Headline
CVE-2020-28648: Nagios XI Change Log - Nagios
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
- The following are the recent changes to Nagios XI
5.9.1 - 08/31/2022
Fixed issues with MySQL tuning on Ubuntu 22 systems not adding the proper values in the config -JO
Fixed problem with SNMP traps in Ubuntu 22 not working properly due to permissions -JO Core Config Manager (CCM) - 3.1.9
Fixed issue with newer PHP 8+ systems having PHP fatal errors when editing objects -JO
5.9.0 - 08/18/2022
- Added support for CentOS 9 Stream / RHEL 9 and Ubuntu 22 systems -JO
- Updated PHP versions supported to include 8.0 and 8.1 -JO
- Updated NRPE to 4.10 for security fixes -SAW
- Updated php.ini config options for new installs to have better defaults -JO
5.8.10 - 06/16/2022
Updated max_connections, max_open_files, disable_log_bin in mysql_tune.sh -SAW
Updated install to give an error message on RHEL 8 systems when codeready-builder repo does not exist -JO
Fixed issue where sometimes SID stored in $_COOKIE could cause invalid login token error until clearing cookies [TPS#15632] -JO
Fixed issue with SLA report causing not authorized error when selecting [Host Only] option [TPS#15734] -JO
Fixed an issue with previous cacerts directory fix [TPS#15713] -JO
Fixed issue with snmptt_service_results.php where it could create a file in place of the nagios.cmd pipe [TPS#15747] -JO
Fixed error in AD/LDAP integration where cert directory wasn’t properly being set on Ubuntu/Debian systems -JO Core Config Manager (CCM) - 3.1.8
Fixed issue with contact deletion where host/service configs were not being re-written on apply config [TPS#15744] -JO
5.8.9 - 04/28/2022
Added peer verification when loading external URLs -SAW
Updated Nagios Core to 4.4.7 -SAW
Updated users account settings to require password confirmation to change email (CVE-2022-29270) (Thanks Alwin Warringa) -JO
Updated admin account settings to require password confirmation to change password and email (CVE-2022-29270) (Thanks Alwin Warringa) -JO
Updated automysqlbackup script to default root mysql password if none is set [TPS#15739] -JO
Fixed stored XSS security issue in Nagios BPI with the info URL not being escaped properly -JO
Fixed stored XSS security issue with command names having no encoding in the apply config error text -JO
Fixed stored XSS related to update checking -SAW
Fixed redirect on login page where redirect parameter urls could redirect user externally after login (CVE-2022-29272) (Thanks Alwin Warringa) -JO
Fixed issue in 5.8.0 upgrade for Debian and Ubuntu users -SAW
Fixed scheduled report/send report email script allowing HTML code to be used in the message field (CVE-2022-29269) (Thanks Alwin Warringa) -JO
Fixed scheduled downtime page allowing read-only users to submit downtimes via crafted POST requests (CVE-2022-29271) (Thanks Alwin Warringa) -JO Core Config Manager (CCM) - 3.1.7
Fixed copying of service object not copying excludes for Host/Hostgroups [TPS#15732] -JO
Fixed reflected XSS security issue in lock page Cancel button not urlencoding the returnurl value -JO
Properly fixed XSS security issue in search input on audit log page (thanks Hieu Tran(jkana101) from VCB STeam)) -JO
5.8.8 - 03/08/2022
Fixed issue with Availability report rounding/data error in service averages in the data table [TPS#15609] -JO
Fixed issue in which NCPA CPU Usage metric did not display [TPS#15673] -PhW
Fixed both objects/servicestatus and objects/hoststatus to allow filtering by last_hard_state [TPS#15710] -JO
Fixed restore_xi.sh script to include all libexec plugins not just ones with file extension [TPS#15696] -JO
Fixed file permissions by having automysqlbackup script keep perms in /store/backups/mysql not world readable [TPS#15699] -JO
Fixed default mysql config file options during a clean install (does not get changed on upgrade) [TPS#15692,TPS#15698] -JO
Fixed AD ldapSlashes to properly fix escaping parens [TPS#15709] -JO
Fixed cacerts directory for AD/LDAP certificate management [TPS#15713] -JO Core Config Manager (CCM) - 3.1.6
Fixed issue where search was case-sensitive -JO
Fixed XSS security issue in search and deletion (thanks Hieu Tran(jkana101) from VCB STeam) -JO
5.8.7 - 11/02/2021
Updated install to support Debian 11 systems -JO
Updated System Settings for “allow html” to separate options for status and comments under Other Settings and added a warning -JO
Updated migrate.php script to ensure that the nagios_bundler.py is not a security issue by copying it after tarball extraction -JO
Updated NRDP to version 2.0.5 to fix issue with receiving spooled passive checks [TPS#15621] -JO
Updated NSCA to version 2.10.1 to fix security issues -SAW
Fixed issue with “Finish as Template” button not adding services do to new wizards using json encode/decode rather than serialize [TPS#15635] -JO
Fixed capactiyplanning.py giving out a lot of ValueErrors when pending checks are just starting to run -JO
Fixed XSS vulnerability in Nagios Core ui by patching Core for XI systems with escape_string() -JO
Fixed XSS vulnerability in SSH Terminal page url parameter and the Account Information page api_key parameter -JO
Fixed XSS vulnerability in Audit Log page Send to NLS form -JO
Fixed security permissions issue with apache user and temp directory used by Highcharts -JO
Fixed security permissions issue with nocscreen component sounds directory -JO
Fixed manage_services.shs script vulnerability with systemctl not using the --no-pager option -JO
Fixed issue where cloning user would not clone the user’s meta data [TPS#15617] -JO
Fixed bulk modifications issue when trying to remove Free Variables [TPS#15653] -JO
Fixed sysstat data on systemd systems when XML entities are in the output text causing the Admin > System Status to show “No Data” [TPS#15657] -JO
Fixed issue with cfgmaker with contact/location newlines causing it not to work [TPS#15666] -JO,SS
Fixed various security issues: (thanks [email protected] and [email protected] from Codesafe Team of Legendsec at Qi’anxin Group)
Fixed various XSS vulnerabilities in the auditlog.php admin page -JO
Fixed SQL injection possibility in mib_name parameter when uploading new MIBs in Manage MIBs page -JO
Fixed XSS vulnerability in the Admin > system performance settings page -JO
Fixed XSS vulnerabilities in the Admin > system settings page -JO
Fixed XSS vulnerability in ajax.php script in CCM 3.1.5 -JO
Fixed security vulnerability in nagiosna component in version 1.4.5 -JO
Fixed security vulnerability in MTR component in version 1.0.4 -JO
Fixed security issue in NRDS with version 1.2.8 -JO Core Config Manager (CCM) - 3.1.5
Fixed Down stalking option not working for Host Templates in Alert Settings tab [TPS#15625] -JO
Fixed XSS vulnerability in ajax.php script -JO
Fixed issue with case insensitivity in regards to host/service names when importing configs (or running wizard) [TPS#15620] -JO
5.8.6 - 09/02/2021
Added Stalking Notification and None options to Single Config Option for Bulk Modifications Tool [TPS#15597] -PhW
Updated Bulk Modifications Tool UI to use actual option names, and mirror UI from normal config page -PhW
Updated NagVis component to version 2.0.9 to fix security issue (thanks Scott Tolley from Synopsys Cybersecurity Research Center (CyRC)) -JO
Fixed issue with special characters in Top Alert Producers, State History, and Notifications reports [TPS#15599] -JO
Fixed built in DEV tools, so you can log values and monitor them through the web UI. -PhW
Fixed styling issue on the Check for Updates page when in Modern Dark theme -JO
Fixed command injection security issue during installation of components, wizards, and dashlets in cmdsubsys -JO (thanks Guillaume André of Synacktiv (https://synacktiv.com)) (CVE-2021-40345)
Fixed security issue in backend API auth where it was not properly authing the insecure login ticket -JO
Fixed security vulnerability with file permissions for the migrate nagios_unbundler.py script (thanks Guillaume André of Synacktiv (https://synacktiv.com)) (CVE-2021-40343) -JO
Fixed SQL injection in the Manage MIBs admin page and Bulk Modifications page -JO
Fixed XSS security vulnerability in Manage My Dashboards page edit dashboard title attribute (thanks Matthew Dunn) (CVE-2021-38156) -JO
Fixed SSRF vulnerability in Scheduled Report URL when scheduled page URL is outside the Nagios XI system (thanks Ben Leonard-Lagarde (Modux)) (CVE-2021-37223) (TPS#15594) -PhW,JO
Fixed issue in which deleting a host having an escalation caused an invalid config. -PhW Core Config Manager (CCM) - 3.1.4
Fixed reflective XSS in the test command due to double encoded html entities -JO (thanks Amit Raut of Trend Micro Security Research working with Trend Micro Zero Day Initiative)
5.8.5 - 07/15/2021
Fixed issue where critical or warning values in certain disk space metrics were rendered as green. -PhW
Added extra folder name sanatization to the getprofile.sh script to make it more secure -JO
Fixed password email going out when AD/LDAP user is created without local password auth [TPS#15547] -JO
Fixed failed backup email sent when running a manual local backup [TPS#15546] -JO
Fixed timezone for Istanbul in utils-time.inc.php [TPS#15532] -JO
Fixed longserviceoutput macro not properly converting newlines to breaks in HTML email notifications [TPS#15537] -JO
Fixed issue when generating PDFs (and auth tokens in general) on usernames with uppercase letters in them [TPS#15542] -JO
Fixed display issue of host/service notes where double quotes were not displayed correctly [TPS#15543] -JO
Fixed SQL injection vulnerability in Bulk Modifications Tool for some single config option types -JO
Fixed post auth RCE in autodiscovery due to path tranversal issue in job id -JO
Fixed issue with index.php page value not being properly validated before being passed to display page function -JO
Fixed possible insecurity in Nagios Mobile authentication where it would not exit/quit after redirecting unauthenticated users -JO
Fixed redirection vulnerability in login redirect url for some styles of urls -JO
Fixed vulnerability with xi-sys.cfg being imported from the var directory for some scripts with elevated perms -JO
Fixed issue where AD/LDAP wouldn’t search in base directory [TPS#15495] -JO
Fixed empty XML output when outputtype=xml for hostgroup/servicegroup API endpoints when there are no groups -JO
Fixed issue with manage_services.sh and restarting php-fpm on EL8 systems -JO
Fixed insecure permissions on migrate.php and repairmysql.sh file (thanks Ben Leonard-Lagarde (Modux) & Lucas Fedyniak-Hopes (Modux)) (CVE-2021-36363, CVE-2021-36365) -JO
Fixed issue with Nagios Mobile not verifying a comment is set for scheduled downtime or acknowledge -JO
Fixed security issue with backup_xi.sh and manage_services.sh allowing using wildcards -JO (thanks Ben Leonard-Lagarde (Modux) & Lucas Fedyniak-Hopes (Modux)) (CVE-2021-36364, CVE-2021-36366) -JO Core Config Manager (CCM) - 3.1.3
Fixed SQL injection from improper escaping of values in search text -JO
Fixed timeperiod template name adding _copy_x to the template name even if empty which caused errors [TPS#15550] -JO
NDO - 3.0.7
- Added option “log_failed_queries” to ndo.cfg. Set this to 0 to disable failed query logging -SAW
- Fixed issue where nagios_objects.name2 would occasionally be set to NULL -SAW
- Fixed issue where leftover comments and other objects would cause hosts and services to continue showing in the database after deletion. [TPS#15549] -SAW
- Widened all text columns significantly -SAW
5.8.4 - 06/10/2021
Updated getprofile.sh to delete a new profile’s folder before generating contents -JO
Fixed install on newer Debian 9 systems due to default pip version [TPS#15535] -JO
Fixed issues with logrotate -JO,DC
Fixed getprofile.sh db_host value to properly pull from config.inc.php -JO,DC
Fixed vulnerability in getprofile.sh not clearing directory before creating profile -JO
Fixed restore_xi.sh using relative directory path -JO,DC
Fixed SQL injection vulnerability in Bulk Modifications Tool -JO
Fixed XSS security vulnerability in about section -JO
Fixed the “use” option to properly apply when using the config/contacts API endpoint -SS,JO
Fixed security issue for config when upgrading system [TPS#15551] -JO Core Config Manager (CCM) - 3.1.2
Fixed XSS security vulnerability in CCM lock page functionality -JO
5.8.3 - 03/31/2021
- Updated jQuery to version 3.6.0 to fix minor issues -JO
- Updated email validation to require RFC 822 valid email addresses to fix possible security vulnerabilities -JO
- Fixed install process on Oracle Linux 8 due to mod_php being used instead of php-fpm like CentOS/RHEL -JO
- Fixed config/
- Fixed argument quoting in mysqlrepair and restore_xi scripts -DC,JO
- Fixed issue with Scheduled Backups sending local backup success email with SSH or FTP emails [TPS#15501] -JO
- Fixed API help/example PUT config calls not working properly due to space not being url encoded [TPS#15505] -JO
- Fixed XSS vulnerability in user Email Address field when on Send Test Notification page -JO
- Fixed possible RCE vulnerability via Email Address not being properly validated (CVE-2020-24899) -JO
- Fixed scheduled reports jobs not changing with username change [TPS#15502] -JO
- Fixed issue where masquerade button in the Manage Users page wasn’t working on some OS/PHP versions -JO
- Fixed issues with MIB integration after upgrading to SNMPTT 1.4.2 [TPS#15376] -SAW
- Fixed issues with Undo Trap Processing button [TPS#15500] -SAW
- Fixed issue with downgraded ndo2db systems where limited users would not properly load data due to is_ndo_loaded failing -JO
5.8.2 - 02/25/2021
Removed deprecated code related to NDO 2 (get_db_backend_status, get_ndoutils_info_xml, API’s system/statusdetail dbbackend) -SAW
Updated php.ini settings to add some more restrictive session options for better security -JO
Updated NRDP version to 2.0.4 to fix jQuery CVE and update Bootstrap version -JO
Fixed issue with Enterprise message showing up on Rapid Response URL page even though it shouldn’t -JO
Fixed jquery 3 compat script not loading for wkhtmltopdf report generation when jQuery 1.x is disabled -JO
Fixed wkhtmltopdf delay/timeout not being set properly for page pdf generation -JO
Fixed default date, number, and week format set when creating a new user to match config settings [TPS#15428] -JO
Fixed special characters in ansible passwords with Deploy and Migrate scripts [TPS#15443] -JO
Fixed typo in Performance Settings Database tab [TPS#15446] -JO
Fixed issue with custom API endpoints not being passed the $args as an array -JO
Fixed Nagios Configuration location being passed to the migrate script when using advanced options in Migrate Server page -JO
Fixed Bulk Modifications Tool to make ARG8 work properly and fix checkboxes when setting a new command [TPS#15458] -JO
Fixed issue with snmptraphandling.py script not working properly with Python 3 [TPS#15461] -JO
Fixed My Scheduled Reports History tab to work properly with old PostgresQL installs of XI [TPS#15467] -JO
Fixed user permissions on newer MySQL servers to allow backup_xi.sh to do a mysqldump [TPS#15462] -JO
Fixed issue with backslash in service names not showing up when editing a Nagios BPI group [TPS#15457] -JO
Fixed snmptrapd not enabled/starting on some Debian and Ubuntu installations [TPS#15473] -JO
Fixed Two Factor email authentication in Nagios Mobile interface [TPS#15399] -JO
Fixed rrdexport API endpoint to allow passing the maxrows value to no longer be limited to the default [TPS#15433] -JO
Fixed issue installing on RHEL 8.3 due to codeready builder repo requirement [TPS#15463] -JO
Fixed permissions issues with Deploy Dashboards component -JO
Fixed permissions on the send_to_nls.php file to be owned by root and read only to other users -JO
Fixed Nagios BPI sync when applying configuration not waiting for NDO3 to load all data before running [TPS#15448] -JO
Fixed issue where php-fpm was not being restarted during CA cert add in LDAP/AD cert management page -JO Core Config Manager (CCM) - 3.1.1
Fixed issue where overlay would not allow scrolling for Free Variables list [TPS#15452] -JO
Fixed copying host/services with backslash in the name not copying the full name with backslash [TPS#15460] -JO
Fixed XSS security vulnerabilities in config_name and service_description on the Services page -JO
Fixed XSS security vulnerabilities in Overlay modals -JO
Fixed issue with writing out host with backslash in the host_name -JO
NDO - 3.0.6
- Increased performance for queries involving comment history and downtimes on large/long-running systems
- Fixed error when adding downtimes which expire after 2038
5.8.1 - 01/15/2021
- Fixed issue with Admin > Manage Components page where the proper component name was not being set -JO
5.8.0 - 01/13/2021
Added Migrate Server utility to Admin section to migrate Nagios Core systems to Nagios XI -JO,SAW
Added new Configuration Snapshots page with ability to see raw diffs between configuration changes that have been applied -JO
Added services tab into Host Status Details page to see service status without leaving the page -JO
Added ability to deploy agents from the Auto Discovery tool and show if agents have been deployed to hosts that are discovered -JO
Added Microsoft 365 Config Wizard -LG
Added Linux Server Legacy Config Wizard that uses NRPE -LG
Added notification options to Scheduled Backups to notify via email when backups succeed or if they fail -JO
Added ease of use enhancements to the New Password input and Email User New Password checkbox in the Edit Users page -JO
Added Scheduled Reports History tab to My Scheduled Reports page and Report Managment section to view reports ran and the status -JO
Added ability to send URL parameters to PUT API config endpoints in case a parameter cannot be passed via the URL path -JO
Added support for deploying agents on Windows machines (if openssh server is enabled and configured) via Deploy Agents -JO
Updated Rapid Response page sizing on mobile devices -JO
Updated Linux Server Config Wizard to use NCPA instead of NRPE -LG
Updated NDO to version 3.0.5 -JO,SAW
Updated Highcharts to version 7.2.2 for bug fixes -JO
Fixed Scheduled Backup logging so it logs output and errors directly into the scheduledbackups.log file when backups are ran -JO
Fixed issue with the coreuiproxy not properly working with URL encoded strings [TPS#15381] -JO
Fixed Scheduled Reporting logging file (/usr/local/nagiosxi/var/scheduledreporting.log) not being created by default -JO
Fixed Bulk Modifications Tool to properly apply check_command on host/services that do not have one [TPS#15385] -JO
Fixed Bulk Modifications Tool logging output not showing the proper host/service names in the audit log [TPS#15384] -JO
Fixed issue with forward slashes in name/definition of object configs in Nagios BPI [TPS#15356] -JO
Fixed service selection dropdown from changing sizes in Graph Explorer’s Multistacked graph tab [TPS#15368] -JO
Fixed issue with Auto Discovery not having Actions buttons if a running job finishes before moving off or refreshing the page -JO
Fixed theme/CSS issue with column sizes on large screens -JO
Fixed Ansible package installation on Ubuntu 18.04 LTS systems -JO
Fixed 2FA causing issues with the Core username/password authentication .htaccess file [TPS#15401] -JO
Fixed API endpoints config/host and config/service to make host_name and config_name values case sensitive -JO
Fixed changing timezone in EL8 systems not restarting php-fpm which causes php to have the wrong timezone until restarted -JO
Fixed issue with system/commands when using multiple command IDs [TPS#15408] -JO,SS
Fixed security vulnerability where PNP’s PHP templates were accessible from the interface -JO
Fixed stored XSS security vulnerability in My Tools page (thanks Matthew Aberegg) -JO
Fixed security vulnerability in Manage Plugins upload when using convert line endings option (CVE-2020-35578) (thanks Haboob Team) -JO
Fixed styling on Rapid Response page when using a trial enterprise license -JO
Fixed serial number for self signed SSL generated when selecting SSL option during install -JO
Fixed sysstat cron job cpu stats on newer versions of iostat in CentOS/RHEL systems -JO,DC
Fixed XSS security vulnerability in Nagios BPI config IDs (thanks Matt Aberegg) -JO
Fixed XSS security vulnerability in views url (thanks Matt Aberegg) -JO
Fixed issue with Bulk Modifications Tool when removing a free variable where relationships would not show -JO
Fixed XSS security vulnerability in SSH Terminal page (CVE-2021-25299) (thanks Nipun Gupta of Cloudfuzz) -JO
Fixed security vulnerability in Graph Template upload and PNP share directory (thanks Xinjie Ma from Chaitin Security Research Lab) -JO Core Config Manager (CCM) - 3.1.0
Added checkbox in Import Config Files page that hides all configs outside of the import directory -JO
Added service excludes checkbox into Service Escalations -JO
Updated service object Misc Settings tab to remove config options that are not able to be set for services -JO
Updated Misc Settings information for how to use specific fields -JO
Fixed issue where object names with multiple spaces in a row would not import properly [TPS#15374] -JO
Fixed check command close button over the command output and command output sizing [TPS#15353] -JO
Fixed Service Escalations showing * for contact/contact group options since it is not usable [TPS#15403] -JO
Fixed Service not removing hosts properly when deleting a host and the service also has a hostgroup assigned [TPS#15415] -JO
Fixed excluding services, hosts, host groups from Service Escalations [TPS#15321] -JO
Fixed importing services on Service Escalations when host_name is set to * [TPS#15321] -JO
Fixed XSS security vulnerability with the Active/Actions buttons in the templates pages (thanks Matt Aberegg) -JO
NDO - 3.0.5
- Drastically reduced startup time for some systems
- Fixed occasional long shutdown times in Nagios Core
- Fixed segmentation faults related to severed MySQL connections
- Fixed issue with service display_name being set to the service description
5.7.5 - 11/12/2020
Fixed security issues with AngularJS 1.3.9 by upgrading to 1.8.2 -JO
Fixed various XSS security issues with older version of Bootstrap 3.3.x by upgrading to 3.4.1 in both Desktop and Mobile -JO
Fixed mobile redirect when trying to access the rapid response URL [TPS#15372] -JO
Fixed various XSS security vulnerabilities in Manage Users, Notification Settings, Agent Management, and Deploy Dashboard pages (thanks Namratha) -JO
Fixed privilege escalation security vulnerability with Auto-Discovery php script (thanks Chris Lyne of Tenable) -JO
Fixed authenticated remote code execution in Auto-Discovery component (thanks Shahar Zini and Samir Ghanem from Skylight Cyber Security) -JO Core Config Manager (CCM) - 3.0.8
Fixed various XSS security vulnerabilities in overlay and notification/check period -JO
Fixed issue with command escaping in Test Check Command [TPS#15167] -JO
5.7.4 - 10/15/2020
Fixed issue with mysqladmin credentials not being set when creating a support Profile [TPS#15324] -JO
Fixed SQL injection vulnerability in the edit page for SNMP Trap Interface (thanks Matthew Aberegg) -JO
Fixed typos in Deploy Agent page [TPS#15336] -JO
Fixed issue with servicegroup_name not being populated in schedule downtime popup on Service Group Grid/Overview pages [TPS#15328] -JO
Fixed search box autocomplete not working on Host/Service Details pages -JO
Fixed Auto Discovery component when scheduling a recurring scan at either 12 AM or PM [TPS#15342] -JO
Fixed issue when updating a single component using the install button on the Manage Components page [TPS#15337] -JO
Fixed renaming objects via PUT request in API with only a name change causing apply config issues [TPS#15156] -JO
Fixed Recurring Scheduled Downtime for limited users services not showing up [TPS#15354] -SS,JO
Fixed CSRF security vulnerabilities in Manage MIBs page and SNMP Trap Interface (CVE-2020-5790) (thanks Chris Lyne of Tenable) -JO
Fixed RCE security vulnerability in the Manage MIBs page (CVE-2020-5791) (thanks Chris Lyne of Tenable) -JO
Fixed Command Argument Injection vulnerability in SNMP Trap Interface (CVE-2020-5792) (thanks Chris Lyne of Tenable) -JO
Fixed Nagios BPI issues with newer systems with newer versions of git cmd using an invalid cmdline parameter -JO
Fixed issue with filtered output in SLA/Availability report when advanced options are set [TPS#15358] -JO
Fixed empty pending host/service check that could show up after hard system reset -JO Core Config Manager (CCM) - 3.0.7
Fixed various XSS sercurity vulnerabilities in the object edit pages (thanks Matthew Aberegg) -JO
Fixed various SQL injection security vulnerabilities in the object edit pages (thanks Matthew Aberegg) -JO
Fixed bug in the CCM Audit Log page which would not allow searching -JO
NDO - 3.0.4
- Fixed issue with downtime brokering on startup
- Fixed logging of failed queries for WRITE_HOSTS/WRITE_SERVICES/WRITE_CONTACTS
- Fixed blank host/service status rows that may get added during a hard restart
5.7.3 - 09/03/2020
Added missing scheduled downtime comment data to Host/Service Status Details pages [TPS#15190] -JO
Fixed search on services page to properly search in a case insensitive way [TPS#15241] -JO
Fixed typo in Admin > Performance Settings max comment history age field [TPS#15227] -JO
Fixed information tooltips in security popup during LDAP/AD user import [TPS#15247] -JO
Fixed library path for mrtg2, in cfgmaker. In some OS versions, the path needs to be …/lib64/mrtg2, instead of …/lib/mrtg2 [TPS#15213] -LG
Fixed library path for mrtg2, in mrtg. In some OS versions, the path needs to be …/lib64/mrtg2, instead of …/lib/mrtg2 [TPS#15213] -LG
Fixed parameter problem_has_been_acknowledged not working on hoststatus and servicestatus API endpoints [TPS#15256] -JO
Fixed backup/restore scripts to no longer copy over old nagiosmobile HTTPD config [TPS#15266] -JO
Fixed issue with the parameter host_object_id (host_id works) not working with objects API calls [TPS#15263] -JO
Fixed XSS security vulnerability in Admin -> Manage Users (Thanks Christian Weiler) [TPS#15277] -SAW
Fixed XSS security vulnerability in Add/Manage Dashboard page and popup [TPS#15292]-JO
Fixed privilege escalation in backend scripts ran as root where some included files were editable by nagios user (CVE-2020-15903) (thanks ERNW) -JO
Fixed command injection vulnerability in report PDF Download (Thanks Christian Weiler) [TPS#15278] -SAW
Fixed privilege escalation vulnerability in getprofile.sh (Thanks Christian Weiler) [TPS#15279] -SAW
Fixed issue with Capacity Planning python script on Ubuntu 20.04 [TPS#15283] -JO
Fixed Inbound Email Processing when using Outlook and other clients that use Windows line endings [TPS#15285] -JO
Fixed clearner.php error on systems still running postgresql [TPS#15299] -JO
Fixed Host/Servicegroup summary dashlets commands link not working while they are inside dashboards [TPS#15196] -JO
Fixed Host/Service Details pages on smaller screen sizes having the record count/search bar overlap eachother [TPS#15304] -JO
Fixed issues with Dark Theme Highcharts graphs to be more readable and usable -JO NDO 3.0.3
Fixed issue with version comparison in database upgrade script
Fixed issue with failed timed_event brokering on startup
Fixed issue with erroneous logging of notification brokering failures
Fixed improper handling of callback registration when some event types were disabled
5.7.2 - 07/14/2020
Updated NDO to 3.0.2 to fix issues with slow startup with large systems and truncating tables -SAW,JO
Fixed NDO issue where renaming hosts and services with uppercase/lowercase letters caused inconsistencies [TPS#15205] -SAW,JO
Fixed restricting access to auto deploy output JSON files -JO
Fixed brevity settings for objects/hoststatus and objects/servicestatus when using outputtype=xml -JO
Fixed issue with NDO connection in Nagios XI using latin1 as default charset instead of utf8 -JO
Fixed error updating audit log when removing a user [TPS#15172] -JO
Fixed warning/critical toggle button icon placement on Highcharts graphs with single dataset [TPS#15175] -JO
Fixed XML brevity causing isseus with Mass Acknowledge and other systems that rely on XML data [TPS#15179] -JO
Fixed displaying inactive objects that have been disabled in nagios_objects table -JO
Fixed security vulernability with audio import directory allowing php files to be uploaded/ran from that directory (thanks @TactiFail) -JO
Fixed XSS security vulnerability in background color in Dashboards (thanks @TactiFail) -JO
Fixed XSS security vulnerability in Config Management > Edit Config page in BPI component (thanks @TactiFail) -JO
Fixed XSS security vulnerability in Graph Explorer link url option (CVE-2020-15902) (thanks ERNW) -JO
Fixed RCE vulnerability with ajaxhelper.php when running certain commands through cmdsubsys (CVE-2020-15901) (thanks ERNW) -JO
Fixed issue where the “Check for Updates” button on Wizards/Components was not checking latest XI 5.7 versions -JO
Fixed Top Alert Producers report not showing on CentOS 8 / MySQL 5.7+ [TPS#15202] -JO
Fixed LDAP integration missing function causing a PHP error when trying to import users from LDAP -JO
Fixed backend cache causing problems when empty data was returned -JO
Fixed mod_gearman issue with NDO3 causing it to not use the mod_gearman module -SAW
Fixed ansible version issue for Auto Deployment component on Ubuntu 16 and Debian 9 systems [TPS#15200] -JO
Fixed issue with PHP 7 and Scheduling Queue page not showing up properly -JO
Fixed python setup for Ubuntu 20 systems which have both Python 2 and Python 3 installed -JO
Fixed NagVis installation issue with Ubuntu 20 and CentOS/RHEL 8 due to using Python 3 -JO
Fixed Manage Deployed Agents page where OS version would not always update or add when adding new agents [TPS#15192] -JO Core Config Manager (CCM) - 3.0.6
Fixed security vulnerability with Static Config Editor allowing editing apache owned files outside static directory (thanks @TactiFail) -JO
5.7.1 - 06/11/2020
- Updated NDO 3 to 3.0.1 to fix some errors on certain systems and upgrade issues -SAW,JO
- Updated jQuery to version 3.5.1 to fix security vulnerabilities -JO
- Fixed non-admins not able to process host/service relations from the db causing the user to see no hosts/services -JO
- Fixed issue with State History report causing a PHP error and would not display state data -JO
- Fixed installation issue on RHEL 8 with redhat-lsb-core package installed -JO
- Fixed sourceguardian upgrade issue with old versions of XI on 32bit systems -JO
- Fixed resolving hostname in IP Mismatch popup check for systems with hostnames in the program URL -JO
- Fixed styling issues on Configure main page when using Modern Dark theme -JO
- Fixed the ndo2db manage_services.sh script status check to return a message since ndo2db was removed -JO
- Fixed object status retries in the Performance Settings page not saving when set -JO
- Fixed restore snapshot in CCM broker_module being overwritten with ndo2 version of broker module line -JO
5.7.0 - 06/08/2020
- Added new Nagios Mobile interface that better integrates with Nagios XI -CN,SAW
- Added support for CentOS/RHEL/Oracle 8 -JO
- Added support for Ubuntu 20.04 LTS and Debian 10 -JO
- Added NCPA agent deployment and updated NCPA config wizard -JO
- Added notice to the login alert box that mentions if hostname or ip is valid in program url [TPS#2327] -JO
- Added add and remove servicegroups to and from services in Bulk Modifications Tool [TPS#13587] -CN
- Added ability to play sounds when state changes occur in the NOC screen [TPS#10777] -SAW
- Added Audit Log messages for REST API calls [TPS#6913] -SAW
- Added configuration options to send the Audit Log to Nagios Log Server [TPS#13942] -SAW
- Added ability to set Dashboard backgrounds to transparent [TPS#14284] -JO
- Added Config Management section to Nagios BPI component [TPS#14473] -JO
- Added search box into LDAP/AD import page to decrease amount of users displayed and to find specific users [TPS#10230] -JO
- Added new JSON configuration wizard -JO
- Added new XML configuration wizard -JO
- Updated NDOutils to NDO 3.0.0 for performance increase and no longer using kmq or the ndo2db daemon -JO
- Updated NRDP to version 2.0.3 -JO
- Updated NRPE to version 4.0.3 -JO
- Updated Nagios Core to version 4.4.6 -JO
- Updated Nagios Plugins to version 2.3.3 -JO
- Updated objects API to no longer convert XML to JSON for a more consistent output and always returns the same structure at any result size [TPS#14740] -JO
- Updated Bulk Modifications Tool to allow only setting certain arguments selected by checkboxes [TPS#14765] -JO
- Updated layout on host/service status pages to maximize space and allow removing summary dashlets via page config settings -JO
- Updated Hostgroup and Servicegroup command buttons to use popups instead of going to old Core proxy pages -JO
- Updated access methods for subsystems that needed random credentials and removed the Admin > “Security Credentials” page -JO
- Updated restore_xi.sh script to ask for MySQL password when running if it cannot connect to MySQL [TPS#14294] -JO
- Updated layout for LDAP/AD import user selection page to make more usable when selecting many users -JO
- Updated Exchange config wizards to use NCPA instead of NSClient++ -LG,JO
- Updated Windows Server/Desktop to use NCPA instead of NSClient++ -JO
- Updated Legacy NSClient++ configuration wizard (used to be Windows Server/Desktop) -JO
- Updated Availability report to increase speed by reducing the amount of data parsed when filtering -JO
- Fixed Unconfigured Objects auto-configure templates to use ID to not cause config errors if template is deleted [TPS#14328] -JO
- Fixed issue with LDAP/AD select users toggle all/none checkbox not working properly -JO
- Fixed limited LDAP/AD queries (PHP 5.3.x will require a search but will notify when limit is reached) [TPS#10230] -JO
- Fixed resizing issue when updating dashlets in Capacity Planning tab in the host/service status details pages [TPS#15053] -JO
- Fixed custom time range on SLA report to use proper time range specified [TPS#15048] -JO
- Fixed issues with old RRDtool graphs not displaying properly in Performance Graph page [TPS#15076] -JO
- Fixed certain NCPA checks running through test command causing wrong output -JO
- Fixed backend API using insecure login ticket (backend API is deprecated and will be removed in XI 6) [TPS#15087] -JO
- Fixed CCM page in use message not clearing when on apply config page if they are expired [TPS#15163] -JO
5.6.14 - 04/21/2020
- Fixed postauth RCE issue with CCM test command function in command_test.php (X-Force 179405) -JO
- Fixed postauth RCE issue in RRD exporting script export-rrd.php (X-Force 179404) -JO
- Fixed issues with order by on SNMP Trap Interface SQL injections with a whitelist (X-Force 179406) -JO
- Fixed issue with CORS policy for API endpoints -JO
- Fixed input filter text box in schedule host downtime page and CCM not working in Chrome [TPS#15073] -JO,SAW
- Fixed installation issue with SUSE Extended Support for RHEL systems (Thanks Derek) -JO
5.6.13 - 04/07/2020
- Fixed minor usability issues with SNMP Trap Interface -SAW
- Fixed post auth XSS vulnerabilities (CVE-2020-10819, CVE-2020-10820, CVE-2020-10821) -JO
- Fixed security issues with Highcharts SVG generation -JO
- Fixed RCE vulnerability in admin section’s NRDP/NSCA outbound check configuration (thanks @TactiFail) -JO
5.6.12 - 02/27/2020
- Fixed issue with backups not properly generating due to tar creation errors -JO
5.6.11 - 02/25/2020
- Fixed LDAP/AD integration CA certificate upload to allow both root and intermediate on same subject [TPS#14855] -JO
- Fixed Bulk Modifications Tool add/remove free variables not setting last_modified value causing changes not to be written [TPS#14875] -JO
- Fixed BPI removing host/services out of the groups when they are renamed [TPS#14929] -JO
- Fixed unauthenticated XSS/SSRF in highcharts local exporting tool -SAW
- Fixed unauthenticated username disclosure in suggest.php -SAW
5.6.10 - 01/16/2020
Fixed RCE vulnerability with apache user code execution in Scheduled Reporting component (CVE-2019-20197) -JO
Fixed XSS vulnerability in Scheduled Reporting component and nocscreen (nocscreen can be upgraded from Admin > Manage Components) (CVE-2019-20139) -JO
Fixed login redirection to remove double slashes as part of redirection security parsing -JO Core Config Manager (CCM) - 3.0.5
Fixed several issues with importing service dependencies [TPS#14737] -SAW
5.6.9 - 12/10/2019
Fixed CSS styling for host/service status tables in IE when using the dark theme [TPS#14653] -JO
Fixed issue in config/service API call that would not set free variables on already existing services [TPS#14660] -JO
Fixed service notes not showing in the Misc Info section of the Service Details page [TPS#14679] -JO
Fixed issue in AD/LDAP certificate management where certificates with binary data couldn’t be added [TPS#14690] -JO
Fixed the ndo preloading functions only searching for is_active=1 potentially causing duplicate objects on large systems -JO
Fixed issue with service/host filters not properly aligned on top of the table when hidedashlets=1 is set [TPS#14699] -JO
Fixed issue where Running “last week” report on first day of week gives wrong weeks data [TPS#14722] -SW
Fixed issue with search bar location when hideoptions is set [TPS#14735] -JO Core Config Manager (CCM) - 3.0.4
Fixed issue with CCM config imports that would delete all free variables when importing leaving only new ones -JO
Fixed form validation for object names and service descriptions to match the default illegal_object_name_chars directive in nagios.cfg -SAW
5.6.8 - 11/05/2019
- Updated SourceGuardian loaders to now support PHP versions up to 7.3 -JO
- Updated the getprofile.sh script to add the BPI configurations to the profile.zip -JO
- Updated jQuery to 3.4.1 and patched jQuery 1.12.4 for CVE-2019-11358 -JO
- Fixed issue on SLA report where advanced options were not properly applying [TPS#14538] -JO
- Fixed threshold/range function in check_rrdtraf plugin -CD,JO
- Fixed issue with BPI sync checkbox being required when checking remove host/services that are missing on apply config [TPS#14590] -JO
- Fixed negative numbers in Capacity Planning report and wizard -SAW
- Fixed multiple security vulnerabilities that allowed nagios user command injections (thanks Jeremy Brown) -JO
- Fixed issue with overwriting user meta data on each page load causing LDAP/AD import blank screen for LDAP/AD users [TPS#14636] -JO
- Fixed issue with BPI configuration comments and hash tags in hostgroup/servicegroup names -JO
- Fixed issue where deleting multiple services from a host would cause only one to delete at a time during BPI sync [TPS#14649] -JO
5.6.7 - 09/26/2019
- Added IBM i service and custom sql config wizards on new installs -JO
- Updated Nagios Core to version 4.4.5 for bug fixes -JO
- Fixed objects/bpi REST API output to properly display status text when there is HTML in the text [TPS#14406] -JO
- Fixed issue with SNMPv3 checks using Perl on Ubuntu 18 systems [TPS#14432] -JO
- Fixed problem where you cannot import time periods where timeperiod_name contains space [TPS#14440] -SW
- Fixed logrotate configuration to set the user/group for xidebug.log and fix for snmptt log rotation -SW
- Fixed issue with & used in BPI group name and when running plugin against that group [TPS#14464] -JO
- Fixed issue where clearing and empty unconfigured objects list when there was no objects file would cause permissions issues on the file [TPS#14469] -JO
- Fixed scheduled reporting for latest NagVis component so that scheduled pages can be sent as PDFs [TPS#14428] -JO
- Fixed auth token and insecure auth token sessions to properly load user meta session data directly after login -JO
- Fixed issue on EL7 systems where some output displayed by systemctl status during sysstat checks caused PHP XML parse warnings [TPS#14498] -JO
5.6.6 - 08/20/2019
- Fixed issue where re-configuring objects page would not allow switching them back to notify immediately [TPS#14340] -JO
- Fixed issue where Graph Explorer exporting would be broken after upgrades [TPS#14372] -SAW
- Fixed BPI api_tool.php NDO wait timeout to allow for longer NDO startup times [TPS#14398] -JO
- Fixed issue with dashlets that have been uploaded unable to be downloaded due to file permissions in tmp directory [TPS#14363] -JO
- Fixed CCM form validation to allow backslashes in object names/service descriptions -SAW
- Fixed MIB uploading/processing on Postgres-based systems [TPS#14365] -SAW
- Fixed XSS and privilege escalation security vulnerability in Profile component and getprofile.sh script (CVE-2019-15949) (Thanks Jak Gibb) [TPS#14364] -JO
- Fixed API DELETE methods not allowing URL path to be used like in the help section [TPS#14370] -JO
- Fixed Bulk Modifications Tool find relationship listings to be sorted alphabetically [TPS#12156] -JO
- Fixed logrotate configuration to set the user/group on systems except el6 which doesn’t require it -JO
- Fixed issue with Recurring Scheduled Downtime not showing when services is set to only the * wildcard [TPS#14388] -JO
- Fixed Nagios XI Bug Report: Config Wizard Template Notification Interval could not be set to 0 [TPS#14391] -SW
- Fixed problem with reading multiple line hashes sent when an inbound email response is wrapped [TPS#14396] -JO
- Fixed issue in Schedule Downtime page when deleting host/service group from list and it saying none are selected [TPS#14402] -JO
5.6.5 - 07/18/2019
- Updated NRDP to version 2.0.2 to fix XML parsing causing passive check failures and no last check time -JO
- Fixed nagiosxi-deps to properly upgrade even if the install is from a version prior to XI 5 -SW
- Fixed SLA dashlet not updating once sent to dashboard [TPS#14349] -SAW
5.6.4 - 07/09/2019
Updated NRDP to version 2.0.0 -JO
Fixed issue with Bulk Modifications Tool where host/service templates would output SQL error when logging to audit log -JO
Fixed issue with Manage MIBs where duplicate MIBs would cause SQL error [TPS#14312] -SAW
Fixed Misc info section in services not populating hostname and service description macros properly [TPS#14296] -JO
Fixed Metrics component NCPA checks state status in the Summary and Gauge tabs [TPS#14293] -JO
Fixed BPI sync issue when hostgroup and servicegroup have the same name [TPS#14291] -JO
Fixed API edit contact command not updating and not running the proper update function [TPS#14304] -JO
Fixed issue in API where editing services using PUT commands with / in their description doesn’t work [TPS#14311] -JO
Fixed issue with multiple commands in inbound email responses not scheduling downtime properly [TPS#14313] -JO
Fixed ramdisk issue with CentOS 6 installs and npcd not starting on restart [TPS#14318] -JO
Fixed restart_nagios_with_export.sh script lock file location to be the var directory instead of scripts -JO
Fixed issue with HTML in comments when sending HTML emails into the inbound email response system -JO
Fixed older postgres systems upgrading to newer versions having problems setting permissions on upgrade -SAW Core Config Manager (CCM) - 3.0.3
Fixed CCM database error when writing configs when a hostgroup of * for a service is selected [TPS#14334] -JO
5.6.3 - 06/11/2019
Updated PHPMailer to version 5.2.27 for security fixes -JO
Fixed sumoselect dropdowns to allow larger names in the selection boxes [TPS#14232] -JO
Fixed reset_config_perms.sh setting permissions for components folder in scripts directory -JO
Fixed Schedule Downtime services page not showing services when a user has a host and some unrelated services assigned [TPS#14253] -JO
Fixed upgrade error in ndoutils upgrade on old systems with non-standard MySQL port specified in config.inc.php -JO
Fixed an issue where imported SNMP Traps would not be associated with their parent MIB [TPS#14260] -SAW
Fixed issue with php upgrades on certain rhel systems not finding the proper php package name [TPS#14259] -JO
Fixed Custom Includes component folder permissions on upgrade [TPS#14266] -JO
Fixed issue with autotls being turned on by default in PHPMailer [TPS#14270] -JO
Fixed Graph Explorer icon permissions for hosts when a user does not have access to the host -JO
Fixed issue with Inbound Email Settings where selecting POP3 would not change the connection type -JO
Fixed usernames not syncing properly with the cgi.cfg and htpasswd.users files with uppercase characters [TPS#14273] -JO
Fixed scheduleddowntime API endpoint to accept passing multiple services with services[][] -JO
Fixed permissions on autodiscovery job folder from permissions changes to main autodiscovery script -JO
Fixed wording for STARTTLS encryption in LDAP/AD Integration component -JO
Fixed issue where session was not recorded in the database but wouldn’t be added until re-login -JO Core Config Manager (CCM) - 3.0.2
Fixed CCM database error when specifying database port number in the config.inc.php for nagiosql [TPS#14263] -JO
Fixed limited CCM users permissions not properly applying until after a new cached permissions call is made [TPS#14276] -JO
5.6.2 - 05/15/2019
Fixed an issue where HTML e-mails were not handled correctly by the Inbound E-mail Processor [TPS#14205] -SAW
Fixed an issue where the Manage MIBs page would fail to load on Debian/Ubuntu -SAW
Fixed authenticator error message in cleaner.log when using Inbound E-mail Processor -TG,JO
Fixed alert screen checkbox in User Account Settings not set to checked by default -JO
Fixed issue with logrotate error from root:nagios var directory ownership -JO
Fixed enterprise features trial buttons on SLA and Capacity Planning report pages -JO
Fixed nxti.php script issues with SNMP Trap Interface on Debian systems -SAW
Fixed Scheduled Backups FTP backup limit deletion issue with PHP versions less than 5.6 -SS Core Config Manager (CCM) - 3.0.1
Fixed issue with default page limits and session page limits being set [TPS#14215] -JO
Fixed demo mode message and static directory location in Static Config Editor -JO
Fixed user language and translations not being applied for some variations of CCM user access types -JO
Fixed issue with Manage Users no result message and not allowing pagination or limiting -JO
Fixed config output of semicolon in check_command for config files to be escaped instead of url encoded [TPS#14225] -JO
5.6.1 - 04/30/2019
- Fixed style issue in Modern Dark theme re-configure notifications tab select boxes [TPS#14156] -JO
- Fixed ownership permissions on folders and scripts and locations of sudo related scripts -JO
- Fixed issue where newer NCPA versions checks were not showing up in metrics component [TPS#14032] -CN
- Fixed issue where Validate SSL certificate checkbox in Inbound Email Settings would not allow being saved as unchecked -JO
- Fixed FTP backup connection not using rawurlencode() for passwords causing connection problems -SS
- Fixed error emails for inbound check commands to send out an error email when an email with no valid command is parsed -JO
- Fixed upgrade issue where deps package would stop upgrade on systems without it [TPS#14184] -JO
- Fixed issue with event_handler.php where the lock file would not be overwritten and stopped notifications being sent [TPS#14180] -JO
5.6.0 - 04/18/2019
Added ability to acknowledge problems via email response [TPS#885] -JO
Added the config option in system settings > security to set the rapid response URL -JO
Added proper display name and alias resolution on host and service status and status detail pages -JO
Added Scheduling Queue page in Monitoring Process section [TPS#9566] -JO
Added a new Modern Dark theme which is the same as the current Modern theme but dark -JO
Added User Sessions page to show who is logged in, where they are, and IP address of logged in user [TPS#8732] -JO
Added higher page limits for Scheduled Downtime page and other pages including no limit [TPS#13530] -JO
Added ability to set host/services to inactive instead of deleting them with the Deadpool reaper [TPS#11390] -JO
Added more default checks on initial install [TPS#11013] -JO
Added Unconfigured Objects API endpoint (objects/unconfigured) [TPS#12181] -JO
Added scheduled downtime for child hosts as option for hosts in recurring downtime [TPS#13598] -JF,JO
Added configurable sql limit for the event_handler cron job -BH
Added ability for recurring scheduled downtime to update with host/service and hostgroup/servicegroup name changes [TPS#8060] -JO
Added callbacks: NOTIFICATION_EMAIL_SENT and NOTIFICATION_SMS_SENT and updated existing NOTIFICATION callback arguments -BH
Added performance data graphs to notification emails [TPS#12650] -BH
Added the ability to add/remove free variables in Bulk Modifications Tool [TPS#11775] -SAW
Added a configuration wizard and plugin for capacity planning [TPS#2173] - SAW
Added ability to show customvars in objects/host, objects/service, and objects/contact by sending customvars=1 in API request [TPS#12420] -JO
Added ability to schedule all hosts and/or services for hostgroups and servicegroups in Schedule Downtime page [TPS#10043] -JO
Added focus the first field of every page in the config wizards [TPS#11259] -SW
Added saving tactical overview configuration settings as a per-user setting. [TPS#6923] -SW
Added [datetime] macro to scheduled reports [TPS#9635] -SW
Added confirmation dialog when clicking the X on dashlets to confirm you want to delete the dashlet [TPS#7377] -SW
Added ability to edit alias and display_name on reconfigure host page and display_name on reconfigure service page [TPS#8724] -SW
Added better searching from host/service detail page to filter the displayed results instead of taking you back to the top level [TPS#13810] -SW
Added timestamp to filenames of downloaded and emailed PDFs, CSVs and JPGs [TPS#10680] -SW
Added ability to specify custom ports to scan in auto discovery [TPS#12383] -SW
Added downtime icons to Hostgroup Overview, Hostgroup Grid, Servicegroup Overview, Servicegroup Grid [TPS#10200] -SW
Added setting for trimming of Max Comment Age in Admin -> Performance Settings -> Databases [TPS#12313] -SW
Added /usr/share/snmp/ & /etc/snmp/ & /home/nagios to backup and restore scripts [TPS#10202] -SW
Added more time period options to Graph Explorer time period dropdown [TPS#13378] -JO
Added the ability to enable/disable the web GUI terminal [TPS#13690] -CN
Added notes, notes url, actions url in a Misc section on Host and Service details pages [TPS#13997] -JO
Added object type and states to Top Alert Producers as filter dropdowns like other reports -SS
Added ability to use config_name in api/config/services to update services with multiple hosts or hostgroups [TPS#13605] -JO
Added copying of all template and information linked to services when using Add Service in Bulk Modification Tool [TPS#13585] -JO
Added objects/timeperiod to the Objects API to show what time periods are available [TPS#13425] -JO
Added ability to set new user account information email text and subject in System Settings > User Accounts [TPS#11830] -JO
Added user’s API key allowing auth to Nagios Core JSON API endpoints via components/nagioscore/ui/(objectjson.php,statusjson.php,archivejson.php) [TPS#12717] -JO
Added “Create as Monitoring Contact” checkbox in Users edit page when applicable [TPS#14046] -SAW
Added new features to the Manage MIBs page [TPS#13946, TPS#4810] -SAW
Added ability for deleting multiple objects via the config API commands [TSP#10435] -JO
Added is_volatile to the list of single config options that can be changed in the Bulk Modifications Tool [TPS#14105] -JO
Added api/config options such as the PUT edit endpoints and added hostgroups and servicegroups [TPS#13425] -JO
Added right-hand alignment on system statistic dashlets (thanks Steve B) -JO
Added ability to select the default system theme on install -JO
Moved Legacy Network Status Map link into Legacy Reports section in the Reports tab -JO
Fixed auto discovery status to no longer show throbber if it is waiting for it’s first scheduled run [TPS#7097] -SW
Fixed wording in deadpool emails to no longer say deleted if objects are to be deactivated -JO
Fixed large systems with lots of limited users receiving duplicate key SQL error text in UI after apply config -JO
Fixed issue in Custom URL dashlet where it would not properly load certain pages when dashboard is exported as PDF -JO
Fixed re-configure “Edit in CCM” button when two services with the same name but have a different case -JO
Fixed Restart Nagios Core button in User Macros component not working properly -JO
Fixed Object Does Not Exist message on large systems when ndoutils database is loading with new adjustable performance setting [TPS#14108] -JO
Fixed scheduledowntime API endpoint not allowing author paramter to be set [TPS#14141] -SW,JO
Fixed issue in basic auth where username/user id would not be populated correctly (Thanks Mickey) -SAW Core Config Manager (CCM) - 3.0.0
Added deletion of services with host if services do not have hostgroups or other hosts attached [TPS#13537] -JO
Added proper audit logging to all the sections/actions that are performed [TPS#13495] -JO
Added ability to edit free variables instead of having to remove and re-add them [TPS#12054] -JO
Added Manage Service Groups and Manage Dependent Service Groups buttons to service dependency objects [TPS#9066] -JO
Added ability to import excluded hosts/hostgroups [TPS#14113] -JO
Added checkboxes for Host Groups and Service Groups in the CCM limited access permissions panel in user edit -JO
Added Service Groups to Service Escalation Objects [TPS#14136] -SAW
Added renaming of perfdata when a service or host is renamed [TPS#14143] -JO
Fixed issue where host/services applied to service groups would not show as Unknown for limited CCM users -JO
5.5.11 - 02/28/2019
- Fixed command injection security vulnerability in Autodiscovery script (CVE-2019-9164) (thanks Paolo Giai of Shielder) -JO
- Fixed issue with permissions on config.inc.php and import_xiconfig.php allowing users to write to files (CVE-2019-9166) (thanks Paolo Giai of Shielder) -JO
- Fixed an XSS vulnerability that can be passed in using the xiwindow parameter (CVE-2019-9167) (thanks Paolo Giai of Shielder) -JO
- Fixed SQL injection when using Fuse Key and certain parameters (CVE-2019-9165) (thanks Paolo Giai of Shielder) -JO
5.5.10 - 02/12/2019
- Updated Host and Service Status pages to hide dashlets by passing hidedashlets=1 in the URL -JO
- Updated ADODB library to version 5.20.14 to fix bugs and XSS security vulnerability -JO
- Updated Japanese translation files -JO
- Updated Graph Explorer fields to be searchable like other selectable dropdowns [TPS#13975] -SW,JO
- Removed technicians’ diagnostic tool from SNMP Trap Interface -SAW
- Fixed CCM “Changes detected!” message now checks against each section, instead of specific config files [TPS#13970] -SAW
- Fixed issues with Capacity Planning backend in preparation for configuration wizard and plugin [TPS#13817] -SAW
- Fixed issue where parts of the SNMP Trap Interface would fail when using the XI 2014 theme [TPS#14024] -SAW
- Fixed Object Does Not Exist error on Service Details page when using + in the service description [TPS#14003] -JO
- Fixed services in Service Group which have the same beginning of a name on the same host not showing in config [TPS#14007] -JO
- Fixed Unconfigured Objects not properly parsing host status check results [TPS#14009] -JO
- Fixed Unconfigured Objects auto import host/service template selections not saving -SS
- Fixed issue where the flash message bar would be underneath the help icon when help system is enabled -JO
- Fixed URL links in PDF generated reports to properly use the external/internal URLs for links [TPS#14026] -JO
- Fixed issue where enterprise restrictions weren’t activated properly in the SNMP Trap Interface [TPS#14025] -SAW
- Fixed initial file permissions for auditlog.log when it is initially generated [TPS#14038] -JO
- Fixed MySQL nagiosql errors in cmdsubsys.log for regular users with limited CCM access [TPS#14045] -JO
5.5.9 - 01/17/2019
- Updated Nagios Core to version 4.4.3 to fix various bugs and security issues -JO
- Fixed issue with Event Log decoding HTML elements improperly -JO
- Fixed CCM imported service templates defaulting 0 for max_check_attempts, check_interval, retry_interval [TPS#13954] -JO
- Fixed descriptions and raw data can be removed when editing a trap definition in SNMP Trap Interface [TPS#13971] -SAW
- Fixed windows DOS line endings from user-inputted raw data in SNMP Trap Interface [TPS#13989] -SAW
- Fixed an issue where table records would not load correctly in the SNMP Trap Interface using PostgreSQL -SAW
- Fixed an issue in the SNMP Trap Interface where Trap Definitions could not be edited on systems using PostgreSQL [TPS#13968] -SAW
- Fixed exporting perfdata when in two-column mode only rendering half of the graph [TPS#13979] -JO
5.5.8 - 12/11/2018
Fixed tmp directory for exporting RRD performance data -JO
Fixed UTF-8 characters in host/service names not allowing for external commands from the GUI to be processed [TPS#13833] -JO
Fixed upgrading Config Wizards due to wizards with the same directory name [TPS#13857] -JO
Fixed XSS security vulnerabilities in rss_dashlet -JO
Fixed an issue where importing configuration from files/REST API would sometimes cause duplicate service definitions [TPS#13871] -SAW,JO
Fixed Availability dashlet to work like a normal dashlet and lookback period is properly set based on the report it’s created from [TPS#13841] -JO
Fixed issue with nmap multiple IP addresses causing problems running because of security fix -JO,SS
Fixed issue with specific configurations in ndoutils causing Core to crash by updating ndoutils to 2.1.3 -JO
Fixed lock file permissions for Core 4.2.4 (if users are using mod_gearman or had to downgrade to XI’s old version of Core) -JO Core Config Manager (CCM) - 2.7.4
Added icon to relationship popup for host/services that are inactive [TPS#13852] -JO
Fixed missing hosts/service from relationships popup when applied to groups that are set as inactive [TPS#13852] -JO
5.5.7 - 11/13/2018
Fixed privilege escalation security vulnerability in MRTG graphing component by running as nagios user/group (thanks Daniel Sayk of Telekom Security) [TPS#13778] -JO
Fixed security vulnerability with API key regeneration function allowing non-admins to regenerate other user’s API keys (thanks Chris Lyne of Tenable) [TPS#13780] -JO
Fixed security vulnerability in BPI’s api_tool.php where the script could be accessed through the web server (thanks Chris Lyne of Tenable) [TPS#13780] -JO
Fixed security vulnerability in command subsystem with some commands not being escaped properly (thanks Chris Lyne of Tenable) [TPS#13780] -JO
Fixed security vulnerability in Auto Discovery component where some commands not being escaped properly (thanks Chris Lyne of Tenable) [TPS#13780] -JO
Fixed XSS security vulnerabilities in the interface (thanks Chris Lyne of Tenable) [TPS#13780] -JO
Fixed old lock file location in snapshots by restoring lock file setting on snapshot restore [TPS#13795] -JO
Fixed Notes and Actions URL button links URL encoding in Host/Service Status pages [TPS#13802] -JO
Fixed Core issue (#572) causing service recovery emails to be sent when a initial notification wasn’t sent. [TPS#13805] -SW
Fixed Core issue (#575) where soft recovery states did not apply for services -JO
Fixed issue in API where hostgroup/servicegroup scheduled downtime would not schedule service downtimes [TPS#13818] -JO
Fixed BPI service group sync to not add empty service groups that cause an error on the screen [TPS#13777] -JO
Fixed BPI issue with the processing of subgroups applied to multiple groups failing to set proper status [TPS#13816] -JO Core Config Manager (CCM) - 2.7.3
Fixed issue with free variable escaping on CCM importing configuration files [TPS#13794] -JO
5.5.6 - 10/30/2018
Updated PHPMailer to version 5.2.26 for security/bug fixes -JO
Added documentation link to Deadpool Settings [TPS#11295] -SW
Fixed Capacity Planning report issues with UTF-8 characters in host/service names -JO
Fixed auth/session checks in Capacity Planning API calls -JO
Fixed inconsistency with Hostgroup/Servicegroup members being pulled from the API causing dashlet issues in Fusion [TPS#13650] -SW
Fixed creating performance graph dashlet on host/service status pages causing page to scroll to top [TPS#13671] -JO
Fixed service config for ndoutils causing issues sometimes with starting when lock/sock exist -JO,BO
Fixed sorting of MIBS to be case in-sensitive [TPS#10281] -SW
Fixed default NRDP token to be set in config file on first visit to Admin -> Inbound Transfers [TPS#12198] -SW
Fixed Gauge Bug where gauge would not display of the value was just 0 [TPS#13757] -SW
Fixed Capacity Planning PDFs to have warning/critical lines when set to display automatically [TPS#13772] -JO Core Config Manager (CCM) - 2.7.2
Fixed not saving * selection for hostgroups and saving of negated hosts/hostgroups on services [TPS#13664] -JO
Fixed slow loading of objects (hosts/services/etc) on large systems due to no limits on main SQL query [TPS#13692] -JO
Fixed hosts and services menus go to the first page after a config is deleted or cloned [TPS#13766] -SW
5.5.5 - 10/11/2018
- Fixed adding new user creating a message that says current user should update their API key if they haven’t yet -JO
- Fixed login link on rapid response URL when a ticket does not exist or has expired -JO
- Fixed status check for NDO in BPI component API tool so that it properly sleeps after each call -JO
- Fixed audit log max age value undefined default to 180 instead of 30 and added to performance settings -JO
- Fixed an issue where notification settings would sometimes display incorrectly [TPS#13613] -SAW
- Fixed an issue where hosts/services with forward-slashes (“/”) in their names would not reconfigure correctly [TPS#13607] -SAW
- Fixed various PHP notices in error log -JO
- Fixed issue with SLA report links not going to external (or program url if external is empty) when PDF is generated [TPS#13619] -JO
- Fixed logging scheduled reporting pdf generation to wkhtmltox.log -JO
- Fixed issue with reports/pages missing data in PDFs [TPS#13628] -JO
- Fixed user permissions on non-active objects causing large/slow SQL queries on some systems -JO
5.5.4 - 09/20/2018
- Updated jQuery library to 3.3.1 due to security vulnerabilities with older jQuery versions [TPS#13541] -JO
- Updated config.inc.php config value (set $cfg[‘old_browser_compat’] = 1;) to set jQuery to older version for IE 8 -JO
- Fixed cron for deadpool using old script that was not available on new installs -SW
- Fixed misspelling in NXTI component when editing a defined trap [TPS#13558] -JO
- Fixed issue with Recurring Downtime wildcards not working [TPS#13562] -JO
- Fixed BPI output displayed when in problem state to not have HTML because output is too long [TPS#13552] -JO
- Fixed malformed combined availability reports [TPS#13573] -CN
- Fixed issue with configuraiton snapshot page permissions (Thanks Nathan Jones) -JO
- Fixed XSS in auto login admin management page (Thanks Nathan Jones) -JO
- Fixed issue with Nagios Core notifications during downtime -SW
5.5.3 - 08/28/2018
- Updated Nagios Core to version 4.4.2 to fix some issues that weren’t patched in XI’s Core version -JO
- Fixed nom script that runs automated config backups to use full nagios config check instead of nagios init script -JO
- Fixed local backups not getting pruned [TPS#13474] -SW
- Fixed issue with deadpool cron job not being able to delete host/services due to script changes -JO
- Fixed SNMP Trap Interface issue with deleting defined traps on Postgres upgraded systems [TPS#13480] -JO
- Fixed SLA report to have show/hide details links in hostgroup/servicegroup SLA reports [TPS#13479] -JO
- Fixed SNMP Trap Interface issue where timestamps would sometimes show all zeroes [TPS#13508] - SAW
- Fixed Manage MIBs “Process All Traps” button to use the same MIB conversion rules as the “Add to SNMPTT” option - SAW
- Fixed SNMP Trap Interface issue where Show Test File Contents/Show Unknown Trap Log could freeze the browser - SAW
5.5.2 - 07/26/2018
- Fixed missing comments on hover for host/services on service detail page [TPS#13423] -JO
- Fixed Scheduled Downtime page scheduling using full name not username like other places in GUI [TPS#13426] -JO
- Fixed issue where scheduling some pages would cause PDF to have session timeout error [TPS#13427] -JO
- Fixed dashboard background not working and background color selector in some browsers not showing shading [TPS#13432] -JO
- Fixed performance graph title url link not working properly if service has url encoded name [TPS#13431] -JO
- Fixed recurring downtime not able to read the recurring downtime configuration from older systems [TPS#13440] -JO
- Fixed recurring downtime not properly scheduling services if host had any related downtimes [TPS#13441] -JO
- Fixed issue where Nagios Core would have two running processes after upgrade from < 5.5 on EL6 -JO
- Fixed issue in Nagios Core where scheduled flexible downtimes would not trigger downtime start -JO
- Fixed bulk modifications tool to only shop the inheritance options when the configuration type allows them [TPS#13455] -JO
5.5.1 - 07/12/2018
Updated host and service details pages to show notes_url and actions_url links -JO
Updated notes_url and actions_url in host and service status/details pages to support some basic macro expansion [TPS#13387] -JO
Updated options in the BPI config settings to turn off automatic sync and object removal -JO
Fixed issue in Schedule Downtime page where services won’t show if user is not a contact on the host [TPS#13374] -JO
Fixed missing fields in Audit Log for certain commands in cmdsubsys [TPS#13382] -JO
Fixed issue with Trial Extensions not applying if they weren’t a certain length [TPS#13379] -JO
Fixed auth token generation and login issue on upgraded PostgresQL systems -JO
Fixed SSL errors causing broken PDF reports on some systems configured for SSL -JO
Fixed issue where Nagios Core UI proxy would ask for authentication [TPS#13395] -JO
Fixed fix check_interval and retry_interval bug in Core 4.4.1 (Core Patch) -SW,JO
Fixed passive checks sending recovery email when host was previously UP (Core Patch) -SW
Fixed check_http causing certificate checks to fail if location was forbidden or had an error after check (Plugin Patch) -SW
Fixed metrics component to work with new NCPA wizard command names [TPS#13409] -JO
Fixed scheduled backups so that the proper amount of backups are retained in FTP/SSH backups -JO
Fixed tables for SNMP Trap Interface for upgraded systems -JO
Fixed sync and auto removing to run in BPI to their own cmdsubsys command that also checks if NDO is loaded [TPS#13407] -JO
Fixed display names on host and service status pages [TPS#13415] -SW,JO Core Config Manager (CCM) - 2.7.1
Fixed permissions not updating properly when a non-admin user creates a host/service object [TPS#13397] -JO
5.5.0 - 06/28/2018
Added mobile phone verification to be able to receive text message notifications (on upgrade, already entered numbers will be set to verified) [TPS#12042] -JO
Added the host and service notes_url and action_url icons/links to the host/service status pages in XI [TPS#7893] -JO
Added versions for Nagios Core, Nagios-Plugins, SSH Terminal, NRPE, NSCA, PNP, etc in profile [TPS#1456] -JO
Added installed components, wizards, and dashlets version numbers in profile [TPS#1456] -JO
Added ipcs command to profile [TPS#9108] -BH
Added audit logging for CCM -> Write Config Files [TPS#7954] -BH
Added ability to click username to edit user in Manage Users admin page [TPS#6186] -JO
Added state filtering into state history report [TPS#5970] -JO
Added removal of user’s scheduled reports from the apache cron tab when deleting a user [TPS#8239] -JO
Added SSH key authentication as a scheduled backup SSH authentication method [TPS#4689] -JO
Added encryption to the passwords that are stored from scheduled backups FTP and SSH auths [TPS#4689] -JO
Added number of checkpoints held as an option in performance settings under “Snapshots” [TPS#8345] -JO
Added new Manage Reports page to the Reports tab for admins to manage users scheduled reports [TPS#11609] -JO
Added checkbox in user’s Account settings section under Notification Methods to have emails send as plain text only [TPS#10895] -JO
Added two factor authentication for users by verifying the user received an email token [TPS#12189] -JO
Added setting for two factor authentication to remember a user and browser to skip two factor auth [TPS#12189] -JO
Added shellinabox as a replacement for Ajaxterm which has been removed for SSH Terminal enterprise feature [TPS#12202] -JO
Added setting in system settings > password & accounts to not allow old passwords to be used again when changing passwords [TPS#12132] -JO
Added allow SSL/HTTPS-only option on install [TPS#12073] -JO
Added table sorting to the downtime scheduling page [TPS#9194] -JO
Added auto configuration/import of unknown incoming passive checks if enabled in unconfigured objects page [TPS#2231] -JO
Added session timeout and keepalive settings to security tab in Admin > System Settings section [TPS#9938] -JO
Added ability to select week format (week starts on Sunday or Monday) [TPS#8082] -JO
Added new datetimepicker to reports to easily be able to select times including hours, mins, and seconds [TPS#12048] -JO
Added commands (core), scheduleddowntime, auth servers into system API backend -JO
Added raw import, commands, into config API backend -JO
Added auth tokens for single-use login and ability to authenticate to an API endpoint -JO
Added insecure login security setting to allow old backend ticket-based auth on per-user basis -JO
Added automatic BPI sync (and remove missing hosts/service) on Apply Configuration in the CCM [TPS#6127] -JO
Added ability to activate product from inside the GUI without having to manually get activation code -JO
Added setting in system settings to disable renewal reminders for non-admin users -JO
Added a help document with instructions for updating and creating translations [TPS#12830] -JO
Added links to the host/service details pages for hostgroups and servicegroups [TPS#12055] -JO
Updated backend for re-configure and apply configuration (reconfigure_nagios.sh) to no longer use wget [TPS#9908] -JO
Updated backend helper and deletion scripts (ccm_delete_objects.php) to no longer use wget [TPS#9908] -JO
Updated layout of profile.zip file and added timestamp to profile folder -JO
Updated Nagios Plugins to version 2.2.1 [TPS#11685] -JO
Updated NRPE to version 3.2.1 [TPS#11687] -JO
Updated Nagios Core to version 4.4.1 [TPS#12028] -JO
Updated NRDP to version 1.5.2 -JO
Updated NagVis version to 1.9.8 with auto-login Nagios modules -JO
Updated host and service detail menu links to say status instead, in line with the actual page titles [TPS#12059] -JO
Updated host and service SMS (text) message subject fields to be able to be blank [TPS#7099] -JO
Updated nagiosxi database username field to allow for 255 character long usernames [TPS#11608] -JO
Updated user passwords to a more secure algorithm/process [TPS#12158] -JO
Updated wording for display host/service aliases (to accurately reflect that they display the display name) [TPS#7112] -BH
Updated PDF and JPG report exports to use localhost/local url instead of internal url -JO
Updated permissions for sudo-ran scripts in fullinstall and reset_config_perms.sh [TPS#12730] -JO
Updated layout for Capacity Planning report to utilize the full screen size -JO
Updated API objects backend to use json_encode() instead of xml2json for PHP version consistency which also removed "
Fixed issue with host and service template filter search box in bulk modification tool [TPS#13163] -JO
Fixed minor XSS vulnerabilities [TPS#13211,13213] -JO
Fixed links in notification report when host or service has an alias defined [TPS#13251] -JO Core Config Manager (CCM) - 2.7.0
Added CCM limited and full access via session for regular users (CCM ‘Power User’) [TPS#13227] -JO
Added contact alias next to contact name in contact overlay when an alias exists [TPS#10049] -JO
Added services applied to hostgroups to the host services list on service groups [TPS#13158] -JO
Updated copying a service change the service name and not the config name [TPS#12270] -JO
Updated writing configs to no longer rely on pear library HTML_Template_IT [TPS#12386] -JO
Updated importing config search to be case-insensitive -JO
Fixed importing services with multiple objects finding the proper config name [TPS#13303] -JO
5.4.13 - 03/13/2018
Added notification alteration callbacks -JO
Added notification template callbacks, updated documentation -BH
Fixed NPCD not showing as running in systemctl on EL7 systems even though it is running [TPS#12924] -JO
Fixed command subsystem to only try to package and download components/dashlets/configwizards that exist -JO
Fixed XSS vulnerability in views page -JO
Fixed RCE vulnerability in component download page (Thanks Bjoern Brixner at Telekom Security) -TM
Fixed enterprise only banner for sending single report emails [TPS#13025] -JO
Fixed permalink URL generation to use the proper location when sending xiwindow url [TPS#13036] -JO
Fixed scheduled report subject field to not append generic text when subject is set [TPS#13062] -JO
Fixed deadpool not running properly on it’s cron [TPS#13075] -SW
Fixed BPI calculation to use round() properly so groups > 1000 objects shows proper statuses [TPS#13078] -JO
Fixed dashboards disappearing with non-UTF8 names/titles (can use config.inc.php option $cfg[‘db_conn_utf8’] = 0; in some cases) [TPS#13051] -JO
Fixed vulnerability in NagiosQL (Thanks @iotennui, @BennyHusted, @0xC413 on twitter) [CVE-2018-8733,CVE-2018-8734,CVE-2018-8735,CVE-2018-8736] -JO,TM Core Config Manager (CCM) - 2.6.11
Fixed u option in service dependencies for execution_failure_criteria & notification_failure_criteria to reak Unknown instead of Unreachable -SW
Fixed hostgroup excludes on service management page [TPS#12952] -JO
Fixed CCM importing config name value in service definitions -JO
5.4.12 - 01/16/2018
- Fixed double percents (%%) in performance graph legends [TPS#12701] -JO
- Fixed url encoding in outbound NRDP checks [TPS#12742] -SAW
- Fixed MRTG cron job arguments for lock file for EL7 in rpms [TPS#12865] -JO
- Fixed flexible downtime duration setting in scheduled downtime page [TPS#12890] -JO
- Fixed downtime duration column to show proper duration for fixed and flexible in scheduled downtime page [TPS#12890] -JO
- Fixed install script not recognizing IP address on ipv6-only machines [TPS#8588] - SAW
- Fixed upgrade from GUI where upgrade textarea would stop updating even though upgrade finishes [TPS#12571] -JO
- Fixed htmlentities in SLA report breaking UTF-8 characters [TPS#12905] -JO
5.4.11 - 10/31/2017
Fixed ampersand encoding in URLs on the views page [TPS#12526] -JO
Fixed perfdata graphs legend data units of measurement when first unit has none specified [TPS#12504] -JO
Fixed the acknowledgment/handled state icon in BPI -JO
Fixed issue where some groups would not get proper status checks (due to recursion) in BPI [TPS#12488] -JO
Fixed issue with utf8 character encoding with MySQL connections in Bulk Renaming Tool and elsewhere [TPS#12537] -JO
Fixed time stamp in eventqueue [TPS#12597] -SAW
Fixed issue with graph explorer dashify not checking NSP [TPS#12562] -SAW
Fixed Recurring Scheduled Downtime service descriptions with * in them not showing up in list [TPS#12616] -JO
Fixed alert histogram link in Nagios Core UI from host/service advanced section [TPS#12655] -JO
Fixed issue where XML for BPI was being read from cache only on API calls -JO,CN
Fixed issue where manually running a check command would display the value of potentially sensitive user macros [TPS#12673] -CN Core Config Manager (CCM) - 2.6.10
Fixed flap detection options values not showing properly in the CCM as selected [TPS#12654] -JO
5.4.10 - 09/20/2017
Fixed recurring downtime services tab for users to correctly show downtimes they have created if they have service perms [TPS#12434] -JO
Fixed LDAP multiple naming contexts if context has no dc= in the name [TPS#12435] -JO
Fixed issue with IPv6 addresses not redirecting properly [TPS#12461] -JO Core Config Manager (CCM) - 2.6.9
Fixed new MySQLi database connection charset to be UTF8 [TPS#12441] -JO
5.4.9 - 09/07/2017
- Updated Japanese language translations (thanks Suzuki) -JO
- Fixed XSS security vulnerabilities (Thanks Björn Brixner at Telekom Security, Sobolev Eugene, itpsl.org, H_D, PenGenKiddy, and RO421) [TPS#12285,TPS#12374] -JO
- Fixed language settings for user not showing up as translated -JO,SB
- Fixed schedule downtime (and others) requirement check to trim data before doing field required checks [TPS#12303] -JO
- Fixed some pages admin-only permissions -JO
- Fixed AD/LDAP import when password complexity requirements are enabled [TPS#12334] -JO
- Fixed unconfigured objects for host-only results [TPS#12361] -JO
- Fixed installation on systems with non-standard CentOS/RHEL suoders file by trying to fix issues if possible [TPS#12380] -JO
5.4.8 - 08/02/2017
Fixed inconsistency with different object types in the API help examples for configs [TPS#12162] -JO
Fixed perfdata graph links for services with spaces in them [TPS#12170] -JO
Fixed host comment and acknowledgment icons not linking to the details page like the service ones [TPS#12184] -JO
Fixed some text inconsistencies in the bulk modifications tool [TPS#12172] -JO
Fixed auto-login button on main page not doing an auto login [TPS#12203] -JO
Fixed XSS security vulnerability (thanks Olvieira Lima) -JO
Fixed issue with SLA dashlet/report where certain custom time frames wouldn’t show up properly [TSP#12248] -JO Core Config Manager (CCM) - 2.6.8
Fixed issue when cloning timeperiods that have a ‘name’ value set (templates) [TPS#12159] -JO
Fixed the free variable number to update after closing the free variable box [TPS#12176] -JO
Fixed issue with importing host and service names with + in them [TPS#12161] -JO
5.4.7 - 07/11/2017
- Updated encrypted files to work with PHP 7.0.x and 7.1.x -JO,SW
- Fixed issue with SLA report SLA Target value being set to an int [TPS#12079] -JO
- Fixed issue in secured rapid response where URL was not passing proper parameters when users are redirected after login [TPS#12098] -JO
- Fixed popup view of recent snapshots view action on the CCM splash page [TPS#12083] -JO
- Fixed executive summary PDF and JPG download option not working [TPS#12105] -SS,JO
- Fixed PDF generation missing some fonts on EL7 full installs [TPS#12104] -JO
- Fixed get_xml_comments() in host and service ajax helpers to limit comment query down to only the objects that are visible [TPS#12064] -JO
- Fixed various minor security issues [TPS#12112,12113,12117,12120] -JO
5.4.6 - 06/27/2017
- Updated languages to include Bulgarian translations (Thanks Ludmil) -JO, LM
- Fixed upgrade failing if no services or host config files existed in the main config directories [TPS#11921] -JO
- Fixed issue on host/service status details pages where changing page limit from low to high showed no results found until refresh [TPS#11897] -JO
- Fixed inactive contacts from being selectable on the contact list in bulk modifications tool [TPS#11950] -JO
- Fixed link to CCM from “Re-configure” section in host/service details page to remove “Config Name” value when doing search [TPS#11700] -JO
- Fixed dashlet refresh rates on object status pages to show up in “dashlet” tab in performance settings [TPS#11974] -JO
- Fixed state history link in Top Alert Producers report page [TPS#12045] -JO
5.4.5 - 05/31/2017
Updated re-configure service message and link for advanced configurations [TPS#11700] -BH
Updated validation for URLs to use internal PHP validation on PHP 5.2+ [TPS#11689] -JO
Updated BPI host and service group sync to actually remove host and service groups from BPI that have been deleted or have no members [TPS#11743] -JO
Fixed issue with MySQL ports configured in-line inside config.inc.php [TPS#11688] -JO
Fixed Nagios BPI issue where adding new groups would cause spacing issues in the config [TPS#11721] -JO
Fixed issue with port for MySQL in automysqlbackup, repair, backup, and restore scripts [TPS#11754] -SS, JO
Fixed typos in API reference config object help section [TPS#11782] -JO
Fixed reset password sending username in GET parameters with password reset token [TPS#11793]
Fixed restore_xi.sh script to allow for overriding default password [TPS#9710] -BH
Fixed various minor security issues -JO Core Config Manager (CCM) - 2.6.7
Fixed result limit box in the CCM settings page to be a dropdown to match the CCM pages [TPS#11648] -JO
5.4.4 - 04/25/2017
- Removed support for new installs and upgrades on CentOS/RHEL 5 due to end of life -JO
- Changed cron job logs to append instead of truncate every time and updated logrotate to delete files. -BH
- Moved SB_LOGLEVEL definition into constants php file so it can be set (defaults to ERROR) [TSP#11535] -JO
- Fixed search fields on host/service details pages to keep search value in the search box [TPS#11376] -JO
- Fixed long host/service names in availability report causing data to be hidden [TPS#11361] -JO
- Fixed CSRF security vulnerabilities in scheduled reporting email template form [TPS#11400] -JO
- Fixed writing configuration files to import (Config Wizards) not writing out % symbols in host object values [TPS#11465] -JO
- Fixed issue in bulk modifications tool with adding host groups to hosts with existing hostgroup [TPS#11493] -JO
- Fixed issue with Autodiscovery permissions on xml files [TPS#11521] -JO
- Fixed BPI issue where replacing synced host/service grips would cause extra spaces after the first run [TPS#11501] -JO
- Fixed initial install mib directory permissions [TPS#11526] -JO
- Fixed ndoutils post install and upgrade scripts from updating kernel settings if they are already set higher [TPS#11143] -JO
- Fixed display not able to scroll on smaller screens [TPS#11630] -JO
5.4.3 - 03/16/2017
Fixed Rapid Response not respecting acknowledgement defaults [TPS#11014] -BH
Fixed scheduled downtime where multiple hosts and “apply for all services” do not create host downtime and doubling services [TPS#11060] -JO
Fixed reset_defaults.sh to ask if user wants to reset before running [TPS#11065] -JO
Fixed gauge dashlet from not working on certain datastore names [TPS#10923] -JO,BH
Fixed extra memory usage that could hit php memory limit in graph explorer’s fetch_rrd function -JO
Fixed additional hard-coded database name in SQL query [TPS#10936] -JO
Fixed Schedule Downtime using the browser’s hostname instead of localhost for downtime query [TPS#11153] -BH
Fixed deadpool hostname escaping issue when running final stage deletion command -JO
Fixed deadpool cron run time from every 5 minutes to every minute [TPS#11230] -JO
Fixed sorting order in create and edit BPI group host/services member slection list [TPS#11204] -JO
Fixed permalink creation to create based on external url and urlencoded frame url [TPS#11198] -JO
Fixed command check test showing up as html entities in
tags [TPS#11244] -JO
Fixed deadpool service filters regex match looking at hostname instead of servicename [TPS#11301] -JO Core Config Manager(CCM) - 2.6.6
Fixed default page limit to be set properly [TPS#11026|11028] -JO,BH
Updated CCM Table to accurately display ‘Config Name’ instead of ‘Service Name’ [TPS#11170] -BH
Nagios Core
- Fixed issue with flexible downtime disabling notifications for host/services (4.2.4 patch) -JO,JF
5.4.2 - 02/07/2017
- Fixed ndoutils segfault issue with patch for ndoutils 2.1.2 -JO, JF
- Fixed no output on repair_databases.sh script when locked -BH
- Fixed no newline occasionally on API Error [TPS#10883] -BH
- Fixed deadpool cron to use the default language set for the Nagios XI server in “User Defaults” [TPS#10764] -JO
- Fixed license key wording when switching from FREE to licensed to give better information [TPS#10858] -JO
- Fixed issue where the shown scheduled backup directory was set to /usr/local/nagiosxi in the interface [TPS#10868] -JO
- Fixed license page enterprise license key display message [TSP#10860] -JO
- Fixed issue with ndo2db upstart job conflicting with ndo2db init script [TPS#10882] -JO
- Fixed issue where nagios.log cannot be read by the nagios group causing legacy report failures [TPS#10891] -JO
- Fixed initial libexec plugin permissions on initial install [TPS#10900] -JO
- Fixed perfgraph page to show dropdown options as “Last x days” to accurately reflect the lookback period [TPS#10902] -JO
- Fixed issue with htmlentities on scheduled report message not displaying non-english characters correctly [TPS#10893] -JO
- Fixed gauge not showing for Root Partitions [TPS#10923] -BH
- Fixed issue with Bulk Mod Tool that used a hardcoded table name instead of one in config.inc.php [TPS#10936] -JO
5.4.1 - 01/26/2017
Fixed upgrade properly detecting mysql/mariadb [TPS#10603] -BH
Fixed restore_defaults.sh inability to be ran outside of scripts/ dir [TPS#10605] -BH
Fixed restore_defaults.sh to take offloaded db into consideration, and now uses proper credentials [TPS#10627] -BH
Fixed issue in Safari that made scheduled downtime page not be able to select hosts/services [TPS#10617] -JO
Fixed issue where some systems would show ndo2db as not running in the GUI even though the daemon is running [TPS#10636] -JO
Fixed issue on AD/LDAP import page where errors were not displaying and server wasn’t re-selected on form submit [TPS#10640] -JO
Fixed PHPMailer security vulnerabilities by updating to 5.2.22 -JO
Fixed issue with host/service detail table status page graphs exporting using Highcharts dropdown [TPS#10672] -JO
Fixed issue with Help System not loading help videos in systems using HTTPS [TPS#10697] -JO
Fixed issue with Help System where resizing the windows would empty the help popup -JO
Fixed empty or FREE license key giving invalid key message during trial time period on license page [TPS#10725] -JO
Fixed deployed, synced dashboards to automatically be removed when the dashboard is deleted by the source dashboard [TPS#10720] -JO
Fixed legacy network map from not changing map type when selecting type icons [TPS#10774] -JO
Fixed status map issues with single hosts (Core 4.2.4 update) [TPS#10808] -JO
Fixed profile component to have more logging lines and the more useful log files [TPS#10829] -JO Core Config Manager (CCM) - 2.6.5
Fixed services and escalations showing ‘unreachable’ opposed to ‘unknown’ [TPS#10589|10533] -BH, JO
Fixed issue where test commands did not work on systems with a php version less than 5.3 [TPS#10633] -SW
Fixed dropdown items per page not working when selecting “None” [TPS#10632] -JO
Fixed issue with CCM import not accepting commas even though it splots on them [TPS#10736] -JO
5.4.0 - 12/28/2016
Upgraded Nagios Core to version 4.2.4 -JO
Upgraded NDOUtils to version 2.1.2 -JO
Upgraded NRDP to version 1.4.0 -JO
Added combined CSV export option for availability report [TPS#9682] -LG
Added support for offloaded databases in the repair_databases.sh script [TPS#6270] -BH
Fixed email not being updated for XI Contact when XI User is updated [TPS#6291] -BH
Fixed security type not being respected properly by LDAP/AD Integration component [TPS#8557] -BH
Fixed issue where system status popup would show white text for non-admins who can view it [TPS#10055] -JO
Fixed issue with French translations in LDAP/AD import/manage servers pages [TPS#10473] -JO
Fixed various XSS vulnerabilities (BPI url, Scheduled Backups url) -JO
Fixed issue spaces in mibs cause snmptt to fail (manage mibs page now replaces spaces with _ on upload) [TPS#10486] -JO
Fixed text on views popups to not have unprocessed html output in them [TPS#10499] -JO
Fixed issue with RRD exporting that would not work with : in the service description [TPS#10566] -SS, JO Core Config Manager (CCM) - 2.6.4
Fixed issue with ID and page number not being an int -JO
Fixed various XSS vulnerabilities (search bar and others) -JO
Fixed issue with returnUrl set to non-CCM url -JO
Fixed issue with importing contacts/contact groups not importing all contact options [MT#800] -JO
Fixed exclamation points being unable to be used in command arguments in CCM [TPS#9741] -BH
5.3.4 - 12/14/2016
Fixed NTP on full install (was enabled but not started) -JO
Fixed apache cron permissions for backup and restore scripts -JO
Fixed sudo call for getprofile.sh call to use full path [TPS#10195] -JO
Fixed use of * character in AD/LDAP directory/group names [TPS#10238] -JO
Fixed cancel button on multiple pages still submitted form [TPS#10253] -SW
Fixed shell scripts to use full path [TPS#10278] -BH
Fixed alias being updated when ‘Name’ field changed on user update [TPS#10288] -BH
Fixed missing delete button image on unconfigured objects page -JO
Fixed perfdata graph sizing on availability report [TPS#10294] -JO
Fixed system status layout on 2014 and classic themes [TPS#10308] -JO
Fixed multiple styling issues with 2014 and classic themes -JO
Fixed XML escaping to work properly on large values [TPS#10355] -JO, BH
Fixed default last, avg, max values to be set for perfdata graphs [TPS#10359] -JO
Fixed so shapes of highchart graph series data in tooltips will now match the legend in all template files [TPS#8017] -LG
Fixed perfdata graph dashlets to resize to default values [TPS#10413] -JO
Fixed non-standard ports for databases breaking upgrade [TPS#10440] -BH Core Config Manager (CCM) - 2.6.3
Fixed issue where some objects (timeperiods, commands) could not view relationship info in popup [TPS#10117] -JO
Fixed issue where Cancel button would not return to the view list when editing from a relationship link [TPS#10224] -JO
Fixed session tracking adding sessions from localhost (when scripts are ran on the CCM) [TPS#10380] -JO
5.3.3 - 11/21/2016
Updated Japanese translations (thanks Sasaki) -JO
Fixed logarithmic perfdata graphs when having negative values in Highcharts [TPS#9966] -LG
Fixed postgres re-sequencing script in tools directory using the correct import_xiconfig script -JO
Fixed Bulk Modifications tool “find relationships” button JS errors -JO
Fixed legend in graphs not displaying properly when gray theme is used [TPS#10008] -BH
Fixed import not creating duplicate services when multiple hostgroups defined [TPS#9708] -BH
Fixed calendar not displaying properly occasionally in graph explorer [TPS#10098] -BH
Fixed issue where DB connection fails while waiting for MySQL to actually start and shows repair DB messages -JO
Fixed encoding issue on My Tools page [TPS#10161] -JO
Fixed encoding issues for French language on a couple pages -JO Core Config Manager (CCM) - 2.6.2
Fixed issue with service escalations page showing two * in selection box after saving the service escalation [TPS#10045] -JO
Fixed missing * option in host escalation hosts and host group options that are in service escalation [TPS#10046] -JO
Fixed not being able to delete objects from the XI GUI (Reconfigure Tab) [TPS#10078] -BH
5.3.2 - 11/01/2016
Fixed bug in usermacro component where screen size would position the clear filter button in the wrong place [TPS#9842] -LG
Fixed translation issues on the mass acknowledgement “Check All Items” button after clicking [TPS#9838] -JO
Fixed modal sizing issues in bulk modifications tool [TPS#9870] -JO
Fixed translations in settings popout on the new status map [TPS#9847] -JO
Fixed various XSS vulnerabilities -JO
Fixed automatically setting secure cookie value with SSL enabled -JO
Fixed jQuery migrate XSS vulnerabilities (updated to 1.4.1) -JO
Fixed clean install adding the postgresql backup script even though postgres isn’t installed [TPS#9878] -JO
Fixed add to my reports functionality when reports are added from other sections in XI [TPS#9849] -JO
Fixed login redirect url to validate redirection better -JO
Fixed permalink to use a relative location instead of a full URL for xiwindow variable -JO
Fixed nagiosql database name being set in sql schema for those who have a different db name [TPS#9910] -JO
Fixed event_meta base64 encoding when storing event_meta in the database -JO, BH
Fixed upgrade increase_open_file_limits.sh check on certain systems and stopped the script from exiting install -JO, BH
Fixed mrtg lock directory used in cron job to take volatile tmpfs directories into consideration -BH, JO Core Config Manager (CCM) - 2.6.1
Fixed issue with host/service escalations now showing set escalation options in the GUI [TPS#9873] -JO
Fixed CCM showing login screen when not logged into XI (must be logged into XI session to view CCM) (Thanks CK) -JO
Fixed swapped UP/UNREACHABLE on host escalations and OK/DOWN on service escalations pages [TPS#9916] -JO
Fixed issue with contact relationships popup not displaying the dependant icon for some objects -JO
5.3.1 - 10/19/2016
- Fixed issue on clean XI install (or on upgrades if you upgrade component to 1.0.1) custom-includes component folder permissions [TPS#9705] -JO
- Fixed issue on scheduled downtime page in older browsers and IE [TPS#9748] -JO
- Fixed issue on scheduled downtime page that would allow user to submit endtime before starttime and auto update datetimepicker fields [TPS#9711] -LG
- Fixed issue causing session timeouts on CentOS/RHEL 5.x systems [TPS#9727] -JO
- Fixed issue where upgrade would stop if the open limits file (/etc/security/limits.conf) was not writeable -JO
- Fixed issue with new status map requiring Nagios Core login information to view the page -JO
- Fixed issue on scheduled downtime page where selecting via checkbox would not add the ID of the downtime to selected list -JO
- Fixed PHP notices from SSL version constants that do not exist in PHP < 5.5 -JO
- Fixed backup and restore scripts not keeping apache cron jobs (scheduled reporting / scheduled downtimes) [TPS#9774] -JO
- Fixed scheduled downtime page to correctly put scheduled and removed downtime in audit log [TPS#9779] -JO
- Fixed dashlet pin/unpin functionality on dashboards [TPS#9794] -JO
- Fixed view rotation continuing while on manage views page by pausing view rotation when clicking link to page [TPS#9757] -JO
- Fixed issue where title of perfdata graphs was showing up URL encoded -JO
- Fixed issue in graph explorer on timeline graphs in IE -JO
- Fixed bug in usermacro component causing detection to break when no system macros were selected -LG
- Fixed Japanese translation issues in certain sections -JO
5.3.0 - 10/03/2016
Updated cmdsubsys auditlog to show username in the log message -LG
Updated scheduled downtime page to allow searching, filtering, and pagination -JO
Updated adding multiple hosts/services through scheduled downtime pages -JO
Updated performance graphs page to follow modern report/page format -JO
Updated all Highcharts graphs with new styling -LG
Updated API help section to explain how to filter object API calls -JO
Updated perfdata page with report-style layout -JO
Updated performance graphs popup layout on host/service status pages -JO
Updated Global Event Handlers to use considerably less memory -BH
Updated ADODB database library to version 5.19 -JO
Updated Japanese translations (thanks Sasaki) -JO
Added timepicker to some datepicker fields -JO
Added use of currently selected time format in datetimepickers in Reports and other areas -JO
Added export functionality to perfdata/timeline/stack graphs [TPS#2601] -BH
Added objects/rrdexport to API [TPS#2601] -BH
Added objects/cpexport to API (capacity planning data export) [TPS#8441] -JO
Added API Key regeneration function to user pages [TPS#7200…7203|7135] -BH
Added system/applyconfig to POST for API [TPS#7198] -BH
Added Highcharts default display type [TPS#7617] -BH
Added Callbacks for User Creation/Password Change/Deletion [TPS#7155] -BH
Added callback help section documentaiton -BH
Added names to list of system status icons in system status dropdown menu -JO
Added option in config.inc.php to allow php to connect with persistent or normal connections -JO
Added custom-includes component to include custom css, js, and images that won’t get overwritten on upgrade -JO
Added meaningful API messages -BH
Added logging to the auditlog when submitting a core command through the coreuiproxy using constants-nagioscore.inc.php [TPS#8147] -LG
Added the rest of the NSCA encryption methods to inbound/outbound transfer admin pages [TPS#8406] -JO
Added ability to download Capacity Planning graphs as CSV file with timestamp,value fields [TPS#8441] -JO
Added ability to disable/enable user accounts [TPS#6771] -BH
Added navbar search to default to the appropriate page depending on which category you click on in suggest box [TPS#8332] -BH
Added service search to navbar search box [TPS#8331] -BH
Added advanced setting for Availability report labeled “Do not show service data” that will force it to only show host data [TPS#8382] -JO
Added some basic default MySQL tuning options on fullinstall and an additional script for performing basic tune manually [TPS#8586] -BH
Added get_xml_backend cache to Performance Settings [TPS#8584] -BH
Added automatic increase of global and root user open file limits -BH
Added ability to add free variables via API [TPS#8675] -SS,BH
Added required current password field for non-admins to change passwords [TPS#8731] -BH
Added output to repair database scripts to inform user if they succeeded or failed [TPS#8701] -TL,JO
Added query documentation into API [TPS#8835] -JO
Added capacity planning data to be exported via the API [TPS#8441] -JO
Added ability to select multiple hosts/services to schedule downtime for on scheduled downtime page -JO
Added ability to put all services for a host into schedule downtime at once -JO
Added a new Core Component Usermacros for managing user and system macros in Nagios XI [TPS#9008] -LG
Added translation of USER macros to all eligible wizard input fields [TPS#6739] -LG
Added custom API endpoint functionality [TPS#8979] -BH
Added ability to save tabs selected on scheduling page report [TPS#9050] -BH
Added tab to system settings in admin section for password complexity, lockout, and max trials [TPS#8729…8730] -BH
Added more verbose logging for PHPmailer which shows action, method and referer and will include successfully sent messages [TPS#9136] -LG
Added snmptt restart to nagios init script [TPS#9234] -BH
Added more user meta information for better security and auditing [TPS#9269] -JO
Added improved clickjacking security -JO
Added imporved warning/critical lines in Highcharts graphs which can be toggled on and off -LG
Added rel="noreferrer" to target="_blank" hrefs -BH
Added core detection for speeding up compilation during fullinstall/upgrade -BH
Added default cURL SSL connection type to TLSv1.2 and added editing setting in System Settings page [TPS#9483] -JO
Added clipboard.js and removed the old zclip jquery plugin which relied on ZeroClipboard -JO
Added options in global settings to customize Highcharts Avg/Max/Last values (or disable them) [TPS#9611] -JO
Added option in global settings to tell Highcharts graphs to ignore null values when calculating ‘Avg’ [TPS#9611] -JO
Fixed non-admin users who had large quantity of services recieving SQL error [TPS#7820] -BH
Fixed load_url function to send error messages to apache error_log instead of never giving an error message -JO
Fixed recurring downtime to not accept invalid days of month [TPS#8487] -BH
Fixed view start/stop reverting to English when different language is selected [TPS#7107] -BH
Fixed reports not respecting show host/service alias options [TPS#6518] -BH
Fixed buttons to show config changes and errors on Apply Configuration page merging together [TPS#6902] -JO
Fixed check_mssql to use PDO opposed to deprecated MSSQL_* functions [TPS#8633] -BH
Fixed nagiosxi DB engine type on newer versions of MySQL/MariaDB -BH
Fixed admin user not being added to CGI config if configuration cannot be applied [TPS#8819] -BH
Fixed searching for host in host status reverting to status detail [TPS#8867] -BH
Fixed xiprepimport tool saving comments in filename [TPS#8865] -BH
Fixed inability to delete deployed [screen] dashboards, and stopped them from being deployable [TPS#8862] -BH
Fixed re-configure object (host/service) not respecting removing hostgroups/parent hosts/servicegroups [TPS#8931] -BH
Fixed slow Host/Service Status Details page load for non-admin users [TPS#9024] -SS,BH
Fixed newly scheduled pages sending corrupt .pdf files [TPS#8874] -JO
Fixed API help section that showed the improper usage of deleting a user [TPS#8634] -LG
Fixed SANS Internet Storm Center Top 10 Rising Ports dashlet to use new SANS backend [TSP#9044] -BH
Fixed various minor security vulnerabilities (thanks John Page aka HYP3RLINX) -JO
Fixed Multistacked Graph Numbers displaying more than 3 decimal points on hover [TPS#9169] -BH
Fixed javascript searchable dropdown boxes to be easier to use and have proper styling -JO
Fixed unconfigure objects remaining in list even after pressing delete [TPS#9215] -BH
Fixed snmptt daemon restart on MIB upload on el7 systems [TPS#9237] -SS,JO
Fixed scheduled downtime showing a maximum duration of 9hrs (only a display issue) -JO
Fixed LDAP/AD component LDAP is_user to accept organizationalPerson and person [TPS#9272] -JO
Fixed LDAP/AD component issue with popup not centering [TPS#9272] -JO
Fixed invalid service configuration when using bulk host import to import a service with multiple hosts defined [TPS#9369] -BH
Fixed ‘this week’ time period in reports showing the last 8 days if a report is ran on sunday [TPS#9357] -JO
Fixed issue with the + symbol in hostnames not creating a proper URL to service details pages for services on that host [TPS#9443] -JO
Fixed process_perfdata.pl setting counters for output with ‘c’ values making graphs show up as 0 [TPS#9479] -JO
Fixed persistent comment/acknowledge checkbox on host/service details page [TPS#9488] -JO
Fixed issue where LDAP would not close if start TLS failed [TPS#9498] -JO
Fixed issue with perfdata that has a space in the value [TPS#9523] -SS,JO
Fixed scheduled backups local backups page to be sorted by timestamp -JO Core Config Manager (CCM) - 2.6.0
Added ability to set host/hostgroups as “exclude” for services, service templates, host groups, service escalations, and host escalations [TPS#3966] -JO
Added icons for tools, configuration, and other nav links -JO
Added escape key binding to close overlays [TPS#8911] -BH
Updated theme to match the rest of Nagios XI (Modern) -JO
Updated splash page to have more information about current configuration -JO
Updated ‘Run Check Command’ to evaluate user macros [TPS#8264] -BH
Updated ‘Run Check Command’ to use cmdsubsys and execute as nagios user [TPS#6578] -BH
Updated ‘Run Check Command’ User Interface to be more intuitive and friendly and use NSP [TPS#9185] -BH
Fixed de-activating a contact from the edit page not respecting dependency check [TPS#8777] -BH
Fixed services table loading nothing if you delete all of a configs service definitions when selecting a config name from dropdown -JO
Fixed CCM not respecting etc/nagios.cfg illegal_object_name_chars [TPS#8864] -BH
Fixed various minor security vulnerabilities (thanks John Page aka HYP3RLINX) -JO
5.2.9 - 06/14/2016
- Updated scheduled downtime to use XML backend as opposed to coreuiproxy for better speed on larger systems [TPS#8591] -BH
- Fixed multiple security vulnerabilities -JO
- Fixed issue in config/service API section not using the check_command argument [TPS#8629] -JO
- Fixed notification preferences priority email checkbox to automatically set the email checkbox [TPS#8621] -JO
- Fixed AD/LDAP component looking for proper structure names - now lowercase versions will show up [TPS#8563] -JO
- Fixed AD/LDAP component root directory not showing user objects [TPS#8563] -JO
- Fixed some instances of MRTG not using correct version [TPS#8635] -BH
- Fixed windowssnmp plugins reverting on upgrade [TPS#8647] -BH
- Fixed issue in CCM config writing where # did not actually need to be converted since it isn’t an in-line comment like ; -JO
- Fixed bug in recurringdowntime.pl regarding days of week [TPS#8773] -BH
5.2.8 - 05/24/2016
- Fixed RHEL install issues [TPS#8215 && TPS#8214] -BH
- Fixed config/service API section from requiring check_command (can be inherited) [TPS#8222] -JO
- Fixed tools fullscreen button not working properly on iframes with domains that are not the same as the XI system -JO
- Fixed Components “Install Updates” button returning improper code [TPS#8271] -BH
- Fixed using ; and # in $ARGx$ values in the CCM [TPS#8292] -JO
- Fixed certain pages not redirecting to login is session was timed out -SW
- Fixed issue where non-admin users could not see all time periods for advanced settings in reports (but could in Core) [TPS#7974] -JO
- Fixed no SNMPv3 being used in Switch Wizard since v2.3.0 [TPS#8325] -BH
- Fixed usernames with spaces being unable to schedule downtime [TPS#8338] -SS,BH
- Fixed some perl plugins being affected by a version compare [TPS#8365] -BH
- Fixed multiple security vulnerabilities [TPS#8372] -BH
- Fixed dbmaint cron script not properly removing old events -BH
- Fixed apache mod_rewrite section breaking ssl.conf when not standard base apache default with no VirtualHost defined [TPS#8457] -BH,JO
- Fixed API not deleting some hosts correctly [TPS#8500] -BH
- Fixed password reset token to have sane timeout properties -BH
5.2.7 - 04/06/2016
- Fixed performance graph issues -BH
- Fixed bug causing “change username” confirmation to display when adding a user -BH
5.2.6 - 04/04/2016
- Fixed renewal reminder for greater than 3 year subscriptions -JO
- Fixed bug in Availability report when exporting that did not follow downtime advanced options [TPS#7811] -LG
- Fixed availability report showing wrong data when using different advanced options and exporting as a CSV [TPS#7894] -LG
- Fixed scheduled downtime not submitting for all services on Hostgroup Summary/Overview > Hostgroup commands page -JO
- Fixed blank error message in user edit page when trying to demote a user that can’t be demoted [TPS#7840] -JO
- Fixed monitoring wizard bug when hiding notification delay, but not notification options [TPS#7825] -BH
- Fixed histogram report not aligning proper dates/days of week/days of month with data [TPS#7864] -BH
- Fixed multi-tenancy issue in Scheduled Downtime [TPS#7876] -BH
- Fixed Metrics components not accounting for specific metric types for Linux SNMP [TPS#7883] -BH
- Fixed fullscreen button causing weird display issues on host/service status pages [TPS#7947] -JO
- Fixed scheduled downtime incorrectly scheduling downtime if core date_format was changed from default [TPS#7977] -BH
- Fixed recurring downtime not properly adhering to days_of_week specified [TPS#7971] -BH
- Fixed incorrect permissions on CCM settings.php [TPS#7992] -BH
- Fixed internal server error in graphexplorer/ajax/datatypes -BH
- Fixed multiple security vulnerabilities -BH
- Fixed cancel button updating user preferences [TPS#8015] -BH
- Added CONFIGWIZARD_SKIP_OBJECTS_RECONFIGURE flag to allow configwizards ability to skip adding notification options, etc. [TPS#8026] -BH
- Fixed host alias not showing up properly in Service Status page [TPS#8030] -BH
- Fixed renaming a user that is defined as a contact causes snapshot to revert [TPS#8034] -BH
- Added current and max check attempt into utils-xmlstatus.php to verify soft/hard states from anywhere -LG
5.2.5 - 02/19/2016
- Fixed solution to downtime only working on PHP versions 5.3.x -JO
5.2.4 - 02/18/2016
Fixed system API endpoint to allow POST requests for applyconfig and importconfig -JO
Fixed restore_xi.sh script to use manage_services.sh instead of service -JO
Fixed two+ line title dashlet buttons not being clickable [TPS#7247] -JO
Fixed bug causing gethistoricalservicestatus backend cmd to not have a valid time -SW
Fixed GUI based upgrade to use proxy configuration -SW
Fixed SLA report PDF from duplicating table headers across multiple pages, overlaying other table items [TPS#7297] -SW
Fixed issue in BPI component where ; was being used instead of :: for services [TPS#7367] -SS
Fixed current outdated retention.dat not being added to backups causing program state to not be retained correctly [TPS#7416] -SW
Fixed admin users able to have “Read-only user” permission -JO
Fixed searching for hosts and services where object name contained : [TPS#7463] -SW
Fixed restore_xi.sh to work for restoring oldersystem which use postgresql [TPS#7467] -SW
Fixed bug where searching in manage users to sometimes reverted to edit page of previous user [TPS#7471] -SW
Fixed install on CentOS 7.2+ systems that do not come with firewalld pre-installed -JO
Fixed Host Status Summary links not displaying correctly in dashlets [TPS#7616] -BH
Fixed FreeIPA LDAP server working with user importing [TPS#7552] -SS
Fixed Capacity Planning PDF report hanging system [TPS#7149] -BH
Fixed Custom URL Dashlet ignoring width/height [TPS#7448] -BH
Fixed Scheduled Downtime incorrectly picking some dates [TPS#7476] -BH
Fixed Warning/Critical Display setting not working in Capacity Planning report [TPS#7514] -BH
Fixed LDAP Import of UPPERCASE username causing report functionality to break [TPS#7555] -BH
Fixed non-highcharts perfgraph dashlet links [TPS#7633] -BH
Fixed security bug that would allow read access to system files -SW
Fixed potential SQL injection in notification search -SW
Fixed possible XSS in startdate and enddate fields in reports -SW
Fixed XSS injection possibility in menu system -SW
Fixed XSS injection possibility in my reports -SW
Fixed scheduled report menu-item addition/removal [TPS#7679] -BH
Fixed SLA report ignoring advanced options [TPS#7685] -BH
Fixed bug in Availability report utilizing incorrect assumed service states for warning and unknown [TPS#7690] -LG
Fixed bug in Scheduled Downtime where the chosen date format was not being respected [TPS#7692] -LG
Fixed repair_databases.sh not checking for MySQL DB nagiosxi [TPS#7730] -BH
Fixed Hard coded base_url’s in scheduled reports allowing for different base_url’s -SW
Fixed Graph Explorer component’s multistacked graph from sometimes overwriting a selected item when adding items to graph -SS Core Config Manager (CCM) - 2.5.3
Fixed bug allowing filtering when adding host/service to contact notification commands [TPS#7207] -LG
Fixed bug where removing CCM users was not working properly [TPS#7540] -BH
Fixed import to properly check for duplicates [TPS#7551] -BH
Fixed Hard coded base_url -SW
5.2.3 - 12/07/2015
Fixed error being displayed when upgrading components/wizards from the UI when they were actually installed correctly -SW
Fixed Perfdata not maintaining time period selection when filtering hosts [TPS#6970][OTRS#11217] -SW
Fixed translation errors on a few pages (recurring downtime, recent alerts, metrics) [TPS#6991] -JO
Fixed missing icons on recurring downtime page [TPS#6992] -JO
Fixed showing scheduled downtime buttons on scheduled downtime page to read-only users [TPS#6974] -JO
Fixed scheduled downtime not adding trigger id when set [TPS#6977] -JO
Fixed scheduled downtime not adding flexible when selected [TPS#6972] -JO
Fixed send_nrdp.sh handling of XML special chars. [TPS#6846] -SW
Fixed bulk modifications when changing templates on hosts/services with no templates [TPS#7016] -JO
Fixed minemap dashlet not keeping size on home dashboard [TPS#7024] -JO
Fixed permissions on autodiscovery jobs directory to run on new installs [TPS#7038] -JO
Fixed reset password to give an error if trying to set an AD/LDAP user password unless they have ‘allow local auth’ checked [TPS#7022] -JO
Fixed issue where API would say it removed a host or service with dependencies when it really couldn’t and would leave the host/service in the CCM -JO
Fixed possible XSS on login page -SW
Fixed possible clickjacking by forcing login page to be the top frame element -SW
Fixed scheduled downtime problems with certain types of date format selected -JO
Fixed garbled Japanese characters in home page title [TPS#7100] -JO
Fixed box sizing cutting off some text in manage dashlets pages [TPS#7071] -JO
Fixed capacity planning when disabled auto-running reports select boxes for time periods and extrapolation methods [TPS#7076] -JO
Fixed capacity planning when disabled auto-running reports is from blanking out during page changes -JO
Fixed autodiscovery wizard, rss dashlet, and escalation wizard from not being available on certain systems [TPS#7096] -JO
Fixed Event Log report not showing up in reports list for users with ‘can see/control monitoring engine’ [TPS#7110] -JO
Fixed user edit when selecting preferences would remove all checked security setting boxes [TPS#7113] -JO
Fixed issue with graph.php no allowing you to pass in view and start timestamps -SW
Fixed BPI hostgroup/servicegroup names not showing proper Japanese characters [TPS#7116][M#11] -SS Core Config Manager (CCM) - 2.5.2
Fixed return URL (cancel button) links for host/services edited from clicking through the splash page [TPS#7095] -JO
5.2.2 - 11/12/2015
- Fixed xi-sys.cfg using old config.inc.php values if the config.inc.php has changed since an upgrade/install -JO
- Fixed state colors for non-english versions of BPI -SW
- Fixed issue where upgrade of components/wizards through UI was not using proxy settings -SW
- Fixed creating multiple objects rapidly in API to now not write out files and instead import more directly -JO
- Fixed upgrade script to install all dependencies before performing upgraded of other components -SW
- Fixed garbled UTF chars in BBMap Tooltip -SW
- Fixed requirement of both start and end date when specifying custom dates for Performance Graphs -SW
- Fixed fresh installs stating that additional steps are required to run auto-discovery to run -SW
5.2.1 - 11/10/2015
Updated sourceguardian loaders supporting up to php 5.6 -SW
Updated Highcharts to 4.1.9 -JO
Updated htpasswd to use stronger SHA encryption -JO
Fixed issue where update available still displays after upgrade by forcing check for updates to run after upgrade -JO
Fixed autoupgrade_backup.x.tar.gz filename when running upgrade from web UI -JO
Fixed numerous php notice/warnings -JO
Fixed issue where Nagios::Monitoring::Plugin is now required by several default plugins -SW
Fixed custom logo display issue in classic and 2014 themes -JO
Fixed issue in AD/LDAP component with import not working correctly with parenthesis -JO
Fixed issue where creating a new user would not update the htpasswd users file -JO
Fixed ndo2db init script to remove “cannot open file errors” on restart -SW
Fixed some unreadable service names in BBMap component -SW
Fixed bug causing htpasswd.users to not be updated immediately when user is forced to change password -SW
Fixed bug where object wouldn’t acknowledge properly if no comment was entered through Rapid Response URL -SW
Fixed auto-discovery exclude IP’s to only have one --exclude statement in nmap scan -SW
Fixed bug where commands through UI (ack/comments/etc.) would not submit properly if host or service_description had unicode chars -SW
Fixed CCM Relationship button on commands page to show dependent relationships for hosts, services, hosttemplates, servicetemplates -SW
Fixed searching for hosts in alert stream (with auto-complete) -JO
Fixed error message returning on submit for Inbound NSCA settings -JO
Fixed adding contacts/contact_groups to hosts/services created in the new API -JO
Fixed creating host/service templates in API -JO
Fixed scheduled backup limit being set to 0 resetting to 7 -JO
Fixed old (upgraded intalls of XI < 5) nagiosadmins possibly not being able to log in locally if set to AD/LDAP -JO
Fixed issue with AD/LDAP component not working with commas -JO
Fixed various spelling errors -JO
Fixed user management page select all functionality -JO
Fixed invalid XML when using outbound transfers and check output had XML special chars -SW, SS
Fixed webinject install to make sure we have proper permissions -SW
Fixed bug where self signed SSL certificate sites could not schedule downtime -SW, SS
Fixed my tools and common tools to be sorted alphabetically -JO
Fixed bulk modifications tool to re-write host config on service config_name changes -JO
Fixed permissions for nagios libexec directory -JO
Fixed API creating only the last service sent when sending multiple service creations quickly -JO
Fixed users who were set to local who were originally AD/LDAP users still being forced to skip local auth -SS
Fixed 404 page when clicking on newly created ‘My Scheduled Reports’ link after creating a scheduled report -JO
Fixed bulk modifications tool when setting contacts/contact groups via host/service groups -JO
Fixed blank Alert Timeline when using a UTC offset -SW
Fixed sizing of Alert Timeline to show more alerts -JO
Fixed Top Alert Producers report column showing wrong date in Latest Alert column -SW
Fixed Top Alert Producers CSV export column showing wrong date and label -SW
Fixed BPI component check_bpi high CPU usage with lots of BPI checks -JO
Fixed gauge dashlet creation popup loading slow on large installs -JO
Fixed AD/LDAP import bug where users who already existed were trying to be imported instead of erroring -JO Core Config Manager (CCM) - 2.5.1
Added ability for import issue to update host/service escalations/dependencies by adding in # config_name to written config output -JO
Added ability for import issue to add host/service escalations/dependencies with specific config_name using # config_name in config to import -JO
Updated some styles for easier readability -JO
Fixed import issue where items that needed config_name would use the host_name as the config_name causing only one item to be imported -JO
Fixed imported service escalation/dependency services not always showing up in services selection list -JO
Fixed php errors being thrown -JO
Fixed bug in CCM splash page where the number of dependecies were incorrect and updated to use a database query which will speed up the page for large systems -LG
5.2.0 - 10/08/2015
Upgraded CCM to 2.5.0 which added multiple features and changes (see below) -JO
Added checkbox to admin section user creation/edit pages to enable/disable notifications -JO
Added phone numbers next to emails for users to user management table -JO
Added table name to oracle tablespace wizard services -JO
Added dashlet hover option to show/hide dashlet title -JO
Added &force=1 to config API endpoints to force configuration without doing a check for all parameters -JO
Added additional documentation for user creation via API -JO
Added additional popup documentation for user permissions in user creation/editing -JO
Fixed LDAP/AD integration settings saving in user edit/creation pages -JO
Fixed LDAP/AD integration ‘allow local login’ when checked -JO
Fixed issue in BPI component that wouldn’t use :: properly -JO
Fixed issue where user opened/closed menu sections weren’t properly applying -JO
Fixed installing config wizards with configwizard- in zip file name -JO
Fixed PHPMailer using non RFC compliant charset content type setting -JO
Fixed dashboard font sizes -JO
Fixed dashlets showing ‘Pin’ instead of ‘Unpin’ popup text when loading page -JO
Fixed dashlet sizes and title spacing -JO
Fixed opscreen showing all hosts as down when unhandled showing -JO
Fixed issue with defining check_commands via host/service config api calls -JO
Fixed schedule downtime predefined timestamp to show accurate time -JO
Fixed regular users with specific settings able to acknowledge problems via new popup command -JO
Fixed user creation section of API -JO
Fixed NDO upgrade script for offloaded tables with different name -JO
Fixed upgrade web UI sometimes showing red upgrade failed status bar even though upgrade was successful -JO
Fixed BPI syncing from replacing and instead updates -JO,SS
Fixed the old backend api output in json to no longer cause issues in PHP 5.1.x -JO Core Config Manager (CCM) - 2.5.0
Added double click functionality in selection popups -JO
Fixed tooltips showing up in the wrong spots -JO
5R1.0 - 09/28/2015
Upgraded Nagios Core 4.1.1 ( see below ) -SW
Upgraded Bulk Modifications component to 2.0.0 which includes numerous new modifications to be performed (listed below) -JO
Upgraded CCM to 2.4.0 which adds multiple features (listed below) -JO
Upgraded Alert Stream to 2.0.0 which removes all Java apps from XI and instead uses D3.js -JO
Upgraded LDAP and AD components with a single component which allows importing LDAP/AD users and easier LDAP/AD user management in users section -JO
Upgraded to latest version of nmap in Auto-Discovery component -JO
Upgraded check_wmi_plus plugin to 1.60, more functionality -LG,SW
Updated Host/Service Detail pages to just show icon for tabs that have them specified to provide more real estate -SW
Updated detail page so most tab content on detail pages doesn’t load until selected improving performance -SW
Updated perfdataproc.php cron job to utilize a better mechanism to move large amounts of files avoiding “Argument list too long” errors -SW
Updated search functionality on users list in admin section to do mid-text searching on email, username, and full name -JO
Updated deploy notification component to be more user-friendly -JO
Updated the Metrics Component to display a wider range of agent data, optionally utilize the highcharts graphs, allow graph timeperiods to be selected, added advanced options and increased tab and display performance -LG
Updated Bandwidth report to optionally use highcharts graphs -LG
Updated the Windows WMI, Windows SNMP and Linux SNMP wizards to run a smart scan and prepopulate disks, processes and services -LG
Updated all reports to now use asynchronous loading of report information -JO
Updated all reports to have a new layout -JO
Updated loading icons throughout XI -JO
Updated configuration main page and configuration wizards page layout -JO
Updated available dashlets page layout -JO
Updated notification management section to be more intuitive when saving/applying templates to users -JO
Updated full search box in XI 5 to a search icon in the main header nav bar -JO
Updated host/service detail actions/advanced actions to use popups instead of old command pages -JO
Updated homepage splash screen -JO
Updated graph explorer multistacked graphs to actually ‘stack’ instead of overlay -JO
Added manage dashboards page -JO
Added manage views page -JO
Added permissions to the actions component for individual actions -JO
Added button ‘Install Updates’ to auto-upgrade components either per component or for all components with updates -JO
Added button ‘Install Updates’ to auto-upgrade config wizards either per config wizard or for all config wizards with updates -JO
Added a new scheduled downtime page with ajax popups for scheduling downtime -JO
Added configuration wizard ‘advanced settings’ (step 3-5) templates (global/user) and a template manager -JO
Added default template for configuration wizards which will set config wizard step3-5 fields with the proper variables -JO
Added “API Key” to users section (instead of using username+ticket for API calls - backwards compatible though) -JO
Added a fusion API Key for later fusion integration -JO
Added integrated Help section for API Documentation -JO
Added new REST API with objects, config, and system sections which allows adding host/services -JO
Added a new theme for XI 5 release (Modern) -JO
Added tabs to global configuration settings in admin area -JO
Added numbers of saved reports and scheduled reports to left hand menu section -JO
Added icons to a number of commonly used links -JO
Added ability to filter config wizards on main config wizard page -JO
Added ability to import users from AD/LDAP locations -JO
Added ability to manage server certificates for AD/LDAP connections -JO
Added links to deadpool from admin section -JO
Added ability to customize email notification priority of notification per-user and per notification type, editable in Notification Preferences -SW
Added ability to use custom host/service variables in actions component -SW
Added ability to bulk rename config files for services in bulk rename component -SW
Added ability for users to enable/disable Host and Service Acknowledgments in Notification Preferences -SW
Added ability to toggle displaying of aliases in host/service detail pages. This is adjustable per user under Account Information -SW
Added NavBar Search to search for host, hostgroup, and servicegroup and take user directly to results page -SW
Added pagination additionally to top of host/service status tables -SW
Added ability for users with “Can (re)configure hosts and services” perms to add/remove contactgroups they are members of when running wizards and reconfiguring objects -SW
Added ability for users to just save config to database without Applying Configuration when running wizards -SW
Added Auto-discovery option to use system DNS -SW
Added ability to use logarithmic scaling with highchart perfdata charts -SW
Added embeddable highcharts performance graphs that can be placed in an iframe passing host/service/width/height/username/token -SW
Added Auto-discovery option to specify scan delay to throttle activity -SW
Added %hostgroupnames% and %servicegroupnames% macros to actions component -SW
Added ability to filter Capacity Planning report by Host/Hostgroup/Servicegroup with additional search -SW
Added numerous performance enhancements to Auto-discovery to improve scan performance -SW
Added URL target specification to actions component -SW
Added searching capabilities to Acknowledgments page -SW
Added ability to filter WARNING/UNKNOWN/UNREACHABLE states in Availability and SLA reports -SW
Added auto updating of Tools on tool creation -JO
Added auto updating of My Scheduled Reports when adding new scheduled report -JO
Added number of reports to My Reports and My Scheduled Reports menu headers -JO
Added auto updating of My Reports when saving new Report -SW
Added dashlet functionality to SLA and Availability Report -LG
Added language support for CCM help popups -SW
Added JPG export option to all reports -SW
Added option in State History Report to show only hosts or only services -SW
Added in ability to filter by Host, Hostgroup, Servicegroup in Notification Report -SW
Added sorting of Contacts and Contact groups in Wizard and object configuration pages -SW
Added “Schedule a forced check for host and all services” to host detail advanced tab -SW
Added ability to toggle Handled Problems in Birdseye Component -SW
Added a user specified refresh rate to the configuration options in Custom URL Dashlet -SW
Added hostgroups and service groups to host/service detail pages -SW
Added advanced option to Executive Summary Report giving ability to hide scheduled downtime, etc. -SW
Added ability to specify months in recurring downtime. -SW
Added additional details column to auditlog -SW
Added additional services to nagios config for localhost on a new install, checking crond, httpd, mysqld, ndo2db, npcd, ntpd -SW
Added ability to filter Operations Center by host/hostgroup/servicegroup -SW
Added to all reports a service drop down list that will display/update based on host selection -LG
Added ability to filter Operations Center by service state -SW
Added option to nagiosmobile to have page auto-refresh -SW
Added sortable and searchable dropdown filtering by Host/Service/Hostgroup/Servicegroup to latest alerts component -SW
Added remembering sort order (per-user) of items in CCM when returning to table of objects -SW
Added showing the most recent comment in the status list comment tooltips -SW
Added per-user theme settings -JO
Added setting to global config to uncheck Sticky Acknowledgement box by default -SW
Added login failures to Audit Log -SW
Added features to the Audit Log report including scheduled report, pdf version, and filters by log type and source -JO
Added cfg variable error_level and removed php notice errors from the error_log in production -JO
Added the Warning/Critical lines to all XI graphs (toggle default active/inactive) -LG
Added backing up of Nagvis to XI backup/restore scripts -JO
Added log type and log source filter dropdowns to auditlog -JO
Added config information to the downloadable system profile -JO
Added the ability in Admin > System Settings > General to write Nagios XI auditlog to a file -LG
Added new wizards: Folder Watch, Mountpoint, SLA -LG
Remove displaying of service detail links for hosts without services -SW
Remove nmap from being fully wildcard sudo’d, preventing hijacking from other system users -SW
Fixed hypermap to be full size of page -JO
Fixed deletion of local backup files in scheduled backup component. -SW
Fixed bug causing nrdp.conf apache config to not work on CentOS/RHEL 7 -SW
Fixed Common Tools from improperly encoding URL’s -SW
Fixed bug in CCM causing Execution failure criteria to not populate correctly for ‘d’ -SW
Fixed bug causing NRDS Windows clients to not have correct permissions to build executable -SW
Fixed bug where clicking on icons in sort columns on host/service status tables would not sort -SW
Fixed bug in Event Log Report to allow searching for ; and : chars -SW
Fixed bug causing Unified Hostgroup views to not refresh -SW
Fixed bug causing search buttons on CCM import page to import files -SW
Fixed URL redirection when following permalink and user isn’t logged-in -SW
Fixed bug in the Scheduled Backups using FTP to use the indicated port (Previously default port 21) -LG
Fixed XSS vulnerability in nagiosbpi component -SW
Fixed check_rrdtraf from mislabeling UOM if Bytes was selected -SW
Fixed many generic bugs with the deploy notification component and saving templates -JO
Fixed bug causing + symbol in host, service, hostgroup and servicegroups making links in UI not work correctly -SW
Fixed restore_xi.sh script to account for differences when moving from OS 6 to OS 7 -SW
Fixed bug causing CCM to not work properly if specifying non-default MySQL port -SW
Fixed bug where the Alias was not displaying for the Availability Report -LG
Fixed bug in Switch wizard where the Warning/Critical percentages were not calculating using decimal places -LG
Fixed bug causing passwords with special chars such as $ or & to not write .htpasswd file correctly -SW
Fixed bug in Hostgroup Overview to display the correct service list when selecting a service instead of all hosts in the group -LG
Fixed bug where setting new UI theme would not actually change theme until next page load -JO
Fixed bug in ndoutils which could cause message queue to not empty -SW
Fixed bug where deleting backup would not remove the local backup -JO
Fixed bug in Hostgoup Overview to display the correct service list when selecting a service instead of all hosts in the group -LG Core Config Manager (CCM) - 2.4.0
Added Core Config Manager landing page -LG
Fixed ‘Manage Parents’ to now show child relationships while making them non-selectable -JO
Fixed bug where changing a parent host’s host name would cause config not to apply until doing a full delete/rewrite of configs -JO
Bulk Modifications - 2.0.0
- Changed bulk mod procedure to be a step by step process -JO
- Added ability to change ARG variables on hosts/services -JO
- Added ability to add/remove multiple contacts/contact groups from hosts/services and host groups/service groups -JO
- Added ability to select multiple host groups to add -JO
- Added ability to remove host groups, services, and parents (hosts and services) -JO
- Added ability to select hosts/services via selecting hostgroups or service groups -JO
- Added ability to set templates (and template order) on hosts/services -JO
- Added select boxes for config options that are selectable -JO
- Added inheritance options for contacts/contact groups -JO
- Added ability to update config name for services -JO
- Updated change single config option to change more options -JO
- Updated change single config option time period autocomplete functionality -JO
Nagios Core - 4.1.1
- Promoted JSON CGIs to released status (Eric Stanley)
- New graphical CGI displays: statusmap, trends, histogram (Eric Stanley)
- Make sticky status for acks and comments configurable enhancement #20 (Trevor McDonald / Scott Wilkerson)
- Add host_down_disable_service_checks directive to nagios.cfg #44 (Trevor McDonald / Scott Wilkerson)
- httpd.conf doesn’t support Apache versions > 2.3 (DanielB / John Frickson)
- Fix for not all service dependencies created (John Frickson)
- Fix SIGSEGV with empty custom variable (orbis / John Frickson)
- Fix contact macros in environment variables (dvoryanchikov)
- Fixed host’s current attempt goes to 1 after going to hard state (John Frickson)
- Fixed two bugs/problems: Replace use of %zd in base/utils.c & incorrect va_start() in cgi/jsonutils.c (Peter Eriksson)
- Fixed: Let remove_specialized actually remove all workers (Phil Mayers)
- Fixed log file spam caused when using perfdata command directives in nagios.cfg (shashikanthbussa)
- Fixed off-by-one error in bounds check leads to segfault (Phil Mayers)
- Added links for legacy graphical displays (Eric Stanley)
- Update embedded URL’s to https versions of Nagios websites (scottwilkerson)
- Fixed doxygen comments to work with latest doxygen 1.8.9.1 #30 (Trevor McDonald)
- Fixed makefile target “html” to PHONY to fix GitHub issue #28 (Trevor McDonald)
- Fixed typo as per GitHub issue #27 (Trevor McDonald)
- Fixed jsonquery.php 404 not found error, and disabled Send Query button until form populates #43 (Scott Wilkerson)
- Fixed linking in Tactical Overview for several of the Host entries in Featured section #48 (Scott Wilkerson)
- Fixed passing limit and sort options to pagination and sort links #42 (Scott Wilkerson)
- Added form field for icon URL and clean-up when it changes in CGI Status Map. (Eric Stanley)
- Added options to cgi.cfg to uncheck sticky and send when acknowledging a problem (Trevor McDonald)
- Low impact changes to automate the generation of RPMs from nagios.spec file. (T.J. Yang)
- Update index.php (Trevor McDonald)
- Fixed escaping of corewindow parameter to account for possible XSS injection (Scott Wilkerson)
- Typo correction (T.J. Yang)
- Make getCoreStatus respect cgi_base_url (Moritz Schlarb)
- Adjusted map layout to work within frames (Eric Stanley)
- Fixed map displays are now the full size of browser window (Eric Stanley)
- Fixed labels and icons on circular markup no longer scale on zoom (Eric Stanley)
- Got all maps except circular markup working with icons (Eric Stanley)
- Fixes to make legacy CGIs work again. (Eric Stanley)
- Fixes to make all/html target tolerant of being run multiple times (Eric Stanley)
- For user-supplied maps, converted node group to have transform (Eric Stanley)
- Fixed issue transitioning from circular markup map to other maps (Eric Stanley)
- Fix displayForm to trigger on the buttom press (Scott Wilkerson)
- Fix fo getBBox crash on Firefox (Eric Stanley)
- Fixed map now resets zoom when form apply()'d (Eric Stanley)
- Fixed so close box on dialogs actually closes dialog (Eric Stanley)
- Corrected directive in trends display (Eric Stanley)
- Fixed minor issue with link in trends linkes (Eric Stanley)
- Fixed issue with map displaying on Firefox (Eric Stanley)
- Added exclusions for ctags generation (Eric Stanley)
- Update map-popup.html (Scott Wilkerson)
- Initial commit of new graphical CGIs (Eric Stanley)
- Fixed Github bug #18 - archivejson.cgi returns wrong host for state change query (Eric Stanley)
- Status JSON: Added next_check to service details (Eric Stanley)
- Fixed escaping of keys for scalar values in JSON CGIs (Eric Stanley)
- build: Include if it exists. (Eric J. Mislivec)
- lib-tests: test-io{cache|broker} need -lsocket to link. (Eric J. Mislivec)
- lib-tests: test-runcmd assumes GNU echo. (Eric J. Mislivec)
- lib-tests: Signal handlers don’t return int on most platforms, and using a cast was the wrong way to resolve this. (Eric J. Mislivec)
- Fix some type/format mismatch warnings for pid_t. (Eric J. Mislivec)
- Fix build on Solaris. (Eric J. Mislivec)
- runcmd: Fix build when we don’t HAVE_SETENV. (Eric J. Mislivec)
- Fixed checkresult output processing (Eric Mislivec)
- Corrected escaping of long output macros (Eric Mislivec)
- Fixed null pointer dereferences in archive JSON (Eric Stanley)
- Fixed memory overwrite issue in JSON string escaping (Eric Stanley)
- JSON CGI: Now escaping object and array keys (Eric Stanley)
2014R2.7 - 04/23/2015
- Changed to not display language setting in Manage Config Access of CCM if using unified XI login -SW
- Updated Japanese language file -JO
- Updated nagios init script to not exit 0 if process isn’t running -SW
- Fixed bug that could be caused by /etc/sudoers.d/nagiosxi file left behind from 2011R2.0 -SW
- Fixed CCM Bug preventing “Same Host Dependencies” from being able to save if a dependant host/hostgroup was not specified -SW
- Fixed bug in Python 2.7 causing TypeError: XXXXXXXXXXX is not JSON serializable errors in Capacity Planning -JO, SW
- Fixed popup overlay resizing issue in the CCM -JO
- Fixed Contacts not correctly denoting object relationships to contactgroups in CCM -SW
- Fixed bug where protected components were unable to be uploaded and installed via the Web UI -JO
- Fixed bug where nrdp clients were not marked executable -SW
- Fixed bug in CCM on CentOS 7 when editing a service the service would sometimes not apply yet apply config would say config applied -JO,SW
2014R2.6 - 02/12/2015
- Updated collapsing menus to be changed by clicking title instead of just the chevron icon -SW
- Update Search in State History and top Alert Producers report to target Host Name, Service Description and output -SW
- Update Graph Explorer Time Period menus to more accurately describe what will be display, showing number of days vs."last" X -SW
- Updated check_mssql plugin -SW
- Removed hostname in CCM service dependencies overlay and made all services listed are unique -JO
- Fixed issue in CCM with filter text field forcing scrolling in overlay popups -JO
- Fixed bug where Apply Configuration wasn’t working properly on CentOS/RHEL 7 -SW
- Fixed bug where restarting services through the UI wasn’t working properly on CentOS/RHEL 7 -SW
- Fixed bug where Top Alert Producers CSV export was blank if limiter was used -SW
- Fixed bug where Alert Histogram was not reporting correct values if hostgroup limiter was used -SW
- Fixed bug in scheduled backup where day was not populating correctly on page load for local backups -SW
- Fixed Executive summary to properly encoding favorite links -SW
- Fixed bug where Notifications CSV export always showed “Recovery” in reason column -SW
- Fixed audit log being empty when exporting as CSV in language other than english -JO
- Fixed old php notice errors on user account page -JO
- Fixed PDF generation of alert heatmap to use the new PDF generation -JO
- Fixed Capacity Planning PDF creation in scheduled reports -SW
- Fixed alert heatmap report to show service alerts that are in hostgroups as well to match all other report behavior -JO
- Fixed searching ability in alert heatmap -JO
- Fixed the searchable dropdown boxes to show the selection of the proper item when hovering -JO
- Fixed alert histogram report to show selected service box after selecting a specific service and running the report -JO
2014R2.5 - 01/26/2015
- Added ability for spooled outbound NRDP checks with offline XI servers -JO
- Added ability to get reports based on spooled log entries of passive NRDP checks that come in from the past -JO
- Added Priority header to messages sent with XI notification handlers where the message is for a non-OK state -SW
- Updated collapsing menus to be changed by clicking title instead of just the chevron icon -SW
- Updated styles of searchable select boxes throughout reports -JO
- Fixed missing pymssql package which was removed from EPEL Repo -SW
- Fixed histogram to actually list all services right away when a host is selected -JO
2014R2.4 - 01/21/2015
- Added searchable filter host/service/hostgroup/servicegroup dropdowns to all reports -LG
- Added searchable filter in all CCM popup overlays -LG
- Added Polish Language -SW
- Fix issue causing commands to return "(No output on stdout) stderr:" if mare than 7 args were present -SW
- Fix nagios init script to use nagiosxi path for the NagiosLockDir -SW
- Fix for per-user collapsing menus -JO
- Fix “no data” graphs from displaying in availability report for host/services with no performance data -JO
- Fix sorting users on deploy dashboards to be alphabetical -JO
- Fixed bug in CCM with free variable definition that would not allow backslashes -JO
- Fixed bug in permalink that was not passing request variables if user wasn’t logged in -SW
2014R2.3 - 12/29/2014
- Added alias to report if it exists, a host is selected and alias is different than the hostname, alertheatmap, histogram, statehistory, sla, execsummary, availability -SW
- Fixed php parse error in state history report -SW
- Fixed manage services script on centos 5 to get proper service binary -JO
- Fixed capacity planning issues with no label in xml -JO
2014R2.2 - 12/26/2014
- Patch Nagios Core 4.0.8 to properly escape LONGSERVICEOUTPUT & LONGHOSTOUTPUT macros -SW
- Fixed missing warn/crit values causing issues capacity planning graphs -JO
- Fixed bulk modifications tool relying on half ccm/bulk mod css and javascript -JO
- Fixed help system bug when displaying per-page help -JO
- Fixed custom dates and replacing of newline chars in CSV output in state history and eventlog reports -SW
2014R2.1 - 12/22/2014
- Added ability for Alert Histogram report to allow selecting services and shows all host alerts including services or host only -JO
- Added SLES, OpenSUSE, and CentOS/RHEL 7 support to the Linux Server config wizard (updated linux agent installer to work on the new systems) -JO
- Added the ability to specify an alternate SNMP port and allow optional use of the TCP protocol in the snmptrapsender component -LG
- Added a port number in the switch and watchguard wizards to a new column called ‘Port Name’ and the original Port Name field was changed to ‘Service Description’ -LG
- Added “Other” to Linux Server config wizard which links to the NRPE config wizard instead -JO
- Updated the Manage Components page to be sorted by title (displayed name) and split into user/core sections -JO
- Updated perfdata permissions to no longer be word writeable -JO
- Updated Japanese language translations (thanks Sasaki) -JO
- Updated menu section collapse/show -JO
- Updated icons and Linux OS selection list for the sshproxy config wizard -JO
- Updated MRTG configuration to use forks by default to process SNMP calls much faster -SW
- Fixed bug in graph explorer new 4 hour time frame not setting to 4 hours -JO
- Fixed deploy notification options to show SMS and Email specific notification options -JO
- Fixed bug in audit log where the amount of records/pages did not function properly -JO
- Fixed sorting of dashboards, moving Home dashboard to top of list sorting remainder lexicographically -SW
- Fixed bug in CCM that would give config errors when renaming a host -JO
- Fixed bug in the CCM log management page that wouldn’t let you delete logs -JO
- Fixed bug where CCM auto-login would not set the users CCM language to their selected Nagios XI language -JO
- Fixed corruption of character-based languages in the CCM log management page -JO
- Fixed bandwidth report ‘view all available’ table to show the description not just port number -JO
- Fixed bandwidth report to sort naturally not by numeric -JO
- Fixed CCM import to overwrite hosttemplates on hosts -JO
- Fixed CCM import error messages not being displayed when there are errors -JO
- Fixed CCM issue where spaces at front and end of host_name and config_name were possible -JO
- Fixed Alert Stream to show the servers timezone instead of GMT -JO
- Fixed backups to now save NRDP/NRDS configs -JO
- Fixed scheduled backups not logging debug/info (and added 7 day log rotation) -JO
- Fixed issue where clicking “Create Backup” in local backups page would wait for an extremely long time -JO
- Fixed bug when trying to restart/start/stop NPCD from the web UI -JO
- Fixed issue in bandwidth report so it will not list in ‘see all available reports’ any services that have been deleted -LG
- Fixed issue where custom url dashlet would not keep it’s resized size -JO
- Fixed sorting of services in CCM table to now sort by host name (config name) and service name -JO
- Fixed sorting on Scheduled Downtime page’s tables - now all host/services and groups are sorted alphabetically -JO
- Fixed sorting on deploy dashboards page to now sort both the dashboards and users listed -JO
- Fixed bug in autobackup scripts where some weekly backups weren’t removed on schedule -JO
- Fixed Manage MIBs page to use the add_mib() function to 'process trap’, if add_mib() is not in the filesystem or is not executable then use snmpttconvertmib to process MIB, but will not write EXEC lines -LG
- Fixed Route Request (rr.php), when getting an invalid user_ticket due to load spikes -LG
- Fixed WatchGuard wizard so it detects ports correctly and allows support for all SNMP versions -LG
- Fixed Capacity Planning graph dashlet’s to export properly when in dashboard -JO
- Fixed issue with NDOutils database upgrade rarely not adding columns -JO
2014R2.0 - 11/11/2014
- Added support for CentOS/RHEL 7 -JO
- Updated Nagios Plugins to 2.0.3 -SW
- Added searchable host field in graph explorer -JO
- Added ability to set the language of a user as an admin (also fixed bug where language would reset when an admin edited a user) -JO
- Added some usability fixes into the renaming tool including updated text and a “do not apply config after running the wizard” checkbox -JO
- Added a warning in the CCM when someone tries to add a ! in $ARGn$ values since they are not allowed (they are used to split command lines) -JO
- Added functionality to the CCM to go back to the last page when clicking “go back” and when saving/cancelling an object -JO
- Added the ability to run Highcharts exporting locally (with install script & settings in component config area) -JO
- Added chart name as default filename when exporting a Highchart graph -JO
- Added ability for gauges dashlet to take ranges -JO
- Added a Last 4 Hours selection to graphexplorer default time frames to match performance data graph dropdown -JO
- Added ability to force conversion of plugin line endings to linux on plugin upload -JO
- Added ability to bulk cloning wizard to be able to clone services who’s config_name does not match host_name -JO
- Added user Auth Level column to users table to see user levels from the main manage users page -JO
- Added auto focus to the username field on the login page -JO
- Updated the “Send alert notifications to…” checkbox lists (boxes) in step 5 of the “Monitoring Wizard” to be bigger -SW
- Updated 2014 XI theme footer bar to be almost half the size of the old bar -JO
- Updated a few translations in the Spanish translation files -JO
- Fixed Highcharts graph exporting to use the correct height/width of the graph being exported -JO
- Fixed bug with subsystem backend user id error messages -JO
- Fixed backend url to add proper port if specified in the config -JO
- Fixed bug where a small screen would have trouble displaying the license agreement submit button on fresh install -JO
- Fixed hostgroup overview services link to link to the specific host that was selected instead of all -JO
- Fixed a bug where adding multiple notification handlers to a contact would make it impossible to change notification preferences in XI -JO
- Fixed bug in renaming tool that would not apply config correctly when services are on multiple hosts -JO
- Fixed bug in SLA report where “show details” and “hide details” weren’t working with auto-run reports disabled -JO
- Fixed audit log to show proper date/time in columns -JO
- Fixed state history for services to work properly (thanks Brian Christiansen for the patch!) -JO
- Fixed mass acknowledge not leaving slashes (thanks Brian Christiansen for the patch!) -JO
- Fixed issue where pinning dashboards would make the page jump -JO
- Fixed BPI check output to be the standard output practice -JO
- Fixed issue in the CCM where sorting and searching did not work properly together -JO
- Fixed CCM import breaking with last line continuing on next line (or lines) with \ character at the end -JO
- Fixed CCM import creating a value of the key for definitions with keys that have a blank value -JO
- Fixed CCM missing “Manage Parents” link on the Host Templates common settings -JO
- Fixed CCM inactive message when creating a new object -JO
- Fixed issue in gauges dashlet where unit of measurement would not always be just the unit -JO
- Fixed CCM issue where alerting on invalid service dependencies would still allow saving them -JO
- Fixed bug in Top Alert Producers report where selecting Hostgroup would not show services of the hosts in the hostgroup -JO
- Fixed bug in bulk cloning tool that would not keep the + to host_name of services -JO
- Fixed the order of BPI groups to be alphabetical -SW
- Fixed the Generic Network Device wizard: Servicegroups list was sorted by wrong field -SW
- Fixed no performance graph available text -SW
- Fixed output of getcontactgroupmembers backend api call to have proper output type -JO
- Fixed scheduled reporting to no longer rely on hardcoded php path -JO
- Fixed upgrade for offline installs -SW
- Fixed capacity planning breaking host/service status page if .rrd existed but .xml did not -JO
2014R1.5 - 10/01/2014
- Added the ability to remove perfdata legend on perfdata dashlets when creating the dashlet -JO
- Added ability to comment on Host/Service from advanced tab of Host/Service detail page -SW
- Added ability to specify notification types per notification method -AB,JO,SW
- Updated Highcharts perfdata graphs to be much bigger and easier to read -JO
- Updated Monitor Engine Event Queue to use Highcharts -JO
- Updated Japanese language file -SW
- Fixed PHP notice errors from session calls -JO
- Fixed perfdata graphs to show the proper amount of graphs per page -JO
- Fixed returning a “1” at the bottom of the page when enterprise features are enabled on enterprise only pages -JO
- Fixed having all contacts removed set contacts to null when using re-configure objects page -JO
- Fixed bug that allowed charts with no perfdata to display on availability report -JO
- Fixed quick delete in CCM -JO
- Fixed service timeperiod selection box in contacts from not showing selected service timeperiod in CCM -JO
- Fixed full command line in CCM with Classic theme from not wrapping -JO
- Fixed apply configuration highlight in CCM when removing an object -JO
- Fixed relationship info button in CCM from displaying services instead of host template relationships for host templates -JO
- Fixed case sensitive object searches which could result in user not allowed to see object -SW
- Fixed default check_command’s to no longer have comments to they import correctly -SW
2014R1.4 - 08/14/2014
Added the ability to specify backup creation timeout with cfg variable “backup_timeout” which defaults to 1200 secs (20 min) if not set -JO
Update to Nagios Core 4.0.8 -SW
Update to Nagios CCM to 2.2.0 -JO
Fixed whitespace issues in textareas -JO
Fixed bug in scheduled backups which caused SSH to remain open while backup was being created which could take 1hr+ -JO
Fixed bug with perfdata Highcharts graphs not showing with units of measurement that started with a number -JO
Fixed issue in Graph Explorer where scalable timeline graphs would not filter on the first selected type -JO
Fixed bug in CCM where Contact Options would always revert to standard -SW
Fixed bug causing preg_match error when processing imported mibs -LG
Fixed PHP notices caused by the new Highcharts perfdata template -JO
Fixed loading image being displayed indefinitely on Views page until refresh after deleting a view -JO
Fixed Japanese character corruption on status dashlets -JO CCM 2.2.0 Changes
Added automated login when accessed from inside of Nagios XI if the user is an admin -JO
Added ability to use old “separate” login behavior by setting “Separate CCM Login” in Admin > System Config settings page -JO
Added a warning on host/service pages to let someone know if the config needs to be applied in case they have multiple pages of hosts/services -JO
Added red asterisk to “Apply Configuration” button if there are modified object(s) that need the config applied -JO
Added delete all configs from the Write Config Files section -AB
Updated logging so that automated logins are now logged with the Nagios XI username -JO
Updated logging so it does not log Nagios XI’s apply configuration logins which plagued the log file -JO
Updated the “Config Manager Admin” to be viewable to Nagios XI administrators only when automated login is active (default) -JO
Updated the “Configuration Snapshots” link to open in the same frame -JO
Updated the way navigation was happening when clicking links to not involve so much Javascript -JO
Updates to overall style and look -JO
Updated sorting on tables to show what it is sorting by and added back in “Sync Status” sorting -JO
Updated “Sync Missed” and “Synced to File” to “Not Applied” and “Applied” and made other some small text changes throughout -JO
Fixed bug with messages displaying in a hard-to-read fashion when deleting/updating an object -JO
Fixed service description and confg name ordering on services table -JO
Fixed hidden scrollbar issues with popup selection boxes for host/services -JO
Fixed bug in check_command that wouldn’t allow using a ; in the actual checks -JO
Fixed a bug where it would show apply config needed all the time if a config didn’t exist because all objects were inactive for it -JO
Removed code from older versions that is no longer used -JO
2014R1.3 - 07/17/2014
- Added “Show Config Changes” and “Show Errors” on Apply Configuration page for admins -JO
- Added the ability to force a check even if the host/service is out of it’s check period -JO
- Added "Last", "Avg", and “Max” to Host Graphs section Highcharts graphs -JO
- Added “Delete All Configs” button to CCM -AB
- Updated style of host/service details pages -JO
- Updated verifications in CCM for host/service escalations to match the requirements for apply config to be successful -JO
- Updated verification requirements in CCM for host/service dependency definitions for valid configs -JO
- Fixed Japanese character corruption in dashboard names -JO
- Fixed bug where CCM could not apply configuration with host/config names with / in them -JO
- Fixed bug in CCM where free variables wouldn’t import when importing Nagios Core config files -JO
- Fixed schedule immediate check to do a forced check (default in Nagios Core) -JO
- Fixed bug where performance graphs were not showing up for services with : in the name -SW
- Fixed character corruption in performance graph names -JO
- Fixed issue with missing forward slash in response url -JO,TM
- Fixed variable definition illegal character check -JO,SW
- Fixed bug in CCM that wouldn’t allow & in command definitions -JO
- Fixed issue with reconfigure where you could never configure no contacts on a host/service -JO
- Fixed bug in Top Alert Producers and State History reports so that the selected state type stayed on page changes -JO
- Fixed double % signs in graphs -JO
- Fixed bug where searching for a host with no services would return nothing on “Service Status” page -JO
2014R1.2 - 06/23/2014
- Update Nagios Core to 4.0.7 -SW
- Applied patch to Nagios Plugins 2.0.2 for additional SUID security vulnerability -SW
- Added a checkbox for SLA & Availability report to show warning/critical/unknown states as OK during scheduled downtime “Hide downtime” -JO
- Added validation of imported configs in CCM -JO
- Change Core Config Manager table so Name and Alias are left justified -SW
- Fix bug with maintenance displaying as not available when it is -SW,JO
- Fix display of bottom bar in classic XI theme to not take up so much room -JO
- Fix bug causing delete from host/service detail pages to fail -SW
- Fix bug in CCM that allowed reading/editing files that were not inside the static directory -JO
- Fix globally for dashlet add dashboard selection dropdown to have dashboards sorted alphabetically -JO
- Fix Manage Component/Wizard pages to support version in the format x.x.x -SW
- Fix writing of prefdata XML file to properly escape XML special chars ><& -SW
- Fix notification url to no longer have double slashes in it -JO
- Fix to not show spinner in bottom bar for non-admin users since it shows admin-only data -JO
- Fix bug in Graphexplorer preventing users from getting graphs for services if they were not contacts for the host it resides on -SW
- Fixed bugs in CCM to allow Japanese (and any character-based language) to create host/service names -JO
- Fix bug for passwords containing \ or ' not authenticating -JO
- Fix sorting of hostgroup/servicegroup names on several reports -SW
- Fix character corruption on users page -JO
- Fix bug in CCM where host/service dependency “inherit parents” was always checked -JO
- Fix bug in CCM that caused free variables to not be removed from the DB on host/service deletion -JO
- Fix CCM bug where Apply Configuration would not overwrite all files necessary if object names changed -AB
- Fix bug in graph explorer where / would not appear in titles -JO
2014R1.1 - 06/03/2014
- Update Nagios Core to 4.0.6 -SW
- Update Nagios Plugins to 2.0.2 -SW
- Applied patch to Nagios Plugins 2.0.2 for SUID security vulnerability -SW
- Applied patch to Nagios Plugins 2.0.2 to correct reverse lookups -SR,SW
- Applied patch to Nagios Core to remove extraneous \n from appearing in perfdata of passive checks as well as other check results reaped from the checkresults queue -SW
- Changed the Apply Configuration process to only write out changed configuration files -SW, AB
- Upgraded wkhtmltopdf from 0.10.0 to 0.12.1 to fix rendering issues for graphs in PDFs -JO
- Updated some icons to fit the new theme and not have white backgrounds -JO
- Fix Ndoutils situation where db table nagios_logentries has items where `instance_id`,`logentry_time`,`entry_time`,`entry_time_usec` isn’t unique enough. -SW
- Fix bug where backend calls were forcing to connect to http://localhost even if forcing ssl -SW
- Fix bug where reports would not be able to go through pages if auto-loading was turned off -JO
- Fix bux in Network Outages causing incorrect hosts to be listed. -SW
- Fix bug preventing new users from being added to the CCM -SW
- Fix bug causing Services in Service dependencies to be disabled -SW
2014R1.0 - 05/13/2014
- Upgraded Nagios Core to version 4.0.5 -SW
- Upgraded NDOutils to version 2 -SW
- Upgraded Nagios Plugins to version 2.0.1 -SW
- Upgraded MRTG to version 2.17.4 -SW
- Updated Highcharts library to 4.0.1 with additional modules -JO
- Added MongoDB Server Wizard -JO
- Added MongoDB Database Wizard -JO
- Added Nagios Cross Platform Agent (NCPA) Wizard -Nick
- Added Domain Expiration Wizard - LG
- Added Website Defacement Wizard - LG
- Added Nagios Network Analyzer Wizard -JO
- Updated Bulk Host Cloning Wizard to have ability to specify parents and hostgroups -JO
- Added new Service Level Agreement (SLA) report - EG
- Added Network Report with Integration with Nagios Network Analyzer -JO
- Added Network Query Report with Integration with Nagios Network Analyzer -JO
- Added PDF export for the following reports: SLA, Bandwidth Usage, Capacity Planning, Network Report, Network Query -SW
- Added Scheduled reporting for the following reports: SLA, Bandwidth Usage, Capacity Planning, Network Report, Network Query -SW
- Added ability to set the scheduled report email text on a per-user basis -JO
- Added new Report tab in Performance Settings to disable automatic loading on report pages -JO
- Updated Availability Report with options to select specific states, add timeperiod filters, assume states during downtime, etc.- JO
- Updated Capacity Planning Report including addition of dashlets to report - JO,NS,SW
- Updated Bandwidth Usage Report to use Host/Service names and look like the other XI reports -JO,SW
- Added New Theme with cleaner look and quick search from any page -JO
- Added Mass Downtime Deletion ability -SW
- Added ability to archive snapshots -SW,JO
- Added Birdseye visualization -JO
- Added Per-User Menu Collapsing Memory -SW
- Added gauges dashlets to service/host detail pages -SW
- Added Deadpool feature to optionally automatically remove hosts/services from being monitored (Enterprise Feature) -EG,SW
- Added Scheduled Backups Component -JO
- Added Easy Upgrade from web UI - SW, JO
- Added ability to view past upgrade logs (if done from web UI) in web UI -JO
- Added ability to set XI server and PHP timezone from web UI -JO
- Added ability to drill-down to specific hosts by clicking Highcharts perf graphs -JO
- Added RDP and VNC Connection component allowing quick connections to host via RDP, VNC, Telnet and SSH -EG,SW,JO
- Added logging of phpmailer failures to /usr/local/nagiosxi/tmp/phpmailer.log -SW
- Added capacity planning graphs to tabs in Status detail pages -JO
- Added the ability to give hosts a parent in bulk modification tool -JO
- Added the ability to give hosts a hostgroup in bulk modification tool -JO
- Added the ability to add a service (from an existing service as a template) to multiple hosts using the bulk modification tool -JO
- Added ability to remove Network Analyzer Tab from Host/Service Detail Page -JO
- Added Grid lines on tables -JO
- Added ability to stop reports and metrics from auto-loading with new performance settings tab -JO
- Added the ability to send emails out to users from the user management page -JO
- Added service graphs advanced option to availability report -JO
- Added displaying of address for host links when you hover over the hostname -SW
- Added View service status icon to hosts in service detail table -SW
- Added JSON output for backend API by using “outputtype=json” in the API query -JO
- Enhanced Graph Explorer (with Stacked Performance Graphs) -JO
- Enhanced Performance Graphs on Status Details Pages -JO,SW
- Enhanced view rotation time slider -JO
- Fixed bug which was preventing back button from remembering selection for notification_targets in step 5 of the wizard. -SW
- Fixed bug that would allow hosts / services Active checkbox to be unchecked even if it had dependencies -SW
- Fixed bug in license activation with lowercase license keys -EG
- Fixed CCM bug where deletion/deactivation was possible with dependent relationships -SW
- Fixed CCM bug so that saving static configurations to no longer add non-readable line breaks into saved files -JO
- Fixed XSS security issues -JO
- Fixed search for users in Manage Config Access of CCM… -SW
- Fixed Network Replay report -EG,JO
- Fixed bug in the CCM where you could activate a service that had parent relationships that were disabled -JO
- Fixed bug in the CCM where you could add a disabled parent to an object that would cause applying the config to fail -JO
- Fixed bug in CCM that would not show all the available pages in the Jump To Page box -JO
- Fixed some issues with Japanese character corruption -JO
- Fixed alert heatmap to now work when using Japanese as the language -JO
- Fixed bug in scheduled reporting where the custom message per email wasn’t being sent with the email -JO
- Fixed the tools section for languages that use characters -JO
- Fixed undefined offsets repopulating 'Services’, 'Processes’, and ‘Event Logs’ fields when moving back from previous steps in many wizards. -EM
- Fixed MRTG’s cfgmaker to support all priv-protocols -SW
- Fixed bug preventing installation from /root -SW
- Fixed bug in local backup downloads which prevented large backups from being downloaded -SW
- Fixed bug that prevented free variables being saved with a value of 0 -SW
- Fixed default to highcharts graphs on host/service detail page -SW
- Fixed bug where inactive commands displayed in the Check Command list in the CCM -SW
- Fixed new highcharts graphs to default in place of RRDtool unless changed in system config -JO
- Fixed bugs with Switch / Router wizard and SNMP v3 -JO
- Fixed Japanese language corruption in CCM -JO
- Fixed website defacement wizard’s Japanese language corruption in regex / command -LG
- Fixed bug where number of items being displayed in CCM tables were off by 1 -SW
- Fixed bug where all latest alerts were being shown in an individual host was selected in the Executive Summary Report -SW
- Fixed bug with pdf reports not showing proper report data in character-based languages -JO
- Updated host/service detail pages to have choices of “5","10","15","25","50","100","250","500","1000” per page -SW
- Updated Apply Configuration process to remove old host/service .cfg files before writing the new .cfg files, this will help eliminate the possibility of ghost hosts/services. -SW
- Updated Apply Configuration process to only allow one Apply Configuration process to happen at a time. -SW
2012R2.9 - 02/11/2014
- Fix to the backup_xi.sh to get place the config.dat that it sources in, into a specific directory. Added quotes around password variables as they could have special chars. -SW
- Fix for CSV export on Availability report. Thanks Brian Christiansen for the patch! -SW
- Fix for old graphexplorer dashlets to now show up again with new graph explorer -JO
- Fix for graphexplorer giving an error in the error log -JO
- Fix graphexplorer to show custom selected times properly -JO
- Fix bug where autodiscovey jobs never complete -SW
- Fixed graphexplorer to show hosts with perfdata that don’t have _HOST_ perfdata -JO
2012R2.8c - 01/20/2014
- Fix premature release of switch wizard slated for 2014 release that was missing dependencies -SW
2012R2.8b - 01/17/2014
- Fix bug where Configure -> Re-configure this host/service would not work if notification optiona had not been set -SW
2012R2.8 - 01/15/2014
- MIB upload page now runs the custom SNMPTT addmib command if present and process mib box is checked -SW
- Fix hostgroup/servicegroup grid dashlets to sort services listed alphabetically -SW
- Fix bug where Configure -> Re-configure this host/service would not work if additive inheritance was set in CCM -SW
- Add ability to schedule recurring downtime for wildcard services as well as all services on a host. Thanks Brian Christiansen for the patch! -SW
- Fixed bug where status table with downtime filter was not showing the correct results. Thanks Brian Christiansen for pointing us in the right direction! -SW
- Fixed bug where in the Manage Variable Definitions popup under Misc Settings in CCM, if you insert new definitions the old values don’t get cleared. Thanks Brian Christiansen for the patch! -SW
- Fixed bug where when creating a user, if you choose the “Admin” authorization level the checkboxes below are greyed out (except for read-only access). When you go back into that user the boxes are not greyed out and you can select them. If you change the level to User and then back to Admin the boxes are greyed out again. Thanks Brian Christiansen for the patch! -SW
- Fixed bug where read_only users were not being added to the nagios cgi.cfg -SW
- Fixed bug where key indexes were not getting added to nagios DB until first upgrade was performed -SW
- Change graphexplorer to a be a core component -SW
- Added ntpd to install and run by default. -SW
- Added the ability to perform the Nagios XI upgrades from the web UI with logging (2014 feature) -SW, JO
- Fixed check for update button to force an update check -JO
- Added proper pagination that doesn’t show all available pages and jump to tables to the CCM on pages that have tables -JO
- Added theme section and themes to Nagios XI (2014 feature) -JO
- Added ability to change the highcharts graph theme from grey (2014 feature) -JO
- Add gauges dashlets to service/host detail pages (2014 feature) -SW
- Added timeframe selection to host/service “Performance Graphs” tab (2014 feature) -JO
- Clicking the title in a timeline graph will now redirect to the host/service page for the host/service in the graph -JO
- Dashlets now snap to each other borders if they are within 10px of eachother -JO
- Dashlets now have a slimmer bounding box (2014 feature) -JO
- All dashlets will now outline in a light color when resizing or dragging a dashlet -JO
- Forgot password now sends an email to confirm resetting a password before actually resetting it -JO
- Added new advanced options to availability report (2014 feature) -JO
- Updated Availability, Alert Histogram, Executive Summary to use high charts graphs -JO
- Updated TAC to use different verbage for active/passive checks, change passive icon to only display if active checks are disabled. Thanks Brian Christiansen for the patch! -SW
2012R2.7 - 11/26/2013
- Fixed bug with 2014 features and search bar dissappearing -JO
2012R2.6 - 11/25/2013
- Added view rotation users setting so views will remain stopped/started for users when they return to the views page based on their last setting -SW
- Add saved user-based collapsible menus (2014 feature) -SW
- Added script to allow contacts to send notification using XI mail settings (e.g. via SMTP) -SW
- Fix calendar selection on Audit Log -SW
- Added exit codes to backup_xi.sh -SW
- Fixed bug which was preventing CCM template options to persist -SW
- Updated Spanish translations. - LC, SW
- Updated reporting to work even if there is a external url the xi server can not connect to. -JO
- Added back in links inside PDFs. -JO
- Fix bug where clicking on hosts in hostgroup summary, should display the hosts grid, not the services grid. -SW
- Fix encoding of imported RSS Feeds -SW
- Fix calls to the CLI use compliant languages, updating for the en_EN to be en_US in nearly all locations… -SW, NS
- Fix encoding with imported RSS Feeds -SW
- Added base for upgrade through the web UI -SW
- Fixed Save button (again) in CCM for all IE versions -SW
- Removed console.log debug outout which was causing some browsers to stop processing javascript -SW
- Fix XSS vulnerability in Tools Menu. User would have needed account on system to be able to inject items in their own page, but is now resolved. -SW
- Additions and fixes to the deadpool (2014 Feature). -SW
- Added the ability to create system backups through the UI (2014 Feature) -JO
- Add logic to upgrade from the Web UI (2014 Feature). -SW
- Remove requirement of installing from /tmp -SW
- Added ability to select dates for report with the calendar icons that have been there all along… -SW
- Added the ability to DELETE archived config snapshots. Added the ability to RENAME the archived snapshot’s filename. (2014 Feature) -JO
2012R2.5 - 10/11/2013
- Fix the broken recurring downtime script -SW
- Fix further issues with Wizard form buttons in various browsers. -SW
- Fix missing do_page_end in CCM that was possible causing old browsers to not be able to submit form -SW
- Fix Mass Acknowledge problem if language was set to en_EN -NS
- Fix for Scheduled Reports if they are scheduled in the 12AM hour. -AB
- Fix obsess over service in CCM. -AB
2012R2.4b - 09/30/2013
- Fix issue with upgrade caused by premature NagiosQL db upgrade run -SW
- Fix issue with Chrome submitting the back button instead of Next on Wizards when the Enter Key is pressed. -SW
2012R2.4 - 09/24/2013
- Many CCM Internationalization updates/additions -SW
- Fix for SQL injection vulnerability in NagiosQL -SW (Thanks Denis Andzakovic)
- Fix for multi-byte chars in PDF files -JO,NS
- Fixed bug which prevented scheduling recurring downtime if a host did not have any services -SW
- Added additional security for old links if $cfg[‘secure_response_url’]=1; in config.inc.php -SW
- Fix encoding of form search boxes and tooltips to display UTF-8 chars -SW
- Add ability to allow HTML in comments if Allow HTML Tags in Host/Service Status is checked. Thanks Nate Broderick & Brian Christiansen. -SW
- Addition of HelpSystem including videos and links to documentation in most pages of XI -SW
2012R2.3 - 08/25/2013
2012R2.2 - 06/05/2013
- Fix bug causing SSL users to experience some ajax items not loading, apply configuration to go on forever and submitted commands to not return -SW
- Fix in CCM where templates didn’t maintain order applied -SW
- Fix in CCM where Limit Results didn’t stick if you selected 250 -SW
2012R2.1 - 05/24/2013
- Fix upgrade order so new sourceguardian extensions get upgrade BEFORE new encrypted files are applied -SW
- Fixed CCM Bug where ‘Static Configuration Directory’ in Config Manager Settings was always /tmp -SW
2012R2.0 - 05/20/2013
- Updated sourceguardian extensions to version 9 to allow support for PHP 5.4 -SW
- Updated some link references from the Legacy CCM to the New CCM -SW
- Add ability for notification templates in Admin -> Notification Management to be deleted - SW
- Added inode filesystem check to the profile.zip -SW
- Fix for php-mcrypt bug writing module.so instead of mcrypt.so in the mcrypt.ini -SW
- Upgrade ndoutils to 1.5.2 -SW
- Upgrade to Nagios Core 3.5.0 -SW
- Patched Nagios Core 3.5.0 Fixed bug #445: Adding triggered downtime for child hosts causes a SIGSEGV on restart/reload (Eric Stanley) -SW
- Patched Nagios Core 3.5.0 Fixed bug #375: Freshness expiration never reached and bug #427: freshness threshold doesn’t work if it is set long (Scott Wilkerson, Eric Stanley) -SW
- Fix to support multi-digit sub-versions in components and wizards -SW
- Updated the profile component to now fetch system and apache log information - SL / AB
- Fixed bug in CCM where clicking “Remove All” left select items disabled (versions 1.6 & 1.7 affected) - MG
- Fixed CCM bug where groups couldn’t select objects as members if they had the same name - MG
- Fixed bug with Nagios Mobile where host escalations was not authorizing contacts properly - MG
- Fixed MIB upload bug where if it didn’t contain any TRAP or NOTIFICATION definitions it would fail -NS
- Updated CURLOPT_SSL_VERIFYHOST to 2 in load_url() since support for 1 is about to be removed in PHP 5.4 and Curl - MG
- Fixed BPI javascript bug with “Clear All” and re-enabling disabled select options - MG
- Fixed BPI bug where syncing host/servicegroups added a duplicated definition and prevented the group from being edited - MG
- Fix for object case sensitivity lookup where case sensitivity was not alway ignored - EG
- Added ability to turn off HTTPPROXYTUNNEL from proxy component -SW
- Added changes so custom logos display on reports if they are added to the custom logo component -SW
- Added v3_priv_proto for SNMP v3 in SNMP Wizard -SW
- Added ability for Quick find auto-complete to include host alias field -SW
- Fixed html entities showing up in the second column of the CCM table -NS
- Fixed bug that would perfdataproc cron to stack up processes if host set for outbound transfer was down or entered incorrectly -SW
2012R1.8 - 04/17/2013
- Fix bug introduced with mixed case usernames/contacts -EG/SW/MG
2012R1.7 - 03/27/2013
- Added /var/lib/mrtg and /etc/mrtg/mrtg.cfg to the XI backup/restore scripts -SW
- Mods to speed up availability report and executive summary for users with “can see all hosts and services” privileges -SW
- Fix Bug in Tactical Overview where it wasn’t displaying the correct totals -SW
- Allow a locale to be passed to the login page to force a certain language upon login. login.php?locale=en_ES - MG
- Added language selection icons on the login page. These will override default settings for the duration of the session - MG
- Fixed pass by reference bug that was causing deprecation warnings. - NS
- Fixed bug #368 with Notification Deployment templates - MG
- Fixed iframe display issues with Ipads/Iphones - MG
- Fixed CCM bug with action_url and notes_url not being escaped properly - MG
- Updated system profile component to fetch a downloadable zip with useful log information - SL / MG
- Fixed CCM bug where wildcards weren’t working correctly - MG
- Fixed bug where child hosts weren’t able to be deleted with the nagiosql_delete_host.php script - MG
- Fixed BPI PHP warning about division by 0 - MG
- Fixed BPI bug with long plugin output not being truncated for display correctly - MG
- BPI: Updated to HTML 5 and forced IE to display in Edge mode so it will work correctly without having to manually set compatibility mode - MG
- BPI: Fixed bug with BPI groups not re-populating the form for selected child groups - MG
- Fixed CCM bug with (+,null,standard) inheritance options not saving correctly - MG
- Added CCM feature to denote Service->Servicegroup relationships from Servicegroups page - MG
- Fixed bug in CCM where illegal macro characters (`~$&|’"<>) were allowed to be saved - MG
- Fixed bug in CCM where @ was being read as an illegal object name character - MG
- Forced username to lowercase upon login to prevent problems with Nagios Core permissions - EG
- Fixed bug where apache crontab wasn’t being initialized on some systems - used for scheduled reporting - MG
- Fixed CCM bug where host and contact description fields were required - MG
2012R1.6 - 02/05/2012
- Fix for case-sensitive object ID lookups from NDOUtils - EG
- Fix for CCM case-sensitive Config Names not being written to file - MG
- Fix for host fields VRML image and statusmap image not repopulating correctly - MG
- Fixed Reflected XSS vulnerability related to dashlet AJAX loads (Reported by James Clawson) - MG
- Fixed vulnerability where read-only users could access auto-discovery directly (Reported by James Clawson) - MG
- Fixed shell vulnerability for autodiscovery tool (Reported by James Clawson) - MG
- Removed use of the ‘at’ command for CCM audit log entries. Only selective entries are forwarded along to XI’s audit log now. - MG
- Removed setting of putenv(LC_ALL) in CCM, apache was complaining on Cent/RHEL6+ systems - MG
- Fixed JS function calls in CCM that used attr() and updated them to use prop() where appropriate. (Chrome Fix) - MG
- Fixed bug in notifications report where pdf exports came back empty if the search field was used - MG
2012R1.5 - 01/30/2013
- Fix upgrade script so users customized commands aren’t overwritten -SW
- Fixed CCM bug with Chrome where selected table rows weren’t being deleted properly - MG
- Fixed CCM 1.4-specific bug where CGI Config and Core Config weren’t resaving properly - MG
- Forced IE browser mode for maximum compatibility with IE - MG
- Mods to quickstart text and links - EG
- Fixed bug #348 in Bulk Mods related to object names with spaces not working correctly. - MG
- Fixed CCM bug where contactgroups could be assigned to themselves - MG
- Fixed bug where login alerts popup would display twice - MG
- Fixed a bug where the CCM (apache) was emailing the root user with STDERR output when audit logging - MG
- Added fix to prevent CCM configuration file from having improper permissions - MG
- Fixed JQuery conflicts causing AJAX load problems in IE9 - MG
- Fixed 1.4-specific bug on Tac overview where Up hosts count was always 0 - MG
- Fixed CCM bug with IE where notification period wasn’t repopulating the form correctly - MG
- Fixed issue where password changes weren’t updating properly in htpasswd.users file - MG
2012R1.4 - 01/16/2013
- Fix permissions for unconfigured objects file to allow removing or deleting objects. -SW
- Fixed issue in CCM where free variables weren’t escaping backslashes properly - MG
- Fix bug where Scheduled Downtime backend API threw error -SW
- Fixed bug where CCM audit logging wasn’t working correctly - MG
- Fixed bug #325 where cloning a host, service, template, or contact moved custom variables instead of copying them - MG
- Fixed tracker item #323 to support custom file locations with Unconfigured objects - MG
- Refactored data fetches for status information, resulting in a major decrease in page load times, and less CPU overhead for mysqld/httpd - MG
- Fixed 1.3-specific bug with Nagios BPI checks - MG
- Fixed 1.3-specific bug with Nagios BPI groups not repopulating the form correctly - MG
- Added link for admins to be able to edit the BPI config file at any time. - MG
- Added new host commands to the host object details page - MG
- Fixed several issues with the screen dashboard - MG
- Added a default POT file for easy updates of other translation files - MG
- Fixed issue where menu items were not being translated - MG
- Added fuzzy translations for German, Spanish, French, Italian, Portuguese, Russian, and Chinese - NS
- Added fix to installation script to check for new RHEL subscription method - SR
- Fixed “Scheduled Events Over Time” chart to work over https -SW
- Updated SQL query for timedeventqueue chart data to pull from host and service status tables instead.
- Check statistics are now fetched from Nagios Core status, eliminating the need to use ndoutils hostchecks/servicechecks tables
- The following setting can be implemented in ndomod.cfg to reduce SQL overhead on larger installs: data_processing_options=67108669
- Refactored Tactical overview dashlets for a substantial improvement in load times - MG
- Added host alias to search criteria. Tracker item #337 - MG
- Updated default notification messages to use %hostalias% macro - EG
- %hostalias% macro now defaults to use value of %host% if not specifically set - EG
- Removed empty PNP template for check_smtp checks causing missing performance graphs - MG
- Fixed bugs with CCM variable sanitization - MG / NS
2012R1.3 - 12/05/2012
- Fix permissions for restore script. -SW
- Fix so state history works for individual services -SW
- Fix bug in CCM where selected None in Limit Results would reverts back to 15 -SW
- Fix bug where users couldn’t change Max Notifications Age on database cleanup -SW
- Fix bug where users couldn’t change address for mobile carriers, always used defaults. -SW
- Nagios BPI: Fixed bug with empty auth_users printing lots of commas in bpi.conf - MG
- Nagios BPI: Added additional commands to be used with the api_tool.php script. Use -h to see usage for available commands. - MG
- Nagios BPI: Fixed issue where BPI group states were being calculated unnecessarily on page loads. - MG
- Nagios BPI: Fixed bug with empty hostgroups creating ghost entries- MG
- Nagios BPI: Fixed bug where config changes could cause both success and error messages to show up in the UI - MG
- Add ability for wizards to add unlimited services,processes, mountpoints etc. Many wizards updated in this release -SW
- Add ability to automatically process uploaded trap MIBS into snmptt.ini -SW,NB
- Added support for internationalization. PO files can be added to /usr/local/nagiosxi/html/includes/lang/locale - MG
- Updated CCM command test to use escapeshellarg instead of escapeshellcmd for improve command tests - MG
- Updated sourcegaurdian loaders to eliminate issues with segmentation faults on enterprise components - MG
- Update default notification message to just use %host% as %hostalias% isn’t always set -SW
- Fixed bug in CCM where notifications_enabled defaulted to “off” if left blank in the form - MG
- Fixed bug with duplicate key entries on bulk modifications. - MG
- Fixed bug #317 in CCM where using the search bar could cause CCM insert, edit, and delete commands to be rerun - MG
- Fixed bug in CCM where renaming config_name for a service could leave behind ghost service configs - MG
- Fixed bug in CCM with form validation for required fields - MG
- Added feature request #300, services can now be searched by host address. - MG
- Added callback functions to allow custom status icons and custom table columns to be added to status tables by components - MG
- Added support for a custom login splash page using the Custom Login component - MG
- Fixed potential SQL injection vulnerability in legacy CCM for authenticated users - MG
- Fixed bug with component/wizard update check not allowing additional uploads - MG/SW
- Added proxy support for component/wizard update check - SW
2012R1.2 - 10/5/2012
- Removed perl-DBD-mssql package from 2012 prereqs - MG
- Fixed CCM bug where notification options weren’t saving properly for services/service templates - MG
- Added fix so fresh CSS / JS files get automatically refreshed in the browser with each version update - MG
- Enterprise license trial expiration now lasts at least as long as normal trial - EG
- Fixed 1.1-specific bug where CCM page crashed when adding new contacts - SW
- Added missing “is_volatile” setting in CCM - MG
- Fixed CCM bug where hostgroup->hostgroup relationships could cause circular relationships - MG
- Enterprise-only components are now automatically updated with every release. - MG
- Updated highcharts library to 2.3.3. Fixes bug with timestack graph - MG
2012R1.1 - 10/25/2012
- Added ability to upload MIB’s up to 5MB - SW
- Added preliminary gettext support for internationalization - MG
- Fixed UI bug in CCM with duplicate contactgroups in selection box -MG
- Wkhtml installs now - AG
- Updated all Jquery libraries to latest versions to allow all jquery functions to work in IE9 - MG
- Fixed bug with IE9 where dashlets were not draggable - MG
- Fixed issue in CCM where check commands with single quotes could break javascript functions (bug #305) - MG
- Fixed bug #157 in new CCM where free variables weren’t being copied with an object copy. - MG
- Fixed issue where Nagios Mobile was not installing on upgrades - MG
- Revised fix for bug #201 where unconfigured objects failed to stay deleted - MG
- Fixed bug where host template notification_option ‘d’ wasn’t saving correctly - MG
- Added fix to CCM import tool to prevent static and pnp configs from being imported - MG
- Fixed CCM page navigation bug after users are deleted - MG
- “Open Service Problems” page now hides any host that is acnowledged or in scheduled downtime - MG
2012R1.0 - 10/03/2012
- Fixed bug #201 where unconfigured objects failed to stay deleted. List can now also be manually cleared - MG
- Fixed bug where multiple scheduled reports weren’t all sending - MG
- Fixed page bounce on scheduled reporting - MG
- Fixed bug with CCM search not repopulating correctly - MG
- Fixed CSS issue rounded corners on footer - MG
- Fixed issue where some users were seeing Configure tab when they weren’t supposed to - MG
- Components and Wizards can check to see if updates are available… -SW
- Fixed BPI bug where the drill down wouldn’t happen if there were orphan groups - MG
- Added failsafe to Ajaxterm installer to rollback ssl.conf if an apache config issue is created - MG
2011-2012 Upgrade Notes:
- Nagios XI 2012 will have both a Standard Edition and an Enterprise Edition
- Upgrade to 2012 Standard Edition is free for existing 2011 customer with an active support and maintenance contract
- Feature Comparison for Enterprise vs Standard at: http://www.nagios.com/products/nagiosxi/whatsnew
- The upgrade from 2011 to 2012 will backup all currently installed wizards, components, and dashlets to the /tmp directory to account for custom modifications to any Nagios XI addons.
- The upgrade from 2011 to 2012 update any current wizards, components, and dashlets released by Nagios enterprise to their latest versions. This particular upgrade step will only happen one time once the full production version of 2012 is posted. This is done to allow users to safely modify components and wizards without being overwritten with each upgrade.
- The Admin->SSH Terminal access uses SSL and requires browser acceptance of the certificate the first time it is used. (Open in a new tab).
- Any new components and wizards can be removed after the upgrade if not desired
- Home dashboards will be updated to the new default home splash after the upgrade. The default home dashboard can be brought back by selecting the “Change my default home page” link at the top right of the home page.
- Nagios BPI 1.x users will have to migrate their configuration for use with Nagios BPI 2.x, since groups are now calculated differently.
- The previous version of the Core Config Manager is still available in the menu system by selecting “Legacy CCM”
- Report issues through [email protected] or support.nagios.com/forum.
- Enterprise-only components are automatically updated with each new update of Nagios XI.
2012RC4 - 09/20/2011
- Fixed bug in new CCM where command defs would fail to save with single quotes - MG
- Fixed bug in new CCM with timeperiod definitions not loading with certain versions of mysql - MG
- Removed deadpool feature until later in 2012 - MG
- Fixed bug introduced in RC3 that broke result limit logic in new CCM - MG
- Updated audit logging to summarize the log entry for a large config deletion - MG
- Fixed bug with CCM nagios.cfg and cgi.cfg editor - MG
- Fixed bug where hosts/services with more than one : in the name showed as unauthorized - SW
- Fixed bug in the new autodiscovery component related to scans against single IP addresses - SW
2012RC3 - 09/11/2012
- Fixed bug where ajaxterm installer failed when installer was run from outside of the /tmp directory -SW
- Fixed typo in deadpool.php - MG
- Fixed bug where executable permissions were not properly being applied to newly installed components and wizards - MG
- Fixed bug with exec summary exporting as the event log - MG
- Fixed bug with duplicate report export options - MG
- Fixed bug where PDF export was on some reports that can’t actually export to PDF - MG
- Fixed bugs with “Email this report” - NS / MG
- Fixed issues with search and back buttons on Escalation Wizard and Bulk Renaming tool - MG
- Fixed bug #291 where services with a / in the name didn’t display their performance graph (Fix by forum user nagiosadmin42)- MG
- Fixed bug #292 with multiple concurrent searches for host graphs. Expanded flexibility of search as well - MG
2012RC2 - 09/04/2012
- New 2012 Features implemented
2012 Standard Edition:
- New Core Config Manager
- Configuration Rollback
- Tools menu for external URL tools
- Bandwidth Report
- Executive Summary Report
- Custom Action URL’s
- Nagios BPI 2
- Emailed Reports
- SSH Terminal access built into the UI
- Nagios Mobile now included
- Automatic installation of all current components, dashlets, and wizards
- Deadpool for obsolete hosts and services
- Improved Autodiscovery Wizard
- Custom Home page
- NRDS Config Manager
2012 Enterprise Edition
- *All features mentioned above*
- All features mentioned above
- Capacity Planning Report
- Bulk Renaming Tool
- Bulk Modifications Tool
- Escalation Wizard
- Scheduled Reporting
- Scheduled Page Report
- Notification Settings Management
- Nagios BPI Hostgroup and Servicegroup Syncing
- Audit Logging
2011R3.3 - 08/20/2012
- Added in logic for 2012 Configuration Snapshots Rollback Feature -SW
- Fixed bug in core to process perfdata even if empty - used in distributed monitoring -SW
- Fixed bug where users authorized_for_monitoring_system could not see Event Log in XI but could in Core. -SW
- Fixed bug where performance data wasn’t being sent if using NRDP for outbound checks -SW
- Fixed issue with backup script not saving properly with backups over 4GB - SW
- Fixed issue with upgrade scripts failing if nagios crontab does not exist -MG
- Applied patch to Nagios Core that fixes issue with frozen checks when using DNX - MG
- Fixed bug #275 where service details ajax could break with a ‘\’ in the service description -MG
- Fixed bug #272 where audit log scripts were not executable - MG
- Added callback function ability for subsystem dbmaint.php and cleaner.php scripts - MG
- Added callback function ability for Apply Configuration and Reconfigure - MG
- Added callback function ability for any subsystem command - MG
- Patched Nagios Core, previous patch for bug #338 didn’t take into account that flexible downtime events can happen before end_time. -SW
- Updated Highcharts library to 2.2.5, fixes bug with scalable performance graphs not resizing/rescaling correctly after zooming. - MG
- Fixed bug #279 on unified hostgroups and servicegroups pages where basic auth would be requested -MG
- Added support for HTTPS in outbound NRDP check transfers - EG
- Compile NRPE with argument support - AG
- Added session_write_close() to dashlet-related AJAX calls and pages to improve dashlet load times - MG
- Fixed bug #282: security issue in subsystem logging - MG
- Fixed XSS security vulnerability with Core Config Manager login page (reported by Adam Baldwin) - MG
- Compile Core with disable-embedded-perl option to prevent NEB related memory leaks - MG
2011R3.2 - 06/27/2012
- Fixed error in upgrade script with missing dependencies package - EG
- Fixed bug in upgrade script where NSCA may not upgrade properly - MG
- Fixed issue where backing up crontabs could halt an upgrade if a tempfile already existed - AG
- Added external api script to send data to audit log - MG
- Added escalation status to notifications report page - EG
- Added fix to force correct permissions for all newly installed components, dashlets, and wizards - MG
- Added ability to delete hosts or services from the command line. To be documented in “Automated Host Management” doc - MG
- Fixed bug with host status search not searching against host_name field - MG
- Fixed bug with 2012 availability report where hostgroups showed all host states as 0% -SW
- Ndoutils upgrade script now checks existing DB username for any future upgrades -MG
- Added escalated status to alertsummary notification macro - EG
- Fixed issue with upgrade script stopping because of package conflicts - MG
- Added wkhtml installation to upgrade script (not yet implemented)- EG
- Added ajaxterm installation to upgrade script(not yet implemented) - EG
- Added external URL to global config settings page to allow for custom URL in notification messages, scheduled reporting (future) - EG
- Fixed bug #259 where state history report would now show services when using specific hostgroup for report - EG
- Patched Nagios Core bug #338 where schedule downtime would not persist properly upon a restart of Nagios (Carlos Velasco) - MG
- Fixed issue where duplicate table indexes may have been created upon upgrade (KevinD and gwakem) - MG
2011R3.1 - 06/08/2012
- Fixed issue with upgrade script that could remove user-defined cron jobs from root crontab - SW
- Fixed bug created in 3.0 where ‘/’ was not allowed in service descriptions - MG
2011R3.0 - 06/04/2012
- Added fix for incorrect permissions with MIB and graph template directories - EG
- Added support for 2012 notification management functions: Default Messages, and locking notification settings -MG
- Improved sanity checks for XI notification settings for XI users -MG
- Added ‘getalerthistogram’ to backend API commands. -MG
- Fixed XSS vulnerabilities reported by user: 0a29406d9794e4f9b30b3c5d6702c708 -MG
- Fixed overlapping values in piechart for both current and 2012 versions -SW
- Fixed bug #260 with notifications search(broke in 2.4). Expanded search options for more robust searches -MG
- Fixed bug #156 where illegal characters can be passed for object names in the config wizards, now replaced with ‘_’ -MG
- Fixed issue where illegal characters could be used with service descriptions in the Core Config Manager -MG
- Fixed minor bug with availability CSV export - SW
- Updated Nagios Core to 3.4.1
- Updated NSCA to 2.9.1
- Updated Ndoutils to 1.5.1
- Mod applied to Ndoutils 1.5.1 that fixes kernel msg queue issue
2011R2.4 - 04/24/2012
- Added top alert producers to backend API via: cmd=gettopalertproducers -MG
- Fixed bug where hosts without services may not show available commands or tabs correctly - SW
- Fixed an issue where duplicate notifications can populate the notifications report - MG
- Added permissions fix in reset_config_perms for future Renaming tool component - MG
- Changed EPEL and RPMForge repos to use local rpms for manual installation - MG
- Fixed performance data not being sent on outbound transfers with NSCA #254 - SW
2011R2.3 - 04/16/2012
- Fixed a bug where some monitoring wizards couldn’t complete because of missing values - SW/MG
- 0 is now an acceptable value for first_notification_delay on monitoring wizards - MG
- Fixed issue where the upgrade script could fail if the /usr/local/nagiosxi/tmp directory was empty -SW
- Added new performance options to the Admin->Performance settings page, subsystem procs/logging can be disabled to improve performance - MG
- Modified some of the subsystem processes to only run when needed - MG
- Added config options for the performance data spool directories to allow for use of RAM disks with XI’s subsystem processes. -MG
- Fixed comment/author notification variables to now be %comment% and %author%, respectively - EG
- Added some python libraries as dependencies in preparation for capacity planning project - AG
- Fixes for rapid response authentication - EG
- Fixed issue with Date/Time picker for custom graph timeperiods - SW
- Fixed issue on 64-bit el5 where removal on librsvg2.i386 failed and held up the installer - AG
- Reverted sudoers install script to support CentOS 5 - EG
- Added nmap support to sudoers (used by autodiscovery) - EG
- Added helper functions to detect if a specific wizard or component is installed - EG
- Fixed bug where deleted users weren’t being properly removed from the cgi.cfg file - SW
- Bugfix for a small error in table alignment in PDFs - SW
- Fixed issue where downtime is scheduled several days into the future, and a couple other problems - SW
- CPU Load meter on syssstat dashlet now accounts for multiple CPUs -SW
- Fixed issue with rapid response url with read-only users - MG
- Fixed bug #250 related to European date formats in reports -SW
- Added session performance improvement suggested by CB - EG
2011R2.2 - 03/05/2012
- Fixed problem where blank service performance graphs were being displayed - SW
- Fixed potential bugs relating to the $CDPATH shell variable - AG
- Removed hard-coded package path in 1-prereqs - AG
- Streamlined generation of dependency meta-package - AG
- Added a “Finish” button to the wizard logic to allow for quick configuration - EG
- Added new rapid response feature for notifications - EG
- Removed hard-coded db passwords in install scripts - EG
- Added uninstall script (consider this beta) - EG
- Added new notification variables (%responseurl%, %objecttype%, %objectid%, %notificationauthor%, %notificationcomment%, %alertsummary%) - EG
- Fixed offlineinstall for Red Hat systems - AG
- Fixed bug that broke performance graphs for some check_mk graph templates -MG
- Added login screen splash information for contacting us - EG
- Increased the default timeout value for process_perfdata.pl to 15 seconds for new installs - MG
- Added ability to reset notification messages to system defaults in account settings - EG
- Added option to run same wizard again at completion of monitoring wizard - EG
- Fixed bug where availability report not display if one of the values was less than 0.14% but not 0 - SW
- Fixed bug #239 where someone can save a service escalation without a contact or contact group. - MG
- Fixed bug #238 that prevented service escalations from saving a service list under certain circumstances - MG
- Fixed an issue where the unique service descriptions that populated the service escalations page were case insensitive - MG
- Fixed bug #202 where custom date selections for performance graphs always led to “All Hosts” page - MG
- Fixed a bug where custom date selections can cause all blank graphs upon a new login. - MG
2011R2.1 - 02/09/2012
- Fixed sourcegaurdian error upon upgrade -AG
- Fixed JS minifiy issues in release prep - AG
- Fixed bugs in fullinstall process - AG
2011R2.0 - 02/06/2012
- Fixed bug that displayed debugging output on email test page #207 -MG
- Fixed bug where email addresses without FQDN’s can vail validation and fail to send (example: root@localhost) -MG
- Fixed bug #207 that broke the URL for Unhandled problems in the login alerts window and Nagios Fusion. - MG
- Postgres sequence fix script is now run during upgrades, full installs - EG
- Added option to specify http port in config.inc.php. Apply Config would fail without a mod_rewrite. -MG
- Fixed bug #185 with adding new service escalations and dependencies. Removed safety nets in the UI to allow
- Fixed bug #152 related to service escalations creating ghost services upon import. - MG
- Added fix/feature for bug #190 to allow html output for host/service status text. Option is switchable in the Admin->Manage System Config page. - MG
- Fixed broken link on Unconfigured Objects page - SW
- Added a System Profile page to the Admin menu to assist in troubleshooting - MG
- Fixed availability report bug where host name was not displayed properly - SW
- Fixed bug #122 which displayed inconsistent data in state history reports - EG
- Added new backend commands to support future NagiosQL snapshot rollbacks - EG
- Fixed bug #218 where servicegroup availability reports contained incorrect host data - EG
- Fixed bug #215 where performance graphs in object detail screens could not be added to dashboards - EG
- Fixed bug where host and service notifications could not be completely disabled on a per-user basis - EG
- Changed Nagios Core hostgroup/servicegroup logic to match Nagios XI - EG
- Fixed bug where escalation macro was not getting populated for use in notification messages - EG
- Fixed bugs with improperly encoded URLs causing broken links -SW
- New installations will have cleaner handling of sudoers, cron jobs, and php limits
- Removed freetds and dbd dependencies
- Lots of bug fixes in the installer
2011R1.9 - 12/07/2011
- Prevented some time-critical SQL queries from being cached - EG
- Prevented service graph from being generated in availability reports when a host has no services (issue #198) - EG
- Patched recurring downtime script to fix problem with Nagios scheduling it’s own downtimes (issue 136) - submitted by Alexandru Lacraru
- Added ability to copy permalink URL to clipboard (suggested by Troy Lea) - EG
- Added fix for potential bug that prevented performance graphs from displaying on some systems -MG
- Added fix to the rrdtool graph API for improved compatibility with existing PNP graph templates - MG
- Fixed security escalation race conditions in crontab install scripts - EG / AG
- Fixed XSS vulnerabilty in backend_url javascript link - EG
- Fixed XSS vulnerability in xiwindow variables (affected permalinks) - EG
- Fixed XSS vulnerability in recurring downtime script - EG
- Fixed XSS vulnerability in alertheatmap report, “My reports” listing - EG
- Fixed XSS vulnerabilities in status/report page link functions - EG
- Fixed security vulnerability during package installation - AG
- Special thanks to 0a29406d9794e4f9b30b3c5d6702c708 for reporting security vulnerabilities.
- Fixed potential endless loop in non-interactive fullinstall script - AG
- Fixed bug with multiple calls to session_start() that produced error messages - EG
- Changed home page notifications link to use newer report - EG
- Added event log report to legacy reports - EG
- Fix for availability report including incorrect data - EG
- Fixed bug where custom tabs (eg. object notes) would not appear in service details screens - EG
- Added ability to attach multiple files to an email message - EG
- Added ability to have multiple recipients in email messages - EG
- Fixed minor bug in coreuiproxy.inc.php script that was generating a PHP Warning on CentOS/RHEL 6 installs - MG
- Further revision on repairmysql.sh script for more successful repair runs - MG
2011R1.8 - 10/28/2011
- Added ability to include attachments in emails - NS
- Added group membership query functions - EG
- Fixed date in webroot index page (suggested by Troy Lea) - EG
- Added MIB management to admin page (suggested by Troy Lea) - EG
- Updated jQuery to 1.6.2 - EG
- Performance graph panels in object detail pages now only display if panel is selected (suggested by Troy Lea) - EG
- Fixed problem with apostrophes being cut off in comments/acknowledgements - EG
- Added PNP graph template management (suggested by Troy Lea) - EG
- Added custom date/time selection to performance graphs (suggested by Troy Lea) - EG
- Added Automatic login feature - EG
- Modified cmdsubsys cron job to run daily update checks - EG
- Added zip to the prereqs list for CentOS 6 - NS
- Fixed bug #191 that created an extra footer div on child pages and prevented buttons and links from working - MG
- Added missing dependency for check_by_ssh - AG
- Revised OS checker for installer scripts to ensure compatibility and supported installations - AG
- Updated the repair_mysql.sh script for more successful repair runs - MG
- Modified load_url logging to overwrite load_url.log instead of appending to prevent log flooding with duplicate info. - MG
- Fixed bug 194 that created an SQL error in the browser when updating notification preferences - MG
- Multiple install attempts will not append to the install.log file instead of overwriting it. - AG
- Added CentOS CR repo for CentOS 6 installations. Fixes package conflict for php-mssql package - AG
- Updated NPCD daemon to 0.4-latest snapshot. Fixes memory leak that can crash NPCD process. - MG
- Fixed memcached support by adding caching TTL (defaults to 10 seconds) - EG
- Added a fix that allows update checks to work on a proxy install -MG
- http://assets.nagios.com/downloads/nagiosxi/components/proxy.zip - Adds a Proxy Configuration page to the Admin menu.
2011R1.7 - 8/29/2011
- More robust installation scripts, support for RHEL 6 -AG
- Changed permissions on files under /usr/local/nagiosxi to restrict access to Nagios and Apache users only -EG
- Applied fix to check_xi_service_mrtgtraf.php PNP template to fix units problem on perf graphs -NS
- Added checks to detect wrong file types when uploading components, wizards, and dashlets -EG
- Changed activation logic to require re-activate on IP address change -EG
- Fixed permissions in alert heatmap, notifications, histogram, and status history reports (issue #186) - EG
- Removed event log report link for non-admins - EG
- Fixed errors when determining backend URL (old logic broke with command line scripts) - EG
- Added logging when internal and external http calls fail: /usr/local/nagiosxi/var/load_url.log -MG
- Updated backend URL logic to fix problem with command-line scripts - EG
- Fixed bug in footer with z-index and tray alert transparency - EG
- Added an import prep script that preps all .cfg files in a single directory (scripts/xi_prep_dir.php) -MG
- Added ability to search for host status by IP address in the “Quick Find” search box - EG
- Added sanity checks to all stages of reconfigure_nagios.sh to identify any problems during Apply Configuration -MG
- Added error catches for “Apply Configuration” in the browser, problems will now exit the loop with an appropriate error message -MG
- Added host alias to the host details page: Tracker Request: #165 -MG
- Fixed tracker issue #127 related to status table sort arrows not being clickable -MG
- Added ability to filter new reports by a single host. Tracker Request #134 - MG
- Fixed bug created in 1.6 that causes slow performance with installs behind NAT -MG
- Added callbacks to allow for overriding default home page, injecting links in reports - EG
- Fixed bug in E-importnagiosql script with Apache not restarting and removed duplicate dependencies in 1-prereqs scripts - AG
2011R1.6 - 07/25/2011
- Fixed bug 163: related to long plugin output breaking the host/service details pages. Max status text is now 6k.
- Added support for RHEL 6 (0-yum)
- Added bug fix to 12-mrtg that was preventing rrd’s from being created correctly from the switch wizard
- Added patches to fullinstall and 0-yum that allow for non-interactive installs for 64bit systems.
- Fixed bug that was causing the “delete service” command to fail on the XI service details page.
- Fixed bug in CCM that prevented lines longer than 4k from being imported and written to file correctly.
- Fixed XSS vulnerabilities discovered in status pages (ajax calls)
- Updated Windows desktop wizard with bug fixes related to saving preferences when using the back button
- Fixed SSL bugs caused by an SSL host-certificate issue with curl.
- Modified monitoring wizard API to allow wizards to hide hostgroup, servicegroup, and parent host options
- Fixed bug #168 re: permalinks breaking on URLs that contained a space (this affected services and hosts)
- Removed hard-coded http calls in new reports
- Fixed bug #179 with CCM password limit at 15 characters
- Fixes in E-importnagiosql for Apache not being detected as having started
2011R1.5 - 06/23/2011
- Added “check all” and “uncheck all” feature to switch wizard
- Fixed problem with Windows server wizard modifying port numbers in existing command definitions
- Removed custom port options for Windows server wizard (we will reimplement this in a later release)
- Fixed problems with incorrect permissions on /usr/local/nagios/var directory files (caused orphan check errors)
- Updated Nagios Core init script to suppress error messages about processes that couldn’t be killed (e.g. that no longer exist)
2011R1.4 - 05/16/2011
- Modified Nagios Core notification scripts to include the host display name macro and allow it be used used in user notifications (using the %hostdisplayname% variable)
- New init script to fix problems with multiple Nagios instances running
- Fixed bug in object functions related to instance_id and active state that affected object status pages
- Added preliminary support for memcached
- Added initial support for automatic logins
- Fixed bug in E-importnagiosql script where Apache was not starting properly
- Fixed bug where applying configuration changes would hang
- Fixed bug where re-notification interval of zero (0) corrupted wizard object definitions
- Fixed bug where fullinstall script needed to be run twice
- Added a non-interactive option to the fullinstall script for unattended installations
2011R1.3 - 05/24/2011
- Added HTTPS support for underlying NagiosQL scripts (“$cfg[‘use_https’]=true” must be set in config.inc.php file)
- Fixed bugs that prevented strict SSL compatibility with backend calls. Pure https support now enabled with mod_rewrite. -MG
- Created a new performance graph API that fixes several known issues related to performance graphs displaying correctly -MG
- Fixed a javascript bug with the blue “fullscreen” triangle.
2011R1.2 - 04/11/2011
- Removed event data from component status dashlet (was incorrect for some users)
- Fixed error in nagios init script that affected clean restarts
- Added lockfile to dbmaint cron job to prevent overlapping jobs running/hanging
- Fixed bug in NDOUtils addon where host and service check statistics were no longer being reported
- Fixed bug where top alert producers report didn’t have proper authorization checks
- Removed javascript scrollpane effect in left navigation bar
- Fixed bug in dbmaint cron job that could cause table corruption for some users
2011R1.1 - 03/07/2011
- Disabled logging of external commands, passive checks for new installs and upgrades
- Fixed bug in unconfigured objects parsing code
- Added styled scrollbar to left navigation menu
- Added max notifications age setting in database performance page
- Stylesheet fixes for Opera and Chrome
2011R1 - 02/28/2011
- Added a new “screen” dashboard for attaching dashlets to each screen (top frame)
- Added tray alert to footer
- Incorporated Exfoliation theme for Nagios Core
- Added login alert screen
- Renamed “All Graphs” menu link to “Host Graphs”
- Added support for saving preferences in performance graphs
- Host Performance graphs now do not show hosts for which graphs are not available
- Fixed bug where permalinks to dashboards didn’t work
- New reports with CSV and PDF output capability
- Added “My Reports” feature for favorite reports
- Added check for missing posix_getpwuid() when applying config changes
- Included highcharts for dynamic report generation (licensed code)
- Improvements in MySQL database efficiency with new NDOUtils mods
- Added support for new components, including:
- Auto-discovery
- Hypermap
- Alert timeline
- Alert cloud
- Network replay report
- SNMP scan wizard
2009R1.4B - 02/02/2011
- Fixed permissions error on Nagios plugins directory (plugin uploads weren’t working)
- Added new admin screen to adjust performance settings (dashlets, database, UI pages)
- Removed unimportant sample dashlets
- Updated website and switch monitoring wizards
- Fixed bug in recurring scheduled downtime where servicegroups were not processed correctly
2009R1.4 - 01/26/2011
- Fix for config permissions check
- Added option to specify custom end date/time in performance graph pages
- Fixed permissions error on tmp folder items
- Added new admin page for managing email-to-text mobile carrier options
- Improved installation scripts with better error checking and debug messages
- Added new program status indicators in page header
- Fixed bug in URL validation code that was rejecting ampersands in URLs
- Fixed bug in Postgres db init code where sequence ids were being set (too low)
- Moved performance data processing commands off to separate cron job (perfdataproc.php)
- Moved the “Manage Plugins” menu item to the “System Extensions” section of the admin menu
- Added GUI for configuring inbound/outbound NSCA data transmission
- Upgraded PNP to version 0.4.14
- Added new script to repair damaged MySQL tables (scripts/repairmysql.sh)
- Added new scripts to set/get Nagios XI options, user attributes, and user meta information from command line
- Performance optimizations in authorization functions (resulting in ~30% lower load on system during HTTP calls)
- Upgraded ADOdb to version 5.11
- Added warnings to 0-yum script about existing RPMs being removed on 64-bit systems
- Added config file options for specifying dashlet refresh rates
- Fixed bug in Nagios Core where passive host checks were passed to Nagios XI as active checks
- Fixed bug in Nagios Core where passive host check status was not being updated in Nagios XI
- Fix for incorrect passive check data in monitoring engine statistics dashlet
- Search box now redirects to host status screen if no matching services are found
2009R1.3G - 11/15/2010
- Removed duplicate epel-release RPM from 1-prereqs script
- Added custom logo support in header (requires optional component)
- Added logentries, statehistory, and externalcommands NDOUtils tables to automatic trimmin cron job
- Added support for checking config script/file permissions for problems
- Fixed problem with config scripts not being installed setuid root (caused problems with writing the config)
- Fixed problems with NagiosQL not being able to restart Nagios Core
- Changed nagiosql scripts to handle bad SSL cert setup with --no-check-certificate option
2009R1.3F - 11/02/2010
- Patched version of NDOUtils
- Upgraded Nagios Core to version 3.2.3
- Fixed bug in processing existing (old) config when re-configuring some hosts/services
- Fixed bug where XML data was not alway escaped, causing blank status tables in UI
- Fixed incorrect color scheme for pending hosts and services
- Fixed bug where custom filters would not be retained when moving to different pages in host/service status pages
- Removed unused daemontools from installation packages (was causing problems on 64-bit systems)
- Fixed incorrect servicegroup commands link in servicegroup summary view
- Fixed bug in pagination of users list in admin menu
- Added indexes to NDOUtils for speed improvements
2009R1.3E - 09/27/2010
- Fixed EPEL problem in 1-prereqs script (was using an old version)
- Fixed EOL problem with 0-yum script (was using DOS line endings)
- Fixed problem with incorrect notification options in config that affected new installs
- Fixed bug in global settings where admin name/email could not be updated
- Fixed bug in table pager links
- Added support for permalinks when web server running on port other than 80
- Fixed bug where newly created users did not have host recovery notifications enabled
- Removed all current instances of PHP short opening tags
2009R1.3D - 09/18/2010
- Fixed incorrect links in sorted table headers
2009R1.3C - 09/16/2010
- Updated yum repo for better support of 64-bit installs
- Fixed problems with “Continue” button not working properly after applying changes in the CCM
- XSS fixes in table generation functions
- New installs now have nagiosadmin account use xi_contact_generic template
- Fix for wizards not correctly handling notification contacts/contactgroups
- Added new “fix-nagiosadmin” script to change nagiosadmin account to use XI notification commands, timeperiods, etc
2009R1.3B - 09/03/2010
- Fixed yum repo problem on 64-bit installations
- Fixed problems with HTML encoding custom notification message formats
- Notification message formats are now evaluated as PHP code before being sent to the user if they begin with "
- XSS fixes in status and dashboard pages
- Added search filter to check command and service dependency screens in Core Config Manager
- Upgraded Nagios Core to version 3.2.2
- Fixed problem with earlier trial expiration date
2009R1.3 - 08/18/2010
- Improved performance of NDOUtils addon with host and service checks
- Fixed bug where newly defined services had a next check time of ~1970 (Unix Epoch)
- New patched versions of Nagios Core and NDOUtils
- Fixed NagiosQL spurious bug “Call to a member function setVariable() on a non-object”
- Added message about no quick actions being available in host/service detail pages for read-only users
- Fixed license agreement page title
- Removed unused language/theme preference options
- Added support for automatic login from Nagios Fusion
- Added new callbacks for session start, authentication check
- Added support for new host/service status filters (active checks enabled/disabled)
- Added support for custom performance graph refresh rate via config.inc.php variable ($cfg[‘performance_graph_refresh_rate’])
- Fixed bugs in hostgroup and servicegroup status overview dashlet links
- Added tabs to re-configure host and service screens
- Added ability to specify hostgroups, servicegroups, and parent hosts in config wizards and re-configure screens
- Fix for XSS vulnerabilities and possible SQL injection vulnerability
- New event log interface with CSV and PDF download options
- Added recurring scheduled downtime
- Removed unused daemon calls from nagiosxi init script
- Added new network outages dashlet
- Fixed bugs in NagiosQL relating to service escalation configuration, possible SQL injection vulnerability
- Added new config wizards: dhcp, dns query, ftp server, linux server, nagios xi server
2009R1.2D - 07/27/2010
- Fixed bug in re-configure host/service screens when disabling/enabling notifications
- Request array variable processing fix that affected Windows and Network switch port wizards
- Fixed bug in network switch wizard that prevented ports monitoring from being applied properly
- Minor improvements to crontab install script
2009R1.2C - 07/16/2010
- Added initial support for HTTP Basic authentication
- Install scripts will no longer overwrite existing config.inc.php config file
- Security fixes for XSS and CSRF vulnerabilities in Nagios XI web interface
- Fixed bug with invalid permissions on some files in the /usr/local/nagios/etc directory
- Added basic backup/restore scripts
- Upgraded SourceGuardian loaders
2009R1.2B - 07/05/2010
- Fixed bug in example Logon Errors performance counter in Windows server wizard
- Fixed error in global host and service commands with invalid output macros
- Added ability to login to backend API with username and password MD5 hash
- Fixed bug where some (non-admin or non-global) users would not have access to re-configure an existing host or service
- Fixed bug where user could previously rename a dashboard with a null/empty name (issue #62)
- Fixed reset security credentials admin page to prevent caching (issue #64)
- Fixed bug where changing records per page in performance graphs displayed incorrect graphs (issue #63)
- Added ability to add custom tabs to host/service detail pages
- Fixed bug in D-chkconfigalldaemons postgresql shutdown statement
- Added warning messages about notifications being disabled to notification messages and methods pages
- Updated 1-prereqs script
- Added new nagiosxi init script to replace old cron jobs with daemon
- Added logrotate definition to rotate cron job log files
- Added ability to delete bad configuration snapshots
- Fixed bug in windows server wizard where counters were not monitored correctly
- Renamed icon in host status detail screen that links to host service status (issue #65)
- An update check is now performed when XI is first installed/configured
- Added validation checking on Windows server and desktop wizard agent passwords
2009R1.2 - 06/01/2010
- Fixed bug in component administration upload/install logic
- Fixed bugs with PNP init script missing chkconfig description and PID permissions (issues #18, #20)
- Fixed harmless error message in Postgres DB initialization (issue #24)
- Upgraded NDOUtils to version 1.4b9
- Added long output to host and service status XML output
- Fixed Nagios Core notification and event handler scripts to properly include long status output
- Fixed date/time bug in notification messages
- Added ‘nagiosxi’ pseudo-user to Core CGI config file
- XI usernames/passwords are now automatically synced with credentials used to access Nagios Core upon login
- Changed nagiosadmin timeperiods and notification commands to allow for notification control through XI, rather than Core (issue #228)
- Added “noprereqs” option to upgrade script to allow skipping of package updates
- Added option to disable host and service recovery notifications in account notification preferences page
- Fixed bug where new hosts and services with pending states would not appear in status interface
- Fixed bug with missing posix_getpwuid() function on Fedora 11
- Modified config wizard API to allow for post-configuration callbacks, and variable value overrides
- Fixed bug in config wizard download screen
- New D-chkconfigalldaemons script to ensure proper daemons are started/shutdown
- Added optional version, date, author, and copyright information for configuration wizards (displayed in admin screen)
- Fixed missing windows server configuration wizard
- Added paging options to host service performance graphs pages (default to 5 records at a time)
- Added EPEL repo to 0-yum install script (issue #47)
- Fix to tactical overview screen with “hostgroup=all” URL link to status screens not working properly
- Improvements to website wizard to support regex matching, custom ports, basic authentication
- Added rpmdevltools RPM to installation requirements
- Added config wizard, dashlet, and component API version constants
- Added option for configuration wizards and components to run an post-install script (install.sh) if supplied in their directory
- Fixed mis-matched AuthNames in Nagios Core Apache config files (issue #43)
- Added option for config wizards to not define object variables that are intended to be inherited from a template
- Config wizard now commits multiple import files for services that are defined on different hosts (e.g. SNMP trap wizard)
- Added option for config wizards to override contact and contactgroups easier
2009R1.1H - 04/02/2010
- Added new options to configuration wizard API to support passive-only services (e.g. SNMP traps)
- Fixed problem with service icons not displaying properly in status interface
- Fixed problem with notifications not being sent out in some instances
- Changed mail settings SMTP password field to not show plaintext password (issue #27)
- Fixed bug with uploading configuration wizards (issue #26)
- Fixed bug where some users had blank home page dashboards
- Fixed bug in user preferences link in “getting started” dashlet
- Fixed bug where notifications were still being sent to users if non-global notification options were enabled
- Fixed bug where host/service re-configuration of notification options wasn’t working (issue #29)
2009R1.1G - 03/17/2010
- Added option to override port name in switch configuration wizard (issue #2)
- Removed NagiosQL nags about empty ARGx macros and possible missing host/service variables (issue #3)
- Fixed bug in NagiosQL where empty $ARG1$ macro would cause later $ARGx$ macros to get shifted forward (issue #4)
- Added script to reset config file permissions when applying new configuration or restoring from backup snapshot
- Fixed usability issue relating to specifying contacts and contactgroups in monitoring wizard and re-configure screens (issue #9)
- Fixed bug where all hosts/services were shown as being members of empty hostgroups/servicegroups (issue #6)
- Fixed bug where service duration was incorrectly calculated and displayed in the service detail listing (issue #12)
- Fixed bug where Continue button worked improperly in Firefox when applying config changes (issue #15)
2009R1.1F - 02/08/2010
- Fix for incorrect links in Tactical Overview screen
- Fix for performance graphs not visible after initial install
- Fix for timeperod bug when updating notification preferences
- Fix for newline wrapping in email notifications viewed in HTML mode
- Fix for nagiosadmin user missing custom timeperiod (fixes new installs only)
- Fix for bug where hosts appeared un-deleteable, event thought they were
- Fix for service XML object routines
- Fix for bug in detail links when viewing host performance graphs
2009R1.1E - 02/02/2010
- Enabled large installation tweaks (performance enhancements) in Nagios Core
- Fixed bug where hosts and services created with wizards could not be deleted (nagios user/group problem)
- Fixed problems with incorrect first datasource being used for service detail performance graphs (patch by Antal Ferenc)
2009R1.1D - 01/26/2010
- New templates for future use with linux servers
- Fixed bug in Nagios Core UI proxy
- Fixed bug in displaying host/service groups with only one host member
- Configuration wizard notification option screen now defaults to having contacts and contactgroups checked (better usability)
- Enhanced configuration wizard API now allows for auto-installation of plugins, logos, and templates
- Increased system statistics collector inter-check sleep time from 5 to 10 seconds
- Added script to reset nagiosadmin login password from command line
- Modified NagiosQL to accept spaces in host names (host config screen) and config names (service config screen)
- Modified NagiosQl to not replace spaces in service config names with underscores
- Added ability to change host address is host re-configuration screen
- Added address to host status detail screen
- Fixed bug where hosts and services created with wizards could not be deleted (import file permissions problem)
2009R1.1C - 01/17/2010
- Added free license option (limited to 7 hosts/nodes)
- Added automatic update check option, update availability dashlet
2009R1.1B - 01/14/2010
- Fix for Dag yum repo on RHEL5
- Minor fixes to installation scripts to support RHEL5
2009R1.1A - 01/09/2010
- Added new host/service group status screens with dashlet capabilities and dynamic ajax updates
- New SNMP monitoring wizard
- Fixed upgrade script from RC3 to R1 (was missing template install script)
- Fix for importing dag repo GPG key during manual install
- Fix for installation of webinject during manual install
2009R1 - 12/31/2009
- Added ability to manage (upload/delete/modify) components
- New comments/acknowledgements screen
- Modified check_xi_service_nsclient command to handle null passwords when monitoring Windows machines via NSClient++
- Monitoring wizard now shows contact names
- Host status screen now has links to view status of hosts’ services
- Added a config file import prep tool (xiprepimport.php)
- Added new PNP templates for http, ping, dns
- Improved speed of ajax updates in host/status screen displays
- Some account notification preferences are now unavailable if a matching Nagios Core contact is not associated with the user account (including timeperiods)
- Configuration wizards now save meta data for later re-use
- New TCP/UDP port monitoring wizard
- New Windows Server monitoring wizard
- Added abilities to delete and re-configure hosts/services in main status interface
2009RC3 - 11/25/2009
- License key is now trimmed of whitespace before being saved
- Network outages menu link only shown to admins and users who can see all hosts/services
- New host and service status list screens with ajax updates!
- Minimum views rotation speed is now 10 seconds
- CSS fix for missing border on views slider control
- Changed default views assigned to new users to use updated service status screens
- Fixed problem where default dashboards/dashlets were not being assigned for new user accounts
- Fixed problem with dashlet hover not working proper in IE (IE doesn’t handle transparent backgrounds!)
- Dashlet titles now show when hovering over dashlet
- New dashlets are now positioned at staggered offsets from the top left corner
- Core config manager is now accessible to users with configure permissions
- Config wizards now only add new objects or modify existing objects user has rights to
- Floppy removed from virtual machine
- Fixed web transaction monitoring wizard
2009RC2 - 11/17/2009
- Fixed notification time preferences bug (same start/end times were invalid)
- Added sendmail command line opts to send_email() command
- Fixed bug in website wizard where page content check failed on URLs with redirects
- Added new follow-up options when completing configuration wizard
- NagiosQL mods:
- Added colon as valid host/service name character
- New configuration wizards:
- Added switch wizard
- Added web transaction wizard
- Added webinject to installed components
- Added phpmailer
- Added admin option to manage email settings
- Moved svn repo, revision IDs changed/reset
- Switched most ajax calls to async mode
- Performance and event queue graphs are now resizeable in dashboards
2009RC1 - 11/10/2009
- Initial test release
Related news
Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets.
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials.
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Red Hat Security Advisory 2023-1049-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, deserialization, html injection, memory exhaustion, open redirection, server-side request forgery, and traversal vulnerabilities.
Red Hat Security Advisory 2023-1044-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.2 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, deserialization, html injection, memory exhaustion, server-side request forgery, and traversal vulnerabilities.
New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-14040: In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. * CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. * CVE-2019-11358: A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modi...
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-14040: In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. * CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. * CVE-2019-11358: A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modi...
New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-14040: In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. * CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. * CVE-2019-11358: A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modi...
Red Hat Security Advisory 2023-0552-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2023-0556-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2015-9251: jquery: Cross-site scripting via cross-domain ajax requests * CVE-2016-10735: bootstrap: XSS in the data-target attribute * CVE-2017-18214: nodejs-moment: Regular expression denial of service * CVE-2018-14040: bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute * CVE-2018-14041: bootstrap: Cross-site Scripting (...
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).
Red Hat Security Advisory 2022-7343-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include code execution and denial of service vulnerabilities.
An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2019-11358: jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection * CVE-2022-30123: rubygem-rack: crafted requests can cause shell escape sequences
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments.
An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
An update for the pki-core:10.6 and pki-deps:10.6 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2015-9251: jquery: Cross-site scripting via cross-domain ajax requests * CVE-2016-10735: bootstrap: XSS in the data-target attribute * CVE-2018-14040: bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute * CVE-2018-14042: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip...
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Ja...
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.