VMware Cloud Community
Debashis5352
Contributor
Contributor

vCenter patch for the mitigation of log4j

Hi Everyone Is any body aware mostly when vmware  will release fix version of vcenter update inorder to 

mitigate log4j vulnerability?

 

 

 

Reply
0 Kudos
3 Replies
wonderwear
Contributor
Contributor

I don't think they will release patch for that since every patch they push is breaking more than fixing problems. Workaround is already doing that job. 

johnmcc22
Contributor
Contributor

Seems like anything vmware releases these days breaks something else and  gets pulled back, just look at the esxi  version releases, last 3 are all pulled back, doesn't  exactly give me alot of confidence in a patch with a workaround in place. 

This is actually why we normally wait a few weeks after a patch is released, we let the rest of the community take it, follow the community page here to see if there are any major issues, if none then we proceed with the patch. We stopped at 7.02d. 

vMakeITWork
Contributor
Contributor

That's exactly the same approach that I take. I advise our customers to wait a few weeks before updating/upgrading their production clusters (except severe security patches or critical bug fixes). I'd rather use a known stable version in brownfield environments. Most customers don't need the new features right away. For greenfield deployments you should consider the customer's plans for when the project must be completed. If the time is too short you also better use a known stable version.