Description:
This update for icinga2 fixes the following issues:
- Update to 2.14.5
* Bug Fixes
- Don't close anonymous connections before sending the response for a certificate request #10337
- Performance data: Don't discard min/max values even if crit/warn thresholds aren’t given #10339
- Fix a failing test case on systems time_t is only 32 bits #10343
* Documentation
- Document the -X option for the mail-host-notification and mail-service-notification commands #10335
- Include Nagios in the migration docs #10324
- Remove RHEL 7 from installation instructions #10334
- Add instructions for installing build dependencies on Windows Server #10336
- Update to 2.14.4
* Crash Fixes
- Invalid DateTime#format() arguments in config and console on Windows Server 2016 and older. #10112
- Downtime scheduling at runtime with non-existent trigger. #10049
- Object creation at runtime during Icinga DB initialization. #10151
- Comment on a service of a non-existent host. #9861
* Miscellaneous Bugfixes
- Lost notifications after recovery outside the notification time period. #10187
- TimePeriod/ScheduledDowntime exceeding specified date range. #9983 #10107
- Clean up failure for obsolete Downtimes. #10062
- ifw-api check command: use correct process-finished handler. #10140
- Email notification scripts: strip 0x0D (CR) for a proper Content-Type. #10061
- Several fixes and improvements of the code quality. #10066 #10214 #10254 #10263 #10264
* Cluster and API
- Sync runtime objects in topological order to honor their dependencies. #10000
- Make parallel config syncs more robust. #10013
- After object creation via API fails, clean up properly for the next try. #10111
- Close HTTPS connections properly to prevent leaks. #10005 #10006
- Reduce the number of cluster messages in memory at the same time. #9991 #9999 #10210
- Once a cluster connection shall be closed, stop communicating. #10213 #10221
- Remove unnecessary blocking of semaphores. #9992 #9994
- Reduce unnecessary cluster messages setting the next check time. #10011
* Icinga DB and IDO
- IDO: fix object relations after aborted synchronization. #10065
- Icinga DB, IDO: limit all timestamps to four year digits. #10058 #10059
- Icinga DB: limit execution_time and latency (milliseconds) to database schema. #10060
* Troubleshooting
- Add /v1/debug/malloc_info which calls malloc_info(3) if available. #10015
- Add log messages about own network I/O. #9993 #10141 #10207
- Several fixes and improvements of log messages. #9997 #10021 #10209
* Windows
- Update OpenSSL shipped on Windows to v3.0.15. #10170
- Update Boost shipped on Windows to v1.86. #10114
- Support CMake v3.29. #10037
- Don't require to build .msi as admin. #10137
- Build configuration scripts: allow custom $CMAKE_ARGS. #10312
* Documentation
- Distributed Monitoring: add section "External CA/PKI". #9825
- Explain how to enable/disable debug logging on the fly. #9981
- Update supported OS versions and repository configuration. #10064 #10090 #10120 #10135 #10136 #10205
- Several fixes and improvements. #9960 #10050 #10071 #10156 #10194
- Replace broken links. #10115 #10118 #10282
- Fix typographical and similarly trivial errors. #9953 #9967 #10056 #10116 #10152 #10153 #10204
- Update to 2.14.3
- Security: fix TLS certificate validation bypass. CVE-2024-49369 (boo#1233310)
- Security: update OpenSSL shipped on Windows to v3.0.15.
- Windows: sign MSI packages with a certificate the OS trusts by default.
- Update to 2.14.2
- InfluxDB: truncate timestamps to whole seconds to save disk space. #9969
- HttpServerConnection: log request processing time as well. #9970
- Update Boost shipped on Windows to v1.84. #9970
- Update to 2.14.1
* Security
- Automatically renew own root CA and distribute it to all nodes. #9933
- Update OpenSSL shipped on Windows to v3.0.12. #9946
- Disable TLS renegotiation (handshake on existing connection). #9946
* Bugfixes
- Icinga DB feature: fix crash due to missing NULL pointer check. #9946
- Icinga DB feature: fix data written into Redis crashing the Go daemon. #9946
- GelfWriter: fix deadlock on stop/reload caused by busy queue. #9947
- Don't lose notifications due to too long output, truncate it. #9947
* Enhancements
- Discard duplicate problem notifications due to state filtering. #9932
- Speed up API filters targeting specific hosts/services to O(1). #9944
- POST /v1/console/*: return HTTP 503 while Icinga is reloading. #9947
- Update Boost shipped on Windows to v1.83. #9946
- Documentation: several fixes and improvements. #9921
- Update to 2.14.0
* Breaking Changes
- Remove CheckResultReader (which has been deprecated since v2.9). #9714
- Remove StatusDataWriter (which has been deprecated since v2.9). #9715
- ElasticsearchWriter: drop support for Elasticsearch < v7. #9812
- Consider a checkable unreachable once one Dependency fails.
Previously all of them had to fail. (Consult the upgrading docs.) #8218
- API: reject config modifications during reload with HTTP status 503. #9445
- icinga2 daemon: to reduce config load time, write file needed by
icinga2 object list only if --dump-objects is given. #9586 #9591
- Default email notification scripts: link to Icinga DB Web,
not the monitoring module. (Consult the upgrading docs.) #9742 #9757
- API: for security reasons hide TicketSalt in /v1/variables. #7863
* Icinga 2 Config DSL
- Disallow global variable modification after config commit start (i.e.
inside object/apply T "x" { ... }) to reduce config load time. #9740
- Forbid Dependency cycles at config load time. #8389
- Allow only strings in the arrays Host#groups, Service#groups and
User#groups. Needed for consistency, especially by the IDO. #9057
- Disallow empty object names. (They worked only partially anyway.) #9409
* Enhancements
- Significantly reduce config load time of large setups.
#8118 #9555 #9557 #9572 #9577 #9603 #9608 #9627 #9648 #9657 #9662
- Allow to connect dependencies via redundancy groups. Only parents within
one group are assumed to provide redundancy for each other. #8218
- Built-in check command ifw-api, communicates directly with the Icinga for
Windows REST API. (Doesn't spawn a PowerShell process for that.) #9062
- JournaldLogger which logs to systemd journal. #9000
- API: POST /v1/objects: allow to discard some previously modified attributes,
i.e. to restore the config files' values. #9783
- ElasticsearchWriter: support Elasticsearch v8. #9812
- Support $env.ENV_VAR_NAME$ macros. #8302
- Speed up Icinga DB config dump. #9524
- Default mail notification scripts: also print $host.notes$ and $service.notes$. #9713
- Enable built-in OpenSSL DH parameters to allow DHE TLS ciphers. #9811
- Clean up global default TLS cipher list to improve security. #9809
- Influxdb(2)Writer: write more precise timestamps (nanoseconds). #9599
* Bugfixes
- Icinga DB feature: normalize several Redis data not to crash the Go daemon.
#9772 #9775 #9792 #9793 #9794 #9805
- Fix parsing of perfdata across multiple lines in plugin output. #8969
- icinga check: fix last reload failure time. #8429 #9827
- Resolve macros inside custom vars of IcingaApplication. #9779
- SELinux: allow Icinga and its plugins to write to syslog. #9688
- ElasticsearchWriter: fix data buffer flush race condition during stop. #9810
- Trigger flexible downtimes not in the past if checkable is already down. #9726
- Send downtime expiration notifications immediately, not after up to a minute. #9726
* Cluster
- Don't hang in timed out connection attempt. #9711 #9725
- Fix lost acknowledgements after re-connect. #9718
- cluster-zone check: don't complain about not connected
other local zone members if there aren't any. #8595
- Allow agent to update executions delegated to it via /v1/actions/execute-command. #8627
* API
- Disallow breaking inter-object relationships by changing
relationship attributes at runtime, e.g. Service#host_name. #9407
- Correct several HTTP response status codes. #7958 #9354
- Correct Boolean field types previously reported by /v1/types as Number. #9514
* CLI
- icinga2 daemon: fix -DConfiguration.Concurrency= flag
which now allows to override the number of threads. #9643
- icinga2 node wizard: avoid unnecessary chown(2) which may fail and abort the wizard. #8744
- Correct several log messages. #8895 #8965 #9663
* ITL
- Add linux_netdev check command. #9045
+ Command Argument Changes
- disk: don't pass -m (disk_megabytes) by default. #9642
- disk: pass -X fuse.portal (disk_exclude_type) by default. #9459
- http: support multiple -k (http_header) as array. #8574
- icmp: double defaults for -w (icmp_wpl) and -c (icmp_cpl). #9041
- logfiles: pass --winwarncrit (logfiles_winwarncrit) without argument. #9056
- nwc_health: pass SNMPv3-only args only when using SNMPv3. #9095
- vmware-esx-dc-runtime-tools and vmware-esx-soap-vm-runtime-tools:
- rename --open-vm-tools to --open_vm_tools_ok (vmware_openvmtools). #9611
- Update to 2.13.8
* Bugfixes
- Icinga DB feature: normalize several Redis data not to crash the Go daemon. #9814
- Don't hang in timed out connection attempt. #9815
- Trigger flexible downtimes not in the past if checkable is already down. #9817
- ElasticsearchWriter: fix data buffer flush race condition during stop. #9818
- SELinux: allow Icinga and its plugins to write to syslog. #9819
- Fix lost acknowledgements after re-connect. #9820
- Fix parsing of perfdata across multiple lines in plugin output. #9821
- cluster-zone check: don't complain about not connected
other local zone members if there aren't any. #9822
* Updates
- Update Boost shipped on Windows to v1.82. #9816
- Update OpenSSL shipped on Windows to v3.0.9. #9816
- Update vendored https://github.com/nlohmann/json to v3.9.1. #9816
- Update vendored https://github.com/nemtrif/utfcpp to v3.2.3. #9816
- Update to 2.13.7
* Security
- Windows: update bundled OpenSSL to v1.1.1t. #9672
* Bugfixes
- SELinux: fix user and domain creation by explicitly setting the role. #9690
- Signal handlers: don't interrupt and break plugins spawning. #9682
- Icinga DB: take check\_period into account during overdue calculation. #9679
- Avoid corrupted files: use fsync(2)/FlushFileBuffers() everywhere. #9681
- Solaris: fix compile error. #9680
* Enhancements
- Windows: update bundled Boost to v1.81. #9678
- Documentation: several fixes and improvements. #9671