Release date: April 18, 2023
These release notes were last updated on August 11, 2023.
These release notes describe the new features, improvements, and fixed issues in Security Event Manager (SEM) 2023.2. They also provide information about upgrades and describe workarounds for known issues.
New in SEM 2023.2
SEM 2023.2 offers new features and improvements compared to previous releases of SEM.
Event groups allow you to group similar events together into a single category to initiate a specific event filter, rule, or condition.
You can create an event group that includes a custom family of alerts, save the group as an event group, and associate the group with your rules and filters. If you have multiple SEM instances, you can import an event group from another SEM instance or export all event groups to another SEM instance.
See Create event groups in the SEM Administrator Guide for details.
Improved tag management
You can now create and view tags from the Tag management window for queries.
Tags allow you to quickly identify specific user activity in your deployment. For example, if you are interested in monitoring a specific event in your deployment, you can create a new rule with a tag to display the color-coded tag notification on queries matching your defined criteria. You can also apply multiple tags to a single rule or keyword.
See Create and manage tags in the SEM Administrator Guide for details.
Improved manager to agent communications
This release implements several updates to ensure uninterrupted communications between the SEM Manager and agents and prevent unauthorized access to your SEM deployment. These updates include:
New SEM Manager and agent certificates
Agent certificate recovery
Automatic certificate updates
See Configure SEM to collect event data from systems and devices in the SEM Administrator Guide for details.
Email Active Response connector testing
After you set up an Active Response connector in the SEM Console, you can now test the connector by sending a test message to a targeted user. This process ensures that the connector can send an email response through your SMTP server to a targeted user when the connector detects an issue in your deployment.
See Edit an Active Response connector profile in the SEM Administrator Guide for details.
Changes to system requirements
Beginning with this release, the following Microsoft Windows operating systems are no longer supported:
Windows Server 2008
Windows Server 2008 R2
The following protocols are no longer supported:
Server Message Block version 1 (SMB1)
SEM 2023.2 fixes the following issues.
|You can now display and hide disabled filters in your filters list.|
|Additional emails can now be accessed in a link.|
|By default, all widgets now reflect the selected tag in the subtitle and display a “No data to show” label for an empty state.|
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
|CVE-2021-28041||OpenSSH ssh-agent double free flaw||ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.||High|
|CVE-2019-16905||Pre-Auth Integer Overflow in the XMSS Key Parsing Algorithm in OpenSSH||
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm.
The XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.
|CVE-2004-2761||The MD5 Message-Digest Algorithm Vulnerability||The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.||Medium|
|CVE-2023-20860||Security Bypass With Un-Prefixed Double Wildcard Pattern||Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.||High|
|CVE-2023-20861||Spring Expression DoS Vulnerability||In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.||Medium|
New customer installation
For details about installing SEM, see the SEM Installation and Upgrade Guide.
To prevent access by unauthorized users, SolarWinds recommends setting up your SEM appliance with no access to the Internet or any public-facing network. For additional security recommendations, see the SEM security checklists located in the SEM Administrator Guide.
Before you upgrade!
Migrate LDAP connectors (introduced in SEM 2020.4)
To facilitate a smooth migration, SolarWinds recommends that you remove any ambiguity in your Directory Service Tool connector configurations. Ensure that only one Directory Service Tool connector configuration is set up for each domain.
All Directory Service Tool connectors are removed during the migration.
Upgrade SEM agents
For AIX, HPUX and Solaris, agent installers are not shipped with OpenJDK. As a prerequisite, install Java by performing the following steps:
- Upgrade your Java installation to the latest version. See the system requirements for the supported versions.
Upgrade the SEM agents using the latest custom Java installer.After you install and configure a SEM agent on an HP-UX server, the agent may not run as expected.
How to upgrade
Download the upgrade package from the SolarWinds Customer Portal.
Go to Settings > My Deployment to initiate the upgrade. The SolarWinds Installer upgrades your entire deployment. If you are upgrading from a previous version, use the resources described in this section to plan and implement your upgrade.
Before you upgrade to 2023.2, upgrade to 2020.2 or 2020.2.1 first. To upgrade from earlier versions, see the SEM Upgrade Path to help you plan and execute your upgrade.
Beginning in SEM 2020.4, a password is required to access the CMC command-line interface. The default CMC password is password.
See Change the SEM CMC password in the SEM Administrator Guide for instructions on changing the password.
File system consistency check
After you complete the upgrade, your system may run a file system consistency check (fsck) during the reboot. This consistency check can last 30 minutes or more depending on the amount of data in the data partition.
With the Debian version upgrade, the file system initiates the consistency check during the 22nd reboot (21 mounts) or six months since the last check.
See SEM connectors in the SEM Administrator Guide for a list of supported connectors.
© 2023 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.