Release date: July 15, 2021
These release notes describe the new features, improvements, and fixed issues in Orion Platform 2020.2.6. They also provide information about upgrades and describe workarounds for known issues.
- For information on latest hotfixes, see Orion Platform Hotfixes.
- For release notes for previous Orion Platform versions, see Previous Version documentation.
- For information about requirements, see Orion Platform 2020.2.6 system requirements.
- For information about working with the Orion Platform, see Orion Platform 2020.2.6 Administrator Guide.
New features and improvements in Orion Platform
Orion Platform 2020.2.6 offers new features and improvements compared to previous releases of Orion Platform.
Orion Account Improvements
Improved password policy
Starting with Orion Platform 2020.2.6, passwords for Orion individual accounts must use at least eight characters, combine lowercase, uppercase, numeric and special characters. SolarWinds recommends that you don't use dictionary words and don't substitute numbers for letter.Orion Platform 2020.2.6 includes updated password policies that impact individual Orion accounts. After you upgrade to 2020.2.6, all passwords for individual Orion accounts will expire in 30 days.
Guest account was removed.
Lock out users for repeated failed login attempts
If a user attempts to log in to the Orion Web Console and fails repeatedly, the account is locked out for 15 minutes (default).
- New options for Syslog forwarding: you can use Syslog hostname field and original address field to forward messages to a different computer.
- The trap forwarding action was redesigned, using the Trap OID address to modify the incoming trap message and add the OID of the original sender address to trap varbindings.
- You can now export and import custom rules in the Log Viewer.
- If you are using the legacy Syslog and Traps function, note that it will be removed and replaced by Orion Log Viewer in a future release likely to occur in 2022.
- New user interface for custom properties management.
- The web-based Account Limitation Builder application replaced the stand-alone application.
See Orion Platform 2020.2.6 Administrator Guide for details.
New security improvements in Orion Platform
Orion Platform 2020.2.6 offers new security improvements compared to previous releases of Orion Platform.
- Important security fixes
New customer installation
For information about installing Orion Platform, see the SolarWinds Orion Installer.
How to upgrade
If you are upgrading from Orion Platform 2015.1.3 or later, use the SolarWinds Orion Installer to simultaneously upgrade your entire Orion deployment (all Orion Platform products and any scalability engines) to the current versions.
If you are upgrading from Orion Platform 2019.2, you can upgrade your entire Orion deployment from the My Orion Deployment page. Click Settings > My Orion Deployment > Updates & Evaluations. Downloading the Orion Installer is no longer necessary.
If you are upgrading from an earlier Orion Platform version, use this topic to plan and implement an upgrade to the current version of Orion Platform.
Orion Platform 2020.2.6 fixes the following issues.
|803763||The issue where repeated upserts into a SQL table affected maintenance and chart loading was addressed.|
|790842||The issue where the Orion Maps widget crashed because it couldn't connect to SignalR was addressed.|
|810293||An issue with iFrames in Custom HTML widget was addressed.|
|701089, 713893, 716462, 793959, 828038||The issue where web pages disregarded disabled session timeout setting for a user account was addressed.|
|735548||The issue with Orion Agents not updating on AIX servers while the Update Available message was displayed was addressed.|
|794238||The issue with orphaned subscriptions of Orion Maps and their queuing was addressed.|
|802431||The issue where Network Atlas crashed when object status was unrecognizable was addressed.|
|558681, 660122, 709462, 741643, 779066, 781178||An issue with cross-domain login was addressed.|
|616637, 655389, 656431||The ServiceNow integration issue where acknowledging and resetting alert did not work and incidents were not acknowledged or resolved automatically due to SWIS proxy creation issues was addressed.|
|821113||The issue where a DLL was not signed with the latest certificate after the upgrade to 2020.2.5 was addressed.|
|794114 (Investigation)||Crash logs are now included in RabbitMQ diagnostics.|
|669750||The issue where domain members of local Windows groups were not able to log in to the Orion Web Console was addressed.|
|677056, 743278, 762292, 801708, 816694||The issue where disabling the auto-update for Orion Agents didn't work was addressed.|
|793244, 802888, 803945||
The issue where backgrounds and custom images disappeared from newly created Orion Maps after database maintenance was addressed.
|774561, 778018, 781431, 792036, 794642, 807462||The issue where the Web Browse link in Node Details widget stopped working after the upgrade was addressed.|
|740165, 741331, 746153, 759313||The issue where AIX agents stopped working due to a known AIX bug was addressed. See IV90804 in IBM help (© IBM, available at https://www.ibm.com/support/pages/apar/IV90804, obtained on June 21, 2021.)|
|790559||The issue where special characters in SQL/SWQL were not parsed correctly was addressed.|
|485229, 549978, 573982||Autocomplete on Orion Web Console login page was disabled.|
|700063, 718521, 752040, 753655, 754101, 754913, 783169||MSMQ was removed from Collector to improve CPU performance and address security concerns.|
|358491||The issue where muted alerts were triggered after the Orion Platform was moved to a different host was addressed.|
|737936, 739304, 741594, 746912, 748273, 752106, 752858, 774306, 779024||The issue where an Orion Agent process had high CPU utilization was addressed.|
|773932, 774604, 774411, 775362, 777408, 778417, 778929, 779425, 780099, 780600, 780609, 780669, 781498, 782280, 787589, 787602, 790719, 791887, 794095, 803664||The issue where Network Atlas icons were shown as black rectangles was addressed.|
|786911, 799736||The issue where numerous df-Ta processes were running on a Linux agent computer was addressed.|
|803763||ServiceHost does not use Service Directory any more. The removed dependency addresses some Cortex maintenance and graph loading issues.|
|789555||The message for the DigiCert root certificate missing issue was improved.|
|773818, 775698, 778104, 781148, 808690||The issue where bar gauges disappeared from all Top X widgets was addressed.|
|777757||The issue where Configuration wizard failed when upgrading Cortex on deployment with big database tables was addressed.|
|671362||The issue with migrating long running reports in the ReportMigrationTool was addressed.|
|N/A||The Network Discover issues when listing resources on an Orion Agent in the past were addressed.|
|777149||The issue where Node Participation status interrupted changing node status to DOWN was addressed.|
|659388, 684280||Uninstallation process was improved.|
|672431||The issue where links in Orion Maps were broken after the upgrade to 2020.2.5 was addressed. See Broken hyperlinks in Orion Maps...|
|793388||X-AspNetMvc-Version: 5.2 header was removed from server response.|
|568967, 573626, 696449, 700218, 710637, 730592, 795029||Database Maintenance issues when Orion Log Analyzer is installed into the Orion database were addressed.|
|782258, 782277||Menu bar issues after adding a HA Pool were addressed.|
|773967, 777757, 781952||The issue where Configuration wizard failed because the operation ALTER TABLE is not supported for memory-optimized tables with a column store index was addressed.|
|570251||The issue where sensitive information was passed in URL was addressed.|
|743853, 769887||The issue where action properties for reset actions were missing after upgrade was addressed.|
|766921||The issue where SWA services were not restarted in the Configuration wizard was addressed.|
|774533, 775122, 776233, 776870, 777274, 780924, 783391||The issue where Centralized upgrade allows upgrading scalability engines before completing the upgrade on the main polling engine was addressed.|
|642858, 689428, 702577, 705172, 721419, 757405, 764965||Error 500 when accessing Manage Dashboards and Flow Sources Management was addressed.|
|646696||The issue where NFS mounted volume was not shown by List resources on AIX was addressed.|
|751029, 768779||The arithmetic overflow issue during database maintenance was addressed.|
|591058, 594855, 605941||ServiceHost on Orion Agents does not use ServiceDirectory any more, thus addressing CPU and memory issues on Agents.|
|675278||The issue where Custom Chart widget was failing with an internal server error was addressed.|
|733387||The issue where Centralized Upgrade failed because of stopped W3SVC was addressed.|
|601858||Performance of the UriEquals function was improved.|
|638308||The issue where the Orion Web Console is running on port 80 and triggering security scan alerts was addressed.|
|670997||The issue where the Discovery plugin failed to kill JE on an AIX server, thus showing the agent status as Unknown, was addressed.|
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
|CVE-2021-28674||Broken Access Control within node management for groups||An Authenticated Orion Platform user with node management rights can delete nodes for another group||Moderate||Clément Boulder, Enedis|
|CVE-2021-35212||ZDI-CAN-13460: SolarWinds Orion Platform DisableNOCView SQL Injection Privilege Escalation Vulnerability||Trend Micro’s ZDI researchers reported a SQL injection vulnerability. A low privilege user can elevate privileges to Administrator using this vulnerability. Authentication is required to exploit the vulnerability.||High||Anonymous working with Trend Micro Zero Day Initiative|
|CVE-2021-35213||ZDI-CAN-13453: Orion User Setting Improper Access Control Privilege Escalation Vulnerability: Orion Platform 2020.2.5||An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.||High||Anonymous working with Trend Micro Zero Day Initiative|
|CVE-2021-35215||ZDI-CAN-13845: SolarWinds Orion Platform ActionPluginBaseView Deserialization of Untrusted Data RCE Vulnerability: Orion Platform 2020.2.5||Insecure deserialisation leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.||High||Jangggggg working with Trend Micro Zero Day Initiative|
End of support
This version of Orion Platform no longer supports the following platforms and features.
|Legacy Advanced Alert Manager||Starting with Orion Platform 2020.2.6, the deprecated Advanced Alert Manager is no longer available in the Orion Platform. Relevant pages in the Orion Web Console, such as Advanced Alerts Log, were removed.|
|Legacy Orion Report Writer||
Starting with Orion Platform 2020.2.5, the legacy Orion Report Writer is no longer available in the Orion Platform.
Starting with Orion Platform 2019.4, all out-of-the-box reports are web-based.
In Orion Platform 2020.2, the Report Writer is only available in the ReadOnly mode. Migrate your custom reports to the web.
You can no longer add new Report from Orion Report Writer widgets to your views. Existing Orion Report Writer widgets in views will remain in place.
|Account Limitation Builder||The desktop Account Limitation Builder is no longer available in Orion Platform 2020.2.6, it is replaced by the web-based Manage account limitations view. See Create limitations based on custom properties in the Orion Platform.|
© 2021 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.