Request Demo

5.8.0

  • January 13, 2021

Security

  • Fixed security vulnerability where PNP’s PHP templates were accessible from the interface -JO
  • Fixed stored XSS security vulnerability in My Tools page (thanks Matthew Aberegg) -JO
  • Fixed security vulnerability in Manage Plugins upload when using convert line endings option (CVE-2020-35578) (thanks Haboob Team) -JO
  • Fixed XSS security vulnerability in Nagios BPI config IDs (thanks Matt Aberegg) -JO
  • Fixed XSS security vulnerability in views url (thanks Matt Aberegg) -JO
  • Fixed XSS security vulnerability in SSH Terminal page (CVE-2021-25299) (thanks Nipun Gupta of Cloudfuzz) -JO
  • Fixed security vulnerability in Graph Template upload and PNP share directory (thanks Xinjie Ma from Chaitin Security Research Lab) -JO

Updated

  • Updated Rapid Response page sizing on mobile devices -JO
  • Updated Linux Server Config Wizard to use NCPA instead of NRPE -LG
  • Updated Highcharts to version 7.2.2 for bug fixes -JO

Added

  • Added Migrate Server utility to Admin section to migrate Nagios Core systems to Nagios XI -JO,SAW
  • Added new Configuration Snapshots page with ability to see raw diffs between configuration changes that have been applied -JO
  • Added services tab into Host Status Details page to see service status without leaving the page -JO
  • Added ability to deploy agents from the Auto Discovery tool and show if agents have been deployed to hosts that are discovered -JO
  • Added Microsoft 365 Config Wizard -LG
  • Added Linux Server Legacy Config Wizard that uses NRPE -LG
  • Added notification options to Scheduled Backups to notify via email when backups succeed or if they fail -JO
  • Added ease of use enhancements to the New Password input and Email User New Password checkbox in the Edit Users page -JO
  • Added Scheduled Reports History tab to My Scheduled Reports page and Report Managment section to view reports ran and the status -JO
  • Added ability to send URL parameters to PUT API config endpoints in case a parameter cannot be passed via the URL path -JO
  • Added support for deploying agents on Windows machines (if openssh server is enabled and configured) via Deploy Agents -JO

Fixed

  • Fixed Scheduled Backup logging so it logs output and errors directly into the scheduledbackups.log file when backups are ran -JO
  • Fixed issue with the coreuiproxy not properly working with URL encoded strings [TPS#15381] -JO
  • Fixed Scheduled Reporting logging file (/usr/local/nagiosxi/var/scheduledreporting.log) not being created by default -JO
  • Fixed Bulk Modifications Tool to properly apply check_command on host/services that do not have one [TPS#15385] -JO
  • Fixed Bulk Modifications Tool logging output not showing the proper host/service names in the audit log [TPS#15384] -JO
  • Fixed issue with forward slashes in name/definition of object configs in Nagios BPI [TPS#15356] -JO
  • Fixed service selection dropdown from changing sizes in Graph Explorer’s Multistacked graph tab [TPS#15368] -JO
  • Fixed issue with Auto Discovery not having Actions buttons if a running job finishes before moving off or refreshing the page -JO
  • Fixed theme/CSS issue with column sizes on large screens -JO
  • Fixed Ansible package installation on Ubuntu 18.04 LTS systems -JO
  • Fixed API endpoints config/host and config/service to make host_name and config_name values case sensitive -JO
  • Fixed changing timezone in EL8 systems not restarting php-fpm which causes php to have the wrong timezone until restarted -JO
  • Fixed issue with system/commands when using multiple command IDs [TPS#15408] -JO,SS
  • Fixed styling on Rapid Response page when using a trial enterprise license -JO
  • Fixed serial number for self signed SSL generated when selecting SSL option during install -JO
  • Fixed sysstat cron job cpu stats on newer versions of iostat in CentOS/RHEL systems -JO,DC
  • Fixed issue with Bulk Modifications Tool when removing a free variable where relationships would not show -JO

Component Updates

Core Config Manager (CCM) 3.1.0

  • Added checkbox in Import Config Files page that hides all configs outside of the import directory -JO
  • Added service excludes checkbox into Service Escalations -JO
  • Updated service object Misc Settings tab to remove config options that are not able to be set for services -JO
  • Updated Misc Settings information for how to use specific fields -JO
  • Fixed issue where object names with multiple spaces in a row would not import properly [TPS#15374] -JO
  • Fixed check command close button over the command output and command output sizing [TPS#15353] -JO
  • Fixed Service Escalations showing * for contact/contact group options since it is not usable [TPS#15403] -JO
  • Fixed Service not removing hosts properly when deleting a host and the service also has a hostgroup assigned [TPS#15415] -JO
  • Fixed excluding services, hosts, host groups from Service Escalations [TPS#15321] -JO
  • Fixed importing services on Service Escalations when host_name is set to * [TPS#15321] -JO
  • Fixed XSS security vulnerability with the Active/Actions buttons in the templates pages (thanks Matt Aberegg) -JO