|Reference Number||Description||Resolved in Version|
SolAdmin can fail to display the correct time zone of the broker at General -> Basic Router Properties -> Router Time.
This is a display issue on SolAdmin and does not affect the actual time zone of the Solace broker.
SolAdmin's XML parser is vulnerable to CVE-2021-23926 and as such is not protected from all malicious XML input. Typically SolAdmin is only used to manage Solace brokers which do not send malicious XML.
SolAdmin will not work with Java 17.
SolAdmin is packaged with a version of Log4j2 that exposed to CVE-2021-44832 (CVSS v3 score: 6.6): "AApache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server."
SolAdmin is packaged with a version of Log4j2 that exposed to CVE-2021-44228 (CVSS v3 score: 10.0): "Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.". Starting in 18.104.22.168, SolAdmin is packaged with Log4j2 2.16.0.
SolAdmin will display a SEMPParseException exception when a disk with more than 4,294,967,295 blocks is used.
Updated the version of Putty to version 0.74
When adding/editing LDAP Servers, SolAdmin blocks ldaps:// from being entered.
The Commons Collections component was updated to address CVE-2015-6420 and CVE-2017-15708 and internal test code that included a hard coded secret was removed.
SolAdmin now uses Preemptive Basic Negotiation when sending requests to avoid unnecessary 401 Unauthorized responses from the broker.
In SolOS 9.5 and above the response to a SEMPv1 request for "show redundancy detail" may not validate against the schema.
|Reference Number||Description||Introduced in Version|
Log4j 2.x does not accept log4j 1.x configuration files. Solace provides a sample Log4j2 xml configuration file. The sample can be customized as needed. Previously created log4j 1.x configuration files may need to be ported over to the Log4j 2.x format.