Common Gateway Security Fixes
Improved Security Hardening for Classic and NextGen Gateway
OpsRamp implemented additional security hardening measures in Classic and NextGen Gateway to address vulnerabilities reported by customers. The update removes support for weak SSH MAC algorithms by restricting SSH to strong, modern MACs only, improving the security of remote access.
In NextGen Gateway, ICMP timestamp reply responses are also disabled to prevent potential information disclosure; this protection was already in place for Classic Gateway.
These changes are applied through both ISO installation and patch/upgrade workflows, require no manual intervention, and have no impact on normal gateway operations or monitoring functionality.
Common Gateway Bug Fixes
Changes to Default Gateway Passwords
OpsRamp updated the default password behavior in Gateway installer and upgrade workflows to prevent reuse of earlier default passwords.
In Classic Gateway, the default ruser password is updated during ISO installation. During a patch or upgrade, the password is rotated only if the earlier default password is still in use.
In NextGen Gateway, Gateways updated to 21.1.0 will have the updated default password applied. Also, see the NextGen Gateway Known Issues section to understand when the default password is not updated.
Gateways with customized passwords are not impacted; no functional or operational impact is expected after the update, and manual password updates remain available through the Gateway Admin UI.
Classic Gateway Bug Fixes
Resolved External Proxy Credential Character Support in Classic Gateway
OpsRamp resolved an issue in the Classic Gateway where restrictions on allowed characters prevented customers from configuring external proxy usernames and passwords containing special characters.
The gateway now supports all characters for external proxy credentials, enabling customers to use their existing proxy authentication standards without modification. This change improves compatibility with customer‑defined credentials while maintaining secure input validation.
NextGen Gateway Enhancements
NextGen Gateway Managed OTeL
OpsRamp introduces Gateway Managed OpenTelemetry (OTel) Collector to extend Syslog support beyond alerting and enable centralized log collection.
The OTel‑based integration installs and manages the OpenTelemetry Collector on NextGen gateways, captures Syslog and infrastructure logs, applies YAML‑based filters, and securely forwards processed logs to OpsRamp for storage and analysis. For more information, refer Install Gateway Managed OTEL Collector.
NextGen Gateway Security Fixes
We have identified and fixed critical security vulnerabilities that were present in NextGen Gateway 21.0.0. This release includes the following security fixes:
- Operating system and base image security patches
- Upgrades to affected third‑party libraries and gateway components
- Security hardening updates to address known vulnerability vectors
All identified critical issues have been resolved and validated through security and compliance checks. These updates introduce no functional changes and have no impact on gateway performance or stability.
We recommend you upgrade to 21.1.0 to apply the latest security fixes.
NextGen Gateway Known Issues
NextGen Gateway Default Password Not Updated After Upgrade
When a NextGen Gateway is deployed using version 21.0.0 (ISO) and later upgraded or registered with version 21.1.0, the portal displays the updated version, but the default gateway-admin password remains unchanged. The default password is updated only during the next major release upgrade.
Classic Apps Enhancements
Enhanced Syslog Events Monitoring with Syslog Collection Support
OpsRamp has enhanced Syslog Events Monitoring by introducing a Syslog Collection option. This feature enables users to persist received syslog events within the platform.
You can view all collected logs under Infrastructure > Logs. This feature is applicable only for NextGen Gateway version 21.1.0 and above.
HashiCorp Vault Credential Management Support for DNM Integrations
OpsRamp supports HashiCorp Vault–based credential management for Discovery and Monitoring integrations across Classic and SDK‑based applications, enabling secure use of Vault‑managed credentials for discovery, monitoring, templates, and Get latest snapshot operations without storing credentials in OpsRamp.
For more information, refer to the following pages:
Enable Hashicorp Vault Credential Management Feature in Classic Gateway
Enable Hashicorp Vault Credential Management Feature in NextGen Gateway
Oracle DB Monitoring Supports Multiple Database Connection Types Within a Single Monitor
OpsRamp has enhanced Oracle DB query‑based monitoring that allows you to use a single monitor with different connection types for different instances.
The DB Instance List configuration parameter supports multiple connection types by enabling you to specify connection details per instance using the following formats:
instance:port:servicenamefor Service Name–based connectionsinstance:port:sidfor SID‑based connections.
Improved Resilience for VMware Monitoring with Invalid Credentials
OpsRamp has improved VMware monitoring to prevent monitoring disruptions when one or more devices have invalid or outdated credentials. Monitoring jobs now correctly use the latest credential configuration and handle credential failures at the individual device level.
As a result, issues with a specific VMware device no longer affect monitoring or data collection for other healthy devices, improving overall reliability and resilience.
Enhanced VMware Monitoring to Display NFS Datastore Names Instead of UUIDs
OpsRamp has enhanced VMware monitoring to display NFS datastore names as the component names instead of datastore UUIDs. Previously, NFS datastore components were shown using UUIDs, which made identification difficult. With this update, actual datastore names are now displayed, improving clarity and usability across metrics and visualizations.
As part of this change, component names in graphs will be updated to reflect the NFS datastore names. This may result in changes to graph colors and a visible break in historical data where the component name transitions. Dashboards or PromQL queries that reference the old UUID‑based component names must be updated to use the new datastore names to continue displaying data.
Enhanced Configuration Backup Support for F5 Load Balancers
OpsRamp has enhanced network configuration backup support for F5 Load Balancers to ensure complete device configuration coverage across all partitions. Previously, configuration backups captured only the common partition, which could result in incomplete backups for devices with multiple partitions.
With this update, OpsRamp now collects configuration backups using the show running-config recursive command, ensuring that all partition‑level configuration data is included. This enhancement provides complete visibility and more comprehensive configuration coverage for F5 devices, improving the reliability of network configuration backups.
Elimination of Duplicate IPs During SNMP Discovery
OpsRamp eliminates duplicate IP addresses during SNMP discovery when the same IP is configured multiple ways, such as directly and through subnets or ranges. Each device is discovered only once, resulting in cleaner inventory and improved discovery performance without any configuration changes.
Improved Seed IP Discovery for SNMP Devices
OpsRamp now supports the configuration of include and exclude subnets in Seed IP Discovery, allowing finer control over the IP ranges scanned. This helps prevent scanning of restricted or unnecessary networks and improves accuracy in device onboarding.
CIM Monitoring Alerts for ESXi Hosts Added from Non‑VMware Sources
OpsRamp now supports CIM monitoring alerts for ESXi hosts that are added from sources other than the VMware integration, such as SNMP discovery or manual addition.
When a CIM‑based monitoring template is applied, the platform raises a vmware.cim.error alert if CIM credentials are not assigned to the resource or if the assigned CIM credentials are invalid or not working.
This enhancement ensures consistent alerting behavior across all ESXi hosts, regardless of how they are onboarded, and provides clear visibility into CIM credential and connectivity issues.
Improved Credential Argument Passing Mechanism for RSE Monitoring and WMI Discovery
OpsRamp improves credential security for RSE Monitoring and WMI Discovery by passing credentials through environment variables.
Enhanced vCenter Communication for Better Reliability and Performance
We have made internal improvements to the communication layer used for vCenter discovery and monitoring, resulting in better reliability, faster response handling, and improved overall performance.