On December 17th, VxRail 4.7.410 software package has been released by DellEMC. The software package includes;
- VxRail Manager 4.7.410(26262335)
- VMware ESXi 6.7 Patch 01 (15160138)
- VMware vCenter Server Virtual Appliance 6.7 Update 3b (15132721)
- VMware vSAN 6.7 Patch 01(15160138)
- VMware vRealize Log Insight 4.8(13036238)
This new release contains vSphere 6.7 Patch 1 which covers the heap overwrite security issue in OpenSLP as used in ESXi hosts. This vulnerability may allow network access to port 427 on ESXi host to OpenSLP service and result in remote code execution. (CVE-2019-5544). Other new features in 4.7.410 are;
- Supports vSAN 2-node deployments with network switches.
- Allows the order in which sites are upgraded to be specified for stretched clusters.
- Improves the handling of VxRail alarms in vCenter.
- Adds a Chat with Supportbutton on the Support tab.
- Disables node removal for vSAN 2-node clusters.
You can directly upgrade you VxRail cluster if you are running VxRail software 4.0.510 or later release. You may not upgrade VxRail appliance in the following circumstances without opening a service request;
- If you are running a 3-node cluster running VxRail 4.5.152 or earlier
- If you are running a stretched cluster and running VxRail 4.7.212 or earlier
- If your cluster is in unhealthy state or has critical errors
The upgrade bundle can be download from DellEMC’s support website.