Request Demo

5.7.2

  • July 14, 2020

Security

  • Fixed security vulernability with audio import directory allowing php files to be uploaded/ran from that directory (thanks @TactiFail) -JO
  • Fixed XSS security vulnerability in background color in Dashboards (thanks @TactiFail) -JO
  • Fixed XSS security vulnerability in Config Management > Edit Config page in BPI component (thanks @TactiFail) -JO
  • Fixed XSS security vulnerability in Graph Explorer link url option (CVE-2020-15902) (thanks ERNW) -JO
  • Fixed RCE vulnerability with ajaxhelper.php when running certain commands through cmdsubsys (CVE-2020-15901) (thanks ERNW) -JO

Fixed

  • Fixed NDO issue where renaming hosts and services with uppercase/lowercase letters caused inconsistencies [TPS#15205] -SAW,JO
  • Fixed restricting access to auto deploy output JSON files -JO
  • Fixed brevity settings for objects/hoststatus and objects/servicestatus when using outputtype=xml -JO
  • Fixed issue with NDO connection in Nagios XI using latin1 as default charset instead of utf8 -JO
  • Fixed error updating audit log when removing a user [TPS#15172] -JO
  • Fixed warning/critical toggle button icon placement on Highcharts graphs with single dataset [TPS#15175] -JO
  • Fixed XML brevity causing isseus with Mass Acknowledge and other systems that rely on XML data [TPS#15179] -JO
  • Fixed displaying inactive objects that have been disabled in nagios_objects table -JO
  • Fixed issue where the “Check for Updates” button on Wizards/Components was not checking latest XI 5.7 versions -JO
  • Fixed Top Alert Producers report not showing on CentOS 8 / MySQL 5.7+ [TPS#15202] -JO
  • Fixed LDAP integration missing function causing a PHP error when trying to import users from LDAP -JO
  • Fixed backend cache causing problems when empty data was returned -JO
  • Fixed mod_gearman issue with NDO3 causing it to not use the mod_gearman module -SAW
  • Fixed ansible version issue for Auto Deployment component on Ubuntu 16 and Debian 9 systems [TPS#15200] -JO
  • Fixed issue with PHP 7 and Scheduling Queue page not showing up properly -JO
  • Fixed python setup for Ubuntu 20 systems which have both Python 2 and Python 3 installed -JO
  • Fixed NagVis installation issue with Ubuntu 20 and CentOS/RHEL 8 due to using Python 3 -JO
  • Fixed Manage Deployed Agents page where OS version would not always update or add when adding new agents [TPS#15192] -JO

Component Updates

NDOUtils (NDO) 3.0.2

  • Fixed host/service/contact tables being truncated on restarts (long-standing PENDING states in Nagios XI host/service status)
  • Fixed issue with writing contacts to object tables during startup when duplicate objects exist in the nagios configuration
  • Fixed issues around NDO trying to broker its own error logs when MySQL was disconnected or disabled
  • Fixed issues with NEB callback registration priority for Mod Gearman compatibility
  • Fixed issue where changing capitalization of an existing host/service would partially fail
  • Improved MySQL reconnection logic to increase chances of successful reconnection and reduce performance impact
  • Made previously compile-time debugging configuration available in ndo.cfg
  • Added more information to the logs when handling errors during startup
  • Added removal of inactive objects from the host/service/contact status tables instead of truncating them completelya

Core Config Manager (CCM) 3.0.6

  • Fixed security vulnerability with Static Config Editor allowing editing apache owned files outside static directory (thanks @TactiFail) -JO