Release Information for Veeam Backup & Replication 11a Cumulative Patches

P20240304

Component Upgrades

Third-Party Components

The following components were upgraded to their latest versions for Veeam Backup & Replication, and all Veeam Agents included in the installation package:

• VMware Virtual Disk Development Kit (VDDK) was updated to 7.0.3.4 to address CVE-2023-38545.
• OpenSSL was updated to v1.0.2zi to address CVE-2023-2650.
• liblz4 was updated to v1.9.4 to address CVE-2021-3520.
• zlib was updated to v1.2.13 to address CVE-2022-37434.
• PuTTY was updated to 0.80 to address CVE-2023-48795.

Direct Restore to Cloud

• The images used by Restore to Amazon EC2 for the following OSes have been updated to their latest builds:
  • Microsoft Windows Server 2019
  • Microsoft Windows Server 2022
  • Ubuntu 20.04

Veeam Agent for Linux 5

• Extended supported Linux kernel range to 2.6.32 through 6.6.
• Added support for the following Linux distributions: RHEL 8.9 & 9.3, openSUSE 15.5, SLES 15 SP5, Ubuntu 23.10, and Debian 12.
  

Resolved Issues

General

• A retention processing bug may subsequently lead to a backup job failing with the error:

  Full storage not found
  

• Replication jobs may fail due to the AUX data overflow when processing VMs with large Microsoft SharePoint servers.

Direct Restore to Cloud

• Restore to Google Cloud Platform fails when the default VPC networks are missing.
• Restore to Microsoft Azure may fail due to issues with disk allocation.
• Restore to Microsoft Azure may fail due to a transport agent terminating unexpectedly when restoring from backups on the object storage repository.

Microsoft Hyper-V

• After a SureBackup job is completed, temporarily created VMs remain listed with a "Missing" status within SCVMM.
• In rare circumstances, additional licenses were consumed for the same machine processed by two different backup servers managed by Veeam Backup Enterprise Manager.
• Slow guest credential testing for Hyper-V VMs managed by SCVMM.

Backup Copy

• Backup Copy Jobs operating in periodic copy mode may not release repository task slots, preventing other tasks from starting.
• Backup Copy Jobs operating in immediate copy mode consume excessive resources.

Tape

• An incremental NDMP job run on a small data set may fail with the following error:

  Failed to find NDMP environment variable
  

• A connection drop occurring when a Backup to Tape job is exchanging tapes causes the job to fail with:

  Session key set is null
  

• Backup to Tape jobs may freeze during the backup infrastructure resource allocation step.

Scale-Out Backup Repository (SOBR)

• Enterprise Application Plug-In jobs fail due to inaccurate reporting of free space on SOBR extents.
• Offloading backups from the Capacity to the Archive tier may fail with the following error:

  Target FIB already exists
  

• Capacity Tier rescan fails when multiple copies of the same Plug-in for Microsoft SQL Server backup are present.
• Connections to Amazon Glacier Archive Repositories are not proxied through the assigned gateway server.
• Under certain circumstances, the capacity tier offload task may fail with the following error

  Error: Array dimensions exceeded supported range
  

• The capacity tier offload task gets stuck when attempting to process orphaned backups.
• In rare situations, the immutability of inactive backup chains is erroneously prolonged when it’s no longer needed.
• Under certain circumstances, the backup server may overflow Amazon S3 and S3-compatible object storage with empty metadata files.
• Slow enumeration performance for buckets containing more than 1000 backups.

Security

• Veeam.Backup.ProxyProvider.dll does not pass the Strong Name Validation.
• Backup server vulnerabilities: API Endpoints on port 9393 are accessible by users without any roles assigned on the backup server; DbProviderApi access control issue.
• Veeam Backup Enterprise Manager vulnerabilities: REST API path traversal, access control issues for /api/FailoverPlans/getAll, Content-Security-Policy misconfiguration.

Veeam Cloud Connect

• Jobs to cloud repository may fail with the following error:

  The string universal unique identifier (UUID) is invalid
  

NAS Backup

• The “restore attributes” function does not restore the original attributes when using a NAS backup copy restore point as a source.
• Some Backup I/O Control functionality settings may use more proxy resources than intended.
• Rescanning NetApp Filer with a share name containing the ampersand (&) symbol fails with the following error:

  Unexpected end of file has occurred
  

Storage Integration

• Storage snapshot cloning fails for NimbleOS version 6.1.2.0 and later.
• Backup job from storage snapshots fails with the following error:

  Failed to parse block info XML document
  

VMware Cloud Director

• Poor performance of quota management and resource allocation operations in large multi-tenant environments.
• Under certain circumstances, backup jobs may get stuck at 99% completion.

Veeam Plug-ins for Enterprise Applications

• On AIX systems, Veeam Plug-in for Oracle RMAN erroneously applies network throttling to networks not specified in the global network traffic throttling rules.

Veeam Backup for AWS

• Excessive backup server resource consumption due to Veeam Backup for AWS not terminating Agent.PublicCloud.Satellite processes.

P20230227

• Vulnerability (CVE-2023-27532) in Veeam Backup Service was fixed.
  This vulnerability was reported by Shanigen.

P20220302

• Vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Distribution Service were fixed.
  These vulnerabilities were reported by Nikita Petrov (Positive Technologies).
  
• Vulnerability (CVE-2022-26504) in Veeam.Backup.PSManager was fixed.
• Vulnerability (CVE-2022-26503) in Veeam Agent for Microsoft Windows was fixed.
  This vulnerability was reported by Nikita Petrov (Positive Technologies).

P20211211

• Microsoft Windows 11 and Microsoft Windows 10 21H2 support as guest OS, Hyper-V hosts (as a target for Instant Recovery and SureBackup), for installation of Veeam Backup & Replication components, and for agent-based backup with Veeam Agent for Microsoft Windows 5.0.2 (included in P20211211).
• RHEL/CentOS/Oracle Linux 8.5, Ubuntu 21.10, Fedora 35 distributions are now supported as the guest OS for the installation of Veeam Backup & Replication components and for agent-based backup with Veeam Agent for Linux 5.0.2 (included in  P20211211). The latter also supports Linux kernel up to version 5.16 and no longer requires installing the linux-image-<version>-dbg package on Debian 11.
• Oracle Database 21c support by application-aware processing of image-level backup including redo log backup, by Veeam Plug-in for Oracle RMAN 11.0.101.1264 (included in P20211211) and by Veeam Explorer for Oracle.
• RHEL 8.4 for SAP Solutions and SLES 15 SP3 for SAP Applications support by Veeam Plug-in for SAP HANA.
• VMware Carbon Black compatibility for vSphere VMs processing.
• LTO-9 support. Tape jobs will now identify and display the media calibration process in the Action log and will no longer time out should this process takes longer than 15 minutes.
• Platform: added API extensions enabling Kasten K10 integration and configuration backup/restore for upcoming versions of Veeam Backup for AWS/Azure/GCP; deleting cloud-native backup appliance will no longer delete the corresponding external repositories to facilitate configuration backup restore.
• SOBR Capacity Tier: increased timeout for certain long-running object storage operations (like clean up) to 25 hours; fixed the root causes behind offload failures with “Block not found”, “The INSERT statement conflicted with the FOREIGN KEY constraint” and “No recovery record was found for storage key” errors.
• Tape: fixed NDMP performance regression introduced in 11a; added support for Kasten K10 backups and backup copies to Backup to Tape jobs as well as support for restoring such backups from tape.
• Microsoft Azure: region settings have been moved into the configuration file to allow for enabling Archive Tier functionality there as Microsoft rolls out the Archive Storage class to additional regions.
• Microsoft Hyper-V: the presence of an empty SCVMM tag should no longer cause various issues in the related functionality; VMs from nested HostGroups should no longer be skipped from processing; application-aware processing failures on VMs with a very large number of network adapters.
• VMware Cloud Director: the new plug-in version 11.1.7 adds support for: deployment with a very large number of organizations; LDAP-integrated users with multiple roles; installation side by side with other data protection plug-ins; browsers with the locale set to a language not present in the language picker.
• Veeam Cloud Connect: evacuating backups of a particular tenant should no longer lock the entire SOBR extent preventing other tenants from accessing their backups; encrypted tenant backups should now be correctly unpublished following the restore from Archive Tier; tenants should again be presented with a choice of keeping or removing their replicas when removing cloud hosts.