Package Release Info

icingaweb2-2.7.4-bp152.2.3.1

Update Info: openSUSE-2020-1674
Available in Package Hub : 15 SP2 Update

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

icingacli
icingaweb2
icingaweb2-common
icingaweb2-vendor-dompdf
icingaweb2-vendor-HTMLPurifier
icingaweb2-vendor-JShrink
icingaweb2-vendor-lessphp
icingaweb2-vendor-Parsedown
icingaweb2-vendor-zf1
php-Icinga

Change Logs

Version: 2.7.4-bp151.5.6.1
* Mon Oct 12 2020 ecsos <ecsos@opensuse.org>
- Update to 2.7.4
  This is a security release.
  * Path Traversal Vulnerability
    The vulnerability in question allows an attacker to access
    arbitrary files which are readable by the process running
    Icinga Web 2. Technical details can be found at the
    corresponding CVE-2020-24368 and in the issue below.
  - Possible path traversal when serving static image files #4226
- Fix boo#1175530 (CVE-2020-24368) Path Traversal Vulnerability
Version: 2.7.4-12.1
* Mon Oct 12 2020 ecsos@opensuse.org
- Update to 2.7.4
  This is a security release.
  * Path Traversal Vulnerability
    The vulnerability in question allows an attacker to access
    arbitrary files which are readable by the process running
    Icinga Web 2. Technical details can be found at the
    corresponding CVE-2020-24368 and in the issue below.
  - Possible path traversal when serving static image files #4226
- Fix boo#1175530 (CVE-2020-24368) Path Traversal Vulnerability
Version: 2.7.3-bp150.2.7.1
* Thu Apr 25 2019 Martin Li?ka <mliska@suse.cz>
- update to 2.6.3
  You can find issues related to this release on our Roadmap.
  * PHP 7.3
  - Now supported. tada
  * LDAP - Community contributions, that's the spirit
    With the help of our users we've finally fixed the issue that
    defining multiple hostnames and enabling STARTTLS has never
    properly worked. Also, they've identified that defining
    multiple hostnames caused a customized port not being utilized
    and fixed it themselves.
    There has also a rare case been fixed that caused no group
    members being found in case object classes had a different
    casing than what we expected. (Good news for all the
    non-OpenLdap and non-MSActiveDirectory users)
  - LDAP connection fails with multiple servers using STARTTLS
    [#3639]
  - LDAPS authentication ignores custom port setting #3713
  - LDAP group members not found #3650
  * We take care about your data even better now
    With this are newlines and HTML entities (such as &nbsp;) in
    plugin output and custom variables meant.
    Sorry if I've teased some data security folks now. innocent
  - Newlines in plugin output disappear #3662
  - Windows path separators are converted to newlines in custom
    variables #3636
  - HTML entities in plugin output are not resolved if no other
    HTML is there #3707
  * You've wondered how you got into a famous blue police box?
    Don't worry, not only you and the european union are sometimes
    unsure what's the correct time.
  - Set client timezone on DB connection #3525
  - Ensure a valid default timezone is set in any case #3747
  - Fix that the event detail view is not showing times in
    correct timezone #3660
  * UI - The portal to your monitoring environment, improved
    The collapsible sidebar introduced with v2.5 has been plagued
    by some issues since then. They're now fixed. Also, the UI
    should now flicker less and properly preserve the scroll
    position when interacting with action links. (This also allows
    the business process module to behave more stable when using
    drag and drop in large configurations.)
  - Collapsible Sidebar Issues #3187
  - Fix title when closing right column #3654
  - Preserve scroll position upon form submits #3661
  * Corrected things we've broke recently
    That's due to preemptive changes to protect you from bad
    individuals. Unfortunately this meant that some unforeseen
    side-effects appeared after the release of v2.6.2.
    These are now fixed.
  - Multiline values in ini files broken #3705
  - PHP ini parser doesn't strip trailing whitespace #3733
  - Escaped characters in INI values are not unescaped #3648
  - Though, if you've faced issue #3705 you still need to take
    manual action (if not already done) as the provided fix does
    only prevent further occurrences of the resulting error. The
    required changes involve the transformation of all real
    newlines in Icinga Web 2's INI files to literal \n or \r\n
    sequences. (Files likely having such are the roles.ini and
    announcements.ini)
Version: 2.7.3-9.1
* Fri Oct 18 2019 ecsos@opensuse.org
- Update to 2.7.3
  This is a hotfix release and fixes the following issue:
  - Servicegroups for roles with filtered objects not available #3983
* Wed Oct 16 2019 ecsos@opensuse.org
- Update to 2.7.2
  You can find all issues related to this release on our Roadmap.
  * Less Smoky Database Servers
    The release of v2.7.1 introduced a change which revealed an
    inefficient part of our database queries. We made some general
    optimizations on our queries and changed the way we utilize
    them in some views. The result are faster response times by
    less work for the database server.
  - Consuming more CPU resources since upgraded to 2.7.1 #3928
  * Anarchism Infested Dashboards
    Recent history already showed signs of anarchism. (Pun intended)
    A similar mindset now infested default dashboards which appeared
    in a different way than before v2.7.0. We taught their dashlets
    a lesson and order has been reestablished as previously.
  - Recently Recovered Services in dashboard Current Incidents
    seems out of order #3931
  * Solitary Downtimes
    We improved the host and service distinction with v2.7.0. The
    downtimes list however got confused by this and didn't knew
    anymore how to combine multiple downtimes. If you now instruct
    the list to select multiple downtimes this works again as we
    removed the confusing parts.
  - Selection of multiple downtimes fails #3920
* Sat Aug 24 2019 ecsos@opensuse.org
- Update to 2.7.1
  You can find all issues related to this release on our Roadmap.
  * Sneaky Solution for Sneaky Links
    Usually we try to include only bugs in minor-releases. Sorry,
    bug-fixes, of course. But thanks to @winem_ we have also a
    little enhancement this time: Links in comments, notes, etc.
    are now highlighted as such.
  - Highlight links in the notes of an object #3888
  * Nobody's Perfect, Not Even Developers
    We knew it. We saw it coming. And forgot about it. Some views,
    especially histories, showed an anarchic behavior since v2.7.0.
    The change responsible for this has been undone and history's
    order is reestablished now.
  - Default sort rules no longer work in 2.7.0 #3891
  * Restrictions Gone Wild Cagey
    A fix unfortunately caused restrictions using wildcards to show
    no results anymore. This is now solved and such restrictions
    are as permissive as ever.
  - Wildcard filters in chains broken #3886
* Tue Jul 30 2019 ecsos@opensuse.org
- Update to 2.7.0
  You can find issues related to this release on our Roadmap.
  * Icinga's Amazingness Spreads Further
    All the Japanese and Ukrainian monitoring enthusiasts can now
    appreciate our web-frontend in their native tongue. Being so
    late to the party is also of their advantage, though. Because
    they can adjust their dashboard without worrying it gets broke
    with the next update. (All other admins with non-english users,
    please have a look at our upgrading documentation)
  - Add Japanese language support #3776
  - Add Ukrainian language support #3828
  - Don't translate pane and dashlet names in configs #3837
  * Modules - Bonus Functionality Unleashed
    With this release module developers got additional ways to
    customize Icinga Web 2. Whether you ever wanted to hook into
    a configuration form's handling, to perform your very own Ajax
    requests or enhance our multi-select views with fancy graphs.
    All is possible now.
  - Allow to hook into a configuration form's handling #3862
  - Allow to fully customize click and submit handling #3794
  - Integrate DetailviewExtension into multi-select views #3304
  * UI - Your Daily Routine and Incident Management, Enhanced
    Users with color deficiencies now have a built-in theme to ease
    navigating within Icinga Web 2. Also, our forms got a long
    overdue re-design and now look less boring. Though, the best of
    all features is that clicking while holding the Ctrl-key now
    actually opens a new browser tab! Lost comments? No more.
    Defining an expiry date again? No more!
  - Add colorblind theme #3743
  - Improve the look of forms #3416
  - Make ctrl-click open new tab #3723
  * Stay Focused - More Room for More Important Stuff
    Some of you know that some checks tend to produce walls of text
    or measure (too) many interfaces. Now, plugin output and
    performance data will collapse if they exceed a certain height.
    If necessary they can of course be expanded and keep that way
    across browser restarts. The same is also true for the sidebar.
    (Though, this one stays collapsed)
  - Persistent Collapsible Containers #3638
  - Collapsible plugin output #3870
  - Collapsed sidebar should stay collapsed #3682
  * Markdown - Tables, Lists and Emphasized Text The Easy Way
    Since we now have the possibility to collapse large content
    dynamically, we allow you to add entire wiki pages to hosts and
    services. Though, if you prefer to use a real wiki to maintain
    those (what we'd strongly suggest) it's now easier than ever
    before to link to it. Copy url, paste url, submit comment,Done.
  - Make notes, comments and announcements markdown aware #3814
  - Transform any URL in a Comment to a clickable Link #3441
  - Support relative links in plugin output #2916
  * Things You Have Missed Previously
    The tactical overview, our fancy pie charts, is now the very
    first result when you search something in the sidebar.
    If you'll see two entirely green circles there, relax.
    Also overdue or unreachable checks are now appropriately marked
    in list views and the service grid now allows you to switch
    between everything or problems only.
  - Add tactical overview to global search #3845
  - Servicegrid: Add toggle to show problems only #3871
  - Make overdue/unreachable checks better visible #3860
  * Authorization - Knowing and Controlling What's Going On
    Roles can now be even more tailored to users since the
    introduction of a new placeholder. This placeholder allows to
    use a user's name in restrictions.
    Things like _service_responsible_person=$user:local_name$ are
    now possible. The audit log now receives failed login-attempts,
    that's been made possible since hooks can now run for anonymous
    users.
  - Allow roles to filter for the currently logged in user #3493
  - Add possibility to disable permission checks for hooks #3849
  - Send failed login-attempts to the audit log #3856
  See also the audit module which got an update and is required for
  [#3856] to work.
* Thu Apr 25 2019 mliska@suse.cz
- update to 2.6.3
  You can find issues related to this release on our Roadmap.
  * PHP 7.3
  - Now supported. tada
  * LDAP - Community contributions, that's the spirit
    With the help of our users we've finally fixed the issue that
    defining multiple hostnames and enabling STARTTLS has never
    properly worked. Also, they've identified that defining
    multiple hostnames caused a customized port not being utilized
    and fixed it themselves.
    There has also a rare case been fixed that caused no group
    members being found in case object classes had a different
    casing than what we expected. (Good news for all the
    non-OpenLdap and non-MSActiveDirectory users)
  - LDAP connection fails with multiple servers using STARTTLS
    [#3639]
  - LDAPS authentication ignores custom port setting #3713
  - LDAP group members not found #3650
  * We take care about your data even better now
    With this are newlines and HTML entities (such as &nbsp;) in
    plugin output and custom variables meant.
    Sorry if I've teased some data security folks now. innocent
  - Newlines in plugin output disappear #3662
  - Windows path separators are converted to newlines in custom
    variables #3636
  - HTML entities in plugin output are not resolved if no other
    HTML is there #3707
  * You've wondered how you got into a famous blue police box?
    Don't worry, not only you and the european union are sometimes
    unsure what's the correct time.
  - Set client timezone on DB connection #3525
  - Ensure a valid default timezone is set in any case #3747
  - Fix that the event detail view is not showing times in
    correct timezone #3660
  * UI - The portal to your monitoring environment, improved
    The collapsible sidebar introduced with v2.5 has been plagued
    by some issues since then. They're now fixed. Also, the UI
    should now flicker less and properly preserve the scroll
    position when interacting with action links. (This also allows
    the business process module to behave more stable when using
    drag and drop in large configurations.)
  - Collapsible Sidebar Issues #3187
  - Fix title when closing right column #3654
  - Preserve scroll position upon form submits #3661
  * Corrected things we've broke recently
    That's due to preemptive changes to protect you from bad
    individuals. Unfortunately this meant that some unforeseen
    side-effects appeared after the release of v2.6.2.
    These are now fixed.
  - Multiline values in ini files broken #3705
  - PHP ini parser doesn't strip trailing whitespace #3733
  - Escaped characters in INI values are not unescaped #3648
  - Though, if you've faced issue #3705 you still need to take
    manual action (if not already done) as the provided fix does
    only prevent further occurrences of the resulting error. The
    required changes involve the transformation of all real
    newlines in Icinga Web 2's INI files to literal \n or \r\n
    sequences. (Files likely having such are the roles.ini and
    announcements.ini)
Version: 2.6.2-bp151.3.8
* Wed Nov 21 2018 ecsos@opensuse.org
- update to 2.6.2
  You can find issues and features related to this release on our Roadmap.
  This bugfix release addresses the following topics:
  * Database connections to MySQL 8 no longer fail
  * LDAP connections now have a timeout configuration which defaults to 5 seconds
  * User groups are now correctly loaded for externally authenticated users
  * Filters are respected for all links in the host and service group overviews
  * Fixed permission problems where host and service actions provided by modules were missing
  * Fixed an SQL error in the contact list view when filtering for host groups
  * Fixed time zone (DST) detection
  * Fixed the contact details view if restrictions are active
  * Doc parser and documentation fixes
- Fix security issues:
    boo#1119784 (CVE-2018-18246) and
    boo#1119785 (CVE-2018-18247) and
    boo#1119799 (CVE-2018-18249) and
    boo#1119800 (CVE-2018-18250) and
    boo#1119801 (CVE-2018-18248)
* Wed Nov 21 2018 ecsos@opensuse.org
- Use current spec file from upstream.
- Insert missing things from old spec file in new upstream spec file.
- Remove setuid from new upstream spec file for following dirs:
  /etc/icingaweb2,
  /etc/icingaweb/modules,
  /etc/icingaweb2/modules/setup,
  /etc/icingaweb2/modules/translation,
  /var/log/icingaweb2
* Wed Sep 26 2018 ecsos@opensuse.org
- Add README.SUSE.
* Sat Aug 11 2018 ecsos@opensuse.org
- update to 2.6.1
  - You can find issues and features related to this release on our
    [Roadmap](https://github.com/Icinga/icingaweb2/milestone/51?closed=1).
  - The command audit now logs a command's payload as JSON which fixes
    a [bug](https://github.com/Icinga/icingaweb2/issues/3535)
    that has been introduced in version 2.6.0.
* Sat Jul 28 2018 ecsos@opensuse.org
- updatet to 2.6.0
  You can find issues and features related to this release on our Roadmap.
  * Enabling you to do stuff you couldn't before
  - Support for PHP 7.2 added
  - Support for SQLite resources added
  - Login and Command (monitoring) auditing added with the help of a dedicated module
  - Pluginoutput rendering is now hookable by modules which allows to render custom icons, emojis and .. cute kitties :octocat:
  * Avoiding that you miss something
  - It's now possible to toggle between list- and grid-mode for the host- and servicegroup overviews
  - The servicegrid now supports to flip its axes which allows it to be put into a landscape mode
  - Contacts only associated with services are visible now when restricted based on host filters
  - Negated and combined membership filters now work as expected (#2934)
  - A more prominent error message in case the monitoring backend goes down
  - The filter editor doesn't get cleared anymore upon hitting Enter
  * Making your life a bit easier
  - The tactical overview is now filterable and can be safely put into the dashboard
  - It is now possible to register new announcements over the REST Api
  - Filtering for custom variables now works in UTF8 environments
  * Ensuring you understand everything
  - The monitoring health is now beautiful to look at and properly behaves in narrow environments
  - Updated German localization
  - Updated Italian localization
  * Freeing you from unrealiable things
  - Removed support for PHP < 5.6
  - Removed support for persistent database connections
- Drop 0001-Don-t-call-session_start-after-ini_set.patch,
  because now in upstrem
Version: 2.5.3-bp150.1.3
* Sat Jun 25 2016 ecsos@opensuse.org
- update to 2.3.4
  + Bugfixes
  * Bug 11267: Links in plugin output don't behave as expected
  * Bug 11348: Host aliases are not shown in detail area
  * Bug 11728: First non whitespace character after comma stripped from plugin output
  * Bug 11729: Sort by severity depends on state type
  * Bug 11737: Zero width space characters destroy state highlighting in plugin output
  * Bug 11796: Zero width space characters may destroy links in plugin output
  * Bug 11831: module.info parsing fails in case it contains newlines that are not part of the module's description
  * Bug 11850: "Add to menu" tab unnecessarily appears in command forms
  * Bug 11871: Colors used in the timeline are not accessible
  * Bug 11883: Delete action on comments and downtimes in list views not accessible because they lack context
  * Bug 11885: Database: Asterisk filters ignored when combined w/ other filters
  * Bug 11910: Web 2 lacks mobile meta tags
  * Fix remote code execution via remote command transport
* Mon May 30 2016 mopp@gmx.net
- Changed spec file to work with SLES 11
Version: 2.5.3-2.1
* Mon Jul 16 2018 uhaider.msee15seecs@seecs.edu.pk
- boo#1101357: Fixed missing dependency php-ctype in spec file.
* Tue May 22 2018 dev@stellardeath.org
- Backport of fix for PHP 7.2 (upstream git commit dadd2c80f)
  * 0001-Don-t-call-session_start-after-ini_set.patch
* Fri Apr 27 2018 adamradovits12@hotmail.com
- update to 2.5.3
  + Hotfix
  * This is a hotfix release and addresses an issue with frequent
    delays/timeouts when viewing hosts and services in the front-end.
    (https://github.com/Icinga/icingaweb2/milestone/50?closed=1)
* Fri Apr 27 2018 adamradovits12@hotmail.com
- update to 2.5.2
  + Features
  * You can find issues and features related to this release on our Roadmap
    (https://github.com/Icinga/icingaweb2/milestone/49?closed=1)
* Thu Jan 25 2018 adamradovits12@hotmail.com
- update to 2.5.1
  + Features
  * You can find issues and features related to this release on our Roadmap
    (https://github.com/Icinga/icingaweb2/milestone/47?closed=1)
* Fri Jan 12 2018 ecsos@opensuse.org
- remove addFilter("permissions-directory-setuid-bit") and
  addFilter("non-standard-gid")
* Thu Jan 11 2018 ecsos@opensuse.org
- insert missing requires(pre): user(wwwrun) for Tumbleweed
* Mon Jan 08 2018 ecsos@opensuse.org
- fix rpmlint errors, reduce rpmlint warnings
* Tue Dec 26 2017 jengelh@inai.de
- Remove redundant %clean section. Fix RPM groups.
  Update summaries.
* Mon Dec 11 2017 ecsos@opensuse.org
- drop permissions.d and add BuildRequires nagios-rpm-macros >= 14.0
  to remove setBadness in rpmlintrc
* Wed Dec 06 2017 adamradovits12@hotmail.com
- removed php5-Zendframework dependency
- added icingaweb2-vendor-zf1 package
* Wed Dec 06 2017 adamradovits12@hotmail.com
- update to 2.5.0
  + Features
  * You can find issues and features related to this release on our Roadmap
    (https://github.com/Icinga/icingaweb2/milestone/45?closed=1).
* Wed Oct 18 2017 adamradovits12@hotmail.com
- update to 2.4.2
  + Bugfixes
  * Bug 2965: Transport config: Default port not changing upon auto-submit
  * Bug 2926: Wrong order when sorting by host_severity
  * Bug 2923: Number fields should be valid when empty
  * Bug 2919: Fix cached loading of module config
  * Bug 2911: Acknowledgements are not working without an expiry time
  * Bug 2878: process-check-result Button is visible even when user isn't allowed to use it
  * Bug 2850: Link to acknowledgements is wrong in the timeline
  * Bug 2841: Wrong menu height when switching back from mobile layout
  * Bug 2806: Wrong service state count in hostgroup overview
  * Bug 2805: Response from the Icinga 2 API w/ an empty result set leads to exception
  * Bug 2801: Wrong help text for the director in the icingacli
  * Bug 2784: Module and gravatar images are not served with their proper MIME type
  * Bug 2776: Defaults not respected when acknowledging problems
  * Bug 2767: Monitoring module: Config field protected vars not updated after zeroing config.ini
  * Bug 2728: Gracefully handle invalid Icinga 2 API response types
  * Bug 2718: Hide check attempt for hard states in history views
  * Bug 2716: Web 2 doesn't detect the browser time zone if the time zone offset is negative
  * Bug 2714: icingacli module disable fails on consecutive calls
  * Bug 2695: Macros cannot be used for a navigation item's url-port
  * Bug 2684: [dev.icinga.com #14027] Translation module should not write absolute path to .po files
  * Bug 2683: [dev.icinga.com #14025] Translation module should remove temp files
  * Bug 2661: [dev.icinga.com #13651] Don't offer the Icinga 2 API as transport if PHP cURL is missing
  * Bug 2660: [dev.icinga.com #13649] Make the Icinga 2 API the default command transport
  * Bug 2656: [dev.icinga.com #13627] Wrong count of handled critical service in the hover text
  * Bug 2645: [dev.icinga.com #13539] Improve error handling and validation of multiple LDAP URIs
  * Bug 2598: [dev.icinga.com #12977] Adding an empty user backend fails
  * Bug 2545: [dev.icinga.com #12640] MSSQL ressource not working
  * Bug 2523: [dev.icinga.com #12410] Click on Host in Service Grid can cause "Invalid Filter" error
  * Bug 2519: [dev.icinga.com #12330] Filter editor may show wrong values after searching
  * Bug 2509: [dev.icinga.com #12295] group_name_attribute should be "sAMAccountName" by default
* Wed Oct 04 2017 ecsos@opensuse.org
- make package compatible to php7
* Sun Aug 20 2017 ecsos@opensuse.org
- change spec to use php7 also
* Sat May 27 2017 ecsos@opensuse.org
- fix build error for Tumbleweed
* Wed Feb 22 2017 ecsos@opensuse.org
- rename package icingacli to icingaweb-icingacli
  and make icingacli as Recommends
* Tue Jan 24 2017 ecsos@opensuse.org
- update to 2.4.1
  + Bugfixes
  * Bug 2651: [dev.icinga.com #13607] Displayed times messed up in Icinga Web 2.4.0 w/ PostgreSQL
  * Bug 2654: [dev.icinga.com #13615] Setup wizard: Not possible to setup Icinga Web 2 with an external database
  * Bug 2663: [dev.icinga.com #13691] Hook::all() is broken on CLI
  * Bug 2669: [dev.icinga.com #13735] Setup wizard: Progress bar isn't shown correctly, if setup is at finish step
  * Bug 2681: [dev.icinga.com #13957] Support failover API command transport configuration
  * Bug 2686: Granular module permissions do not work for hooks
  * Bug 2687: Update URLs to icinga.com, remove wiki & update to GitHub
* Wed Dec 14 2016 ecsos@opensuse.org
- update to 2.4.0-2
  + Bugfixes
  * RPM: Fix specfile
  * RPM: Update revision
  * CSS: Reset line-height in the button mixin
- update to 2.4.0
  + Feature
  * Feature 12598 (Authentication & Authorization): Support nested AD groups for Roles and not just login
  * Feature 11809 (Authentication & Authorization): Test and document multiple LDAP-URIs separated by space in LDAP ressources
  * Feature 10616 (Authentication & Authorization): Users w/o administrative permissions should be allowed to change their password
  * Feature 13381 (CLI): Allow to configure the default listen address for the CLI command web serve
  * Feature 11820 (Configuration): Check whether chosen locale is available
  * Feature 11214 (Configuration): Logger: Allow to configure the Syslog Facility
  * Feature 13117 (Framework): Add charset UTF-8 to default content type
  * Feature 12634 (Framework): Possibitlity to fold and unfold filter by click
  * Feature 11198 (Framework): Announce banner
  * Feature 11115 (Framework): Add SSL support to MySQL database resources
  * Feature 8270 (Installation): Add SELinux policy for Icinga Web 2
  * Feature 13187 (Monitoring): Command toolbar in the host and service detail views
  * Feature 12873 (Monitoring): Change default for sticky option of acknowledgements from true to false
  * Feature 12820 (Monitoring): Export detail views to JSON
  * Feature 12766 (Monitoring): Show flapping events in the host and service history views
  * Feature 12764 (Monitoring): Display downtime end even if it hasn't been started yet
  * Feature 12125 (Monitoring): Allow th in plugin output
  * Feature 11952 (Monitoring): Allow changing default of 'sticky' in acknowledgement and other command options
  * Feature 11398 (Monitoring): Send commands over Icinga 2's API
  * Feature 11835 (UI): Add clear button to search field
  * Feature 11792 (UI): Show hint if notifications are disabled globally
  * Feature 11664 (UI): Show git HEAD for modules if available
  * Feature 13461 (Vendor Libraries): Use Icinga's fork of Zend Framework 1 icingaweb2-vendor-zf1
  + Bugfixes
  * Bug 12396 (Authentication & Authorization): Hooks don't respect module permissions
  * Bug 12164 (Authentication & Authorization): REDIRECT_REMOTE_USER not evaluated during external auth
  * Bug 12108 (Authentication & Authorization): assertPermission allows everything for unauthenticated requests
  * Bug 13357 (Configuration): Persistent database resources cannot be made non-persistent
  * Bug 12848 (Configuration): Empty "Protected Custom Variables" falls back to defaults
  * Bug 12655 (Configuration): Permission application/log is not configurable
  * Bug 12170 (Configuration): Adding a DB resource via webinterface requires one to enter a password
  * Bug 10401 (Configuration): LdapUserGroupBackendForm: user_* settings not purged
  * Bug 9804 (Configuration): Renaming the resource used for the config backend does not update the global configuration
  * Bug 11920 (Dashboard): Add to dashboard: wrong url makes whole dashboard unusable
  * Bug 13387 (Documentation): Can't display documentation of disabled modules
  * Bug 12923 (Framework): Navigation Item name must be of type string or NavigationItem
  * Bug 12852 (Framework): Hosts without any services are hidden from roles with monitoring/filter/objects set
  * Bug 12760 (Framework): Do not log exceptions other than those resulting in a HTTP 500 status-code
  * Bug 12583 (Framework): Unhandled exceptions while handling REST requests will silently drop the http response code
  * Bug 12580 (Framework): REST requests cannot be anonymous
  * Bug 12557 (Framework): Module description cannot be on a single line
  * Bug 12299 (Framework): FilterExpression renders a&!b as a=1&b!=1
  * Bug 12161 (Framework): Icinga Web 2 doesn't set Content-Type
  * Bug 12065 (Framework): IniRepository: update/delete not possible with iterator
  * Bug 11743 (Framework): INI writer must not persist section keys with a null value
  * Bug 11185 (Framework): SummaryNavigationItemRenderer should show worst state
  * Bug 10361 (Framework): Handle E_RECOVERABLE_ERROR
  * Bug 13459 (Installation): Setup: Can't view monitoring config summary with Icinga 2 API as command transport
  * Bug 13467 (JavaScript): renderLayout has  side-effects
  * Bug 13115 (JavaScript): actiontable should not clear active row in case there is no newer one
  * Bug 12541 (JavaScript): Menu not reloaded in case no search is available
  * Bug 12328 (JavaScript): Separate vendor JavaScript libraries w/ semicolons and newlines on import
  * Bug 10704 (JavaScript): JS: Always use the jQuery find method w/ node context when selecting elements
  * Bug 10703 (JavaScript): JS: Don't use var self = this, but var _this = this
  * Bug 11431 (Modules): Modules can't require permission on menu items
  * Bug 10870 (Modules): Refuse erroneous module folder names when enabling the module
  * Bug 13243 (Monitoring): Inconsistent host and service flags
  * Bug 12889 (Monitoring): Timeline broken
  * Bug 12810 (Monitoring): Scheduling a downtime for all services of a host does not work w/ the Icinga 2 API as command transport
  * Bug 12313 (Monitoring): Multi-line strings within host.notes are being displayed as single line
  * Bug 12223 (Monitoring): State not highlighted in plugin output if it contains HTML
  * Bug 12019 (Monitoring): Contact view shows service filters with 'Downtime' even if not set
  * Bug 11915 (Monitoring): Performance data: negative values not handled
  * Bug 11859 (Monitoring): Can't separate between SOFT and HARD states in the history views
  * Bug 11766 (Monitoring): Performance data: Fit label column to show as much text as possible
  * Bug 11744 (Monitoring): Empty user groups are not displayed
  * Bug 10774 (Monitoring): Scheduling downtimes for child hosts doesn't work w/ Icinga 2.x (waiting for Icinga 2)
  * Bug 10537 (Monitoring): Filtering with not-equal on custom variable doesn't show hosts without this cv
  * Bug 7755 (Monitoring): Remove autosubmit in eventgrid
  * Bug 12133 (Navigation): Username and password not being passed in navigation item URLs
  * Bug 12776 (Print & Export): dompdf fails when border-style is set to auto
  * Bug 12723 (Print & Export): Allowed memory size exhausted when exporting the history view to CSV
  * Bug 12660 (QA): Choosing the Icinga theme floods the log with error messages
  * Bug 12774 (UI): Lot's of <span style="visibility:hidden; display:none;"></span> in Output
  * Bug 12134 (UI): Copy and paste: Plugin output contains unicode zero-width space characters
  * Bug 10691 (UI): Closing the detail area does not update the rows selected counter
  * Bug 13095 (Vagrant VM): TicketSalt constant missing
  * Bug 12717 (Vagrant VM): PluginContribDir constant removed during vagrant provisioning
* Fri Jul 15 2016 ecsos@opensuse.org
- add minimum version 1.12.18 to ZendFramwork,
  because of Bug #655: ZF2015-08 breaks binary data
  https://github.com/zendframework/zf1/issues/655