Releasing Icinga Web v2.9.0

by | Jul 12, 2021

Today we’re announcing the general availability of Icinga Web v2.7.5, v2.8.3 and v2.9.0. Besides the compatibility with IcingaDB, the v2.9.0 release includes major enhancements to access control, support for PHP 8, the possibility to stay logged in during browser restarts and a full-fledged date-time picker in all browsers.

You can find all issues related to the v2.9.0 release on our Roadmap. Please make sure to also check the respective upgrading section in the documentation.

This release is accompanied by the minor releases v2.7.5 and v2.8.3 which include the security fixes mentioned below.

Icinga DB

We continue our endeavour soon. Icinga Web 2 is still a crucial part of it and this update is again required for Icinga DB. If you like to participate again, don’t forget to update Icinga Web 2 as well.


Security Fixes

This release includes two security related fixes. Both were published as part of a security advisory on Github. They allow the circumvention of custom variable protection rules and blacklists as well as a path traversal if the doc module is enabled. Please check the respective advisory for details.


RBAC, The Elephant In Icinga Web 2

Role Based Access Control, for the non-initiated. I’ll make it short: Permission refusals, Role inheritance, Privilege Audit. Icinga DB will also solve the long-standing issue #2455 and also allows #3349 and #3550. I’ve also written a blog post about this very topic.

  • Authorization enhancements #4306
  • Audit View #4336
  • Highlight modules with permissions set inside a role #4241


Support for PHP 8

PHP 8 is released and with Icinga Web 2.9 it will now work flawlessly. We also took the chance to prepare to drop the support of some legacy PHP versions. We now require PHP 7.3 at a minimum and all versions below that will not be supported anymore with the release of v2.11.

  • Support PHP 8 #4289
  • Raise minimum required PHP version to 7.3 #4397


Stay, Be Remembered

Have you ever been disappointed that Icinga Web 2 always forgets you after closing your browser? This is in your hands now! Just tick the new checkbox on the login screen and Icinga Web 2 doesn’t forget your presence anymore. Unless of course the administrator or you on a different device clears your session.

  • Implement a “remember me” feature #2495


It Does Matter, When

Browsers are bad when it’s about date and time inputs. (I’m looking at you Mozilla!) Now we’ve given our hopes up and use a specifically invented solution to show you a date and time picker throughout every browser. With Icinga v2.13 onwards you will also be able to use this when defining an expiry date for comments! Though, you might not necessarily use it that often once you’ve configured new custom defaults for downtime endings.

  • Add datetime picker widget #4354
  • Expire Option for Comments #3447
  • Custom defaults for downtime end, comment and duration #4364




Postponing new Dark/Light Themes

In an earlier blogpost we gave an introduction to new Dark/Light themes which were planned to be released with Icinga Web 2.9. We have decided to postpone those themes to a later release, due to the effect they have to our official modules and those built by the community. The decision was made in order to guarantee a smooth upgrade to all Icinga users, which currently requires some additional work. These new themes will be released with the next major version 2.10 instead.

You May Also Like…

Releasing Icinga 2.12.8

Releasing Icinga 2.12.8

Today we are releasing Icinga 2.12.8. It addresses an issue with one of the fixes included in the 2.13.3 and 2.12.7...

Subscribe to our Newsletter

A monthly digest of the latest Icinga news, releases, articles and community topics.