5.4.13
- March 13, 2018
Security
- Fixed XSS vulnerability in views page -JO
- Fixed RCE vulnerability in component download page (Thanks Bjoern Brixner at Telekom Security) -TM
- Fixed vulnerability in NagiosQL (Thanks @iotennui, @BennyHusted, @0xC413 on twitter) [CVE-2018-8733,CVE-2018-8734,CVE-2018-8735,CVE-2018-8736] -JO,TM
Added
- Added notification alteration callbacks -JO
- Added notification template callbacks, updated documentation -BH
Fixed
- Fixed NPCD not showing as running in systemctl on EL7 systems even though it is running [TPS#12924] -JO
- Fixed command subsystem to only try to package and download components/dashlets/configwizards that exist -JO
- Fixed enterprise only banner for sending single report emails [TPS#13025] -JO
- Fixed permalink URL generation to use the proper location when sending xiwindow url [TPS#13036] -JO
- Fixed scheduled report subject field to not append generic text when subject is set [TPS#13062] -JO
- Fixed deadpool not running properly on it’s cron [TPS#13075] -SW
- Fixed BPI calculation to use round() properly so groups > 1000 objects shows proper statuses [TPS#13078] -JO
- Fixed dashboards disappearing with non-UTF8 names/titles (can use config.inc.php option $cfg[‘db_conn_utf8’] = 0; in some cases) [TPS#13051] -JO
Component Updates
Core Config Manager (CCM) 2.6.11
- Fixed u option in service dependencies for execution_failure_criteria & notification_failure_criteria to reak Unknown instead of Unreachable -SW
- Fixed hostgroup excludes on service management page [TPS#12952] -JO
- Fixed CCM importing config name value in service definitions -JO