Due to the recent fixes in 1.4.1
<https://www.icinga.org/2011/06/08/icinga-1-4-1-released/> the XSS
vulnerability caused the command expander in config.cgi not to work as
expected. Alongside this bug, there were various other things to resolve
while working on the 1.5 dev branches. All important fixes have been
backported into 1.4 tree and can now be found in a revamped 1.4.2
release on Core, Classic UI and IDOUtils.
Download 1.4.2 now <https://sourceforge.net/projects/icinga/> or wait
for your distribution to push updated packages :-) /Special note: 1.4.2
does not require IDOUtils DB upgrading./
Changelog <https://wiki.icinga.org/display/Dev/Icinga+Core+Changelog>
* core: fix freshness_threshold problem in host checks by using
check_interval in HARD or OK state, else retry_interval (like
service checks) #1331 <https://dev.icinga.org/issues/1331>
* classic ui: add a check for status data freshness into cgis #1667
<https://dev.icinga.org/issues/1667>
* classic ui: re-fix xss vulnerability and string escaping for
command expansion #1605 <https://dev.icinga.org/issues/1605> #1624
<https://dev.icinga.org/issues/1624>
* classic ui: remove sidebar.html inclusion in index.html causing
troubles on reload #1632 <https://dev.icinga.org/issues/1632>
* classic ui: fixed: User can execute host/servicegroup commands
even if not authorized for (Sven Nierlein) #1679
<https://dev.icinga.org/issues/1679>
* classic ui: fixed: plugin_output_short didn't get checked properly
and caused segfault in status.cgi #1673
<https://dev.icinga.org/issues/1673>
* idoutils: do not update start_time of already started downtimes
#1658 <https://dev.icinga.org/issues/1658>
* idoutils: fix started downtime update for table scheduleddowntime
in oracle #1658 <https://dev.icinga.org/issues/1658>
* install: fix make install-idoutils overwrites sample -- adding
idoutils.cfg-sample instead #1625 <https://dev.icinga.org/issues/1625>
Please report any bugs/feature requests/etc to our development tracker
<https://dev.icinga.org/> and/or community channels
<https://www.icinga.org/2011/06/29/support/>! :-)
--
https://www.icinga.org/2011/06/29/icinga-core-classic-ui-idoutils-1-4-2-released/
--
DI (FH) Michael Friedrich
Vienna University Computer Center
Universitaetsstrasse 7 A-1010 Vienna, Austria
email: [email protected]
phone: +43 1 4277 14359
mobile: +43 664 60277 14359
fax: +43 1 4277 14338
web: http://www.univie.ac.at/zid
http://www.aco.net
Icinga Core& IDOUtils Developer
http://www.icinga.org
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
icinga-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/icinga-users
