Update Info


Security update for icingaweb2

Type: security
Severity: moderate
Issued: 2020-01-16
This update for icingaweb2 to version 2.7.3 fixes the following issues:

icingaweb2 update to 2.7.3:

* Fixed an issue where servicegroups for roles with filtered objects 
  were not available 

icingaweb2 update to 2.7.2:

* Performance imrovements and bug fixes

icingaweb2 update to 2.7.1:

* Highlight links in the notes of an object 
* Fixed an issue where sort rules were no longer working
* Fixed an issue where statistics were shown with an anarchist way
* Fixed an issue where wildcards could no show results 

icingaweb2 update to 2.7.0:

* New languages support
* Now module developers got additional ways to customize Icinga Web 2
* UI enhancements 

icingaweb2 update to 2.6.3:

* Fixed various issues with LDAP
* Fixed issues with timezone
* UI enhancements 
* Stability fixes

icingaweb2 update to 2.6.2:

You can find issues and features related to this release on our Roadmap.
This bugfix release addresses the following topics:

* Database connections to MySQL 8 no longer fail
* LDAP connections now have a timeout configuration which defaults to 5 seconds
* User groups are now correctly loaded for externally authenticated users
* Filters are respected for all links in the host and service group overviews
* Fixed permission problems where host and service actions provided by modules were missing
* Fixed an SQL error in the contact list view when filtering for host groups
* Fixed time zone (DST) detection
* Fixed the contact details view if restrictions are active
* Doc parser and documentation fixes

Fix security issues:

- CVE-2018-18246: fixed an CSRF in moduledisable (boo#1119784)
- CVE-2018-18247: fixed an XSS via /icingaweb2/navigation/add (boo#1119785)
- CVE-2018-18248: fixed an XSS attack is possible via query strings or a dir parameter (boo#1119801)
- CVE-2018-18249: fixed an injection of PHP ini-file directives involves environment variables as channel to send out information (boo#1119799)
- CVE-2018-18250: fixed parameters that can break navigation dashlets (boo#1119800)

- Remove setuid from new upstream spec file for following dirs: 


icingaweb2 updated to 2.6.1:

- You can find issues and features related to this release on our 
- The command audit now logs a command's payload as JSON which fixes 
  a [bug](https://github.com/Icinga/icingaweb2/issues/3535) 
  that has been introduced in version 2.6.0.

icingaweb2 was updated to 2.6.0:

- You can find issues and features related to this release on our Roadmap.

  * Enabling you to do stuff you couldn't before
    - Support for PHP 7.2 added
    - Support for SQLite resources added
    - Login and Command (monitoring) auditing added with the help of a dedicated module
    - Pluginoutput rendering is now hookable by modules which allows to render custom icons, emojis and .. cute kitties :octocat:
  * Avoiding that you miss something
    - It's now possible to toggle between list- and grid-mode for the host- and servicegroup overviews
    - The servicegrid now supports to flip its axes which allows it to be put into a landscape mode
    - Contacts only associated with services are visible now when restricted based on host filters
    - Negated and combined membership filters now work as expected (#2934)
    - A more prominent error message in case the monitoring backend goes down
    - The filter editor doesn't get cleared anymore upon hitting Enter
  * Making your life a bit easier
    - The tactical overview is now filterable and can be safely put into the dashboard
    - It is now possible to register new announcements over the REST Api
    - Filtering for custom variables now works in UTF8 environments
  * Ensuring you understand everything
    - The monitoring health is now beautiful to look at and properly behaves in narrow environments
    - Updated German localization
    - Updated Italian localization
  * Freeing you from unrealiable things
    - Removed support for PHP < 5.6
    - Removed support for persistent database connections



  • icingaweb2-2.7.3-bp151.5.3.1