Sign In
Forgot Password

Don’t have an account? Create One.

Instructions for How to Create, View, and Manage Cases

Flex 2.1.2

Maintenance release Obsolete
Update ID: UPD510812
Version: 2.1.2
Platform: Appliance
Release date: 2022-09-23

Abstract

Updates Flex Appliance From Release Version 2.1 or 2.1.1 to 2.1.2

Description

The NetBackup Flex Appliance 2.1.2 update is now available.  
To install the 2.1.2 update, which consists of security patches and functional fixes, the target appliance must be running NetBackup Flex Appliance version 2.1 or 2.1.1. 

Veritas recommends that you install this update to make sure that you have the latest product fixes. See the Flex Appliance Getting Started and Administration Guide version 2.1 for the steps to install the update.

 

Contents of NBU Flex Appliance 2.1.2 Release 

The 2.1.2 update resolves the following issues:

  • The Flex Appliance 2.1.2 update includes all the vulnerabilities that were fixed through  

    • Flex 2.1 HF4 hotfix:  

      • Apache Log4j and polkit vulnerabilities.  
        More information is available at: https://www.veritas.com/content/support/en_US/article.100052106   

      • Spring Framework vulnerability.  
        More information is available at:  
        https://www.veritas.com/content/support/en_US/downloads/update.UPD108121  

      • Spring Boot (CVE-2022-22965)  
        A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.  

      • Enable Isolated Recovery Environment (IRE) Air Gap solution.  
        More information is available at:  
        https://www.veritas.com/content/support/en_US/downloads/update.UPD816872 

    • Flex 2.1.1 HF1 hotfix:

      • HotFix to support the new D-series Veritas 2U12 Storage Shelf for Flex 5250 Appliance models with software version 2.1.1 

  • High criticality security vulnerabilities identified with Spring Framework, Spring Security, jackson-databind, spring-security-oauth, Apache Tomcat, Apache Tomcat Embed, Apache PDFBox,  nginx-njs, Spring Data MongoDB, SnakeYAML identified by the following CVEs: 
    CVE-2022-22978, CVE-2022-22976, CVE-2020-36518, CVE-2022-22969, CVE-2022-29885, CVE-2022-34305, CVE-2022-29885, BDSA-2022-1920, CVE-2022-22971, CVE-2022-22968, CVE-2022-22970, CVE-2022-27007, CVE-2022-29369, CVE-2022-27008, CVE-2022-30503, CVE-2022-28049, CVE-2022-29779, CVE-2022-29780, CVE-2022-22980, CVE-2022-25857

  • Issues that were identified with updates, the Data Collect logs, and usability through the Flex Appliance Console 

  • Customer reported defects:

    • APPCFT-9957: The S series storage commands output in the Data Collect logs was overwritten during log extraction. 

    • APPCFT-10579: Collecting the Data Collect logs on S series storage shelves failed on the Veritas 5350 Appliance. 

    • APPCPE-6071: Added the shmcli utility logs to the Data Collect logs on a 5250 appliance. 

    • APPSOL-166784, APPSOL-166837: Megaraid references were not cleaned up properly due to an issue with a hardware plug-in. 

    • FLEX-4333: A manual attempt to generate a crash dump failed on appliances with RAM greater than 512GB. 

    • FLEX-1206: The retention periods of a WORM storage server instance did not match between Flex Appliance and NetBackup. 

    • APPCPE-6484: Improved validation of uploaded file names. 

    • APPCFT-10763: Update failures occurred when the storage was over provisioned and did not have enough space for the update operations. 

    • Fix for 2u12 getstatus logs extraction from DCv2 bundle

Note: APPCPE numbers are for Veritas Support reference only.

 

Applies to the following product releases

Flex Appliance OS 2.1
Release date: 2021-12-06
End of standard support: To be determined
Sustaining support starts: To be determined
End of support life: 2024-12-06

Update files

 File name Description Version Platform Size