WHD 12.7.6 release notes
Release date: August 20, 2021
Here's what's new in WHD 12.7.6. You can find the applicable system requirements here.
To view release notes, system requirements, and product guide PDFs for supported versions of WHD, see WHD previous versions. To view release notes for multiple versions
New features and improvements in WHD
General improvements
- Apache Tomcat has been updated to version 9.0.48
- Stability and functionality improvements
Fixed CVEs
At SolarWinds, we prioritize the swift resolution of CVEs to ensure the security and integrity of our software. In this release, we have successfully addressed the following CVEs.
SolarWinds CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
| CVE-ID | Vulnerability Title | Description | Severity | Credit |
|---|---|---|---|---|
| CVE-2021-32076 | Access Restriction bypass via referrer spoof - Business Logic Bypass: WHD 12.7.2 | While performing penetration testing, it was observed that an attacker can access the “Web Help Desk Getting Started Wizard,” especially the admin account creation page, from non-privileged IP range or loopback by interception of the http request and changing the referrer from the public IP to the loopback “http://127.0.0.1:8081.” | Medium | Moaaz Taha |
Fixed customer issues
| Case number | Description |
|---|---|
| 00160912 00541462 00843890 | Look & Feel no longer displays code when you click Refresh Preview. |
| N/A | A broken logo link no longer displays in the Web Help Desk Administrator Console when you create a new logo in Look & Feel. |
| N/A | Changing the ticket priority from a pop-up note no longer generates an error. |
| 00349376 00804837 | Techs no longer receive two email notifications from an Orion integration alert. |
| 00515558 00833258 | Bullet lists now display correctly in an FAQ. |
| 00545110 | Content Security Policy headers were added for further application hardening. |
| 00486229 00545529 | Ticket with Arabic characters no longer display random characters in an exported TSV file. |
| 00550642 | A ticket with pending checklist items no longer closes automatically when the status is changed to Resolved. |
| 00734875 | Arabian characters now display correctly in a Google Chrome of Microsoft Edge web browser. |
| 00779800 | The ticket dashboard now displays chart results in the proper order. |
| 00794196 | The History tab in the client interface now displays the correct custom date field and allows users to add comments as needed. |
| 00787966 | You can now search by company, location, and location custom field. |
| 00759940 | Techs with limited permissions can now log in to Web Help Desk without generating an error. |
| 00763185 00769907 | An error no longer displays when you open Ticket View from the My Tickets tab. |
| 00751853 | Action rules are now applied correctly to Orion Alert tickets. |
| 00759940 | You no longer need to add the tech password when editing a tech profile. |
| 00549324 00657215 | A tech account is no longer locked out when you use the Web Help Desk Discovery Engine (WMI). |
| 00779376 | The Inventory import now updates automatically in the part index. |
| 00806759 | When you open a ticket from a calendar link, the ticket now includes the correct linked parent ticket. |
| 00781086 00809152 00810240 | Request type now display in order in the administrator console. |
| 00806352 00815251 | LDAP connections now work correctly after upgrading to Web Help Desk 12.7.5. |
| 00814207 | Child ticket notes in a parent ticket now display correctly in the Client view. |
| 00791113 00815464 | Logging in to Web Help Desk using Google G-Suite with SAML no longer generates an error. |
| 00818916 00825466 00825514 00828748 00845959 | Backing up the PostgreSQL database no longer generates an error after you upgrade the application or change the default user account. |
| 00825179 | Special characters now display correctly in a TSV report. |
| 00706166 | Configuring an incoming email account for Office 365 using Open Authentication (OAuth) no longer generates an error. |
| 00824268 | HTML tags no longer display in the Ticket Update summary. |
| 00827311 | In a ticket, the Client check box under Recipients is no longer disabled. |
| 00837591 | The Client interface now displays all FAQ pages when you click Show Details in an FAQ. |
| 00843876 | Error messages generated during an asset import now display with visible characters. |
| 00839804 | Client administrators who manage over 2,100 locations on a Web Help Desk with a Microsoft SQL Server database can now view tickets on the History page. |
| 00851854 | All comments entered by a tech now display correctly in the ticket. |
| 00844303 | You can now select or deselect all request types in the ticket custom fields. |
| 00842087 | When you create a new ticket request type, the text entered in the Detailed Instructions box now displays as blue text above the Request Detail field. |
| 00842822 00843948 00851733 00858405 | The ticket request types now display in alphabetical order. |
| 00850182 | Greek characters now display correctly in a ticket when using the email option. |
| 00847005 | Updating a user profile in the Client interface no longer generates an error. |
| 00800567 | Viewing tickets in the Client interface no longer generates an error. |
Installation or upgrade
See the WHD Installation and Upgrade Guide for details about installing WHD. After you complete the installation, see the WHD Getting Started Guide. This guide picks up right after the installation process and walks you through the initial steps you need to start using the application.
WHD no longer includes the additional configuration files required to enable Federal Information Processing Standards (FIPS) mode in the application. To install WHD and enable FIPS, see Enable FIPS in a new deployment located in the WHD Administrator Guide.
To install WHD with FIPS mode disabled, install WHD on the host server. When the installation is completed, enable FIPS mode.
SQL Server database collation requirements
If you plan to use a Microsoft SQL Server database for your deployment, verify that the server collation in your database is set to case insensitive before you run the installer. If it is set to case sensitive, create a new case insensitive database using SQL Server Management Studio.
See Prepare your WHD database in the WHD Administrator Guide for details.
How to upgrade
If you are upgrading from a previous version, see the WHD Installation and Upgrade Guide. This guide provides steps and procedures for installing and upgrading WHD in an evaluation, stand-alone, or integrated Orion deployment.
Upgrade your FIPS deployment
If FIPS is enabled in your WHD 12.7.2 through 12.7.4 deployment, copy the following files to another location before you upgrade:
<WebHelpDesk>\bin\nss-x64<WebHelpDesk>\conf\additional\fips-140-2
When you are finished, upgrade to 12.7.5, and then upgrade to 12.7.6.
Install the MySQL JDBC driver
Beginning with WHD 12.7.1, Oracle Java is replaced with the Open Java Development Kit (OpenJDK). This update modifies the directory structure where the MySQL JDBC driver is installed. To prevent errors after the upgrade, install the driver on your host server in the new location to prevent errors in the application after the upgrade.
See Install the MySQL JDBC Driver in the WHD Administrator Guide for installation instructions.
Upgrade your Apache Tomcat software
The software installer includes Apache Tomcat 9.0.48, which provides enhanced security and is required for this release.
When you upgrade your Web Help Desk software, the upgrade procedure replaces the (WebHelpDesk)\conf\tomcat_web_template.xml file with an updated file that includes the Tomcat settings.
Before you upgrade your Web Help Desk software, back up your current tomcat_web_template.xml file to an external directory. When the upgrade is completed, add your personal settings to the updated file from your backup file.
Legal notices
© 2021 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.