Recently the OpenSSL project released OpenSSL v1.1.1t and advised its users to upgrade due to several CVEs that release has fixed. We’re not certified security experts, but we know that a redundant update is better than a missing update. While on Linux the OpenSSL maintainer of the distribution is responsible for such updates, on Windows we are as we bundle OpenSSL. Theoretically the end users could also update the DLLs by themselves, but not everyone has the knowledge and/or courage this requires. Hence we announce the immediate general availability of Icinga 2.13.7 and 2.12.10. Both update the bundled Boost and OpenSSL libraries on Windows and fix broken SELinux policies on RPM based distros. By the way v2.13.7 fixes several other bugs.
Changes
v2.13.7
Security
- Windows: update bundled OpenSSL to v1.1.1t. #9672
Bugfixes
- SELinux: fix user and domain creation by explicitly setting the role. #9690
- Signal handlers: don’t interrupt and break plugins spawning. #9682
- Icinga DB: take check_period into account during overdue calculation. #9679
- Avoid corrupted files: use fsync(2)/FlushFileBuffers() everywhere. #9681
- Solaris: fix compile error. #9680