SolarWinds Platform 2024.4 release notes
Release date: October 16, 2024
Here's what's new in SolarWinds Platform 2024.4.
Learn more
- See the release notes aggregator to view release notes for multiple versions and multiple SolarWinds Platform products on a single page.
- See SolarWinds Platform 2024.4 system requirements to learn about prerequisites for running and installing SolarWinds Platform 2024.4.
- See the SolarWinds Platform 2025.1 Administrator Guide to learn how to work with SolarWinds Platform.
New features and improvements in SolarWinds Platform
Last updated:
Intelligent Map improvements
- Support for bendy multi-point links between objects on the map
- Bulk-clone maps in the user interfaces or via SDK.
- Support for background images loaded from an external URL.
Modern Dashboard improvements
- Dashboard tabs: You can create a tabbed dashboard experience within Modern Dashboards.
- Global filters icon: You can filter out content of a dashboard to view relevant data without the need for heavy customization.
- Breadcrumbs: When navigating to certain Modern Dashboard Details pages, use breadcrumbs to easily navigate back to the previous Modern Dashboard Summary page.
- Locked header: Modern Dashboards can now have a locked header when you scroll down. This allows the title, tabs, and other items to remain on top of the page for easier navigation.
- Custom home page: You can set a Modern Dashboard as the default Home Page View and default Summary View for users or groups. Users can thus be directed to a Modern Dashboard automatically when they log in to the SolarWinds Platform Web Console.
General improvements
- Scalability and performance improvements, such as improved polling stability and decreased CPU load by polling services.
- Stability improvements for SolarWinds Platform Agents.
- Security and compliance improvements.
Other improvements
- You can now see the full Windows Build version when monitoring Windows via WMI or SolarWinds Platform Agent. This was previously only available with Asset Inventory enabled.
Fixes
Last updated:
| Case number | Description |
|---|---|
| 01720807, 01721022 |
The CVE Node Matching process no longer fails with an error about a missing value for the 'Value' parameter. |
| 01608689 |
The CVE Data Import no longer fails when run from an Azure SQL DB. |
| 01641350, 01683715, 01696624 |
When the Job Engine executes the RemoveEmptyRouters method on an agent, it no longer returns the error |
| 01685988, 01691268 |
The Intelligent Map widget displays the Map name format field without requiring the user to clear the browser cache. |
| 01676169 |
To improve the performance of world maps, the following changes have been implemented:
|
| 01681414 |
Editing a map created from a device works as expected. |
| 01612361 |
A user whose account name includes an apostrophe can view Intelligent Maps. |
| 01578369 |
On Intelligent Maps, the colors of the Shutdown, External, Unknown, Unpluggable, and Unreachable status icons are no longer the same. |
| 01589564 |
When an object on an Intelligent Map has label text defined by macros, the label text is not displayed when the map is opened on a modern dashboard. |
| 01578159 |
When live updates are on for an Intelligent Map, the map is now updated when interface statuses or statistics change. |
| 01725511, 01726109 |
If the SolarWinds Platform database is hosted on an Azure SQL DB or Azure SQL Managed Instance, the Configuration Wizard no longer fails with the error message |
| 01622829 |
The SolarWinds Platform is compliant with .NET 4.0 STIG. |
| 01685123 |
When you log in to the SolarWinds Platform Web Console through an additional web server and create or edit a map, audit map messages show the correct account ID instead of |
| 00521556, 00905859, 01186796, 01690253 |
Downloading the Linux agent offline installer no longer fails when the system locale of the SolarWinds Platform server is German. |
| 01686538 |
When IPv6 is disabled on a polling engine and the SolarWinds Agent is distributed through a Golden Master image, the agent configuration no longer contains the IPv6 loopback |
| 01707760 |
If you display the Planned Alert Suppression column on the Managed Nodes page and then perform a search, the following error message is no longer displayed:
|
| 01692359, 01716314 |
New custom properties cannot be named |
| 01621022 |
The List Resources view is displayed correctly for nodes with agent polling. |
| 01670790 |
When you select the New Diagnostics option, the Collect new diagnostics dialog lists nodes as well as polling engines. |
| 01615945, 01672444 |
Data remaining from evaluations of earlier versions of NTA no longer prevents upgrading to current versions of SolarWinds Platform products. |
| 01625035 |
When an additional polling engine installation is blocked because a centralized upgrade was started but not completed, the correct message is displayed. |
| 01670799 |
Repairing the SolarWinds Administration Service (SWA) from the Control Panel no longer fails with an error because the required |
| 01621779 |
Leaving a modern dashboard open without activity long enough for a session timeout does not result in the following error:
|
| 01570767, 01639375 |
The Configuration Wizard works correctly when "Reconfigure database connection only" is selected. |
| 01538369, 01570380, 01576376, 01595435, 01622914, 01676429 |
When a user upgrades from a legacy version of the Orion Platform that used Microsoft SQL 2014 or earlier as the database, database maintenance no longer fails with messages that database columns cannot be modified. |
| 01596324 |
In the ServiceNow integration, the Impact drop-down is populated with the correct options instead of only None and High. |
| 01626228 |
On the Manage Nodes page, the Group by option previously labeled "Status" is now labeled “Group by Node”. This change is to clarify that when Interfaces are selected, grouping by status groups the interfaces based on the status of the associated node. |
| 01523790 |
The database was tuned to prevent problems with alerting. |
| 01601084 |
When one or more nodes that are part of an anomaly-based alert become unmanaged, the alert works as expected. |
| 01726459 |
Editing an anomaly-based alert and changing aspects other than the selected entities no longer results in issues such as the alert details page being empty or the previously selected entities no longer being selected. |
| N/A |
When nodes related through topology trigger alerts, the AlertStack no longer fails to create a cluster with errors such as:
|
| 01572405 |
When the SolarWinds Administration Service (SWA) uses a Powershell function to retrieve the hash value of a product catalog, it no longer returns an invalid value in some situations. |
| 01568798 |
The custom property editor no longer treats null and empty as different values. |
| 01511759 |
If the same node is added twice, with the first instance polled via WMI and the second by an agent, you can no longer edit the first instance and change the polling method to agent. This would cause polling to fail. |
| 01580158, 01612572 |
When you are adding entities to a Perfstack chart and the list of entities loads slowly, the Add Entities dialog is no longer missing checkboxes, sorting options, and filters. |
| 01504511 |
Database maintenance no longer removes all information about a triggered global alert from the database. |
| 01549138 |
Users no longer require "Alert Management" rights (or higher-level Admin rights) to receive alert notifications in the Desktop Notification Tool. The "Allow Account to Clear/Acknowledge messages" permission is sufficient. |
| 01592127, 01727337 |
On the All Active Alerts page, alerts can be sorted by the ServiceNow Incident Number column or the Assigned to column. |
| 01595551 |
When a node is scheduled for maintenance mode in the future but not currently in maintenance mode, the drop-down command menu displays "Cancel Maintenance" instead of "Resume Alerts (Unmute)". |
| 01487914 |
If a node is assigned to an additional polling engine (APE) and the APE becomes unreachable, users can still edit the value of custom properties on the node. |
| 01574222, 01592661, 01606872 |
When you select specific nodes on the Manage Nodes page and choose Export Custom Property Values, the export file contains only the custom property values for the selected nodes, not values for all nodes. |
| 01520455, 01616923 |
After an unsuccessful connection, active agents will wait approximately 60 seconds before another connection attempt, which reduces the load on a polling engine when a lot of active agents are trying to reconnect after a maintenance window. |
| 01689586 |
When you select multiple nodes and schedule a maintenance window, the time of the window is displayed correctly. |
| 01543990, 01579217 |
When "Send a GET or Post Request to a Web Server" is selected as an alert action and the HTTP post body is in JSON format, line breaks in variables no longer prevent the JSON from being parsed correctly, resulting in an error. |
| 01453438, 01611647, 01689350, 01532709 |
When a Cisco Catalyst 8000 or Catalyst 8300 series device is monitored, the Machine Type includes the model number instead of identifying it only as Cisco. |
| 01532709 |
When an Arista device is monitored, the Machine Type correctly identifies the vendor model number instead of identifying it as Arista Networks. |
| 01496748 |
The Management widgets on the Node Details and Volume Details pages no longer disregard custom language packs. |
| 01433885 |
The SolarWinds Platform no longer reports incorrect CPU usage for some Cisco devices. |
| 01468849 |
The SolarWinds Platform has been updated to more accurately report CPU usage on computers running Windows 8 and later. |
| 01406414, 01668926 |
When a monitored node's IP address changes, the node is no longer assigned to the wrong agent. |
| 00646136, 00646150, 00646569, 00650740, 00650833, 00779424, 00787283, 00980418, 01318694, 01382941, 01507343 |
Reports now show data for the selected time period. |
| 01127916, 01226692, 01239247, 01243484 |
When a limitation is applied to an account, modern dashboards are displayed correctly for users who log in with that account. |
| 01443869 |
When the trap service receives a trap with a varbind that contains an OID with the value |
| 01388174, 01546661 |
The log management portion of database maintenance performance was improved to prevent failures due to timeouts. |
| N/A |
The SSH button no longer resolves to unsafe:ssh://10.11.11.101 in modern dashboards. |
| 01745472, 01768118, 01768935 |
*Installations and upgrades no longer fail with the error |
*This fix was added after the RC release.
CVEs
Last updated: October 15, 2024
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
SolarWinds CVEs
| CVE-ID | Vulnerability Title | Description | Severity | Credit |
|---|---|---|---|---|
| CVE-2024-45710 | SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability | SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. | 7.8 High | Will Dormann working with Trend Micro Zero Day Initiative |
| CVE-2024-45715 | SolarWinds Platform Cross Site Scripting Vulnerability | SolarWinds Orion Platform was found to have a cross-site scripting (XSS) vulnerability that could allow the injection of malicious scripts when editing an element in the platform. A high privileged account is required to exploit this vulnerability. | 7.1 High | Maksym Vatsyk from Visa Cybersecurity Team |
Third Party CVEs
| CVE-ID | Vulnerability Title | Description | Severity |
|---|---|---|---|
| CVE-2023-46118 | RabbitMQ Denial of Service Vulnerability | RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7. | 4.9 Medium |
| CVE-2024-2511 | OpenSSL Denial of Service Vulnerability | Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue. | 5.9 Medium |
| CVE-2023-29483 | Python TuDoor Vulnerability | eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. | 7.0 High |
| CVE-2024-0727 | OpenSSL Denial of Service Vulnerability | Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. | 5.5 Medium |
| CVE-2019-10744 | Lodash.js Prototype Pollution Vulnerability | Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. | 9.1 Critical |
| CVE-2022-31129 | Moment.js (Re)DoS Attack Vulnerability | moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input | 7.5 High |
Installation or upgrade
Last updated:
For new SolarWinds Platform deployments, download the installation file from the SolarWinds Platform product page on https://www.solarwinds.com or from the Customer Portal. For more information, see Get the installer.
To activate SolarWinds Platform in an existing SolarWinds Platform deployment, use the License Manager.
For upgrades, go to Settings > My Deployment to initiate the upgrade. The SolarWinds Installer upgrades your entire deployment (all SolarWinds Platform products and any scalability engines).
For more information, see the SolarWinds Platform Product Installation and Upgrade Guide.
For supported upgrade paths to 2024.4, see Upgrade an existing deployment.
Known issues
Last updated:
Certificate Management Service (CMS) issues after the upgrade of ASP.NET Core
The CMS service cannot start when your server’s Microsoft ASP.NET Core and Microsoft .NET Runtime versions differ. As a result, the Configuration wizard might fail.
Resolution or workaround: Update Microsoft ASP.NET Core and Microsoft .NET Runtime to the same version. See Download .NET 8.0 (Linux, macOS, and Windows).
To prevent the issue in the future, SolarWinds recommends that you opt-in to .NET Core Automatic Updates for Server Operating Servers. Opting in ensures that both runtimes are always updated to the same version. See .NET Automatic Updates… in Microsoft Documentation.
End of life
Last updated:
| Version | EoL announcement | EoE effective date | EoL effective date |
|---|---|---|---|
| 2022.4 | June 4, 2024: End-of-Life (EoL) announcement – Customers on SolarWinds Platform 2022.4 should begin transitioning to the latest version of SolarWinds Platform. | July 4, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SolarWinds Platform 2022.4 will no longer be actively supported by SolarWinds. | July 4, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SolarWinds Platform 2022.4. |
| 2022.3 | February 6, 2024: End-of-Life (EoL) announcement – Customers on SolarWinds Platform 2022.3 should begin transitioning to the latest version of SolarWinds Platform. | March 7, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SolarWinds Platform 2022.3 will no longer be actively supported by SolarWinds. | March 7, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SolarWinds Platform 2022.3. |
| 2022.2 | November 1, 2023: End-of-Life (EoL) announcement – Customers on SolarWinds Platform 2022.2 should begin transitioning to the latest version of SolarWinds Platform. | December 1, 2023: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SolarWinds Platform 2022.2 will no longer be actively supported by SolarWinds. | December 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SolarWinds Platform 2022.2. |
SolarWinds Platform 2024.4 is the last version that supports direct upgrades from SolarWinds Platform 2020.2.6. If you are still on SolarWinds Platform 2020.2.6, SolarWinds recommends you upgrade to the latest version as soon as possible.
See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier SolarWinds Platform versions, see SolarWinds Platform release history.
End of support
Last updated:
This version of SolarWinds Platform no longer supports the following platforms and features.
| Type | Details |
|---|---|
| Remote Desktop Connection | The Integrated Remote Desktop in the SolarWinds Platform Web Console is no longer supported. |
Deprecation notice
Last updated:
The following platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features.
| Type | Details |
|---|---|
| Network Atlas |
Network Atlas is deprecated as of Orion Platform 2020.2. It is still available and supported in the current release, but will be removed in a future release. Deprecation is an indication that you should avoid expanded use of this feature and formulate a plan to discontinue using the feature. SolarWinds recommends that you start using Intelligent Maps in the SolarWinds Platform Web Console to display maps of physical and logical relationships between entities monitored by the SolarWinds Platform products you have installed. Starting with 2024.4, you can import Network Atlas maps to Intelligent Maps. See Import maps. |
SolarWinds Platform products release notes
SolarWinds Observability Self-Hosted (all versions)
Network Management
Systems Management
Legal notices
© 2024 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.