SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for centreon-web-20.04.19-lp154.2.1.noarch.rpm :

* Fri Oct 01 2021 Andreas Kwast - update to 20.04.19 Enhancement Compatibility with PHP 7.3 Security fixes Fixed session on account deletion
* Sat Sep 18 2021 Andreas Kwast - update to 20.04.18 Security fixes [Install] Rights applied to \"centreon.conf.php\" and \"conf.pm\" [OpenId] Secret tokens obfuscation [Resource status] Fixed error based SQLi on resources GET\'s endpoint
* Mon Aug 02 2021 Andreas Kwast - update to 20.04.17 Bugfixes [Core] Unserialize in CentreonUtils is blocked by QualityGate [Core] Update copyright date [Graph] Can\'t get a graph with autologin key [LDAP] Fixed LDAP auto-sync is always skipped [LDAP] LDAP\'s My account issue [i18n] Fix typo in error message
* Sat Jul 24 2021 Andreas Kwast - update to 20.04.16 Bugfixes [Configuration] InfluxDB configuration columns are deleted in Broker form Security fixe [Configuration] Input sent to unserialize() are not sanitized [Configuration] SQL Injection on commands [Configuration] SQL Injection on host dependency [Configuration] SQL Injection on hostgroup dependency [Configuration] SQL Injection on metaservice [Configuration] SQL Injection on metaservice dependency [Configuration] SQL Injection on service categories [Configuration] SQL Injection on service dependency [Configuration] SQL Injection on servicegroup [Configuration] SQL Injection on servicegroup dependency [Configuration] SQL Injection on timeperiod [Configuration] XSS Stored on checks command [Core] Manage security acknowledgement
* Mon Jun 21 2021 Andreas Kwast - update to 20.04.15 Bugfixes [Core] Fixed broken configuration export
* Sat Jun 05 2021 Andreas Kwast - update to 20.04.14 Bugfixes [Administration] Broker statistics for pollers are not shown [APIv1] Cannot send external commands anymore [APIv2] Unable to use v2 api (internal server error) [APIv2] Can not authenticate using API when database name and database username are different from default [Core] Avoid 404 redirection [Install] Cannot update when you have no metaservices Security fixes [Administration] Import of JS in image files [Administration] Insecure media file upload [Administration] SQL Injection on ACL actions [Administration] SQL Injection on ACL resources [Administration] SQL Injection on reload ACL [Configuration] SQL Injection on MediaWiki [Configuration] SQL Injection on SNMP trap manufacturer [Configuration] SQL Injection on poller form [Configuration] Unserialize() are not sanitized in Centreon Broker wizard [Configuration] Unserialize() are not sanitized in poller wizard [Configuration] XSS reflected on Graph performance curves [Configuration] XSS reflected on SNMP trap [Configuration] XSS reflected on internal API broker configuration [Graph] SQL Injection on Graph component templates [Graph] SQL Injection on Graph generate image [Install] Packaging, remove . gitignore files [Reporting] SQL Injection on reporting export Performance [ACL] ACL are computed every time for BV [Generation] Bulk insert in index_data during config generation [Purge] Purge of index_data is taking too long because of suboptimal SQL query
* Fri May 14 2021 Andreas Kwast - update to 20.04.13 Bugfixes [Administration] Cannot list Pollers in Centreon Engine statistics [Configuration] Configuration output can lead to an empty broker configuration [Configuration] Hosts/services templates become simple hosts/services [Configuration] Wrong number of services/pages to display [Monitoring] Cancelled BA downtime from Downtime menu [Purge] Script can\'t drop several partitions Security fixes [Administration] User can install or delete modules with no ACL rights [Configuration] Cross-site Scripting (XSS) Stored/Persistent in Dependency/Notification form [Configuration] SQL injection in user additional information [Configuration] Stored XSS in host Alias for host form [Core] Predictable anti-CSRF token [Graph] SQL Injection on graph periods [Graph] SQL Injection on graph split [Lib] Update centreon vulnerable packages [Resources Status / Service Details] Passwords are displayed in command line [Resources Status / Service Details] Passwords field for EXTRAOPTIONS is not hidden in command lin
* Fri Apr 09 2021 Andreas Kwast - update to 20.04.12 Bugfixes [Lib] Update moment-timezone to manage new timezones [Resources Status] Error when getting the command line for Meta Service detail Security fixes [APIv2] API realtime rights give API configuration rights
* Tue Mar 30 2021 Andreas Kwast - update to 20.04.11 Bugfixes [CLAPI] CFGMOVE & APPLYCFG don\'t work [Core] Update centreon copyright dates [Install] Complete the Last step upgrade redirection [Administration/About] Update about page with current team Security fixes [Core] Cross-site Scripting (XSS) in index.php [Lib] Update jQuery to version >= 3.5.1
* Sun Feb 28 2021 Andreas Kwast - update to 20.04.10 Enhancements [Configuration] Add the \'instance_heartbeat_interval\' parameter in Engine configuration [Configuration] Improve access to the list of pollers [Core] Performance improvements for partitioning [Core] Update PHP 7.3 compatibility [Core] Use Gorgone to dispatch downtimes locally [Status Details] Display of comments in the host details page [Top counters] Displayed values for services don\'t consider host acknowledgements Bugfixes [CLAPI] No control on dependencies relations [Configuration] Non-admin users can\'t create host/service Security fixes [Administration] Cross-site Scripting (XSS) Stored/Persistent in \"ACL > Resources Access\" - CVE-2020-22425 [Administration] XSS stored in the LDAP form [Apache] Remove deprecated TLS ciphers [Authentication] Session is active longer than expected [Authentication] User enumeration in login page [Configuration] Cross-site Scripting (XSS) Reflected in \"Configuration > Hosts\" [Core] Vulnerable handlebars.js library [Reporting] Cross-site Scripting (XSS) Reflected in \"Dashboard > Hosts\"
* Fri Feb 12 2021 Andreas Kwast - update to 20.04.9 Bugfixes [CLAPI] APPLYCFG on a Poller behind a Remote Server doesn\'t trigger sync task for the RS itself [CLAPI] Cancel RTACKNOWLEDGEMENT doesn\'t work for services [CLAPI] Create user with language [CLAPI] Import fails on password type macros [CLAPI] Show RTACKNOWLEDGEMENT for a service only shows first one to have been defined [UX] Remplace \"Test Proxy Configuration\" with \"Test Internet Connection\" Security fixes [ACL/Access Groups] Cross-site Scripting (XSS) Stored/Persistent for search [ACL/Actions Access] Cross-site Scripting (XSS) Stored/Persistent for search [ACL/Resources Access] Cross-site Scripting (XSS) Stored/Persistent for search [API] Missing access control mechanism in rest API v1 [Configuration > Servicegroups] Leak of technical information [Configuration/H/HTPL/S/STPL] Password in plain text [Core] Centreon token is vulnerable against replay attack [Core] Token usage is not mandatory [Media] PHP warning about missing tmp dir used during media upload Enhancements [Configuration] Add a special variable for trap OID [Performance] Disable UI notification mechanism if not needed by user Bugfixes [Authentication] Invalid credentials after edit profile change with special characters [Authentication] New LDAP configurations are broken [Authentication] Reach Centreon Front-end parameter ineffective [CLAPI] Export does not export default contactgroup linked to a LDAP configuration [Configuration] Massive change on contact uses replacement instead of incremental method [Configuration] PHP Warning while creating a Centreon Engine configuration [Configuration] Unable to save log level in Centreon Engine form [Graphs] Performance graph legend does not update dynamically [Knowledge Base] Access to mediawiki is very slow Security fixes [Apache] Lack of click diversion protection (Clickjacking) [Apache] Support for the HTTP TRACE method [Apache] Uncorrect HTTPS declaration of SSLCipherSuite in Centreon example file [Configuration] Cross-site Scripting (XSS) Stored/Persistent in Connectors & commands form [Configuration] Cross-site Scripting (XSS) Stored/Persistent in Contact Groups form [Configuration] XSS in updateContactParam.php & commonJS.php [Media] Unrestricted file upload [Monitoring/Legacy pages] Too much \"Unable to hide passwords in command\"
* Thu Nov 26 2020 Andreas Kwast - update to 20.04.7 Enhancements [Event View] Add filters in timeline for hosts details page [Event View] Add filters in timeline for services details page [Event View] Add shortcuts for hosts details page [Event View] Add shortcuts for services details page [Event View] Display info in timeline for hosts details page [Remote Server] Add the possibility to configure mail for users [Remote Server] Hide the \"Configure host / service\" buttons from monitoring legacy pages Bug fixes [API] Service groups search not working [Administration] \'options\' table for centreon database is sometimes empty [Administration] Script centreon-backup errors [CLAPI] Export clapi duplicates contacts [Configuration] Check for illegal characters when creating hosts [Configuration] Radio buttons for \"InfluxDB - Storage - InfluxDB\" output not working properly for Centreon Broker form [Core/Partitioning] Partitioning starts at epoch [Core] Perl lib db query bad looping parameters [Core] Too much rows in extended_service_informations tables [Custom Views] Select2 popin error on custom view sharing [Event View] Bad date in x-axis (Invalid date) for graph [Event View] Cannot search with regex using \"+\" character [Event View] Internal Server Error when using wildcard in search field [Event View] Missing severity icon/number in Events view when severity is defined for a service [Event View] Severity on host is not visible [Event View] Tries column is not filled when service state is SOFT [Event View] When you click on \"My Filter\" in the list, you get a white page [Event logs] Inoperative filters when exporting [Install] Do not modify the APP_SECRET key on update [Install] Infinite loading page after login - New installation on CentOS 7 using unattended.sh [Monitoring/Legacy pages] Severity on host is not visible [Reporting] Dashboard won\'t build when having service by hostgroup Security fixes [Administration] Password in plain text in \"Administration > Logs\" [Core] Update moment.js library [Install] Directory Listing [Media] Broken authentication of uploaded files [Monitoring] Blind SQL Injection in \"Monitoring > Downtimes > Downtimes\" [custom Views] List of user accounts in custom view
* Mon Nov 02 2020 Andreas Kwast - update to 20.04.6 Enhancements [Event View] Be able to create and save filters [Event View] Be able to filter on status output [Event View] Be able to re order manage saved filters [Event View] Be able to re-order filter name [Event View] Be able to rename and delete saved filters [Event View] Be able to use custom filters [Event View] Host details - Display info in the timeline [Event View] Service details - Display info in the timeline Bug fixes [ACL] Incorrect inheritance of categories/severities for services [API] Acknowledgement : inconsistency between doc & payload [CLAPI] Add getparams [CLAPI] Carriage return and line feed breaks comments [Configuration] Dependencies not deleted when last parent deleted [Configuration] Improve message to use Remote Server as proxy [Configuration] Issue with anomaly detection json output and proxy [Configuration] Unable to import MIB [Dashboard] Time is shown in epoch format on the dashboard timeline [Event View] Fail in pagination [Event View] Graph: \"invalide date\" displayed when switching the period + French wrong translation [Event View] Refresh the panel when the user clicks on the refresh button in details pages [Event View] When you empty the ack windows, it starts an infinite load [Event View] Information on screen not updated after checks [Eventlog] Acknowledged alerts status show \"OK\" but it\'s wrong [Graphs][legacy pages] 1000/1024 graph template ignored [Internal/API/Chart] Centreon db configuration name hard coded [Monitoring] Status output not correctly displayed with chinese characters [Remote-Server] incorrect url to contact Centreon Central Server [UI] Incoherent paging information display [Widgets] Can\'t change position of widgets [Widgets] Parameters are deleted when importing/deleting/importing a custom view Security fixes [API] Information Disclosure in centreon_wiki internal API [API] Cross-site Scripting (XSS) Reflected in centreon_wiki internal API [Administration] Horizontal privilege escalation / session takeover [Configuration] Cross Site Scripting in widget rename [Configuration] RCE in SNMP trap import [Configuration] SQL Injection in \"Configuration > Host categories\" [Configuration] SQL Injection in \"Configuration > Service Groups\" [Configuration] SQL Injection in \"Configuration > Service categories\" [Knowledge-Base] Password in plain text in \"Configuration > Knowledge base\" menu [Platform Status] Fix vulnerability for file loading
* Wed Aug 12 2020 Andreas Kwast - update to 20.04.5 Bug fixes [Reporting] Reporting is broken when a host is renamed [Monitoring] Service limit when sending an external command [Monitoring] Fix API v1 host filters [Events view] Services attached to host are not all acknowledged in some cases [Events view] Inconsistent french display [CLAPI] APPLYCFG rises errors for hosts with disabled host templates [Configuration] Notifications are sent to wrong contacts when using services by host groups [LDAP] Legacy errors in logs [CEIP] centreon-send-stats.php script failed when one script fails [Host Discovery] Better handle not submitted values for proxy [Host Discovery] Cannot find local monitoring server when having 10+ Pollers [Anomaly Detection] Wrong generated Broker configuration for LUA Security [Cron] Privilege Escalation from backup crontab [Custom views] SQL injection in loadServiceFromHost [Custom views] Missing access control mechanism in widget action [Custom views] Missing access control mechanism in widget preferences [Monitoring] XSS in setHistory.php and commonJS.php [Monitoring] Missing access control mechanism in hostSendCommand/ serviceSendCommand [Configuration] Post Restart Command must be runned by Gorgone [Configuration] SQL injection in Knowledge Base pages [Configuration] SQL injection in centreonTraps.class.php [Administration] SQL injection in \"Administration > Parameters > Data\" Enhancements [Web] Add HTTP2 compatibility (see https://docs.centreon.com/current/en/administration/secure-platform.html#enabling-http2)
* Thu Jul 16 2020 Andreas Kwast - update to 20.04.4 Bug fixes [Reporting] Host availability is wrong due to Broker changes [Reporting] Planned downtime are wrongly managed when cancelled [Eventlog] Host logs are not displayed when using filter [Configuration] Sanitize geocord value in the form [Configuration] Wrong command line avoid notification for meta-services [PPM] Missing icons on hosts created using Plugin Packs [Events view] Manage ACL on planned downtime actions (frontend) [Events view] Graph: Manage \"micro\" units (like second) and make them readable [Events view] When a curve is always at 0, the tooltip & data are not displayed [Web] No top counter for hosts and services [Trap] Fix saved value in the form [Backup] Unable to mount EXT4 partitions Security [Eventlog] SQL injection in \"include/eventLogs/xml/data.php\" [Configuration] SQL injection in \"Configuration > Servicegroups\" [EventLog] SQL injection in EventLog [Monitoring] SQL injection in graphTemplates.php [Monitoring] SQL injection in Graph (export CSV) [Monitoring] SQL injection in Graph (export XML) [Configuration] Missing access control mechanism in Gorgone configuration generation [API] CORS issue on \"/monitoring/resources\"
* Wed Jun 17 2020 Andreas Kwast - update to 20.04.3 Enhancements [CLAPI] Add possibility to get childs of a host using CLAPI Bug fixes [Configuration] Wrongly linked service template in service group [Configuration] Add Gorgone configuration export for Central [Front] Centreon is now correctly rendered in Apple Safari [CLAPI] Import CLAPI doesn\'t fail anymore when your import file contains thousands of lines [API] Fix RTDOWNTIME issues #8254: it returns all RTDOWNTIMEs satisfying the given filters, instead of only the first one (a host or service can have several downtimes in place) it allows to set a RTDOWNTIME on host only (without associated services) (currently the 8th parameter of the RTDOWNTIME -a add command is not correctly proceeded). [Authentication] Authentication now correctly switches from LDAP to local when appropriated [PluginPacks] No more error when installing a plugin pack due to media [Events view] You\'re not automatically redirected to the events view when it\'s not your default page [Events view] Translation is now correctly handled [Events view] ACL are now handled on aknwoledgement actions [Events view] Graphs: you can now hide/show curves [Events view] Graph: roboto correctly set everywhere [Events view] Correctly hide password in the commands you see in the detail panel Security [Web] RCE using command line path\'s argument (CVE-2020-12688) [Web] DoS issue in include/eventLogs/xml/data.php- update to 20.04.2 Due to a generation problem, 20.04.1 and 20.04.2 versions are both included in 20.04.2 version. Enhancements [APIv2] Translate all text messages returned from API v2 [Doc] Explain in FAQ chapter how to use HTTPS and correct Apache configuration [EventView] Help : Add tips to help users using regexp [UI] : Add \"Asia/Yangon\" timezone Bug fixes [Backend] host-graph-v2 do not display all graph > graph endpoint issue ? [EventView] Header gets fully selected when searching [EventView] Icon for Downtime button is missing in Events View [EventView] Manage timezone in Graphs [EventView] Manage timezone in details panel [EventView] Wrong latency with forced check [Install] Harden Gorgone config generation at upgrade [KB] Each execution of cron synchronization generate temporary CURLCOOKIE [Monitoring] Correctly compute downtime duration Security Fix SQL Injection in makeXMLForAck.php
* Mon Apr 27 2020 Andreas Kwast - initial version for Centreon 20.04
  
ICM