SolarWinds Platform 2024.1.1 release notes
Release date: April 18, 2024
SolarWinds Platform 2024.1.1 is a service release providing bug and security fixes for release 2024.1. For information about the 2024.1 release, including EOL notices and upgrade information, see SolarWinds Platform 2024.1 Release Notes.
To view all release notes for your SolarWinds Platform products since your current version, see SolarWinds Platform release notes aggregator.
Fixes
Case number | Description |
---|---|
01415696 |
Applying account limitations no longer slows down operations with the Orion.Group entity, causing performance issues in widgets, such as active alerts or maps. |
01373197 |
The issue with inconsistent SNMP information is resolved by updated OIDs. |
01526029, 01526147 |
A memory leak in the |
01562091 |
Hovering over interfaces on an Intelligent Map no longer causes an error to be displayed, similar to:
|
N/A |
If you use Windows Agents with disabled automatic update of Agents and upgrade your deployment to the latest version, Agents no longer stop polling CPU, memory, and disks. |
01051176, 01221567, 01314256, 01546461, 01563438, 01560376, 01564113, 01564143, 01568945, 01576335, 01564113 |
The test to identify mismatches between the SWIS URI System Identifier and the system identifiers in URIs no longer fails. The test has been added back to Active Diagnostics. |
01559272, 01561292, 01563910, 01566566, 01550711, 01560088 |
Intelligent Maps no longer display black objects instead of icons. |
01560597, 01562147, 01567347, 01565729, 01571619, 01571639, 01558789, 01566874, 01561654, 01560265, 01573988, 01571865, 01572094, 01580802, 01564082 |
Object icons on the Active Alerts page are displayed correctly. |
01462551, 01399856 |
During provisioning, the AIX agent no longer queries its DNS server to resolve its IP address in order to send this information to the SolarWinds Platform. |
N/A |
The Map It feature is displayed correctly when you hold the Alt key on an Intelligent Map. |
01570284, 01589174 |
On the modern Manage Nodes page, custom properties can be successfully imported. |
N/A |
Node availability data is no longer displayed incorrectly if a node enters fast poll from the |
01558137, 01573518, 01583277, 01585187, 01585743 |
Installing an additional polling engine no longer fails if the SolarWinds Administration Service (SWA) was updated on the main polling engine, resulting in the message |
CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
CVE-ID | Vulnerability Title | Description | Severity | Credit |
---|---|---|---|---|
CVE-2024-28076 | SolarWinds Platform Arbitrary Open Redirection Vulnerability | The SolarWinds Platform was susceptible to an Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format. | 7.0 High | Nils Putnins working with NATO |
CVE-2024-29000 | SolarWinds Platform Reflected XSS Vulnerability | The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. | 7.9 High | Lidor Levy |
CVE-2024-29001 | SolarWinds Platform SWQL Injection Vulnerability | A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited. | 7.5 High | Jean-Michel Huguet & Arnoldas Radisauskas working with NATO |
CVE-2024-29003 | SolarWinds Platform Cross Site Scripting Vulnerability | The SolarWinds Platform was susceptible to an XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction. | 7.5 High | Jean-Michel Huguet & Arnoldas Radisauskas working with NATO |
Legal notices
© 2024 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.