List of Security Fixes and Improvements in Veeam Backup for Nutanix AHV

This article describes all security-related fixes and improvements introduced in each release or update of Veeam Backup for Nutanix AHV.

This article aims to provide our customers' security and compliance teams with detailed information on security improvements between releases to help them decide whether it is critical to upgrade from their current Veeam Backup for Nutanix AHV version to a later one.

Veeam Backup for Nutanix AHV 5.1

• AHV Proxy OS was upgraded to Ubuntu 22.04
• traverse library was updated to 7.23.2
• tough-cookie was updated to 4.1.3
• System.Linq.Dynamic.Core was updated to 1.3.3
   

Veeam Backup for Nutanix AHV 4a

• Upgraded OpenSSL to version 1.0.2zg
   

Veeam Backup for Nutanix AHV 4

• AHV Proxy OS upgraded to Ubuntu 20.04
• .NET Core updated to version 6
• 3rd party components were updated
• Added brute-force protection to REST API
• Web App configuration has been improved, strict-transport-security header has been added
• SMTP certificate validation added for email notifications
• Newtonsoft.Json library has been updated to version 13.0.1
• Google.Protobuf library has been updated to version 3.21.9
   

Veeam Backup for Nutanix AHV 3

• AHV Proxy OS upgraded to Ubuntu 18.04
• .NET Core updated to version 3.1
   

Veeam Backup for Nutanix AHV 2.1

• AHV Backup Proxy no longer uses the following unsafe TLS ciphers:
  • TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDH_anon_WITH_AES_128_CBC_SHA
  • TLS_ECDH_anon_WITH_AES_256_CBC_SHA
  • TLS_ECDH_anon_WITH_RC4_128_SHA

As we're establishing this new process, we appreciate any feedback on the content or format of this KB article. Please let us know in the corresponding topic on the Veeam Community Forums. If your feedback is too sensitive to be shared publicly, please submit it by opening a support case. We highly appreciate your collaboration!