Skip to content

vSphere Integrated Containers Appliance v1.5.2

Compare
Choose a tag to compare
@stuclem stuclem released this 15 Mar 13:12
· 122 commits to master since this release
92ebfaf

What's in the Release Notes

Download

Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic

Open-source vSphere Integrated Containers project download location: https://storage.googleapis.com/vic-product-ova-releases/vic-v1.5.2-7206-92ebfaf5.ova

File size: 2468853760
SHA256 checksum: d200d6d928d22041aac447f1070a7a6f712beb7cf84c4300b9a428ab003cf3ea
SHA1 checksum: 85a1ae2a3a8a19cf1c75f2f44960cbef1028560b
MD5 checksum: 09d355c36b4f7699e8a497c559689e65

This OVA contains the following component versions:

Appliance: https://github.com/vmware/vic-product/archive/v1.5.2.zip
Engine: https://github.com/vmware/vic/archive/v1.5.2.zip
Harbor: https://github.com/goharbor/harbor/archive/v1.7.4.zip
Admiral: https://github.com/vmware/admiral/archive/vic_v1.5.2.zip
Plug-In: https://github.com/vmware/vic-ui/archive/v1.5.2.zip

Installation and Upgrade

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.

Changes

Full list of changes from 1.5.1.

New Features

vSphere Integrated Containers 1.5.2 includes the following new features:

  • New option to set subnet masks on user-defined bridge networks. Read more
  • New option to limit the number of container VMs that a VCH can host. Read more

Enhancements

vSphere Integrated Containers 1.5.2 includes the following enhancements:

  • Setting the client network gateway is optional in the Create VCH wizard. Read more

Resolved Issues

  • Fixes an issue that caused upgrading from 1.5.0 to 1.5.1 to fail.

  • Updates the version of runc in the vSphere Integrated Containers OVA appliance, to address a critical vulnerability that allows specially-crafted containers to gain administrative privileges on the host. The version of runc in the dch-photon image on Docker Hub has also been updated. For more information, see CVE-2019-5736.

    IMPORTANT: vSphere Integrated Containers virtual container host (VCH) endpoint VMs are not vulnerable to the privilege escalation described in CVE-2019-5736. This issue affected the OVA appliance because it uses a standard container engine to run the vSphere Integrated Containers services. The dch-photon image includes a standard Docker Engine. Container VMs that you deploy by using vSphere Integrated Containers VCHs are not vulnerable to the runc vulnerability.

See also the resolved issues for each of the vSphere Integrated Containers components:

Known Issues

vSphere Integrated Containers appliance 1.5.2 has the same known issues as v1.5.1.

View all
  • Appliance upgrade script does not support FQDN addresses for the old appliance #1731
    When you run the script to upgrade the vSphere Integrated Containers appliance, the script prompts you for the FQDN or IP address of the old version of the appliance. However, the script only supports IP addresses for the appliance, and does not support FQDN addresses. You can use FQDN for vCenter Server addresses.

  • Appliance services are not available if accessed through NAT or a reverse proxy. #1172
    The Getting Started page of the appliance includes links to the services running on the appliance. These links are constructed assuming that users connect to the appliance by using its IP or FQDN, and that it is not hidden behind NAT or a reverse proxy.

    Workaround: Add the FDQN by which the appliance identifies itself to the /etc/hosts file of the client machine, pointing to the translated IP address that the client sees.

  • vSphere Client shows warnings when you attempt legitimate operations on the appliance VM. #1184
    If you attempt to perform operations on the appliance VM, for example migrate it, move it to a new folder, or restart it, you see a warning that the the VM is managed by Solution vSphere Integrated Containers-H5Client.

    Workaround: Ignore the warnings and click Yes to proceed with the operation.


See also the known issues for each of the vSphere Integrated Containers components:

Open Source Components

The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers are available in the LICENSE file.