Icinga Core, Classic UI & IDOUtils 1.4.2 released

by | Jun 29, 2011

Due to the recent fixes in 1.4.1 the XSS vulnerability caused the command expander in config.cgi not to work as expected. Alongside this bug, there were various other things to resolve while working on the 1.5 dev branches. All important fixes have been backported into 1.4 tree and can now be found in a revamped 1.4.2 release on Core, Classic UI and IDOUtils.
Download 1.4.2 now or wait for your distribution to push updated packages ๐Ÿ™‚ Special note: 1.4.2 does not require IDOUtils DB upgrading.
Changelog

  • core: fix freshness_threshold problem in host checks by using check_interval in HARD or OK state, else retry_interval (like service checks) #1331
  • classic ui: add a check for status data freshness into cgis #1667
  • classic ui: re-fix xss vulnerability and string escaping for command expansion #1605 #1624
  • classic ui: remove sidebar.html inclusion in index.html causing troubles on reload #1632
  • classic ui: fixed: User can execute host/servicegroup commands even if not authorized for (Sven Nierlein) #1679
  • classic ui: fixed: plugin_output_short didn’t get checked properly and caused segfault in status.cgi #1673
  • idoutils: do not update start_time of already started downtimes #1658
  • idoutils: fix started downtime update for table scheduleddowntime in oracle #1658
  • install: fix make install-idoutils overwrites sample – adding idoutils.cfg-sample instead #1625

 
Please report any bugs/feature requests/etc to our development tracker and/or community channels! ๐Ÿ™‚

You May Also Like…

Releasing Icinga Web v2.12.2

Releasing Icinga Web v2.12.2

Today weโ€™re announcing the general availability of Icinga Web v2.12.2. You can find all issues related to this release...

Subscribe to our Newsletter

A monthly digest of the latest Icinga news, releases, articles and community topics.