Icinga 1.4.0 contained several bugs which now have been fixed on the core and web side of development 🙂
The XSS vulnerability in the Classic UI reported by Stefan Schurtz has been resolved too.
Core/ClassicUI/IDOUtils
* core: fix retain status file over an init script reload #1579
* classic ui: fix cross site scripting vulnerability in config.cgi on config expander arguments #1605
* classic ui: better handling of writing to cgi.log in cmd.cgi #1161
* classic ui: fixing tac.cgi header problems with counting and adding pending and descritptions #1505 #1506 #1508
* classic ui: corrected behaviour of pending states in tac header #1508
* install: fix event handlers cmd file location in contrib #1501
Web/API
* fix LDAP auth allows empty passwords #1596
* fix filter information wrong after saving cronk #1525
* fix prefs growing endlessly in Icinga-Web causing lot’s of traffic #1513
* fix cronks page make-up #1509
* principals now work with wildcards
* provided IE JS fix
Docs
* CFLAGS for FreeBSD #1604
* show_tac_header_pending #1529
