12/17/2021 This release has been determined to be impacted by CVE-2021-44228 and CVE-2021-45046. Fixes and workarounds are available to address this vulnerability. For more information, see VMware Security Advisory VMSA-2021-0028.

The 21.08.0.1 patch release provides the following updates:

• Fix for the Workspace ONE Access virtual appliance deployment issue where you cannot use the Setup wizard because of an expired root user password error
• Security improvements and other fixes

Note: VMware Workspace ONE Access 21.08.0.1 is a patch release, resulting in abbreviated release notes. The contents of the VMware Workspace ONE Access 21.08 Release Notes apply to this version as well.

You can upgrade to Workspace ONE Access virtual appliance 21.08.0.1 from the following versions:

• 21.08.0.0
• 20.10.0.1
• 20.10.0.0

You can upgrade or migrate to Workspace ONE Access connector 21.08.0.1 from the same versions as those supported for 21.08.0.0. See the 21.08 release notes for information. Additionally, you can upgrade connector version 21.08.0.0 to version 21.08.0.1.

For installation and upgrade information, see the 21.08 release notes and the 21.08 documentation in the Workspace ONE Access documentation center. During the upgrade, all services are stopped; plan the upgrade with the expected downtime in mind.

• NEW 12/17/2021 HW-149356: Fixed an issue identified by CVE-2021-22056 where a malicious actor with network access would be able to make HTTP requests to arbitrary origins and read the full response. See VMSA-2021-0030 for more information.
• NEW 12/17/2021 HW-148485: Fixed an issue identified by CVE-2021-22057 where a malicious actor who has successfully provided first-factor authentication would be able to obtain second-factor authentication provided by VMware Verify. See VMSA-2021-0030 for more information.
• HW-149137: Fixed issue with Citrix entitlements not being synced for the single group entitlement in Citrix use case
• HW-149144: Fixed the bug that caused removal of groups after saving Virtual Apps collection for Horizon
• HW-149131: Fixed the bug causing availability of "My devices" when UEM is not integrated
• HW-148867: Fixed Citrix sync issue related to categories configured in Workspace ONE Access
• HW-148802: Fixed the issue of expired root user password in the installation wizard
• HW-148489: Fixed issue where group with entitlement was not being removed from sync when admin removed it from the sync profile
• HW-148561: Fixed the bug that caused Citrix resource external launch via Netscaler to fail
• HW-148063: With Workspace One Access Connector with a proxy enabled, unable to proceed if DNS server has http as part of hostname
• HW-146608: Corrected selection of the password text input (autofocus) on the login page
• HW-145621: Connector cannot be installed on non-domain joined machine even when the Kerberos Auth service and Virtual App service are not selected
• HW-147358: Cannot install Virtual App service with 21.08 Connector when FQDN includes underscore (_)
• HW-145664: Fixed the issue with Workspace ONE Access appliance having the '/' file system full due to rsyslog
• HW-149209: Removed the block of the vertx event loop in connection to ElasticSearch
• HW-148713: Resolved Virtual App service issue with false alerts appearing because of different letter case in UPN
• HW-148866: Sync query rate limiter option for slow domain controllers
• HW-149122: Resolved issue with Workspace ONE Access virtual appliance health checks not appearing correctly for the disaster recovery (DR) site

• syslog cannot be configured with the network protocol TCP over TLS

  In the Workspace ONE Access Syslog Configuration page, if you select TCP over TLS for the Network Protocol option, and try to upload a certificate, you cannot proceed.

  Workaround: Use another network protocol to configure syslog servers.