VMware Cloud Community
ojw_cryptomathi
Contributor
Contributor

3.5 eol dates (for updates)

Hi.

I'm currently running 3.5 u2 and want to know how long it will be supported for in terms of security updates and therefore when we need to move to u3 (or u4).

The EOL page I found does not mention 3.5 at all:

http://www.vmware.com/support/policies/eos_vi_maint.html

- Oli

Tags (2)
Reply
0 Kudos
7 Replies
bluebull2rhyme
Enthusiast
Enthusiast

Dont worry for 3.5 for next 1 year...The general availability date will be till next year end and EOL after 3 years.This is what VMware is doing when they release a new product.

Now more focus will be on Vsphere and to promote the product.Once this product is found to be stable and tested by different clients..there comes a EOL for the exising version 3.5

If you find this useful,award me Helpful or Correct answer
Reply
0 Kudos
ojw_cryptomathi
Contributor
Contributor

Say I wanted to apply the security update from April 10th (http://kb.vmware.com/kb/1009852). As far as I can make out, u4 is a prerequisite which makes u3 and earlier systems still vulnerable. Or have I misunderstood?

Reply
0 Kudos
kjb007
Immortal
Immortal

U3 systems would be affected by other vulnerabilities as well. But the patch dependencies are listed in the patch description here: http://support.vmware.com/selfsupport/download/

-KjB

VMware vExpert

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
ojw_cryptomathi
Contributor
Contributor

Thanks very much for your reply!

So the answer is that to be secure you must apply the latest update? That is a shame since 3rd party apps often lag behind in their support (eg: APC PCNS).

I know that some places refer to (for example) 3.5u3 as "3.5.3", but it seems that VMware considers these updates to be less of a change compared to those for the 3.0 series.

Reply
0 Kudos
RParker
Immortal
Immortal

So the answer is that to be secure you must apply the latest update? That is a shame since 3rd party apps often lag behind in their support (eg: APC PCNS).

If you know you are vulnerable, why not simply move to U4 then? Why wait until it becomes a potential problem? I wouldn't let it stress me out, I would have upgraded already...

Reply
0 Kudos
ojw_cryptomathi
Contributor
Contributor

The reason not to upgrade is to be sure to be supported in case there are problems - for example with the hardware or 3rd party applications.

I did a bit more research and found an old page in the google cache. That states separate EOL dates for u1 (2009-07-25), u2 (2009-11-06) and u3 (2010-03-30)!

I wonder if the current omission represents a change in policy by VMware (not to provide security updates for anything but the current) or maybe the dates have just gone away temporarily to be revised?

Reply
0 Kudos
RParker
Immortal
Immortal

I wonder if the current omission represents a change in policy by VMware (not to provide security updates for anything but the current) or maybe the dates have just gone away temporarily to be revised?

Or maybe the later binaries were further improved that obviates those security updates. Different binaries have different security vulnerabilities. It may be a change in policy, and believe me after that debacle last year where ESX host prevented power on of VM's after 2 weeks.. was a major faus paux on VM ware, so I understand your hesitation...

However, U4 really seems very stable. And security has been a major concern, I believe that we should stay as close to most recent as possible, especially given that 3.5 has been very solid after that first glitch...

Reply
0 Kudos