Tanzu What’s New – Jan 10, 2025

 “With the new day comes new strength and new thoughts.” —Eleanor Roosevelt
Jan 10 2025

Dear Tanzu Update Readers,
I wish you all a very happy new year, 2025.  Thank you for your readership and support so far.

VMware Tanzu Product Releases
In this section, we will add releases information on Tanzu Platform for Cloud Foundry, Tanzu Platform for Kubernetes, Tanzu Data Services, and Tanzu Spring Essentials Products that are part of Tanzu Platform and Standalone solutions along with its release date and release notes. (Note : Broadcom Support portal requires you to register)
Tanzu Product Downloads  |  KB article on How to Download Products |  Tanzu Product Lifecycle (Select Tanzu Division to find Tanzu product releases)  | Tanzu Product Documentation

Note: VMware Postgres for VMware Tanzu Application Service has been renamed to VMware Tanzu for Postgres on Cloud Foundry.

Product Name	Version	Release Date	Related Links
VMware Tanzu Platform Stemcells (Ubuntu Jammy) Check Release Notes for details	1.628 1.708	2024-12-17 2025-01-06	Release Notes Release Notes
VMware Tanzu Operations Manager Check Release Notes for bug in SAML authentication info and Component versions	3.0.36 +LTS-T	2024-12-31	Release Notes
VMware Tanzu Data Solutions VMware Tanzu for Postgres Tanzu for Postgres on Cloud Foundry was formerly known as VMware Postgres for VMware Tanzu Application Service. Check Release Notes for details	16.6.0 15.10.0 14.15.0 13.18.0	2024-12-21 2024-12-23 2024-12-23 2024-12-23	Release Notes Release Notes Release Notes Release Notes
VMware Tanzu for Postgres on Cloud Foundry Maintenance Release and check Release Notes for details	1.2.2	2024-12-24	Release Notes
VMware Tanzu Greenplum Maintenance Release and check Release Notes for details	7.3.3	2024-12-18	Release Notes
VMware Tanzu for Valkey on Cloud Foundry Previously known as Redis for VMware Tanzu Application Service. Check Release Notes for details	4.0.1	2024-12-20	Release Notes
VMware Tanzu for Valkey on Kubernetes Check Release Notes for details	1.0.0 Beta	2024-12-23	Release Notes
VMware Tanzu RabbitMQ® for Kubernetes Check Release Notes for details	4.0.5	2024-01-06	Release Notes
VMware Tanzu for MySQL on Cloud Foundry Check Release Notes for details	3.3.1	2024-01-07	Release Notes
Other Releases Single Sign-On for VMware Tanzu Single Sign‑On v1.16 is a long-term supported (LTS) version and is supported through April 2026. Check Release Notes for details	1.16.6	2024-12-17	Release Notes

VMware Tanzu Product Security Updates

Within the release notes there may be security or governance specific updates that are worth highlighting.  The Tanzu Security team reviews each release and summarizes security or governance specific highlights found within the release notes. 

Tanzu Security Team Disclaimer:

The summary below is a review of the above product release notes from a security and governance point of view and may not reflect specific security or governance requirements you may require. It also does not include all details from the release notes. Please review the full release notes for release details.

VMware Tanzu Platform

Stemcells (Ubuntu Jammy)

• 1.628
  • USN-7125-1 – RapidJSON – Resolved 1 medium CVE
  • USN-7129-1 – TinyGLTF – Resolved 1 medium CVE
  • USN-7132-1 – PostgreSQL – Resolved 4 medium CVEs
  • USN-7137-1 – recutils  – Resolved 13 low, medium CVEs
  • USN-7142-1 – WebKitGTK – Resolved 2 high CVEs
  • USN-7144-1 – Linux kernel (Intel IoTG)  – Resolved 222 low, medium, high CVEs
  • USN-7146-1 – Dogtag PKI  – Resolved 3 medium CVEs
  • USN-7149-1 – Intel Microcode  – Resolved 5 medium CVEs
  • USN-7162-1 – curl  – Resolved 1 low CVE
• 1.708
  • USN-7174-1 – GStreamer  – Resolved 1 medium CVE
  • USN-7179-1 – Linux kernel – Resolved 14 medium, high CVEs

VMware Tanzu Operations Manager

• Tanzu Operations Manager v3.0.36 introduces a bug in SAML authentication that may lock users out of the Ops Manager GUI. Users who use SAML authentication to log into their Ops Manager are urged to use Ops Manager v3.0.35 or earlier and await a fix for this issue.
• Updated to stemcell 1.628 (See CVE above)
• Bumped versions for: Tanzu Ops Manager, BOSH Director, BOSH DNS, System Metrics, Credhub, Credhub Maestro, UAA, BPM, Azure CPI, Google CPI, vSphere CPI, BOSH CLI, Credihub CLI, BBR CLI.

VMware Tanzu Data Solutions
VMware Tanzu for Postgres (All Versions)

• This release introduces new extensions: set_user, ldap2pg, pgAgent, barman
• PostGIS customers on Postgres versions 10, 11, or 12 can only upgrade to Postgres 16.x after they upgrade their existing Postgres to the latest minor version, and then upgrade PostGIS version to 3.X.
• ​​A dump/restore is not required for those running 16.X.
• Repair ABI break for extensions that work with struct ResultRelInfo 
• The fix for CVE-2024-10978 accidentally caused settings for role to not be applied if they come from non-interactive sources, including previous ALTER {ROLE|DATABASE} commands and the PGOPTIONS environment variable.
• Fix race conditions associated with dropping shared statistics entries – These bugs could lead to loss of statistics data, assertion failures, or “can only drop stats once” errors. (Not in 13.18)

VMware Tanzu for Postgres on Cloud Foundry

• Resolves the ADBR backup issue that occurs when the MySQL tile is already installed in the same foundation where the Postgres tile is installed. This problem was caused by adbrApiUrl being used in both tiles.

VMware Tanzu Greenplum

• VMware Greenplum 7.3.3 is a maintenance release that resolves several issues.
• Resolved: Prevents crashes and double frees when using OpenSSL 3.2 and above.
• Resolves an issue where Greenplum now properly resets the memory context during foreign table scans when errors occur and are caught based on user-configured settings
• Introduce a new GUC, gp_check_page_before_writing_wal, which performs a sanity check on WAL pages before they are written to disk. This mechanism helps ensure that corrupted WAL pages are not written to disk, preventing further damage, especially in mirror systems.
• Resolves a PANIC error that occurred due to an ERROR during interconnect teardown.

VMware Tanzu for Valkey on Cloud Foundry 

• There are no new features for this release.
• Resolved: he problem in which the Valkey service gateway chooses a fixed port and ignores other service tiles, causing HAProxy to have duplicate routes to different service instances is fixed.
• Includes security fixes for:
  • CVE-2024-4923
  • CVE-2024-5078
  • CVE-2024-5670
  • CVE-2024-6232
  • CVE-2024-7592
• Bumped stemcell to 1.651

VMware Tanzu for Valkey on Kubernetes 

• Tanzu for Valkey on Kubernetes does not support deployments that were modified by adding layers to the packaged Docker images, or deployments that reference images other than Tanzu for Valkey on Kubernetes. Tanzu for Valkey on Kubernetes does not support changing the contents of the deployed containers and pods in any way.
• This is the first beta release of Tanzu for Valkey. 
• Supports Valkey v8.0.1 and v7.2.6
• Valkey v7.2.6 has the following vulnerabilities that were addressed in Valkey v8.0.1:
  • CVE-2024-31449 Lua library commands can be exploited by an authenticated user to achieve remote-code-execution.
  • CVE-2024-31227 Denial-of-service because of malformed ACL selectors.
  • CVE-2024-31228 Denial-of-service because of unbounded pattern-matching.

VMware Tanzu RabbitMQ® for Kubernetes

• Tanzu RabbitMQ on Kubernetes v4.0 is the latest major commercial release. Tanzu RabbitMQ on Kubernetes v4.0.5 is its latest patch. It includes the open-source RabbitMQ v4.0.5 package. 
• The Tanzu RabbitMQ on Kubernetes v3.13.6 patch includes open-source RabbitMQ v3.13.6. 
• The default delivery limit is now set to 20 attempts. Previously the limit was not set. Quorum queues kept attempting to deliver a message until the consumer acknowledged the message or discarded it.
• The standby-replication-operator was deprecated and removed from Tanzu RabbitMQ for Kubernetes Carvel PackageRepository.

VMware Tanzu for MySQL on Cloud Foundry

• VMware recommends that you upgrade to the latest patch available for your current minor, and then upgrade to the latest patch available for the next minor.
• Bugfix: Patches MySQL to fix a bug which can lead to increasing memory usage if the audit log plugin is enabled
• Bugfix: Backup process can exit successfully during network failures and when the backup is configured incorrectly in Tanzu Operations Manager
• Bugfix: mysql-diag can run successfully even if the HA cluster is in an unexpected state
• Feature: Improves logging during the backup process
• Feature: Operators can manually set a property to allow upgrades to continue by using cf upgrade-service in cases when the upgrade might result in manifest changes, such as when upgrading a stemcell.
• Upgrades dependencies, resolves CVEs
• Bumped stemcell version to 1.682
• Bumped versions fro: Percona Server, XtraDB cluster, XtraBackup, adbr-release, bpm-release, cf-clie, cf-service-gateway, dedicated-mysql, dedicate-mysql-adaptor, loggregator-agent, mysql-data-backup-restore, on-demand-service-broker, pxc, routing, service-metrics.

Other Releases

Single Sign-On for VMware Tanzu

• Single Sign‑On v1.16 is a long-term supported (LTS) version. Single Sign‑On v1.16 is supported through April 2026.
• Over the life cycle of Single Sign‑On v1.16, VMware releases security patches that occasionally include feature enhancements and maintenance updates.
• Bumped stemcell to 1.16.6
• Bumped dependencies

Check out the troubleshooting Tips and Resolutions on various Tanzu Products. This section is a great resource for you to bookmark and quickly prevent issues before pushing applications to Production.

VMware Tanzu Spring Runtime
Deploy stream fails with error “Could not install AppDeployRequest” – Check the article for resolution.

VMware Tanzu Application Service (TAS)
TAS and Isolation Segment with routing-release 0.259.0 fail to prune stale routes on gorouter – The issue is described in TAS and Isolation Segment release notes: Note: This version of TAS for VMs contains a known issue with Gorouter error handling for backend app requests. Failures that previously returned HTTP Status Codes 496, 499, 503, 525,…. Check the article for details.

CF Push of Windows Stack applications fails with error: “envoy-nginx application: load: cmd run: exit status 3221225785” – TAS-Windows stemcell was recently upgraded. Smoke test errand now fails, and can no longer push windows deployments. Check the article for resolution details.

How to create user and add into sudoers on BOSH instance – By default BOSH will create a user called vcap when it deploys an instance from Stemcell. However, it’s probably required to add some other user to the instance upon creation. Refer the article for more details and steps.

VMware Tanzu Kubernetes Integrated Edition (TKGI)

Orphaned Pod messages in log files – There are several Kubernetes users that have reported similar issues in the past in the Kubernetes upstream project, a common scenario was unexpected reboot of the worker nodes using a volume. Check the article for details.

TKGI tile installation fails due to missing or invalid NSX-T Manager certificate – While installing Pivotal Container Service (PKS) tile if post deploy errands are on for the NSX-T Validation errand. This errand tries to validate your NSX-T configuration and will tag the proper resources.

VMware Tanzu Support Scope
Scope of Support – Application Service Adapter – This document is meant to be a practical guide to help understand what is and is not covered by Tanzu Support for customers using Application Service Adapter for VMware Tanzu Application Platform that are covered by Tanzu Support.

VMware Tanzu Platform

Building AI Apps in 2025: Your Brilliant Ideas Deserve a Genius, Future-Proof Platform (Blog) Camille Crowell-Lee Whether you’re scaling retrieval-augmented generation (RAG), adopting function calling, or exploring agentic architectures, the Tanzu Platform with Tanzu AI Solutions is here to help you adapt and thrive in every stage of your app’s evolution.

It’s OK to ask why AI prototypes are not getting to production (Blog) Jonathan Eyler-Werve Enterprise GenAI prototypes are everywhere. GenAI in production are far fewer. Why? 

VMware Tanzu Platform and Security

NIST 800-53: Understanding the Rosetta Stone of security frameworks (Blog) Rita Manachi & Denee Lake Security leaders and practitioners should prioritize understanding this critical framework and its impact on mitigating risk so they can invest in the right security controls. 

VMware Tanzu CloudHealth

Leadership and Opportunity Highlight Tanzu CloudHealth in 2024 (Blog) TJ March For VMware Tanzu CloudHealth, 2024 was a year of growth and evolution. Take a look at all of the great updates in 2024 and what’s ahead for 2025.

Cloud Foundry Weekly Series  –  Subscribe  | RSS Feed
2024 Performance Review – CF Weekly Episode 40 – (Video) Nicky Pike, Nick Kuhn This week with special guest Cote, we will discuss the top episodes and events in the CloudFoundry/tech ecosystem, set goals, and look forward to upcoming events and episodes in 2025!

Upcoming Events and Webinars sorted in Date order below for your convenience with relevant links and information for you to not miss these key happenings.

Spring Office Hours / Podcasts

S3E43 – Spring Security 6.4 with Rob Winch Join Dan Vega and DaShaun Carter as they welcome Spring Security project lead Rob Winch for an in-depth look at Spring Security 6.4. In this episode, the team explores exciting new features including One-Time Token Login support, Passkeys integration, and significant improvements to OAuth 2.0 and SAML 2.0

A Bootiful Podcast: Dr. Dave Syer on the new and nifty Spring gRPC project In this installment, Dr. Dave Syer talks about the (experimental!) new Spring gRPC project!

Tanzu What’s New Series – Weekly Tanzu digest on Tanzu product Releases, KB Articles, Success Stories, Updates, Blogs, Videos & More – has been moved to a New Home Tanzu Blogs. You can also Subscribe for this weekly update on the official VMWare Tanzu Linked In Newsletter Now!!!!  We now have 11k + subscribers and growing!!
Tanzu Academy – An on-demand, comprehensive learning hub for platform and application operators to become experts at achieving meaningful outcomes with Tanzu products.
Tanzu Fundamentals (Videos)
Tanzu Webinars – New home
Tanzu Blogs – Migration still in progress , some old blogs may not redirect to new home
Spring by VMware Tanzu  Blog – Find all Spring updates, events, podcasts and more  | Spring Office Hours 
Spring Academy – The new Spring Academy Pro FREE is live! Check out the details here
Tanzu Documentation  –  Tanzu Platform | Tanzu Data Solutions | Tanzu Platform Services | Tanzu Spring | Tanzu Standalone Components | Reference Architectures
Tanzu Hands on Labs (HOL) –  Self Paced Labs to try hands on Tanzu Products