“I never dreamed about success, I worked for it" - Estée Lauder
VMware Tanzu Product Security Notice A path traversal vulnerability was recently disclosed in Spring that affects Spring Framework:
- 6.1.0 - 6.1.12
- 6.0.0 - 6.0.23
- 5.3.0 - 5.3.39
- Older, unsupported versions are also affected.
To be impacted an application needs to use RouterFunctions to serve static resources and resource handling is explicitly configured with a FileSystemResource location. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Users should upgrade to the fixed version or can mitigate the malicious requests using the Spring Security HTTP Firewall or run the application on Tomcat or Jetty because they reject such malicious attacks.
Patches for Spring Framework 5.3 and 6.0 are available through Enterprise Support only and 6.1.13 can be found in OpenSource spring framework. More information can be found here: https://spring.io/security/cve-2024-38816
VMware Tanzu Product Releases In this section, we will add releases information on Tanzu Platform for Cloud Foundry, Tanzu Platform for Kubernetes, Tanzu Data Services, and Tanzu Spring Essentials Products that are part of Tanzu Platform and Standalone solutions along with its release date and release notes.
(Note : Broadcom Support portal requires you to register) Tanzu Product Downloads | KB article on How to Download Products | Tanzu Product Lifecycle (Select Tanzu Division to find Tanzu product releases)
Product Name |
Version |
Release Date |
Related Links |
VMware Tanzu Platform for Cloud Foundry VMware Tanzu for Valkey on Cloud Foundry (Formerly Redis) Check Release Notes for Resolved issues and Security fix details |
4.0.0 |
2024-09-09 |
Release Notes |
VMware Tanzu Platform Stemcells (Ubuntu Jammy) Check Release Notes for details |
1.555 |
2024-09-10 |
Release Notes |
Stemcells (Windows) Check Release Notes for details |
2019.77 |
2024-09-12 |
Release Notes |
Other Releases GenAI on Tanzu Platform for Cloud Foundry Check Release Notes for details |
0.7.0 |
2024-09-10 |
Release Notes |
BOSH Backup and Restore (BBR) Check Release Notes for details |
1.9.68 |
2024-09-11 |
Release Notes |
VMware Tanzu Product Security Updates Within the release notes there may be security or governance specific updates that are worth highlighting. The Tanzu Security team reviews each release and summarizes security or governance specific highlights found within the release notes.
Tanzu Security Team Disclaimer: The summary below is a review of the above product release notes from a security and governance point of view and may not reflect specific security or governance requirements you may require. It also does not include all details from the release notes. Please review the full release notes for release details.
VMware Tanzu Platform for Cloud Foundry VMware Tanzu for Valkey on Cloud Foundry (Formerly Redis)
- There are no new features for this release.
- This release includes the following security fixes:
- CVE-2023-52425
- CVE-2023-52426
- CVE-2024-28757
- CVE-2023-39323
- CVE-2023-39325
- CVE-2023-39326
- CVE-2023-44487
- CVE-2023-45284
- CVE-2023-45285
- CVE-2023-45288
- CVE-2023-45289
- CVE-2023-45290
- CVE-2024-24783
- CVE-2024-24784
- CVE-2024-24785
- CVE-2024-24787
- CVE-2023-6129
- CVE-2023-6237
- CVE-2024-0727
- CVE-2024-2511
Stemcells (Ubuntu Jammy)
- No high or critical USN’s in this release.
- Migrate from fips-preview to fips-updates
Stemcells (Windows)
GenAI on Tanzu Platform for Cloud Foundry
- Selected capabilities are surfaced in the CF marketplace through plan descriptions, as well as in the binding credentials block.
- Adds initial support for logging and metrics.
- Adds support for floating Stemcell versions.
- No known limitations at time of release.
- No known exploitable CVEs at time of release.
BOSH Backup and Restore (BBR)
- Maintenance release - No CVEs resolved in this release
Check out the troubleshooting Tips and Resolutions on various Tanzu Products. This section is a great resource for you to bookmark and quickly prevent issues before pushing applications to Production.
VMware Tanzu VMware Tanzu cloud services to VMware Tanzu Platform console Transition VMware Tanzu cloud services to VMware Tanzu Platform console - On September 11, 2024, cloud services in the VMware Tanzu portfolio will transition away from VMware Cloud Service to the VMware Tanzu Platform, and customers will access VMware Tanzu cloud services at https://console.tanzu.broadcom.com going forward. Please read this article for all the details on this transition plan.
VMware Documentation Migration VMware documentation post migration to Broadcom - Broadcom is currently migrating VMware documentation content to techdocs.broadcom.com. Until that process is complete, refer to docs.vmware.com or links specified in this article.
VMware Tanzu Platform for Cloud Foundry VMware Tanzu Application Service (TAS) TAS cflinuxfs4 Migration Proposal - The TAS Linux stacks are based on Ubuntu releases. The current Linux stack that ships with TAS, cflinuxfs3, is based on Ubuntu 18.04 "Bionic". This proposal explores the effort to introduce a cflinuxfs4 stack and eventually fully replace cflinuxfs3.
VMware Tanzu Platform for Kubernetes VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) ERROR: "artifact not found" returned from Harbor when pull, copy or delete operations are performed against an image - This failure condition is caused by the Harbor database files becoming corrupted. Failures in underlying storage components, or incorrect shutdown sequence of Harbor VM's might lead to this state.
Fluent-bit sqldb corruption issue in Tanzu Kubernetes Grid Integrated - This happens if there is a storage corruption on the node and the sqldb file gets corrupted. Please check resolution steps in this article.
TKGi node missing in cluster - The issue can be seen during a cluster upgrade when nodes are recreated. It could also be seen if a manual/automatic recreation through Bosh is triggered. Check the article for symptoms and resolution details.
VMware Tanzu Accelerating Business Agility with VMware Tanzu - (Video) Speakers - Rick Villars, an industry expert from IDC, and Purnima Padmanabhan, Vice President & General Manager of Tanzu Division, will address the innovation challenges faced by organizations today, offer recommendations for IT leaders and highlight recent IDC research on how genAI is influencing app modernization and digital business priorities.
Community is Mission Critical Community is Mission Critical for Platform Engineering - (Blog) Michael Coté Community building and gardening is an integral part of platform engineering. The only way to scale that "feature" is to activate the platform's internal community. As your community grows, developers will start helping each other troubleshoot, but also learn how to use the platform.
VMware Tanzu Application Catalog VMware Tanzu Application Catalog: Introducing Global Catalog Insights and Compliance Results - (Blog) Martín Pérez In this latest release, we are introducing new Knowledge Graph capabilities that expand that information with insights about your global open source catalog.
Open Source vs. Enterprise Edition of Bitnami Application Catalog - (White Paper) This whitepaper compares the open-source Bitnami Application Catalog with VMware Tanzu Application Catalog. It underscores the Tanzu Catalog's value for enterprise deployments with its advanced security, compliance, and customization features.
Spring Updates Navigating the End of Spring Framework 5.3 Support and Preparing for the Future - (Blog) Michelle Sebek and Raquel Pau Spring Framework 5.3 and 6.0 have arrived at the end of their open-source support life cycle, a critical juncture for developers and IT managers. This article is your roadmap to understanding the implications, potential risks, and strategic upgrade options to ensure your applications remain secure, efficient, and up-to-date.
Cloud Foundry Weeklies Series - Subscribe | RSS Feed Cloud Foundry Weekly: What's new with BOSH and OpsMan?: S1Ep 27 - (Video) Nicky Pike, Nick Kuhn & Maya Rosecrance will join the show to dive deep into new BOSH and VMware Tanzu Operations Manager (Ops Man) features. Don't miss this episode to see how these new features can make a platform engineer's life easier.
Upcoming Events and Webinars sorted in Date order below for your convenience with relevant links and information for you to not miss these key happenings.
VMware Explore 2024 Barcelona November 4 -7 2024 Check out more details on this upcoming event | Content Catalog is Open now | Register
KubeCon + CloudNativeCon November 12 – 15 2024 The Cloud Native Computing Foundation’s flagship conference gathers adopters and technologists from leading open source and cloud native communities in Salt Lake City, Utah from November 12-15, 2024. Experience The Kubecon + cloudnativecon | Register for the event | Schedule Tanzu What's New Series - Weekly Tanzu digest on Tanzu product Releases, KB Articles, Success Stories, Updates, Blogs, Videos & More. RSS feed is also available. You can also Subscribe for this weekly update on the official VMWare Tanzu Linked In Newsletter Now!!!! We now have 10.5k+ subscribers. Tanzu Academy - An on-demand, comprehensive learning hub for platform and application operators to become experts at achieving meaningful outcomes with Tanzu products. Spring Academy - The new Spring Academy Pro FREE is live! Check out the details here Tanzu Fundamentals (Videos) Tanzu Documentation Tanzu Courses
Note: Sign in to Tanzu TechZone to browse between editions, pin content, rate content, build favorites lists, etc. Thanks and Regards, Aruna Srinivasan (She/Her) Client Services Consultant - Tanzu Customer Success
|