Documentation forSolarWinds Platform

Orion Platform 2020.2.5 Release Notes

Release date: March 25, 2021

These release notes describe the new features, improvements, and fixed issues in Orion Platform 2020.2.5. They also provide information about upgrades and describe workarounds for known issues.

Learn more

New features and improvements in Orion Platform

Return to top

Orion Platform 2020.2.5 offers new features and improvements compared to previous releases of Orion Platform.

Modern dashboard improvements

New security improvements in Orion Platform

Orion Platform 2020.2.5 offers new security improvements compared to previous releases of Orion Platform.

  • Orion XSS prevention improvements and many related fixes.
  • Communication channel improvements for internal SolarWinds services.
  • DB Manager leverages UAC protection
  • AngularJS has been upgraded to 1.8.0
  • Moment.JS has been upgraded to 2.29.1

New customer installation

Return to top

For information about installing Orion Platform, see the SolarWinds Orion Installer.

How to upgrade

If you are upgrading from Orion Platform 2015.1.3 or later, use the SolarWinds Orion Installer to simultaneously upgrade your entire Orion deployment (all Orion Platform products and any scalability engines) to the current versions.

If you are upgrading from Orion Platform 2019.2, you can upgrade your entire Orion deployment from the My Orion Deployment page. Click Settings > My Orion Deployment > Updates & Evaluations. Downloading the Orion Installer is no longer necessary.

If you are upgrading from an earlier Orion Platform version, use this topic to plan and implement an upgrade to the current version of Orion Platform.

Fixed issues

Return to top

Orion Platform 2020.2.5 fixes the following issues.

Case Number Description
735548 The issue where Orion Agent services on AIX were taking high CPU was addressed.
310671, 361605, 372905, 444161, 549578 To run the Configuration wizard, users need to have DBO specified as the default database schema.
523382, 530307 The issue where redundant spaces in column names were affecting migration to the cloud was addressed.
369002 The issue where unmanaged resource was leaking when not disposing enumerators was addressed.
612417 The issue where memory-optimized file groups used by your Orion SQL on-premise database prevented the migration of the database to Amazon RDS was addressed.
369002 The issue where SWIS was crashing because of unstable SQL connection was addressed.
571645 The issue where nodes kept showing critical CPU even though they were not monitored anymore was addressed.
547771 The location of Apollo logs was unified.
114626, 208005, 25618, 481620, 540680, An issue in alerts with the "less than X objects meet condition" threshold in their definition was addressed.
513022 Azure AD FS is supported by the SAML login feature.
498635 The issue where PerfStack charts did not display in scheduled reports in the HTML format was addressed.
541085 A modern dashboards issue where the Do not show a prefix icon option was accepted was addressed.
262094, 269043, 330129, 365503, 472090, 503972, 534625, 539054, 610968 Issues when changing time frame on PerfStack charts in a custom chart report were addressed.
556526, 557080, 557589, 558717, 566095, 570979, 576587, 588311, 588736, 591058, 635054, 665131 Issues where Orion Agents were using port 5000 were addressed.
471368 Performance issues on systems with more than 20 licenses were addressed.
375228 Polling issues with agents that were not available for a longer period of time were addressed.
691942 Issues when adding or editing alert actions, such as Execute External Program, in Internet Explorer 11 were addressed.
713580, 714118, 714816, 720637 Installation issues caused by revoked or expired certificates were addressed.
716170, 720945, 726532, Missing ServiceNow integration plugin.
686208, 700536 The issue where nodes were down after switching the Orion Agent to another polling engine was addressed.
668771 An i-frame rule issue preventing the Training page under My Dashboards > Home > Training from displaying was addressed.
622479, 651007, 714727 The issue where RabbitMQ stopped working as a result of Mnesia crashing when dumping the log file was addressed.
642858 Logging of plugging collector during plugin loading was improved.
647339 Issues with the diagnostics DatabaseSchemaTask in non-Azure databases were addressed.
647339 Orphaned tools from the Orion installer were removed.
622884, 626642, 650105 SWA response issues after updating Centralized Settings were addressed.
627942 The issue where incorrect versions of packages were installed was addressed.
305045, 558165, 609821 Issues in the database integrity tests in Active Diagnostics were addressed.
687714 The issue where Linux agents were preventing plugin upgrades or uninstallation was addressed.
465850 TLS renegotiation for OpenSSL used by RabbitMQ was disabled.
624245 The timeseries framework version was changed to follow Orion Platform versioning.
309974, 465207, 578326, 565342, 565513, 578326, 594855, 605941, 634984, 643449, 663480 Issues with agent-polled volumes were addressed.
598315 Incorrectly interpreted information in Intelligent Maps links was addressed.
485434, 604462, 616667 Issues with calculating nodes status based on dependencies were addressed.
485434 Missing breadcrumbs issues were addressed.
261205, 279716, 535493, 536636, 566645, 574407, 597108, 608583 Database Maintenance FileCleaner issues were addressed.
553153 The issues where the custom property named Category required the number type to build graphs was addressed.
364302, 381437, 447385, 447385, 539771, 578474, 702037 Validation for retention settings was added to disable incorrect time entries for retention.
535493, 536636 Issues with Active Diagnostics check "Database index fragmentation check" timing out after 30 seconds were addressed.
594516 Issues with offline installer crashing without notification were addressed.
333300, 428652, 515269, 516157, 545826, 655447, 679488 Performance issues when NoteStatusRootCause and NodeStatusRootCauseWithLinks columns were included in a data query were addressed.
643398 The issue where the browser window repeatedly resized modern dashboards multiple times per second was addressed.
573425, 608927 The issue where the SWIS service kept running without providing a WCF endpoint when the database is not available during startup was addressed.
550584, 560316, 577215, 587630, 587883 The issue with connecting to the RabbitMQ Cluster after the upgrade from 2020.2 RC2 to 2020.2 RTM was addressed.
431028, 433875, 547642, 574028, 605434, 642886, 671362, 698338, 705269 The "Error executing SQL: Operand type clash: datetime2 is incompatible with int" in SQL reports was addressed.
596795 The issue where Database Details were failing on a TB database size was addressed.
605050 The issues when variables in the Send a GET or POST request to a Web Server alert action break JSON were addressed.

CVEs

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

CVE-ID Vulnerability Title Description Severity Credit
CVE-2021-3109 Reverse Tabnabbing and Open Redirect A Reverse Tabnabbing and Open Redirect vulnerability was found in the custom menu item options page by a security researcher. This vulnerability requires an Orion administrator account to exploit this. Medium Jhon Jaro
CVE-2020-35856 Stored XSS in Customize view A stored XSS vulnerability was found in the add custom tab within customize view page by a security researcher. This vulnerability requires Orion administrator account to exploit this. High Jhon Jaro
CVE-2021-31474 RCE via Actions and JSON Deserialization A remote code execution vulnerability has been found via the test alert actions. An Orion authenticated user is required to exploit this. Critical chudy working with Trend Micro Zero Day Initiative
CVE-2021-31475 SolarWinds Orion Job Scheduler RCE The vulnerability can be used to achieve authenticated RCE as Administrator. In order to exploit this, an attacker first needs to know the credentials of an unprivileged local account on the Orion Server. High Harrison Neal, ZDI Trend Micro

Known issues

Return to top

718521, 752040, 765220 / After the upgrade, the number of security-related Windows auditing events increases.

Issue: After upgrading to Orion Platform 2020.2.5, you might see an increased number of the following Windows events in logs:

  • 5058(S, F): Key file operation (© 2021 Microsoft, available at https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5058, obtained on April 14, 2021.)

  • 5061(S, F): Cryptographic operation (© 2021 Microsoft, available at https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5061, obtained on April 14, 2021.)

These events are a consequence of code fixes relating to CVE-2021-25274.

Work-around: None

Deprecation notices

Return to top

In Orion Platform 2020.2, the following platforms and features are deprecated.

Deprecated platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features. Customizations applied to a deprecated feature might not be migrated if a new feature replaces the deprecated one.

For information about supported version of SolarWinds products, see Currently supported software versions.

Type Details
Legacy Orion Report Writer

Starting with Orion Platform 2019.4, all out-of-the-box reports are web-based.

In Orion Platform 2020.2, the Report Writer is only available in the ReadOnly mode. Migrate your custom reports to the web.

You can no longer add new Report from Orion Report Writer widgets to your views. Existing Orion Report Writer widgets in views will remain in place.
Network Atlas

Network Atlas is deprecated as of Orion Platform 2020.2. It is still available and supported in the current release, but will be removed in a future release. Deprecation is an indication that you should avoid expanded use of this feature and formulate a plan to discontinue using the feature. SolarWinds recommends that you start using Intelligent Maps in the SolarWinds Platform Web Console to display maps of physical and logical relationships between entities monitored by the SolarWinds Platform products you have installed.

Legal notices

Return to top

© 2021 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.