In case you missed it, VMware released Log Insight 3.3.2 last Thursday. This maintenance release supports some new license keys and addresses some security issues. Read on to learn more!
Two important changes exist in this maintenance release:
- Support for vCenter Server 5.x licenses — As you may recall, a Log Insight for vCenter edition was released with Log Insight 3.3. Per the published FAQ, all vCenter Server 5.x and newer are entitled to Log Insight 3.3 for vCenter or newer. While Log Insight 3.3 accepted vCenter Server 6.x license keys, it did not accept vCenter Server 5.x license keys. Well, now Log Insight does!
- Support for NSX 6.2.2 and newer licenses — As of NSX 6.2.2 and Log Insight 3.3.2, if you own NSX then you get Log Insight for free! This is similar to the Log Insight for vCenter edition, but there are some changes. I will go over the details in a future post.
I mentioned security issues, but if you look over the release notes you will not see any security fixes mentioned. So what security fixes are included?
- Cross-site scripting issue
- Cross-site request forgery issue
These issues are covered in VMSA-2016-0008.
You will notice a variety of known issues listed in the 3.3.2 release notes. These issues are newly reported since Log Insight 3.3.1. While they are newly reported, that does not mean they were found post Log Insight 3.3.1 GA or introduced with Log Insight 3.3.2 GA. In fact, only one issue should you be concerned with:
Export content pack is failing.
Security changes introduced a bug that may cause a failure when exporting a content pack.
This issue is introduced with Log Insight 3.3.2 GA. All other issues were discovered/reported post Log Insight 3.3.1 GA, but none of them are the result of either Log Insight 3.3.1 or 3.3.2 (meaning they have existed in the product for some time — meaning no new risk with upgrading). Long story short, unless you plan to export content packs and need to ensure it works, upgrading to Log Insight 3.3.2 is advised.
Log Insight 3.3.2 is another maintenance release featuring some minor improvements and important security fixes. Only one known new issue should be considered: export content pack may fail. For the most secure installation of Log Insight, it is recommended that all Log Insight users upgrade to Log Insight 3.3.2 (older versions of Log Insight were not patched). Remember, if you are running Log Insight 3.0.x or newer then you can upgrade directly to 3.3.2, if you are running Log Insight 2.5.x you must upgrade to 3.0.x first then 3.3.2, if you are running Log Insight 2.0.x then you must upgrade to 2.5.x then 3.0.x then 3.3.2.
© 2016, Steve Flanders. All rights reserved.