WHD 12.8.8 release notes
Release date: October 14, 2025
Here's what's new in Web Help Desk 12.8.8.
Learn more
- See the WHD release notes aggregator to view release notes for multiple versions of WHD on a single page.
- See WHD 12.8.8 system requirements to learn about prerequisites for running and installing WHD 12.8.8.
- See the WHD 12.8.8 Administrator Guide to learn how to work with WHD.
New features and improvements
Last updated:
Banner view is now configurable
A new toggle option has been introduced to control the display of the daily banner.
Administrators can now easily choose whether to show or hide the banner using a simple checkbox setting.
-
Log in with an admin account.
-
Navigate to Setup > General > Options.
-
Select the Disable Banner checkbox to hide the banner or leave it unchecked to display it.
By default, this option is unchecked, and the banner is visible. An automatically scheduled API call gets the new version and unchecks the Disable Banner checkbox.
Library software upgrades
-
Tomcat has been upgraded to version 9.0.109.
-
JDK has been upgraded to version 11.0.28.
Fixes
Last updated:
| Case number | Description |
|---|---|
| N/A | Canned templates now showing for "All" status type and request type. |
| 01995729 | Tech users can now save profile changes, despite using AD/Okta authentication. |
| 01995607 | You can now save email templates; current request types are now listed. |
| N/A | Keystore integrity will remain intact if reinstalling same WHD version. |
| N/A | Dates beyond 12/31/2029 do not revert to 19xx. |
| 01983874, 02011339 | Emails with attachments are now delivered correctly when using the Office 365 outgoing account. |
CVEs
Last updated: 10/14/2025
Third Party CVEs
| CVE-ID | Vulnerability Title | Description | Severity |
|---|---|---|---|
| CVE-2025-46701 | Apache Tomcat Improper Handling of Case Sensitivity Vulnerability | Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue. | 7.3 High |
| CVE-2025-48988 | Apache Tomcat Allocation of Resources Without Limits or Throttling Vulnerability | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. | 7.5 High |
| CVE-2025-49124 | Apache Tomcat Untrusted Search Path Vulnerability | Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100 and 7.0.95 through 7.0.109. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. | 8.4 High |
| CVE-2025-49125 | Apache Tomcat Authentication Bypass Using an Alternate Path or Channel Vulnerability | Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. | 7.5 High |
| CVE-2025-52434 | Apache Tomcat Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue. | 7.5 High |
| CVE-2025-52520 | Apache Tomcat Integer Overflow or Wraparound Vulnerability | For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. | 7.5 High |
| CVE-2025-53506 | Apache Tomcat Uncontrolled Resource Consumption Vulnerability | Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. | 7.5 High |
Installation or upgrade
Last updated:
For new installations, you can download the installer from the SolarWinds website or from the Customer Portal. For more information, see the WHD Installation and Upgrade Guide.
-
WHD supports Windows Server 2019 and 2022 for production environments and Windows 11 for trial evaluations. These operating system require additional setup to install. See the WHD Installation and Upgrade Guide for instructions.
-
WHD no longer includes the additional configuration files required to enable Federal Information Processing Standards (FIPS) mode in the application. To install WHD and enable FIPS, see Enable FIPS in a new deployment in the WHD Administrator Guide.
For upgrades, use Upgrade WHD to plan and execute your upgrade.
-
Determine your upgrade path.
-
Download and install the upgrade package(s) from the SolarWinds Customer Portal.
-
After you have upgraded Web Help Desk, download and install any available hotfixes for this version of Web Help Desk. Hotfixes are available in the Customer Portal.
After you complete the installation, see the WHD Getting Started Guide. This guide picks up right after the installation process and walks you through the initial steps you need to take to start using the application.
Legal notices
© 2025 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.