Web Help Desk 12.7.6 Release Notes

Release date: August 20, 2021

These release notes were last updated on September 13, 2021.

These release notes describe the new features, improvements, and fixed issues in Web Help Desk 12.7.6. They also provide information about upgrades and describe workarounds for known issues.

Since the Web Help Desk 12.7.5 release, our engineering team focused on hardening the application for an improved customer experience. As a result, this release addresses the most urgent bugs and vulnerabilities received from our customers.

Learn more

New features and improvements

Return to top

Web Help Desk 12.7.6 offers new enhancements and improvements compared to previous releases.

Updated Apache Tomcat

This release includes Apache Tomcat 9.0.48, which provides additional enhancements to further harden the application. This version replaces Apache Tomcat 9.0.43, which is no longer supported.

Tomcat is an open source software product that creates both a web and application server for your enterprise.

Internal improvements

This release includes additional updates that improve the product stability and functionality.


New customer installation

Return to top

See the Web Help Desk Installation and Upgrade Guide for details about installing Web Help Desk. After you complete the installation, see the Web Help Desk Getting Started Guide. This guide picks up right after the installation process and walks you through the initial steps you need to start using the application.

Web Help Desk no longer includes the additional configuration files required to enable Federal Information Processing Standards (FIPS) mode in the application. To install Web Help Desk and enable FIPS, see Enable FIPS in a new deployment located in the Web Help Desk Administrator Guide.

To install Web Help Desk 12.7.6 with FIPS mode disabled, install version 12.7.6 on the host server. When the installation is completed, enable FIPS mode.

SQL Server database collation requirements

If you plan to use a Microsoft SQL Server database for your deployment, verify that the server collation in your database is set to case insensitive before you run the installer. If it is set to case sensitive, create a new case insensitive database using SQL Server Management Studio.

See Prepare your Web Help Desk database in the Web Help Desk Administrator Guide for details.

How to upgrade

If you are upgrading from a previous version, see the Web Help Desk Installation and Upgrade Guide. This guide provides steps and procedures for installing and upgrading Web Help Desk in an evaluation, stand-alone, or integrated Orion deployment.

Upgrade your FIPS deployment

If FIPS is enabled in your Web Help Desk 12.7.2 through 12.7.4 deployment, copy the following files to another location before you upgrade:

  • <WebHelpDesk>\bin\nss-x64
  • <WebHelpDesk>\conf\additional\fips-140-2

When you are finished, upgrade to 12.7.5, and then upgrade to 12.7.6.

See the Web Help Desk Installation and Upgrade Guide for details.

Install the MySQL JDBC driver

Beginning with Web Help Desk 12.7.1, Oracle Java is replaced with the Open Java Development Kit (OpenJDK). This update modifies the directory structure where the MySQL Java Database Connectivity (JDBC) driver is installed. To prevent errors after the upgrade, install the driver on your host server in the new location to prevent errors in the application after the upgrade.

See Install the MySQL JDBC Driver in the Web Help Desk Administrator Guide for installation instructions.

Upgrade your Apache Tomcat software

The software installer includes Apache Tomcat 9.0.48, which provides enhanced security and is required for this release.

When you upgrade your Web Help Desk software, the upgrade procedure replaces the <WebHelpDesk>\conf\tomcat_web_template.xml file with an updated file that includes the Tomcat 9.0.48 settings.

Before you upgrade, back up your current tomcat_web_template.xml file to an external directory. When the upgrade is completed, add your personal settings to the updated file from your backup file.


Fixed issues

Return to top

Web Help Desk 12.7.6 fixes the following issues.

Case Number Description

00160912

00541462

00843890

Look & Feel no longer displays code when you click Refresh Preview.

N/A

A broken logo link no longer displays in the Web Help Desk Administrator Console when you create a new logo in Look & Feel.

N/A

Changing the ticket priority from a pop-up note no longer generates an error.

00349376

00804837

Techs no longer receive two email notifications from an Orion integration alert.

00515558

00833258

Bullet lists now display correctly in an FAQ.

00545110

Content Security Policy headers were added for further application hardening.

00486229

00545529

Ticket with Arabic characters no longer display random characters in an exported TSV file.

00550642

A ticket with pending checklist items no longer closes automatically when the status is changed to Resolved.

00734875

Arabian characters now display correctly in a Google Chrome of Microsoft Edge web browser.

00779800

The ticket dashboard now displays chart results in the proper order. 

00794196

The History tab in the client interface now displays the correct custom date field and allows users to add comments as needed.

00787966

You can now search by company, location, and location custom field.

00759940

Techs with limited permissions can now log in to Web Help Desk without generating an error.

00763185

00769907

An error no longer displays when you open Ticket View from the My Tickets tab.

00751853

Action rules are now applied correctly to Orion Alert tickets.

00759940

You no longer need to add the tech password when editing a tech profile.

00549324

00657215

A tech account is no longer locked out when you use the Web Help Desk Discovery Engine (WMI).

00779376

The Inventory import now updates automatically in the part index.

00806759

When you open a ticket from a calendar link, the ticket now includes the correct linked parent ticket.

00781086

00809152

00810240

Request type now display in order in the administrator console.

00806352

00815251

LDAP connections now work correctly after upgrading to Web Help Desk 12.7.5.

00814207

Child ticket notes in a parent ticket now display correctly in the Client view.

00791113

00815464

Logging in to Web Help Desk using Google G-Suite with SAML no longer generates an error.

00818916

00825466

00825514

00828748

00845959

Backing up the PostgreSQL database no longer generates an error after you upgrade the application or change the default user account.

00825179

Special characters now display correctly in a TSV report.

00706166

Configuring an incoming e-mail account for Office 365 using Open Authentication (OAuth) no longer generates an error.

00824268

HTML tags no longer display in the Ticket Update summary.

00827311

In a ticket, the Client check box under Recipients is no longer disabled.

00837591

The Client interface now displays all FAQ pages when you click Show Details in an FAQ.

00843876

Error messages generated during an asset import now display with visible characters.

00839804

Client administrators who manage over 2,100 locations on a Web Help Desk with a Microsoft SQL Server database can now view tickets on the History page.

00851854

All comments entered by a tech now display correctly in the ticket.

00844303

You can now select or deselect all request types in the ticket custom fields.

00842087

When you create a new ticket request type, the text entered in the Detailed Instructions box now displays as blue text above the Request Detail field.

00842822

00843948

00851733

00858405

The ticket request types now display in alphabetical order.

00850182

Greek characters now display correctly in a ticket when using the email option.

00847005

Updating a user profile in the Client interface no longer generates an error.

00800567

Viewing tickets in the Client interface no longer generates an error.

CVE issues

SolarWinds would like to thank our Security Researchers below for reporting on this issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

CVE-ID Vulnerability Title Description Severity Credit
CVE-2021-32076 Access Restriction bypass via referrer spoof - Business Logic Bypass: WHD 12.7.2 While performing penetration testing, it was observed that an attacker can access the “Web Help Desk Getting Started Wizard,” especially the admin account creation page, from non-privileged IP range or loopback by interception of the http request and changing the referrer from the public IP to the loopback “http://127.0.0.1:8081.” Medium Moaaz Taha

Legal notices

Return to top

© 2021 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.