Translation Notice
Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.
Flex 2.1.2
Abstract
Description
The NetBackup Flex Appliance 2.1.2 update is now available.  
To install the 2.1.2 update, which consists of security patches and functional fixes, the target appliance must be running NetBackup Flex Appliance version 2.1 or 2.1.1. 
Veritas recommends that you install this update to make sure that you have the latest product fixes. See the Flex Appliance Getting Started and Administration Guide version 2.1 for the steps to install the update.
Contents of NBU Flex Appliance 2.1.2 Release
The 2.1.2 update resolves the following issues:
- 
	The Flex Appliance 2.1.2 update includes all the vulnerabilities that were fixed through - 
		Flex 2.1 HF4 hotfix: - 
			Apache Log4j and polkit vulnerabilities. 
 More information is available at: https://www.veritas.com/content/support/en_US/article.100052106
- 
			Spring Framework vulnerability. 
 More information is available at:
 https://www.veritas.com/content/support/en_US/downloads/update.UPD108121
- 
			Spring Boot (CVE-2022-22965) 
 A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
- 
			Enable Isolated Recovery Environment (IRE) Air Gap solution. 
 More information is available at:
 https://www.veritas.com/content/support/en_US/downloads/update.UPD816872
 
- 
			
- 
		Flex 2.1.1 HF1 hotfix: - 
			HotFix to support the new D-series Veritas 2U12 Storage Shelf for Flex 5250 Appliance models with software version 2.1.1 
 
- 
			
 
- 
		
- 
	High criticality security vulnerabilities identified with Spring Framework, Spring Security, jackson-databind, spring-security-oauth, Apache Tomcat, Apache Tomcat Embed, Apache PDFBox, nginx-njs, Spring Data MongoDB, SnakeYAML identified by the following CVEs: 
 CVE-2022-22978, CVE-2022-22976, CVE-2020-36518, CVE-2022-22969, CVE-2022-29885, CVE-2022-34305, CVE-2022-29885, BDSA-2022-1920, CVE-2022-22971, CVE-2022-22968, CVE-2022-22970, CVE-2022-27007, CVE-2022-29369, CVE-2022-27008, CVE-2022-30503, CVE-2022-28049, CVE-2022-29779, CVE-2022-29780, CVE-2022-22980, CVE-2022-25857
- 
	Issues that were identified with updates, the Data Collect logs, and usability through the Flex Appliance Console 
- 
	Customer reported defects: - 
		APPCFT-9957: The S series storage commands output in the Data Collect logs was overwritten during log extraction. 
- 
		APPCFT-10579: Collecting the Data Collect logs on S series storage shelves failed on the Veritas 5350 Appliance. 
- 
		APPCPE-6071: Added the shmcli utility logs to the Data Collect logs on a 5250 appliance. 
- 
		APPSOL-166784, APPSOL-166837: Megaraid references were not cleaned up properly due to an issue with a hardware plug-in. 
- 
		FLEX-4333: A manual attempt to generate a crash dump failed on appliances with RAM greater than 512GB. 
- 
		FLEX-1206: The retention periods of a WORM storage server instance did not match between Flex Appliance and NetBackup. 
- 
		APPCPE-6484: Improved validation of uploaded file names. 
- 
		APPCFT-10763: Update failures occurred when the storage was over provisioned and did not have enough space for the update operations. 
- 
		Fix for 2u12 getstatus logs extraction from DCv2 bundle 
 
- 
		
Note: APPCPE numbers are for Veritas Support reference only.
Applies to the following product releases
Update files
|  | File name | Description | Version | Platform | Size | 
|---|