Orion Platform 2020.2.5 Release Notes
Release date: March 25, 2021
These release notes describe the new features, improvements, and fixed issues in Orion Platform 2020.2.5. They also provide information about upgrades and describe workarounds for known issues.
Learn more
- For information on latest hotfixes, see Orion Platform Hotfixes.
- For release notes for previous Orion Platform versions, see Previous Version documentation.
- For information about requirements, see Orion Platform 2020.2 system requirements.
- For information about working with the Orion Platform, see Orion Platform 2020.2.5 Administrator Guide.
New features and improvements in Orion Platform
Orion Platform 2020.2.5 offers new features and improvements compared to previous releases of Orion Platform.
Modern dashboard improvements
- System dashboards
- Dashboard cloning, copying, deleting, and other relationships
- Dashboard import, export
- Global filters
- Customizable refresh intervals
- Table lazy loading
- New account role for dashboard management
New security improvements in Orion Platform
Orion Platform 2020.2.5 offers new security improvements compared to previous releases of Orion Platform.
- Orion XSS prevention improvements and many related fixes.
- Communication channel improvements for internal SolarWinds services.
- DB Manager leverages UAC protection
- AngularJS has been upgraded to 1.8.0
- Moment.JS has been upgraded to 2.29.1
New customer installation
For information about installing Orion Platform, see the SolarWinds Orion Installer.
How to upgrade
If you are upgrading from Orion Platform 2015.1.3 or later, use the SolarWinds Orion Installer to simultaneously upgrade your entire Orion deployment (all Orion Platform products and any scalability engines) to the current versions.
If you are upgrading from Orion Platform 2019.2, you can upgrade your entire Orion deployment from the My Orion Deployment page. Click Settings > My Orion Deployment > Updates & Evaluations. Downloading the Orion Installer is no longer necessary.
If you are upgrading from an earlier Orion Platform version, use this topic to plan and implement an upgrade to the current version of Orion Platform.
Fixed issues
Orion Platform 2020.2.5 fixes the following issues.
| Case Number | Description |
|---|---|
| 735548 | The issue where Orion Agent services on AIX were taking high CPU was addressed. |
| 310671, 361605, 372905, 444161, 549578 | To run the Configuration wizard, users need to have DBO specified as the default database schema. |
| 523382, 530307 | The issue where redundant spaces in column names were affecting migration to the cloud was addressed. |
| 369002 | The issue where unmanaged resource was leaking when not disposing enumerators was addressed. |
| 612417 | The issue where memory-optimized file groups used by your Orion SQL on-premise database prevented the migration of the database to Amazon RDS was addressed. |
| 369002 | The issue where SWIS was crashing because of unstable SQL connection was addressed. |
| 571645 | The issue where nodes kept showing critical CPU even though they were not monitored anymore was addressed. |
| 547771 | The location of Apollo logs was unified. |
| 114626, 208005, 25618, 481620, 540680, | An issue in alerts with the “less than X objects meet condition” threshold in their definition was addressed. |
| 513022 | Azure AD FS is supported by the SAML login feature. |
| 498635 | The issue where PerfStack charts did not display in scheduled reports in the HTML format was addressed. |
| 541085 | A modern dashboards issue where the Do not show a prefix icon option was accepted was addressed. |
| 262094, 269043, 330129, 365503, 472090, 503972, 534625, 539054, 610968 | Issues when changing time frame on PerfStack charts in a custom chart report were addressed. |
| 556526, 557080, 557589, 558717, 566095, 570979, 576587, 588311, 588736, 591058, 635054, 665131 | Issues where Orion Agents were using port 5000 were addressed. |
| 471368 | Performance issues on systems with more than 20 licenses were addressed. |
| 375228 | Polling issues with agents that were not available for a longer period of time were addressed. |
| 691942 | Issues when adding or editing alert actions, such as Execute External Program, in Internet Explorer 11 were addressed. |
| 713580, 714118, 714816, 720637 | Installation issues caused by revoked or expired certificates were addressed. |
| 716170, 720945, 726532, | Missing ServiceNow integration plugin. |
| 686208, 700536 | The issue where nodes were down after switching the Orion Agent to another polling engine was addressed. |
| 668771 | An i-frame rule issue preventing the Training page under My Dashboards > Home > Training from displaying was addressed. |
| 622479, 651007, 714727 | The issue where RabbitMQ stopped working as a result of Mnesia crashing when dumping the log file was addressed. |
| 642858 | Logging of plugging collector during plugin loading was improved. |
| 647339 | Issues with the diagnostics DatabaseSchemaTask in non-Azure databases were addressed. |
| 647339 | Orphaned tools from the Orion installer were removed. |
| 622884, 626642, 650105 | SWA response issues after updating Centralized Settings were addressed. |
| 627942 | The issue where incorrect versions of packages were installed was addressed. |
| 305045, 558165, 609821 | Issues in the database integrity tests in Active Diagnostics were addressed. |
| 687714 | The issue where Linux agents were preventing plugin upgrades or uninstallation was addressed. |
| 465850 | TLS renegotiation for OpenSSL used by RabbitMQ was disabled. |
| 624245 | The timeseries framework version was changed to follow Orion Platform versioning. |
| 309974, 465207, 578326, 565342, 565513, 578326, 594855, 605941, 634984, 643449, 663480 | Issues with agent-polled volumes were addressed. |
| 598315 | Incorrectly interpreted information in Orion Maps links was addressed. |
| 485434, 604462, 616667 | Issues with calculating nodes status based on dependencies were addressed. |
| 485434 | Missing breadcrumbs issues were addressed. |
| 261205, 279716, 535493, 536636, 566645, 574407, 597108, 608583 | Database Maintenance FileCleaner issues were addressed. |
| 553153 | The issues where the custom property named Category required the number type to build graphs was addressed. |
| 364302, 381437, 447385, 447385, 539771, 578474, 702037 | Validation for retention settings was added to disable incorrect time entries for retention. |
| 535493, 536636 | Issues with Active Diagnostics check “Database index fragmentation check” timing out after 30 seconds were addressed. |
| 594516 | Issues with offline installer crashing without notification were addressed. |
| 333300, 428652, 515269, 516157, 545826, 655447, 679488 | Performance issues when NoteStatusRootCause and NodeStatusRootCauseWithLinks columns were included in a data query were addressed. |
| 643398 | The issue where the browser window repeatedly resized modern dashboards multiple times per second was addressed. |
| 573425, 608927 | The issue where the SWIS service kept running without providing a WCF endpoint when the database is not available during startup was addressed. |
| 550584, 560316, 577215, 587630, 587883 | The issue with connecting to the RabbitMQ Cluster after the upgrade from 2020.2 RC2 to 2020.2 RTM was addressed. |
| 431028, 433875, 547642, 574028, 605434, 642886, 671362, 698338, 705269 | The “Error executing SQL: Operand type clash: datetime2 is incompatible with int” in SQL reports was addressed. |
| 596795 | The issue where Database Details were failing on a TB database size was addressed. |
| 605050 | The issues when variables in the Send a GET or POST request to a Web Server alert action break JSON were addressed. |
CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
| CVE-ID | Vulnerability Title | Description | Severity | Credit |
|---|---|---|---|---|
| CVE-2021-3109 | Reverse Tabnabbing and Open Redirect | A Reverse Tabnabbing and Open Redirect vulnerability was found in the custom menu item options page by a security researcher. This vulnerability requires an Orion administrator account to exploit this. | Medium | Jhon Jaro |
| CVE-2020-35856 | Stored XSS in Customize view | A stored XSS vulnerability was found in the add custom tab within customize view page by a security researcher. This vulnerability requires Orion administrator account to exploit this. | High | Jhon Jaro |
| Pending | RCE via Actions and JSON Deserialization | A remote code execution vulnerability has been found via the test alert actions. An Orion authenticated user is required to exploit this. | Critical | ZDI Trend Micro |
| Pending | SolarWinds Orion Job Scheduler RCE | The vulnerability can be used to achieve authenticated RCE as Administrator. In order to exploit this, an attacker first needs to know the credentials of an unprivileged local account on the Orion Server. | High | Harrison Neal, ZDI Trend Micro |
Deprecation notices
In Orion Platform 2020.2, the following platforms and features are deprecated.
Deprecated platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features. Customizations applied to a deprecated feature might not be migrated if a new feature replaces the deprecated one.
For information about supported version of SolarWinds products, see Currently supported software versions.
| Type | Details |
|---|---|
| Legacy Orion Report Writer | Starting with Orion Platform 2019.4, all out-of-the-box reports are web-based. In Orion Platform 2020.2, the Report Writer is only available in the ReadOnly mode. Migrate your custom reports to the web. You can no longer add new Report from Orion Report Writer widgets to your views. Existing Orion Report Writer widgets in views will remain in place. |
| Network Atlas | Network Atlas is deprecated as of this release and will be removed in a future release. SolarWinds recommends that you start using Orion Maps in the Orion Web Console to display maps of physical and logical relationships between entities monitored by the Orion Platform products you have installed. |
Legal notices
© 2021 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.