Fixed an XSS vulnerability with certain query parameters on the login page [GL:XI#2362] – CN
Added hide/show button to several sensitive text fields in Configuration Wizards [GL:XI#2363] – BR
Fixed several XSS and MitM vulnerabilities [GL:XI!2044,GL:XI!2044] – BB
Fixed several SQL injection vulnerabilities [GL:XI!2080] – BB
Added
Added Configuration Wizard and Plugins for Red Hat OpenShift – LG
Added a search filter to the SNMP Trap Wizard – [GL:XI#2208] – BR
Added credentials verification to vSphere Wizard [GL:XI!2063] – BS
Added experimental XI helper – AL
Added a combo box to replace some dropdown menus in NagVis [GL:NagVis!40] – BR, EK
Added handling for expired client secrets to SSO and the ability to migrate to a new key – BB
Added InfluxDB v1 test module and installation script – KF
Added line graph, stacked area graph, and legend options to the Graph dashlet on Smart Dashboards [GL:XI#2292, #2179] – ZR
Added new dark and light themes in NagVis [GL:NagVis!38] – NL, EK
Added new vSphere plugin [GL:XI#1852] – BS
Added no-click login feature via the option 'Bypass Login Page' for Automatic Login [GL:XI#2365] – ZR
Added pagination, search, and filters to the Group configuration mode for SSO [GL:XI#2334,2339,2347] – BB
Added preview image box when hovering over images in NagVis [GL:NagVis#31] – BR, EK
Added SVG support for NagVis shapes [GL:NagVis!34] – BR
Added the ability for SNMP Walk Jobs to handle walking SNMP devices that do not send sequential OIDs [GL:XI#1985] – JS
Added the ability to add dashlets to Smart Dashboards via the Dashify Button and Available Dashlets page [GL:XI#2207] – ZR
Added the ability to collapse the secondary navbar in the Neptune themes [GL:XI#2278] – BB
Added the ability to give SNMP Walk Jobs names [GL:XI#1985] – JS
Added the ability to redirect to status pages on click for the Statistic, Gauge, Pie Chart, and Bar Chart dashlets for Smart Dashboards [GL:XI#2252] -ZR
Added the ability to select a Smart Dashboard as the default dashboard when navigating to the Dashboards page [GL:XI#2144] – ZR
Added the ability to use custom actions via NagVis shapes [GL:NagVis!32] – BS, EK
Added tuning to SNMP Configuration to improve MIB translations [GL:XI#2326] – JS
Fixed
Fixed a number of bugs with SSO configurations in niche edge cases [GL:XI#2334,2339,2347] – BB
Fixed an incorrect label for unreachable hosts on the Pie Chart dashlet for Smart Dashboards [GL:XI!2117] -ZR
Fixed an issue causing the Manage Smart Dashboards page to fail to load on non-Neptune themes [GL:XI!2125] – ZR
Fixed an issue causing PHP warnings for the alert history V2 API endpoint [GL:XI!2096] – ZR
Fixed an issue in the Linux Server Wizard where an empty host name would result in broken html [GL:XI#2309] – BR
Fixed an issue in the Nagios Network Analyzer Wizard where the graph on step two would overlap with other elements [GL:XI#2301] – BR
Fixed an issue where the proper permissions were not being granted for the database, causing some scripts to error out [GL:XI#2317] – BR
Fixed an issue where the Network Report page would show a blank screen if the NNA Server was unreachable – [GL:XI#1986] – BR
Fixed an issue where the Upgrade scripts would call on the remote MSSQL Server [GL:XI#2088] – BR
Fixed an issue where RPM scripts would not work properly on cloud images of Red Hat Linux [GL:XI#1246] – BR
Fixed an issue where auto-discovery would not work upon upgrade on systems that we installed using the RPM method [GL:XI#2328] – BR
Fixed an issue where character affected by html_escape in 'ifalias' would break the Switch and Meraki Switch Wizard [GL:XI#1950] – BR
Fixed an issue where config imports could create invalid conifgs [GL:XI#1873] – EK
Fixed an issue where an empty announcement banner could crash XI – BB
Fixed an issue where entering an Enterprise key with an existing license key would result in an error [GL:XI#2286] – BR
Fixed an issue where disabling an LDAP server would not disable users associated with that server [GL:XI#2364] – BR
Fixed an issue where running the NCPA Wizard with multiple hosts would result in a hostname validation error [GL:XI#2374] – BR
Fixed an issue where several check commands were not being properly run (when done manually) [GL:XI#2377] – BR
Fixed an issue where legacy reports would return a 500 error [GL:XI#2381] – BR
Fixed an issue where reports were accessible with an invalid license [GL:XI#2386] – BR
Fixed an issue where service graphs would not appear due to a divide by zero error [GL:XI#2239] – BR
Fixed an issue where user IDs could be parsed wrongly for individually configured SSO users, causing wrong configurations [GL:XI!2142] – BB
Fixed an issue with performance graphs where critical and warning ranges would not show on graphs | As well as unreadable text | As well as a critical error in the graph [GL:XI#404] – BR
Fixed several V2 API issues with permissions for Smart Dashboards [GL:XI#2372] – ZR
Fixed tour cards not showing up in languages other than English [GL:XI#1859] – BR
Updated
Implemented pagination and search for SSO group management with SSO [GL:XI#2334,2339,2347] – BB
Improved error boundary technical details to be more informative and added buttons to copy and download information about the error [GL:XI!2130] – BB
Improved SNMP Walk Wizard visibility on smaller screens [GL:XI#1985] – JS
Improved stability of the user interface and several pages – BB, CN, ZR
Updated Legacy Reports menu to prevent confusion with other menu items with the same names [GL:XI#1784] – AW
Updated SNMP and NCPA Wizards to properly quote wrap community strings [GL:XI#1955] – JS
Updated the email subscription feature to automatically detect and update the subscription statuses if a user changes their email [GL:XI#1481] – BB
Updated the following Wizards: DigitalOcean, Google Cloud, Linode, Microsoft Azure, and the Rackspace Cloud Wizards to show the same information as the NCPA Wizard when configured with NCPA [GL:XI#2258] – BR
Updated the MSSQL Query Wizard to use TDSVersion option [GL:XI#1945] – BR
Updated the vSphere wizard to support new plugin [GL:XI#2302] – BS
Removed
Removed ability to change names of monitorable OIDs on SNMP Walk Wizard [GL:XI#1985] – JS
Added input verification to the SNMP Walk Job operation in the CCM [GL:XI!1984] – BR
Added information on the server's operating system in the V2 API [GL:XI!2077] – BR
Added verification to check SNMP connection for SNMP Wizard [GL:XI#1982] – BR
Added AES-256-C authentication protocol for SNMP Walk Jobs [GL#XI2223] – BR
Fixed
Fixed an issue where the "Show only import directory" check box in the Import Config Files page would not work properly [GL:XI#2186] – BR
Fixed an issue with labels on pie charts overlapping with the lines pointing to them [GL:XI#2152] – BS
Fixed an issue with Multistacked Performance Graphs not displaying anything when a single data option is selected [GL:XI#2213] – BS
Fixed an issue where the Hostgroup Status Summary Legacy Dashlet was scaling too aggressively [GL:XI#2196] – BR
Fixed an issue where the Smart Dashboards page had incorrect URLs in the Schedule Reports menu [GL:XI#2280] – BR
Fixed an issue where the Tactical Overview page had several unreadable text boxes across all themes [GL:XI#2202] – BR
Fixed an issue where multiple checkboxes would be made for each VM in the Guest Selection tab [GL:XI#2285] – BS
Fixed an issue where the tab key would submit the current form once focused on the Next button in Configuration Wizards [GL:XI#1936] – BR
Fixed an issue where scheduled reports would not work when port 80 is disabled and use_https is true [GL:XI#2131] – BR
Fixed an issue where pdf reports would not attach a pdf for emails using the Microsoft with OAuth2 send method [GL:XI#1927] – BR
Fixed an issue where CSV reports would not send in scheduled reports [GL:#2296] – BR
Fixed an issue where the Use_HTTPS variable in the config file would not be set during install [GL:XI#2299] – BR
Fixed an issue where classic dashlets in the Smart Dashboard system would not be as responsive when resizing [GL:XI#2298] – BR
Fixed an issue where the popup for an invalid or expired license key when navigating to a Configuration Wizard would be broken [GL:XI#2290] – BR
Fixed an issue where Oracle upgrades failed due to unexpected lsb_release string [GL:XI#2256] – KF
Fixed an issue with the vSphere plugin leaving stale sessions in vCenter [GL:XI#1765] – BS
Fixed an issue causing dashlets in Smart Dashboards to display incorrect colors on the Color Correction theme [GL:XI!2087] – ZR
Fixed an issue where systems with remote databases would have partially broken upgrades – BB
Fixed an issue where the Network Switch / Router Wizard would not collect data for Cisco Nexus Devices [GL:XI#1916] – BR
Fixed an issue in the Birdseye view where the states of hosts would not properly update in real time [GL:XI#1910] – BR
Fixed an issue in the Migrate Server page where the progress table was not consistent with the theme [GL:XI#2311] – BR
Fixed an issue where NMG sync would fail while errantly attempting to escalate to root locally [GL:XI!2068] – GW
Fixed an issue where AD/LDAP users could be imported with an invalid email address [GL:XI#2323] – BR
Fixed an issue where upgrades would partially fail if some tables in the nagiosxi database were using the MyISAM engine by updating those tables to InnoDB – BB
Fixed situations where the Pie Chart and Bar Chart dashlets did not display error info for an improper configuration [GL:XI#2260] – ZR
Fixed Performance Graphs failing to load [GL:XI#2297] – BS
Updated
Updated External Sign-On (SSO) PHP warning to no longer include link to out of date documentation – BS
Updated DUO Component CA Certificates [GL:XI#2330] – BR
Updated DUO Component Version to work with new certificates [GL:XI!2122] – BR
Updated links within DUO Component with up-to-date instructions [GL:XI!2110] – BR
Updated smart dashlet tooltips to show up regardless of dashlet size [GL:XI2027] – BR
Updated the vSphere Wizard with a link to documentation instead of hardcoded commands – BS
Updated the SNMP Walk Job Modals | As well as the SNMP Wizards to hide passwords [GL:#2128] – BR
Updated validation to AD/LDAP to include preventing invalid characters in XI usernames [GL:XI#2284] – JS
Removed
Removed broken port type from menu in the Network / Switch Router Wizard and its derivatives. – KF
Changed ownership of constants.inc.php to fix a privilege escalation vulnerability (Thanks to Cory Billington for reporting this) [GL:XI#2189] – CN
Updated Active Directory wizard to prevent storing creds unnecessarily (Thanks to Daniel Moura, Guilherme d'Ávila and Paulo Victor for reporting this) [GL:XI#2056] – JS
Added
Added UI pagination for AD/LDAP [GL:XI#1502] – JS
Added the ability to search for hosts, services, hostgroups, and servicegroups when configuring a Smart Dashlet – BR
Added support for NNA 2026 to the Nagios Network Analyzer wizard [GL:!1939] – GW
Added SSO support for configuring users via groups with AAD [GL:XI#1966,2026] – BB
Fixed
Fixed an issue where Nagios Mod-Gearman commands would fail due to incorrect log file permissions [GL:XI!1945] – GW
Fixed an issue where the "Add to My Views" button did not work properly in any theme besides Neptune [GL:XI#2228] – BR
Fixed an issue causing users with insufficient permission to be able to view the titles of Global Dashboards from the Home Page Options page [GL:XI#2243] – ZR
Fixed an issue with scaling for the Graph Explorer and Capacity Planning dashlets on Legacy Dashboards [GL:XI#2218] – ZR
Fixed an issue where the NagVis link would redirect the user to the wrong URL if nagiosxi was in the address [GL:XI#2266] – EK
Fixed an issue where the list of currently selected LDAP users wasn't properly updating [GL:XI#1502] – JS
Fixed an issue causing the "Switch to Modern" button to not refresh the page in some cases [GL:XI#2275] – ZR
Fixed an issue where LDAP entities with the "Person" type weren't properly displaying usernames and type icons [GL:XI#1502] – JS
Fixed an issue causing the premium feature popup to display incorrect information on configuration wizards [GL:XI#2151] – ZR
Fixed an issue where users could get permanently locked out of XI until they deleted their cookie [GL:XI#1863] – BB
Fixed an issue in init-mysql where disable_log_bin was not added by MySQL configuration adjustments [GL:#2244] – KF
Fixed an issue where the vSphere plugin would make all services uppercase [GL:XI#2257] – BS
Fixed an issue causing some items to incorrectly appear as a link on search for Neptune themes [GL:XI#2274] – ZR
Fixed an issue that made hovered options in dropdown search menus unreadable [GL:XI#2259] – BR
Fixed an issue where the Home Page Mod Link would not work for Neptune Themes [GL:XI#2242] – BR
Fixed an issue with FQDN validation in CCM Run Check Command [GL:XI2160] – BR
Fixed an issue causing font size to be smaller than expected for performance graphs [GL:XI#2205] – BS
Fixed an issue where an asterisk would appear in hostnames in the operations center [GL:XI#2206] – BR
Fixed unreadable text popup in the Alert Stream report when there's no data – BR
Fixed numerous issues with SSO, including large userbases [GL:XI#1966,2026,2246] – BB
Fixed cases where the Treemap, Bar Chart, and Pie Chart Smart Dashlets would be unable to filter host and service data [GL:XI#2236] – ZR
Fixed overlapping text on exported graph legends [GL:XI#2164] – BS
Fixed PHP warnings in vSphere wizard for PHP 8.x [GL:XI#1962] – BS
Fixed several issues related to default language handling that could result in 404 errors [GL:XI#2268] – CN, BR, BB
Removed
Removed deprecated VMWare Configuration Wizard and plugin – CN
Updated
Updated AD/LDAP component to dynamically detect UID or CN as the base RDN [GL:XI#1502] – JS
Updated the Neptune home page to feature trial resources for users with a trial license [GL:XI!1927] – ZR
Updated link in Admin > System Information > Check for Updates to the most up-do-date documentation [GL:XI#2248] – BS
Updated the Bar Chart Dashlet in Smart Dashboards with various improvements to usability [GL:XI#2170] – BR, CN
Updated Status page headers to allow more space for host/service titles [GL:XI#2264] – ZR
Updated install page to make theme selection easier [GL:XI#2219] – CN
Updated SSO to drastically improve performance for logging in and configuring users – BB
Fixed a Command Injection vulnerability within the following wizards: Zabbix Agent, Esensors Websensor, MongoDB Database, MongoDB Server, MySQL Query, Postgres Database, Postgres Query, and Postgres Server (Thanks to Vladislav Berghici of Trend Micro Research for reporting this) [GL:XI#2192,#2193,#2194] – CJD
Added
Added ability to group OIDs by either interface or MIB name in SNMP Walk Wizard [GL:XI#1985] – JS
Added ability to select multiple datasources in Smart Dashboard Graph dashlet [GL:XI#2167] – ZWR
Added ability to select Smart Dashboards as the XI home page via Home Page Modification [GL:XI!1852] – ZR
Added ability to use relative URLs when creating a View [GL:XI#2062] – DN
Added character limits to dashboard and dashlet titles for Smart Dashboards [GL:XI#2133] – ZR
Added update users endpoint to the v1 API [GL:XI!1862] – AC
Added Y axis labeling so the Graph in Smart Dashboards knows when to use the data labels better and adds custom labels [GL:XI#2166] – ZWR
Fixed
Fixed a plugin issue causing incorrect latency and execution time values to be returned [GL:XI2025] – DN
Fixed a broken Edit Settings link for the Custom Variable Tab in the Manage Components page [GL:XI#2185] – DN
Fixed an issue where legacy striped tables do not have colors set in light themes [GL:XI#2102] – JC
Fixed an issue causing status cells on the Neptune home page to not filter the Host/Service Status page based on selected status type [GL:XI!1846] – ZR
Fixed an issue causing a flicker when adding dashlets [GL:XI#2145] – ZWR
Fixed an issue causing 2014 and Classic themes to be unable to access pages written in React [GL:XI#2178] – ZR
Fixed an issue where the Smart Dashboard Treemap dashlet could load inaccurate data [GL:XI#2165] – JC
Fixed an issue where the path was wrong for the Mod Gearman popup [GL:XI#2168] – ZWR
Fixed an issue causing gauges on Legacy Dashboards to not render with PHP version 8.4 [GL:XI#2176] – ZR
Fixed an issue where the Smart Dashboard Graph dashlet's tooltip doesn't have a needed space [GL:XI#2177] – ZWR
Fixed an issue that was causing some bar graphs to render as line graphs [GL:XI#1974] – DN
Fixed an issue where the banners did not show in fullscreen [GL:XI#2110] – ZWR
Fixed an issue where new views couldn't be added in non-Neptune themes on the views page and in the top-right menu due to a race condition. [GL:XI#2159] – BB
Fixed an issue where users couldn't log in due to duplicate IDs on the login page – BB
Fixed an issue causing installs to fail in some IPV4 only environments [GL:XI#2020] – DN
Fixed an issue causing improper text overflow for long dashboard and dashlet titles [GL:XI!1901] – JC, ZR
Fixed an issue where tooltips weren't wrapping properly – BB
Fixed an issue where rrd export could target a nonexistent field, breaking performance graphs [GL:XI#2181] – JC
Fixed an issue where tray alert would show empty content [GL:XL#2155] – JC
Fixed an issue where the Nagios plugins for Nagios Mod-Gearman did not build – CB
Fixed several routing issues [GL:XI#2103,#2115,#2136] – BB
Updated
Updated value field of xi_options in database to accommodate more text [GL:XI#2137] – JC
Updated tray alert to show for non-admin users [GL:XL#2155] – JC
Modified critical status color and link colors to be more readable in non-Neptune themes [GL:XI#2162] – JC
Removed 5.x.x conditionals from installation/upgrade process – KF
Fixed an RCE vulnerability with the Run Check Command in the CCM (Thanks to “D3LT4” for reporting this)[GL:XI#1969] – JS
Fixed a Command Injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards (Thanks to Cory Billington for reporting this) [GL:XI#1953] – JS
Updated
Updated Dashboards Menu to support Legacy and Smart Dashboards in Neptune [GL:XI#2003] – ZWR
Updated Dashboards Menu to support Legacy and Smart Dashboards in Modern [GL:XI#2011] – ZWR
Reduced padding on Gauge Dashlet [GL:XI#2008] – JC
Updated NagVis to the latest open source version with new features and security fixes. [GL:NagVis#8] – EK,DN
Updated
Updated behavior when clicking on map icons in NagVis so that links open in new tabs. [GL:NagVis#3] – EK
Updated NagVis demo maps to new American maps [GL:NagVis#2] – EK
Updated passive check wizard with useful messages about configuring unconfigured objects, making it easier for users to configure and troubleshoot passive checks in Nagios XI – BB
Removed
Removed support for CSP50 licensing
Added
Added Prometheus Wizard – TL
Added documentation to help AWS EC2 users setup the correct IAM permissions for EC2 check data from AWS [GL:XI#1412]
Added documentation to help AWS EC2 users setup EC2 instances to allow XI to receive Disk Check data from AWS [GL:XI#1357]
Fixed
Fixed permalink generation for all reports [GL:XI#1890] – BB
Fixed an issue in the CCM where selected templates were not parsed to determine whether fields should be required [GL:XI#1759,#1879] – BB
Fixed an issue where several required fields were not being validated in the CCM [GL:XI#1896] – BB
Fixed an issue in the check for updates where the link for Nagios XI Upgrade Instructions was pointing to v5 doc [GL:XI#1902] – RM
Fixed dependency issues for scheduled backups for users trying to upgrade PHP (pecl-ssh2) [GL:XI#1776,#1905] – NN, LG
Fixed an error with upgrading RPM’s [GL:XI#1445] – DA
Fixed an issue where incorrect data was displaying in the instance list of the AWS EC2 wizard [GL:XI#826,#1846,#1817] – LG
Fixed a query hanging issue for the AWS EC2 wizard by adding a reasonable timeout when querying Instance data [GL:XI!1638] – LG, CN
Fixed an issue where the AWS Boto3 requires Python 3.8+ [GL:XI!1638] – LG
Fixed vsphere wizard to display data properly on the datastores page [GL:#NOISSUE] – NN
Fixed an issue where the Custom URL dashlet would not allow other Nagios XI pages to be embedded [GL:XI#1781] – TL
Fixed an issue where the Linux SNMP and Windows SNMP wizards had improper timeout durations [GL:XI#1824] – TL
Fixed an issue where the ‘Not Authorized’ error message was not styled in the Neptune theme [GL:XI#1812] – TL
Fixed tour cards rendering off screen on small screens in the Modern theme [GL:#1668] – HM
Fixed an issue where the content of custom dashlets would appear outside of the dashlet [GL:XI#1811] – TL
Fixed an issue where graphs on the Capacity Planning page would be blank if the host had no data [GL:XI#326] – TL
Fixed an issue where services were being added incorrectly in SNMP wizard [GL:XI#810] – HM
Fixed a styling issue on dark themes where Alert Timeline text would be too light [GL:XI#1830] – CJD
Fixed an issue where not having a default input and output rate on the Switch & Router wizard would break Step 2 [GL:XI#1828] – TL
Fixed an issue in certain wizards where finishing with a template lost user service selections [GL:XI#746] – HM
Fixed misspelling of Deutsch in language dropdowns [GL:XI#1787] – AW
Fixed an issue where an LDAP server password with certain characters would malform bash command [GL:#1149] – HM
Fixed an issue where dashboards would not resize when a dashlet was resized beyond the visible area [GL:XI#1610] – TL
Fixed an issue where the Administrative Tasks dashlet did not render all elements when Important Tasks are present for the user [GL:XI#1814] – HM
Fixed an issue where some CCM forms would not populate fields with a value of 0 [GL:XI#1476] – TL
Fixed an issue where the Modern Dark theme did not have dark scrollbars [GL:XI#1789] – TL
Fixed an issue not allowing .bmp files to be uploaded to custom-includes [GL:XI#1849] – NN
Fixed an issue where dashlet titles would appear when ‘Hide Title’ was clicked [GL:XI#1622] – TL
Fixed an issue where the Add View form would not reset after submission [GL:XI#1698] – TL
Fixed an issue where help and favorite icons were visible in improper locations [GL:XI#1504] – TL
Fixed Performance Graph not showing any data on creation [GL:XI#1694] – NS
Fixed an issue where the NCPA wizard form would break on small screens [GL:XI#1308] – NN
Fixed text wrapping in the CCM Select option buttons [GL:XI#1700] – ZR
Fixed an issue where form selections were being lost on step two when a user encountered an error in NCPA wizard [GL:XI#1497] – HM
Fixed an issue in the XML plugin where URLs would break when using the -R option [GL:XI#1295] – CJD
Fixed an issue where trial extensions would not function properly [GL:XI#1797] – CN, TL
Fixed an issue in the Auto Configure settings where checkboxes didn’t save input [GL:XI#1151] – CJD
Fixed an issue where the World Map layers icon overlapped the favorite icon in Modern themes [GL:XI#1641] – TL
Fixed an issue where the Neptune theme wasn’t using individualized Host icons [GL:XI#1503] – HM
Fixed an issue with SOAP causing many PHP-FPM error messages [GL:XI#1842] – NN
Fixed an issue where dashboard colors would break when adding many dashlets in quick succession [GL:XI#1514] – NS
Fixed an issue where the config menu dropdown remained open/nav bar elements stayed darkened when user ends tour on steps with it open [GL:XI#1585] – HM, NS
Fixed an issue where the “Do not Apply Configuration” tooltip doesn’t dismiss in Configuration Wizards [GL:XI#1649] – TL
Fixed an issue where the SLICENSE.TXT popup would not appear on the 2014 and Classic themes [GL:XI#1659] – TL
Fixed an issue where the Watchguard wizard wasn’t properly adding selected ports [GL:XI#1147] – NN
Fixed an issue where the Monitoring Engine Stats dashlet had incorrect preview images [GL:XI#1629] – TL
Fixed an issue where hosts selected in Auto Discovery results didn’t transfer over to the deploy agent screen [GL:XI#1368] – CJD
Fixed an issue where adding a new View would display a success message when no view was added [GL:XI#1679] – TL
Fixed an issue where an incorrect error message would display on performance graphs [GL:XI#1628] – TL
Fixed opacity in the Custom URL dashlet [GL:XI#1644] – AL
Fixed bandwidth usage report PDF downloading to properly show highchart graphs [GL:XI#1685] – NN
Fixed API – Common Solutions page typo and added missing information [GL:XI#1566] – CJD
Fixed an issue where a Dashlet would not remain on top of other Dashlets when brought to the front [GL:XI#1767] – TL
Fixed an issue where the Undo and Redo buttons would be hidden behind Dashlets on Dashboards [GL:XI#1639] – AL
Fixed an issue where SLA Report PDFs were being cropped erroneously [GL:XI#1528] – HM
Fixed an issue where the Operations screen would remain dark in the Neptune Light theme [GL:XI#1703] – HM
Fixed an issue where the Enterprise banner would overlap data in Report PDFs [GL:XI#1525] – NN
Fixed an issue where users would be erroneously redirected to the “Home Page” Dashboard when adding/removing a Dashboard from favorites [GL:XI#1505] – NN
Fixed certain dashlets to comply with Color Correction theme [GL:XI#1612] – CJD
Fixed an issue where system timeout settings could be set to negative values [GL:XI#1603] – TL
Fixed an issue where the Printer and Website Wizards were not saving data when going back from step four [XI:#1587] – HM
Fixed an issue where new disk usage checks would not have default warning and critical thresholds in the Linux SNMP Wizard [GL:XI#1183] – TL
Fixed an issue where the custom Dashboard background color was not working properly on non-Neptune themes [GL:XI#1654] – MK
Fixed an issue where the current value of an OID would not be fully visible in the SNMP Walk wizard [GL:XI#1386] – TL
Fixed an issue where upgrading NagVis would fail due to incorrect file paths [GL:XI#1490] – LG
Fixed an issue where the default layout directive was not being respected for the Network Status Map [GL:XI#1758] – NN, CJD
Fixed an issue where the Alert History dashlet showing history before the XI instance was created [GL:XI#1593] – AL
Fixed an issue where dashboard names would not wrap properly, causing the name to be cutoff [GL:XI#1760] – ZR
Fixed an issue in Website Wizard where the checkbox label checked an incorrect checkbox [GL:XI#1783] – HM
Fixed an issue where the Highchart Dashlet’s context menu was not fully visible when the dashlet was small [GL:XI#1696] – TL
Fixed an issue where Help button dropdown in the upper right of the interface was displaying on every reload [GL:XI#1664] – HM
Fixed an issue where the navigation header items in the tour darken incorrectly in step 7 [GL:XI#1777] – HM
Fixed an issue where Tours wouldn’t reset properly in the Neptune theme [GL:XI#1554] – NS
Fixed an issue in Graph Explorer that caused input form formatting to break [GL:XI#1520] – NS
Fixed Host and Service History not showing up properly in the History tab of the respective Detail pages [GL:XI#1799] – NS
Fixed Nagios Core login alert displaying on unified pages when the user is already authenticated in Nagios XI [GL:XI#1350] – NS
Fixed various Firefox Neptune theme issues/inconsistencies [GL:XI#1427] – NS
Fixed various visual bugs in the BBMap Dashlet [GL:XI#1660] – AL, CJD
Fixed font consistency in the Manage Users table header [GL:XI#1763] – HM
Fixed various bugs with the functionality and user experience of using Dashboards and Dashlets – BB
Fixed an issue where the configuration menu for the Custom Text dashlet would appear off-screen [GL:XI#1623] – CJD
Fixed an issue in NagVis where users couldn’t properly exclude members or states [GL:XI#1496] – EK
Fixed an issue where the application footer wasn’t being properly stuck to the bottom of the browser window [GL:XI#1604] – NS
Fixed a required field styling issue in Configuration Wizards [GL:XI#1521] – CPD
Fixed the Hypermap Dashlet so multiple can be on the same Dashboard without errors [GL:XI#1773] – CJD
Fixed an issue where a Wizard could be added to favorites more than once [GL:XI#1597] – EK
Fixed a typo in Add New User page [GL:XI#1762] – CJD
Fixed an issue where the Permalink and Popout options lost filter selections for the Event Log and Host Notification pages [GL:XI#1475] – NS
Fixed the CCM Add Command Help Overlay styling to match other Help Overlays [GL:XI#1507] – EK
Fixed a visual bug where the View Host Status Details button icon for localhost would fail to show [GL:XI#1517] – JC
Fixed an issue in the Ubuntu version check to prevent unsupported versions from passing initial validation [GL:XI#1808] – NS
Fixed an issue where users could not edit Graph Templates due to incorrect permissions [GL:XI#1582] – NN
Fixed an issue where ampersands (&) were not being displayed properly [GL:XI#1646] – NN
Fixed an issue where the Introduction Tour would not continue to the Wizard Tour in the Neptune theme [GL:XI#1809] – NS
Fixed an issue where Dashlet contents would be off-center after resizing the Dashlet [GL:XI#1816] – NS
Fixed an issue where the Birdseye view would stay dark in the Neptune Light theme [GL:XI#1625] – NS
Fixed an issue where the minimize button would be rendered behind banners in the Modern and Modern Dark themes [GL:XI#1645] – NS
Fixed issue in the vSphere plugin where dividing by zero was possible when checking VMFS [GL:XI#1498] – CJD
Fixed an issue in the MySQL Server Wizard where input boxes would change sizes on input [GL:XI#1550] – NS
Fixed an issue where users could input long Dashboard names and crash the system [GL:XI#1680] – NS
Fixed an issue where the Network Status Map was positioned incorrectly [GL:XI#1756] – CJD
Fixed an issue where required fields in the Core Configuration Manager were not being treated as required [GL:XI#1759] – CJD
Fixed an issue where the “Remove” tooltip stays on screen after removing a View on the Manage My Views page [GL:XI#1678] – CJD
Fixed an issue where the “More Components” tooltip was appearing off-screen [GL:XI#1519] – CJD
Fixed an issue where the same warning banner appears twice in Classic and 2014 themes on Schedule New Page [GL:XI#1651] – CJD
Fixed an issue where clicking outside of a popup didn’t close the popup window [GL:XI#1634] – CJD
Fixed an issue preventing PDF report downloads [GL:XI#1509] – JS
Fixed an issue where Host icons overlap on Detail pages when the “Acknowledged” icon is also present [GL:XI#1225] – CPD
Fixed a storage calculation issue with disks over 2TB in the Windows SNMP plugin [GL:XI#506] – NN
Fixed an issue in the NCPA Plugin that would cause out of bounds errors [GL:XI#1431] – RP
Fixed Operations Center tooltips not disappearing if they are visible when the table refreshes [GL:XI#1529] – NS
Fixed an issue causing “Gateway Timeout” errors to not be styled properly in the Neptune theme [GL:XI#1078] – DN
Fixed an issue where logging out would not always preserve the user’s selected language [GL:XI#1513] – DN
Fixed an issue where the hover effect flickered when hovering “Dashify” buttons on Dashlets [GL:XI#1558] – MK
Fixed an issue where deleting or inactivating the last service in a service group caused an Apply Configuration error [GL:XI#677] – RP
Fixed an issue of text wrapping causing contents to spill out of container [GL:XI#1755] – AL
Fixed an issue where banners were being blocked by dashlets in the Classic and 2014 themes [GL:XI#1617] – EK
Fixed offloaded database upgrade failure due to multiple host entries in MySQL user table [GL:XI#1331] – CPD
Fixed an issue where unversioned python scripts in Capacity Planning wouldn’t work properly [GL:XI#1244] – RP
Fixed an issue in NagVis that was preventing new users and new roles from being added [GL:XI#1822] – DN/AW
Fixed an issue with Commands being sorted improperly when reinstalled [GL:XI#789] – EK
Fixed Python 3 support for MongoDB monitoring wizards [GL:XI#1437] – RP, JJ
Fixed an issue where no results would be displayed when filtering by service under specific circumstances [GL:XI#1875] – RP
Fixed column-statistics error in backup_xi.sh on Debian [GL:XI#1309] – KF
Fixed a text injection vulnerability with the login page [GL:XI#1493] – LG
Updated
Updated default theme to Modern Dark – TL
Updated several dashlets to no longer have scroll bars – TL
Updated Custom URL Dashlet to display a cross-origin error message when applicable – TL
Updated the link to Nagios Documentation on the pre-login landing page – TL
Updated Answer Hub links to documentation to proper links [GL:XI#1526,#1527,#1534,#1539,#1540,#1542,#1546,#1549] – SG
Updated dashlets to scale dynamically – CN, BB, MK, TL, CJD, NS, ZR, AL
Removed
Removed the Internet Traffic Dashlet – TL
Removed auto-deletion of generated reports for PDF download to prevent report downloading errors in Chrome [GL:XI#1388] – JS
Added
Added the ability to export and clone dashboards within a dashboard via the menu button – CN, TL
Added the ability to export and clone dashboards within a dashboard via right-click menu – BB
Added the ability to add dashlets to dashboards via the menu button and right-click menu – BB
Added the ability for dashlets to snap together – TL, AL
Added cleanup_reports.php cronjob to clear out report PDF downloads daily [GL:#1388] – JS
Added Custom Text Dashlet – CJD
Added show and hide title buttons to dashlets on Neptune themes – CJD
Added a dropdown menu for dashlet controls on very small dashlets – TL
Added escaping for “!” characters in SNMP community strings for the SNMP, SNMP Walk, Linux SNMP, and Windows SNMP Wizards [GL:XI#1488] – JS
Added escaping for “!” characters in NCPA tokens in Wizards [GL:XI#811] – JS
Fixed
Fixed an issue where the Network Analyzer Wizard would fail to display contents when a server is using a invalid certificate [GL:XI#1452] – SG
Fixed an issue where the Network Analyzer Wizard would fail to connect to a server with an invalid certificate [GL:XI#1470] – SG
Fixed an issue where long service names would overlay other columns in the service status table [GL:XI#1477] – SG
Fixed an issue where text in Network Analyzer chord diagrams in Neptune Light wasn’t readable [GL:XI#1425] – SG
Fixed an issue where validation broke normal functionality of the Custom URL Dashlet [#1501] – JS
Fixed an issue where the process name check functionality of the Legacy Linux Wizard was using the wrong plugin and did not have warning and critical functionality [GL:XI#1311] – JS
Fixed an issue where the Nagios Documentation linked to a deprecated URL – TL
Fixed an issue causing php errors in BPI for systems with php 8+ [GL:XI#1441] – SG
Fixed an issue where adding a new Tool to the Tools menu would sometimes replace an existing tool instead [GL:XI#1380] – JS
Fixed an issue preventing admin users from modifying Tools in the Modern theme [GL:XI#1450] – JS
Fixed an issue preventing non-admin users with monitoring engine access from viewing the Event Log [GL:XI#1388] – JS
Fixed an issue where dashlets would not appear on top of other dashlets when clicked – TL
Fixed an issue where dashlet show and hide title buttons were not working on Modern themes – CJD
Fixed an issue where errors would index the incorrect line number in Mobile Carriers – [GL:XI#1518] – SG
Fixed an issue where form inputs would be cut off in email reports page while using Neptune theme [GL:XI#1516] – SG
Fixed an issue where refresh intervals were cut off in Neptune theme [GL:XI#1530] – SG
Fixed an issue where the ‘=’ character in a username/password would break connections for the vSphere plugin – BB
Fixed an issue where the check command test function in the CCM would sometimes produce false negatives [GL:XI#811] – JS
Fixed checkbox alignment in Neptune theme in the add to my reports page [GL:XI#1531] – SG
Fixed php errors being thrown in performance graphs on distributions with php 8.3+ [GL:XI#1275] – SG
Fixed mysqldump syntax check in ccm_snapshot.sh – KF
Fixed an issue with external help resource links opening in current window instead of a new tab [GL:XI#916] – GW
Updated
Updated Alert History Dashlet to correctly reflect the current theme [GL:XI#1145] – GW
Updated birdseye to choose dark mode when theme is set to Neptune [GL:XI#1197] – GW
Updated deployment script to install the Nagios repo’s GPG key to resolve deployment errors [GL:XI#947] – BB
Updated the UI in the Local Backup Archives and Manage Views pages [GL:XI#893] – GW
Added
Added check for NEB modules before upgrading [GL:XI#1307] – DA
Added enter functionality to Neptune search and improved search results [GL:XI#1190] – DA
Added graphs to Network Reports [GL:XI#413] – DA
Added support for Debian 12 [GL:XI#576] – AC
Added the ability to set TDS version to support different version of MS SQL [XI:#1288] – CN
Fixed
Fixed an issue where a plugin for the Network Switch / Router Wizard was not being copied to the correct directory on install & upgrade [GL:XI#1280] – CN
Fixed an issue where some Wizards did not display saved templates [GL:XI#580] – GW
Fixed an issue where systems without the xi-itype file could not upgrade [GL:XI#1315] – DA
Fixed an issue where users could encounter a broken page with SQL errors when adding custom variables [GL:XI#605] – GW
Fixed an issue with a link in the service status details page redirecting to the current page [GL:XI#1140] – GW
Fixed an issue with broken buttons in graph context menus in Graph Explorer – CN
Fixed custom includes not reflecting edits in the interface without refreshing the page [GL:XI#1231] – GW
Fixed Modern Gauge Dashlet title and toggle [GL:XI#733] – GW,DA
Fixed PHP warnings and search functionality and made a UI improvement on MRTG File Management page [GL:XI#1233] – GW
Fixed service names incorrectly being converted to lowercase [GL:XI#1248] – GW
Fixed three instances of links being shown to unauthorized users [GL:XI#1102,1069,1070] – GW
Added support for ModSecurity Web Application Firewall [#1084] – DA
Fixed privilege escalation via nagvis.conf (Thanks Exodus Intelligence for reporting this) [GL:XI#1207] – SAW
Improved validation in Docker Wizard and mitigated NULL poisoning vulnerability on systems with older PHP distributions (Thanks Exodus Intelligence for reporting this) [GL:XI#1206] – SAW
Updated
Update framework for several pages [GL:XI#1049,#1050,!828] – SG, GW
Improved Graph Explorer’s Neptune theme by putting graph management controls in a sliding drawer [GL:XI#1008] – LG
Improved Graph Explorer’s Multistacked performance graph by adding grouping by hostgroup/servicegroup [GL:XI#1008] – LG
Improved recognition of WEBP images when uploading via the Custom Includes component [GL:XI#1095] – DA
Improved Network Switch/Router Wizard to allow monitoring by Interface Name or Description [GL:XI#344] – SAW
Updated MySQL configuration to include default settings for max_allowed_packet, max_connections, and open_files_limit [GL:XI#1080] – GW
Updated NagVis to resolve PHP deprecations [GL:XI!919] – GW
Updated SLA Report and SLA Dashlet for Neptune [GL:XI!904] – GW
Updated nagios-plugins to version 2.4.10 – DA
Improved validation in several NRDP server plugins (Thanks Exodus Intelligence for reporting this) [GL:XI#1208] – SAW
Added configuration Wizard to monitor Windows via WinRM [GL:XI#1172] – AC
Added support for Ubuntu 24 [GL:XI#577] – GW, JM
Added History tab to Home->Details->Host Details and Host->Details->Service Details [GL:XI#897] – LG
Added Home->Incident Management->Mass Downtime page to schedule and remove downtime en masse [GL:XI#1044] – GW
Added ability for Nagios-Core-only contacts to use Nagios XI’s mailing configuration [GL:XI#339] – BB
Added new `filter` parameter to the `v1/config/host` REST API endpoint [GL:XI#1017] – LG
Added the ability to view data from Home->Graphs->Performance Graphs as a table [GL:XI#1005] – SG, CN
Added the ability to download from Home->Graphs->Performance Graphs as a CSV [GL:XI#1007] – SG
Added the ability to download Timestacked and Multistacked graph data from Home->Graphs->Graph Explorer as a CSV [GL:XI#1011,1010] – SG
Added filtering by Hostgroup or Servicegroup to Home->Graphs->Performance Graphs [GL:#1006] – CN
Added filtering by Hostgroup or Servicegroup to several dashlets [GL:XI#1053,!949] – GW
Added the ability to enable/disable PHPMailer debugging via the interface [GL:XI#175] – GW
Added inbound mail processing for systems that lack the PHP-IMAP library [GL:XI#61/1059] – BB
Fixed
Fixed an issue in the NCPA Wizard where typing a hostname into the “address” field would cause configuration to fail [GL:XI#1124] – SAW
Fixed issue with snmptrapsender component mistakenly indicating it wasn’t installed [GL:XI#1094] – DA
Fixed an issue where the “import config files” checkbox did not function when using the Neptune theme [GL:XI#1112] – SG
Fixed the PDF generation for the Bandwidth Usage Report [GL:XI#1079] – LG
Fixed an html issue on the report pages [GL:XI!897] – LG
Fixed a Neptune Dashlet offset when dashlets were stacked on Host & Service Status pages [GL:XI!897] – LG
Fixed a Neptune issue for Service Status of a down Host would have a background color on the Host Status Summary [GL:XI!897] – LG
Fixed an issue in the Switch/Router wizard where SNMP v3 credentials could be used to scan networked devices even when SNMP v1/v2 were selected [GL:XI#1215] – SAW
Fixed issue where LDAP would not show users properly [GL:XI!952] – AC
Core Config Manager (CCM) 3.5.0
Added support for MRTG configuration file management [GL:XI#48] - SAW
Prevent postfix being unable to start from stopping the install process [GL:XI#1137] – DA
Added
Added verification before upgrades to ensure that Nagios Core configuration is applied and valid – SAW
Fixed
Fixed issue in NagVis where a user could use schemes other than http as a hover url (Thanks to Márk Rákóczi for reporting this) [#1062] – DA
Fixed issue in Admin->Check for Updates where the interface would not indicate a successfully completed update – SAW
Fixed issue where new API could halfway complete upgrading, rendering the application unusable [GL:XI#1131] – SAW
Core Config Manager (CCM) 3.3.1
Fix regression where setting max_check_attempts (among others) to 3 caused the entry to disappear from the applied configuration text file [GL:XI#1133,#108] - SAW
Fixed XSS in Capacity Planning component (Thanks to Márk Rákóczi for reporting this) [GL:XI!834] – DA
Fixed both XSS in Executive Summary report and ajaxhelper endpoint that was too open (Thanks to Márk Rákóczi for reporting this) [GL:XI#1046] – DA
Updated
Improved report options and fixed various associated issues [GL:XI#897,#899,#905] – GW
Improved the UX of applying configurations in the CCM to make it faster and easier [GL:XI#1027] – BB
Several minor interface improvements [GL:XI#593,#867,#868,#869,#870,#871,#872,#874,#875,#877,#880,#884,#887,#889,#890,#898,#900,#902,#903,#906,#913,#919,#920,#921,#922,#923,#926,#927,#930,#932,#934,#935,#936,#938,#939,#940,#942,#943,#945,#947,#948,#949,#959,#961,#962,#964,#967,#968,#969,#971,#974,#975,#979,#981,#1004,#1043,#1067,!868] – GW,SAW,DA
Updated icons on the My Tools and Common Tools page [GL:XI#918] – KV
Updated icons in the Announcement Banners page [GL:XI#925] – KV
Updated icons in the AD/LDAP page [GL:XI#924] – KV
Updated required versions and corrected various versioning issues across several components – GW
Updated and fully released the vSphere Wizard – BB
Updated default log rotation to include new report exporting backend’s log files [GL:XI!863] – DA
Do not allow jinja2 templates in migrate_core.yml (Thanks to Márk Rákóczi for reporting this) [GL:XI#1063] – DA
Fixed inability to set custom URL and title for the Neptune theme in the Home Page Modifications component [GL:XI#632] – DA
Fixed inability to use the manage dashboards page in all themes [GL:XI!795] – DA
Removed
Removed the scroll bar from a number of dashlets that shouldn’t have it [GL:XI#1002] – GW
Added
Added default log rotation settings for snmptrapsender.log [GL:XI#860] – SAW
Added default MRTG configuration when installing or upgrading Nagios XI via RPM package [GL:XI#782] – SG
Fixed
Fixed an issue where some dashlets would not save dimensions altered by the user [GL:XI#1001] – GW
Fixed a crash in the database maintenance background job [GL:XI#1031] – SAW
Fixed an issue in the NRPE Wizard where the NRPE command would always use the default settings [GL:XI#1042] – SG
Fixed an issue where swap metric would not load unless the user manually set the graph’s viewport [GL:XI#983] – GW
Fixed an issue in Host/Service Details where “View Performance Graphs” would fail to load when the service’s name was “/” [GL:XI#790] – SAW
Fixed an issue where files with capitalized file extensions could not be uploaded to Admin->Custom Includes [GL:XI#816] – SAW
Fixed an issue in the NLS Wizard where it would fail to connect if NLS was configured to use HTTPS [GL:XI#793] – SG
Fixed incorrect SNMP version in checks configured by the Watchguard configuration Wizard [GL:XI#1034] – SAW
Fixed an issue where monitoring objects could not inherit from templates when configured via the API [GL:XI#108] – SG
Fixed issues with ‘$’ and ‘!’ in ncpa tokens and escaped values in Docker Wizard [GL:XI#855] – SG
Fixed issues with ‘$’ and ‘!’ in ncpa tokens in Cloud VM, Hyper-V, Java Application Server, and Windows Event Log Wizards [GL:XI!739] – SG
Fixed a non-working fallback when users add AD/LDAP certificates on systems with older versions of OpenSSL [GL:XI#1074] – SAW
Fixed an issue in the Network Switch / Router Wizard where user-inputted whitespace in the IP Address field would cause the Wizard to fail [GL:XI#792] – SAW
Fixed an issue in the Network Switch / Router Wizard where the table in the second page was not readable on the Modern Dark theme [GL:XI#720] – SAW
Fixed an issue where users without permission could add hosts and services in the Core Config Manager [GL:XI#846] – CN
Fixed bulk entry in the Network Switch / Router Wizard [GL:XI#777] – SAW
Fixed an issue where users in nested Organizational Units were not found when importing users from AD/LDAP – [GL:XI#72] – CN
Fixed an issue where HTML tags would be displayed in error feedback when applying configurations [GL:XI#1023] – CN
Fixed an issue where bulk modification would not work with multiple options [GL:XI#631] – GW
Fixed an issue where the Bulk Modifications tool could not find relationships when one or more objects had a ‘#’ in its name [GL:XI#797] – CN
Fixed two cases where the Bulk Modification tool would crash on clicking “Find Relationships” and while trying to remove Custom Variables [GL:XI#603] – JS
Fixed an issue where NDO failed to start when using an offloaded database [GL:XI#95] – CN
Fixed an issue where a user’s password change would cause a user ID (and not username) to be logged in the Audit Log [GL:XI#1056] – SAW,AC
Fixed an issue where non-authorized users could access Wizards via Popular Wizards [GL:XI#734] – GW
Fixed an issue where RPM upgrades from before 2024R1 would incorrectly encrypt inbound NRDP tokens [GL:XI#844] – DA
Fixed an issue where uploading a plugin with the same name as an existing plugin would replace the plugin with no warning [GL:XI#676] – SG
Fixed broken link in Esensors Websensor Wizard – SAW
Fixed deprecated code in RSS Dashlet [GL:XI#578] – SAW
Fixed issue with views URLs in the Neptune theme [GL:XI!807] – DA
Fixed permissions in users endpoint in the new V2 API (Thanks to Márk Rákóczi for reporting this) [GL:XI#1036] – DA
Fixed an issue where phpmailer.log did not have the correct permissions [GL:XI#856] – LG
Fixed an issue in network reports, network queries, and the NNA Wizard where network requests were silently failing when Nagios XI was configured with HTTPS and NNA was configured with HTTP [GL:XI#852,#1015,#1014] – SG
Fixed an issue in the Alert History Dashlet where all cells would show as red in when no state changes had occurred [GL:XI#859] – SAW
Fixed Backup and Restore across Linux distributions that use different database collations. [GL:XI#361]- LG
Fixed an issue where the “User Sessions” page would show spurious session entries [GL:XI#695] – DA
Fixed an issue where a password change wouldn’t invalidate other sessions (Thanks to Jack Eli for reporting this) [GL:XI#850] – DA
Fixed an issue in the NCPA Wizard where users could not utilize the same plugins, services and products more than once for service checks. [GL:XI#785] – KV
Fixed an issue in the NCPA Wizard where the Wizard would crash when the network connection to NCPA was inconsistent [GL:XI#551] – LG
Fixed unencrypted v3 SNMP passwords from SNMP Trap Sender component [GL:XI#557] – DA
Fixed PHP 8 deprecation warnings – DA
Fixed an issue where the words “Enterprise License” were erroneously displayed [GL:XI#1054] – LG
Fixed an issue where the Neptune theme was missing from the Audit Log’s “Send to Nagios Log Server” page [GL:XI#1051] – LG
Fixed a Ubuntu 22 Install issue [GL:XI#1073] – JM
Fixed issues with scaled dashlets going outside of their boundaries [GL:XI!853] – DA
Fixed missing language packages on RPM installs on Enterprise Linux 8 [GL:XI!889] – DA
Fixed restoring XI from a backup when all passwords are the same [GL:XI#1091] – DA
Core Config Manager (CCM) 3.2.5
Fixed an issue where timeranges could not be removed from timeperiods [GL:XI#1003] - SAW
Fixed an issue where indrect servicegroup relationships were not being found, allowing bidirectional relationships to be created erroneously [GL:XI#996] - CN
Fix an privilege escalation vulnerability in the System Profile component (Thanks to Matthew Bach from Hack The Box Ltd for reporting this) [GL:XI#532] – KF
Fixed XSS vulnerability in NOC screen (Thanks Cosmin-Constantin Cojocaru for reporting this issue) (CVE-2023-51072) [GL:XI#568] – DA
Removed world read permissions from resource.cfg [GL:XI#256] – DA
Updated
Corrected formatting of admin-provided user data [GL:XI#548] – JM
Improved icons and help text in page footer [GL:XI#530] – GW
Improved troubleshooting experience for AD/LDAP debugging [GL:XI#474,GL:XI#585] – SAW,SG
Improved performance on systems that monitor many NCPA nodes by adjusting check_ncpa.py timeout [GL:XI#507] – SG
Disallow use of wildcard selector for restricted CCM users [GL:XI#174] – GW
Updated icons in the System Component Status dashlet [GL:XI#529] – GW
Fix an issue with dark mode in user macros page [GL:XI#524] – SG
Restored “Home” menu link when Custom Logo component is in use [GL:XI#550] – CN
Removed
Removed uses of deprecated strftime function [GL:XI#489] – JS
Added
Added timestamps to logs found in /usr/local/nagiosxi/var/ [GL:XI#65] – CD
Added convenience script to load MySQL passwords from configuration files [GL:XI#509] – DA
Fixed
Fixed an issue where users would not be able to upgrade to XI 2024R1 if they changed their root MySQL password [GL:XI#588] – SAW
Fixed an issue where the CCM would prevent some valid service dependencies from being configured [GL:XI#113] – GW
Fixed UI visibility issues when using the Migrate Server feature in dark mode [GL:XI#435] – KV
Fixed minor UI issues when completing a configuration Wizard [GL:XI#538] – GW
Fixed an issue in BPI where dropdown chevron was pointing in the wrong direction on page refresh [GL:XI#513] – GW
Fixed PDF report generation on reports with large amounts of data [GL:XI#350] – DA
Fixed missing debug logging in the AD/LDAP configuration on Enterprise Linux 8 and 9 [GL:XI#442] – DA
Fixed inconsistent file permissions related to the Network Switch/Router Wizard on Ubuntu [GL:XI#471] – SG
Fixed issue where the SLA Report, Capacity Planning Report, and Audit Log were incorrectly blocked for some users with valid enterprise trials [GL:XI#522] – GW
Fixed Graph Explorer icons not working for hosts that have a space in their hostnames [GL:XI#470] – GW
Fixed PHP warnings when adding a service in the CCM [GL:XI#484] – GW
Fixed an issue where timezone changes were not correctly applied on Enterprise Linux 9 [GL:XI#458] – GW
Fixed two cases where the Bulk Modifications tool would crash when modifying more than 200 hosts or services [GL:XI#373] – JS
Fixed an issue where the recurring downtime background job would have mutliple processes running at once [GL:XI#309] – SG
Fixed an issue where the recurring downtime background job would log errors when modifying empty host groups [GL:XI#309] – SG
Fixed an issue where Highcharts graphs would use online exporting when local exporting was selected [GL:XI#29] – AC
Fixed an issue where MRTG files would not have the correct permissions set on upgrades [GL:XI#38] – BB
Fixed a divide-by-zero issue and some warnings in metrics component [GL:XI#512] – GW
Fixed an issue where new user tours would sometimes fail to reset [GL:XI!426] – BB
Fixed an issue where the notifications history page would not save parameters when saved as a view [GL:XI#146] – BB
Improved security of default database password generation (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#424] – DA
Improved security of randomly-generated text, including API keys (Thanks to Abdulmohsen Alotaibi for reporting this) [GL:XI#433] – DA
Improved security of Ansible Vault credentials in Nagios Core-to-XI migration tool (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#426] – DA
Fixed vulnerability with time-based port scanning on ftp connections in Scheduled Backups component (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#422] – DA
Fixed a security issue in migrate.php that allowed root code execution from user input (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#415] – DA
Fixed an XSS vulnerability in the graphexplorer component (Thanks to Pankaj Kumar Thrakur for reporting this) [GL:XI#468] – DA
Fixed a security issue with backup_xi.sh allowing deletion of arbitrary directories (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#428] – DA
Fixed some missing access controls in the Nagios XI 5 API (Thanks Matthew Bach and Hack The Box Ltd for reporting this) (CVE-2023-51124) [GL:XI#520] – SAW
Updated
Improved multiple-selection widgets in several configuration wizards [GL:XI#444, GL:XI#475] – PhW
Improved authorization requirements when editing USER and System Macros in the CCM (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#425] – DA
Improved input validation in send_to_nls.php script (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#427] – DA
Updated login page [GL:XI#394] – CN
Moved the help menu to a dropdown in the upper-right corner of the screen [GL:XI#455] – SG
Disabled web SSH Terminal by default (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#416] – DA
Removed
Removed DROP and DELETE permissions from the Nagios XI user for the auditlog table (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#420] – DA
Removed support for PostgreSQL – SAW
Added
Added tours for the homepage and wizards [GL:XI#402] – BB
Added the ability to view the most used and most recently used configuration wizards [GL:XI#462] – GW
Added Colorblind theme for users with red-green colorblindness [GL:XI#453] – JS
Added a page to enable/disable notifications for hosts and services en masse [GL:XI#378] – SG
Added new home dashboard [GL:XI#397] – CN
Added client side form validation and updated appearance for most Wizards [GL:XI#300,XI#395] – LG
Added a new built-in “demo” dashboard and associated new dashlet [GL:XI#473] – GW
Added configuration wizard to monitor OpenAI Usage. [GL:#403] – PhW
Added configuration wizard to set up Slack notifications [GL:XI#399] – BB
Added configuration wizard to set up Discord notifications [GL:XI#400] – BB
Added new SNMP Trap Volume Dashlet – SAW
Added new Modern Gauge Dashlet – BB
Added an Enterprise top-level menu and page – [GL:XI#452] – KV
Added sticky header and sort by status to BBMap [GL:XI#448,#449] – LG
Fixed PHP Warnings when adding a host in the CCM [GL:XI#483] – SAW
Fixed PHP warnings from use of deprecated split() function [GL:XI#467] – GW
Fixed PHP warnings when processing SNMP Traps in the Manage MIBs page [GL:XI#480] – SAW
Fixed an issue that allowed users with expired trial and enterprise licenses to access enterprise features [GL:XI#437] – GW
Fixed PHP warnings when adding a hostgroup in the CCM [GL:XI#483] – SAW
Fixed PHP warnings when adding a servicegroup in the CCM [GL:XI#481] – SAW
Fixed use of deprecated utf8_encode() in Locale selection and CCM Audit Log [GL:XI#491] – SAW
Fixed use of deprecated functions in CCM log management [GL:XI:#490] – SAW
Fixed plaintext storage of sensitive information in the database (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#421] – DA
Fixed an XSS in the custom logo component (Thanks Astrid Tedenbrant and Outpost24 for reporting this) [GL:XI#412] – BB
Fixed a Remote Code Execution vulnerability in the Core Config Manager (Thanks Abdulmohsen Nasser Alotaibi for reporting this) [GL:XI#383] – SNS
Fixed an XSS vulnerability in the Graph Explorer component (Thanks Aleksey Solovev from Positive Technologies for reporting this) [GL:XI#384] – SG
Fixed an XSS vulnerability in bandwidthreport component (Thanks Aleksey Solovev from Positive Technologies for reporting this) [GL:XI#385,#463] – SG
Fixed an XSS vulnerability in Bulk Modifications component (Thanks Aleksey Solovev from Positive Technologies and Abdulmohsen Nasser Alotaibi for reporting this) [GL:XI#386] – SG
Fixed a CSRF and XSS vulnerability in the custom-includes component (Thanks Aleksey Solovev from Positive Technologies for reporting this) [GL:XI#387] – BB
Fixed a CSRF and XSS vulnerability in the hypermap replay component (Thanks Aleksey Solovev from Positive Technologies for reporting this) [GL:XI#388] – BB
Fixed an XSS vulnerability in the CCM (Thanks Aleksey Solovev from Positive Technologies for reporting this) [GL:XI#389] – BB
Fixed several SQL injection vulnerabilities in the Bulk Modifications Tool (Thanks Aleksey Solovev from Positive Technologies for reporting this) [GL:XI#390] – SG
Fixed a shell injection vulnerability in the Manage MIBs page (Thanks Aleksey Solovev from Positive Technologies for reporting this) [GL:XI#392] – SG
Fixed an XSS vulnerability in Manage Users (Thanks Oliver Brooks and Colin Brum from NCC Group for reporting this) [GL:XI#429] – BB
Fixed a PHP code injection vulnerability in the graph template editor (Thanks Oliver Brooks and Colin Brum from NCC Group for reporting this) [GL:XI#430] – BB
Fixed a Remote Code Execution vulnerability in the Core Config Manager (Thanks Abdulmohsen Nasser Alotaibi for reporting this) [GL:XI#383] – SNS
Updated
Improved UX of the Operation Center configure sound modal [GL:XI#370] – SG
Added
Added the ability to modify homepage settings when a dashboard is set as the homepage – BB
Fixed
Fixed an issue where phantomjs was not working properly on an offline upgrade – CB
Fixed an issue with unhelpful error messages in email settings [GL:XI#363] – AC
Fixed an issue in Executive Summary where the report would be named incorrectly for [Host Only] and [All Services] reports [GL:XI#340] – SAW
Fixed an issue in State History where the report would show service states when [Host Only] was selected [GL:XI#340] – SAW
Fixed typo in Performance Settings – SAW
Fixed an issue where Homepage Customization would indicate that it was disabled when it was enabled [GL:XI#376] – BB
Fixed an issue where Homepage Customization cog would not show in the dashboard view [GL:XI#376] – BB
Fixed an issue that caused “Send Test Email” button to break if “From Address” was invalid [GL:XI#367] – BB
Fixed an issue that caused performance graphs to display an incorrect “Max” value [GL:XI#336] – BB
Fixed an issue where host and service statuses would be partially truncated on Ubuntu [GL:XI#259] – BB
Fixed an issue where the Announcement Banners table looked broken when there were no banners configured [GL:XI#358] – SG
Fixed an issue that caused errors to show when using a dashboard as the home page – BB
Fixed an issue where Deploy Agent would fail when deploying to an Ubuntu minimal install [GL:XI#177] – BB
Fixed an issue that was causing browser console errors on the Email page – BB
Fixed an issue where the Host status detail page was showing OK when a service was Pending [GL:XI#352] – BB
Fixed an issue where adding/editing a command in the CCM would have a broken page – BB
Fixed an issue where CCM forms could show errors when editing commands or services – BB
Fixed an issue where Bulk Modifications -> Add Parent Host would break on PHP 8 [GL:XI#375] – BB
Fixed missing dependency (php-pecl-ssh2) in Scheduled Backups [GL:XI#290] – BB
Fixed missing authorization controls in Unconfigured Objects (Thanks Oliver Brooks and Colin Brum from NCC Group for reporting this) [GL:XI#419] – BB
Added security setting to block remote sites from loading via xiwindow parameter [GL:XI#302] – DA
Fixed XSS in Custom Logo component (Thanks Astrid Tedenbrant and Outpost24 for reporting this) (CVE-2023-40932) – AC
Fixed SQL injection vulnerability acknowledging an announcement banner (Thanks Astrid Tedenbrant and Outpost24 for reporting this) (CVE-2023-40931) – SG
Fixed SQL injection vulnerability in the accouncement banner configuration interface (Thanks Astrid Tedenbrant and Outpost24 for reporting this) (CVE-2023-40933) – BB
Updated
Fixed an issue where the side menu wouldn’t automatically update when scheduled reports were added or deleted [GL:XI#331] – DA
Fixed an issue that would sometimes cause dashlets to reappear on the Home page when deleted [GL:XI#85] – SNS
Improved clarity of error messages in CCM when attempting to modify a host with broken sql tables [GL:XI#173] – SG
Updated verbiage in the Mountpoint Wizard for clarity [GL:XI#110,#279] – DA
Updated styling on the home page [GL:XI#169] – DA
Updated verbiage surrounding custom variables to be more consistent [GL:XI#151] – SG
Updated modal presented when acknowledging problems for clarity [GL:XI#299] – SG
Removed Alert Cloud Dashlet because Flash is no longer supported [GL:XI#164] – SNS
Deprecated
Deprecated WMI and Web Transaction [GL:XI#317] – SNS
Removed autcomplete from Wizard Address Field [GL:XI#87] – SNS
Added
Added fuzzy search to the Configuration Wizard page – SNS
Added the ability to resize some dashlets [GL:XI#285] – SNS
Added “Maximum Downtime History Age” to performance settings [GL:XI#287] – SAW
Fixed
Fixed an issue that caused sound settings to not display correctly in the operation center [GL:XI#24] – SG
Fixed an issue with logrotate permissions for the CentOS 9 OVA [GL:XI#197] – DA
Fixed an issue with password reset emails not containing correct URLs [GL:XI#23] – DA
Fixed an issue where macro variables weren’t expanding properly in notes URLs [GL:XI#315] – SG
Fixed an issue where new users weren’t being shown existing banner messages [GL:XI#277] – SG
Fixed an issue with the announcement banner switch showing incorrect status on page load [GL:XI#266] – SG
Fixed an issue where the License Information screen would fail to load [GL:XI#249] – SAW
Fixed an issue with permissions in the Network Switch Wizard [GL:XI#347] – SG
Fixed an issue where several tables would not get truncated in a script for removing historical data [GL:XI#284] -TG
Fixed an issue in network switch wizard where the Bulk Configuration Settings were not handling mismatched field inputs [GL:XI#312] – SG
Fixed an issue in the update process where the settings would be unexpectedly reset upon upgrading in the oracle tablespace wizard [GL:XI#311] – SG
Fixed an issue where selected months would start with a comma under certain circumstances in recurring downtime [GL:XI#330] – SG
Fixed an issue in the views tab where the fullscreen button moved while in fullscreen during rotating views [GL:XI#163] – SG
Fixed an issue in dark mode where cloning a user and canceling the menu would display non-dark mode css [GL:XI#271] – SG
Fixed an issue in AD/LDAP where having more than 1000 users would cause layout issues [GL:XI#13] – SG
Fixed an issue causing reports to fail to run successfully [GL:XI#316,#296] – DA
Fixed an issue where users without enterprise feature can set snmp traps in the manage mibs interface [GL:XI#176] – SG
Fixed an issue where pages would throw console errors [GL:XI#258] – BB
Fixed an issue where a sufficiently large amount of logs would crash the audit log page [GL:XI#325] – DA
Fixed an issue where unused service and host check tables were enabled by default sometimes causing database corruptions [GL:XI#242] – SG
Fixed an issue where the Sans Rising Ports dashlet would create many DB access errors [GL:XI#338] – DA
Fixed an issue where SNMPv2-PDU had a bad trap definition [GL:XI#78] – DA
Fixed an issue where the redirect parameter on the login page wouldn’t work if the user was already authenticated [GL:XI#150] – DA
Fixed an issue where the application log would show database errors on systems that were integrated with deprecated products [GL:XI#303] -TG
Fixed an issue with the contact PUT endpoint in the API did not allow custom variables [GL:XI#115] – DA
Fixed an issue where XI would fail to export performance data graphs when offline [GL:XI#29] – SNS
Fixed an issue where the SLA page would render incorrectly due to some variable definitions [GL:XI#345] – SNS
Fixed an issue where Wizard Search did not catch quick inputs [GL:XI#265] – SNS
Fixed an issue where the Oracle Serverspace Wizard was overwritting settings on upgrades [GL:XI#343] – SG
Fixed an issue where the Oracle Query Wizard was overwritting settings on upgrades [GL:XI#342] – SG
Fixed an issue where Email Settings would fail to save but indicated that the credentials were saved [GL:XI#263] – BB
Fixed an issue where the services list on the Host Detail page was showing the display name instead of the service description [GL:XI#293] – BB
Fixed an issue where python was not defined in report scripts [GL:XI#307] – SNS
Fixed an issue where editing SNMP Trap Sender settings would break on PHP 8+ [GL:XI#149] – SG
Fixed an issue that could lead to a blank screen when editing service templates while utilizing PHP 8+ [GL:XI#334] – SG
Fixed an issue where Wizard fields with trailing whitespaces would break data visualizations [GL:XI#308] – SNS
Fixed an issue where whitespaces in the License Information page would cause problems [GL:XI#341] – SNS
Fixed an issue where adding a dashlet would break the page if a confirmation window was open [GL:XI#323] – BB
Fixed an issue where deleting multiple dashlets would cause console errors [GL:XI#324] – BB
Fixed an issue where sendmail couldn’t send to @localhost on PHP 8 [GL:XI#229] – BB
Fixed an issue where external redirects weren’t being blocked when using PHP 8 [GL:XI#199] – BB
Fixed an issue where the logrotate configuration wasn’t being updated properly [GL:XI#333] – BB
Fixed an issue where service descriptions weren’t displaying properly [GL:XI#293] – BB
Fixed an issue where the NCPA wizard would crash on PHP 8 [GL:XI#240] – BB
Fixed an issue where OAuth credentials could indicate that they succeeded when they failed if the user manually modified the files incorrectly [GL:XI#263] – BB
Fixed an issue where Highcharts graphs would show 0 for the Max: field in the labels [GL:XI#336] – BB
Fixed an issue with Email settings where it would check for SSL/TLS if None was selected [GL:XI#227] – BB
Fixed an issue where removing multiple dashlets would cause errors [GL:XI#324] – BB
Fixed an issue where Bootstrap popups wouldn’t close when switching tabs in the application [GL:XI#122] – BB
Core Config Manager (CCM) 3.2.1
Fixed issue allowing users to select inactive timeperiods [GL:XI#162] -AC
Fixed SQL injection vulnerability in the CCM Host and Service Escalation pages (Thanks Astrid Tedenbrant and Outpost24 for reporting this) (CVE-2023-40934) - DA
Fixed possible timing attack when using insecure ticket authentication (Thanks to Kevin Joensen of CSIS for reporting this issue) (CVE-2023-24035) -SAW
Fixed open redirect in Twilio component (Thanks Kevin Joensen and CSIS) (CVE-2023-24036) -SAW
Improve authentication token and salt generation (Thanks Kevin Joensen and CSIS) (CVE-2023-24037) -SAW
Fixed SQL injection vulnerability in Bulk Modifications Tool for some single config option types -JO
Fixed post auth RCE in autodiscovery due to path tranversal issue in job id -JO
Fixed possible insecurity in Nagios Mobile authentication where it would not exit/quit after redirecting unauthenticated users -JO
Fixed redirection vulnerability in login redirect url for some styles of urls -JO
Fixed vulnerability with xi-sys.cfg being imported from the var directory for some scripts with elevated perms -JO
Fixed insecure permissions on migrate.php and repairmysql.sh file (thanks Ben Leonard-Lagarde (Modux) & Lucas Fedyniak-Hopes (Modux)) (CVE-2021-36363, CVE-2021-36365) -JO
Fixed security issue with backup_xi.sh and manage_services.sh allowing using wildcards -JO
(thanks Ben Leonard-Lagarde (Modux) & Lucas Fedyniak-Hopes (Modux)) (CVE-2021-36364, CVE-2021-36366) -JO
Fixed
Fixed issue where critical or warning values in certain disk space metrics were rendered as green. -PhW
Fixed password email going out when AD/LDAP user is created without local password auth [TPS#15547] -JO
Fixed failed backup email sent when running a manual local backup [TPS#15546] -JO
Fixed timezone for Istanbul in utils-time.inc.php [TPS#15532] -JO
Fixed longserviceoutput macro not properly converting newlines to breaks in HTML email notifications [TPS#15537] -JO
Fixed issue when generating PDFs (and auth tokens in general) on usernames with uppercase letters in them [TPS#15542] -JO
Fixed display issue of host/service notes where double quotes were not displayed correctly [TPS#15543] -JO
Fixed issue with index.php page value not being properly validated before being passed to display page function -JO
Fixed issue where AD/LDAP wouldn’t search in base directory [TPS#15495] -JO
Fixed empty XML output when outputtype=xml for hostgroup/servicegroup API endpoints when there are no groups -JO
Fixed issue with manage_services.sh and restarting php-fpm on EL8 systems -JO
Fixed issue with Nagios Mobile not verifying a comment is set for scheduled downtime or acknowledge -JO
Added
Added extra folder name sanatization to the getprofile.sh script to make it more secure -JO
Core Config Manager (CCM) 3.1.3
Fixed SQL injection from improper escaping of values in search text -JO
Fixed timeperiod template name adding _copy_x to the template name even if empty which caused errors [TPS#15550] -JO
NDOUtils (NDO) 3.0.7
Added option “log_failed_queries” to ndo.cfg. Set this to 0 to disable failed query logging -SAW
Fixed issue where nagios_objects.name2 would occasionally be set to NULL -SAW
Fixed issue where leftover comments and other objects would cause hosts and services to continue showing in the database after deletion. [TPS#15549] -SAW
Updated SourceGuardian loaders to now support PHP versions up to 7.4 -JO
Updated access methods for subsystems that needed random credentials and removed the Admin > “Security Credentials” page -JO
Updated
Updated NRDP to version 2.0.3 -JO
Updated NRPE to version 4.0.3 -JO
Updated Nagios Plugins to version 2.3.3 -JO
Updated objects API to no longer convert XML to JSON for a more consistent output and always returns the same structure at any result size [TPS#14740] -JO
Updated Bulk Modifications Tool to allow only setting certain arguments selected by checkboxes [TPS#14765] -JO
Updated layout on host/service status pages to maximize space and allow removing summary dashlets via page config settings -JO
Updated Hostgroup and Servicegroup command buttons to use popups instead of going to old Core proxy pages -JO
Updated restore_xi.sh script to ask for MySQL password when running if it cannot connect to MySQL [TPS#14294] -JO
Updated layout for LDAP/AD import user selection page to make more usable when selecting many users -JO
Updated Exchange config wizards to use NCPA instead of NSClient++ -LG,JO
Updated Windows Server/Desktop to use NCPA instead of NSClient++ -JO
Updated Legacy NSClient++ configuration wizard (used to be Windows Server/Desktop) -JO
Updated Availability report to increase speed by reducing the amount of data parsed when filtering -JO
Fixed Unconfigured Objects auto-configure templates to use ID to not cause config errors if template is deleted [TPS#14328] -JO
Fixed backend API using insecure login ticket (backend API is deprecated and will be removed in XI 6) [TPS#15087] -JO
Added
Added new Nagios Mobile interface that better integrates with Nagios XI -CN,SAW
Added support for CentOS/RHEL/Oracle 8 -JO
Added support for Ubuntu 20.04 LTS and Debian 10 -JO
Added NCPA agent deployment and updated NCPA config wizard -JO
Added notice to the login alert box that mentions if hostname or ip is valid in program url [TPS#2327] -JO
Added add and remove servicegroups to and from services in Bulk Modifications Tool [TPS#13587] -CN
Added ability to play sounds when state changes occur in the NOC screen [TPS#10777] -SAW
Added Audit Log messages for REST API calls [TPS#6913] -SAW
Added configuration options to send the Audit Log to Nagios Log Server [TPS#13942] -SAW
Added ability to set Dashboard backgrounds to transparent [TPS#14284] -JO
Added Config Management section to Nagios BPI component [TPS#14473] -JO
Added search box into LDAP/AD import page to decrease amount of users displayed and to find specific users [TPS#10230] -JO
Added new JSON configuration wizard -JO
Added new XML configuration wizard -JO
Fixed
Fixed issue with LDAP/AD select users toggle all/none checkbox not working properly -JO
Fixed limited LDAP/AD queries (PHP 5.3.x will require a search but will notify when limit is reached) [TPS#10230] -JO
Fixed resizing issue when updating dashlets in Capacity Planning tab in the host/service status details pages [TPS#15053] -JO
Fixed custom time range on SLA report to use proper time range specified [TPS#15048] -JO
Fixed issues with old RRDtool graphs not displaying properly in Performance Graph page [TPS#15076] -JO
Fixed certain NCPA checks running through test command causing wrong output -JO
Fixed CCM page in use message not clearing when on apply config page if they are expired [TPS#15163] -JO
Added IBM i service and custom sql config wizards on new installs -JO
Fixed
Fixed objects/bpi REST API output to properly display status text when there is HTML in the text [TPS#14406] -JO
Fixed issue with SNMPv3 checks using Perl on Ubuntu 18 systems [TPS#14432] -JO
Fixed problem where you cannot import time periods where timeperiod_name contains space [TPS#14440] -SW
Fixed logrotate configuration to set the user/group for xidebug.log and fix for snmptt log rotation -SW
Fixed issue with & used in BPI group name and when running plugin against that group [TPS#14464] -JO
Fixed issue where clearing and empty unconfigured objects list when there was no objects file would cause permissions issues on the file [TPS#14469] -JO
Fixed scheduled reporting for latest NagVis component so that scheduled pages can be sent as PDFs [TPS#14428] -JO
Fixed auth token and insecure auth token sessions to properly load user meta session data directly after login -JO
Fixed issue on EL7 systems where some output displayed by systemctl status during sysstat checks caused PHP XML parse warnings [TPS#14498] -JO
Fixed XSS and privilege escalation security vulnerability in Profile component and getprofile.sh script (CVE-2019-15949) (Thanks Jak Gibb) [TPS#14364] -JO
Fixed
Fixed issue where re-configuring objects page would not allow switching them back to notify immediately [TPS#14340] -JO
Fixed issue where Graph Explorer exporting would be broken after upgrades [TPS#14372] -SAW
Fixed BPI api_tool.php NDO wait timeout to allow for longer NDO startup times [TPS#14398] -JO
Fixed issue with dashlets that have been uploaded unable to be downloaded due to file permissions in tmp directory [TPS#14363] -JO
Fixed CCM form validation to allow backslashes in object names/service descriptions -SAW
Fixed MIB uploading/processing on Postgres-based systems [TPS#14365] -SAW
Fixed API DELETE methods not allowing URL path to be used like in the help section [TPS#14370] -JO
Fixed Bulk Modifications Tool find relationship listings to be sorted alphabetically [TPS#12156] -JO
Fixed logrotate configuration to set the user/group on systems except el6 which doesn’t require it -JO
Fixed issue with Recurring Scheduled Downtime not showing when services is set to only the * wildcard [TPS#14388] -JO
Fixed Nagios XI Bug Report: Config Wizard Template Notification Interval could not be set to 0 [TPS#14391] -SW
Fixed problem with reading multiple line hashes sent when an inbound email response is wrapped [TPS#14396] -JO
Fixed issue in Schedule Downtime page when deleting host/service group from list and it saying none are selected [TPS#14402] -JO
Added setting for trimming of Max Comment Age in Admin -> Performance Settings -> Databases [TPS#12313] -SW
Added /usr/share/snmp/ & /etc/snmp/ & /home/nagios to backup and restore scripts [TPS#10202] -SW
Added more time period options to Graph Explorer time period dropdown [TPS#13378] -JO
Added the ability to enable/disable the web GUI terminal [TPS#13690] -CN
Added notes, notes url, actions url in a Misc section on Host and Service details pages [TPS#13997] -JO
Added object type and states to Top Alert Producers as filter dropdowns like other reports -SS
Added ability to use config_name in api/config/services to update services with multiple hosts or hostgroups [TPS#13605] -JO
Added copying of all template and information linked to services when using Add Service in Bulk Modification Tool [TPS#13585] -JO
Added objects/timeperiod to the Objects API to show what time periods are available [TPS#13425] -JO
Added ability to set new user account information email text and subject in System Settings > User Accounts [TPS#11830] -JO
Added user’s API key allowing auth to Nagios Core JSON API endpoints via components/nagioscore/ui/(objectjson.php,statusjson.php,archivejson.php) [TPS#12717] -JO
Added “Create as Monitoring Contact” checkbox in Users edit page when applicable [TPS#14046] -SAW
Added new features to the Manage MIBs page [TPS#13946, TPS#4810] -SAW
Added ability for deleting multiple objects via the config API commands [TSP#10435] -JO
Added is_volatile to the list of single config options that can be changed in the Bulk Modifications Tool [TPS#14105] -JO
Added api/config options such as the PUT edit endpoints and added hostgroups and servicegroups [TPS#13425] -JO
Added right-hand alignment on system statistic dashlets (thanks Steve B) -JO
Added ability to select the default system theme on install -JO
Fixed
Fixed auto discovery status to no longer show throbber if it is waiting for it’s first scheduled run [TPS#7097] -SW
Fixed large systems with lots of limited users receiving duplicate key SQL error text in UI after apply config -JO
Fixed issue in Custom URL dashlet where it would not properly load certain pages when dashboard is exported as PDF -JO
Fixed re-configure “Edit in CCM” button when two services with the same name but have a different case -JO
Fixed Restart Nagios Core button in User Macros component not working properly -JO
Fixed Object Does Not Exist message on large systems when ndoutils database is loading with new adjustable performance setting [TPS#14108] -JO
Fixed scheduledowntime API endpoint not allowing author paramter to be set [TPS#14141] -SW,JO
Fixed issue in basic auth where username/user id would not be populated correctly (Thanks Mickey) -SAW
Core Config Manager (CCM) 3.0.0
Added deletion of services with host if services do not have hostgroups or other hosts attached [TPS#13537] -JO
Added proper audit logging to all the sections/actions that are performed [TPS#13495] -JO
Added ability to edit free variables instead of having to remove and re-add them [TPS#12054] -JO
Added Manage Service Groups and Manage Dependent Service Groups buttons to service dependency objects [TPS#9066] -JO
Added ability to import excluded hosts/hostgroups [TPS#14113] -JO
Added checkboxes for Host Groups and Service Groups in the CCM limited access permissions panel in user edit -JO
Added Service Groups to Service Escalation Objects [TPS#14136] -SAW
Added renaming of perfdata when a service or host is renamed [TPS#14143] -JO
Fixed issue where host/services applied to service groups would not show as Unknown for limited CCM users -JO
Fixed command injection security vulnerability in Autodiscovery script (CVE-2019-9164) (thanks Paolo Giai of Shielder) -JO
Fixed issue with permissions on config.inc.php and import_xiconfig.php allowing users to write to files (CVE-2019-9166) (thanks Paolo Giai of Shielder) -JO
Fixed an XSS vulnerability that can be passed in using the xiwindow parameter (CVE-2019-9167) (thanks Paolo Giai of Shielder) -JO
Fixed SQL injection when using Fuse Key and certain parameters (CVE-2019-9165) (thanks Paolo Giai of Shielder) -JO
Fixed privilege escalation security vulnerability in MRTG graphing component by running as nagios user/group (thanks Daniel Sayk of Telekom Security) [TPS#13778] -JO
Fixed security vulnerability with API key regeneration function allowing non-admins to regenerate other user’s API keys (thanks Chris Lyne of Tenable) [TPS#13780] -JO
Fixed security vulnerability in BPI’s api_tool.php where the script could be accessed through the web server (thanks Chris Lyne of Tenable) [TPS#13780] -JO
Fixed security vulnerability in command subsystem with some commands not being escaped properly (thanks Chris Lyne of Tenable) [TPS#13780] -JO
Fixed security vulnerability in Auto Discovery component where some commands not being escaped properly (thanks Chris Lyne of Tenable) [TPS#13780] -JO
Fixed XSS security vulnerabilities in the interface (thanks Chris Lyne of Tenable) [TPS#13780] -JO
Fixed
Fixed old lock file location in snapshots by restoring lock file setting on snapshot restore [TPS#13795] -JO
Fixed Notes and Actions URL button links URL encoding in Host/Service Status pages [TPS#13802] -JO
Fixed Core issue (#572) causing service recovery emails to be sent when a initial notification wasn’t sent. [TPS#13805] -SW
Fixed Core issue (#575) where soft recovery states did not apply for services -JO
Fixed issue in API where hostgroup/servicegroup scheduled downtime would not schedule service downtimes [TPS#13818] -JO
Fixed BPI service group sync to not add empty service groups that cause an error on the screen [TPS#13777] -JO
Fixed BPI issue with the processing of subgroups applied to multiple groups failing to set proper status [TPS#13816] -JO
Core Config Manager (CCM) 2.7.3
Fixed issue with free variable escaping on CCM importing configuration files [TPS#13794] -JO
Added session timeout and keepalive settings to security tab in Admin > System Settings section [TPS#9938] -JO
Added insecure login security setting to allow old backend ticket-based auth on per-user basis -JO
Fixed minor XSS vulnerabilities [TPS#13211,13213] -JO
Updated
Updated backend for re-configure and apply configuration (reconfigure_nagios.sh) to no longer use wget [TPS#9908] -JO
Updated backend helper and deletion scripts (ccm_delete_objects.php) to no longer use wget [TPS#9908] -JO
Updated layout of profile.zip file and added timestamp to profile folder -JO
Updated Nagios Plugins to version 2.2.1 [TPS#11685] -JO
Updated NRPE to version 3.2.1 [TPS#11687] -JO
Updated NRDP to version 1.5.2 -JO
Updated NagVis version to 1.9.8 with auto-login Nagios modules -JO
Updated host and service detail menu links to say status instead, in line with the actual page titles [TPS#12059] -JO
Updated host and service SMS (text) message subject fields to be able to be blank [TPS#7099] -JO
Updated nagiosxi database username field to allow for 255 character long usernames [TPS#11608] -JO
Updated user passwords to a more secure algorithm/process [TPS#12158] -JO
Updated wording for display host/service aliases (to accurately reflect that they display the display name) [TPS#7112] -BH
Updated PDF and JPG report exports to use localhost/local url instead of internal url -JO
Updated permissions for sudo-ran scripts in fullinstall and reset_config_perms.sh [TPS#12730] -JO
Updated layout for Capacity Planning report to utilize the full screen size -JO
Updated API objects backend to use json_encode() instead of xml2json for PHP version consistency which also removed “list” from API output -JO
Added
Added mobile phone verification to be able to receive text message notifications (on upgrade, already entered numbers will be set to verified) [TPS#12042] -JO
Added the host and service notes_url and action_url icons/links to the host/service status pages in XI [TPS#7893] -JO
Added versions for Nagios Core, Nagios-Plugins, SSH Terminal, NRPE, NSCA, PNP, etc in profile [TPS#1456] -JO
Added installed components, wizards, and dashlets version numbers in profile [TPS#1456] -JO
Fixed API help section that showed the improper usage of deleting a user [TPS#8634] -LG
Fixed SANS Internet Storm Center Top 10 Rising Ports dashlet to use new SANS backend [TSP#9044] -BH
Fixed Multistacked Graph Numbers displaying more than 3 decimal points on hover [TPS#9169] -BH
Fixed javascript searchable dropdown boxes to be easier to use and have proper styling -JO
Fixed unconfigure objects remaining in list even after pressing delete [TPS#9215] -BH
Fixed snmptt daemon restart on MIB upload on el7 systems [TPS#9237] -SS,JO
Fixed scheduled downtime showing a maximum duration of 9hrs (only a display issue) -JO
Fixed LDAP/AD component LDAP is_user to accept organizationalPerson and person [TPS#9272] -JO
Fixed LDAP/AD component issue with popup not centering [TPS#9272] -JO
Fixed invalid service configuration when using bulk host import to import a service with multiple hosts defined [TPS#9369] -BH
Fixed ‘this week’ time period in reports showing the last 8 days if a report is ran on sunday [TPS#9357] -JO
Fixed issue with the + symbol in hostnames not creating a proper URL to service details pages for services on that host [TPS#9443] -JO
Fixed process_perfdata.pl setting counters for output with ‘c’ values making graphs show up as 0 [TPS#9479] -JO
Fixed persistent comment/acknowledge checkbox on host/service details page [TPS#9488] -JO
Fixed issue where LDAP would not close if start TLS failed [TPS#9498] -JO
Fixed issue with perfdata that has a space in the value [TPS#9523] -SS,JO
Fixed scheduled backups local backups page to be sorted by timestamp -JO
Fixed event_handler scripts to push to DB queue for event_handler cron -BH
Core Config Manager (CCM) 2.6.0
Added ability to set host/hostgroups as “exclude” for services, service templates, host groups, service escalations, and host escalations [TPS#3966] -JO
Added icons for tools, configuration, and other nav links -JO
Added escape key binding to close overlays [TPS#8911] -BH
Updated theme to match the rest of Nagios XI (Modern) -JO
Updated splash page to have more information about current configuration -JO
Updated ‘Run Check Command’ to evaluate user macros [TPS#8264] -BH
Updated ‘Run Check Command’ to use cmdsubsys and execute as nagios user [TPS#6578] -BH
Updated ‘Run Check Command’ User Interface to be more intuitive and friendly and use NSP [TPS#9185] -BH
Fixed de-activating a contact from the edit page not respecting dependency check [TPS#8777] -BH
Fixed services table loading nothing if you delete all of a configs service definitions when selecting a config name from dropdown -JO
Fixed CCM not respecting etc/nagios.cfg illegal_object_name_chars [TPS#8864] -BH
Fixed various minor security vulnerabilities (thanks John Page aka HYP3RLINX) -JO
Updated sourceguardian loaders supporting up to php 5.6 -SW
Fixed bug causing htpasswd.users to not be updated immediately when user is forced to change password -SW
Fixed users who were set to local who were originally AD/LDAP users still being forced to skip local auth -SS
Updated
Updated Highcharts to 4.1.9 -JO
Updated htpasswd to use stronger SHA encryption -JO
Fixed
Fixed issue where update available still displays after upgrade by forcing check for updates to run after upgrade -JO
Fixed autoupgrade_backup.x.tar.gz filename when running upgrade from web UI -JO
Fixed numerous php notice/warnings -JO
Fixed issue where Nagios::Monitoring::Plugin is now required by several default plugins -SW
Fixed custom logo display issue in classic and 2014 themes -JO
Fixed issue in AD/LDAP component with import not working correctly with parenthesis -JO
Fixed issue where creating a new user would not update the htpasswd users file -JO
Fixed ndo2db init script to remove “cannot open file errors” on restart -SW
Fixed some unreadable service names in BBMap component -SW
Fixed bug where object wouldn’t acknowledge properly if no comment was entered through Rapid Response URL -SW
Fixed auto-discovery exclude IP’s to only have one -exclude statement in nmap scan -SW
Fixed bug where commands through UI (ack/comments/etc.) would not submit properly if host or service_description had unicode chars -SW
Fixed CCM Relationship button on commands page to show dependent relationships for hosts, services, hosttemplates, servicetemplates -SW
Fixed searching for hosts in alert stream (with auto-complete) -JO
Fixed error message returning on submit for Inbound NSCA settings -JO
Fixed adding contacts/contact_groups to hosts/services created in the new API -JO
Fixed creating host/service templates in API -JO
Fixed scheduled backup limit being set to 0 resetting to 7 -JO
Fixed old (upgraded intalls of XI < 5) nagiosadmins possibly not being able to log in locally if set to AD/LDAP -JO
Fixed issue with AD/LDAP component not working with commas -JO
Fixed various spelling errors -JO
Fixed user management page select all functionality -JO
Fixed invalid XML when using outbound transfers and check output had XML special chars -SW, SS
Fixed webinject install to make sure we have proper permissions -SW
Fixed bug where self signed SSL certificate sites could not schedule downtime -SW, SS
Fixed my tools and common tools to be sorted alphabetically -JO
Fixed bulk modifications tool to re-write host config on service config_name changes -JO
Fixed permissions for nagios libexec directory -JO
Fixed API creating only the last service sent when sending multiple service creations quickly -JO
Fixed bulk modifications tool when setting contacts/contact groups via host/service groups -JO
Fixed blank Alert Timeline when using a UTC offset -SW
Fixed sizing of Alert Timeline to show more alerts -JO
Fixed Top Alert Producers report column showing wrong date in Latest Alert column -SW
Fixed Top Alert Producers CSV export column showing wrong date and label -SW
Fixed BPI component check_bpi high CPU usage with lots of BPI checks -JO
Fixed gauge dashlet creation popup loading slow on large installs -JO
Fixed AD/LDAP import bug where users who already existed were trying to be imported instead of erroring -JO
Core Config Manager (CCM) 2.5.1
Added ability for import issue to update host/service escalations/dependencies by adding in # config_name to written config output -JO
Added ability for import issue to add host/service escalations/dependencies with specific config_name using # config_name in config to import -JO
Updated some styles for easier readability -JO
Fixed import issue where items that needed config_name would use the host_name as the config_name causing only one item to be imported -JO
Fixed imported service escalation/dependency services not always showing up in services selection list -JO
Fixed php errors being thrown -JO
Fixed bug in CCM splash page where the number of dependecies were incorrect and updated to use a database query which will speed up the page for large systems -LG
Added “Schedule a forced check for host and all services” to host detail advanced tab -SW
Added features to the Audit Log report including scheduled report, pdf version, and filters by log type and source -JO
Added log type and log source filter dropdowns to auditlog -JO
Fixed XSS vulnerability in nagiosbpi component -SW
Fixed bug in Switch wizard where the Warning/Critical percentages were not calculating using decimal places -LG
Updated
Upgraded Bulk Modifications component to 2.0.0 which includes numerous new modifications to be performed (see below) -JO
Upgraded Alert Stream to 2.0.0 which removes all Java apps from XI and instead uses D3.js -JO
Upgraded LDAP and AD components with a single component which allows importing LDAP/AD users and easier LDAP/AD user management in users section -JO
Upgraded to latest version of nmap in Auto-Discovery component -JO
Upgraded check_wmi_plus plugin to 1.60, more functionality -LG,SW
Updated Host/Service Detail pages to just show icon for tabs that have them specified to provide more real estate -SW
Updated detail page so most tab content on detail pages doesn’t load until selected improving performance -SW
Updated perfdataproc.php cron job to utilize a better mechanism to move large amounts of files avoiding “Argument list too long” errors -SW
Updated search functionality on users list in admin section to do mid-text searching on email, username, and full name -JO
Updated deploy notification component to be more user-friendly -JO
Updated the Metrics Component to display a wider range of agent data, optionally utilize the highcharts graphs, allow graph timeperiods to be selected, added advanced options and increased tab and display performance -LG
Updated Bandwidth report to optionally use highcharts graphs -LG
Updated the Windows WMI, Windows SNMP and Linux SNMP wizards to run a smart scan and prepopulate disks, processes and services -LG
Updated all reports to now use asynchronous loading of report information -JO
Updated all reports to have a new layout -JO
Updated loading icons throughout XI -JO
Updated configuration main page and configuration wizards page layout -JO
Updated available dashlets page layout -JO
Updated notification management section to be more intuitive when saving/applying templates to users -JO
Updated full search box in XI 5 to a search icon in the main header nav bar -JO
Updated host/service detail actions/advanced actions to use popups instead of old command pages -JO
Updated homepage splash screen -JO
Updated graph explorer multistacked graphs to actually ‘stack’ instead of overlay -JO
Remove displaying of service detail links for hosts without services -SW
Remove nmap from being fully wildcard sudo’d, preventing hijacking from other system users -SW
Added
Added manage dashboards page -JO
Added manage views page -JO
Added permissions to the actions component for individual actions -JO
Added button ‘Install Updates’ to auto-upgrade components either per component or for all components with updates -JO
Added button ‘Install Updates’ to auto-upgrade config wizards either per config wizard or for all config wizards with updates -JO
Added a new scheduled downtime page with ajax popups for scheduling downtime -JO
Added configuration wizard ‘advanced settings’ (step 3-5) templates (global/user) and a template manager -JO
Added default template for configuration wizards which will set config wizard step3-5 fields with the proper variables -JO
Added “API Key” to users section (instead of using username+ticket for API calls – backwards compatible though) -JO
Added a fusion API Key for later fusion integration -JO
Added integrated Help section for API Documentation -JO
Added new API with objects, config, and system sections which allows adding host/services -JO
Added a new theme for XI 5 release (Modern) -JO
Added tabs to global configuration settings in admin area -JO
Added numbers of saved reports and scheduled reports to left hand menu section -JO
Added icons to a number of commonly used links -JO
Added ability to filter config wizards on main config wizard page -JO
Added ability to import users from AD/LDAP locations -JO
Added ability to manage server certificates for AD/LDAP connections -JO
Added links to deadpool from admin section -JO
Added ability to customize email notification priority of notification per-user and per notification type, editable in Notification Preferences -SW
Added ability to use custom host/service variables in actions component -SW
Added ability to bulk rename config files for services in bulk rename component -SW
Added ability for users to enable/disable Host and Service Acknowledgments in Notification Preferences -SW
Added ability to toggle displaying of aliases in host/service detail pages. This is adjustable per user under Account Information -SW
Added NavBar Search to search for host, hostgroup, and servicegroup and take user directly to results page -SW
Added pagination additionally to top of host/service status tables -SW
Added ability for users with “Can (re)configure hosts and services” perms to add/remove contactgroups they are members of when running wizards and reconfiguring objects -SW
Added ability for users to just save config to database without Applying Configuration when running wizards -SW
Added Auto-discovery option to use system DNS -SW
Added ability to use logarithmic scaling with highchart perfdata charts -SW
Added embeddable highcharts performance graphs that can be placed in an iframe passing host/service/width/height/username/token -SW
Added Auto-discovery option to specify scan delay to throttle activity -SW
Added %hostgroupnames% and %servicegroupnames% macros to actions component -SW
Added ability to filter Capacity Planning report by Host/Hostgroup/Servicegroup with additional search -SW
Added numerous performance enhancements to Auto-discovery to improve scan performance -SW
Added URL target specification to actions component -SW
Added searching capabilities to Acknowledgments page -SW
Added ability to filter WARNING/UNKNOWN/UNREACHABLE states in Availability and SLA reports -SW
Added auto updating of Tools on tool creation -JO
Added auto updating of My Scheduled Reports when adding new scheduled report -JO
Added number of reports to My Reports and My Scheduled Reports menu headers -JO
Added auto updating of My Reports when saving new Report -SW
Added dashlet functionality to SLA and Availability Report -LG
Added language support for CCM help popups -SW
Added JPG export option to all reports -SW
Added option in State History Report to show only hosts or only services -SW
Added in ability to filter by Host, Hostgroup, Servicegroup in Notification Report -SW
Added sorting of Contacts and Contact groups in Wizard and object configuration pages -SW
Added ability to toggle Handled Problems in Birdseye Component -SW
Added a user specified refresh rate to the configuration options in Custom URL Dashlet -SW
Added hostgroups and service groups to host/service detail pages -SW
Added advanced option to Executive Summary Report giving ability to hide scheduled downtime, etc. -SW
Added ability to specify months in recurring downtime. -SW
Added additional details column to auditlog -SW
Added additional services to nagios config for localhost on a new install, checking crond, httpd, mysqld, ndo2db, npcd, ntpd -SW
Added ability to filter Operations Center by host/hostgroup/servicegroup -SW
Added to all reports a service drop down list that will display/update based on host selection -LG
Added ability to filter Operations Center by service state -SW
Added option to nagiosmobile to have page auto-refresh -SW
Added sortable and searchable dropdown filtering by Host/Service/Hostgroup/Servicegroup to latest alerts component -SW
Added remembering sort order (per-user) of items in CCM when returning to table of objects -SW
Added showing the most recent comment in the status list comment tooltips -SW
Added per-user theme settings -JO
Added setting to global config to uncheck Sticky Acknowledgement box by default -SW
Added login failures to Audit Log -SW
Added cfg variable error_level and removed php notice errors from the error_log in production -JO
Added the Warning/Critical lines to all XI graphs (toggle default active/inactive) -LG
Added backing up of Nagvis to XI backup/restore scripts -JO
Added config information to the downloadable system profile -JO
Added the ability in Admin > System Settings > General to write Nagios XI auditlog to a file -LG
Added new wizards: Folder Watch, Mountpoint, SLA -LG
Fixed
Fixed hypermap to be full size of page -JO
Fixed deletion of local backup files in scheduled backup component. -SW
Fixed bug causing nrdp.conf apache config to not work on CentOS/RHEL 7 -SW
Fixed Common Tools from improperly encoding URL’s -SW
Fixed bug in CCM causing Execution failure criteria to not populate correctly for ‘d’ -SW
Fixed bug causing NRDS Windows clients to not have correct permissions to build executable -SW
Fixed bug where clicking on icons in sort columns on host/service status tables would not sort -SW
Fixed bug in Event Log Report to allow searching for ; and : chars -SW
Fixed bug causing Unified Hostgroup views to not refresh -SW
Fixed bug causing search buttons on CCM import page to import files -SW
Fixed URL redirection when following permalink and user isn’t logged-in -SW
Fixed bug in the Scheduled Backups using FTP to use the indicated port (Previously default port 21) -LG
Fixed check_rrdtraf from mislabeling UOM if Bytes was selected -SW
Fixed many generic bugs with the deploy notification component and saving templates -JO
Fixed bug causing + symbol in host, service, hostgroup and servicegroups making links in UI not work correctly -SW
Fixed restore_xi.sh script to account for differences when moving from OS 6 to OS 7 -SW
Fixed bug causing CCM to not work properly if specifying non-default MySQL port -SW
Fixed bug where the Alias was not displaying for the Availability Report -LG
Fixed bug causing passwords with special chars such as $ or & to not write .htpasswd file correctly -SW
Fixed bug in Hostgroup Overview to display the correct service list when selecting a service instead of all hosts in the group -LG
Fixed bug where setting new UI theme would not actually change theme until next page load -JO
Fixed bug in ndoutils which could cause message queue to not empty -SW
Fixed bug where deleting backup would not remove the local backup -JO
Fixed bug in Hostgoup Overview to display the correct service list when selecting a service instead of all hosts in the group -LG
Core Config Manager (CCM) 2.4.0
Added Core Config Manager landing page -LG
Added throbber to all loading pages for ccm actions -LG
Fixed ‘Manage Parents’ to now show child relationships, making them non selectable -JO
Fixed bug where changing a parent host’s host name would cause config not to apply until doing a full delete/rewrite of configs -JO
Changed bulk mod procedure to be a step by step process -JO
Added ability to change ARG variables on hosts/services -JO
Added ability to add/remove multiple contacts/contact groups from hosts/services and host groups/service groups -JO
Added ability to select multiple host groups to add -JO
Added ability to remove host groups, services, and parents (hosts and services) -JO
Added ability to select hosts/services via selecting hostgroups or service groups -JO
Added ability to set templates (and template order) on hosts/services -JO
Added select boxes for config options that are selectable -JO
Added inheritance options for contacts/contact groups -JO
Added ability to update config name for services -JO
Updated change single config option to change more options -JO
Updated change single config option time period autocomplete functionality -JO
Nagios Core 4.1.1
ENHANCEMENTS
Promoted JSON CGIs to released status -ES
New graphical CGI displays: statusmap, trends, histogram -ES
Make sticky status for acks and comments configurable enhancement #20 -TM, SW
Add host_down_disable_service_checks directive to nagios.cfg #44 -TM, SW
httpd.conf doesn’t support Apache versions > 2.3 -DB, JF
FIXES
Fix for not all service dependencies created -JF
Fix SIGSEGV with empty custom variable -orbis, JF
Fix contact macros in environment variables -dvoryanchikov
Fixed host’s current attempt goes to 1 after going to hard state -JF
Fixed two bugs/problems: Replace use of %zd in base/utils.c & incorrect va_start() in cgi/jsonutils.c -PE
Fixed: Let remove_specialized actually remove all workers -PM
Fixed log file spam caused when using perfdata command directives in nagios.cfg -shashikanthbussa
Fixed off-by-one error in bounds check leads to segfault -PM
Added links for legacy graphical displays -ES
Update embedded URL’s to https versions of Nagios websites -SW
Fixed doxygen comments to work with latest doxygen 1.8.9.1 #30 -TM
Fixed makefile target “html” to PHONY to fix GitHub issue #28 -TM
Fixed typo as per GitHub issue #27 -TM
Fixed jsonquery.php 404 not found error, and disabled Send Query button until form populates #43 -SW
Fixed linking in Tactical Overview for several of the Host entries in Featured section #48 -SW
Fixed passing limit and sort options to pagination and sort links #42 -SW
Added form field for icon URL and clean-up when it changes in CGI Status Map. -ES
Added options to cgi.cfg to uncheck sticky and send when acknowledging a problem -TM
Low impact changes to automate the generation of RPMs from nagios.spec file. -TY
Update index.php -TM
Fixed escaping of corewindow parameter to account for possible XSS injection -SW
Typo correction -TY
Make getCoreStatus respect cgi_base_url -MS
Adjusted map layout to work within frames -ES
Fixed map displays are now the full size of browser window -ES
Fixed labels and icons on circular markup no longer scale on zoom -ES
Got all maps except circular markup working with icons -ES
Fixes to make legacy CGIs work again. -ES
Fixes to make all/html target tolerant of being run multiple times -ES
For user-supplied maps, converted node group to have transform -ES
Fixed issue transitioning from circular markup map to other maps -ES
Fix displayForm to trigger on the buttom press -SW
Fix fo getBBox crash on Firefox -ES
Fixed map now resets zoom when form apply()’d -ES
Fixed so close box on dialogs actually closes dialog -ES
Corrected directive in trends display -ES
Fixed minor issue with link in trends linkes -ES
Fixed issue with map displaying on Firefox -ES
Added exclusions for ctags generation -ES
Update map-popup.html -SW
Initial commit of new graphical CGIs -ES
Fixed Github bug #18 - archivejson.cgi returns wrong host for state change query -ES
Status JSON: Added next_check to service details -ES
Fixed escaping of keys for scalar values in JSON CGIs -ES
build: Include if it exists. -EM
lib-tests: test-io{cache|broker} need -lsocket to link. -EM
lib-tests: test-runcmd assumes GNU echo. -EM
lib-tests: Signal handlers don’t return int on most platforms, and using a cast was the wrong way to resolve this. -EM
Fix some type/format mismatch warnings for pid_t. -EM
Fix build on Solaris. -EM
runcmd: Fix build when we don’t HAVE_SETENV. -EM
Fixed checkresult output processing -EM
Corrected escaping of long output macros -EM
Fixed null pointer dereferences in archive JSON -ES
Fixed memory overwrite issue in JSON string escaping -ES
Added alias to report if it exists, a host is selected and alias is different than the hostname, alertheatmap, histogram, statehistory, sla, execsummary, availability -SW
Fixed
Fixed php parse error in state history report -SW
Fixed manage services script on centos 5 to get proper service binary -JO
Fixed capacity planning issues with no label in xml -JO
Updated the Manage Components page to be sorted by title (displayed name) and split into user/core sections -JO
Updated perfdata permissions to no longer be word writeable -JO
Updated Japanese language translations (thanks Sasaki) -JO
Updated menu section collapse/show -JO
Updated icons and Linux OS selection list for the sshproxy config wizard -JO
Updated MRTG configuration to use forks by default to process SNMP calls much faster -SW
Fixed issue in bandwidth report so it will not list in ‘see all available reports’ any services that have been deleted -LG
Fixed WatchGuard wizard so it detects ports correctly and allows support for all SNMP versions -LG
Added
Added ability for Alert Histogram report to allow selecting services and shows all host alerts including services or host only -JO
Added SLES, OpenSUSE, and CentOS/RHEL 7 support to the Linux Server config wizard (updated linux agent installer to work on the new systems) -JO
Added the ability to specify an alternate SNMP port and allow optional use of the TCP protocol in the snmptrapsender component -LG
Added a port number in the switch and watchguard wizards to a new column called ‘Port Name’ and the original Port Name field was changed to ‘Service Description’ -LG
Added “Other” to Linux Server config wizard which links to the NRPE config wizard instead -JO
Fixed
Fixed bug in graph explorer new 4 hour time frame not setting to 4 hours -JO
Fixed deploy notification options to show SMS and Email specific notification options -JO
Fixed bug in audit log where the amount of records/pages did not function properly -JO
Fixed sorting of dashboards, moving Home dashboard to top of list sorting remainder lexicographically -SW
Fixed bug in CCM that would give config errors when renaming a host -JO
Fixed bug in the CCM log management page that wouldn’t let you delete logs -JO
Fixed bug where CCM auto-login would not set the users CCM language to their selected Nagios XI language -JO
Fixed corruption of character-based languages in the CCM log management page -JO
Fixed bandwidth report ‘view all available’ table to show the description not just port number -JO
Fixed bandwidth report to sort naturally not by numeric -JO
Fixed CCM import to overwrite hosttemplates on hosts -JO
Fixed CCM import error messages not being displayed when there are errors -JO
Fixed CCM issue where spaces at front and end of host_name and config_name were possible -JO
Fixed Alert Stream to show the servers timezone instead of GMT -JO
Fixed backups to now save NRDP/NRDS configs -JO
Fixed scheduled backups not logging debug/info (and added 7 day log rotation) -JO
Fixed issue where clicking “Create Backup” in local backups page would wait for an extremely long time -JO
Fixed bug when trying to restart/start/stop NPCD from the web UI -JO
Fixed issue where custom url dashlet would not keep it’s resized size -JO
Fixed sorting of services in CCM table to now sort by host name (config name) and service name -JO
Fixed sorting on Scheduled Downtime page’s tables – now all host/services and groups are sorted alphabetically -JO
Fixed sorting on deploy dashboards page to now sort both the dashboards and users listed -JO
Fixed bug in autobackup scripts where some weekly backups weren’t removed on schedule -JO
Fixed Manage MIBs page to use the add_mib() function to ‘process trap’, if add_mib() is not in the filesystem or is not executable then use snmpttconvertmib to process MIB, but will not write EXEC lines -LG
Fixed Route Request (rr.php), when getting an invalid user_ticket due to load spikes -LG
Fixed Capacity Planning graph dashlet’s to export properly when in dashboard -JO
Fixed issue with NDOutils database upgrade rarely not adding columns -JO
Applied patch to Nagios Plugins 2.0.2 for SUID security vulnerability -SW
Updated
Update Nagios Plugins to 2.0.2 -SW
Applied patch to Nagios Plugins 2.0.2 to correct reverse lookups -SR,SW
Applied patch to Nagios Core to remove extraneous
from appearing in perfdata of passive checks as well as other check results reaped from the checkresults queue -SW
Changed the Apply Configuration process to only write out changed configuration files -SW, AB
Upgraded wkhtmltopdf from 0.10.0 to 0.12.1 to fix rendering issues for graphs in PDFs -JO
Updated some icons to fit the new theme and not have white backgrounds -JO
Fix Ndoutils situation where db table nagios_logentries has items where `instance_id`,`logentry_time`,`entry_time`,`entry_time_usec` isn’t unique enough. -SW
Fix bug where backend calls were forcing to connect to http://localhost even if forcing ssl -SW
Fix bug where reports would not be able to go through pages if auto-loading was turned off -JO
Fix bux in Network Outages causing incorrect hosts to be listed. -SW
Fix bug preventing new users from being added to the CCM -SW
Fix bug causing Services in Service dependencies to be disabled -SW
Added new Service Level Agreement (SLA) report – EG
Added Network Report with Integration with Nagios Network Analyzer -JO
Added Network Query Report with Integration with Nagios Network Analyzer -JO
Added PDF export for the following reports: SLA, Bandwidth Usage, Capacity Planning, Network Report, Network Query -SW
Added Scheduled reporting for the following reports: SLA, Bandwidth Usage, Capacity Planning, Network Report, Network Query -SW
Added ability to set the scheduled report email text on a per-user basis -JO
Added New Theme with cleaner look and quick search from any page -JO
Added Mass Downtime Deletion ability -SW
Added ability to archive snapshots -SW,JO
Added Per-User Menu Collapsing Memory -SW
Added gauges dashlets to service/host detail pages -SW
Added Deadpool feature to optionally automatically remove hosts/services from being monitored (Enterprise Feature) -EG,SW
Added Scheduled Backups Component -JO
Added Easy Upgrade from web UI – SW, JO
Added ability to view past upgrade logs (if done from web UI) in web UI -JO
Added ability to set XI server and PHP timezone from web UI -JO
Added ability to drill-down to specific hosts by clicking Highcharts perf graphs -JO
Added RDP and VNC Connection component allowing quick connections to host via RDP, VNC, Telnet and SSH -EG,SW,JO
Added logging of phpmailer failures to /usr/local/nagiosxi/tmp/phpmailer.log -SW
Added capacity planning graphs to tabs in Status detail pages -JO
Added the ability to give hosts a parent in bulk modification tool -JO
Added the ability to give hosts a hostgroup in bulk modification tool -JO
Added the ability to add a service (from an existing service as a template) to multiple hosts using the bulk modification tool -JO
Enhanced Graph Explorer (with Stacked Performance Graphs) -JO
Enhanced Performance Graphs on Status Details Pages -JO,SW
Enhanced view rotation time slider -JO
Updated host/service detail pages to have choices of “5”,”10′′,”15′′,”25′′,”50′′,”100′′,”250′′,”500′′,”1000′′ per page -SW
Updated Apply Configuration process to remove old host/service .cfg files before writing the new .cfg files, this will help eliminate the possibility of ghost hosts/services. -SW
Updated Apply Configuration process to only allow one Apply Configuration process to happen at a time. -SW
Fixed
Fixed bug which was preventing back button from remembering selection for notification_targets in step 5 of the wizard. -SW
Fixed bug that would allow hosts / services Active checkbox to be unchecked even if it had dependencies -SW
Fixed bug in license activation with lowercase license keys -EG
Fixed CCM bug where deletion/deactivation was possible with dependent relationships -SW
Fixed CCM bug so that saving static configurations to no longer add non-readable line breaks into saved files -JO
Fixed search for users in Manage Config Access of CCM… What a mess. -SW
Fixed Network Replay report -EG,JO
Fixed bug in the CCM where you could activate a service that had parent relationships that were disabled -JO
Fixed bug in the CCM where you could add a disabled parent to an object that would cause applying the config to fail -JO
Fix to the backup_xi.sh to get place the config.dat that it sources in, into a specific directory. Added quotes around password variables as they could have special chars. -SW
Updated
Fix for CSV export on Availability report. Thanks Brian Christiansen for the patch! -SW
Fix for old graphexplorer dashlets to now show up again with new graph explorer -JO
Fix for graphexplorer giving an error in the error log -JO
Fix graphexplorer to show custom selected times properly -JO
Fix bug where autodiscovey jobs never complete -SW
Fixed
Fixed graphexplorer to show hosts with perfdata that don’t have _HOST_ perfdata -JO
Fixed check for update button to force an update check -JO
Updated
MIB upload page now runs the custom SNMPTT addmib command if present and process mib box is checked -SW
Fix hostgroup/servicegroup grid dashlets to sort services listed alphabetically -SW
Fix bug where Configure -> Re-configure this host/service would not work if additive inheritance was set in CCM -SW
Add ability to schedule recurring downtime for wildcard services as well as all services on a host. Thanks Brian Christiansen for the patch! -SW
Change graphexplorer to a be a core component -SW
Add gauges dashlets to service/host detail pages (2014 feature) -SW
Clicking the title in a timeline graph will now redirect to the host/service page for the host/service in the graph -JO
Dashlets now snap to each other borders if they are within 10px of eachother -JO
Dashlets now have a slimmer bounding box (2014 feature) -JO
All dashlets will now outline in a light color when resizing or dragging a dashlet -JO
Forgot password now sends an email to confirm resetting a password before actually resetting it -JO
Updated Availability, Alert Histogram, Executive Summary to use high charts graphs -JO
Updated TAC to use different verbage for active/passive checks, change passive icon to only display if active checks are disabled. Thanks Brian Christiansen for the patch! -SW
Fixed
Fixed bug where status table with downtime filter was not showing the correct results. Thanks Brian Christiansen for pointing us in the right direction! -SW
Fixed bug where in the Manage Variable Definitions popup under Misc Settings in CCM, if you insert new definitions the old values don’t get cleared. Thanks Brian Christiansen for the patch! -SW
Fixed bug where when creating a user, if you choose the “Admin” authorization level the checkboxes below are greyed out (except for read-only access). When you go back into that user the boxes are not greyed out and you can select them. If you change the level to User and then back to Admin the boxes are greyed out again. Thanks Brian Christiansen for the patch! -SW
Fixed bug where read_only users were not being added to the nagios cgi.cfg -SW
Fixed bug where key indexes were not getting added to nagios DB until first upgrade was performed -SW
Added
Added ntpd to install and run by default. -SW
Added the ability to perform the Nagios XI upgrades from the web UI with logging (2014 feature) -SW, JO
Added proper pagination that doesn’t show all available pages and jump to tables to the CCM on pages that have tables -JO
Added theme section and themes to Nagios XI (2014 feature) -JO
Added ability to change the highcharts graph theme from grey (2014 feature) -JO
Postgres sequence fix script is now run during upgrades, full installs – EG
Changed Nagios Core hostgroup/servicegroup logic to match Nagios XI – EG
New installations will have cleaner handling of sudoers, cron jobs, and php limits
Lots of bug fixes in the installer
Removed
Removed freetds and dbd dependencies
Fixed
Fixed bug that displayed debugging output on email test page #207 -MG
Fixed bug where email addresses without FQDN’s can vail validation and fail to send (example: root@localhost) -MG
Fixed bug #207 that broke the URL for Unhandled problems in the login alerts window and Nagios Fusion. – MG
Fixed bug #185 with adding new service escalations and dependencies. Removed safety nets in the UI to allow services with service->hostgroup relationships to work correctly.
Fixed bug #152 related to service escalations creating ghost services upon import. – MG
Fixed broken link on Unconfigured Objects page – SW
Fixed availability report bug where host name was not displayed properly – SW
Fixed bug #122 which displayed inconsistent data in state history reports – EG
Fixed bug #218 where servicegroup availability reports contained incorrect host data – EG
Fixed bug #215 where performance graphs in object detail screens could not be added to dashboards – EG
Fixed bug where host and service notifications could not be completely disabled on a per-user basis – EG
Fixed bug where escalation macro was not getting populated for use in notification messages – EG
Fixed bugs with improperly encoded URLs causing broken links -SW
Added
Added option to specify http port in config.inc.php. Apply Config would fail without a mod_rewrite. -MG
Added fix/feature for bug #190 to allow html output for host/service status text. Option is switchable in the Admin->Manage System Config page. – MG
Added a System Profile page to the Admin menu to assist in troubleshooting – MG
Added new backend commands to support future NagiosQL snapshot rollbacks – EG
Modified Nagios Core notification scripts to include the host display name macro and allow it be used used in user notifications (using the %hostdisplayname% variable)
New init script to fix problems with multiple Nagios instances running
Fixed
Fixed bug in object functions related to instance_id and active state that affected object status pages
Fixed bug in E-importnagiosql script where Apache was not starting properly
Fixed bug where applying configuration changes would hang
Fixed bug where re-notification interval of zero (0) corrupted wizard object definitions
Fixed bug where fullinstall script needed to be run twice
Added
Added preliminary support for memcached
Added initial support for automatic logins
Added a non-interactive option to the fullinstall script for unattended installations
