Documentation forOrion Platform

Orion Platform 2020.2.6 Release Notes

Release date: July 15, 2021

These release notes describe the new features, improvements, and fixed issues in Orion Platform 2020.2.6. They also provide information about upgrades and describe workarounds for known issues.

Learn more

New features and improvements in Orion Platform

Return to top

Orion Platform 2020.2.6 offers new features and improvements compared to previous releases of Orion Platform.

Orion Account Improvements

  • Improved password policy

    Starting with Orion Platform 2020.2.6, passwords for Orion individual accounts must use at least eight characters, combine lowercase, uppercase, numeric and special characters. SolarWinds recommends that you don't use dictionary words and don't substitute numbers for letter.

    Orion Platform 2020.2.6 includes updated password policies that impact individual Orion accounts. After you upgrade to 2020.2.6, all passwords for individual Orion accounts will expire in 30 days.

  • Guest account was removed. For details on changes in service accounts, see Manage Orion Service Accounts.

  • Lock out users for repeated failed login attempts

    If a user attempts to log in to the Orion Web Console and fails repeatedly, the account is locked out for 15 minutes (default). See Unlock user accounts for more details.

Other updates

  • New options for Syslog forwarding: you can use Syslog hostname field and original address field to forward messages to a different computer.
  • The trap forwarding action was redesigned, using the Trap OID address to modify the incoming trap message and add the OID of the original sender address to trap varbindings.
  • You can now export and import custom rules in the Log Viewer.
  • If you are using the legacy Syslog and Traps function, note that it will be removed and replaced by Orion Log Viewer in a future release likely to occur in 2022.
  • New user interface for custom properties management.
  • The web-based Account Limitation Builder application replaced the stand-alone application.
  • See Orion Platform 2020.2.6 Administrator Guide for details.

New security improvements in Orion Platform

Orion Platform 2020.2.6 offers new security improvements compared to previous releases of Orion Platform.

  • Important security fixes

New customer installation

Return to top

For information about installing Orion Platform, see the SolarWinds Orion Installer.

How to upgrade

If you are upgrading from Orion Platform 2015.1.3 or later, use the SolarWinds Orion Installer to simultaneously upgrade your entire Orion deployment (all Orion Platform products and any scalability engines) to the current versions.

If you are upgrading from Orion Platform 2019.2, you can upgrade your entire Orion deployment from the My Orion Deployment page. Click Settings > My Orion Deployment > Updates & Evaluations. Downloading the Orion Installer is no longer necessary.

If you are upgrading from an earlier Orion Platform version, use this topic to plan and implement an upgrade to the current version of Orion Platform.


Fixed issues

Return to top

Orion Platform 2020.2.6 fixes the following issues.

Case Number Description
803763 The issue where repeated upserts into a SQL table affected maintenance and chart loading was addressed.
790842 The issue where the Orion Maps widget crashed because it couldn't connect to SignalR was addressed.
810293 An issue with iFrames in Custom HTML widget was addressed.
701089, 713893, 716462, 793959, 828038 The issue where web pages disregarded disabled session timeout setting for a user account was addressed.
735548 The issue with Orion Agents not updating on AIX servers while the Update Available message was displayed was addressed.
794238 The issue with orphaned subscriptions of Orion Maps and their queuing was addressed.
802431 The issue where Network Atlas crashed when object status was unrecognizable was addressed.
558681, 660122, 709462, 741643, 779066, 781178 An issue with cross-domain login was addressed.
616637, 655389, 656431 The ServiceNow integration issue where acknowledging and resetting alert did not work and incidents were not acknowledged or resolved automatically due to SWIS proxy creation issues was addressed.
821113 The issue where a DLL was not signed with the latest certificate after the upgrade to 2020.2.5 was addressed.
794114 (Investigation) Crash logs are now included in RabbitMQ diagnostics.
669750 The issue where domain members of local Windows groups were not able to log in to the Orion Web Console was addressed.
677056, 743278, 762292, 801708, 816694 The issue where disabling the auto-update for Orion Agents didn't work was addressed.
793244, 802888, 803945

The issue where backgrounds and custom images disappeared from newly created Orion Maps after database maintenance was addressed.

774561, 778018, 781431, 792036, 794642, 807462 The issue where the Web Browse link in Node Details widget stopped working after the upgrade was addressed.
740165, 741331, 746153, 759313 The issue where AIX agents stopped working due to a known AIX bug was addressed. See IV90804 in IBM help (© IBM, available at https://www.ibm.com/support/pages/apar/IV90804, obtained on June 21, 2021.)
790559 The issue where special characters in SQL/SWQL were not parsed correctly was addressed.
485229, 549978, 573982 Autocomplete on Orion Web Console login page was disabled.
700063, 718521, 752040, 753655, 754101, 754913, 783169 MSMQ was removed from Collector to improve CPU performance and address security concerns.
358491 The issue where muted alerts were triggered after the Orion Platform was moved to a different host was addressed.
737936, 739304, 741594, 746912, 748273, 752106, 752858, 774306, 779024 The issue where an Orion Agent process had high CPU utilization was addressed.
773932, 774604, 774411, 775362, 777408, 778417, 778929, 779425, 780099, 780600, 780609, 780669, 781498, 782280, 787589, 787602, 790719, 791887, 794095, 803664 The issue where Network Atlas icons were shown as black rectangles was addressed.
786911, 799736 The issue where numerous df-Ta processes were running on a Linux agent computer was addressed.
803763 ServiceHost does not use Service Directory any more. The removed dependency addresses some Cortex maintenance and graph loading issues.
789555 The message for the DigiCert root certificate missing issue was improved.
773818, 775698, 778104, 781148, 808690 The issue where bar gauges disappeared from all Top X widgets was addressed.
777757 The issue where Configuration wizard failed when upgrading Cortex on deployment with big database tables was addressed.
671362 The issue with migrating long running reports in the ReportMigrationTool was addressed.
N/A The Network Discover issues when listing resources on an Orion Agent in the past were addressed.
777149 The issue where Node Participation status interrupted changing node status to DOWN was addressed.
659388, 684280 Uninstallation process was improved.
672431 The issue where links in Orion Maps were broken after the upgrade to 2020.2.5 was addressed. See Broken hyperlinks in Orion Maps...
793388 X-AspNetMvc-Version: 5.2 header was removed from server response.
568967, 573626, 696449, 700218, 710637, 730592, 795029 Database Maintenance issues when Orion Log Analyzer is installed into the Orion database were addressed.
782258, 782277 Menu bar issues after adding a HA Pool were addressed.
773967, 777757, 781952 The issue where Configuration wizard failed because the operation ALTER TABLE is not supported for memory-optimized tables with a column store index was addressed.
570251 The issue where sensitive information was passed in URL was addressed.
743853, 769887 The issue where action properties for reset actions were missing after upgrade was addressed.
766921 The issue where SWA services were not restarted in the Configuration wizard was addressed.
774533, 775122, 776233, 776870, 777274, 780924, 783391 The issue where Centralized upgrade allows upgrading scalability engines before completing the upgrade on the main polling engine was addressed.
642858, 689428, 702577, 705172, 721419, 757405, 764965 Error 500 when accessing Manage Dashboards and Flow Sources Management was addressed.
646696 The issue where NFS mounted volume was not shown by List resources on AIX was addressed.
751029, 768779 The arithmetic overflow issue during database maintenance was addressed.
591058, 594855, 605941 ServiceHost on Orion Agents does not use ServiceDirectory any more, thus addressing CPU and memory issues on Agents.
675278 The issue where Custom Chart widget was failing with an internal server error was addressed.
733387 The issue where Centralized Upgrade failed because of stopped W3SVC was addressed.
601858 Performance of the UriEquals function was improved.
638308 The issue where the Orion Web Console is running on port 80 and triggering security scan alerts was addressed.
670997 The issue where the Discovery plugin failed to kill JE on an AIX server, thus showing the agent status as Unknown, was addressed.

CVEs

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

CVE-ID Vulnerability Title Description Severity Credit
CVE-2021-28674 Broken Access Control within node management for groups An Authenticated Orion Platform user with node management rights can delete nodes for another group Moderate Clément Boulder, Enedis
CVE-2021-35212 ZDI-CAN-13460: SolarWinds Orion Platform DisableNOCView SQL Injection Privilege Escalation Vulnerability Trend Micro’s ZDI researchers reported a SQL injection vulnerability. A low privilege user can elevate privileges to Administrator using this vulnerability. Authentication is required to exploit the vulnerability. High Anonymous working with Trend Micro Zero Day Initiative
CVE-2021-35213 ZDI-CAN-13453: Orion User Setting Improper Access Control Privilege Escalation Vulnerability: Orion Platform 2020.2.5 An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability. High Anonymous working with Trend Micro Zero Day Initiative
CVE-2021-35215 ZDI-CAN-13845: SolarWinds Orion Platform ActionPluginBaseView Deserialization of Untrusted Data RCE Vulnerability: Orion Platform 2020.2.5 Insecure deserialisation leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability. High Jangggggg working with Trend Micro Zero Day Initiative

End of support

Return to top

This version of Orion Platform no longer supports the following platforms and features.

Type Details
Legacy Advanced Alert Manager Starting with Orion Platform 2020.2.6, the deprecated Advanced Alert Manager is no longer available in the Orion Platform. Relevant pages in the Orion Web Console, such as Advanced Alerts Log, were removed.
Legacy Orion Report Writer

Starting with Orion Platform 2020.2.5, the legacy Orion Report Writer is no longer available in the Orion Platform.

Starting with Orion Platform 2019.4, all out-of-the-box reports are web-based.

In Orion Platform 2020.2, the Report Writer is only available in the ReadOnly mode. Migrate your custom reports to the web.

You can no longer add new Report from Orion Report Writer widgets to your views. Existing Orion Report Writer widgets in views will remain in place.

Account Limitation Builder The desktop Account Limitation Builder is no longer available in Orion Platform 2020.2.6, it is replaced by the web-based Manage account limitations view. See Create limitations based on custom properties in the Orion Platform.

Legal notices

Return to top

© 2021 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.