* Thu Jan 26 2023 ecsos <ecsos@opensuse.org>
- Update to 2.11.4
* Notable Fixes
- Add/Edit dashlet not possible #4970
- Custom library path + custom library, without slash in its
name, results in exception #4971
- Reflected XSS vulnerability in User Backends config page #4979
See: https://github.com/Icinga/icingaweb2/milestone/78?closed=1
- Add icingaweb2-additions.tar.gz with source from version 2.11.3
because upstream has removed packages and etc source dir and files.
See: https://github.com/Icinga/icingaweb2/pull/4964
* Wed Dec 14 2022 ecsos <ecsos@opensuse.org>
- Update to 2.11.3
This is a security release.
* Minor to Medium Vulnerabilities
- Open Redirects for logged in users #4945
- SSH Resource Configuration form XSS Bug #4947
- Dashlets allow the user to run Javascript code #4959
- Role member suggestion endpoint is reachable for unauthorized
users #4961
* The More Usual Dose of Fixes
- Browser print dialog result broken #4957
- Shared navigation items are not accessible #4953
- While using dropdown filter menu it gets closed automatically
due to autorefresh #4942
* Tue Nov 08 2022 ecsos <ecsos@opensuse.org>
- Update to 2.11.2
It brings performance improvements and general fixes.
Most notable of which are that having e.g. notifications disabled
globally is now visible in the menu again and that the event
history is grouped by days again.
See: https://github.com/Icinga/icingaweb2/milestone/76?closed=1
* Thu Jul 07 2022 ecsos <ecsos@opensuse.org>
- Update to 2.11.1
This update's main focus is to solve the issue that all history
views didn't work correctly or showed invalid time and dates. (#4853)
* Fri Jul 01 2022 ecsos <ecsos@opensuse.org>
- Update to 2.11.0
* Enhancements, Some
- Support for PHP 8.1 #4609
- Redesign User Menu #4651
- &showFullscreen suppresses announcements #4596
* Fixes, More
- Navigation item filter * not working #4772
- Objects with a * in the name are not found #4682
- Theme mode switch disabled on theme with mode support #4744
* When developers become cleaning maniacs
- User preferences in INI files not supported anymore #4765
- mysql: use of utf8 vs utfmb4 #4680
- Remove Vagrant file and its assets #4762
* Thu Jun 30 2022 ecsos <ecsos@opensuse.org>
- Update to 2.10.3
This release mainly ensures compatibility with icinga-php-library
v0.9.0 and Icinga DB Web 1.0.0. Two fixes regarding the theme
mode support are also included (#4744 and #4835)
* Wed Apr 06 2022 ecsos <ecsos@opensuse.org>
- Update to 2.10.1
- Clicking anywhere on a list item in the dashboard now opens the
primary link again, instead of nothing #4710
- The Check Now and Remove Acknowledgement quick actions in an
object's detail header are now working again #4711
- Clicking on the big number in the tactical overview if there
are UNKNOWN services, shows UNKNOWN services now #4714
- The contrast of text in the sidebar, while in light mode,
has been increased #4720
- A theme without mode support, which is set globally,
now also prevents users from configuring the mode #4723
- Drop 6498d8b035cbaa287d67a61b3f09310a191a5e10.patch,
because now in upstream.
* Wed Mar 30 2022 ro@suse.de
- add 6498d8b035cbaa287d67a61b3f09310a191a5e10.patch
taken from upstream PR 4721 fixing mouseover for list items
to make checks selectable again
* Thu Mar 24 2022 ecsos <ecsos@opensuse.org>
- Update to 2.10.0
Release information see: https://github.com/Icinga/icingaweb2/releases
Fixed issues see: https://github.com/Icinga/icingaweb2/milestone/63?closed=1
* Tue Mar 08 2022 ecsos <ecsos@opensuse.org>
- Update to 2.9.6
* Security Fixes
Please check the advisories on GitHub for more details.
- Path traversal in static library file requests for
unauthenticated users GHSA-5p3f-rh28-8frw
- SSH resources allow arbitrary code execution for
authenticated users GHSA-v9mv-h52f-7g63
- Unwanted disclosure of hosts and related data, linked to
decommissioned services GHSA-qcmg-vr56-x9wf
* Mon Nov 22 2021 ecsos <ecsos@opensuse.org>
- Update to 2.9.5
* This is a hotfix release which fixes the following issues:
- Some detail views of Icinga Director and other modules are
broken with Web 2.9.4 #4598
- Error on skipping LDAP Discovery #4603
* Wed Nov 10 2021 ecsos <ecsos@opensuse.org>
- Update to 2.9.4
* Broken Preference Configuration
- Config/Preferences not accessible without config.ini #4504
- "My Account" broken after Upgrade from 2.8.2 to 2.9.3 #4512
* Notable Fixes in the UI
- Proposal for new Feature make comments collapsible #4515
- new line character is being removed in the plugin output #4522
* Less Notable But No Less Important Fixes
- announcements request clears focus #4543
- js: Fix regression for loading dependent modules for sub-containers #4533
- Changes from 2.9.3
* Staying remembered on RHEL/CentOS 7 now possible
- Stay Logged In - Unknown cipher algorithm #4493
* Missing icons with SLES/OpenSUSE 15
- Missing fileinfo php extension on SLES/OpenSUSE 15+ #4503
* Child downtimes for services are now removed automatically
- If appropriate, set the API parameter all_services for schedule-downtime #4501
- Changes from 2.9.2
This is a hotfix release. v2.9.1 included a change that wasn't
compatible with PostgreSQL again. This has been fixed in this
release. (#4490)
- Changes from 2.9.1
* Pancakes everywhere
- Nested custom variables are flattened #4439
- Disable login orb animation and all orbs for themes #4468
- SVG chart library doesn't process input as UTF-8 #4462
* Staying remembered too difficult
- RememberMe not working with only PostgreSQL #4441
- RememberMe compatibility with php version 5.6+ #4472
- RememberMe fails after running the wizard for grants #4434
* Being picky pays off
- Datetimepicker not usable by keyboard #4442
- Close the datepicker automatically #4461
- Paragraphs in Acknowledge/Downtime not possible #4443
- Changes from 2.9.0
* Icinga DB
- We continue our endeavour soon. Icinga Web 2 is still a
crucial part of it and this update is again required for
Icinga DB. If you like to participate again, don't forget
to update Icinga Web 2 as well.
* Security Fixes
This release includes two security related fixes. Both were
published as part of a security advisory on Github. They allow
the circumvention of custom variable protection rules and
blacklists as well as a path traversal if the doc module is
enabled. Please check the respective advisory for details.
- Custom variable protection and blacklists can be circumvented GHSA-2xv9-886q-p7xx
- Possible path traversal by use of the doc module GHSA-cmgc-h4cx-3v43
* RBAC, The Elephant In Icinga Web 2
- Authorization enhancements #4306
- Audit View #4336
- Highlight modules with permissions set inside a role #4241
* Support for PHP 8
- Support PHP 8 #4289
- Raise minimum required PHP version to 7.3 #4397
* Stay, Be Remembered
- Implement a "remember me" feature #2495
* It Does Matter, When
- Add datetime picker widget #4354
- Expire Option for Comments #3447
- Custom defaults for downtime end, comment and duration #4364
* Wed Nov 10 2021 ecsos <ecsos@opensuse.org>
- Update to 2.8.5
No changelog from upstream.
* Tue Jul 27 2021 ecsos <ecsos@opensuse.org>
- Update to 2.8.4
- This release only contains a single fix for flattened custom
variables. #4439
* Mon Jul 12 2021 ecsos <ecsos@opensuse.org>
- Update to 2.8.3
* Security Fixes
This release includes two security related fixes.
Both were published as part of a security advisory on Github.
They allow the circumvention of custom variable protection
rules and blacklists as well as a path traversal if the doc
module is enabled. Please check the respective advisory for
details.
- Custom variable protection and blacklists can be circumvented
GHSA-2xv9-886q-p7xx
- Possible path traversal by use of the doc module
GHSA-cmgc-h4cx-3v43
* Fri Nov 27 2020 ecsos <ecsos@opensuse.org>
- Expand README.SUSE.
* Thu Nov 26 2020 ecsos <ecsos@opensuse.org>
- Add missing requires php-curl, php-imagick.
- Add a2enmod mod_php and mod_rewrite at post section.
* Sat Aug 22 2020 ecsos <ecsos@opensuse.org>
- Update to 2.8.2
Notice: This is a security release.
It is recommended to immediately upgrade to this release.
You can find all issues related to this release on the respective
milestone.
* Path Traversal Vulnerability
The vulnerability in question allows an attacker to access
arbitrary files which are readable by the process running
Icinga Web 2. Technical details can be found at the
corresponding CVE-2020-24368 and in the issue below.
- Possible path traversal when serving static image files #4226
* Broken Negated Filters with PostgreSQL
We've also included a small non-security related fix. Searching
for e.g. servicegroup!=support leads to an error instead of the
desired result when using a PostgreSQL database.
- Single negated membership filter fails with PostgreSQL #4196
* Mon Jun 29 2020 ecsos <ecsos@opensuse.org>
- Update to 2.8.1
* Case Sensitivity Problems
A fix in v2.8.0 led to users being not able to login if they
got their username's case wrong. A hostgroup name's case has
also been incorrectly taken into account despite using a CI
labelled column in the servicegrid and other lists.
- Login usernames now case sensitive in 2.8 #4184
- Case insensitive hostgroup filter in service grid not working
[#4178]
* Issues With Numbers
An attempt to avoid misrepresenting environments in the
tactical overview had an opposite effect by showing negative
numbers. Filtering for timestamps in the event history also
showed no results because our filters couldn't cope with plain
numbers anymore.
- Tactical overview showing "-1 pending" hosts #4174
- Timestamp filters not working correctly in history views
[#4182]
* Mon Jun 08 2020 ecsos <ecsos@opensuse.org>
- Update to 2.8.0
* Icinga DB
It's happening. Yes. Our latest achievement is now available
for those who are willing to participate in this enormous
endeavour. Icinga Web 2 is also a crucial part of it and
accompanies the first release of Icinga DB. If you like to
participate, don't forget to update Icinga Web 2 as well.
* Support for PHP 7.4 and MySQL 8
We also made sure that you won't be disappointed by Icinga Web 2
if you're running PHP 7.4 or trying to access a MySQL database
with version 8+. These should pose no issues anymore now. But
if you still somehow managed to get issues please let us now
and we'll fix it asap.
- Exceptions with MySQL 8 #3740
- Support for PHP 7.4 #4009
* Find What You Search For
It's been previously not possible to properly filter for range
values. This was especially true for custom variables where,
if you searched for e.g. _host_interfaces>=20, you wouldn't
find the correct results. If you often copy some values in our
search fields you may also been a victim of extraneous spaces
which are now automatically trimmed.
- Filter: more/less than doesn't seem to working #3974
- Search object followed by a space finds no results #4002
* Don't Leave Your Little Sheep Unattended
It's time again to further restrict your users. It's now
possible to completely block any access to contacts and
contactgroups for specific roles. These won't ever see again
who's notified and who's not. Also, if you are using single
accounts for a group of people you can now disable password
changes for those.
- Prohibit access to contacts and contactgroups #3973
- Allow to forbid password changes on specific user accounts #3286
* In and Out, Access Control Done Right
While we have no burgers but cookies you are nevertheless
welcome to visit Icinga Web 2. And now you can also successfully
leave while being externally authenticated and unsuccessfully
enter while being unable to not add extraneous spaces to your
username.
- External logout not working from the navigation dashboard #3995
- Username with extraneous spaces are not invalid #4030