Documentation forSolarWinds Platform

SolarWinds Platform 2024.2.1 release notes

Release date: July 24, 2024

SolarWinds Platform 2024.2.1 is a service release providing bug and security fixes for release 2024.2. For information about the 2024.2 release, including EOL notices and upgrade information, see SolarWinds Platform 2024.2 Release Notes.

Fixes

Case number Description
00375258, 01399031, 01393180, 01427623, 01432854, 01435862, 01454054, 01454252, 01478309, 01585241, 01591091

When a discovery job discovers a set of nodes and some of those nodes are already being monitored, the discovery job does not include currently monitored nodes when it determines if enough licenses are available to monitor the new nodes. When enough licenses are available, discovery no longer fails with the message Import Failed - License Exceeded.

For example, you are licensed to monitor 100 nodes. You are currently monitoring 90. A discovery job discovers 20 nodes, and 10 of those nodes are already being monitored. When determining if enough licenses are available, discovery does not add all 20 discovered nodes to the currently monitored 90. It adds only the 10 unmonitored nodes. Therefore, it determines that enough licenses are available to monitor the new nodes.
00226816, 00277146, 00718167, 00749906, 00759474, 00765442, 00780330, 01203038, 01289256, 01532606, 01597549

A duplication in the WebCommunityStrings table in the SolarWinds Platform database no longer causes nodes to be displayed twice in the SolarWinds Platform Web Console.
01572830

When HA is set up on a BIND DNS server, the TSIG algorithm is configurable and can be selected in the settings.
01678844

When you hover over an object on a map and click Go to Details, the Details view opens on a separate tab instead of within the map widget.
N/A

The Cisco machine types are recognized for the following Cisco models:

  • C8300-1N1S-4T2X
  • C9200CX-12P-2X2G
  • C9200CX-8P-2X2G
  • VG400-4FXS/4FXO
  • VG420-84FXS/6FXO
01608689

When Azure SQL DB is used as the SolarWinds Platform database, importing CVE data no longer fails.
01581113, 01613910

When a map has more than 10 owners, the option to list all owners in the Filters panel works correctly.
01613628, 01670133, 01672562

Attempting to add a node that does not have a SysName no longer fails with the error IP Address Is Already Monitored.

01614548

If you change the authentication method for SNMP v3 credentials while the trap service is running, SNMP v3 traps are no longer discarded with a log message such as:

2024-06-04 06:38:33,311 [50] ERROR SolarWinds.Orion.LogMgmt.TrapServiceImplementation.TrapPacketProcessor - Bad trap packet received from Node with IP xxx.xx.x.x. Error description: User authentication failed (signature of incoming packet could not be verified with the local user credentials).

01678020

The Job Engine efficiently clears old *.result files from the SchedulerResults folder. Having a large numbers of *.result files no longer causes the Job Engine to time out, which prolonged the process and interfered with polling.
01597891

If you are editing a map that was created when links were only straight lines (no bends), selecting a link displays the connection details and does not generate an error.
01521816

When the SolarWinds Platform is deployed behind an SSL offloading load-balancer, relative links work correctly in an Edge browser.
01609918

An empty radio_mac, ip_address, or radio_bssids field no longer causes polling an Aruba Central device to fail.

01591599, 01592062, 01563460, 01583454, 01600162, 01680231, 01686342

Performance Analysis Dashboard (PerfStack) widgets reflect the correct time.

01583231

In NOC view, widgets display data immediately instead of after the first refresh.
01675106

Clicking an object on a map now opens the object as expected.
N/A It is now possible to create a High Availability pool without a virtual IP address and hostname. This can be done through the UI or the SolarWinds Platform SDK.
01689461, 01689549, 01692705, 01722334

An issue that prevented High Availability failovers in certain situations has been fixed.
N/A

When a user attempts to remove an entity through the SDK/API, the API function works correctly and the following generic error message is no longer displayed: 

Object reference not set to an instance of an object.

CVEs

Last updated: July 23, 2024

Third Party CVEs

CVE-ID Vulnerability Title Description Severity
CVE-2024-0727 Broken access control vulnerability Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. 5.5 Medium
CVE-2023-52323 Side Channel Attack Vulnerability PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. 5.9 Medium
CVE-2023-49083 A null pointer reference vulnerability in python-cryptography The cryptography package before 41.0.6 for Python is vulnerable for DoS attack over null pointer dereference 7.5 High
CVE-2023-38325 Cryptography Package Vulnerability The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. 7.5 High
CVE-2023-29483 Broken access control vulnerability eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. 5.9 Medium
CVE-2022-37601 Prototype pollution vulnerability in webpack js loader The webpack.js prior to version 1.4.1 is vulnerable for prototype pollution attack over named variables passed into parseQuery.js lib. 9.8 Critical

Known issues

Last updated: July 26, 2024

Platform Connect is not on the list of supported modules in the Azure database

After you upgrade to SolarWinds Platform 2024.2.1 and run the Configuration Wizard, the wizard may fail with the following error message:

Some of your modules (Platform Connect) don't support Azure database.

The issue occurs because Platform Connect is not on the list of supported modules in the Azure SQL database.

Resolution or workaround: Add Platform Connect to the PCI.xml file. For details, see Configuration Wizard Error: Some of your modules (Platform Connect) don't support Azure database.

Legal notices

© 2024 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.