VMware has been quite busy providing workarounds for all of their products that are affected by the recent Apache Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046. One of the affected products is vRealize Automation 8.0 through 8.6.1. While VMware has stated that these vulnerabilities will be addressed in the future vRealize Automation 8.6.2 and vRealize Orchestrator 8.6.2 releases, they have provided a temporary workaround as detailed in KB87120 for vRealize Automation and vRealize Orchestrator versions 8.

Unless you’ve been living under a rock the past couple days, you’ve likely been seeing many articles regarding CVE-2021-44228 which describes a remote code execution vulnerability within Apache Log4j. Apache Log4j is a Java-based logging utility used by many applications across the world, and as such, this vulnerability is a huge issue due to how easy it is to exploit as well as the sheer number of vulnerable devices. Like most companies with Java based applications, many of VMware’s products utilize Log4j to provide application logging capabilities.

vRealize Operations has received its latest update on December 7, 2021. vRealize Operations 8.6.1 is a maintenance release which resolves several important security, performance, stability, and functionality issues identified in the product. Issues Resolved The following issues have been resolved as of vRealize Operations 8.6.1: vRealize Operations firstboot doesn’t complete successfully after deployment. Agent stopped automatically post content update for applications having jolokia2 plugin. Moved the running Custom Script feature using Telegraf to ADV license.

VMware vRealize Automation 8.6.1 was released on November 19, 2021. With this release, VMware has provided several enhancements and new features including significant Onboarding and Deployment enhancements, Extensibility and TKG improvements and new SaltStack and Carbon Black integration. What’s New Updates included in vRealize Automation 8.6.1 Assign icons to onboarded deployments - To give end user more information about deployments, vRA updates the deployment Edit action to support assigning custom icons to onboarded deployments.

During VMworld 2021, VMware announced that the vRealize True Visibility Suite 3rd party compute and storage management packs would be provided free of charge to all existing vRealize Operations customers. The only caveat was that these management packs wouldn’t be available until a future release. On November 11, 2021, VMware followed through on this announcement and released new versions of all of 20 compute and storage management packs. Customers can download these new management packs by accessing the vRealize Operations Management Packs VMware Customer Connect download page.