Releasing Icinga Web v2.8.6 and v2.9.6

by | Mar 8, 2022

Today we’re announcing the general availability of Icinga Web v2.8.6 and v2.9.6. Both contain only security vulnerability fixes.

When To Upgrade

If you have v2.9.x installed at the moment, we recommend to upgrade immediately. This is even more important if your installation is reachable from the Internet.

The Vulnerabilities

The first is a path traversal issue that affects installations of v2.9.0 and above. Another one allows admins to run arbitrary PHP code just by accessing the UI. The last one may disclose unwanted details to restricted users. Please check the advisories on GitHub for more details.

  • Path traversal in static library file requests for unauthenticated users GHSA-5p3f-rh28-8frw
  • SSH resources allow arbitrary code execution for authenticated users GHSA-v9mv-h52f-7g63
  • Unwanted disclosure of hosts and related data, linked to decommissioned services GHSA-qcmg-vr56-x9wf

You May Also Like…

Releasing Icinga Director v1.11.2

Releasing Icinga Director v1.11.2

We are pleased to announce the release of Icinga Director version 1.11.2, which addresses several important bug fixes...

Releasing Icinga Web v2.12.2

Releasing Icinga Web v2.12.2

Today we’re announcing the general availability of Icinga Web v2.12.2. You can find all issues related to this release...

Subscribe to our Newsletter

A monthly digest of the latest Icinga news, releases, articles and community topics.