VMware Aria Operations 8.18 Hot Fix 6
search cancel

VMware Aria Operations 8.18 Hot Fix 6

book

Article ID: 398034

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

This is a public Hot Fix that addresses the following issues:

  • Notification fails when object criteria select more than one self-object
  • Maintenance schedules not ending in Aria Ops
  • Report generation in PDF format fails due to missing "DejaVMUni.ttf" font file

 

The following CVEs have been resolved :

Component CVE CVSS v3 score
Azure/azure-sdk-for-go CVE-2024-35255 5.5
DOMPurify CVE-2024-48910 9.1
docker CVE-2024-24557 7.8
docker CVE-2024-29018 7.5
github.com/nats-io/nkeys CVE-2023-46129 7.5
GitPython CVE-2022-24439 9.8
GitPython CVE-2023-40267 9.8
GitPython CVE-2023-40590 7.8
GitPython CVE-2023-41040 6.5
GitPython CVE-2024-22190 7.8
golang.org/x/crypto CVE-2023-48795 5.9
golang.org/x/net CVE-2023-39325 7.5
golang.org/x/net CVE-2023-3978 6.1
golang.org/x/net CVE-2023-44487 7.5
grpc-go CVE-2023-44487 7.5
jinjapython CVE-2020-28493 5.3
jose2go CVE-2023-50658 7.5
nats-server CVE-2023-47090 6.5
OpenSSL CVE-2024-9143 4.3
pip CVE-2019-20916 7.5
pip CVE-2021-3572 5.7
PostgreSQL Database Server CVE-2024-10976 5.4
PostgreSQL Database Server CVE-2024-10977 3.7
PostgreSQL Database Server CVE-2024-10978 4.2
PostgreSQL Database Server CVE-2024-10979 8.8
pycryptodome CVE-2023-52323 5.9
pycryptodomex CVE-2023-52323 5.9
python-certifi CVE-2024-39689 7.5
Python programming language CVE-2023-40217 5.3
python-wheel CVE-2022-40898 7.5
runc CVE-2024-21626 8.6
salt CVE-2023-20897 5.3
salt CVE-2023-20898 7.8
snowflakedb/gosnowflake CVE-2023-34231 8.8
urllib3 CVE-2020-26137 6.5
urllib3 CVE-2020-7212 7.5
urllib3 CVE-2021-33503 7.5
virtualenv CVE-2024-53899 8.4
XZ Utils CVE-2022-1271 8.8
zstd CVE-2021-24032 4.7
 
 
 

Environment

Aria Operations 8.18.x

Resolution

This patch can be applied to any 8.18.x environment.

Note: Upgrading from older versions directly to this Patch is not supported. You must upgrade to 8.18.x before applying this Patch.

 

Applying the patch

There are two different methods of updating to this patch. Both are described below. 

Directly applying the patch to Aria Operations (Manual / Standalone) and through Aria Suite Lifecycle Manager (Updating through Aria Suite Lifecycle Manager).

 

Prerequisites

  • Download the patch that matches your environment version and one of the chosen methods (.PAK if using Manual/Standalone or .patch if via Aria Suite Lifecycle Manager) from the table below:

    Release Name Release Date Build Number UI Build Number File Name
    VMware-Aria-Operations-8.18-HF6 5-21-2025 24746337 24746341 vRealize_Operations_Manager_With_CP-8.14.x-to-8.18.3.24746337.pak
    vrlcm-vrops-8.18.0-HF6 5-21-2025 24746337 24746341 vrlcm-vrops-8.18.0-HF6.patch
    vrlcm-vrops-8.18.1-HF6 5-21-2025 24746337 24746341 vrlcm-vrops-8.18.1-HF6.patch
    vrlcm-vrops-8.18.2-HF6 5-21-2025 24746337 24746341 vrlcm-vrops-8.18.2-HF6.patch
    vrlcm-vrops-8.18.3-HF6 5-21-2025 24746337 24746341 vrlcm-vrops-8.18.3-HF6.patch

    Note: You will need to login to the portal first to allow download of the file using the direct links above.
  • This Hotfix will not make any changes to the Cloud Proxies if you have any deployed, and hence their build numbers will not change

        Important: Take snapshots of each of the VMware Aria Operations nodes before applying the Patch by following How to take a Snapshot of VMware Aria Operations.

Manual / Standalone

  1. Download the VMware Aria Operations 8.18 Hot Fix 6 PAK file as per above table link
  2. Log in to the primary node Administrator interface of your cluster at https://primary-node-FQDN-or-IP-address/admin.
  3. Click Software Update in the left panel.
  4. Click Install a Software Update in the main panel.
  5. Follow the steps in the wizard to locate and install your .PAK file.
  6. Install the product update .PAK file.
  7. Wait for the software update to complete. When it does, the Administrator interface logs you out. Log back into the primary node Administrator interface.
  8. The main Cluster Status page appears and cluster goes online automatically. The status page also displays the Bring Online button, but do not click it.
  9. Clear the browser caches and if the browser page does not refresh automatically, refresh the page.
  10. The cluster status changes to Going Online. When the cluster status changes to Online, the upgrade is complete.
  11. Click Software Update to check that the update is done.
  12. A message indicating that the update completed successfully appears in the main panel.
  13. Once the update has successfully completed, delete the snapshots you made before the software update.

Updating through Aria Suite Lifecycle Manager

  1. Download the Aria Suite Lifecycle wrapped patch (*patch file) for the applicable version.
  2. Follow instructions as per documentation