While you may have seen a lot of updates in our 2.x development head, Icinga 1.x is still alive and being patched and bug-fixed. Some smaller features have also been incorporated into 1.13.0 so consider upgrading your existing installation.
Changelog Core, IDOUtils, Classic UI
CHANGES
- Remove deprecated event_profiling_enabled from icinga.cfg
- Remove deprecated broker_module from icinga.cfg (use module object configuration instead)
- Add module config examples in modules/ directory (livestatus, mod_gearman, pnp4nagios, flapjack)
- Move contrib/downtimes to tools/downtimes and add ‘make install-downtimes’
FEATURES
- Feature #1867: Recurring Downtimes
- Feature #6353: deprecate icinga.cfg:broker_module; add more module examples
- Feature #8007: Implement an option to disable transactions
- Feature #8139: Add functions for registering file descriptors closed on fork()
- Feature #8140: Add Check Result List Mutex for NEB modules
- Feature #8426: Remove constraint from *dependencies tables
- Feature #8440: Enhance idomod logging
FIXES
- Bug #6263: Race condition in init.d scripts’ stop
- Bug #6762: Icinga crashes when “args” attribute is not specified for modules
- Bug #7004: GET form param has no effect on cmd.cgi acks (again)
- Bug #8202: Cool tip text for refresh of hosts and services says “I’m so lonely up here. Where should I go?”
- Bug #8441: require the ‘config_file’ argument in idomod modules configuration
- Bug #8445: cmd.cgi use_ack_end_time param does not enable tickbox in form
Changelog Web
Security
- Ewoud Kohl van Wijngaarden found a way for an SQL injection in Icinga Web’s API. An authenticated user could inject SQL code via a crafted JSON filter (#7924, CVE-2015-2685)
We recommend to update your installation to 1.13.0 as the features are minimal invasive.
Notable changes and features
- The log now contains the ip address of a user login failed, or the user just logged in and out (#7357)
- We implemented a command log that contains any command that is send to the Icinga core by an user – written to a separate log file command-20XX-XX-XX.log (#7893)
- (Bug) Acknowledgments where sent without a proper sticky declaration. This problem has been fixed and host or service acknowledgments are now sticky by default – what it should and was intended to be. (#5838 #7003) Please review our documentation if you are not sure what sticky means.
- Grids can now display customvariables. Because customvariables are customised on every installation, this feature is disabled by default. See doc/grids_and_customvars.md for further information.
Other bugs
- When using Kerberos authentication in a web server a user could receive all credentials when he had a role that had no credentials set (#7892) In our tests that only happens with Kerberos users.
- When a user could not be imported during login the database exception was not generated correctly (#8301)
- Don’t contact more authentication providers than necessary during login. Thanks to Victor Hahn (#8341)
- Fixed the irritating error during application state reset (#8523) The state was always cleared, but an error popped up for the user.
