch

   3. Verify the patch installed matches the build number - 25228700.