Skip to content
  • There are no suggestions because the search field is empty.

What's New in 12.5.1.3 Release

What's New in 12.5.1.3 Release

The NetWitness Platform 12.5.1.3 Release Notes describe several defects, critical security patches for vulnerabilities reported, upgrade paths, fixed issues, known issues, build numbers, and self-help resources.

Fixes and Security Patches

The following sections are a complete list and description of fixes and security patches:

  • NetWitness Platform User Interface
  • Admin Server
  • UEBA

To locate the documents that are referred to in this section, see https://community.netwitness.com/s/netwitness-platform-documentation.

The Getting Help with NetWitness Platform section has links to the documentation for this release.

NetWitness Platform User Interface

  • The Show next 100 hosts button in the Hosts tab was not functioning, preventing the visibility of all Endpoint agents. This issue has been resolved in the 12.5.1.3 release.

  • The widgets on the Home dashboard showed offline errors instead of data, even when the Respond Server was online. This issue has been resolved in the 12.5.1.3 release.

  • In the Admin View of the Home page, the Packets vs Entitlement and Logs vs Entitlement widgets previously displayed an unhandled error message instead of data when any service does not have a displayName saved in the DB. This issue has been resolved in the 12.5.1.3 release.

Admin Server

In the Decoder > Config > Parsers tab, after uploading a parser, the Live Status and Date Installed fields previously displayed no values. This issue has been resolved in the 12.5.1.3 release.

For parsers uploaded before the fix and after upgrading to version 12.3 or later, the fields will remain blank because the data was never saved.

UEBA

  • In version 12.5 or later, the UEBA stats, such as the number of alerts and user counts, etc, were not displayed in the (Admin) > Health & Wellness > System Stats Browser tab. This issue has been resolved in the 12.5.1.3 release.

  • Data conversion errors were observed in the Hourly Output processor DAG on Airflow. This issue has been resolved in the 12.5.1.3 release.

  • The logs for the maintenance flow DAG Airflow cleanup have been piling up over time due to an issue with log trimming. This issue has been resolved in the 12.5.1.3 release.

  • The UEBA Server fails to fetch events from the data source (Broker or Concentrator) and eventually times out, resulting in a null pointer exception. This issue has been resolved in the 12.5.1.3 release.

  • Red banner errors are observed on the NetWitness Platform Users page because the presidio-output service starts before the UEBA Server is ready to accept the requests redirected from the output service. This issue has been resolved in the 12.5.1.3 release.

  • The date range filters on the Users > Alerts page are not working correctly. When a date range is selected, the data displayed corresponds to the values selected by the previous filter values instead of the newly selected range. This issue has been resolved in the 12.5.1.3 release.

  • The Feedback option for None is incorrectly displayed in the Filters panel on the Users > Alerts page. Currently, it shows as Missing Translation “investigateUsers.feedback.none” for locale “en-us”. This issue has been resolved in the 12.5.1.3 release.

Security Updates

Addresses the latest security vulnerabilities reported against various libraries the NetWitness Platform uses:

  • CRITICAL

    CVE-2024-3596, CVE-2023-39332, CVE-2018-12699

  • MAJOR

    CVE-2024-7254, CVE-2024-42284, CVE-2024-6232, CVE-2024-9632, CVE-2024-9675, CVE-2024-27980, CVE-2024-27983, CVE-2024-21892, CVE-2024-21896, CVE-2023-39331, CVE-2023-30584, CVE-2023-32004, CVE-2023-38552, CVE-2023-44487, CVE-2024-22017, CVE-2024-22019, CVE-2024-46858, CVE-2024-10963, CVE-2024-21147, CVE-2023-48161

  • MODERATE

    CVE-2024-21235, CVE-2024-44935, CVE-2024-26851, CVE-2024-42244, CVE-2024-27062, CVE-2024-42292, CVE-2024-41092, CVE-2024-40983, CVE-2024-41093, CVE-2024-40984, CVE-2024-26924, CVE-2024-38541, CVE-2024-24857, CVE-2024-42301, CVE-2024-35939, CVE-2024-27017, CVE-2024-38608, CVE-2024-46826, CVE-2024-41066, CVE-2022-48773, CVE-2024-26976, CVE-2024-45018, CVE-2024-40961, CVE-2024-41009, CVE-2024-42079, CVE-2024-38540, CVE-2024-35898, CVE-2023-52492, CVE-2024-43880, CVE-2024-42070, CVE-2024-40924, CVE-2024-47668, CVE-2024-41042, CVE-2024-43889, CVE-2024-39503, CVE-2024-43892, CVE-2024-38586, CVE-2024-43854, CVE-2024-35839, CVE-2024-44990, CVE-2024-44989, CVE-2024-9407, CVE-2024-9341, CVE-2024-50602, CVE-2024-23449, CVE-2024-22020, CVE-2023-39333, CVE-2024-21890, CVE-2024-27982, CVE-2023-46809, CVE-2024-21891, CVE-2024-27399, CVE-2024-38564, CVE-2024-27043, CVE-2024-10041, CVE-2024-9287, CVE-2024-21140, CVE-2024-21235, CVE-2024-21145, CVE-2024-38428

  • MINOR

    CVE-2024-21210, CVE-2024-21208, CVE-2024-21217, CVE-2023-45143, CVE-2024-36137, CVE-2024-37372, CVE-2024-22018, CVE-2024-11168, CVE-2024-21208, CVE-2024-21131, CVE-2024-21210, CVE-2024-21144, CVE-2024-21138, CVE-2024-21217, CVE-2019-12900

For more information on Security Fixes, see https://community.netwitness.com/s/article/NetWitnessSecurityFixes.

Upgrade Paths

The following upgrade paths are supported for NetWitness Platform 12.5.1.3:

  • NetWitness Platform 12.5.1.0 to 12.5.1.3

  • NetWitness Platform 12.5.0.0 to 12.5.1.3

  • NetWitness Platform 12.4.2.0 to 12.5.1.3

  • NetWitness Platform 12.4.1.0 to 12.5.1.3

  • NetWitness Platform 12.4.0.0 to 12.5.1.3

  • NetWitness Platform 12.3.1.0 to 12.5.1.3

  • NetWitness Platform 12.3.0.0 to 12.5.1.3

  • NetWitness Platform 12.2.0.1 to 12.5.1.3

  • NetWitness Platform 12.2.0.0 to 12.5.1.3

For more information on upgrading to 12.5.1.3, see the Upgrade Guide for NetWitness Platform 12.5.1.3.

NetWitness Platform advises users to check their software versions, as versions 12.2 and earlier have reached End of Life (EOL) as of March 31, 2024. For more information, see https://community.netwitness.com/s/news/product-version-life-cycle-for-netwitness-platform-MCACAQCUG63VGCBMYTNCFBSBPLIY. To take advantage of the latest features and security updates, NetWitness Platform recommends upgrading to version 12.5.1.3.

If you want to upgrade from 11.7.x or 11.7.x.x versions to 12.5.1.3 version, you must first upgrade to 12.2.0.0 or 12.3.0.0 version before upgrading to 12.5.1.3.

The Warehouse connector uses a lockbox to store credentials securely for data integration sources and destinations. However, users upgrading from earlier versions to the 12.5.1.3 version cannot start the configured streams without migrating their existing credentials in the new lockbox. As a result, users must manually create a new lockbox key and then refresh the password for their sources and destinations configured in Warehouse Connector, wherever applicable. For detailed instructions on creating the new lockbox key, refer to the Warehouse Connector section under the Post Upgrade Tasks in the Upgrade Guide for NetWitness Platform 12.5.1.3.

Product Version Life Cycle for NetWitness Platform

See for Product Version Life Cycle for NetWitness Platform a list of versions that reach End of Primary Support (EOPS).