WHD 12.8.5 release notes
Release date: February 11, 2025
Here's what's new in Web Help Desk 12.8.5.
- New features and improvements in WHD
- Added Quantity and Total Cost field to the Purchase Order section
- SolarWinds can push updates to WHD customers regarding new releases/Hot Fix
- Secure Communication to database
- SolarWinds upgraded some library software
- Fixes
- CVEs
- Before you upgrade!
- Installation or upgrade
- Legal notices
Learn more
- See the WHD release notes aggregator to view release notes for multiple versions of WHD on a single page.
- See WHD 12.8.5 system requirements to learn about prerequisites for running and installing WHD 12.8.5.
- See the WHD 12.8.5 Administrator Guide to learn how to work with WHD.
New features and improvements in WHD
Last updated: March 4, 2025
Added Quantity and Total Cost field to the Purchase Order section
SolarWinds introduced a Line Item Header with an expansion feature, which consolidates similar assets under a single header in the Purchase Order. For example, if there are 200 units of a similar model of an asset (say, 200 MAC PRO Book), they can be grouped under a single colored header. When this header is toggled on, it expands to show all the individual asset lines underneath. When toggled off, it collapses the assets back into the single header, streamlining the management of bulk assets and reducing the need for repeatedly clicking + to duplicate entries.
Example PO prior to 12.8.5
Example PO after upgrading to 12.8.5
SolarWinds can push updates to WHD customers regarding new releases/Hot Fix
WHD Admin gets Popup Message: When an admin logs in, a popup message will display the current version and the updated version, along with customer portal links for more information about the updated version. This popup message will appear at login and can be closed. Once closed, it will reappear upon the next login. The admin console will display a message regarding the availability of new releases or hotfixes. Alternatively, admins can visit the Newsroom - Web Help Desk (WHD) - THWACK or Customer Portal | SolarWinds for version information.
Isolated Environment: An API call is scheduled for the 1st of every month to generate a message, which will be displayed in the message box on both the TECH and Admin sides. Admin are advised to regularly check the Customer Portal Link https://customerportal.solarwinds.com - Newsroom - Web Help Desk (WHD) - THWACK.
Secure Communication to database
Release 12.8.5 upgrades the cryptographic algorithms between WHD and a database. This feature further hardens the application to prevent unauthorized access to your database.
VM Argument: add the VM argument below if not present.
-
Linux — Open the
<Web Help Desk home directory>/conf/whd.conffile and define the following:JAVA_OPTS="-DskipOSDetector=true"If you are facing any issues related to a Catalina error, perform the following steps:
JAVA_OPTS="-DskipOSDetector=false"- copy keyStore.PKCS12 file from
<Web Help Desk home directory>/bin/webapps/helpdesk/keyStore.PKCS12and paste into home directory. - Restart the server.
-
Mac — Open
<Web Help Desk home directory>/conf/whd.conffileJAVA_OPTS="-DskipOSDetector=true" -
Windows — VM argument is not required.
When you start the server after upgrading your existing deployment to WHD 12.8.5, you are prompted to reselect your WHD database. This process enables the updated connection.
If you are not prompted to reselect your database, follow these instructions to update the connection.
-
Stop the Web Help Desk server.
-
Take a backup of the .whd.properties file(<webhelp desk>/conf) and remove it from the conf folder.
-
Start the Web Help Desk Server.
-
Enter the database credential and complete the process.
You need to execute the migration tool to upgrade all existing credentials to support upgraded cryptographic algorithms after the application upgrade.
All instructions are mentioned in the migrate.bat/migrate.sh file available in the Web Help Desk home directory.
-
Execute the migration tool from the Web Help Desk home directory.
-
Restart the Web Help Desk application.
SolarWinds upgraded some library software
The following software was upgraded:
-
Tomcat version to 9.0.98
Fixes
Last updated:
| Case number | Description |
|---|---|
| 01827178 | Selected Request Types sort properly in Canned Response Templates |
| 01825707 | Upgrade Tomcat with 9.0.98 in WHD application |
| 01333276 | WHD imported PO attachments can be downloaded |
CVEs
Last updated: 2/14/2025
SolarWinds would like to thank the security researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
SolarWinds CVEs
| CVE-ID | Vulnerability Title | Description | Severity | Credit |
|---|---|---|---|---|
| CVE-2024-28989 | SolarWinds Web Help Desk Cryptographic Key Management Vulnerability | SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. | 5.5 Medium |
Third Party CVEs
| CVE-ID | Vulnerability Title | Description | Severity |
|---|---|---|---|
| CVE-2023-7101 | Spreadsheet::ParseExcel Arbitrary Code Execution Vulnerability | Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type eval. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic. | 7.8 High |
| CVE-2024-7264 | libcurl Out-of-bounds Read Vulnerability | libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used. | 6.5 Medium |
Before you upgrade!
Last updated: March 5, 2025
Review the Secure Communication to database feature description and, after upgrading, remember to ensure secure communications is enabled.
Installation or upgrade
Last updated:
For new installations, you can download the installer from the SolarWinds website or from the Customer Portal. For more information, see the WHD Installation and Upgrade Guide.
After you complete the installation, see the WHD Getting Started Guide. This guide picks up right after the installation process and walks you through the initial steps you need to take to start using the application.
WHD supports Windows Server 2019 and 2022 for production environments and Windows 11 for trial evaluations. These operating system require additional setup to install. See the WHD Installation and Upgrade Guide for instructions.
To install WHD and enable FIPS, see Enable FIPS in a new deployment in the WHD Administrator Guide.
WHD no longer includes the additional configuration files required to enable Federal Information Processing Standards (FIPS) mode in the application. To install WHD and enable FIPS, see Enable FIPS in a new deployment in the WHD Administrator Guide.
If you are installing WHD 12.7.12 with FIPS mode disabled, make sure version 12.7.9 is running on the host server before you install. When the installation is completed, enable FIPS mode.
For upgrades, use the WHD Installation and Upgrade Guide to plan and execute your upgrade. When you are ready, download the upgrade package from the SolarWinds Customer Portal.
Legal notices
© 2025 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.