This release of Nagios XI includes the latest versions of Nagios Core and ndo2db. We recommend all Nagios XI users upgrade to this version, as the latest version of Nagios Core (included) fixes three root privilege escalation vulnerabilities. If not upgraded, these vulnerabilities could leave the Nagios XI server vulnerable to attack.
Additionally, several cross-site scripting vulnerabilities were fixed, along with about a dozen non-security-related bug fixes.
Finally, enhancements were made in the included versions of Nagios Core and ndo2db that significantly improve memory utilization along with increasing performance, specifically on installations monitoring a large number of hosts and services.
Below is the full change list:
5.4.0 ================== - Upgraded Nagios Core to version 4.2.4 - Upgraded NDOUtils to version 2.1.2 - Upgraded NRDP to version 1.4.0 - Added combined CSV export option for availability report - Added support for offloaded databases in the repair_databases.sh script - Fixed email not being updated for XI Contact when XI User is updated - Fixed security type not being respected properly by LDAP/AD Integration component - Fixed issue where system status popup would show white text for non-admins who can view it - Fixed issue with French translations in LDAP/AD import/manage servers pages - Fixed various XSS vulnerabilities (BPI url, Scheduled Backups url) - Fixed issue spaces in mibs cause snmptt to fail (manage mibs page now replaces spaces with _ on upload) - Fixed text on views popups to not have unprocessed html output in them Core Config Manager (CCM) - 2.6.4 --------------------------------- - Fixed issue with ID and page number not being an int - Fixed various XSS vulnerabilities (search bar and others) - Fixed issue with returnUrl set to non-CCM url - Fixed issue with importing contacts/contact groups not importing all contact options - Fixed exclamation points being unable to be used in command arguments in CCM