NCM 2023.4 release notes
Release date: November 1, 2023
These release notes were last updated on December 14, 2023.
Here's what's new in Network Configuration Manager 2023.4.
Network Configuration Manager runs on the SolarWinds Platform.
Learn more
- See the NCM 2023.4 system requirements.
- For information about working with NCM, see the NCM 2023.4 Administrator Guide.
New features and improvements in NCM
For information about new features and fixes in the SolarWinds Platform, see the SolarWinds Platform 2023.4 Release Notes.
Changes to firmware vulnerability files
The National Institute of Standards and Technology (NIST) no longer provides .zip files for download. NCM 2023.3 and later provides the following replacement files:
- https://downloads.solarwinds.com/solarwinds/data/cve/cve-all.json.zip
- https://downloads.solarwinds.com/solarwinds/data/cve/cpematch.json.zip
NCM maintains these files, and they are updated every night with the latest firmware vulnerability data. The files contain comprehensive firmware vulnerability data. NCM retrieves this data from NIST using their API.
When you upgrade to 2023.3, the specified download links are updated automatically during the upgrade.
In previous versions, NCM included only recently added or updated vulnerability data in the nightly firmware vulnerability download. The nightly download now includes all data. You no longer need to manually add feeds to your HA backup servers.
Credentials required to change default locations
As a security enhancement, NCM requires credentials to be specified in Advanced Settings before you can perform the following actions:
-
Change the default location of the config archive.
-
Change the default location for saving NCM job results.
-
In an Export Configs Job, change the default location or file name for exported configs.
These credentials give NCM write access to desired location. If network credentials are not provided, the fields that define the locations above are read-only, and a message gives you a link to the Advanced Settings page.
See Before you upgrade for information about non-default locations specified in existing deployments.
Fixes
For information about new features and fixes in the SolarWinds Platform, see the SolarWinds Platform 2023.4 Release Notes.
| Case number | Description |
|---|---|
| 01288735 |
In a large, complex environment, network configuration management jobs and inventory jobs run as expected. |
| 01358044 |
Network configuration management jobs no longer make unnecessary APE license checks, which caused the jobs to run slowly. |
| 00837847, 01358148, 01426785 |
Inventory collection was updated to prevent database blocks, which were affecting performance. |
| 01352472 |
If you run a job that saves the results of a policy report to a file, and the file name includes a macro, the macro is parsed correctly and the report's content and formatting are accurate. |
| 01336072 |
When SolarWinds high availability (HA) is deployed, a network configuration search performed after a failover includes all configs. The search is not limited to only the most recently downloaded configs. |
| 01350788 |
A misspelled word in INFO messages in the |
| 01333319 |
The Config Details page shows the downloaded time based on the SolarWinds Platform time zone, not UTC time. |
| 01288735, 01387785 |
When an inventory job retrieves a large Flash Size value, it records the value correctly and no longer returns the following error:
|
| 01395082 |
Real Time Change Notification works as expected when the IP address provided to it is not the primary IP address for the node.* |
*This fix was added after the RC release.
CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
| CVE-ID | Vulnerability Title | Description | Severity | Credit |
|---|---|---|---|---|
| CVE-2023-33228 | SolarWinds Network Configuration Manager Exposure of Sensitive Information Vulnerability | The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information. | 4.5 Medium | Arnaud Cordier (CryptID) |
| CVE-2023-33226 | SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability | The SolarWinds Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability by a low privileged user. | 8.0 High | Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative |
| CVE-2023-33227 | SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability | The SolarWinds Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability by a low privileged user. | 8.0 High | Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative |
Before you upgrade!
Upgrading from any version
During an upgrade, the Configuration Wizard determines if non-default locations have been specified for the config archive, job results, and exported configs. If so, it determines whether the required credentials have been provided. If credentials have not been provided:
-
If a non-default location is specified for the config archive, it is changed back to the default location.
-
If a job is configured to save the results of the job to a non-default location, it is changed back to the default location.
-
If an Export Configs Job is configured to export configs to a non-default location, the job is disabled.
Upgrading from NCM 2023.2.0 or earlier
If you are upgrading from NCM 2023.2.0 or earlier, be aware that NCM 2023.2.1 included a change to real-time change detection (RTCD). The program RTNForwarder.exe is no longer used by RTCD. The Log Viewer (LV) and Log Analyzer (LA) now include a new action that is used instead.
During an upgrade, the installer automatically updates any LV or LA rules that launched RTNForwarder.exe to perform the new action instead. If you have any SolarWinds Platform alerts configured to launch RTNForwarder.exe as an action, that action is disabled.
For details, see the NCM 2023.2.1 Release Notes.
Installation or upgrade
For new installations, you can download the installation file from the product page on https://www.solarwinds.com or from the Customer Portal.
For upgrades, go to Settings > My Deployment to initiate the upgrade. The SolarWinds Installer upgrades your entire deployment (all SolarWinds Platform products and any scalability engines).
For more information, see the SolarWinds Platform Product Installation and Upgrade Guide.
End of life
| Version | EoL announcement | EoE effective date | EoL effective date |
|---|---|---|---|
| 2020.2.6 | April 18, 2023: End-of-Life (EoL) announcement – Customers on NCM 2020.2.6 should begin transitioning to the latest version of NCM. | May 18, 2023: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for NCM 2020.2.6 will no longer be actively supported by SolarWinds. | May 18, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for NCM 2020.2.6 |
| 2020.2.5 | January 18, 2023: End-of-Life (EoL) announcement – Customers on NCM 2020.2.5 should begin transitioning to the latest version of NCM. | February 17, 2023: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for NCM 2020.2.5 will no longer be actively supported by SolarWinds. | February 17, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for NCM 2020.2.5. |
| 2020.2.4 | October 19, 2022: End-of-Life (EoL) announcement – Customers on NCM 2020.2.4 should begin transitioning to the latest version of NCM. | November 18, 2022: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for NCM 2020.2.4 will no longer be actively supported by SolarWinds. | November 18, 2023: End-of-Life (EoL) – SolarWinds will no longer provide technical support for NCM 2020.2.4. |
| 2020.2.1 | October 19, 2022: End-of-Life (EoL) announcement – Customers on NCM 2020.2.1 should begin transitioning to the latest version of NCM. | November 18, 2022: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for NCM 2020.2.1 will no longer be actively supported by SolarWinds. | November 18, 2023: End-of-Life (EoL) – SolarWinds will no longer provide technical support for NCM 2020.2.1. |
| 2020.2 | October 19, 2022: End-of-Life (EoL) announcement – Customers on NCM 2020.2 should begin transitioning to the latest version of NCM. | November 18, 2022: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for NCM 2020.2 will no longer be actively supported by SolarWinds. | November 18, 2023: End-of-Life (EoL) – SolarWinds will no longer provide technical support for NCM 2020.2. |
See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier NCM versions, see NCM release history.
Legal notices
© 2023 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.