nagios4/Changelog
2017-10-20 15:43:36 +02:00

415 lines
23 KiB
Plaintext

########################
Nagios Core 4 Change Log
########################
4.3.4 - 2017-08-24
------------------
* Improved config file parsing (Mark Felder)
* Fixed configure script to check for existence of /run for lock file (in regards to CVE-2017-12847, Bryan Heden)
* Use absolute paths when deleting check results files (Emmanuel Dreyfus)
* Add sanity checking in reassign_worker (sq5bpf)
4.3.3 - 2017-08-12
------------------
* xodtemplate.c wrong option-deprecation code warning (alex2grad / John Frickson)
* On-demand host check always use cached host state (John Frickson)
* 'á' causes Serivce Status Information to not be displayed (John Frickson)
* New Macro(s) to generate URL for host / service object (John Frickson)
* Fix minor map issues (Troy Lea)
* Fix lockfile issues (Bryan Heden)
* Switch order of daemon_init and drop_priveleges (CVE-2017-12847, Bryan Heden)
* Add an OpenRC init script (Michael Orlitzky)
4.3.2 - 2017-05-09
------------------
FIXED
* Every 15sec /var/log/messages is flooded with "nagios: set_environment_var" (John Frickson)
* Changed release date to ISO format (yyyy-mm-dd) (John Frickson)
* `make all` fails if unzip is not installed (John Frickson)
* Quick Search no longer allows search by Alias (John Frickson)
* flexible downtime on a service immediately turns off notifications (John Frickson)
* Fix to allow url_encode to be called twice (Z. Liu)
* Update timeperiods.cfg.in (spelling) (Parth Laxmikant Kolekar)
* Spelling fixes (Josh Soref)
* Vent command pipe before remove to avoid deadlocks on writing end (Kai Kunstmann)
* CGI utility cgiutil.c does not process relative config file path names properly (John Frickson)
* xdata/xodtemplate.c bug in option-deprecation code (John Frickson)
* Wildcard searching causes service status links to not work properly (John Frickson)
* Quick search with no hits shows a permission denied error (John Frickson)
* Setting a service as its own parent is not caught by the sanity checker (-v) and causes a segfault (John Frickson)
4.3.1 - 2017-02-23
------------------
FIXES
* Service hard state generation and host hard or soft down status (John Frickson)
* Comments are duplicated through Nagios reload (John Frickson)
* host hourly value is incorrectly dumped as json boolean (John Frickson)
* Bug - Quick Search no longer allows search by IP (John Frickson)
* Config: status_update_interval can not be set to 1 (John Frickson)
* Check attempts not increasing if nagios is reloaded (John Frickson)
* nagios hangs on reload while sending external command to cmd file (John Frickson)
* Feature Request: return code xxx out of bounds - include message as well (John Frickson)
4.3.0 - 2017-02-21
------------------
SECURITY FIXES
* Fix for CVE-2016-6209 - The "corewindow" parameter (as in
http://localhost/nagios?corewindow=www.somewhere.com) has been disabled by
default. See the UPGRADING document for how to enable it. (John Frickson)
FIXES
* Fix early event scheduling (pmalek / John Frickson)
* on-demand host checks triggered by service checks cause attempt number increments (fredericve)
* Service notification not being send when host is in soft down state (John Frickson)
* configure does not error if no perl installed on CentOS 7 (John Frickson)
* failed passive requests leave .ok files in checkresults dir (caronc)
* Services don't show in status.cgi if "noheader" specified (John Frickson)
* Standardized check interval config file names (John Frickson)
* "Event Log" (showlog.cgi) could not open log file (John Frickson)
* "nagios_check_command" has been deprecated since v3.0. Last vestiges removed (John Frickson)
ENHANCEMENTS
* Added new flag to cgi.cfg: tac_cgi_hard_only to show only HARD states (John Frickson)
* Add broker-event for the end of a timed event (NEBTYPE_TIMEDEVENT_END) (John Frickson)
* There is no Macro to retrieve addresses of hostgroup members (now $HOSTGROUPMEMBERADDRESSES$) (John Frickson)
* Add "Page Tour" videos to several of the core web pages (John Frickson)
* Added a login page, and a `Logoff` links (John Frickson)
* On the status map, the host name will be colored if services are not all OK. (John Frickson)
* Added "Clear flapping state" command on host and services detail pages. (John Frickson)
* User-entered comment now displays below generated comment for downtime (John Frickson)
4.2.4 - 2016-12-07
------------------
SECURITY FIXES
* Fixed another root privilege escalation (CVE-2016-9566) Thanks for bringing this
to our attention go to Dawid Golunski (http://legalhackers.com).
4.2.3 - 2016-11-21
-------------------
SECURITY FIXES
* Fixed a root privilege escalation (CVE-2016-8641) (John Frickson)
FIXES
* external command during reload doesn't work (John Frickson)
* Nagios provides no error condition as to why it fails on the verify for serviceescalation (John Frickson)
* No root group in FreeBSD and Apple OS X (John Frickson)
* jsonquery.html doesn't display scheduled_time_ok correctly (John Frickson)
* daemon_dumps_core=1 has no effect on Linux when Nagios started as root (John Frickson)
* Configuration check in hostgroup - misspelled hostname does not error (John Frickson)
* contacts or contact_groups directive with no value should not be allowed (John Frickson)
* Compile 64-bit on SPARC produces LD error (John Frickson)
* HOSTSTATEID returns 0 even if host does not exist (John Frickson)
* Submitting UNREACHABLE passive result for host sets it as DOWN if the host has no parents (John Frickson)
* nagios: job XX (pid=YY): read() returned error 11 (changed from LOG_ERR to LOG_NOTICE) (John Frickson)
* Fix for quick search not showing services if wildcard used (John Frickson)
4.2.2 - 2016-10-24
------------------
SECURITY FIXES
* There was a fix to vulnerability CVE-2008-4796 in the 4.2.0 release on
August 1, 2016. The fix was apparently incomplete, as there was still a
problem. However, we are now getting all RSS feeds using AJAX calls
instead of the (outdated) MagpieRSS package. Thanks for bringing this to
our attention go to Dawid Golunski (http://legalhackers.com).
ENHANCEMENTS
* Update status.c to display passive check icon for hosts when passive checks
are enabled and actives disabled (John Frickson)
FIXES
* Fix permissions for Host Groups reports (status.cgi) (Patrik Halfar)
* Service Parents does not appear to be functioning as intended (lev)
* Availability report mixes up scheduled and unscheduled warning percentages (Helmut Mikulcik)
* Invalid values for saved_stamp in compute_subject_downtime_times() (John Frickson)
* Remove deprecated "framespacing" (John Frickson)
* The nagios tarball contains two identical jquery copies (John Frickson)
* extinfo.cgi does not set content-type (most cgi's don't) (John Frickson)
* Timeperiods are corrupted by external command CHANGE_SVC_CHECK_TIMEPERIOD (xoubih)
* Quick search doesn't show hosts without services (service status detail page) (John Frickson)
* In host/services details view, if exactly 100 entries would not show last one (John Frickson)
* nagios host URL parameter for NEW map doesn`t work - Network Map for All Hosts (John Frickson)
* next_problem_id is improperly initialized (gherteg)
* Passive problems not showing as "unhandled" (John Frickson)
* September reported as Sept instead of Sep (Rostislav Opočenský)
* Notifications are not sent for active alerts after scheduled downtime ends (John Frickson)
* Nagios 4.2.0 not working on Solaris (John Frickson)
* install-exfoliation and install-classicui don't work FreeBSD and Mac OS X (John Frickson)
* Updated makefile to delete some no-longer-needed files (John Frickson)
4.2.1 - 2016-09-06
------------------
FIXES
* Fix undefined variable php error (John Frickson)
* Links on the sidebar menu under 'Problems' are indented too far (John Frickson)
* Using $ARGn$ Macros in perfdata (John Frickson)
* using a wildcard in search returns service status total all zero's (John Frickson)
* read_only does not take priority (deppy)
* Running nagios -v on 4.2.0 takes 90+ seconds (John Frickson)
* Bare "make" invoked in subtarget (mjo)
* Theme images/stylesheets installed with inconsistent permissions (mjo / John Frickson)
* Missing Image for Host and Service State Trends in Availability Report (nichokap / John Frickson)
* Maintain non-persistent comments through reload (John Frickson)
* Servicegroup availability report ignores includesoftstates in service report links (PriceChild)
* error: format not a string literal and no format arguments (Karsten Weiss)
* Synced config.guess and config.sub with GNU (Zakhar Kleyman)
4.2.0 - 2016-08-01
------------------
SECURITY FIXES
* Fixed vulnerability CVE-2008-4796 (John Frickson)
* Fixed vulnerability CVE-2013-4214 (John Frickson)
* web interface vulnerable to Cross-Site Request Forgery attacks (John Frickson)
ENHANCEMENTS
* Increase socket queue length for listen()
* Added host name to the website page title (leres / John Frickson)
* Added additional icons for NetBSD and SuSE (John Frickson)
* The new Status Map will now use cgi.cfg options (John Frickson)
default_statusmap_layout will default to "6" for the new map
* The new Status Map will now show some valid values in the popup for "Nagios Process" (John Frickson)
FIXES
* Network outage view without access to all hosts (John Frickson)
* Core workers looping (John Frickson)
* service query returns duplicate host_name and description fields in the returned data (John Frickson)
* HTML output of plug-ins is parsed in wrong way => webgui unusable (John Frickson)
* Command worker fails to handle SIGPIPE
* "View Status" links under "Map" broken in Nagios Core Version 4.1.1 (John Frickson)
* Can't send big buffer - wproc: Core Worker seems to be choked (velripn / John Frickson)
* Too big CPU load on FreeBSD and other systems using poll() interface (cejkar)
* Flexible downtime recorded as unscheduled downtime (John Frickson)
* Service Flexible downtimes produce 1 notification before entering (John Frickson)
* Once you "set flap_detection_enabled 0" it should remove flapping state from the host/services page (John Frickson)
* New map doesn't finish loading if a logo image is not found (John Frickson)
* Extraneous Div end tag in map.html (Scott Wilkerson)
* Issue with "Problems" section (John Frickson)
* Status Map icons and online/offline status dots disappear in IE11 (John Frickson)
* New network map overlays the nagios process with objects (John Frickson)
* Added Default-Start and Default-Stop to the init script (John Frickson)
* Compile / logging issues with BSD 6
* Related to above, Fixed a lot of incorrectly handled time_t's in *printf's (John Frickson)
* New map not working for RU locale (actually, most locales) (John Frickson)
* Replaced all instances of signal() with sigaction() + blocking (John Frickson)
* UTF-8 characters like german ä are not processed properly by function url_encode (John Frickson)
* nagios worker processes can hog CPU (huxley / John Frickson)
* custom time periods that include special characters were not being handled in reports (John Frickson)
* Fixed init script to wait up to 90 seconds then kill the nagios process (John Frickson)
* No Host Groups results in wrong error message (John Frickson)
* Setup Nagios users to view specific host is not working in the new network map (John Frickson)
* statusjson.cgi fails glibc realloc truncate response output (John Frickson)
* Report Time Period does not work if an @ character is in the timeperiod name (John Frickson)
* State History does not use actual plugin long_output (John Frickson)
* Time period corruption (xoubih)
* Tactical Overview - Disabled Flap Detection Link (John Frickson)
4.1.1 - 08/19/2015
------------------
FIXES
* CGI Could not read object configuration data (broken by error in 4.1.0)
* exclude (!) not working (broken by mis-applied fix for 4.1.0)
4.1.0 - 08/18/2015
------------------
ENHANCEMENTS
* Promoted JSON CGIs to released status (Eric Stanley)
* New graphical CGI displays: statusmap, trends, histogram (Eric Stanley)
* Make sticky status for acks and comments configurable enhancement #20 (Trevor McDonald / Scott Wilkerson)
* Add host_down_disable_service_checks directive to nagios.cfg #44 (Trevor McDonald / Scott Wilkerson)
* httpd.conf doesn't support Apache versions > 2.3 (DanielB / John Frickson)
FIXES
* Fix for not all service dependencies created (John Frickson)
* Fix SIGSEGV with empty custom variable (orbis / John Frickson)
* Fix contact macros in environment variables (dvoryanchikov)
* Fixed host's current attempt goes to 1 after going to hard state (John Frickson)
* Fixed two bugs/problems: Replace use of %zd in base/utils.c & incorrect va_start() in cgi/jsonutils.c (Peter Eriksson)
* Fixed: Let remove_specialized actually remove all workers (Phil Mayers)
* Fixed log file spam caused when using perfdata command directives in nagios.cfg (shashikanthbussa)
* Fixed off-by-one error in bounds check leads to segfault (Phil Mayers)
* Added links for legacy graphical displays (Eric Stanley)
* Update embedded URL's to https versions of Nagios websites (scottwilkerson)
* Fixed doxygen comments to work with latest doxygen 1.8.9.1 #30 (Trevor McDonald)
* Fixed makefile target "html" to PHONY to fix GitHub issue #28 (Trevor McDonald)
* Fixed typo as per GitHub issue #27 (Trevor McDonald)
* Fixed jsonquery.php 404 not found error, and disabled Send Query button until form populates #43 (Scott Wilkerson)
* Fixed linking in Tactical Overview for several of the Host entries in Featured section #48 (Scott Wilkerson)
* Fixed passing limit and sort options to pagination and sort links #42 (Scott Wilkerson)
* Added form field for icon URL and clean-up when it changes in CGI Status Map. (Eric Stanley)
* Added options to cgi.cfg to uncheck sticky and send when acknowledging a problem (Trevor McDonald)
* Low impact changes to automate the generation of RPMs from nagios.spec file. (T.J. Yang)
* Update index.php (Trevor McDonald)
* Fixed escaping of corewindow parameter to account for possible XSS injection (Scott Wilkerson)
* Typo correction (T.J. Yang)
* Make getCoreStatus respect cgi_base_url (Moritz Schlarb)
* Adjusted map layout to work within frames (Eric Stanley)
* Fixed map displays are now the full size of browser window (Eric Stanley)
* Fixed labels and icons on circular markup no longer scale on zoom (Eric Stanley)
* Got all maps except circular markup working with icons (Eric Stanley)
* Fixes to make legacy CGIs work again. (Eric Stanley)
* Fixes to make all/html target tolerant of being run multiple times (Eric Stanley)
* For user-supplied maps, converted node group to have transform (Eric Stanley)
* Fixed issue transitioning from circular markup map to other maps (Eric Stanley)
* Fix displayForm to trigger on the button press (Scott Wilkerson)
* Fix fo getBBox crash on Firefox (Eric Stanley)
* Fixed map now resets zoom when form apply()'d (Eric Stanley)
* Fixed so close box on dialogs actually closes dialog (Eric Stanley)
* Corrected directive in trends display (Eric Stanley)
* Fixed minor issue with link in trends links (Eric Stanley)
* Fixed issue with map displaying on Firefox (Eric Stanley)
* Added exclusions for ctags generation (Eric Stanley)
* Update map-popup.html (Scott Wilkerson)
* Initial commit of new graphical CGIs (Eric Stanley)
* Fixed Github bug #18 - archivejson.cgi returns wrong host for state change query (Eric Stanley)
* Status JSON: Added next_check to service details (Eric Stanley)
* Fixed escaping of keys for scalar values in JSON CGIs (Eric Stanley)
* build: Include <sys/loadavg.h> if it exists. (Eric J. Mislivec)
* lib-tests: test-io{cache|broker} need -lsocket to link. (Eric J. Mislivec)
* lib-tests: test-runcmd assumes GNU echo. (Eric J. Mislivec)
* lib-tests: Signal handlers don't return int on most platforms, and using a cast was the wrong way to resolve this. (Eric J. Mislivec)
* Fix some type/format mismatch warnings for pid_t. (Eric J. Mislivec)
* Fix build on Solaris. (Eric J. Mislivec)
* runcmd: Fix build when we don't HAVE_SETENV. (Eric J. Mislivec)
* Fixed checkresult output processing (Eric Mislivec)
* Corrected escaping of long output macros (Eric Mislivec)
* Fixed null pointer dereferences in archive JSON (Eric Stanley)
* Fixed memory overwrite issue in JSON string escaping (Eric Stanley)
* JSON CGI: Now escaping object and array keys (Eric Stanley)
KNOWN ISSUES
* New map does not account for multiple parents, leaving "legacy" map as an option in the menu
4.0.8 - 08/12/2014
------------------
ENHANCEMENTS
* Removed 8 kB string size limitation in JSON CGIs (Eric Stanley)
* Re-implemented auto-rescheduling of checks (Eric Mislivec)
* Avoid bunching of checks delayed due to timeperiod constraints (Eric Stanley)
* Limit the number of autocalculated core workers to not spawn too many on large systems (Eric Mislivec, Janice Singh)
FIXES
* Removed quotes from numeric duration values in JSON CGIs (Eric Stanley)
* Fixed escaping in JSON CGIs so all required characters are escaped, and in the correct order (Eric Stanley)
* Fixed segfault in archive JSON CGI when plugin output was empty (Eric Stanley)
* Fixed several possibilities for buffer overflow (Eric Mislivec, Dirkjan Bussink)
* Fixed Tracker #582, #626: Handle VAR=VAL assignments at the start of simple commands (Eric Mislivec, Phil Randal)
* Fixed Tracker #630: Recognize '<' and '>' as redirection operators (Eric Mislivec)
* Corrected worker communication protocol documentation (Phil Mayers)
* Fixed init script to leave config test log in a better location, let sysconfig override init script variables, and not remove nagios.cmd when attempting to start with another instance running (Eric Mislivec, Robin Kearney)
* Fixed Tracker #361: Downtime notifications not displayed properly (Andrew Widdersheim)
4.0.7 - 06/03/2014
------------------
ENHANCEMENTS
* Added value of custom variables to Object JSON output for hosts, services and contacts (Eric Stanley)
FIXES
* Fixed bug #616: Unescape plugin output read from checkresult files, fix multiline perf data concatenation, and avoid extra memory allocation and copies. (Eric Mislivec)
* Fixed bug #609: Image on home page doesn't have correct image path prefix. (Derek Brewer)
* Fixed bug #608: Extra newline in service check timeout output string. (Mauno Pihelgas)
* Fixed bug #596: Crashes checking contact authorization for host escalations. (Alexey Dvoryanchikov - duplicates #590, #586)
* Fixed bug #496: Syntax error in exfoliation's common.css. (Karsten Weiss)
4.0.6 - 04/29/2014
------------------
ENHANCEMENTS
* Added name of authenticated user to JSON CGI results object (Eric Stanley)
* Added Nagios Core version to the Status JSON CGI programstatus query (Eric Stanley)
* Added daemon status to main page (Eric Mislivec)
FIXES
* Fixed bug #600: Service Check Timeout State always returns OK (0) status (Mauno Pihelgas, Eric Stanley)
* Fixed bug #583: Status Check Output of (No output on stdout) stderr: (Eric
Stanley - duplicate of bug #573)
* Fixed bug #573: Service checks returns (No output on stdout) stderr (Eric Stanley)
* Fixed bug #438: Reloads during downtime causes wrong availability calculations (Eric Stanley)
* Fixed feed updates when daemon can not access external networks (Eric Mislivec)
* Archive JSON: Fixed bugs calculating availability (Eric Stanley)
* Archive JSON: Allow missing logs to be skipped (Eric Stanley)
4.0.5 - 04/11/2014
------------------
* Fixed bug #595: Nagios 4 security fix (Alexey Dvoryanchikov, Eric Stanley)
* Fixed bug #594: Nagios 4 fix contactgroups parsing (Alexey Dvoryanchikov, Eric Stanley)
* Fixed bug #577: Nagios 4 checks stalled when write to socket failed (Alexey Dvoryanchikov)
* Fixed bug #580: Nagios 4 memory leak (Eric Stanley)
* Fixed init script to remove the switching of users when performing configuration verification which was causing failures if nagios user was set to nologin (Scott Wilkerson)
* Fixed auto creation of RAMDISK via environment variables in init script to properly check existence using $RAMDISK_DIR environment variable. (Scott Wilkerson)
* Fixed unreferenced variable NagiosVarDir in daemon-init (Eric Mislivec)
* Fixed bug where audio alerts wouldn't work with a 0 height and width - https://support.nagios.com/forum/viewtopic.php?t=26387 (Scott Wilkerson)
4.0.4 - 03/14/2014
------------------
ENHANCEMENTS
* JSON CGIs moved to beta status (Eric Stanley)
FIXES
* Fixed bug #491,#553: Rebuilt the daemon-init scripts back to something that should work on all systems (Scott Wilkerson)
4.0.3 - 02/28/2014
------------------
ENHANCEMENTS
* Aliased hourly_value to importance and minimum_value to minimum_importance and deprecated the former (Eric Stanley)
* Added host and service importance macros (Eric Stanley)
* Added notifications on flexible downtime expiration (Dan Wittenberg)
FIXES
* Bug #548: Temporary fix that rejects all external command during restart to prevent Core from crashing (Eric Stanley)
* Corrected calculation of host importance and importance defaults (Eric Stanley)
* Fixed bug #498: Nagios 4 enable_environment_macros=1 not working (Eric Stanley, Alexey Dvoryanchikov)
* No longer checks whether logs can be written when verifying configuration (Eric Stanley)
* Fixed CGI bug where the CGI could read past the end of the list of CGI variables, potentially crashing the CGI (Scott Wilkerson)
* Fixed inheritance of hourly_value from host and service templates (Scott Wilkerson)
* Fixed bug #502: 4.0.0: Configuration -> Service Escalations = incomplete list (Eric Stanley)
* Fixed bug #523: quotes and double quotes in plugin message are converted to HTML escapes in Nagios 4.0 (duplicate of bug #524)
* Fixed bug #524: URLs returned in plugin check results are not correctly displayed (Eric Stanley)
* Fixed bug where passive service checks would return "Service check timed out after 0.00 seconds" (Scott Wilkerson)
4.0.2 - 11/25/2013
------------------
FIXES
* Fixed bug 528: Nagios 4.0.1: Logrotation: Only current host- and servicestates saved in rotated logfiles (duplicate of 507)
* Fixed bug 507: Nagios 4.0.0 - Problem during log rotate (Stefano Ghelfi)
* Fixed bug 530: RPM spec file sets wrong permissions on plugins directory (duplicate of bug 494)
* Fixed bug 494: nagios.spec fixes (with patch) (Karsten Weiss)
* Fixed bug 515: Segsegv after starting up nagios (duplicate of bug 526)
* Fixed bug 513: Crash while entering downtime for service (duplicate of bug 526)
* Fixed bug 529: Core Worker failed to reap child in 4.0.1 Description
* Fixed bug 514: scheduled downtime not showing in web interface (Eric Stanley)
* Fixed bug 526: sort_downtime() corrupts scheduled_downtime_list causing segfault (Adam James)
* Fixed bug 492: Nagios 4 fails to remove/add checks upon reload (Eric Stanley)
* Fixed Bug 484: Beta4.0.0b4 service checks returning (No output on stdout) (Eric Stanley)
* Fixed Bug 470: statusmap doesn't display info (Cameron Moore)
* Fixed Bug 499: Security issue in daemon-init.in, function check_config (Tómas Edwardsson)
4.0.1 - 10/15/2013
------------------
ENHANCEMENTS
* Added compiler flags in RPM spec file to reduce compiler noise (Dan Wittenberg)
* Added logging of failure in dlclose() call (Anton Lofgren)
* Added a simple query handler interface, nagios-qh.rb (Dan Wittenberg)
* Multiple code simplifications, additional error handling in downtime code (Andreas Ericsson)
FIXES
* Reverted commit f99a9a7b which set check_interval to 1 if it was configured as zero.
* Corrected order of arguments when logging unknown hosts/services (Scott Wilkerson)
* Downtime initialized before retention data read (Eric Stanley)
* Patches to make RPM build again (Dan Wittenberg)
* Ensure that scheduled_downtime_depth never drops below zero (Andreas Ericsson)
4.0.0 - 09/20/2013
------------------
See http://nagios.sourceforge.net/docs/nagioscore/4/en/whatsnew.html for a
list of the changes in Nagios Core 4