2024R1

Improved security of default database password generation (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#424] – DA
Improved security of randomly-generated text, including API keys (Thanks to Abdulmohsen Alotaibi for reporting this) [GL:XI#433] – DA
Improved security of Ansible Vault credentials in Nagios Core-to-XI migration tool (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#426] – DA
Fixed vulnerability with time-based port scanning on ftp connections in Scheduled Backups component (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#422] – DA
Fixed a security issue in migrate.php that allowed root code execution from user input (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#415] – DA
Fixed an XSS vulnerability in the graphexplorer component (Thanks to Pankaj Kumar Thrakur for reporting this) [GL:XI#468] – DA
Fixed a security issue with backup_xi.sh allowing deletion of arbitrary directories (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#428] – DA
Fixed some missing access controls in the Nagios XI 5 API (Thanks Matthew Bach and Hack The Box Ltd for reporting this) (CVE-2023-51124) [GL:XI#520] – SAW

Improved multiple-selection widgets in several configuration wizards [GL:XI#444, GL:XI#475] – PhW
Improved authorization requirements when editing USER and System Macros in the CCM (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#425] – DA
Improved input validation in send_to_nls.php script (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#427] – DA
Updated login page [GL:XI#394] – CN
Moved the help menu to a dropdown in the upper-right corner of the screen [GL:XI#455] – SG
Disabled web SSH Terminal by default (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#416] – DA

Removed DROP and DELETE permissions from the Nagios XI user for the auditlog table (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#420] – DA
Removed support for PostgreSQL – SAW

Added tours for the homepage and wizards [GL:XI#402] – BB
Added the ability to view the most used and most recently used configuration wizards [GL:XI#462] – GW
Added Colorblind theme for users with red-green colorblindness [GL:XI#453] – JS
Added a page to enable/disable notifications for hosts and services en masse [GL:XI#378] – SG
Added new home dashboard [GL:XI#397] – CN
Added client side form validation and updated appearance for most Wizards [GL:XI#300,XI#395] – LG
Added a new built-in “demo” dashboard and associated new dashlet [GL:XI#473] – GW
Added configuration wizard to monitor OpenAI Usage. [GL:#403] – PhW
Added configuration wizard to set up Slack notifications [GL:XI#399] – BB
Added configuration wizard to set up Discord notifications [GL:XI#400] – BB
Added new SNMP Trap Volume Dashlet – SAW
Added new Modern Gauge Dashlet – BB
Added an Enterprise top-level menu and page – [GL:XI#452] – KV
Added sticky header and sort by status to BBMap [GL:XI#448,#449] – LG

Fixed incorrect table header in Configure->Core Config Manager->Hosts [GL:XI#477] – KV
Fixed PHP Warnings when adding a host in the CCM [GL:XI#483] – SAW
Fixed PHP warnings from use of deprecated split() function [GL:XI#467] – GW
Fixed PHP warnings when processing SNMP Traps in the Manage MIBs page [GL:XI#480] – SAW
Fixed an issue that allowed users with expired trial and enterprise licenses to access enterprise features [GL:XI#437] – GW
Fixed PHP warnings when adding a hostgroup in the CCM [GL:XI#483] – SAW
Fixed PHP warnings when adding a servicegroup in the CCM [GL:XI#481] – SAW
Fixed use of deprecated utf8_encode() in Locale selection and CCM Audit Log [GL:XI#491] – SAW
Fixed use of deprecated functions in CCM log management [GL:XI:#490] – SAW
Fixed plaintext storage of sensitive information in the database (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#421] – DA