-
- Expert
- Posts: 106
- Liked: 29 times
- Joined: Mar 16, 2023 5:47 pm
- Contact:
vCenter 8.0 Update 3 is out. Does this need QA approval?
https://docs.vmware.com/en/VMware-vSphe ... index.html
I assume based on other upgrades that Veeam will say it needs to be tested by QA and to not update. Just checking to see if this is still valid or if we are ok to update?
Thanks,
I assume based on other upgrades that Veeam will say it needs to be tested by QA and to not update. Just checking to see if this is still valid or if we are ok to update?
Thanks,
-
- Product Manager
- Posts: 10099
- Liked: 2696 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
Hello Pmichelli
As always for "U" updates, please wait for official support announcement
We are already testing. Our commitment is to bring official support for new releases within 90 days of GA.
I expect it to be supported with our next release v12.2 (Q3 2024).
We will update the corresponding KB article and help center after testing has finished:
https://www.veeam.com/kb2443
Best,
Fabian
As always for "U" updates, please wait for official support announcement

We are already testing. Our commitment is to bring official support for new releases within 90 days of GA.
I expect it to be supported with our next release v12.2 (Q3 2024).
We will update the corresponding KB article and help center after testing has finished:
https://www.veeam.com/kb2443
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Veeam Software
- Posts: 78
- Liked: 48 times
- Joined: Feb 19, 2019 3:08 pm
- Full Name: Andy Sturniolo
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
Also please keep in mind that 8.0.3 has gone IA (Initial Availability). For more info on the release cycle.. check this link out.. https://blogs.vmware.com/vsphere/2023/0 ... olves.html
-
- Expert
- Posts: 106
- Liked: 29 times
- Joined: Mar 16, 2023 5:47 pm
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
The release notes state it is GA , but regardless my cowboy days are behind me and now I wait for every vendor to say it's safe to upgrade. Thank you both for replying. I had a feeling this would be the situation (wait until we say its ok). Already some early adopters on Reddit seeing PSOD on the ESXi upgrades. I like my weekends more than I like being a early adopter these days
General Availability
This vCenter Server 8.0 Update 3 release is a General Availability (GA) designation

General Availability
This vCenter Server 8.0 Update 3 release is a General Availability (GA) designation
-
- Veeam Software
- Posts: 78
- Liked: 48 times
- Joined: Feb 19, 2019 3:08 pm
- Full Name: Andy Sturniolo
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
Ah yes vCenter is GA.. it appears that ESXi 8.0.3 is IA.
https://docs.vmware.com/en/VMware-vSphe ... index.html
I agree i always wait for support statements, rather than being a cowboy... especially in a production environment.
https://docs.vmware.com/en/VMware-vSphe ... index.html
I agree i always wait for support statements, rather than being a cowboy... especially in a production environment.
-
- Enthusiast
- Posts: 76
- Liked: 32 times
- Joined: Jan 14, 2022 9:16 am
- Full Name: Daniel Artzen
- Location: Germany
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
I also agree it is better to wait and not only because of the support statement from Veeam (which is of course important). I have seen enough broken releases by VMware in the past few years even before they were bought by Broadcom (some will remember 7U3 being redacted by VMware because it made so many problems) and I don't need these problems in my environment. So normally I wait until at least the first letter patch to upgrade our systems. In the past they even released updates for the older versions, if it become known that there is a security problem in the older version. So I am quite comfortable with my "wait and see" approach.
-
- Veeam Legend
- Posts: 418
- Liked: 243 times
- Joined: Apr 11, 2023 1:18 pm
- Full Name: Tyler Jurgens
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
The best thing to do is ultimately just patch to the latest version on day 1, then post in all corresponding forums for all software you use that its broken and you need them to fix it immediately because everything's down.
Tyler Jurgens
Veeam Legend x3 | vExpert ** | VMCE | VCP 2020 | Tanzu Vanguard | VUG Canada Leader | VMUG Calgary Leader
Blog: https://explosive.cloud
Twitter: @Tyler_Jurgens BlueSky: @explosive.cloud
Veeam Legend x3 | vExpert ** | VMCE | VCP 2020 | Tanzu Vanguard | VUG Canada Leader | VMUG Calgary Leader
Blog: https://explosive.cloud
Twitter: @Tyler_Jurgens BlueSky: @explosive.cloud
-
- Enthusiast
- Posts: 66
- Liked: 8 times
- Joined: Jun 14, 2011 1:55 pm
- Full Name: Matthew Vaughan
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
FWIW, I just upgraded my environment yesterday to 8 U3 from 7.03 -- no issues thus far.
*Additional note* hosts have not been upgraded yet -- they're still on 7.03.
*Additional note* hosts have not been upgraded yet -- they're still on 7.03.
-
- Enthusiast
- Posts: 48
- Liked: 16 times
- Joined: Apr 27, 2015 6:02 pm
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
This question has been asked 100x over Update #U# is out does veeam support it. Every time the answer is the same wait for Veeam to announce it.pmichelli wrote: ↑Jun 25, 2024 1:39 pm https://docs.vmware.com/en/VMware-vSphe ... index.html
I assume based on other upgrades that Veeam will say it needs to be tested by QA and to not update. Just checking to see if this is still valid or if we are ok to update?
Thanks,
Until it doesn't

-
- Lurker
- Posts: 1
- Liked: never
- Joined: Mar 04, 2023 2:34 am
- Full Name: Mahmut Sami Özdemir
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
Hi,
Vmware Vcenter Version: 8.0.3 Build: 24022515
Esxi Host VMware ESXi, 8.0.3, 24022510
veeam Backup 12.1.1.56
I have been using it this way for 2-3 days and I have not received one error yet and it works without any problems.
Vmware Vcenter Version: 8.0.3 Build: 24022515
Esxi Host VMware ESXi, 8.0.3, 24022510
veeam Backup 12.1.1.56
I have been using it this way for 2-3 days and I have not received one error yet and it works without any problems.
-
- Service Provider
- Posts: 7
- Liked: never
- Joined: Apr 13, 2023 6:00 pm
- Full Name: Maximilian Stumpf
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
The fact that 8.0U3 is the only security fix available for customers running vSphere 8 to mitigate VMSA-2024-0013 makes this more time-critical then usual...
-
- Enthusiast
- Posts: 76
- Liked: 32 times
- Joined: Jan 14, 2022 9:16 am
- Full Name: Daniel Artzen
- Location: Germany
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
These vulnerabilities have a max score of 6.8, so they are not "critical". For one exists a workaround and for another an attacker needs to have local administrator rights on a guest VM to trigger it.
The Vcenter one needs network access to it, which should be restricted by firewall/acls to only those systems that really need it. So I personally don't see this as so time-critical.
The Vcenter one needs network access to it, which should be restricted by firewall/acls to only those systems that really need it. So I personally don't see this as so time-critical.
-
- Service Provider
- Posts: 211
- Liked: 46 times
- Joined: Oct 28, 2010 10:55 pm
- Full Name: Ashley Watson
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
We upgraded vcentre a few weeks back and our esxi hosts earlier today. No issues so far and we've run multiple backup jobs.
For us it was easier to upgrade the infrastructure rather than to have a drawn out debate with out security team about the pros and cons of the update.
I did find it amusing though that on one page Broadcom said is was a 6.8 and then linked to another page which said it was a 9.8, so it looks like Broadcom are mixing their 6s for 9s!
I do agree though that as long as the hosts are on a secure internal network, that the potential risks are massively overstated, especially by those in security positions.
The hardest part though is having to navigate through the awful Broadcom portal to find the relevant updates and notes.
For us it was easier to upgrade the infrastructure rather than to have a drawn out debate with out security team about the pros and cons of the update.
I did find it amusing though that on one page Broadcom said is was a 6.8 and then linked to another page which said it was a 9.8, so it looks like Broadcom are mixing their 6s for 9s!
I do agree though that as long as the hosts are on a secure internal network, that the potential risks are massively overstated, especially by those in security positions.
The hardest part though is having to navigate through the awful Broadcom portal to find the relevant updates and notes.
-
- Enthusiast
- Posts: 76
- Liked: 32 times
- Joined: Jan 14, 2022 9:16 am
- Full Name: Daniel Artzen
- Location: Germany
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
A bit OT, but where do you see the link to a CVE with 9.8? On this page https://support.broadcom.com/web/ecx/su ... es/0/24505 I only find the three CVEs with 6.8, 6.8 and 5.3 and this is the VMSA that is mentioned in the release notes of 8U3.
-
- Product Manager
- Posts: 10099
- Liked: 2696 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
Please don't change this topic to a discussion about security risks 
You can open a new topic if you want to discuss security vulnerabilities in vSphere. But let's keep this topic about the discussion when we officially support vSphere 8.0 U3.
While backup seems to not throw any error (according to some comments here), we still have to run test on all other features.
Sample: Backup, Replica, CDP, all restore options/methods, ...
Please wait for our official support if your organization relies on 100% tested backup and restore operations.
Best,
Fabian

You can open a new topic if you want to discuss security vulnerabilities in vSphere. But let's keep this topic about the discussion when we officially support vSphere 8.0 U3.
While backup seems to not throw any error (according to some comments here), we still have to run test on all other features.
Sample: Backup, Replica, CDP, all restore options/methods, ...
Please wait for our official support if your organization relies on 100% tested backup and restore operations.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Veeam Legend
- Posts: 1209
- Liked: 418 times
- Joined: Dec 17, 2015 7:17 am
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
@Muldur sadly, its not that easy this time.
We have one security issue (CVE-2024-37086) that could bring down whole ESX environments. And there will be no fix for 8.0 U2 according to Support:
"Unfortunately, the only way to mitigate the vulnerability is to upgrade the environment to 8.0U3. There's no update that a new patch for 8.0U2 will be released for the vulnerability."
For us that means our whole ESX 8.0 upgrade project just stalled and we have to wait for Veeam to support this.
I do not remember that this has happened before like this.
We have one security issue (CVE-2024-37086) that could bring down whole ESX environments. And there will be no fix for 8.0 U2 according to Support:
"Unfortunately, the only way to mitigate the vulnerability is to upgrade the environment to 8.0U3. There's no update that a new patch for 8.0U2 will be released for the vulnerability."
For us that means our whole ESX 8.0 upgrade project just stalled and we have to wait for Veeam to support this.
I do not remember that this has happened before like this.
-
- Veeam Legend
- Posts: 418
- Liked: 243 times
- Joined: Apr 11, 2023 1:18 pm
- Full Name: Tyler Jurgens
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
I've never seen VMware *not* release a patch for an supported version before, so this looks like something else we received from the Broadcom acquisition.
Good thing there are workarounds:
Good thing there are workarounds:
Code: Select all
To workaround the issue, change the following ESXi advanced options:
Config.HostAgent.plugins.hostsvc.esxAdminsGroupAutoAdd from true to false
Config.HostAgent.plugins.vimsvc.authValidateInterval from 1440 to 90
Tyler Jurgens
Veeam Legend x3 | vExpert ** | VMCE | VCP 2020 | Tanzu Vanguard | VUG Canada Leader | VMUG Calgary Leader
Blog: https://explosive.cloud
Twitter: @Tyler_Jurgens BlueSky: @explosive.cloud
Veeam Legend x3 | vExpert ** | VMCE | VCP 2020 | Tanzu Vanguard | VUG Canada Leader | VMUG Calgary Leader
Blog: https://explosive.cloud
Twitter: @Tyler_Jurgens BlueSky: @explosive.cloud
-
- Veeam Legend
- Posts: 1209
- Liked: 418 times
- Joined: Dec 17, 2015 7:17 am
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
And that will solve the denial of service issue? I think this might help with the other AD issue which for us is not so relevant...
-
- Service Provider
- Posts: 343
- Liked: 82 times
- Joined: Mar 16, 2015 4:00 pm
- Full Name: David Rubin
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
Funny that you say that, because I just upgraded my mission-critical environment ESXi to v9 (alpha) and I need to restore my critical VMs and VBR v12 won't see it! I can't believe that Veeam is distributing broken software!tyler.jurgens wrote: ↑Jun 26, 2024 2:53 pm The best thing to do is ultimately just patch to the latest version on day 1, then post in all corresponding forums for all software you use that its broken and you need them to fix it immediately because everything's down.
(Yes, that was a joke.)
-
- Veteran
- Posts: 609
- Liked: 89 times
- Joined: Dec 20, 2015 6:24 pm
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
Indeed, that is now a bad situation. The only way to avoid CVE-2024-37087 is update to 8.0U3. Which is not supported by Veeam.
3c. VMware vCenter denial-of-service vulnerability (CVE-2024-37087)
Description:
The vCenter Server contains a denial-of-service vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Known Attack Vectors:
A malicious actor with network access to vCenter Server may create a denial-of-service condition.
Resolution:
To remediate CVE-2024-37087 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.
Workarounds:
None.
-
- Veeam Legend
- Posts: 418
- Liked: 243 times
- Joined: Apr 11, 2023 1:18 pm
- Full Name: Tyler Jurgens
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
You can patch to ESXi 7.0 Update 3q to fix two of the three vulnerabilities listed here: https://support.broadcom.com/web/ecx/su ... es/0/24505 - which does fix the Denial of Service attack.
The other issue that has no patch planned for ESXi 7.x is fixed with this workaround here: https://knowledge.broadcom.com/external/article/369707/
The other issue that has no patch planned for ESXi 7.x is fixed with this workaround here: https://knowledge.broadcom.com/external/article/369707/
Tyler Jurgens
Veeam Legend x3 | vExpert ** | VMCE | VCP 2020 | Tanzu Vanguard | VUG Canada Leader | VMUG Calgary Leader
Blog: https://explosive.cloud
Twitter: @Tyler_Jurgens BlueSky: @explosive.cloud
Veeam Legend x3 | vExpert ** | VMCE | VCP 2020 | Tanzu Vanguard | VUG Canada Leader | VMUG Calgary Leader
Blog: https://explosive.cloud
Twitter: @Tyler_Jurgens BlueSky: @explosive.cloud
-
- Veeam Legend
- Posts: 1209
- Liked: 418 times
- Joined: Dec 17, 2015 7:17 am
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
If you already on ESX 8 (as we are because of newer EVC modes) you are out of luck......
-
- Veeam Legend
- Posts: 1209
- Liked: 418 times
- Joined: Dec 17, 2015 7:17 am
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
Any news about this?
-
- Product Manager
- Posts: 10099
- Liked: 2696 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
Our target for supporting vSphere 8 Update 3 is V12.2 (Q3 2024).
Best,
Fabian
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Lurker
- Posts: 1
- Liked: 1 time
- Joined: Jul 31, 2024 11:39 am
- Full Name: Oetiker Sascha
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
Like other users already stated here, its a security issue on vsphere 8.0 environement, so we had to upgrade to 8.03. so please VEEAM Quality-proof-departement - give this update a boost 

-
- Expert
- Posts: 106
- Liked: 29 times
- Joined: Mar 16, 2023 5:47 pm
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
The security problem only applies if you're foolish enough to join ESXi and vCenter to AD. Remove them from the domain and this CVE does not apply. It's also best security practice
-
- Influencer
- Posts: 21
- Liked: 15 times
- Joined: Feb 03, 2020 2:20 pm
- Full Name: Jeroen Leeflang
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
Or implement the advanced config updates and ESXi will no longer look at AD for the "ESX Admins" group.
The second security related item require local administrator rights to a VM with a snapshot attached. If you follow snap-shot best practices these will no longer exist than max 2 days. The worst this issue can cause is a vCenter DoS. Although this can also cause serious issues, it does not provide access with administrative permissions. The VMs running on the ESXi hosts should not be affected by a malfunctioning vCenter.
The third item requires network access to vCenter.
Here too, follow security best-practices! Create multiple security zone's (separated networks) to allow only required devices from connecting to your vulnerable management interfaces. Keep production and management as separated as possible and these issues have far less impact than they would have in non-segmented networks.
The second security related item require local administrator rights to a VM with a snapshot attached. If you follow snap-shot best practices these will no longer exist than max 2 days. The worst this issue can cause is a vCenter DoS. Although this can also cause serious issues, it does not provide access with administrative permissions. The VMs running on the ESXi hosts should not be affected by a malfunctioning vCenter.
The third item requires network access to vCenter.
Here too, follow security best-practices! Create multiple security zone's (separated networks) to allow only required devices from connecting to your vulnerable management interfaces. Keep production and management as separated as possible and these issues have far less impact than they would have in non-segmented networks.
-
- Novice
- Posts: 7
- Liked: 3 times
- Joined: May 23, 2018 6:35 pm
- Full Name: Ed Ellks
- Contact:
-
- Chief Product Officer
- Posts: 31968
- Liked: 7438 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
Update: vSphere 8 U3 testing is nearing its completion and barring any surprises with a few remaining tests, we now plan to declare official compatibility-level U3 support for with the current version 12.1.2. There will however be at least one known issue documented due to a change around vCLS VMs with U3, this will be addressed in version 12.2 for full vSphere 8 U3 support.
We will update this topic once QA gives a green light for 12.1.2
We will update this topic once QA gives a green light for 12.1.2
-
- Enthusiast
- Posts: 26
- Liked: 2 times
- Joined: Oct 09, 2013 2:30 pm
- Full Name: Rick
- Contact:
Re: vCenter 8.0 Update 3 is out. Does this need QA approval?
When is Veeam B&R 12.2 expected to be released?
Who is online
Users browsing this forum: Semrush [Bot] and 32 guests