September 13, 2024

Tanzu What’s New - Sep 13,2024 Edition

Product Update • Path traversal vulnerability update for Spring FrameworkNew Release and Security Updates• Tanzu for Valkey , Stemcell Updates, BBR and GenAI releases  • Tanzu Product Security UpdatesKnowledgebase articles - Get Quick Solutions to Common Issues• TAS and TKGI troubleshooting KB articles , Mainly VMware CSP to Tanzu CSP migration details, Documentation migration , cflinuxfs4 Migration Proposal Stay ahead of the curve with our latest blogs:• Accelerating Business Agility with Tanzu  • White Paper on Bitnami Vs Tanzu Application Catalog and a blog  • Spring Framework 5.3 and 6.0 have arrived at the end of their open-source support lifecycle •  What's new with BOSH and OpsMan? Check out CloudFoundry weekly seriesDon't miss our upcoming webinars:•  VMware Explore 2024 Barcelona coming up , KubeCon+CloudNativeCon detailsHappy journey with Tanzu !!!

 


                   “I never dreamed about success, I worked for it" - Estée Lauder

VMware Tanzu Product Security Notice
A path traversal vulnerability was recently disclosed in Spring that affects Spring Framework:

  •         6.1.0 - 6.1.12
  •         6.0.0 - 6.0.23
  •         5.3.0 - 5.3.39
  •         Older, unsupported versions are also affected.

To be impacted an application needs to use RouterFunctions to serve static resources and resource handling is explicitly configured with a FileSystemResource location. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.

Users should upgrade to the fixed version or can mitigate the malicious requests using the Spring Security HTTP Firewall or run the application on Tomcat or Jetty because they reject such malicious attacks. 

Patches for Spring Framework 5.3 and 6.0 are available through Enterprise Support only and 6.1.13 can be found in OpenSource spring framework. 
More information can be found here: ​​https://spring.io/security/cve-2024-38816 

VMware Tanzu Product Releases 
In this section, we will add releases information on Tanzu Platform for Cloud Foundry, Tanzu Platform for Kubernetes, Tanzu Data Services, and Tanzu Spring Essentials Products that are part of Tanzu Platform and Standalone solutions along with its release date and release notes. 

(Note : Broadcom Support portal requires you to register)
Tanzu Product Downloads  |  KB article on How to Download ProductsTanzu Product Lifecycle (Select Tanzu Division to find Tanzu product releases)

Product Name Version Release Date Related Links
VMware Tanzu Platform for Cloud Foundry
VMware Tanzu for Valkey on Cloud Foundry (Formerly Redis)
Check Release Notes for Resolved issues and Security fix details
4.0.0 2024-09-09 Release Notes
VMware Tanzu Platform 
Stemcells (Ubuntu Jammy) 
Check Release Notes for details
1.555 2024-09-10 Release Notes
Stemcells (Windows) 
Check Release Notes for details
2019.77 2024-09-12 Release Notes
Other Releases
GenAI on Tanzu Platform for Cloud Foundry
Check Release Notes for details
0.7.0
2024-09-10
Release Notes
BOSH Backup and Restore (BBR)
Check Release Notes for details
1.9.68 2024-09-11 Release Notes

VMware Tanzu Product Security Updates
Within the release notes there may be security or governance specific updates that are worth highlighting.  The Tanzu Security team reviews each release and summarizes security or governance specific highlights found within the release notes. 

Tanzu Security Team Disclaimer:
The summary below is a review of the above product release notes from a security and governance point of view and may not reflect specific security or governance requirements you may require. It also does not include all details from the release notes. Please review the full release notes for release details.

VMware Tanzu Platform for Cloud Foundry
VMware Tanzu for Valkey on Cloud Foundry (Formerly Redis)

  •         There are no new features for this release.
  •         This release includes the following security fixes:
    •         ​​CVE-2023-52425
    •         CVE-2023-52426
    •         CVE-2024-28757
    •         CVE-2023-39323
    •         CVE-2023-39325
    •         CVE-2023-39326
    •         CVE-2023-44487
    •         CVE-2023-45284
    •         CVE-2023-45285
    •         CVE-2023-45288
    •         CVE-2023-45289
    •         CVE-2023-45290
    •         CVE-2024-24783
    •         CVE-2024-24784
    •         CVE-2024-24785
    •         CVE-2024-24787
    •         CVE-2023-6129
    •         CVE-2023-6237
    •         CVE-2024-0727
    •         CVE-2024-2511 

Stemcells (Ubuntu Jammy) 

  •         No high or critical USN’s in this release.
  •         Migrate from fips-preview to fips-updates

Stemcells (Windows) 

GenAI on Tanzu Platform for Cloud Foundry

  •         Selected capabilities are surfaced in the CF marketplace through plan descriptions, as well as in the binding credentials block.
  •         Adds initial support for logging and metrics.
  •         Adds support for floating Stemcell versions.
  •         No known limitations at time of release.
  •         No known exploitable CVEs at time of release.

BOSH Backup and Restore (BBR)

  •         Maintenance release  - No CVEs resolved in this release



Check out the troubleshooting Tips and Resolutions on various Tanzu Products. This section is a great resource for you to bookmark and quickly prevent issues before pushing applications to Production.

VMware Tanzu
VMware Tanzu cloud services  to VMware Tanzu Platform console 
Transition VMware Tanzu cloud services to VMware Tanzu Platform console - On September 11, 2024, cloud services in the VMware Tanzu portfolio will transition away from VMware Cloud Service to the VMware Tanzu Platform, and customers will access VMware Tanzu cloud services at https://console.tanzu.broadcom.com going forward. Please read this article for all the details on this transition plan.

VMware Documentation Migration
VMware documentation post migration to Broadcom - Broadcom is currently migrating VMware documentation content to techdocs.broadcom.com. Until that process is complete, refer to docs.vmware.com or links specified in this article.  

VMware Tanzu Platform for Cloud Foundry
VMware Tanzu Application Service (TAS)
TAS cflinuxfs4 Migration Proposal - The TAS Linux stacks are based on Ubuntu releases. The current Linux stack that ships with TAS, cflinuxfs3, is based on Ubuntu 18.04 "Bionic". This proposal explores the effort to introduce a cflinuxfs4 stack and eventually fully replace cflinuxfs3.

VMware Tanzu Platform for Kubernetes
VMware Tanzu Kubernetes Grid Integrated Edition (TKGI)
ERROR: "artifact not found" returned from Harbor when pull, copy or delete operations are performed against an image - This failure condition is caused by the Harbor database files becoming corrupted. Failures in underlying storage components, or incorrect shutdown sequence of Harbor VM's might lead to this state. 

Fluent-bit sqldb corruption issue in Tanzu Kubernetes Grid Integrated - This happens if there is a storage corruption on the node and the sqldb file gets corrupted. Please check resolution steps in this article. 

TKGi node missing in cluster - The issue can be seen during a cluster upgrade when nodes are recreated. It could also be seen if a manual/automatic recreation through Bosh is triggered. Check the article for symptoms and resolution details.

VMware Tanzu
Accelerating Business Agility with VMware Tanzu - (Video) Speakers - Rick Villars, an industry expert from IDC, and Purnima Padmanabhan, Vice President & General Manager of Tanzu Division, will address the innovation challenges faced by organizations today, offer recommendations for IT leaders and highlight recent IDC research on how genAI is influencing app modernization and digital business priorities.  

Community is Mission Critical
Community is Mission Critical for Platform Engineering  - (Blog) Michael Coté Community building and gardening is an integral part of platform engineering. The only way to scale that "feature" is to activate the platform's internal community. As your community grows, developers will start helping each other troubleshoot, but also learn how to use the platform.

VMware Tanzu Application Catalog VMware Tanzu Application Catalog: Introducing Global Catalog Insights and Compliance Results  - (Blog) Martín Pérez  In this latest release, we are introducing new Knowledge Graph capabilities that expand that information with insights about your global open source catalog. 

Open Source vs. Enterprise Edition of Bitnami Application Catalog  - (White Paper) This whitepaper compares the open-source Bitnami Application Catalog with VMware Tanzu Application Catalog. It underscores the Tanzu Catalog's value for enterprise deployments with its advanced security, compliance, and customization features. 

Spring Updates
Navigating the End of Spring Framework 5.3 Support and Preparing for the Future - (Blog) Michelle Sebek and Raquel Pau ​​Spring Framework 5.3 and 6.0 have arrived at the end of their open-source support life cycle, a critical juncture for developers and IT managers. This article is your roadmap to understanding the implications, potential risks, and strategic upgrade options to ensure your applications remain secure, efficient, and up-to-date. 

Cloud Foundry Weeklies Series  -  Subscribe  | RSS Feed
Cloud Foundry Weekly: What's new with BOSH and OpsMan?: S1Ep 27 - (Video) Nicky Pike, Nick Kuhn & Maya Rosecrance will join the show to dive deep into new BOSH and VMware Tanzu Operations Manager (Ops Man) features. Don't miss this episode to see how these new features can make a platform engineer's life easier.

Upcoming Events and Webinars sorted in Date order below for your convenience with relevant links and information for you to not miss these key happenings.

VMware Explore 2024 Barcelona  November 4 -7 2024
Check out more details on this upcoming event Content Catalog is Open now   | Register 

KubeCon + CloudNativeCon November 12 – 15 2024 
The Cloud Native Computing Foundation’s flagship conference gathers adopters and technologists from leading open source and cloud native communities in Salt Lake City, Utah from November 12-15, 2024.
Experience The Kubecon + cloudnativeconRegister for the event | Schedule

Tanzu What's New Series - Weekly Tanzu digest on Tanzu product Releases, KB Articles, Success Stories, Updates, Blogs, Videos & More. RSS feed is also available. You can also Subscribe for this weekly update on the official VMWare Tanzu Linked In Newsletter Now!!!!  We now have 10.5k+ subscribers.
Tanzu Academy - An on-demand, comprehensive learning hub for platform and application operators to become experts at achieving meaningful outcomes with Tanzu products. 
Spring Academy - The new Spring Academy Pro FREE is live! Check out the details here
Tanzu Fundamentals (Videos)
Tanzu Documentation 
Tanzu Courses
 

Note: Sign in to Tanzu TechZone to browse between editions, pin content, rate content, build favorites lists, etc. 
Thanks and Regards,
Aruna Srinivasan (She/Her)
Client Services Consultant - Tanzu Customer Success

 

Associated Content

home-carousel-icon From the action bar MORE button.

Filter Tags

Tanzu Tanzu Application Platform Tanzu Application Service Tanzu Kubernetes Grid Integrated Tanzu Kubernetes Operations VMware Data Solutions VMware GemFire VMware Greenplum VMware RabbitMQ VMware SQL Blog What's New Aruna Newsletter