6 Replies Latest reply on Oct 2, 2018 10:45 AM by timmckeehan

SQL Server Compact Edition 3.5

dsimpkins Sep 5, 2018 11:37 AM

Hi,

I understand this is needed as part of the job engine but our security team has just jumped all over my back as it is EOL and support ended back in April 2018.

Version 4 is available but i'm not sure i can just go install the latest version without causing any issues, has anyone got any experience with this and how to keep the security team happy??

Thanks

Re: SQL Server Compact Edition 3.5

ronhilldiscover Sep 17, 2018 1:36 PM (in response to dsimpkins)

Just echoing the same issue. I received a security violation notice today from our internal security team when they found that this is running on EOL software and the requirement that we move it off the SQL Server Compact 3.5 platform.
Like (0)

Actions
Re: SQL Server Compact Edition 3.5

yagyavir.singh@gmail.com Sep 24, 2018 9:40 AM (in response to dsimpkins)

Don't

We have spent more than 50 hours in identifying that compact version 4 does not work well with
Orion Platform 2017.1.3 SP3, NPM 12.1, SAM 6.4.0 and
Orion Platform 2018.2.1 SP1, NPM 12.3, SAM 6.6.1

I am going to open a support case to identify support version matrix for SQL compact engine
1 of 1 people found this helpful
Like (1)

Actions
Re: SQL Server Compact Edition 3.5

yagyavir.singh@gmail.com Sep 24, 2018 11:17 AM (in response to dsimpkins)

I got the response from Solarwind support.

Hi ,

Currently we only support 3.5 even for NPM 12.3
There is already a request to have CE 4 and our developers are now looking into it.
We don't have ETA for that yet because this will be on the architectural level.

Cheers,
Rechmonjun Guarin
SolarWinds Technical Support | Unexpected Simplicity

aLTeReGo - I am tagging you for bringing this to your attention. 3.5 has already reached EOL and security teams are giving tough time to keep this version running. Latest version 4.0 SP1 is not going well with Orion platform. I will request your support to prioritize this work. I am sure this will become a big security risk item in my company.
Like (0)

Actions
- Re: SQL Server Compact Edition 3.5
  
  aLTeReGo Sep 24, 2018 11:23 AM (in response to yagyavir.singh@gmail.com)
  
  There is currently no way in which to get SQL CE 4.0 SP1 to work with Orion. Rest assured, however, that there are zero known vulnerabilities with SQL CE 3.5 and therefore poses no security risk. We are aware of SQL CE 3.5 being EoL and are actively taking action to address.
  
  Like (0)
  
  Actions
  - Re: SQL Server Compact Edition 3.5
    
    yagyavir.singh@gmail.com Sep 24, 2018 11:25 AM (in response to aLTeReGo)
    
    Thank you aLTeReGo
    
    Like (0)
    
    Actions
Re: SQL Server Compact Edition 3.5

timmckeehan Oct 2, 2018 10:45 AM (in response to dsimpkins)

We have the same EoL flag showing up on our vulnerability assessment.

I understand there are no known vulnerabilities with SQL CE 3.5 but that is no excuse for SolarWinds to ignore the end of life date, is it too early to inform them that CE 4.0 was released in 2011 and extended support ends in 2021?
Like (0)

Actions

Go to original post