Security fixes

This topic lists the security fixes in Tanzu Application Platform v1.8 releases.

In this topic:

v1.8.7 Security fixes

This release has the following security fixes, listed by component and area.

Package Name Vulnerabilities Resolved
alm-catalog.component.apps.tanzu.vmware.com
Expand to see the list
api-portal.tanzu.vmware.com
Expand to see the list
base-jammy-stack-lite.buildpacks.tanzu.vmware.com
Expand to see the list
external-secrets.apps.tanzu.vmware.com
Expand to see the list
git-writer.component.apps.tanzu.vmware.com
Expand to see the list
java-lite.buildpacks.tanzu.vmware.com
Expand to see the list
java-native-image-lite.buildpacks.tanzu.vmware.com
Expand to see the list
supply-chain-catalog.apps.tanzu.vmware.com
Expand to see the list
web-servers-lite.buildpacks.tanzu.vmware.com
Expand to see the list

v1.8.6 Security fixes

This release has the following security fixes, listed by package.

Package Name Vulnerabilities Resolved
amr-observer.apps.tanzu.vmware.com
Expand to see the list
apis.apps.tanzu.vmware.com
Expand to see the list
application-configuration-service.tanzu.vmware.com
Expand to see the list
aws.services.tanzu.vmware.com
Expand to see the list
base-jammy-stack-lite.buildpacks.tanzu.vmware.com
Expand to see the list
conventions.component.apps.tanzu.vmware.com
Expand to see the list
crossplane.tanzu.vmware.com
Expand to see the list
developer-conventions.tanzu.vmware.com
Expand to see the list
dotnet-core-lite.buildpacks.tanzu.vmware.com
Expand to see the list
git-writer.component.apps.tanzu.vmware.com
Expand to see the list
go-lite.buildpacks.tanzu.vmware.com
Expand to see the list
managed-resource-controller.apps.tanzu.vmware.com
Expand to see the list
metadata-store.apps.tanzu.vmware.com
Expand to see the list
nodejs-lite.buildpacks.tanzu.vmware.com
Expand to see the list
python-lite.buildpacks.tanzu.vmware.com
Expand to see the list
ruby-lite.buildpacks.tanzu.vmware.com
Expand to see the list
service-registry.spring.apps.tanzu.vmware.com
Expand to see the list
source.component.apps.tanzu.vmware.com
Expand to see the list
spring-cloud-gateway.tanzu.vmware.com
Expand to see the list
sso.apps.tanzu.vmware.com
Expand to see the list
supply-chain-catalog.apps.tanzu.vmware.com
Expand to see the list
supply-chain.apps.tanzu.vmware.com
Expand to see the list

v1.8.5 Security fixes

This release has the following security fixes, listed by package.

Package Name Vulnerabilities Resolved
application-configuration-service.tanzu.vmware.com
Expand to see the list
base-jammy-stack-lite.buildpacks.tanzu.vmware.com
Expand to see the list
cert-manager.tanzu.vmware.com
Expand to see the list
cnrs.tanzu.vmware.com
Expand to see the list
crossplane.tanzu.vmware.com
Expand to see the list
dotnet-core-lite.buildpacks.tanzu.vmware.com
Expand to see the list
git-writer.component.apps.tanzu.vmware.com
Expand to see the list
java-lite.buildpacks.tanzu.vmware.com
Expand to see the list
managed-resource-controller.apps.tanzu.vmware.com
Expand to see the list
ootb-templates.tanzu.vmware.com
Expand to see the list
service-registry.spring.apps.tanzu.vmware.com
Expand to see the list
source.component.apps.tanzu.vmware.com
Expand to see the list
sso.apps.tanzu.vmware.com
Expand to see the list
supply-chain-catalog.apps.tanzu.vmware.com
Expand to see the list
supply-chain.apps.tanzu.vmware.com
Expand to see the list

v1.8.4 Security fixes

This release has the following security fixes, listed by package.

Package Name Vulnerabilities Resolved
application-configuration-service.tanzu.vmware.com
Expand to see the list
base-jammy-stack-lite.buildpacks.tanzu.vmware.com
Expand to see the list
cert-manager.tanzu.vmware.com
Expand to see the list
cnrs.tanzu.vmware.com
Expand to see the list
dotnet-core-lite.buildpacks.tanzu.vmware.com
Expand to see the list
git-writer.component.apps.tanzu.vmware.com
Expand to see the list
java-lite.buildpacks.tanzu.vmware.com
Expand to see the list
service-registry.spring.apps.tanzu.vmware.com
Expand to see the list
source.component.apps.tanzu.vmware.com
Expand to see the list
sso.apps.tanzu.vmware.com
Expand to see the list
supply-chain-catalog.apps.tanzu.vmware.com
Expand to see the list
supply-chain.apps.tanzu.vmware.com
Expand to see the list

v1.8.3 Security fixes

This release has the following security fixes, listed by package.

Package Name Vulnerabilities Resolved
alm-catalog.component.apps.tanzu.vmware.com
Expand to see the list
base-jammy-stack-lite.buildpacks.tanzu.vmware.com
Expand to see the list
cert-manager.tanzu.vmware.com
Expand to see the list
conventions.component.apps.tanzu.vmware.com
Expand to see the list
git-writer.component.apps.tanzu.vmware.com
Expand to see the list
managed-resource-controller.apps.tanzu.vmware.com
Expand to see the list
metadata-store.apps.tanzu.vmware.com
Expand to see the list
ootb-templates.tanzu.vmware.com
Expand to see the list
spring-cloud-gateway.tanzu.vmware.com
Expand to see the list
sso.apps.tanzu.vmware.com
Expand to see the list
supply-chain-catalog.apps.tanzu.vmware.com
Expand to see the list
supply-chain.apps.tanzu.vmware.com
Expand to see the list
tap-gui.tanzu.vmware.com
Expand to see the list

v1.8.2 Security fixes

This release has the following security fixes, listed by package.

Package Name Vulnerabilities Resolved
apis.apps.tanzu.vmware.com
Expand to see the list
apiserver.appliveview.tanzu.vmware.com
Expand to see the list
app-scanning.apps.tanzu.vmware.com
Expand to see the list
application-configuration-service.tanzu.vmware.com
Expand to see the list
aws.services.tanzu.vmware.com
Expand to see the list
backend.appliveview.tanzu.vmware.com
Expand to see the list
base-jammy-stack-lite.buildpacks.tanzu.vmware.com
Expand to see the list
carbonblack.scanning.apps.tanzu.vmware.com
Expand to see the list
connector.appliveview.tanzu.vmware.com
Expand to see the list
controller.source.apps.tanzu.vmware.com
Expand to see the list
conventions.appliveview.tanzu.vmware.com
Expand to see the list
conventions.component.apps.tanzu.vmware.com
Expand to see the list
crossplane.tanzu.vmware.com
Expand to see the list
git-writer.component.apps.tanzu.vmware.com
Expand to see the list
go-lite.buildpacks.tanzu.vmware.com
Expand to see the list
grype.scanning.apps.tanzu.vmware.com
Expand to see the list
metadata-store.apps.tanzu.vmware.com
Expand to see the list
ootb-supply-chain-testing-scanning.tanzu.vmware.com
Expand to see the list
ootb-templates.tanzu.vmware.com
Expand to see the list
policy.apps.tanzu.vmware.com
Expand to see the list
service-registry.spring.apps.tanzu.vmware.com
Expand to see the list
snyk.scanning.apps.tanzu.vmware.com
Expand to see the list
source.component.apps.tanzu.vmware.com
Expand to see the list
spring-boot-conventions.tanzu.vmware.com
Expand to see the list
spring-cloud-gateway.tanzu.vmware.com
Expand to see the list
supply-chain-catalog.apps.tanzu.vmware.com
Expand to see the list
tap-gui.tanzu.vmware.com
Expand to see the list
trivy.app-scanning.component.apps.tanzu.vmware.com
Expand to see the list

v1.8.1 Security fixes

This release has the following security fixes, listed by package.

Package Name Vulnerabilities Resolved
alm-catalog.component.apps.tanzu.vmware.com
Expand to see the list
app-scanning.apps.tanzu.vmware.com
Expand to see the list
base-jammy-stack-lite.buildpacks.tanzu.vmware.com
Expand to see the list
carbonblack.scanning.apps.tanzu.vmware.com
Expand to see the list
conventions.component.apps.tanzu.vmware.com
Expand to see the list
git-writer.component.apps.tanzu.vmware.com
Expand to see the list
grype.scanning.apps.tanzu.vmware.com
Expand to see the list
metadata-store.apps.tanzu.vmware.com
Expand to see the list
ruby-lite.buildpacks.tanzu.vmware.com
Expand to see the list
scanning.apps.tanzu.vmware.com
Expand to see the list
snyk.scanning.apps.tanzu.vmware.com
Expand to see the list
source.component.apps.tanzu.vmware.com
Expand to see the list
spring-cloud-gateway.tanzu.vmware.com
Expand to see the list
sso.apps.tanzu.vmware.com
Expand to see the list
supply-chain-catalog.apps.tanzu.vmware.com
Expand to see the list
tap-gui.tanzu.vmware.com
Expand to see the list
trivy.app-scanning.component.apps.tanzu.vmware.com
Expand to see the list

v1.8.0 Security fixes

This release has the following security fixes, listed by package.

Package Name Vulnerabilities Resolved
accelerator.apps.tanzu.vmware.com
Expand to see the list
amr-observer.apps.tanzu.vmware.com
Expand to see the list
api-portal.tanzu.vmware.com
Expand to see the list
apiserver.appliveview.tanzu.vmware.com
Expand to see the list
app-scanning.apps.tanzu.vmware.com
Expand to see the list
aws.services.tanzu.vmware.com
Expand to see the list
backend.appliveview.tanzu.vmware.com
Expand to see the list
buildservice.tanzu.vmware.com
Expand to see the list
carbonblack.scanning.apps.tanzu.vmware.com
Expand to see the list
cnrs.tanzu.vmware.com
Expand to see the list
connector.appliveview.tanzu.vmware.com
Expand to see the list
conventions.appliveview.tanzu.vmware.com
Expand to see the list
crossplane.tanzu.vmware.com
Expand to see the list
developer-conventions.tanzu.vmware.com
Expand to see the list
dotnet-core-lite.buildpacks.tanzu.vmware.com
Expand to see the list
grype.scanning.apps.tanzu.vmware.com
Expand to see the list
java-lite.buildpacks.tanzu.vmware.com
Expand to see the list
java-native-image-lite.buildpacks.tanzu.vmware.com
Expand to see the list
metadata-store.apps.tanzu.vmware.com
Expand to see the list
namespace-provisioner.apps.tanzu.vmware.com
Expand to see the list
nodejs-lite.buildpacks.tanzu.vmware.com
Expand to see the list
ootb-supply-chain-testing-scanning.tanzu.vmware.com
Expand to see the list
ootb-templates.tanzu.vmware.com
Expand to see the list
python-lite.buildpacks.tanzu.vmware.com
Expand to see the list
scanning.apps.tanzu.vmware.com
Expand to see the list
servicebinding.tanzu.vmware.com
Expand to see the list
services-toolkit.tanzu.vmware.com
Expand to see the list
snyk.scanning.apps.tanzu.vmware.com
Expand to see the list
sso.apps.tanzu.vmware.com
Expand to see the list
tap-gui.tanzu.vmware.com
Expand to see the list

About Linux Kernel CVEs

Kernel level vulnerabilities are regularly identified and patched by Canonical. Tanzu Application Platform releases with available images, which might contain known vulnerabilities. When Canonical makes patched images available, Tanzu Application Platform incorporates these fixed images into future releases.

The kernel runs on your container host VM, not the Tanzu Application Platform container image. Even with a patched Tanzu Application Platform image, the vulnerability is not mitigated until you deploy your containers on a host with a patched OS. An unpatched host OS might be exploitable if the base image is deployed.

check-circle-line exclamation-circle-line close-line
Scroll to top icon