WHD 12.8.2 release notes
Release date: April 17, 2024
Here's what's new in WHD 12.8.2. You can find the applicable system requirements here.
To view release notes, system requirements, and product guide PDFs for supported versions of WHD, see WHD previous versions. To view release notes for multiple versions
Attention 12.8.2 customers
RHEL 7 EOL
Red Hat Enterprise Linux (RHEL) 7 reaches end of maintenance June 30, 2024. After June 30, 2024, no updates will be published for CentOS Linux 7.
Customers who want to stay within the RHEL ecosystem will need to decide to move to an RHEL 8 or a RHEL 9 based distribution.
See 12.8.2 System requirements.
Upgrade your embedded PostgreSQL database
If you are running version 12.7.8 with the embedded PostgreSQL 13.3 database, follow the instructions in the WHD Installation and Upgrade Guide to upgrade your deployment to version 12.8.1.
If you are located outside the continental United States, contact Technical Support for assistance with upgrading to WHD 12.8.1 with the embedded PostgreSQL 13.13 database.
If you are running version 12.7.1 or earlier with the embedded PostgreSQL 9.x.x database, upgrade to 12.7.7 with PostgreSQL 13.9 first. See How to upgrade Web Help Desk to version 12.7.7 using PostgreSQL as the database for details. When you are finished, follow the instructions in the WHD Installation and Upgrade Guide to upgrade your deployment to version 12.8.1.
Install the MySQL JDBC driver
Beginning with WHD 12.7.1, Oracle Java is replaced with the Open Java Development Kit (OpenJDK). This update modifies the directory structure where the MySQL JDBC driver is installed. To prevent errors after the upgrade, install the driver on your host server in the new location to prevent errors in the application after the upgrade.
See Install the MySQL JDBC Driver in the WHD Administrator Guide for installation instructions.
Upgrade your Apache Tomcat software
The software installer includes Apache Tomcat 9.0.86, which provides enhanced security and is required for this release.
When you upgrade your Web Help Desk software, the upgrade procedure replaces the (WebHelpDesk)\conf\tomcat_web_template.xml file with an updated file that includes the Tomcat settings.
Before you upgrade your Web Help Desk software, back up your current tomcat_web_template.xml file to an external directory. When the upgrade is completed, add your personal settings to the updated file from your backup file.
New features and improvements in WHD
Security was improved
A new function was implemented that prevents a a malicious user from accessing the application by impersonating someone's active session. Active sessions are now validated through session IDs that are bound with an IP address.
SolarWinds upgraded some library software
The following software was upgraded:
-
Postgresql 13.13 version to 13.14
-
Tomcat version 9.0.86
-
JDK version to 11.0.22
Other improvements
-
Canned response templates are sorted in alphabetical order.
Fixed CVEs
At SolarWinds, we prioritize the swift resolution of CVEs to ensure the security and integrity of our software. In this release, we have successfully addressed the following CVEs.
SolarWinds CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
| CVE-ID | Vulnerability Title | Description | Severity | Credit |
|---|---|---|---|---|
| CVE-2023-46589 | Improper Input Validation | Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. | 7.5 High | |
| CVE-2024-22243 | Open Redirection Vulnerability | Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. | 8.1 High | |
| CVE-2024-23672 | Denial of Service Vulnerability | Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. | 4.0 Low |
Fixed customer issues
| Case number | Description |
|---|---|
| 01483951 | Server response disclosed internal file paths. |
| 01483216, 01558630 | HTML codes displayed instead of the formatted messages in login, API, and other locations in GUI. |
| 01509921, 01484522, 01504568 | Outgoing resolution emails did not include links to external surveys. Corrupt calendar error message: not supported calendar message.ics. Customer can send external survey to client without exposing survey url in the email, using the following tags:
Survey participants can be required to log in or take the survey without logging in using the flag 'Login required to submit survey' under Setup > Surveys > Surveys." |
| 01496382, 01518796, 01521519 | iCal file was sent after ticket scheduled. Incorrect date/time in calendar objects. Ticket schedule now supports outgoing configuration with anonymous authentication. |
| 01451411, 01549207, 01543927, 01560794, 01564655, 01568330, 01551271, 01583476 | Missing fields when importing POs. Error when importing POs: IllegalArgumentException. Incorrect headers in PO imports. Null filed in PO import. |
| 01515953, 01557649, 01568210, 01576682 | Ticket details displayed in plain text instead of HTML. HTML tags on Login message. WHD is not interpreting HTML markup. |
| 01537880, 01552340, 01592694 | Out-of-Office vacation flag [V] now expires according to technician's business zone. |
| 01548544 | PCI compliance scan failed |
| 01574016 | Tech can escalate tickets to other levels without granting user reassignment permission, |
| 01581266 | Tech note information contains broken links. |
| 01572294 | Unable to change the asset model when it was entered incorrectly on the Asset Info tab. |
Installation or upgrade
For new installations, you can download the installer from the SolarWinds website or from the Customer Portal. For more information, see the WHD Installation and Upgrade Guide.
After you complete the installation, see the WHD Getting Started Guide. This guide picks up right after the installation process and walks you through the initial steps you need to take to start using the application.
WHD supports Windows Server 2019 and 2022 for production environments and Windows 11 for trial evaluations. These operating system require additional setup to install. See the WHD Installation and Upgrade Guide for instructions.
To install WHD and enable FIPS, see Enable FIPS in a new deployment in the WHD Administrator Guide.
WHD no longer includes the additional configuration files required to enable Federal Information Processing Standards (FIPS) mode in the application. To install WHD and enable FIPS, see Enable FIPS in a new deployment in the WHD Administrator Guide.
If you are installing WHD 12.7.12 with FIPS mode disabled, make sure version 12.7.9 is running on the host server before you install. When the installation is completed, enable FIPS mode.
For upgrades, use the WHD Installation and Upgrade Guide to plan and execute your upgrade. When you are ready, download the upgrade package from the SolarWinds Customer Portal.
Legal notices
© 2024 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.