Operational Defect Database
BugZero found this defect 929 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Veeam | kb4236
List of Security Fixes and Improvements in Veeam Backup for Nutanix AHV
Last update date:
1/31/2024
Affected products:
Veeam Backup for Nutanix AHV
Affected releases:
4.0
Fixed releases:
No fixed releases provided.
Description:
Purpose
This article describes all security-related fixes and improvements introduced in each release or update of Veeam Backup for Nutanix AHV. This article aims to provide our customers' security and compliance teams with detailed information on security improvements between releases to help them decide whether it is critical to upgrade from their current Veeam Backup for Nutanix AHV version to a later one.
Security Fixes and Improvements
Veeam Backup for Nutanix AHV 5.1 AHV Proxy OS was upgraded to Ubuntu 22.04 traverse library was updated to 7.23.2 tough-cookie was updated to 4.1.3 System.Linq.Dynamic.Core was updated to 1.3.3 Veeam Backup for Nutanix AHV 4a Upgraded OpenSSL to version 1.0.2zg Veeam Backup for Nutanix AHV 4 AHV Proxy OS upgraded to Ubuntu 20.04 .NET Core updated to version 6 3rd party components were updated Added brute-force protection to REST API Web App configuration has been improved, strict-transport-security header has been added SMTP certificate validation added for email notifications Newtonsoft.Json library has been updated to version 13.0.1 Google.Protobuf library has been updated to version 3.21.9 Veeam Backup for Nutanix AHV 3 AHV Proxy OS upgraded to Ubuntu 18.04 .NET Core updated to version 3.1 Veeam Backup for Nutanix AHV 2.1 AHV Backup Proxy no longer uses the following unsafe TLS ciphers: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA TLS_ECDH_anon_WITH_AES_128_CBC_SHA TLS_ECDH_anon_WITH_AES_256_CBC_SHA TLS_ECDH_anon_WITH_RC4_128_SHA
More Information
As we're establishing this new process, we appreciate any feedback on the content or format of this KB article. Please let us know in the corresponding topic on the Veeam Community Forums. If your feedback is too sensitive to be shared publicly, please submit it by opening a support case. We highly appreciate your collaboration!
