Security releases: Icinga 2.13.7 and 2.12.10

by | Feb 16, 2023

Recently the OpenSSL project released OpenSSL v1.1.1t and advised its users to upgrade due to several CVEs that release has fixed. We’re not certified security experts, but we know that a redundant update is better than a missing update. While on Linux the OpenSSL maintainer of the distribution is responsible for such updates, on Windows we are as we bundle OpenSSL. Theoretically the end users could also update the DLLs by themselves, but not everyone has the knowledge and/or courage this requires. Hence we announce the immediate general availability of Icinga 2.13.7 and 2.12.10. Both update the bundled Boost and OpenSSL libraries on Windows and fix broken SELinux policies on RPM based distros. By the way v2.13.7 fixes several other bugs.

Changes

v2.13.7

Security

  • Windows: update bundled OpenSSL to v1.1.1t. #9672

Bugfixes

  • SELinux: fix user and domain creation by explicitly setting the role. #9690
  • Signal handlers: don’t interrupt and break plugins spawning. #9682
  • Icinga DB: take check_period into account during overdue calculation. #9679
  • Avoid corrupted files: use fsync(2)/FlushFileBuffers() everywhere. #9681
  • Solaris: fix compile error. #9680

Enhancements

  • Windows: update bundled Boost to v1.81. #9678
  • Documentation: several fixes and improvements. #9671

v2.12.10

Security

  • Windows: update bundled OpenSSL to v1.1.1t. #9686

Bugfixes

  • SELinux: fix user and domain creation by explicitly setting the role. #9689

Enhancements

  • Windows: update bundled Boost to v1.81. #9686

You May Also Like…

Releasing Icinga Director v1.11.3

Releasing Icinga Director v1.11.3

We are happy to announce the release of Icinga Director version 1.11.3. This release addresses few important bug fixes...

Releasing Icinga Director v1.11.2

Releasing Icinga Director v1.11.2

We are pleased to announce the release of Icinga Director version 1.11.2, which addresses several important bug fixes...

Releasing Icinga Web v2.12.2

Releasing Icinga Web v2.12.2

Today we’re announcing the general availability of Icinga Web v2.12.2. You can find all issues related to this release...

Subscribe to our Newsletter

A monthly digest of the latest Icinga news, releases, articles and community topics.