vCenter Server 6.5 Update 3n | FEB 23 2021 | ISO Build 17590285
vCenter Server Appliance 6.5 Update 3n | FEB 23 2021 | ISO Build 17590285

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

The vCenter Server 6.5 Update 3n release includes the following list of new features.

Earlier Releases of vCenter Server 6.5

Features and known issues of vCenter Server are described in the release notes for each release. Release notes for earlier releases of vCenter Server 6.5 are:

For internationalization, compatibility, and installation notices, see the VMware vSphere 6.5 Release Notes.

For more information on vCenter Server supported upgrade and migration paths, please refer to VMware knowledge base article 67077.

Patches Contained in This Release

This release of vCenter Server 6.5 Update 3n delivers the following patches. See the VMware Patch Download Center for more information on downloading patches.

NOTE: vCenter Server 6.5 Update 3n does not provide a security patch to update the JRE component of vCenter Server for Windows and Platform Services Controller for Windows. Instead, you must download the VMware-VIM-all-6.5.0-17590285.iso file from Download Patches on vmware.com.

Full Patch for VMware vCenter Server Appliance 6.5 Update 3n

Product Patch for vCenter Server Appliance 6.5 containing VMware software fixes, security fixes, and Third Party Product fixes (for example: JRE and tcServer).

This patch is applicable to the vCenter Server Appliance and Platform Services Controller Appliance.

For vCenter Server and Platform Services Controller Appliances

Download Filename VMware-vCenter-Server-Appliance-6.5.0.34000-17590285-patch-FP.iso
Build 17590285
Download Size 1715.8 MB
md5sum 22bf2f4eebad06bee58b7ffe4e0e7cad
sha1checksum 8a997ecde2250bce8c95c92e43f7903c4e31d8dd

Download and Installation

You can download this patch by going to the VMware Patch Download Center and selecting VC from the Select a Product drop-down menu.

  1. Attach the VMware-vCenter-Server-Appliance-6.5.0.34000-17590285-patch-FP.iso file to the vCenter Server Appliance CD or DVD drive.
  2. Log in to the appliance shell as root and run the commands given below:
    • To stage the ISO:

      software-packages stage --iso

    • To see the staged content:

      software-packages list --staged

    • To install the staged rpms:

      software-packages install --staged

For more information on patching the vCenter Server Appliance, see Patching the vCenter Server Appliance.

For more information on staging patches, see Stage Patches to vCenter Server Appliance.

For more information on installing patches, see Install vCenter Server Appliance Patches.

For issues resolved in this patch see Resolved Issues.

For Photon OS updates, see VMware vCenter Server Appliance Photon OS Security Patches

For more information on patching using the Appliance Management Interface, see Patching the vCenter Server Appliance by Using the Appliance Management Interface.

Product Support Notices

  • End of support for Internet Explorer
    Internet Explorer is removed as a supported web browser for use with the vSphere Client.
  • VMware Host Client in maintenance mode 
    The VMware Host Client is in maintenance mode until the release of a new client. For more information, see The Future of the ESXi Host Client blog.

Resolved Issues

The resolved issues are grouped as follows.

Security Issues
  • VMware vSphere Client contains a remote code execution vulnerability in a vCenter Server plug-in. A malicious actor might exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21972 to this issue. For more information, see VMware Security Advisory VMSA-2021-0002.

  • VMware vSphere Client contains a Server Side Request Forgery (SSRF) vulnerability due to improper validation of URLs in a vCenter Server plug-in. A malicious actor might exploit this issue by sending a POST request to the vCenter Server plug-in, leading to information disclosure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21973 to this issue. For more information, see VMware Security Advisory VMSA-2021-0002.

  • The Syslog-TLS protocol in your vCenter Server system defaults to TLS1.2 to remove incorrect cipher-block chaining (CBC) padding

    In vCenter Server 6.5 Update 3n, the Syslog-TLS protocol in your vCenter Server system is set to TLS1.2 by default to remove possible incorrect CBC padding.

    This issue is resolved in this release. If you need to reconfigure the TLS settings, you must download the latest version of the TLSReconfigurator tool.

OSS Updates

The following list of Open Source Software (OSS) library updates is applicable to the vCenter Server Appliance. There are no changes to the vSphere Web Client and vSphere Client libraries. Some OSS updates are common to both vCenter Server Appliance and vCenter Server for Windows.

  • Update to the SQLite database

    The SQLite database is updated to version 3.33.0.

  • Update to the Apache Tomcat server

    The Apache Tomcat server is updated to version 8.5.58.

  • Update to cURL

    cURL is updated to 7.72.0.

  • Update of the Jackson package

    The Jackson package is updated to versions 2.10.5.

  • Update to the Spring Framework

    The Spring Framework is updated to version 4.3.29.

  • Update to OpenSSL library

    The OpenSSL library is updated to version openssl-1.0.2w.

Miscellaneous Issues
  • The SNMP agent might intermittently stop responding and you lose system monitoring

    A rare memory leak condition might cause the SNMP agent to stop responding and fail to restart. As a result, you lose system monitoring.

    This issue is resolved in this release.

  • The VMware Platform Services Controller Health Monitor service, pschealth, intermittently fails and restart

    The pschealth service might intermittently fail due to an invalid memory free operation, and restart. You see core.pschealthd.* files in the /storage/core partition.

    This issue is resolved in this release. 

vCenter Server, vSphere Web Client, and vSphere Client Issues
  • Generating a system log bundle in the vSphere Web Client fails with an error

    Attempts to generate more than one system log bundle in a single session in the vSphere Web Client might fail with an error such as Downloading log bundles - Failed - Initiator: null in the Recent Tasks panel. After you log in to your vCenter Server system, the first export operation is successful, but consecutive attempts fail, unless you re-log.

    This issue is resolved in this release.

  • In the vSphere Web Client, you cannot change the log level configuration of the VPXA service after an upgrade of your vCenter Server system

    In the vSphere Web Client, you might not be able to change the log level configuration of the VPXA service on an ESX host due to a missing or invalid Vpx.Vpxa.config.log.level option after an upgrade of your vCenter Server system.

    This issue is resolved in this release. The VPXA service automatically sets a valid value for the Vpx.Vpxa.config.log.level option and exposes it to the vSphere Web Client. 

  • You do not see UEFI options in the Configure tab of vSphere Auto Deploy in the vSphere Client

    vSphere 6.5 supports provisioning of ESXi hosts with UEFI, but you cannot see the options UEFI Secure Boot File Name and UEFI DHCP File Name in the Configure tab of vSphere Auto Deploy in the vSphere Client.

    This issue is resolved in this release. 

  • Removing all snapshots from a virtual machine might cause failure of the vpxd service

    In vCenter Server on Windows with an external Oracle or Microsoft SQL database, the VPX_TEXT_ARRAY table might quickly grow when you remove all snapshots from a virtual machine. The VPX_TEXT_ARRAY table might grow in size, if not cleaned up manually, to an extent that might slow down or completely fail the vpxd service.

    This issue is resolved in this release.

Networking Issues
  • If you refresh ports after virtual machine operations, ports might be renamed

    If you refresh ports by using the command RefreshDVPortState after virtual machine operations, such as cloning, some ports in reserved state might be reset to free and reused by other virtual machines. As a result, virtual machines originally assigned to such ports are disconnected and port names change.

    This issue is resolved in this release.

Storage Issues
  • NEW: You cannot complete a virtual machine migration or cloning by using the Configure per disk option

    When you try to clone or migrate a virtual machine by using the Configure per disk option, you cannot complete the operation because the drop-down menu to select details, such as datastore and disk format, closes too fast.

    This issue is resolved in this release.

Known Issues

The known issues are grouped as follows.

Security Issues
  • Remote HTTPS servers might not send the HTTP Strict-Transport-Security response header (HSTS) on ports 5480 and 5580

    In some environments, remote HTTPS servers running on ports 5480 and 5580 might not return HSTS.

    Workaround: None

Known Issues from Earlier Releases

To view a list of previous known issues, click here.

check-circle-line exclamation-circle-line close-line
Scroll to top icon