Security Patch Process to Follow During Upgrade

Security patch HW-137959 is available for the following VMware Identity Manager versions, 3.3.2, 3.3.3, 3.3.4, 3.3.5 and Workspace ONE Access versions 20.01 and 20.10.

If you install the patch on any of these versions, each time you upgrade from a previous version, before you perform the upgrade, you must restore the server.xml file on the server that is being upgraded. After you upgrade, you apply a new security patch HW-137959 on the server.

Process

Before upgrading, restore the server.xml file on the appliance to be upgraded.
Log into the appliance that is being upgraded as the root user and run CMD : mv /opt/vmware/horizon/workspace/conf/server.xml.bk /opt/vmware/horizon/workspace/conf/server.xml
This removes the patch and makes this version ready to upgrade to the newer version.
Upgrade to the virtual appliance. See Upgrading VMware Identity Manager Online.
After you upgrade, you must apply the security patch HW-137959 for that specific upgrade version. See KB article 85254 HW-137959: VMSA-2021-0016 for Workspace ONE Access, VMware Identity Manager (CVE-2021-22002, CVE-2021-22003).