DPA 2023.4.300 release notes
Release date: November 15, 2023
Here's what's new in DPA 2023.4.300. You can find the applicable system requirements here.
To view release notes, system requirements, and product guide PDFs for supported versions of DPA, see DPA previous versions. To view release notes for multiple versions
Attention 2023.4.300 customers
If you are upgrading from DPA 2023.2.100 or earlier, remove the useRelativeRedirects="false" string from the /iwc/tomcat/conf/context.xml file. This string fixed an issue in previous versions of Tomcat. It is no longer needed, and it should be removed for security reasons.
For detailed instructions, see Upgrade DPA on a Linux-based OS.
New features and improvements in DPA
DPA Central performance and scalability
The performance and scalability of the DPA Central interface has been improved in this release. The performance improvements are especially important when a large number of users are concurrently viewing data in DPA Central.
For recommendations for sizing the DPA Central Server, see the system requirements.
In addition, the following changes were made to DPA Central.
Displaying data from unresponsive servers
If data from a DPA server takes more than three seconds to load, DPA Central lists that server as unavailable with the message that it will retry in the next refresh cycle. The data available from other DPA servers is displayed.
Each time the page is refreshed, DPA Central checks the unresponsive server and displays the data if possible.
Updated thread pool settings in DPA Central advanced configuration options
To improve the performance of DPA Central, the default values for the following thread pool settings were changed.
If you have an existing DPA Central deployment that is having performance issues, update these settings to be equal to or greater than the following values. For more information, see Advanced configuration for the DPA Central Server.
| Setting | Current default value | Previous default value |
|---|---|---|
| com.confio.iwc.centralServiceTaskExecutor.corePoolSize | 50 | 20 |
| com.confio.iwc.centralServiceTaskExecutor.maxPoolSize | 150 | 40 |
| com.confio.iwc.centralServiceTaskExecutor.queueCapacity | 5000 | 1000 |
General improvements
- Security improvements.
Fixed CVEs
At SolarWinds, we prioritize the swift resolution of CVEs to ensure the security and integrity of our software. In this release, we have successfully addressed the following CVEs.
Third-party CVEs
| CVE-ID | Vulnerability title | Description | Severity |
|---|---|---|---|
| CVE-2023-46604 | Remote Code Execution Vulnerability | The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue. For more information about how this vulnerability affected SolarWinds products, see Apache ActiveMQ Vulnerability (CVE-2023-46604) in the SolarWinds Trust Center. |
Critical |
| CVE-2023-2976 | Sensitive Data Disclosure Vulnerability | Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows. | Medium |
| CVE-2023-1436 | Denial of Service vulnerability | An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. | Medium |
Fixed customer issues
| Case number | Description |
|---|---|
| 01194778 | If you access DPA with SAML login credentials and then generate a refresh token, you can use that refresh token to access the REST API. |
| 01183265, 01234101, 01472663 | DPA polling no longer times out when monitoring SQL Server Availability Groups (AGs). |
| 01335266 | In an Oracle RAC environment with multiple instances, the RAC Overhead Wait report opens without errors. |
| 01175826 | On the Real Time Sessions page, the Blocking tab is no longer slow to load blocking sessions data for an Oracle database instance. |
| 01353962, 01423350 | Index analysis no longer issues invalid SQL statements that cause parse errors to appear in the log file of the monitored Oracle database. |
| 01393319, 01394715 | The SQL Server Error Log Alert no longer fails in some circumstances, showing a status of Broken and returning the following message:
|
| 01435343 | The Statistics section of the Query Details page displays statistics metrics (such as Executions and Rows Read) for all Sybase instances. |
| 01428536 | The default logging level for AG polling logs is INFO instead of DEBUG. |
| 01435343 | The Statistics section of the Query Details page displays statistics metrics (such as Executions and Rows Read) for all Sybase instances. |
Installation or upgrade
For new installations, you can download the installer from the SolarWinds website or from the Customer Portal. For more information, see the DPA Installation and Upgrade Guide.
For upgrades, use the DPA Installation and Upgrade Guide to help you plan and execute your upgrade. When you are ready, download the upgrade package from the SolarWinds Customer Portal.
Known issues
Alerts on a Db2 server with multiple databases
When you are monitoring a Db2 server with multiple databases, the following alerts do not return data for all databases. Because of a limitation with MON_GET_* functions, these alerts are supported only for connected databases.
- Database Free Space Alert
- Table Space Free Alert
- Transaction log Space
Resolution or Workaround: None.
DPA does not always use the Microsoft JDBC driver by default
When you register a database instance for monitoring, DPA should use the Microsoft JDBC driver by default. However, it uses the jTDS JDBC driver by default if the system.properties file does not contain the following entry:
com.confio.ignite.jdbc.sqlserver.useJtdsDriver=false
This missing configuration is likely to happen on DPA servers where older versions of DPA were initially installed, before DPA began using the Microsoft Driver.
Resolution or Workaround:
Open the system.properties file in a text editor, and determine if it contains the entry above. If not, manually add it and save the file.
PostgreSQL OS CPU utilization not showing data on a Windows installation
When PostgreSQL is installed on a server with a Windows operating system, the O/S CPU Utilization resource metric in DPA does not display any data. It displays the message Chart doesn't have data collected for selected time period.
If PostgreSQL OS CPU utilization data is missing in other environments, make sure the system_stats extension is installed. For instructions, see Register a PostgreSQL database instance and prepare for monitoring.
Resolution or Workaround: None.
Importing an alert definition without the associated database assignment rule
In some situations, the log file shows the status of an imported alert definition as both Imported and Failed. This occurs when the alert definition uses a database assignment rule, but the rule was not imported and did not already exist on the server.
The two statuses indicate that the alert definition was imported, but the attempt to associate the database assignment rule failed.
Resolution or Workaround: When you import an alert definition that uses a database assignment rule, either import the rule or ensure that it already exists on the server.
If you imported an alert definition and the associated rule is missing, you must edit the alert definition to specify the database instances. (You can specify instances by manually selecting them or by applying a rule.)
End of life
Integration with the SolarWinds Platform requires a supported version of the platform.
| Version | EoL announcement | EoE effective date | EoL effective date |
|---|---|---|---|
| 2022.2 | April 18, 2023: End-of-Life (EoL) announcement – Customers on DPA version 2022.2 or earlier should begin transitioning to the latest version of DPA. | August 18, 2023: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for DPA version 2022.2 or earlier will no longer actively be supported by SolarWinds. | April 18, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for DPA version 2022.2. |
| 2022.1 | January 18, 2023: End-of-Life (EoL) announcement – Customers on DPA version 2022.1 or earlier should begin transitioning to the latest version of DPA. | April 18, 2023: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for DPA version 2022.1 or earlier will no longer actively be supported by SolarWinds. | April 18, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for DPA version 2022.1. |
| 2021.3 | October 18, 2022: End-of-Life (EoL) announcement – Customers on DPA version 2021.3 or earlier should begin transitioning to the latest version of DPA. | January 18, 2023: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for DPA version 2021.3 or earlier will no longer actively be supported by SolarWinds. | January 18, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for DPA version 2021.3. |
| 2021.1 | October 18, 2022: End-of-Life (EoL) announcement – Customers on DPA version 2021.1 or earlier should begin transitioning to the latest version of DPA. | January 18, 2023: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for DPA version 2021.1 or earlier will no longer actively be supported by SolarWinds. | January 18, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for DPA version 2021.1. |
| 2020.2 | October 18, 2022: End-of-Life (EoL) announcement – Customers on DPA version 2020.2 or earlier should begin transitioning to the latest version of DPA. | January 18, 2023: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for DPA version 2020.2 or earlier will no longer actively be supported by SolarWinds. | January 18, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for DPA version 2020.2. |
See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier DPA versions, see DPA release history.
Deprecation notice
The following platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features.
DPA server OS
Support for installing DPA on a server with a Windows Server 2012 R2 operating system is being removed.
Legal notices
© 2023 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.