Package Release Info

icingaweb2-2.7.4-bp153.1.11

Update Info: Base Release
Available in Package Hub : 15 SP3

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

icingacli
icingaweb2
icingaweb2-common
icingaweb2-vendor-dompdf
icingaweb2-vendor-HTMLPurifier
icingaweb2-vendor-JShrink
icingaweb2-vendor-lessphp
icingaweb2-vendor-Parsedown
icingaweb2-vendor-zf1
php-Icinga

Change Logs

Version: 2.11.4-bp155.1.5
* Thu Jan 26 2023 ecsos <ecsos@opensuse.org>
- Update to 2.11.4
  * Notable Fixes
  - Add/Edit dashlet not possible #4970
  - Custom library path + custom library, without slash in its
    name, results in exception #4971
  - Reflected XSS vulnerability in User Backends config page #4979
    See: https://github.com/Icinga/icingaweb2/milestone/78?closed=1
- Add icingaweb2-additions.tar.gz with source from version 2.11.3
  because upstream has removed packages and etc source dir and files.
  See: https://github.com/Icinga/icingaweb2/pull/4964
* Wed Dec 14 2022 ecsos <ecsos@opensuse.org>
- Update to 2.11.3
  This is a security release.
  * Minor to Medium Vulnerabilities
  - Open Redirects for logged in users #4945
  - SSH Resource Configuration form XSS Bug #4947
  - Dashlets allow the user to run Javascript code #4959
  - Role member suggestion endpoint is reachable for unauthorized
    users #4961
  * The More Usual Dose of Fixes
  - Browser print dialog result broken #4957
  - Shared navigation items are not accessible #4953
  - While using dropdown filter menu it gets closed automatically
    due to autorefresh #4942
* Tue Nov 08 2022 ecsos <ecsos@opensuse.org>
- Update to 2.11.2
  It brings performance improvements and general fixes.
  Most notable of which are that having e.g. notifications disabled
  globally is now visible in the menu again and that the event
  history is grouped by days again.
  See: https://github.com/Icinga/icingaweb2/milestone/76?closed=1
* Thu Jul 07 2022 ecsos <ecsos@opensuse.org>
- Update to 2.11.1
  This update's main focus is to solve the issue that all history
  views didn't work correctly or showed invalid time and dates. (#4853)
* Fri Jul 01 2022 ecsos <ecsos@opensuse.org>
- Update to 2.11.0
  * Enhancements, Some
  - Support for PHP 8.1 #4609
  - Redesign User Menu #4651
  - &showFullscreen suppresses announcements #4596
  * Fixes, More
  - Navigation item filter * not working #4772
  - Objects with a * in the name are not found #4682
  - Theme mode switch disabled on theme with mode support #4744
  * When developers become cleaning maniacs
  - User preferences in INI files not supported anymore #4765
  - mysql: use of utf8 vs utfmb4 #4680
  - Remove Vagrant file and its assets #4762
* Thu Jun 30 2022 ecsos <ecsos@opensuse.org>
- Update to 2.10.3
  This release mainly ensures compatibility with icinga-php-library
  v0.9.0 and Icinga DB Web 1.0.0. Two fixes regarding the theme
  mode support are also included (#4744 and #4835)
* Wed Apr 06 2022 ecsos <ecsos@opensuse.org>
- Update to 2.10.1
  - Clicking anywhere on a list item in the dashboard now opens the
    primary link again, instead of nothing #4710
  - The Check Now and Remove Acknowledgement quick actions in an
    object's detail header are now working again #4711
  - Clicking on the big number in the tactical overview if there
    are UNKNOWN services, shows UNKNOWN services now #4714
  - The contrast of text in the sidebar, while in light mode,
    has been increased #4720
  - A theme without mode support, which is set globally,
    now also prevents users from configuring the mode #4723
- Drop 6498d8b035cbaa287d67a61b3f09310a191a5e10.patch,
  because now in upstream.
* Wed Mar 30 2022 ro@suse.de
- add 6498d8b035cbaa287d67a61b3f09310a191a5e10.patch
  taken from upstream PR 4721 fixing mouseover for list items
  to make checks selectable again
* Thu Mar 24 2022 ecsos <ecsos@opensuse.org>
- Update to 2.10.0
  Release information see: https://github.com/Icinga/icingaweb2/releases
  Fixed issues see: https://github.com/Icinga/icingaweb2/milestone/63?closed=1
* Tue Mar 08 2022 ecsos <ecsos@opensuse.org>
- Update to 2.9.6
  * Security Fixes
    Please check the advisories on GitHub for more details.
  - Path traversal in static library file requests for
    unauthenticated users GHSA-5p3f-rh28-8frw
  - SSH resources allow arbitrary code execution for
    authenticated users GHSA-v9mv-h52f-7g63
  - Unwanted disclosure of hosts and related data, linked to
    decommissioned services GHSA-qcmg-vr56-x9wf
* Mon Nov 22 2021 ecsos <ecsos@opensuse.org>
- Update to 2.9.5
  * This is a hotfix release which fixes the following issues:
  - Some detail views of Icinga Director and other modules are
    broken with Web 2.9.4 #4598
  - Error on skipping LDAP Discovery #4603
* Wed Nov 10 2021 ecsos <ecsos@opensuse.org>
- Update to 2.9.4
  * Broken Preference Configuration
  - Config/Preferences not accessible without config.ini #4504
  - "My Account" broken after Upgrade from 2.8.2 to 2.9.3 #4512
  * Notable Fixes in the UI
  - Proposal for new Feature make comments collapsible #4515
  - new line character is being removed in the plugin output #4522
  * Less Notable But No Less Important Fixes
  - announcements request clears focus #4543
  - js: Fix regression for loading dependent modules for sub-containers #4533
- Changes from 2.9.3
  * Staying remembered on RHEL/CentOS 7 now possible
  - Stay Logged In - Unknown cipher algorithm #4493
  * Missing icons with SLES/OpenSUSE 15
  - Missing fileinfo php extension on SLES/OpenSUSE 15+ #4503
  * Child downtimes for services are now removed automatically
  - If appropriate, set the API parameter all_services for schedule-downtime #4501
- Changes from 2.9.2
  This is a hotfix release. v2.9.1 included a change that wasn't
  compatible with PostgreSQL again. This has been fixed in this
  release. (#4490)
- Changes from 2.9.1
  * Pancakes everywhere
  - Nested custom variables are flattened #4439
  - Disable login orb animation and all orbs for themes #4468
  - SVG chart library doesn't process input as UTF-8 #4462
  * Staying remembered too difficult
  - RememberMe not working with only PostgreSQL #4441
  - RememberMe compatibility with php version 5.6+ #4472
  - RememberMe fails after running the wizard for grants #4434
  * Being picky pays off
  - Datetimepicker not usable by keyboard #4442
  - Close the datepicker automatically #4461
  - Paragraphs in Acknowledge/Downtime not possible #4443
- Changes from 2.9.0
  * Icinga DB
  - We continue our endeavour soon. Icinga Web 2 is still a
    crucial part of it and this update is again required for
    Icinga DB. If you like to participate again, don't forget
    to update Icinga Web 2 as well.
  * Security Fixes
    This release includes two security related fixes. Both were
    published as part of a security advisory on Github. They allow
    the circumvention of custom variable protection rules and
    blacklists as well as a path traversal if the doc module is
    enabled. Please check the respective advisory for details.
  - Custom variable protection and blacklists can be circumvented GHSA-2xv9-886q-p7xx
  - Possible path traversal by use of the doc module GHSA-cmgc-h4cx-3v43
  * RBAC, The Elephant In Icinga Web 2
  - Authorization enhancements #4306
  - Audit View #4336
  - Highlight modules with permissions set inside a role #4241
  * Support for PHP 8
  - Support PHP 8 #4289
  - Raise minimum required PHP version to 7.3 #4397
  * Stay, Be Remembered
  - Implement a "remember me" feature #2495
  * It Does Matter, When
  - Add datetime picker widget #4354
  - Expire Option for Comments #3447
  - Custom defaults for downtime end, comment and duration #4364
* Wed Nov 10 2021 ecsos <ecsos@opensuse.org>
- Update to 2.8.5
  No changelog from upstream.
* Tue Jul 27 2021 ecsos <ecsos@opensuse.org>
- Update to 2.8.4
  - This release only contains a single fix for flattened custom
    variables. #4439
* Mon Jul 12 2021 ecsos <ecsos@opensuse.org>
- Update to 2.8.3
  * Security Fixes
    This release includes two security related fixes.
    Both were published as part of a security advisory on Github.
    They allow the circumvention of custom variable protection
    rules and blacklists as well as a path traversal if the doc
    module is enabled. Please check the respective advisory for
    details.
  - Custom variable protection and blacklists can be circumvented
    GHSA-2xv9-886q-p7xx
  - Possible path traversal by use of the doc module
    GHSA-cmgc-h4cx-3v43
* Fri Nov 27 2020 ecsos <ecsos@opensuse.org>
- Expand README.SUSE.
* Thu Nov 26 2020 ecsos <ecsos@opensuse.org>
- Add missing requires php-curl, php-imagick.
- Add a2enmod mod_php and mod_rewrite at post section.
* Sat Aug 22 2020 ecsos <ecsos@opensuse.org>
- Update to 2.8.2
  Notice: This is a security release.
    It is recommended to immediately upgrade to this release.
  You can find all issues related to this release on the respective
  milestone.
  * Path Traversal Vulnerability
    The vulnerability in question allows an attacker to access
    arbitrary files which are readable by the process running
    Icinga Web 2. Technical details can be found at the
    corresponding CVE-2020-24368 and in the issue below.
  - Possible path traversal when serving static image files #4226
  * Broken Negated Filters with PostgreSQL
    We've also included a small non-security related fix. Searching
    for e.g. servicegroup!=support leads to an error instead of the
    desired result when using a PostgreSQL database.
  - Single negated membership filter fails with PostgreSQL #4196
* Mon Jun 29 2020 ecsos <ecsos@opensuse.org>
- Update to 2.8.1
  * Case Sensitivity Problems
    A fix in v2.8.0 led to users being not able to login if they
    got their username's case wrong. A hostgroup name's case has
    also been incorrectly taken into account despite using a CI
    labelled column in the servicegrid and other lists.
  - Login usernames now case sensitive in 2.8 #4184
  - Case insensitive hostgroup filter in service grid not working
    [#4178]
  * Issues With Numbers
    An attempt to avoid misrepresenting environments in the
    tactical overview had an opposite effect by showing negative
    numbers. Filtering for timestamps in the event history also
    showed no results because our filters couldn't cope with plain
    numbers anymore.
  - Tactical overview showing "-1 pending" hosts #4174
  - Timestamp filters not working correctly in history views
    [#4182]
* Mon Jun 08 2020 ecsos <ecsos@opensuse.org>
- Update to 2.8.0
  * Icinga DB
    It's happening. Yes. Our latest achievement is now available
    for those who are willing to participate in this enormous
    endeavour. Icinga Web 2 is also a crucial part of it and
    accompanies the first release of Icinga DB. If you like to
    participate, don't forget to update Icinga Web 2 as well.
  * Support for PHP 7.4 and MySQL 8
    We also made sure that you won't be disappointed by Icinga Web 2
    if you're running PHP 7.4 or trying to access a MySQL database
    with version 8+. These should pose no issues anymore now. But
    if you still somehow managed to get issues please let us now
    and we'll fix it asap.
  - Exceptions with MySQL 8 #3740
  - Support for PHP 7.4 #4009
  * Find What You Search For
    It's been previously not possible to properly filter for range
    values. This was especially true for custom variables where,
    if you searched for e.g. _host_interfaces>=20, you wouldn't
    find the correct results. If you often copy some values in our
    search fields you may also been a victim of extraneous spaces
    which are now automatically trimmed.
  - Filter: more/less than doesn't seem to working #3974
  - Search object followed by a space finds no results #4002
  * Don't Leave Your Little Sheep Unattended
    It's time again to further restrict your users. It's now
    possible to completely block any access to contacts and
    contactgroups for specific roles. These won't ever see again
    who's notified and who's not. Also, if you are using single
    accounts for a group of people you can now disable password
    changes for those.
  - Prohibit access to contacts and contactgroups #3973
  - Allow to forbid password changes on specific user accounts #3286
  * In and Out, Access Control Done Right
    While we have no burgers but cookies you are nevertheless
    welcome to visit Icinga Web 2. And now you can also successfully
    leave while being externally authenticated and unsuccessfully
    enter while being unable to not add extraneous spaces to your
    username.
  - External logout not working from the navigation dashboard #3995
  - Username with extraneous spaces are not invalid #4030
Version: 2.7.4-bp151.5.6.1
* Mon Oct 12 2020 ecsos <ecsos@opensuse.org>
- Update to 2.7.4
  This is a security release.
  * Path Traversal Vulnerability
    The vulnerability in question allows an attacker to access
    arbitrary files which are readable by the process running
    Icinga Web 2. Technical details can be found at the
    corresponding CVE-2020-24368 and in the issue below.
  - Possible path traversal when serving static image files #4226
- Fix boo#1175530 (CVE-2020-24368) Path Traversal Vulnerability
Version: 2.7.4-12.1
* Mon Oct 12 2020 ecsos@opensuse.org
- Update to 2.7.4
  This is a security release.
  * Path Traversal Vulnerability
    The vulnerability in question allows an attacker to access
    arbitrary files which are readable by the process running
    Icinga Web 2. Technical details can be found at the
    corresponding CVE-2020-24368 and in the issue below.
  - Possible path traversal when serving static image files #4226
- Fix boo#1175530 (CVE-2020-24368) Path Traversal Vulnerability
Version: 2.7.3-bp150.2.7.1
* Thu Apr 25 2019 Martin Li?ka <mliska@suse.cz>
- update to 2.6.3
  You can find issues related to this release on our Roadmap.
  * PHP 7.3
  - Now supported. tada
  * LDAP - Community contributions, that's the spirit
    With the help of our users we've finally fixed the issue that
    defining multiple hostnames and enabling STARTTLS has never
    properly worked. Also, they've identified that defining
    multiple hostnames caused a customized port not being utilized
    and fixed it themselves.
    There has also a rare case been fixed that caused no group
    members being found in case object classes had a different
    casing than what we expected. (Good news for all the
    non-OpenLdap and non-MSActiveDirectory users)
  - LDAP connection fails with multiple servers using STARTTLS
    [#3639]
  - LDAPS authentication ignores custom port setting #3713
  - LDAP group members not found #3650
  * We take care about your data even better now
    With this are newlines and HTML entities (such as &nbsp;) in
    plugin output and custom variables meant.
    Sorry if I've teased some data security folks now. innocent
  - Newlines in plugin output disappear #3662
  - Windows path separators are converted to newlines in custom
    variables #3636
  - HTML entities in plugin output are not resolved if no other
    HTML is there #3707
  * You've wondered how you got into a famous blue police box?
    Don't worry, not only you and the european union are sometimes
    unsure what's the correct time.
  - Set client timezone on DB connection #3525
  - Ensure a valid default timezone is set in any case #3747
  - Fix that the event detail view is not showing times in
    correct timezone #3660
  * UI - The portal to your monitoring environment, improved
    The collapsible sidebar introduced with v2.5 has been plagued
    by some issues since then. They're now fixed. Also, the UI
    should now flicker less and properly preserve the scroll
    position when interacting with action links. (This also allows
    the business process module to behave more stable when using
    drag and drop in large configurations.)
  - Collapsible Sidebar Issues #3187
  - Fix title when closing right column #3654
  - Preserve scroll position upon form submits #3661
  * Corrected things we've broke recently
    That's due to preemptive changes to protect you from bad
    individuals. Unfortunately this meant that some unforeseen
    side-effects appeared after the release of v2.6.2.
    These are now fixed.
  - Multiline values in ini files broken #3705
  - PHP ini parser doesn't strip trailing whitespace #3733
  - Escaped characters in INI values are not unescaped #3648
  - Though, if you've faced issue #3705 you still need to take
    manual action (if not already done) as the provided fix does
    only prevent further occurrences of the resulting error. The
    required changes involve the transformation of all real
    newlines in Icinga Web 2's INI files to literal \n or \r\n
    sequences. (Files likely having such are the roles.ini and
    announcements.ini)
Version: 2.7.3-9.1
* Fri Oct 18 2019 ecsos@opensuse.org
- Update to 2.7.3
  This is a hotfix release and fixes the following issue:
  - Servicegroups for roles with filtered objects not available #3983
* Wed Oct 16 2019 ecsos@opensuse.org
- Update to 2.7.2
  You can find all issues related to this release on our Roadmap.
  * Less Smoky Database Servers
    The release of v2.7.1 introduced a change which revealed an
    inefficient part of our database queries. We made some general
    optimizations on our queries and changed the way we utilize
    them in some views. The result are faster response times by
    less work for the database server.
  - Consuming more CPU resources since upgraded to 2.7.1 #3928
  * Anarchism Infested Dashboards
    Recent history already showed signs of anarchism. (Pun intended)
    A similar mindset now infested default dashboards which appeared
    in a different way than before v2.7.0. We taught their dashlets
    a lesson and order has been reestablished as previously.
  - Recently Recovered Services in dashboard Current Incidents
    seems out of order #3931
  * Solitary Downtimes
    We improved the host and service distinction with v2.7.0. The
    downtimes list however got confused by this and didn't knew
    anymore how to combine multiple downtimes. If you now instruct
    the list to select multiple downtimes this works again as we
    removed the confusing parts.
  - Selection of multiple downtimes fails #3920
* Sat Aug 24 2019 ecsos@opensuse.org
- Update to 2.7.1
  You can find all issues related to this release on our Roadmap.
  * Sneaky Solution for Sneaky Links
    Usually we try to include only bugs in minor-releases. Sorry,
    bug-fixes, of course. But thanks to @winem_ we have also a
    little enhancement this time: Links in comments, notes, etc.
    are now highlighted as such.
  - Highlight links in the notes of an object #3888
  * Nobody's Perfect, Not Even Developers
    We knew it. We saw it coming. And forgot about it. Some views,
    especially histories, showed an anarchic behavior since v2.7.0.
    The change responsible for this has been undone and history's
    order is reestablished now.
  - Default sort rules no longer work in 2.7.0 #3891
  * Restrictions Gone Wild Cagey
    A fix unfortunately caused restrictions using wildcards to show
    no results anymore. This is now solved and such restrictions
    are as permissive as ever.
  - Wildcard filters in chains broken #3886
* Tue Jul 30 2019 ecsos@opensuse.org
- Update to 2.7.0
  You can find issues related to this release on our Roadmap.
  * Icinga's Amazingness Spreads Further
    All the Japanese and Ukrainian monitoring enthusiasts can now
    appreciate our web-frontend in their native tongue. Being so
    late to the party is also of their advantage, though. Because
    they can adjust their dashboard without worrying it gets broke
    with the next update. (All other admins with non-english users,
    please have a look at our upgrading documentation)
  - Add Japanese language support #3776
  - Add Ukrainian language support #3828
  - Don't translate pane and dashlet names in configs #3837
  * Modules - Bonus Functionality Unleashed
    With this release module developers got additional ways to
    customize Icinga Web 2. Whether you ever wanted to hook into
    a configuration form's handling, to perform your very own Ajax
    requests or enhance our multi-select views with fancy graphs.
    All is possible now.
  - Allow to hook into a configuration form's handling #3862
  - Allow to fully customize click and submit handling #3794
  - Integrate DetailviewExtension into multi-select views #3304
  * UI - Your Daily Routine and Incident Management, Enhanced
    Users with color deficiencies now have a built-in theme to ease
    navigating within Icinga Web 2. Also, our forms got a long
    overdue re-design and now look less boring. Though, the best of
    all features is that clicking while holding the Ctrl-key now
    actually opens a new browser tab! Lost comments? No more.
    Defining an expiry date again? No more!
  - Add colorblind theme #3743
  - Improve the look of forms #3416
  - Make ctrl-click open new tab #3723
  * Stay Focused - More Room for More Important Stuff
    Some of you know that some checks tend to produce walls of text
    or measure (too) many interfaces. Now, plugin output and
    performance data will collapse if they exceed a certain height.
    If necessary they can of course be expanded and keep that way
    across browser restarts. The same is also true for the sidebar.
    (Though, this one stays collapsed)
  - Persistent Collapsible Containers #3638
  - Collapsible plugin output #3870
  - Collapsed sidebar should stay collapsed #3682
  * Markdown - Tables, Lists and Emphasized Text The Easy Way
    Since we now have the possibility to collapse large content
    dynamically, we allow you to add entire wiki pages to hosts and
    services. Though, if you prefer to use a real wiki to maintain
    those (what we'd strongly suggest) it's now easier than ever
    before to link to it. Copy url, paste url, submit comment,Done.
  - Make notes, comments and announcements markdown aware #3814
  - Transform any URL in a Comment to a clickable Link #3441
  - Support relative links in plugin output #2916
  * Things You Have Missed Previously
    The tactical overview, our fancy pie charts, is now the very
    first result when you search something in the sidebar.
    If you'll see two entirely green circles there, relax.
    Also overdue or unreachable checks are now appropriately marked
    in list views and the service grid now allows you to switch
    between everything or problems only.
  - Add tactical overview to global search #3845
  - Servicegrid: Add toggle to show problems only #3871
  - Make overdue/unreachable checks better visible #3860
  * Authorization - Knowing and Controlling What's Going On
    Roles can now be even more tailored to users since the
    introduction of a new placeholder. This placeholder allows to
    use a user's name in restrictions.
    Things like _service_responsible_person=$user:local_name$ are
    now possible. The audit log now receives failed login-attempts,
    that's been made possible since hooks can now run for anonymous
    users.
  - Allow roles to filter for the currently logged in user #3493
  - Add possibility to disable permission checks for hooks #3849
  - Send failed login-attempts to the audit log #3856
  See also the audit module which got an update and is required for
  [#3856] to work.
* Thu Apr 25 2019 mliska@suse.cz
- update to 2.6.3
  You can find issues related to this release on our Roadmap.
  * PHP 7.3
  - Now supported. tada
  * LDAP - Community contributions, that's the spirit
    With the help of our users we've finally fixed the issue that
    defining multiple hostnames and enabling STARTTLS has never
    properly worked. Also, they've identified that defining
    multiple hostnames caused a customized port not being utilized
    and fixed it themselves.
    There has also a rare case been fixed that caused no group
    members being found in case object classes had a different
    casing than what we expected. (Good news for all the
    non-OpenLdap and non-MSActiveDirectory users)
  - LDAP connection fails with multiple servers using STARTTLS
    [#3639]
  - LDAPS authentication ignores custom port setting #3713
  - LDAP group members not found #3650
  * We take care about your data even better now
    With this are newlines and HTML entities (such as &nbsp;) in
    plugin output and custom variables meant.
    Sorry if I've teased some data security folks now. innocent
  - Newlines in plugin output disappear #3662
  - Windows path separators are converted to newlines in custom
    variables #3636
  - HTML entities in plugin output are not resolved if no other
    HTML is there #3707
  * You've wondered how you got into a famous blue police box?
    Don't worry, not only you and the european union are sometimes
    unsure what's the correct time.
  - Set client timezone on DB connection #3525
  - Ensure a valid default timezone is set in any case #3747
  - Fix that the event detail view is not showing times in
    correct timezone #3660
  * UI - The portal to your monitoring environment, improved
    The collapsible sidebar introduced with v2.5 has been plagued
    by some issues since then. They're now fixed. Also, the UI
    should now flicker less and properly preserve the scroll
    position when interacting with action links. (This also allows
    the business process module to behave more stable when using
    drag and drop in large configurations.)
  - Collapsible Sidebar Issues #3187
  - Fix title when closing right column #3654
  - Preserve scroll position upon form submits #3661
  * Corrected things we've broke recently
    That's due to preemptive changes to protect you from bad
    individuals. Unfortunately this meant that some unforeseen
    side-effects appeared after the release of v2.6.2.
    These are now fixed.
  - Multiline values in ini files broken #3705
  - PHP ini parser doesn't strip trailing whitespace #3733
  - Escaped characters in INI values are not unescaped #3648
  - Though, if you've faced issue #3705 you still need to take
    manual action (if not already done) as the provided fix does
    only prevent further occurrences of the resulting error. The
    required changes involve the transformation of all real
    newlines in Icinga Web 2's INI files to literal \n or \r\n
    sequences. (Files likely having such are the roles.ini and
    announcements.ini)
Version: 2.6.2-bp151.3.8
* Wed Nov 21 2018 ecsos@opensuse.org
- update to 2.6.2
  You can find issues and features related to this release on our Roadmap.
  This bugfix release addresses the following topics:
  * Database connections to MySQL 8 no longer fail
  * LDAP connections now have a timeout configuration which defaults to 5 seconds
  * User groups are now correctly loaded for externally authenticated users
  * Filters are respected for all links in the host and service group overviews
  * Fixed permission problems where host and service actions provided by modules were missing
  * Fixed an SQL error in the contact list view when filtering for host groups
  * Fixed time zone (DST) detection
  * Fixed the contact details view if restrictions are active
  * Doc parser and documentation fixes
- Fix security issues:
    boo#1119784 (CVE-2018-18246) and
    boo#1119785 (CVE-2018-18247) and
    boo#1119799 (CVE-2018-18249) and
    boo#1119800 (CVE-2018-18250) and
    boo#1119801 (CVE-2018-18248)
* Wed Nov 21 2018 ecsos@opensuse.org
- Use current spec file from upstream.
- Insert missing things from old spec file in new upstream spec file.
- Remove setuid from new upstream spec file for following dirs:
  /etc/icingaweb2,
  /etc/icingaweb/modules,
  /etc/icingaweb2/modules/setup,
  /etc/icingaweb2/modules/translation,
  /var/log/icingaweb2
* Wed Sep 26 2018 ecsos@opensuse.org
- Add README.SUSE.
* Sat Aug 11 2018 ecsos@opensuse.org
- update to 2.6.1
  - You can find issues and features related to this release on our
    [Roadmap](https://github.com/Icinga/icingaweb2/milestone/51?closed=1).
  - The command audit now logs a command's payload as JSON which fixes
    a [bug](https://github.com/Icinga/icingaweb2/issues/3535)
    that has been introduced in version 2.6.0.
* Sat Jul 28 2018 ecsos@opensuse.org
- updatet to 2.6.0
  You can find issues and features related to this release on our Roadmap.
  * Enabling you to do stuff you couldn't before
  - Support for PHP 7.2 added
  - Support for SQLite resources added
  - Login and Command (monitoring) auditing added with the help of a dedicated module
  - Pluginoutput rendering is now hookable by modules which allows to render custom icons, emojis and .. cute kitties :octocat:
  * Avoiding that you miss something
  - It's now possible to toggle between list- and grid-mode for the host- and servicegroup overviews
  - The servicegrid now supports to flip its axes which allows it to be put into a landscape mode
  - Contacts only associated with services are visible now when restricted based on host filters
  - Negated and combined membership filters now work as expected (#2934)
  - A more prominent error message in case the monitoring backend goes down
  - The filter editor doesn't get cleared anymore upon hitting Enter
  * Making your life a bit easier
  - The tactical overview is now filterable and can be safely put into the dashboard
  - It is now possible to register new announcements over the REST Api
  - Filtering for custom variables now works in UTF8 environments
  * Ensuring you understand everything
  - The monitoring health is now beautiful to look at and properly behaves in narrow environments
  - Updated German localization
  - Updated Italian localization
  * Freeing you from unrealiable things
  - Removed support for PHP < 5.6
  - Removed support for persistent database connections
- Drop 0001-Don-t-call-session_start-after-ini_set.patch,
  because now in upstrem
Version: 2.5.3-bp150.1.3
* Sat Jun 25 2016 ecsos@opensuse.org
- update to 2.3.4
  + Bugfixes
  * Bug 11267: Links in plugin output don't behave as expected
  * Bug 11348: Host aliases are not shown in detail area
  * Bug 11728: First non whitespace character after comma stripped from plugin output
  * Bug 11729: Sort by severity depends on state type
  * Bug 11737: Zero width space characters destroy state highlighting in plugin output
  * Bug 11796: Zero width space characters may destroy links in plugin output
  * Bug 11831: module.info parsing fails in case it contains newlines that are not part of the module's description
  * Bug 11850: "Add to menu" tab unnecessarily appears in command forms
  * Bug 11871: Colors used in the timeline are not accessible
  * Bug 11883: Delete action on comments and downtimes in list views not accessible because they lack context
  * Bug 11885: Database: Asterisk filters ignored when combined w/ other filters
  * Bug 11910: Web 2 lacks mobile meta tags
  * Fix remote code execution via remote command transport
* Mon May 30 2016 mopp@gmx.net
- Changed spec file to work with SLES 11
Version: 2.5.3-2.1
* Mon Jul 16 2018 uhaider.msee15seecs@seecs.edu.pk
- boo#1101357: Fixed missing dependency php-ctype in spec file.
* Tue May 22 2018 dev@stellardeath.org
- Backport of fix for PHP 7.2 (upstream git commit dadd2c80f)
  * 0001-Don-t-call-session_start-after-ini_set.patch
* Fri Apr 27 2018 adamradovits12@hotmail.com
- update to 2.5.3
  + Hotfix
  * This is a hotfix release and addresses an issue with frequent
    delays/timeouts when viewing hosts and services in the front-end.
    (https://github.com/Icinga/icingaweb2/milestone/50?closed=1)
* Fri Apr 27 2018 adamradovits12@hotmail.com
- update to 2.5.2
  + Features
  * You can find issues and features related to this release on our Roadmap
    (https://github.com/Icinga/icingaweb2/milestone/49?closed=1)
* Thu Jan 25 2018 adamradovits12@hotmail.com
- update to 2.5.1
  + Features
  * You can find issues and features related to this release on our Roadmap
    (https://github.com/Icinga/icingaweb2/milestone/47?closed=1)
* Fri Jan 12 2018 ecsos@opensuse.org
- remove addFilter("permissions-directory-setuid-bit") and
  addFilter("non-standard-gid")
* Thu Jan 11 2018 ecsos@opensuse.org
- insert missing requires(pre): user(wwwrun) for Tumbleweed
* Mon Jan 08 2018 ecsos@opensuse.org
- fix rpmlint errors, reduce rpmlint warnings
* Tue Dec 26 2017 jengelh@inai.de
- Remove redundant %clean section. Fix RPM groups.
  Update summaries.
* Mon Dec 11 2017 ecsos@opensuse.org
- drop permissions.d and add BuildRequires nagios-rpm-macros >= 14.0
  to remove setBadness in rpmlintrc
* Wed Dec 06 2017 adamradovits12@hotmail.com
- removed php5-Zendframework dependency
- added icingaweb2-vendor-zf1 package
* Wed Dec 06 2017 adamradovits12@hotmail.com
- update to 2.5.0
  + Features
  * You can find issues and features related to this release on our Roadmap
    (https://github.com/Icinga/icingaweb2/milestone/45?closed=1).
* Wed Oct 18 2017 adamradovits12@hotmail.com
- update to 2.4.2
  + Bugfixes
  * Bug 2965: Transport config: Default port not changing upon auto-submit
  * Bug 2926: Wrong order when sorting by host_severity
  * Bug 2923: Number fields should be valid when empty
  * Bug 2919: Fix cached loading of module config
  * Bug 2911: Acknowledgements are not working without an expiry time
  * Bug 2878: process-check-result Button is visible even when user isn't allowed to use it
  * Bug 2850: Link to acknowledgements is wrong in the timeline
  * Bug 2841: Wrong menu height when switching back from mobile layout
  * Bug 2806: Wrong service state count in hostgroup overview
  * Bug 2805: Response from the Icinga 2 API w/ an empty result set leads to exception
  * Bug 2801: Wrong help text for the director in the icingacli
  * Bug 2784: Module and gravatar images are not served with their proper MIME type
  * Bug 2776: Defaults not respected when acknowledging problems
  * Bug 2767: Monitoring module: Config field protected vars not updated after zeroing config.ini
  * Bug 2728: Gracefully handle invalid Icinga 2 API response types
  * Bug 2718: Hide check attempt for hard states in history views
  * Bug 2716: Web 2 doesn't detect the browser time zone if the time zone offset is negative
  * Bug 2714: icingacli module disable fails on consecutive calls
  * Bug 2695: Macros cannot be used for a navigation item's url-port
  * Bug 2684: [dev.icinga.com #14027] Translation module should not write absolute path to .po files
  * Bug 2683: [dev.icinga.com #14025] Translation module should remove temp files
  * Bug 2661: [dev.icinga.com #13651] Don't offer the Icinga 2 API as transport if PHP cURL is missing
  * Bug 2660: [dev.icinga.com #13649] Make the Icinga 2 API the default command transport
  * Bug 2656: [dev.icinga.com #13627] Wrong count of handled critical service in the hover text
  * Bug 2645: [dev.icinga.com #13539] Improve error handling and validation of multiple LDAP URIs
  * Bug 2598: [dev.icinga.com #12977] Adding an empty user backend fails
  * Bug 2545: [dev.icinga.com #12640] MSSQL ressource not working
  * Bug 2523: [dev.icinga.com #12410] Click on Host in Service Grid can cause "Invalid Filter" error
  * Bug 2519: [dev.icinga.com #12330] Filter editor may show wrong values after searching
  * Bug 2509: [dev.icinga.com #12295] group_name_attribute should be "sAMAccountName" by default
* Wed Oct 04 2017 ecsos@opensuse.org
- make package compatible to php7
* Sun Aug 20 2017 ecsos@opensuse.org
- change spec to use php7 also
* Sat May 27 2017 ecsos@opensuse.org
- fix build error for Tumbleweed
* Wed Feb 22 2017 ecsos@opensuse.org
- rename package icingacli to icingaweb-icingacli
  and make icingacli as Recommends
* Tue Jan 24 2017 ecsos@opensuse.org
- update to 2.4.1
  + Bugfixes
  * Bug 2651: [dev.icinga.com #13607] Displayed times messed up in Icinga Web 2.4.0 w/ PostgreSQL
  * Bug 2654: [dev.icinga.com #13615] Setup wizard: Not possible to setup Icinga Web 2 with an external database
  * Bug 2663: [dev.icinga.com #13691] Hook::all() is broken on CLI
  * Bug 2669: [dev.icinga.com #13735] Setup wizard: Progress bar isn't shown correctly, if setup is at finish step
  * Bug 2681: [dev.icinga.com #13957] Support failover API command transport configuration
  * Bug 2686: Granular module permissions do not work for hooks
  * Bug 2687: Update URLs to icinga.com, remove wiki & update to GitHub
* Wed Dec 14 2016 ecsos@opensuse.org
- update to 2.4.0-2
  + Bugfixes
  * RPM: Fix specfile
  * RPM: Update revision
  * CSS: Reset line-height in the button mixin
- update to 2.4.0
  + Feature
  * Feature 12598 (Authentication & Authorization): Support nested AD groups for Roles and not just login
  * Feature 11809 (Authentication & Authorization): Test and document multiple LDAP-URIs separated by space in LDAP ressources
  * Feature 10616 (Authentication & Authorization): Users w/o administrative permissions should be allowed to change their password
  * Feature 13381 (CLI): Allow to configure the default listen address for the CLI command web serve
  * Feature 11820 (Configuration): Check whether chosen locale is available
  * Feature 11214 (Configuration): Logger: Allow to configure the Syslog Facility
  * Feature 13117 (Framework): Add charset UTF-8 to default content type
  * Feature 12634 (Framework): Possibitlity to fold and unfold filter by click
  * Feature 11198 (Framework): Announce banner
  * Feature 11115 (Framework): Add SSL support to MySQL database resources
  * Feature 8270 (Installation): Add SELinux policy for Icinga Web 2
  * Feature 13187 (Monitoring): Command toolbar in the host and service detail views
  * Feature 12873 (Monitoring): Change default for sticky option of acknowledgements from true to false
  * Feature 12820 (Monitoring): Export detail views to JSON
  * Feature 12766 (Monitoring): Show flapping events in the host and service history views
  * Feature 12764 (Monitoring): Display downtime end even if it hasn't been started yet
  * Feature 12125 (Monitoring): Allow th in plugin output
  * Feature 11952 (Monitoring): Allow changing default of 'sticky' in acknowledgement and other command options
  * Feature 11398 (Monitoring): Send commands over Icinga 2's API
  * Feature 11835 (UI): Add clear button to search field
  * Feature 11792 (UI): Show hint if notifications are disabled globally
  * Feature 11664 (UI): Show git HEAD for modules if available
  * Feature 13461 (Vendor Libraries): Use Icinga's fork of Zend Framework 1 icingaweb2-vendor-zf1
  + Bugfixes
  * Bug 12396 (Authentication & Authorization): Hooks don't respect module permissions
  * Bug 12164 (Authentication & Authorization): REDIRECT_REMOTE_USER not evaluated during external auth
  * Bug 12108 (Authentication & Authorization): assertPermission allows everything for unauthenticated requests
  * Bug 13357 (Configuration): Persistent database resources cannot be made non-persistent
  * Bug 12848 (Configuration): Empty "Protected Custom Variables" falls back to defaults
  * Bug 12655 (Configuration): Permission application/log is not configurable
  * Bug 12170 (Configuration): Adding a DB resource via webinterface requires one to enter a password
  * Bug 10401 (Configuration): LdapUserGroupBackendForm: user_* settings not purged
  * Bug 9804 (Configuration): Renaming the resource used for the config backend does not update the global configuration
  * Bug 11920 (Dashboard): Add to dashboard: wrong url makes whole dashboard unusable
  * Bug 13387 (Documentation): Can't display documentation of disabled modules
  * Bug 12923 (Framework): Navigation Item name must be of type string or NavigationItem
  * Bug 12852 (Framework): Hosts without any services are hidden from roles with monitoring/filter/objects set
  * Bug 12760 (Framework): Do not log exceptions other than those resulting in a HTTP 500 status-code
  * Bug 12583 (Framework): Unhandled exceptions while handling REST requests will silently drop the http response code
  * Bug 12580 (Framework): REST requests cannot be anonymous
  * Bug 12557 (Framework): Module description cannot be on a single line
  * Bug 12299 (Framework): FilterExpression renders a&!b as a=1&b!=1
  * Bug 12161 (Framework): Icinga Web 2 doesn't set Content-Type
  * Bug 12065 (Framework): IniRepository: update/delete not possible with iterator
  * Bug 11743 (Framework): INI writer must not persist section keys with a null value
  * Bug 11185 (Framework): SummaryNavigationItemRenderer should show worst state
  * Bug 10361 (Framework): Handle E_RECOVERABLE_ERROR
  * Bug 13459 (Installation): Setup: Can't view monitoring config summary with Icinga 2 API as command transport
  * Bug 13467 (JavaScript): renderLayout has  side-effects
  * Bug 13115 (JavaScript): actiontable should not clear active row in case there is no newer one
  * Bug 12541 (JavaScript): Menu not reloaded in case no search is available
  * Bug 12328 (JavaScript): Separate vendor JavaScript libraries w/ semicolons and newlines on import
  * Bug 10704 (JavaScript): JS: Always use the jQuery find method w/ node context when selecting elements
  * Bug 10703 (JavaScript): JS: Don't use var self = this, but var _this = this
  * Bug 11431 (Modules): Modules can't require permission on menu items
  * Bug 10870 (Modules): Refuse erroneous module folder names when enabling the module
  * Bug 13243 (Monitoring): Inconsistent host and service flags
  * Bug 12889 (Monitoring): Timeline broken
  * Bug 12810 (Monitoring): Scheduling a downtime for all services of a host does not work w/ the Icinga 2 API as command transport
  * Bug 12313 (Monitoring): Multi-line strings within host.notes are being displayed as single line
  * Bug 12223 (Monitoring): State not highlighted in plugin output if it contains HTML
  * Bug 12019 (Monitoring): Contact view shows service filters with 'Downtime' even if not set
  * Bug 11915 (Monitoring): Performance data: negative values not handled
  * Bug 11859 (Monitoring): Can't separate between SOFT and HARD states in the history views
  * Bug 11766 (Monitoring): Performance data: Fit label column to show as much text as possible
  * Bug 11744 (Monitoring): Empty user groups are not displayed
  * Bug 10774 (Monitoring): Scheduling downtimes for child hosts doesn't work w/ Icinga 2.x (waiting for Icinga 2)
  * Bug 10537 (Monitoring): Filtering with not-equal on custom variable doesn't show hosts without this cv
  * Bug 7755 (Monitoring): Remove autosubmit in eventgrid
  * Bug 12133 (Navigation): Username and password not being passed in navigation item URLs
  * Bug 12776 (Print & Export): dompdf fails when border-style is set to auto
  * Bug 12723 (Print & Export): Allowed memory size exhausted when exporting the history view to CSV
  * Bug 12660 (QA): Choosing the Icinga theme floods the log with error messages
  * Bug 12774 (UI): Lot's of <span style="visibility:hidden; display:none;"></span> in Output
  * Bug 12134 (UI): Copy and paste: Plugin output contains unicode zero-width space characters
  * Bug 10691 (UI): Closing the detail area does not update the rows selected counter
  * Bug 13095 (Vagrant VM): TicketSalt constant missing
  * Bug 12717 (Vagrant VM): PluginContribDir constant removed during vagrant provisioning
* Fri Jul 15 2016 ecsos@opensuse.org
- add minimum version 1.12.18 to ZendFramwork,
  because of Bug #655: ZF2015-08 breaks binary data
  https://github.com/zendframework/zf1/issues/655