Release History for SolAdmin, Version 8.20.0.6
January 2022

Deprecation: Soladmin Cut-through Persistence (CTP)

Solace Cut-Through Persistence (CTP), also known as Cut-Through Messaging, is being deprecated with plans to remove this functionality from all Solace Products starting May 31, 2022.
Please verify that your organization does not use CTP by typing "show message-spools stats" in the command line interface of your PubSub+ event broker and check that "messages delivered cut-through = 0". If your organization is using CTP, please contact Solace at support@solace.com.

SolAdmin No Longer Bundles Java

SolAdmin no longer comes bundled with Java. Please ensure Java 8 (1.8) or later is installed on the platform where SolAdmin will run.

New Features Introduced in Release 8.20.0.6 and Earlier Releases

This section lists the new features introduced in the SolAdmin, between releases 8.20.0.6 and 8.17.0.3.

None

Issues Resolved in Release 8.20.0.6 and Earlier Releases

This section lists the history of resolved issues in the SolAdmin, between releases 8.20.0.6 and 8.17.0.3.
Reference NumberDescriptionResolved in Version
SOL-53129
SolAdmin can fail to display the correct time zone of the broker at General -> Basic Router Properties -> Router Time.
This is a display issue on SolAdmin and does not affect the actual time zone of the Solace broker.
8.20.0.6
SOL-55694
SolAdmin's XML parser is vulnerable to CVE-2021-23926 and as such is not protected from all malicious XML input. Typically SolAdmin is only used to manage Solace brokers which do not send malicious XML.
8.20.0.6
SOL-57927
SolAdmin will not work with Java 17.
8.20.0.6
SOL-62298
SolAdmin is packaged with a version of Log4j2 that exposed to CVE-2021-44832 (CVSS v3 score: 6.6): "AApache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server."
8.20.0.6
SOL-61129
SolAdmin is packaged with a version of Log4j2 that exposed to CVE-2021-44228 (CVSS v3 score: 10.0): "Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.". Starting in 8.19.1.9, SolAdmin is packaged with Log4j2 2.16.0.
8.19.1.9
SOL-49454
SolAdmin will display a SEMPParseException exception when a disk with more than 4,294,967,295 blocks is used.
8.19.0.6
SOL-45430
Updated the version of Putty to version 0.74
8.18.0.8
SOL-45993
When adding/editing LDAP Servers, SolAdmin blocks ldaps:// from being entered.
8.18.0.8
SOL-37198
The Commons Collections component was updated to address CVE-2015-6420 and CVE-2017-15708 and internal test code that included a hard coded secret was removed.
8.17.0.3
SOL-38159
SolAdmin now uses Preemptive Basic Negotiation when sending requests to avoid unnecessary 401 Unauthorized responses from the broker.
8.17.0.3
SOL-38346
In SolOS 9.5 and above the response to a SEMPv1 request for "show redundancy detail" may not validate against the schema.
8.17.0.3

Changed Functionality in Release 8.20.0.6 and Earlier Releases

This section lists the history of changed functionality in the SolAdmin, between releases 8.20.0.6 and 8.17.0.3.
Reference NumberDescriptionIntroduced in Version
SOL-45667
Log4j 2.x does not accept log4j 1.x configuration files. Solace provides a sample Log4j2 xml configuration file. The sample can be customized as needed. Previously created log4j 1.x configuration files may need to be ported over to the Log4j 2.x format.
8.18.0.8

Known Issues in Release 8.20.0.6 and Earlier Releases

This section describes known issues in the SolAdmin, between releases 8.20.0.6 and 8.17.0.3.

None