While we’ve released 1.11.0 including a fix for buffer overflow detected and fixed by Tim Landscheidt (Wikimedia), there’s now a CVE number for that: CVE-2014-2386. Therefore we’re releasing 1.10.4 and 1.9.6 containing this security fix amongst a bunch of other backported fixes. Older release branches <1.9.x require an update to the latest and greatest.
1.11.1 contains the updated CVE entry, and fixes some IDOUtils bugs that affect Oracle and Postgresql databases. The Classic UI time-picker ‘am/pm’ display was fixed too. Last but not least Classic UI 1.11.1 ships with an experimental feature required for Icinga 2 only – to display the host’s check service in the details view (relevant the upcoming Icinga 2 0.0.9).