2011R1.9
- December 7, 2011
Security
- Fixed security escalation race conditions in crontab install scripts – EG / AG
- Fixed XSS vulnerabilty in backend_url javascript link – EG
- Fixed XSS vulnerability in xiwindow variables (affected permalinks) – EG
- Fixed XSS vulnerability in recurring downtime script – EG
- Fixed XSS vulnerability in alertheatmap report, “My reports” listing – EG
- Fixed XSS vulnerabilities in status/report page link functions – EG
- Fixed security vulnerability during package installation – AG
- Special thanks to 0a29406d9794e4f9b30b3c5d6702c708 for reporting security vulnerabilities.
Updated
- Prevented some time-critical SQL queries from being cached – EG
- Prevented service graph from being generated in availability reports when a host has no services (issue #198) – EG
- Patched recurring downtime script to fix problem with Nagios scheduling it’s own downtimes (issue 136) – submitted by Alexandru Lacraru
- Changed home page notifications link to use newer report – EG
- Fix for availability report including incorrect data – EG
- Further revision on repairmysql.sh script for more successful repair runs – MG
Added
- Added ability to copy permalink URL to clipboard (suggested by Troy Lea) – EG
- Added fix for potential bug that prevented performance graphs from displaying on some systems -MG
- Added fix to the rrdtool graph API for improved compatibility with existing PNP graph templates – MG
- Added event log report to legacy reports – EG
- Added ability to attach multiple files to an email message – EG
- Added ability to have multiple recipients in email messages – EG
Fixed
- Fixed potential endless loop in non-interactive fullinstall script – AG
- Fixed bug with multiple calls to session_start() that produced error messages – EG
- Fixed bug where custom tabs (eg. object notes) would not appear in service details screens – EG
- Fixed minor bug in coreuiproxy.inc.php script that was generating a PHP Warning on CentOS/RHEL 6 installs – MG