Headline
CVE-2022-47508: SAM 2023.1 Release Notes
Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.
Release date: February 15, 2023
Last updated: February 17, 2023
These release notes describe the new features, improvements, and fixed issues in Server & Application Monitor 2023.1. They also provide information about upgrades and describe workarounds for known issues.
Learn more
- For information on the latest hotfixes, see SAM Hotfixes.
- For release notes for previous SAM versions, see Previous Version documentation.
- For information about requirements, see SAM system requirements.
- For information about working with SAM, see the SAM Administrator Guide.
New features and improvements
Return to top
SAM 2023.1 offers new features and improvements compared to previous releases of SAM.
See also the SolarWinds Platform 2023.1 Release Notes.
New customer installation
Return to top
For information about installing Server & Application Monitor, see the SolarWinds Platform Product Installation and Upgrade Guide.
Before you upgrade!
Return to top
SAM 2020.2.1 can be upgraded from versions 2020.1 and later. If you are running a version earlier than SAM 2020.2.1, please upgrade to SAM 2020.2.6 first and then upgrade to SAM 2023.1.
How to upgrade
Return to top
Go to Settings > My Deployment to initiate the upgrade. The SolarWinds Installer upgrades your entire deployment (all SolarWinds Platform products and any scalability engines).
You must be on SAM 2020.2.1 or later to upgrade to SAM 2023.1. If you are on SAM 2020.2 or earlier, first upgrade to 2020.2.6 and then upgrade to 2023.1.
Fixed issues
Return to top
SAM 2023.1 fixes the following issues.
Case number
Description
00666976
SAM 2020.2.1 no longer automatically upgrades Orion agents to .net 4.8.
00519354, 00574585, 00625367
The Component Details Widget no longer shows the <br> tag on the resource output.
00317146
The variable for warning and critical statistic threshold is now working for the Linux component.
01000359
The temp table column no longer shows the wrong data type.
00603123
The Start/Restart services buttons now work on the Component Details Widget.
SAM 2023.1 contains all of the fixed issues from the SolarWinds Platform 2023.1 release.
See the SolarWinds Platform 2023.1 Release Notes for more information.
CVEs
Return to top
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
CVE-ID
Vulnerability Title
Descriptions
Severity
Credit
CVE-2022-47508
Disable NTLM: SAM 2022.4
Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.
High
Known issues
Return to top
Issue
Notes
Bad Request error can appear when creating new API Poller.
As a workaround:
Edit the API Poller that has a Bad request error.
Click Configure.
Turn off the Use custom polling interval option.
Save the API Poller.
OpenJDK15 included with SAM, to connect to JBoss using JConsole with either protocol, remote+http or remoting-jmx, is resulting in errors.
Different versions of JBoss use different protocol, as shown below.
WildFly 8, 9, and 10 and JBoss EAP 7 use protocols: service:jmx:remote+http://ip:9990 or service:jmx:remote+https://ip:9994
JBoss EAP 6 and JBoss AS 7 use protocol: service:jmx:remoting-jmx://ip:9999
JBoss EAP 5.2 and JBoss AS 6.1 use protocol: service:jmx:rmi:///jndi/rmi://ip:1090/jmxrmi
In order for the SAM JMX Monitor to connect, copy the jboss-cli-client.jar provided by the JBoss EAP installation to a location in SolarWinds Platform. Add the path location in jsl64.ini and then restart the JMXBridge service through Orion Service Manager.
If using JConsole to connect to a remote JBoss server for testing or troubleshooting purposes, install the latest JDK version on SolarWinds Platform server that supports jconsole.jar, and make sure JConsole uses the new JDK path.
When adding Exchange 2016 node to be monitored via WMI polling method, Exchange AppInsight is not discovered and the wizard hangs.
As a workaround, complete these steps.
In the Add node Wizard:
Choose ICMP polling method.
Finish the wizard.
Manually assign Exchange AppInsight.
Choose Agent polling method.
In Network Discovery, avoid discovering Exchange 2016 nodes via WMI. Before discovery, add them as described under Add node Wizard above.
End of life notices
Return to top
Version
EoL Announcement
EoE Effective Date
EoL Effective Date
2020.2.6
April 18, 2023: End-of-Life (EoL) announcement – Customers on SAM 2020.2.6 should begin transitioning to the latest version of SAM.
May 18, 2023: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SAM 2020.2.6 will no longer be actively supported by SolarWinds.
May 18, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SAM 2020.2.6
2020.2.5
January 18, 2023: End-of-Life (EoL) announcement – Customers on SAM 2020.2.5 should begin transitioning to the latest version of SAM.
February 17, 2023: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SAM 2020.2.5 will no longer be actively supported by SolarWinds.
February 17, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SAM 2020.2.5.
2020.2.4
October 19, 2022: End-of-Life (EoL) announcement – Customers on SAM 2020.2.4 should begin transitioning to the latest version of SAM.
November 18, 2022: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SAM 2020.2.4 will no longer be actively supported by SolarWinds.
November 18, 2023: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SAM 2020.2.4.
2020.2.1
October 19, 2022: End-of-Life (EoL) announcement – Customers on SAM 2020.2.1 should begin transitioning to the latest version of SAM.
November 18, 2022: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SAM 2020.2.1 will no longer be actively supported by SolarWinds.
November 18, 2023: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SAM 2020.2.1.
2020.2
October 19, 2022: End-of-Life (EoL) announcement – Customers on SAM 2020.2 should begin transitioning to the latest version of SAM.
November 18, 2022: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SAM 2020.2 will no longer be actively supported by SolarWinds.
November 18, 2023: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SAM 2020.2.
2019.4
July 27, 2022: End-of-Life (EoL) announcement - Customers on SAM version 2019.4 should begin transitioning to the latest version of SAM.
August 26, 2022: End-of-Engineering (EoE) - Service releases, bug fixes, workarounds, and service packs for SAM version 2019.4 will no longer be actively supported by SolarWinds.
August 26, 2023: End-of-Life (EoL) - SolarWinds will no longer provide technical support for SAM version 2019.4.
6.9.1
July 27, 2022: End-of-Life (EoL) announcement - Customers on SAM version 6.9.1 should begin transitioning to the latest version of SAM.
August 26, 2022: End-of-Engineering (EoE) - Service releases, bug fixes, workarounds, and service packs for SAM version 6.9.1 will no longer be actively supported by SolarWinds.
August 26, 2023: End-of-Life (EoL) - SolarWinds will no longer provide technical support for SAM version 6.9.1.
6.9
July 27, 2022: End-of-Life (EoL) announcement - Customers on SAM version 6.9 should begin transitioning to the latest version of SAM.
August 26, 2022: End-of-Engineering (EoE) - Service releases, bug fixes, workarounds, and service packs for SAM version 6.9 will no longer be actively supported by SolarWinds.
August 26, 2023: End-of-Life (EoL) - SolarWinds will no longer provide technical support for SAM version 6.9.
See the End of Life Policy for information about SolarWinds product lifecycle phases. For supported versions and EoL announcements for all SolarWinds products, see Currently supported software versions.
Legal notices
Return to top
© 2023 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.