ETS for the Web 2023.3 release notes
Release date: July 25, 2023
Here's what's new in ETS for the Web 2023.3. You can find the applicable system requirements here.
To view release notes, system requirements, and product guide PDFs for supported versions of ETS for the Web, see ETS for the Web previous versions. To view release notes for multiple versions
ETS for the Web runs on the SolarWinds Platform (self-hosted). ETS for the Web release notes include the updates from the SolarWinds Platform (self-hosted).
New features and improvements in ETS for the Web
Compatibility improved with the SolarWinds Platform
This release is a compatibility update for Engineer's Toolset for the Web. Engineer's Toolset for the Web is part of the SolarWinds Platform and can be used alongside other SolarWinds Platform products. This release improves compatibility with newer versions of the SolarWinds Platform.
New features and improvements in SolarWinds Platform
Configuration Wizard improvements
-
IIS Centralized Certificate Store can be used for the website in the Configuration Wizard.
-
Advanced Option in the Configuration Wizard can be used to change the database connection string only, without the need to perform all other tasks typically executed by the Configuration Wizard.
AlertStack updates
-
AlertStack cluster lifetime introduced to automatically close alert stacks after 7 days.
Map updates
-
WorldWide map updates: modifiable WorldWide Map API key support.
-
Intelligent Maps updates: support for displaying the Intelligent Map on group details view dynamically, based on the group name variable.
Additional updates
-
Support for OpenSSL 3.0
Fixed CVEs
At SolarWinds, we prioritize the swift resolution of CVEs to ensure the security and integrity of our software. In this release, we have successfully addressed the following CVEs.
SolarWinds CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
| CVE-ID | Vulnerability Title | Description | Severity | Credit |
|---|---|---|---|---|
| CVE-2023-23844 | SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability | The SolarWinds Platform was found to be susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | 6.8 Medium | Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative |
| CVE-2023-33225 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability | The SolarWinds Platform was found to be susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | 6.8 Medium | Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative |
| CVE-2023-33224 | SolarWinds Platform Incorrect Behavior Order Vulnerability | The SolarWinds Platform was found to be susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | 6.8 Medium | Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative |
| CVE-2023-23843 | SolarWinds Platform Incorrect Comparison Vulnerability | The SolarWinds Platform was found to be susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | 6.8 Medium | Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative |
| CVE-2023-33229 | SolarWinds Platform Incorrect Input Neutralization Vulnerability | The SolarWinds Platform was found to be susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. | 3.1 Low | Juampa Rodriguez (@UnD3sc0n0c1d0) |
| CVE-2023-3622 | SolarWinds Platform Access Control Bypass Vulnerability | An Access Control Bypass Vulnerability exists in the SolarWinds Platform that, if exploited, could allow an underprivileged user to read an arbitrary resource. | 4.6 Medium | Alex Shepard |
Third-party CVEs
| CVE-ID | Vulnerability title | Description | Severity |
|---|---|---|---|
| CVE-2022-37434 | Heap-Based Buffer Over-Read or Buffer Overflow Vulnerability | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | Critical |
| CVE-2012-6708 | Cross-Site Scripting Vulnerability | jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the ' | Medium |
| CVE-2020-11022 | DOM Manipulation Vulnerability | In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0 | Medium |
| CVE-2020-11023 | DOM Manipulation Vulnerability | In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing option elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
Medium |
| CVE-2015-9251 | Cross-Site Scripting Vulnerability | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | Medium |
| CVE-2019-11358 | Unsanitized Input Vulnerability | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | Medium |
| CVE-2020-7656 | Cross-Site Scripting Vulnerability | jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "script" HTML tags that contain a whitespace character, i.e: "/script ", which results in the enclosed script logic to be executed. |
High |
Fixed customer issues
| Case number | Description | Platform product |
|---|---|---|
| 1200338, 1263383, 1305295, 1307270, 1354496, 1355266, 1373795, 1374238, 1379084, 1381609, 1383437 | Issues with loading Network Atlas maps in the web console were addressed. | Platform |
| 1278785 | Issues caused by missing services and SolarWinds Platform Service Manager failing on start when upgrading Log Analyzer with a free poller to 2023.3 were addressed. | Platform |
| 1415824 | A confusing error message on setting user role was adjusted. | Platform |
| 1437102 | Upgrade issues caused by the failure to build the database schema were addressed. | Platform |
| 1236510 | The database maintenance issue caused by polling an incorrect timestamp (0001-01-01) was addressed. | Platform |
| 1206895, 1213216, 1228661, 1231060, 1234575, 1234670, 1235242, 1239208, 1241208, 1271813, 1282152, 1288735, 1290325, 1290754, 1290883, 1291507, 1292321, 1293909, 1299530 | Database maintenance issues related to the API poller were addressed. | Platform |
| 1203621, 1225932, 1231060, 1234310, 1234575, 1239208, 1241208, 1251663, 1257671, 1261935, 1267157, 1271813, 1273531, 1274199, 1287906, 1288331, 1289617, 1290325, 1290754, 1291507, 1292321, 1292799, 1293152, 1293909, 1298525, 1303754, 1309937, 1322526, 1330977 | Database maintenance issues related to CMAN_containers were addressed. | Platform |
| 1365088 | The issue where the Database maintenance: Retention interval settings not specified error occurred in logs was addressed. | Platform |
| 1354102, 1356136 | The issue where a Cloud Connected icon was displayed for customers without a SolarWinds Observability Self-Hosted license was addressed. The icon no longer appears for non-SolarWinds Observability Self-Hosted customers. | Platform |
| 1315625, 1329526, 1336784, 1352371, 1358723, 1359224, 1361585, 1361714, 1362242, 1362623, 1369852, 1372298, 1380810, 1384965, 1387788, 1387869 | The issue where the JobEngine was unable to submit a job after some time was addressed. | Platform |
| 1293506 | The issue where missing free poller licenses caused the Syslog and Traps services to shutdown automatically was addressed. | Platform |
| 1202531, 1247388, 1281162, 1305768 | Issues with the database upgrade in the Configuration Wizard were addressed. | Platform |
| 1271994, 1275876, 1286508, 1294838, 1299411, 1300047, 1304414, 1306968, 1315810, 1316267, 1319417, 1327780, 1328324, 1328441, 1332954, 1337486, 1337686, 1338228, 1348951, 1353130, 1353219, 1353694, 1359474, 1366344, 1367866, 1378873 | The issue where unsuccessful login attempts generated by the SolarWinds Platform occurred on the SQL Server was addressed. | Platform |
| 1372599 | The issue with changing Microsoft EWS API endpoint was addressed. | Platform |
| 1360566 | The issue where status-only ICMP nodes are counted against the license when assigned to an additional polling engine while using a Hybrid Cloud Observability license was addressed. | Platform |
| 1355720 | The issue where values for entities monitored by the API poller were not displayed on the SolarWinds Platform widget was addressed. | Platform |
| 1315625, 1336784, 1337676, 1358723, 1359224, 1362623, 1372298 | The issue where JobEngine was unable to submit a job which resulted in polling issues was addressed. | Platform |
| 1353784 | The issue where database maintenance failed when removing temporary system files was addressed. | Platform |
| 1327342 | An issue with muting/unmuting alerts on the Node Management page were addressed. | Platform |
| 1351829 | The issue where the Centralized Upgrade didn’t prompt users to upgrade scalability engines was addressed. | Platform |
| 1306932 | Issues with custom properties on SolarWinds Platform deployed in US English but displayed in a browser with different language settings were addressed. Issues included custom properties for worldwide maps not displayed, inability to edit datetime custom properties, or inability to add or edit custom properties with decimal point values. |
Platform |
| 1334416, 1350577, 1351585 | The issue where alerts using the create ServiceNow incident did not fill in the Assigned To field was addressed. | Platform |
| 1333444, 1334126, 1349746, 1358156 | The issue where RabbitMQ failed during the upgrade to 2023.2 due to an %%2 error was addressed. | Platform |
| 1307772 | The issue where groups were hidden if they were added to a map was addressed. | Platform |
| 1317479 | The issue with default operating system proxy settings not applied was addressed. | Platform |
| 1247339, 1269949, 1314666, 1329373, 1351993, 1364314 | The issue with JobEngine not starting after the system restart was addressed. | Platform |
| 1312232 | The issue where the Edit option in the Custom Property Manager was visible for accounts without administrator privileges was addressed. | Platform |
| 1197599, 1259651 | The issue with upgrading the SolarWinds Platform when the deployment used an Azure SQL database was addressed. | Platform |
| 1237057 | Performance degradation issues caused by a large number of SSH sessions were addressed. | Platform |
| 1287338 | Issues with creating nested groups were addressed. | Platform |
| 1232188, 1267357 | The issue with the "Reference not supported in this version error of SQL Server" messages on Azure SQL was addressed. | Platform |
| 1237618 | The issue with the Insert Variable button not working when you configure an action that should create a new ServiceNow incident and change the ServiceNow instance was addressed. | Platform |
| 824321, 1109050, 1226319, 1293208 | The issue with invoking the GetScheduledListResourcesStatus verb initiated from an additional polling engine was addressed. | Platform |
| 1265116 | User interface issues on a pop-up for selecting properties when creating a ServiceNow action were addressed. | Platform |
| 1286407 | Issues with objects on SolarWinds Platform Maps that are outside of the visible grid were addressed. | Platform |
| 932494 | The issue where the edit option for editing a custom property value is blocked because two additional properties are selected automatically was addressed. | Platform |
| 766327, 942393 | The issue where you could not remove unused custom properties was addressed. | Platform |
Installation or upgrade
For information about installing Engineer's Toolset, see the ETS Installation Guide. After installation, use the ETS Getting Started Guide to get started fast.
Use the SolarWinds Orion Installer to upgrade ETS for the Web and your entire Orion deployment (all Orion Platform products and any scalability engines).
If you are upgrading from ETS for the Web 2019.2 or later, you can upgrade your entire Orion deployment from the My Orion Deployment page in the Orion Web Console. Downloading the Orion Installer is no longer necessary.
For new installations, you can download the installation file from the product page on https://www.solarwinds.com or from the Customer Portal. For more information, see Get the installer.
For upgrades, including options to pre-stage the installation files, go to Settings > My Deployment to initiate the upgrade. The SolarWinds Installer upgrades your entire deployment (all SolarWinds Platform products and any scalability engines).
For more information, see the SolarWinds Platform Product Installation and Upgrade Guide.
You must be on version 2020.2.1 or later to upgrade to the current version. If you are on 2020.2 or earlier, first upgrade to 2020.2.6 and then upgrade to the current version.
Before you upgrade!
-
Make sure the database user you use to connect to your SQL Server has the db create privilege. Without this privilege, the upgrade will not complete.
-
The legacy syslog and traps functionality has been retired and replaced with new functionality called SolarWinds Log Viewer, which can be upgraded to Log Analyzer for additional capabilities. Current rules and history will automatically be migrated to the new logging functionality (SolarWinds Log Viewer or Log Analyzer). The functionality of SolarWinds Log Viewer and Log Analyzer has been improved to more closely match legacy functionality.
If you built syslog and trap alerts using custom SQL queries, they will not function after upgrading to 2022.3 or later. SolarWinds recommends you rewrite the alerts using SWQL (
Orion.OLM entities) or using the alerting functionality built into Log Viewer/Log Analyzer. -
Some upgrade situations from the Orion Platform to the SolarWinds Platform are not supported and the installer will stop the upgrade automatically.
- If you have a SQL Server older than 2016.
- If you have an Orion Platform product version 2020.2.1 or earlier.
DPAIM
DPAIM can be installed in either of the following ways:
-
With SolarWinds SAM
DPAIM is automatically installed with SolarWinds SAM. If you have SAM, all you have to do is set up the integration module.
To install SAM, use the SolarWinds Platform Installer.
-
Standalone (SAM not required)
If you do not plan to install SAM, download and run the SolarWinds Platform Installer to install DPAIM as a separate product. You can install DPAIM alone, or you can install DPAIM with other SolarWinds Platform products, such as SolarWinds SRM.
After you install DPAIM, you must set up the DPA Integration Module.
Known issues
Last updated: November 1, 2023
Agent stops polling after a failover in an HA pool
In some cases, the agent configuration file SolarWinds.Agent.Service.exe.cfg can become corrupted after a failover in a SolarWinds High Availability (HA) pool. The corrupted configuration file is populated with host names or IP addresses of nodes that are not in the HA pool. If this happens, the agent stops polling and the agent status is reported as unknown.
Resolution or workaround: Complete the following steps to correct or avoid this issue.
Back up the SolarWinds.AgentManagement.ServiceCore.dll.config file before you make changes.
-
Open the SolarWinds.AgentManagement.ServiceCore.dll.config file in a text editor. By default, the location is:
C:\Program Files\SolarWinds\Orion\SolarWinds.AgentManagement.ServiceCore.dll.configor
C:\Program Files (x86)\SolarWinds\Orion\SolarWinds.AgentManagement.ServiceCore.dll.config -
Add the following attribute to the
<agentManagementServiceConfiguration>section:sendToAgentJustIPAdressesWhichBelongsToTheSameHAPool="true"For example:
<agentManagementServiceConfiguration messagingPort="17778" sendToAgentJustIPAdressesWhichBelongsToTheSameHAPool="true" /> -
Save the file.
-
Restart the SolarWinds Services.
Database login fails for Windows accounts after the upgrade
When you use Windows authentication to connect to the HCO database and the database SQL server, you can find Database: Login failed for user 'DOMAIN\MACHINENAME$' in the Website log. This can cause intermittent user logouts from the SolarWinds Web Console.
Resolution or workaround: Change the database account. See Database login failing for Windows account users after upgrading to 2023.1 and above.
Changes to the SolarWinds Platform database
The implementation of time series widgets required changes to the SolarWinds Platform database. If you have custom reports or alerts that query the database, they could be affected by these changes.
Resolution or workaround: SolarWinds recommends using API calls instead of database queries to collect data for custom reports and alerts.
Date range is one day behind on Wait Time resources
The date on Wait Time Trends resources is one day behind for environments where the DPA server and SolarWinds Platform server are in different time zones. The affected resources are:
-
All Instances with the Highest Wait Times
-
Instances with the Highest Wait Times
-
Greatest Downward Wait Time Trends
-
Greatest Upward Wait Time Trends
Resolution or workaround: Set the DPA and SolarWinds Platform servers to the same time zone.
DPAIM stops working after failover
If you have High Availability configured, the DPA Integration Module stops working when a failover occurs after you re-integrate with a previously integrated DPA server.
Resolution or workaround: Re-integrate the DPA server.
End of life
| Version | EoL announcement | EoE effective date | EoL effective date |
|---|---|---|---|
| 2020.2.6 | April 18, 2023: End-of-Life (EoL) announcement – Customers on ETS for the Web version 2020.2.6 or earlier should begin transitioning to the latest version of ETS for the Web. | May 18, 2023: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for ETS for the Web version 2020.2.6 or earlier will no longer actively be supported by SolarWinds. | May 18, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for ETS for the Web version 2020.2.6. |
| 2020.2.5 | January 18, 2023: End-of-Life (EoL) announcement – Customers on ETS for the Web version 2020.2.5 or earlier should begin transitioning to the latest version of ETS for the Web. | February 17, 2023: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for ETS for the Web version 2020.2.5 or earlier will no longer actively be supported by SolarWinds. | February 17, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for ETS for the Web version 2020.2.5. |
| 2020.2.4 | October 19, 2022: End-of-Life (EoL) announcement – Customers on ETS for the Web version 2020.2.4 or earlier should begin transitioning to the latest version of ETS for the Web. | November 18, 2022: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for ETS for the Web version 2020.2.4 or earlier will no longer actively be supported by SolarWinds. | November 18, 2023: End-of-Life (EoL) – SolarWinds will no longer provide technical support for ETS for the Web version 2020.2.4. |
| 2020.2.1 | October 19, 2022: End-of-Life (EoL) announcement – Customers on ETS for the Web version 2020.2.1 or earlier should begin transitioning to the latest version of ETS for the Web. | November 18, 2022: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for ETS for the Web version 2020.2.1 or earlier will no longer actively be supported by SolarWinds. | November 18, 2023: End-of-Life (EoL) – SolarWinds will no longer provide technical support for ETS for the Web version 2020.2.1. |
| 2020.2 | October 19, 2022: End-of-Life (EoL) announcement – Customers on ETS for the Web version 2020.2 or earlier should begin transitioning to the latest version of ETS for the Web. | November 18, 2022: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for ETS for the Web version 2020.2 or earlier will no longer actively be supported by SolarWinds. | November 18, 2023: End-of-Life (EoL) – SolarWinds will no longer provide technical support for ETS for the Web version 2020.2. |
| 2019.4 | July 27, 2022: End-of-Life (EoL) announcement – Customers on ETS for the Web version 2019.4 or earlier should begin transitioning to the latest version of ETS for the Web. | August 26, 2022: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for ETS for the Web version 2019.4 or earlier will no longer actively be supported by SolarWinds. | August 26, 2023: End-of-Life (EoL) – SolarWinds will no longer provide technical support for ETS for the Web version 2019.4. |
| 2019.2 | July 27, 2022: End-of-Life (EoL) announcement – Customers on ETS for the Web version 2019.2 or earlier should begin transitioning to the latest version of ETS for the Web. | August 26, 2022: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for ETS for the Web version 2019.2 or earlier will no longer actively be supported by SolarWinds. | August 26, 2023: End-of-Life (EoL) – SolarWinds will no longer provide technical support for ETS for the Web version 2019.2. |
See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier ETS for the Web versions, see ETS for the Web release history.
Deprecation notice
The following platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features.
Port 17778
SWIS REST Endpoint on port 17778 is deprecated as of 2023.1 and will be replaced with port 17774 in a future release. SolarWinds recommends that you start migrating SWIS REST Endpoint to port 17774.
If you are using DPAIM, make sure you are running DPA 2024.2 or later to switch to port 17774. Earlier DPA versions cannot send data to DPAIM on port 17774. See Specify the port DPA uses... for more information.
Starting with 2024.2, you can enable the port in Advanced Configuration by clearing the DisableSwisRestEndpointOnPort17778 option. See Enable/disable the SWIS endpoint port.
Network Atlas
Network Atlas is deprecated as of Orion Platform 2020.2. It is still available and supported in the current release, but will be removed in a future release. Deprecation is an indication that you should avoid expanded use of this feature and formulate a plan to discontinue using the feature. SolarWinds recommends that you start using Intelligent Maps in the SolarWinds Platform Web Console to display maps of physical and logical relationships between entities monitored by the SolarWinds Platform products you have installed.
Starting with 2024.2, you can import Network Atlas maps to Intelligent Maps. See Import maps.
Legal notices
© 2023 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.