Request Demo

5.8.7

  • November 2, 2021

Security

  • Updated migrate.php script to ensure that the nagios_bundler.py is not a security issue by copying it after tarball extraction -JO
  • Updated NSCA to version 2.10.1 to fix security issues -SAW
  • Fixed XSS vulnerability in Nagios Core ui by patching Core for XI systems with escape_string() -JO
  • Fixed XSS vulnerability in SSH Terminal page url parameter and the Account Information page api_key parameter -JO
  • Fixed XSS vulnerability in Audit Log page Send to NLS form -JO
  • Fixed security permissions issue with apache user and temp directory used by Highcharts -JO
  • Fixed security permissions issue with nocscreen component sounds directory -JO
  • Fixed manage_services.shs script vulnerability with systemctl not using the -no-pager option -JO
  • Fixed various security issues: (thanks [email protected] and [email protected] from Codesafe Team of Legendsec at Qi’anxin Group)
  • Fixed various XSS vulnerabilities in the auditlog.php admin page -JO
  • Fixed SQL injection possibility in mib_name parameter when uploading new MIBs in Manage MIBs page -JO
  • Fixed XSS vulnerability in the Admin > system performance settings page -JO
  • Fixed XSS vulnerabilities in the Admin > system settings page -JO
  • Fixed security vulnerability in nagiosna component in version 1.4.5 -JO
  • Fixed security vulnerability in MTR component in version 1.0.4 -JO
  • Fixed security issue in NRDS with version 1.2.8 -JO

Updated

  • Updated install to support Debian 11 systems -JO
  • Updated System Settings for “allow html” to separate options for status and comments under Other Settings and added a warning -JO
  • Updated NRDP to version 2.0.5 to fix issue with receiving spooled passive checks [TPS#15621] -JO

Fixed

  • Fixed issue with “Finish as Template” button not adding services do to new wizards using json encode/decode rather than serialize [TPS#15635] -JO
  • Fixed capactiyplanning.py giving out a lot of ValueErrors when pending checks are just starting to run -JO
  • Fixed issue where cloning user would not clone the user’s meta data [TPS#15617] -JO
  • Fixed bulk modifications issue when trying to remove Free Variables [TPS#15653] -JO
  • Fixed sysstat data on systemd systems when XML entities are in the output text causing the Admin > System Status to show “No Data” [TPS#15657] -JO
  • Fixed issue with cfgmaker with contact/location newlines causing it not to work [TPS#15666] -JO,SS

Component Updates

Core Config Manager (CCM) 3.1.5

  • Fixed Down stalking option not working for Host Templates in Alert Settings tab [TPS#15625] -JO
  • Fixed XSS vulnerability in ajax.php script -JO
  • Fixed issue with case insensitivity in regards to host/service names when importing configs (or running wizard) [TPS#15620] -JO