Does anyone know if I can safely upgrade from vCenter 6.7 update 3p to vCenter 7.0 Update 3d?
People running vCenter Server 6.5 Update 3r and vCenter Server 6.7 Update 3p could not upgrade to vCenter Server 7.0 Update 3c because of the following note in the release note:
- The version of some OSS packages in vCenter Server 6.5 Update 3r and vCenter Server 6.7 Update 3p is later than the version in vCenter Server 7.0 Update 3c. As a result, if you upgrade from vCenter Server 6.5 Update 3r or vCenter Server 6.7 Update 3p to vCenter Server 7.0 Update 3c, the earlier version might expose your system to some vulnerabilities:
| 6.5 Update 3r | 6.7 Update 3p | 7.0 Update 3c | CVEs exposed |
Apache Tomcat | 8.5.68 | 8.5.68 | 8.5.63, 8.5.66 | CVE-2021-41079 (7.5)
CVE-2021-30639 (7.5)
CVE-2021-30640 (6.5)
CVE-2021-33037 (5.3) |
Eclipse Jetty | 9.4.43 | 9.4.39 | 9.4.39 | CVE-2021-34429 (5.0)
CVE-2021-34428 (3.6)
CVE-2021-28169 (5.0) |
cURL | 7.78.0 | 7.78.0 | 7.75.0 | CVE-2021-22897 (5.3)
CVE-2021-22926 (7.5)
CVE-2021-22925 (5.3)
CVE-2021-22924 (3.7)
CVE-2021-22923 (5.3)
CVE-2021-22922 (6.5) |
OpenSSL library | 1.0.2za | 1.0.2za | 1.0.2y | CVE-2021-3712 (7.4) |
Oracle (Sun) JRE and JDK | 1.8.0_301 | 1.8.0_301 | 1.8.0_291 | CVE-2021-2388(5.1)
CVE-2021-2163(2.6)
CVE-2021-2161(4.3) |
SQLite | 3.34.1 | 3.34.0 | 3.33.0 | CVE-2021-20227(5.5) |
VMware has just released vCenter 7.0 update 3d but the release note did not state whether or not these issues were resolved.
Does anyone know one way or the other?
