A lot of vRLI customers, including me, were caught off guard in recent weeks that a certificate is expiring on April 30th. I figured taking care of this shouldn’t be a big hassle, but I was wrong. VMware provided a long list of instructions for applying a workaround, which are linked below. Seemed like a lot of trouble for an internal certificate.
https://kb.vmware.com/s/article/91441?lang=en_US
https://docs.vmware.com/en/vRealize-Log-Insight/8.10/com.vmware.log-insight.administration.doc/GUID-89D2FDFC-2869-43C0-B6D6-23146DB5E4FE.html
https://docs.vmware.com/en/vRealize-Log-Insight/8.10/com.vmware.log-insight.administration.doc/GUID-C5144813-F22A-4476-9E0E-BEC5B60417BF.html
I figured VMware wouldn’t leave us all hanging and I decided to wait to see if a patch would be released before the end of the month. I am glad I did because patch 8.12 was released on the 20th. Applying the patch resolves all of the vulnerabilities (CVE-2023-20864, CVE-2023-20865) and the upcoming expiration of the certificate. I upgraded from 8.10.2 and had no issues with the upgrade. Very fast and straightforward with taking a powered off snapshot and applying the update through the web UI. Check out the link below for the VMware KB on this update.
https://kb.vmware.com/s/article/91831
The patch also provides more. vRLI is now VMware Aria Operations for Logs within the product. Will everyone call it vAOL? I figured the name change will happen sometime soon, but I didn’t think it would on a small patch. There are also a few other updates. Check out the link below for the release notes.
VirtCorner 