RPM Search

Changelog for centreon-web-19.10.23-1.89.noarch.rpm :

* Thu May 06 2021 ecsos - Update to 19.10.23
* Tue Apr 06 2021 ecsos - Update to 19.10.22
* Wed Mar 24 2021 ecsos - Update to 19.10.21
* Bug fixes - [Core] Update centreon copyright dates - [Install] Complete the Last step upgrade redirection - [Administration/About] Update about page with current team
* Security fixes - [Core] Cross-site Scripting (XSS) in index.php - [Lib] Update jQuery to version >= 3.5.1
* Wed Feb 24 2021 ecsos - Update to 19.10.20
* Bug fixes - [Configuration] Non-admin users can\'t create host/service - [Core] PHP 7.3 issue with recurrent downtimes
* Security fixes - [Administration] Cross-site Scripting (XSS) Stored/Persistent in Ressource Access form - [Administration] XSS stored in the LDAP form - [Apache] Remove deprecated ciphers for HTTPS configuration example - [Authentication] Session is active longer than expected - [Authentication] User enumeration in login page - [Configuration] Cross-site Scripting (XSS) Reflected in Hosts form - [Core] Vulnerable handlebars.js library - [Reporting] Cross-site Scripting (XSS) Reflected in \"Dashboard > Hosts\" page - [Service details] Too much \"Unable to hide passwords in command\"
* Thu Feb 04 2021 ecsos - Update to 19.10.19
* Bug fixes - [CLAPI] Create user with language - [CLAPI] Import fails on password type macros
* Security fixes - [ACL/Access Groups] Cross-site Scripting (XSS) Stored/Persistent for search - [ACL/Actions Access] Cross-site Scripting (XSS) Stored/Persistent for search - [ACL/Resources Access] Cross-site Scripting (XSS) Stored/Persistent for search - [API] Missing access control mechanism in rest API v1 - [Configuration > Servicegroups] Leak of technical information - [Configuration/H/HTPL/S/STPL] Password in plain text - [Core] Centreon token is vulnerable against replay attack - [Core] Token usage is not mandatory - [Media] PHP warning about missing tmp dir used during media upload
* Thu Jan 21 2021 ecsos - Update to 19.10.18
* Bug fixes - [Apache] apache example file for https declaration of SSLCipherSuite - [Authentication] Reach Centreon Front-end parameter ineffective - [LDAP] new LDAP configurations are broken - [Login] Invalid credentials after edit profile changes
* Security fixes - [Apache] Support for the HTTP TRACE method - [Configuration] Leak of technical information in “Configuration > Service Groups” - [Configuration] Cross-site Scripting (XSS) Stored/Persistent in “Commands > Connectors” - [Configuration] Cross-site Scripting (XSS) Stored/Persistent in “Users > Contact Groups” - [Media] Unrestricted file upload - [Monitoring] XSS in updateContactParam.php & commonJS.php
* Thu Nov 26 2020 ecsos - Update to 19.10.17
* Enhancements - [Remote Server] Add the possibility to configure mail for users - [Remote Server] Hide the “Configure host / service” buttons from monitoring legacy pages
* Bug fixes - [Administration] ‘options’ table for centreon database is sometimes empty - [Administration] Quiet SSH for Engine statistics collection - [Administration] Script centreon-backup errors - [CLAPI] Export clapi duplicates contacts - [Core/Partitioning] Partitioning starts at epoch - [Core] Perl lib db query bad looping parameters - [Core] Too much rows in extended_service_informations tables - [Custom Views] Select2 popin error on custom view sharing - [Event logs] Inoperative filters when exporting - [Graphs] Performance graph legend does not update dynamically - [Reporting] Dashboard won’t build when having service by hostgroup
* Security fixes - [Administration] Password in plain text in “Administration > Logs” - [Apache] Lack of click diversion protection (Clickjacking) - [Core] Update moment.js library - [Media] Broken authentication of uploaded files - [Monitoring] Blind SQL Injection in “Monitoring > Downtimes > Downtimes” - [Custom Views] List of user accounts in custom view- Changes from 19.10.16 Newly shared views do not break widget preferences. But, if you have already broken widget preferences for users who add a shared view, you’ll need to : - Login centreon web with the user who share the custom view - Switch to the custom view with broken preferences for other users - Click on “Share view”, and then click on “Share” This will restore preferences for other users
* Bug fixes - [ACL] Incorrect inheritance of categories/severities for services - [CLAPI] Add getparams - [CLAPI] Carriage return and line feed breaks comments - [Configuration] Dependencies not deleted when last parent deleted - [Dashboard] Time is shown in epoch format on the dashboard timeline - [Eventlog] Acknowledged alerts status show “OK” but it’s wrong - [Graphs][legacy pages] 1000/1024 graph template ignored - [Monitoring Status output not correctly displayed with chinese characters - [Remote-Server] incorrect url to contact Centreon Central Server - [Widgets] Can’t change position of widgets - [Widgets] Parameters are deleted when importing/deleting/importing a custom view
* Security fixes - [API] Information Disclosure in centreon_wiki internal API - [API] ]Cross-site Scripting (XSS) Reflected in centreon_wiki internal API - [Administration] Horizontal privilege escalation / session takeover - [Configuration] Cross Site Scripting in widget rename - [Configuration] RCE in SNMP trap import - [Configuration] Vulnérabilités d’injections SQL in “Configuration > Host categories” - [Configuration] Vulnérabilités d’injections SQL in “Configuration > Service categories” - [Configuration] ]Vulnérabilités d’injections SQL in “Configuration > Service Groups” - [Knowledge-Base] ]Password in plain text in “Configuration > Knowledge base” menu
* Mon Aug 31 2020 ecsos - Update to 19.10.15
* Enhancements - [Backend] HTTP2 compatibility
* Bug fixes - [CEIP] centreon-send-stats.php script failed when one script fails - [Configuration/CLAPI] APPLYCFG rises errors for hosts with disabled host templates - [Configuration] Notifications are sent to wrong contacts when using services by host groups - [Configuration] improve message to use Remote Server as proxy - [Dashboard] Reporting is broken when a host is renamed - [LDAP] legacy errors in the logs - [Monitoring] Correct API v1 host filters - [Monitoring] Service limit when sending an external command
* Security fixes - [Administration] SQL injection in “Administration > Parameters > Data” - [Configuration] RCE in Post command execution - CVE-2019-19699 - [Configuration] SQL injection in Knowledge Base pages - [Configuration] SQL injection in centreonTraps.class.php - [Custom views] Missing access control mechanism in widget action - [Custom views] Missing access control mechanism in widget preferences - [Custom views] SQL injection in loadServiceFromHost - [Monitoring] Missing access control mechanism in hostSendCommand/ serviceSendCommand - [Monitoring] XSS in setHistory.php and commonJS.php - [Platform Status] Fix vulnerability for file loading
* Mon Jul 13 2020 ecsos - Update to 19.10.14
* Bug fixes - [Backup] Unable to mount ext4 partitions (PR #8770) - [Configuration] Invalid check command prevent notification of meta-services (PR #8783) - [Reporting] Scheduled downtimes are wrongly managed when cancelled (PR #8775) - [Trap] Remove default value when options are configured (PR #8767)
* Security fixes - [Backup] Privilege escalation from backup cron - [Configuration] Sanitize geocoords values in the form - [Web] Multiple SQL injections
* Tue Jun 09 2020 ecsos - Update to 19.10.13
* Enhancements - [Clapi] Add possibility to get children of a host (PR #7982)
* Bug fixes - [Configuration] Wrongly linked service template in service group (PR #8589) - [Clapi] Import failure (PR #8724) - [Clapi] Fix/Improve RTDOWNTIME (PR #8275) - [Auth] Authentication type does not fallback from LDAP to local automatically (PR #8713) - [Monitoring] Service groups not displayed when no services found into it (non-admin users) (PR #8529) - [PPM] Remove media error when inserting a plugin (PR #8732)
* Security fixes - [Web] DoS issue in include/eventLogs/xml/data.php - [Web] RCE using command line path’s argument (CVE-2020-12688)