Documentation forWeb Help Desk
Important security updates are available for WHD. SolarWinds recommends you upgrade to version 12.8.3 Hotfix 3.

WHD 12.8.2 release notes

Release date: April 17, 2024

These release notes were last updated on August 16, 2024.

Important security updates are available for WHD. SolarWinds recommends all customers upgrade to version WHD 12.8.3 Hotfix 3.

Here's what's new in Web Help Desk 12.8.2.

Learn more

New features and improvements in WHD

Security was improved

A new function was implemented that prevents a a malicious user from accessing the application by impersonating someone's active session. Active sessions are now validated through session IDs that are bound with an IP address.

SolarWinds upgraded some library software

The following software was upgraded:

  • Postgresql 13.13 version to 13.14
  • Tomcat version 9.0.86
  • JDK version to 11.0.22

Customer action required

Red Hat Enterprise Linux (RHEL) 7 reaches end of maintenance June 30, 2024. After June 30, 2024, no updates will be published for CentOS Linux 7.

Customers who want to stay within the RHEL ecosystem will need to decide to move to an RHEL8 or a RHEL9 based distribution.

See 12.8.2 System requirements.

Other improvements

  • Canned response templates are sorted in alphabetical order.

Return to top

Fixes

Case number Description

01483951

 Server response disclosed internal file paths.

01483216, 01558630

 HTML codes displayed instead of the formatted messages in login, API, and other locations in GUI.

01509921, 01484522, 01504568

Outgoing resolution emails did not include links to external surveys. Corrupt calendar error message: not supported calendar message.ics.

Customer can send external survey to client without exposing survey url in the email, using the following tags:

<external_survey_link text="survey-url">

<survey_link text="Click Here">

See External Survey Tool Tip.

Survey participants can be required to log in or take the survey without logging in using the flag 'Login required to submit survey' under Setup > Surveys > Surveys."

01496382, 01518796, 01521519

 iCal file was sent after ticket scheduled. Incorrect date/time in calendar objects. Ticket schedule now supports outgoing configuration with anonymous authentication.

01451411, 01549207, 01543927, 01560794, 01564655, 01568330, 01551271, 01583476

 Missing fields when importing POs. Error when importing POs: IllegalArgumentException. Incorrect headers in PO imports. Null filed in PO import.

01515953, 01557649, 01568210, 01576682

 Ticket details displayed in plain text instead of HTML. HTML tags on Login message. WHD is not interpreting HTML markup.

01537880, 01552340, 01592694

 Out-of-Office vacation flag [V] now expires according to technician's business zone.

01548544

 PCI compliance scan failed

01574016

 Tech can escalate tickets to other levels without granting user reassignment permission,

01581266

 Tech note information contains broken links.

01572294

 Unable to change the asset model when it was entered incorrectly on the Asset Info tab.

CVEs

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

CVE-ID Vulnerability title Description Severity
CVE-2023-46589 Improper Input Validation Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. 7.5 High
CVE-2024-22243 Open Redirection Vulnerability Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks. 8.1 High
CVE-2024-23672 Denial of Service Vulnerability Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. 4.0 Low

Return to top

Before you upgrade!

If you are upgrading from a previous version, determine the upgrade path for your WHD deployment.

Upgrade your embedded PostgreSQL database

If you are running version 12.7.8 with the embedded PostgreSQL 13.3 database, follow the instructions in the WHD Installation and Upgrade Guide to upgrade your deployment to version 12.8.1.

If you are located outside the continental United States, contact Technical Support for assistance with upgrading to WHD 12.8.1 with the embedded PostgreSQL 13.13 database.

If you are running version 12.7.6 or earlier with the embedded PostgreSQL 9.x.x database, upgrade to 12.7.7 with PostgreSQL 13.9 first. See How to upgrade Web Help Desk to version 12.7.7 using PostgreSQL as the database for details. When you are finished, follow the instructions in the WHD Installation and Upgrade Guide to upgrade your deployment to version 12.8.1.

Install the MySQL JDBC driver

Beginning with WHD 12.7.1, Oracle Java was replaced with the OpenJDK. This update modifies the directory structure where the MySQL Java Database Connectivity (JDBC) driver is installed. To prevent errors after the upgrade, install the driver on your host server in the new location to prevent errors in the application after the upgrade.

See Install the MySQL JDBC Driver in the WHD Administrator Guide for installation instructions.

Upgrade Your Apache Tomcat software

The software installer includes Apache Tomcat 9.0.86, which provides enhanced security and is required for this release.

When you upgrade your WHD software, the upgrade procedure replaces the <WebHelpDesk>\conf\tomcat_web_template.xml file with an updated file including the Tomcat 9.0.86 settings.

Before you upgrade, back up your current tomcat_web_template.xml file to an external directory. When the upgrade is completed, add your personal settings to the updated file from your backup file.

Return to top

Installation or upgrade

For new installations, you can download the installer from the SolarWinds website or from the Customer Portal. For more information, see the WHD Installation and Upgrade Guide.

After you complete the installation, see the WHD Getting Started Guide. This guide picks up right after the installation process and walks you through the initial steps you need to take to start using the application.

WHD supports Windows Server 2019 and 2022 for production environments and Windows 11 for trial evaluations. These operating system require additional setup to install. See the WHD Installation and Upgrade Guide for instructions.

To install WHD and enable FIPS, see Enable FIPS in a new deployment in the WHD Administrator Guide.

WHD no longer includes the additional configuration files required to enable Federal Information Processing Standards (FIPS) mode in the application. To install WHD and enable FIPS, see Enable FIPS in a new deployment in the WHD Administrator Guide.

If you are installing WHD 12.7.12 with FIPS mode disabled, make sure version 12.7.9 is running on the host server before you install. When the installation is completed, enable FIPS mode.

For upgrades, use the WHD Installation and Upgrade Guide to plan and execute your upgrade. When you are ready, download the upgrade package from the SolarWinds Customer Portal.

To upgrade to WHD 12.8.3 Hotfix 3, follow the upgrade instructions in Determine the upgrade path to the latest WHD version.

Return to top

Legal notices

© 2024 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.