Documentation forDatabase Performance Analyzer

DPA 2026.2 release notes

Release date: June 30, 2026

Here's what's new in DPA 2026.2. You can find the applicable system requirements here.

To view release notes, system requirements, and product guide PDFs for supported versions of DPA, see DPA previous versions. To view release notes for multiple versions and multiple SolarWinds Platform products on a single page, see the release notes aggregator.

New features and improvements in DPA

Support for monitoring SAP HANA database instances

SAP HANA is a high-performance, in-memory relational database management system designed for real-time analytics and transaction processing. You can use DPA to monitor the following versions of SAP HANA database instances:

  • SAP HANA Platform and Express Editions, versions 2.0 and higher
  • SAP HANA Cloud versions 2026.2 and higher

DPA supports monitoring both single-container and multi-container SAP HANA architectures. In either case, DPA monitors at the individual container level — one container equals one monitored database.

To monitor SAP HANA database instances, you must have one of the following license types for DPA:

  • Database Self-Hosted (DBSH)
  • Temporary or trial

MariaDB JDBC driver upgrade

Previous versions of DPA used the MySQL Connector/J JDBC driver to connect to MySQL and MariaDB instances. DPA 2026.2 now uses the MariaDB Connector/J 3.5.8 JDBC driver, which supports the SSL protocol. This driver is used to connect to the following types of monitored instances and repository databases:

  • MySQL (self-managed, Amazon RDS for MySQL, Azure Database for MySQL, and Cloud SQL for MySQL)
  • MariaDB (self-managed, Amazon RDS for MariaDB, and Azure Database for MariaDB)
  • Percona

AI Query Assist support for PostgreSQL and MySQL

You can use the AI Query Assist option to send a query and associated plan to a secure enterprise LLM for optimization suggestions. This option is now available for queries running on PostgreSQL and MySQL instances, in addition to SQL Server and Oracle instances.

AI Query Assist is available with a DBSH or trial license.

Alert life cycle key generation

DPA can send alert notifications to multiple channels, including third-party notification services such as PagerDuty and ServiceNow. Each instance of a DPA alert can have multiple status levels (for example, the alert status could change from Medium to High). Some third-party notification services cannot distinguish between an existing alert whose status changed and a new instance of the alert. When a new alert is triggered, the third-party service might reopen an existing ticket instead of opening a new ticket.

To resolve this issue, DPA 2026.2 can now generate a unique life cycle key for every alert instance and include the key with the alert information sent to a third-party service. This key is created when the alert is initially triggered and remains the same as the alert status level changes. If the alert returns to the Normal level and then later the alert is triggered again, a new key is generated.

This feature is disabled by default. To enable the feature, set the advanced configuration option ALERT_KEY_LIFECYCLE_ENABLED to true.

When this feature is enabled, DPA generates a life cycle key for every instance of an alert. The key is included with the alert data sent through Platform Connect to supported third-party services.

Improvements to PostgreSQL alerts

The following PostgreSQL alerts have been updated for improved accuracy, simpler configuration, and additional options.

Alert Improvements
All PostgreSQL alerts that collect data from multiple databases
  • Foreign data wrappers are no longer needed for any PostgreSQL alert. PostgreSQL alerts can now collect data from all databases in the instance without requiring users to configure foreign data wrappers.

  • Alerts that collect data from multiple PostgreSQL databases no longer require users to specify which schemas to collect data from.

PostgreSQL User Role Expiry alert
  • The alert detects expired or expiring roles more accurately.

PostgreSQL Long Running Query and PostgreSQL Long Running Vacuum alerts
  • The alert detects long-running queries or vacuum processes more accurately.

  • The Minimum Query Time and Minimum Vacuum Time parameters have been renamed to Minimum Run Time, and the value is reported in seconds instead of minutes.

  • Database filtering is available.

PostgreSQL Percent Idle in Transaction Connections alert
  • The PostgreSQL Total Idle in Transaction Connections alert has been renamed to PostgreSQL Percent Idle in Transaction Connections. The new name more accurately describes the alert.

  • Database filtering is available.

PostgreSQL Dead Tuples alert
  • Users can specify whether the alert evaluates dead tuples per table or per database. Table-level granularity can help you identify specific tables that are contributing to dead space.

  • Users can specify whether the alert measures the percentage or number of dead tuples.

  • To prevent a high percentage of dead tuples in a small table from triggering this alert, users can specify the minimum number of dead tuples in a table required to trigger the alert.

  • Users can include or exclude specific databases, schemas, and tables.

  • Users can choose to include both user and system tables, or only user tables.

PostgreSQL Last Vacuum and PostgreSQL Last AutoVacuum alerts
  • To prevent a high percentage of dead tuples in a small table from triggering this alert, users can specify the minimum number of dead tuples in a table required to trigger the alert.

  • Users can include or exclude specific databases, schemas, and tables.

  • Users can choose to include both user and system tables, or only user tables.

PostgreSQL Last Analyze and PostgreSQL Last AutoAnalyze alerts
  • To prevent unnecessary table analysis, users can specify the minimum percentage of table rows that must be modified before the alert is triggered.

  • To prevent a high percentage of dead tuples in a small table from triggering this alert, users can specify the minimum number of dead tuples in a table required to trigger the alert.

  • Users can include or exclude specific databases, schemas, and tables.

  • Users can choose to include both user and system tables, or only user tables.

General improvements

  • DPA 2026.2 provides security improvements, including an upgrade to the com.fasterxml.jackson.core:jackson-core component and the Tomcat library.

Fixed CVEs

At SolarWinds, we prioritize the swift resolution of CVEs to ensure the security and integrity of our software. In this release, we have successfully addressed the following CVEs.

SolarWinds CVEs

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

CVE-ID Vulnerability Title Description Severity Credit
CVE-2026-28322 SolarWinds Database Performance Analyzer Stored Cross-Site Scripting Vulnerability SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. 5.6 Medium  

Third-party CVEs

CVE-ID Vulnerability title Description Severity
CVE-2026-34487 Apache Tomcat cloud membership for clustering component exposed the Kubernetes bearer token vulnerability Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue. 7.5 High
CVE-2026-43515 Apache Tomcat improper authorization vulnerability Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 to fix the issue. 9.1 Critical
CVE-2025-53864 Connect2id Nimbus JOSE + JWT denial of service vulnerability Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson. 5.8 Medium
CVE-2025-52999 jackson-core stack-based buffer overflow jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources. 7.5 High

Fixed customer issues

Case number Description
02084069

DPA Central navigation now reliably returns you to the correct Central dashboard when you click the Central link from a remote DPA server, without blank pages, extra logins, or redirects to the local server’s Central view.

02084069 Columns in the My DB Instances or DB Instances in Alarm tables in DPA Central no longer shrink when the page is accessed through the browser's Back button.
02103320 Opening the Tuning tab for a PostgreSQL monitored instance no longer returns an HTTP 422 error.
02129165 The DPA AWS base image has been upgraded from Amazon Linux 2 to Amazon Linux 3 to ensure continued support after Amazon Linux 2 end of life.
02145768 When the DPA database uses the Turkish_CI_AS collation, clicking the Tuning tab no longer returns an internal server error.
02054275 An inconsistency in the database schema between new installations and upgrades has been corrected. This issue prevented the configuration of Platform Connect.
02083941 The size limit on a database column no longer prevents the Top SQL Statements chart from displaying data.

Installation or upgrade

For new installations, you can download the installer from the SolarWinds website or from the Customer Portal. For more information, see the DPA Installation and Upgrade Guide.

For upgrades, use the DPA Installation and Upgrade Guide to help you plan and execute your upgrade. When you are ready, download the upgrade package from the SolarWinds Customer Portal.

Known issues

Custom CA certificates and mass registration of MySQL or MariaDB instances

Using mass registration to attempt to register MySQL or MariaDB instances can fail when the following conditions are met:

  • You are using a custom CA certificate.

  • The SSL property sslMode=verify-ca or sslMode=verify-full is specified.

During mass registration, the certificate keystore URL is not injected into the JDBC connection. The JDBC driver falls back to the JVM cacerts store for trust anchors. If the custom CA certificate is not present in JVM cacerts, the connection fails with the following error:

DatabaseConnectionException: A connection to the database could not be established

This issue does not affect Azure Database for MySQL registrations (because the DigiCert CA certificate is in every JVM cacerts) or Amazon RDS for MySQL registrations (because the Amazon Root CA certificate is pre-loaded). Registrations through the registration wizard are also not affected by this issue.

Resolution or workaround: Before registering the instances, import the custom CA certificate into the JVM cacerts store:

  • If the DPA server runs Linux, run the following command:

    keytool -importcert -noprompt -alias "custom-mysql-ca" -file "/path/to/ca.pem" -keystore "/opt/dpa/iwc/jre/lib/security/cacerts" -storepass changeit
  • If the DPA server runs Windows, run the following command:

    keytool -importcert -noprompt ^
      -alias "custom-mysql-ca" ^
      -file "C:\path\to\ca.pem" ^
      -keystore "C:\Program Files (x86)\SolarWinds\DPA\iwc\jre\lib\security\cacerts" ^
      -storepass changeit

End of life

Version EoL announcement EoE effective date EoL effective date
2024.2 March 10, 2026: End-of-Life (EoL) announcement – Customers on DPA version 2024.2 or earlier should begin transitioning to the latest version of DPA. June 30, 2026: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for DPA version 2024.2 or earlier will no longer actively be supported by SolarWinds. June 30, 2027: End-of-Life (EoL) – SolarWinds will no longer provide technical support for DPA version 2024.2.
2023.4.300 November 18, 2025: End-of-Life (EoL) announcement – Customers on DPA version 2023.4.300 or earlier should begin transitioning to the latest version of DPA. February 18, 2026: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for DPA version 2023.4.300 or earlier will no longer actively be supported by SolarWinds. February 18, 2027: End-of-Life (EoL) – SolarWinds will no longer provide technical support for DPA version 2023.4.300.

See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier DPA versions, see DPA release history.

Legal notices

© 2026 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.