Security fixes

This topic lists the security fixes in Tanzu Application Platform v1.10 releases.

In this topic:

v1.10.1 Security fixes

This release has the following security fixes, listed by package.

Package Name Vulnerabilities Resolved
application-configuration-service.tanzu.vmware.com
Expand to see the list
base-jammy-stack-lite.buildpacks.tanzu.vmware.com
Expand to see the list
cnrs.tanzu.vmware.com
Expand to see the list
config-server.spring.tanzu.vmware.com
Expand to see the list
crossplane.tanzu.vmware.com
Expand to see the list
managed-resource-controller.apps.tanzu.vmware.com
Expand to see the list
source.component.apps.tanzu.vmware.com
Expand to see the list
supply-chain.apps.tanzu.vmware.com
Expand to see the list

v1.10.0 Security fixes

This release has the following security fixes, listed by package.

Package Name Vulnerabilities Resolved
accelerator.apps.tanzu.vmware.com
Expand to see the list
amr-observer.apps.tanzu.vmware.com
Expand to see the list
apiserver.appliveview.tanzu.vmware.com
Expand to see the list
aws.services.tanzu.vmware.com
Expand to see the list
cartographer.conventions.apps.tanzu.vmware.com
Expand to see the list
cartographer.tanzu.vmware.com
Expand to see the list
cert-manager.tanzu.vmware.com
Expand to see the list
cnrs.tanzu.vmware.com
Expand to see the list
connector.appliveview.tanzu.vmware.com
Expand to see the list
contour.tanzu.vmware.com
Expand to see the list
controller.source.apps.tanzu.vmware.com
Expand to see the list
crossplane.tanzu.vmware.com
Expand to see the list
fluxcd-source-controller.tanzu.vmware.com
Expand to see the list
java-lite.buildpacks.tanzu.vmware.com
Expand to see the list
metadata-store.apps.tanzu.vmware.com
Expand to see the list
nodejs-lite.buildpacks.tanzu.vmware.com
Expand to see the list
ruby-lite.buildpacks.tanzu.vmware.com
Expand to see the list
service-registry.spring.apps.tanzu.vmware.com
Expand to see the list
services-toolkit.tanzu.vmware.com
Expand to see the list
spring-cloud-gateway.tanzu.vmware.com
Expand to see the list
sso.apps.tanzu.vmware.com
Expand to see the list
tap-gui.tanzu.vmware.com
Expand to see the list
trivy.app-scanning.component.apps.tanzu.vmware.com
Expand to see the list
web-servers-lite.buildpacks.tanzu.vmware.com
Expand to see the list

About Linux Kernel CVEs

Kernel level vulnerabilities are regularly identified and patched by Canonical. Tanzu Application Platform releases with available images, which might contain known vulnerabilities. When Canonical makes patched images available, Tanzu Application Platform incorporates these fixed images into future releases.

The kernel runs on your container host VM, not the Tanzu Application Platform container image. Even with a patched Tanzu Application Platform image, the vulnerability is not mitigated until you deploy your containers on a host with a patched OS. An unpatched host OS might be exploitable if the base image is deployed.

check-circle-line exclamation-circle-line close-line
Scroll to top icon