icingaweb2-2.11.4-bp155.1.5

- Update to 2.11.4
  * Notable Fixes
  - Add/Edit dashlet not possible #4970
  - Custom library path + custom library, without slash in its
    name, results in exception #4971
  - Reflected XSS vulnerability in User Backends config page #4979
    See: https://github.com/Icinga/icingaweb2/milestone/78?closed=1
- Add icingaweb2-additions.tar.gz with source from version 2.11.3
  because upstream has removed packages and etc source dir and files.
  See: https://github.com/Icinga/icingaweb2/pull/4964

- Update to 2.11.3
  This is a security release.
  * Minor to Medium Vulnerabilities
  - Open Redirects for logged in users #4945
  - SSH Resource Configuration form XSS Bug #4947
  - Dashlets allow the user to run Javascript code #4959
  - Role member suggestion endpoint is reachable for unauthorized
    users #4961
  * The More Usual Dose of Fixes
  - Browser print dialog result broken #4957
  - Shared navigation items are not accessible #4953
  - While using dropdown filter menu it gets closed automatically
    due to autorefresh #4942

- Update to 2.11.2
  It brings performance improvements and general fixes.
  Most notable of which are that having e.g. notifications disabled
  globally is now visible in the menu again and that the event
  history is grouped by days again.
  See: https://github.com/Icinga/icingaweb2/milestone/76?closed=1

- Update to 2.11.1
  This update's main focus is to solve the issue that all history
  views didn't work correctly or showed invalid time and dates. (#4853)

- Update to 2.11.0
  * Enhancements, Some
  - Support for PHP 8.1 #4609
  - Redesign User Menu #4651
  - &showFullscreen suppresses announcements #4596
  * Fixes, More
  - Navigation item filter * not working #4772
  - Objects with a * in the name are not found #4682
  - Theme mode switch disabled on theme with mode support #4744
  * When developers become cleaning maniacs
  - User preferences in INI files not supported anymore #4765
  - mysql: use of utf8 vs utfmb4 #4680
  - Remove Vagrant file and its assets #4762

- Update to 2.10.3
  This release mainly ensures compatibility with icinga-php-library
  v0.9.0 and Icinga DB Web 1.0.0. Two fixes regarding the theme
  mode support are also included (#4744 and #4835)

- Update to 2.10.1
  - Clicking anywhere on a list item in the dashboard now opens the
    primary link again, instead of nothing #4710
  - The Check Now and Remove Acknowledgement quick actions in an
    object's detail header are now working again #4711
  - Clicking on the big number in the tactical overview if there
    are UNKNOWN services, shows UNKNOWN services now #4714
  - The contrast of text in the sidebar, while in light mode,
    has been increased #4720
  - A theme without mode support, which is set globally,
    now also prevents users from configuring the mode #4723
- Drop 6498d8b035cbaa287d67a61b3f09310a191a5e10.patch,
  because now in upstream.

- add 6498d8b035cbaa287d67a61b3f09310a191a5e10.patch
  taken from upstream PR 4721 fixing mouseover for list items
  to make checks selectable again

- Update to 2.10.0
  Release information see: https://github.com/Icinga/icingaweb2/releases
  Fixed issues see: https://github.com/Icinga/icingaweb2/milestone/63?closed=1

- Update to 2.9.6
  * Security Fixes
    Please check the advisories on GitHub for more details.
  - Path traversal in static library file requests for
    unauthenticated users GHSA-5p3f-rh28-8frw
  - SSH resources allow arbitrary code execution for
    authenticated users GHSA-v9mv-h52f-7g63
  - Unwanted disclosure of hosts and related data, linked to
    decommissioned services GHSA-qcmg-vr56-x9wf

- Update to 2.9.5
  * This is a hotfix release which fixes the following issues:
  - Some detail views of Icinga Director and other modules are
    broken with Web 2.9.4 #4598
  - Error on skipping LDAP Discovery #4603

- Update to 2.9.4
  * Broken Preference Configuration
  - Config/Preferences not accessible without config.ini #4504
  - "My Account" broken after Upgrade from 2.8.2 to 2.9.3 #4512
  * Notable Fixes in the UI
  - Proposal for new Feature make comments collapsible #4515
  - new line character is being removed in the plugin output #4522
  * Less Notable But No Less Important Fixes
  - announcements request clears focus #4543
  - js: Fix regression for loading dependent modules for sub-containers #4533
- Changes from 2.9.3
  * Staying remembered on RHEL/CentOS 7 now possible
  - Stay Logged In - Unknown cipher algorithm #4493
  * Missing icons with SLES/OpenSUSE 15
  - Missing fileinfo php extension on SLES/OpenSUSE 15+ #4503
  * Child downtimes for services are now removed automatically
  - If appropriate, set the API parameter all_services for schedule-downtime #4501
- Changes from 2.9.2
  This is a hotfix release. v2.9.1 included a change that wasn't
  compatible with PostgreSQL again. This has been fixed in this
  release. (#4490)
- Changes from 2.9.1
  * Pancakes everywhere
  - Nested custom variables are flattened #4439
  - Disable login orb animation and all orbs for themes #4468
  - SVG chart library doesn't process input as UTF-8 #4462
  * Staying remembered too difficult
  - RememberMe not working with only PostgreSQL #4441
  - RememberMe compatibility with php version 5.6+ #4472
  - RememberMe fails after running the wizard for grants #4434
  * Being picky pays off
  - Datetimepicker not usable by keyboard #4442
  - Close the datepicker automatically #4461
  - Paragraphs in Acknowledge/Downtime not possible #4443
- Changes from 2.9.0
  * Icinga DB
  - We continue our endeavour soon. Icinga Web 2 is still a
    crucial part of it and this update is again required for
    Icinga DB. If you like to participate again, don't forget
    to update Icinga Web 2 as well.
  * Security Fixes
    This release includes two security related fixes. Both were
    published as part of a security advisory on Github. They allow
    the circumvention of custom variable protection rules and
    blacklists as well as a path traversal if the doc module is
    enabled. Please check the respective advisory for details.
  - Custom variable protection and blacklists can be circumvented GHSA-2xv9-886q-p7xx
  - Possible path traversal by use of the doc module GHSA-cmgc-h4cx-3v43
  * RBAC, The Elephant In Icinga Web 2
  - Authorization enhancements #4306
  - Audit View #4336
  - Highlight modules with permissions set inside a role #4241
  * Support for PHP 8
  - Support PHP 8 #4289
  - Raise minimum required PHP version to 7.3 #4397
  * Stay, Be Remembered
  - Implement a "remember me" feature #2495
  * It Does Matter, When
  - Add datetime picker widget #4354
  - Expire Option for Comments #3447
  - Custom defaults for downtime end, comment and duration #4364

- Update to 2.8.5
  No changelog from upstream.

- Update to 2.8.4
  - This release only contains a single fix for flattened custom
    variables. #4439

- Update to 2.8.3
  * Security Fixes
    This release includes two security related fixes.
    Both were published as part of a security advisory on Github.
    They allow the circumvention of custom variable protection
    rules and blacklists as well as a path traversal if the doc
    module is enabled. Please check the respective advisory for
    details.
  - Custom variable protection and blacklists can be circumvented
    GHSA-2xv9-886q-p7xx
  - Possible path traversal by use of the doc module
    GHSA-cmgc-h4cx-3v43

- Expand README.SUSE.

- Add missing requires php-curl, php-imagick.
- Add a2enmod mod_php and mod_rewrite at post section.

- Update to 2.8.2
  Notice: This is a security release.
    It is recommended to immediately upgrade to this release.
  You can find all issues related to this release on the respective
  milestone.
  * Path Traversal Vulnerability
    The vulnerability in question allows an attacker to access
    arbitrary files which are readable by the process running
    Icinga Web 2. Technical details can be found at the
    corresponding CVE-2020-24368 and in the issue below.
  - Possible path traversal when serving static image files #4226
  * Broken Negated Filters with PostgreSQL
    We've also included a small non-security related fix. Searching
    for e.g. servicegroup!=support leads to an error instead of the
    desired result when using a PostgreSQL database.
  - Single negated membership filter fails with PostgreSQL #4196

- Update to 2.8.1
  * Case Sensitivity Problems
    A fix in v2.8.0 led to users being not able to login if they
    got their username's case wrong. A hostgroup name's case has
    also been incorrectly taken into account despite using a CI
    labelled column in the servicegrid and other lists.
  - Login usernames now case sensitive in 2.8 #4184
  - Case insensitive hostgroup filter in service grid not working
    [#4178]
  * Issues With Numbers
    An attempt to avoid misrepresenting environments in the
    tactical overview had an opposite effect by showing negative
    numbers. Filtering for timestamps in the event history also
    showed no results because our filters couldn't cope with plain
    numbers anymore.
  - Tactical overview showing "-1 pending" hosts #4174
  - Timestamp filters not working correctly in history views
    [#4182]

- Update to 2.8.0
  * Icinga DB
    It's happening. Yes. Our latest achievement is now available
    for those who are willing to participate in this enormous
    endeavour. Icinga Web 2 is also a crucial part of it and
    accompanies the first release of Icinga DB. If you like to
    participate, don't forget to update Icinga Web 2 as well.
  * Support for PHP 7.4 and MySQL 8
    We also made sure that you won't be disappointed by Icinga Web 2
    if you're running PHP 7.4 or trying to access a MySQL database
    with version 8+. These should pose no issues anymore now. But
    if you still somehow managed to get issues please let us now
    and we'll fix it asap.
  - Exceptions with MySQL 8 #3740
  - Support for PHP 7.4 #4009
  * Find What You Search For
    It's been previously not possible to properly filter for range
    values. This was especially true for custom variables where,
    if you searched for e.g. _host_interfaces>=20, you wouldn't
    find the correct results. If you often copy some values in our
    search fields you may also been a victim of extraneous spaces
    which are now automatically trimmed.
  - Filter: more/less than doesn't seem to working #3974
  - Search object followed by a space finds no results #4002
  * Don't Leave Your Little Sheep Unattended
    It's time again to further restrict your users. It's now
    possible to completely block any access to contacts and
    contactgroups for specific roles. These won't ever see again
    who's notified and who's not. Also, if you are using single
    accounts for a group of people you can now disable password
    changes for those.
  - Prohibit access to contacts and contactgroups #3973
  - Allow to forbid password changes on specific user accounts #3286
  * In and Out, Access Control Done Right
    While we have no burgers but cookies you are nevertheless
    welcome to visit Icinga Web 2. And now you can also successfully
    leave while being externally authenticated and unsuccessfully
    enter while being unable to not add extraneous spaces to your
    username.
  - External logout not working from the navigation dashboard #3995
  - Username with extraneous spaces are not invalid #4030