Changelog for centreon-common-21.10.13-lp154.1.1.noarch.rpm :

* Tue Dec 06 2022 Andreas Kwast - update to 21.10.13 Security fixes [Authentication] Improved autologin access- update to 21.10.12 Bug fixes [Install] Fixed SQL update on Centreon realtime database- update to 21.10.11 Bug fixes [Configuration] Fixed export of RRDcached path in Centreon Broker configuration [Core] Improved database storage to avoid blocking Broker when maximum values are reached Security fixes [Administration] Sanitized and bound media import queries [CLAPI] Sanitized and bound Centreon hostgroup class queries [CLAPI] Sanitized and bound Centreon service class queries [CLAPI] Sanitized and bound LDAP listing queries [Configuration] Fixed SQLi in contact groups form [Configuration] Fixed SQLis in Centreon Broker configuration menu [Configuration] Sanitized and bound Centreon Service class queries [Configuration] Sanitized and bound Centreon hostgroups class queries [Configuration] Sanitized and bound Centreon notification class queries [Configuration] Sanitized and bound Knowledge Base host listing queries [Configuration] Sanitized and bound SNMP traps groups configuration queries [Configuration] Sanitized and bound SNMP traps listing queries [Configuration] Sanitized and bound host categories listing queries [Configuration] Sanitized and bound service by hostgroups listing queries [Configuration] Sanitized and bound services listing queries [Core] Sanitized and bound menu topology listing queries [Install] Sanitized and bound default configuration queries Others [Core] Removed obsolete code in ACL configuration listing [Core] Removed obsolete code in Criticality class [Core] Removed obsolete code in database partitioning functions [Core] Removed obsolete code in legacy service detail page [Core] Removed obsolete code in monitoring common functions [Core] Removed unused mechanism for modules to add restart/reload actions after restart of pollers- update to 21.10.10 Bug fixes [Administration] Fixed selection of options in second select box in ACL Group configuration page [Configuration] Fixed an error in the Configuration > Services > Templates menu causing HTML code to be displayed [Configuration] Fixed error that occurred when duplicating a Remote Server [Core] Cleaned code in forMyAccount [Core] Corrected escapeSecure usage [Widgets] Restored possibility to not select a poller in preferences Security fixes [Administration] Sanitized and bound Centreon ACL class queries [CLAPI] Added a check to verify that the user has the admin role [CLAPI] Sanitized and bound CLAPI poller configuration queries [Configuration] Fixed SQLi in poller\'s resource creation [Configuration] Sanitized and bound Meta Service configuration queries [Configuration] Sanitized and bound command configuration queries [Configuration] Sanitized and bound graph configuration queries [Configuration] Sanitized and bound queries in centreonConnector file [Configuration] Sanitized and bound queries in contactgroup file [Configuration] Sanitized and bound queries in listServiceCategories file [Configuration] Sanitized and bound queries in listVirtualMetrics file [Configuration] Sanitized and bound queries in service argumentsXml file [Configuration] Sanitized and bound queries in service host categories file [Configuration] Sanitized and bound queries in servicegroup_dependency file [Configuration] Sanitized and bound templates of service listing queries [Monitoring] Fixed XSS vulnerability in deprecated services status details page
* Wed Sep 07 2022 Andreas Kwast - update to 21.10.9 Enhancements [Install] Improved error handling during installation Bug fixes [CLAPI] Column names were displayed several times when listing recurrent downtimes [Configuration] Extended the size of the URL, Notes and Action URL fields to avoid truncating long URLs [Configuration] Fixed a regression: multiple trap definitions can use the same OID again [Configuration] Fixed contact/contactgroup additive inheritance configuration using massive change [Core] Fixed SQL queries when databases names contained a dash [Core] Fixed the database partitioning for MySQL 8 [Monitoring] Fixed deletion of comments [Monitoring] Fixed the \"Last_update\" column in legacy pages [Widget] Fixed hostgroup multiple selection Security fixes [Administration] Sanitized SQLi in media synchronization [Administration] Sanitized and bound ACL group queries [Administration] Sanitized and bound ACL menus definitions queries [Administration] Sanitized and bound Auth class queries [Administration] Sanitized and bound queries in ACL actions definition [Configuration] Fixed an XSS vulnerability in the Broker configuration page [Configuration] Fixed an XSS vulnerability in the service template form [Configuration] Sanitized and bound \"poller\" queries [Configuration] Sanitized and bound contact form queries [Configuration] Sanitized and bound downtime queries [Configuration] Sanitized and bound escalation form queries [Configuration] Sanitized and bound hosts dependencies configuration queries [Configuration] Sanitized and bound hosts queries [Configuration] Sanitized and bound queries in Centreon Broker configuration listing [Configuration] Sanitized and bound queries in CentreonXMLBGRequest class [Configuration] Sanitized and bound queries in Meta Services dependency configuration [Configuration] Sanitized and bound queries in generateImage file [Configuration] Sanitized and bound queries in hostgroups dependency configuration [Configuration] Sanitized and bound queries in virtual metrics configuration [Configuration] Sanitized and bound service configuration queries [Configuration] Sanitized and bound service dependency queries [Configuration] Sanitized and bound timeperiod form queries [Core] Cleaned code in centreonUser.class.php [Core] Updated PHP libraries for security issues [Cron] Fixed SQL queries when databases names contain dash [Install] Sanitized and bound update queries [Monitoring] Sanitized SQLi in Centreon centreonGraph class- update to 21.10.8 Security [Configuration] Fixed SQLi vulnerability in escalations configuration [Configuration] Fixed XSS vulnerability in escalations configuration
* Wed Jun 22 2022 Andreas Kwast - update to 21.10.7 Bug Fixes [API] Fixed /monitoring/host endpoint to return service state [API] Fixed SQL syntax when retrieving service_id field [Business Activity] Fixed synchronization of configuration with Remote Server [Configuration] Fixed export when host group is disabled [Configuration] Fixed export when service group is disabled [Configuration] Fixed export when service template is disabled [Core] Fixed database partitioning issue with MySQL 8 [Dashboard] Fixed displaying of first service in host reporting dashboard [Discovery] Fixed critical error when searching host templates with notification option in mappers configuration [Install] Fixed error when installing Centreon with remote DBMS [Monitoring] Fixed notification number in legacy pages [Remote Server] Fixed synchronization of configuration [Resource Status] Fixed color when resources are selected in downtime or acknowledged [UX] Fixed timezone when adding a downtime or an acknowledgement [UX] Follow user configuration for Date/Time display [Widget] The list of pollers is now filtered according to the user\'s ACLs Security [Security] Fixed RCE in command [Security] Fixed SQLi in virtual metrics [Security] Sanitize and bind \"hostgroups\" queries [Security] Sanitize and bind \"meta_service\" related queries [Security] Sanitize and bind \"poller\" queries [Security] Sanitize and bind ACL resources queries
* Tue May 03 2022 Andreas Kwast - update to 21.10.6 Bug Fixes [API] Fixed an issue in the icons API endpoint that always returned 0 for total number of results [Banner] Fixed display of empty skeleton [Charts] Fixed slowdown in graphics display [Configuration] Fixed an issue that caused the export of the poller configuration files to fail when a disabled host template was used [Configuration] Fixed checkbox selection after enabling/disabling a contact via icons [Core] Fixed an issue where proxy settings were saved with empty parameters [Install] Fixed an issue in database user creation with remote DBMS [Monitoring] Fixed display of acknowledgement information in legacy Resources Status pages [Monitoring] Fixed relation issue for recurrent downtimes [Reporting] Fixed an issue where MBI graphs reports were not using graph templates [Resources Status] Fixed default settings for acknowledgments and downtimes [Resources Status] Fixed display of acknowledgements comments [Resources Status] Fixed Hard/Soft translation [Resources Status] Fixed monitoring command that was not displayed in Resources Status Details panel [UX] Fixed display of date with UTC timezone in datepickers [UX] Improved interface response time if CEIP is enabled but the browser does not have internet access Security Fixes [Apache] Fixed cookies with missing or contradictory properties [Apache] HTTPS Apache configuration now includes HSTS [Configuration] Fixed an SQL injection issue in Configuration > Poller > Resources [Core] Passwords are now obfuscated in the page\'s HTML source [Core] Replace Math.random by Crypto JS API [PHP] Disabled allow_url_fopen in PHP
* Mon Mar 28 2022 Andreas Kwast - update to 21.10.05 Security Fixes [Administration] SQL Injections on ACL group listing [Administration] SQL Injection on Knowledge Base configuration form [Administration] SQL Injections on LDAP listing [Configuration] Command path traversal resulting in RCE on command edition form [Configuration] SQL Injection on export configuration [Configuration] SQL Injections on SNMP traps edition form [Core] RCE in legacy PHP\'s class autoload [Monitoring] SQL Injection on performance curve edition form
* Wed Mar 09 2022 Andreas Kwast - update to 21.10.04 Enhancements [Authentication] Autologin Validation reinforcement [Install] Set broker retry interval to 15s instead of 60s [Performance] Improve SQL queries to use index [Reporting] Add select2 to hostgroup and servicegroup reporting dashboards [Resource Status] Added custom variables definition in URL/Action URL [Resource Status] Create new filter on type of status (Hard or Soft) [Stats] Manage exception for statistics [UX] Add TheWatch url to Centreon footer Bug Fixes [APIv2] Fixed criticality null return for monitoring endpoint [Apache] Fixed SNMP MIB import mib with new mod_security rule definition [Authentication] Improve LDAP authentication and authorization [Authentication] Remove deadlocks on token deletion [Configuration] A regression in the host/host template configuration form caused the inherited macros to be saved as owned by the host/host template instead of being inherited. This can be seen as the loss of orange coloration. To undo this unwanted change, remove the macros from the list and they will be inherited again. [Configuration] Contact template properties not exported with the contact [Configuration] Fixed an infinite loop in export of configuration [Configuration] Fixed an issue in the contact form. When a non-admin user modified another non-admin user, only access groups that were common to both users were kept, other access groups were lost for the second user. [Configuration] Fixed an issue in the contact form: when a non-admin user modified a duplicated contact, it resulted in a blank screen [Configuration] Wizard doesn\'t insert anymore old logger configuration [Monitoring] Fixed deletion of comments [Reporting] Fixed timeperiod selection in dashboards when changing resource [Resources Status] Change \"resource\" by \"type\" in Resource status filter menu [Resources Status] Contents cropped in many tiles in French [Resources Status] Fixed display of old downtimes [Resources Status] Removed the tooltips on hover for urls [Resources Status] Rework Detail panel chip: hostgroup/servicegroup Security Fixes XSS reflected from plugin\'s metric output XSS in reporting dashboard
* Wed Feb 16 2022 Andreas Kwast - update version 21.10.3 Bug Fixes [Graph] Fixed display of additional graph if it came from Resources Status [Install] Fixed SQL request syntax error for cron with MySQL 8 [Resources Status] Fixed display of meta-services [Resources Status] Fixed graph unit displayed twice [Resources Status] Fixed saving a filter on an existing name [Resources Status] Take the default downtime options to set downtime [UX] Fixed random disconnection since update to Centreon 21.10
* Mon Jan 24 2022 Andreas Kwast - update version 21.10.2 Enhancements [Administration] Display the name of the object that has been modified in the detail form of logs [Authentication] Removed token display in login debug file [UI] The top-counter menu for pollers is now refreshed immediately after enabling the \"Export button\" in the user\'s profile Bug Fixes [API] Fixed the access to API is account doesn\'t have access to GUI [Authentication] Fixed LDAP OU quote connection breaking [CLAPI] Fixed an issue preventing ACLs from applying on services created with CLAPI [CLAPI] Fixed error with LDAP configuration ID [Configuration] Fixed SNMP Trap matching with service linked to multiple hosts [Configuration] Fixed an issue that caused the Anomaly Detection services to lose their graphs when they were renamed [Configuration] Fixed an issue that caused the loss of broker output configuration [Configuration] Fixed an issue that prevented from removing the SNMP community (and other fields) from the host form [Configuration] Fixed the wizard for adding a new server that did not add it [Configuration] Fixed unwanted writes into unexisting file when exporting Traps config at the same time as a trap arrives. Based on PR #9973. Fixes issue #4236. [MBI] Fixed CBIS process trying to get contact_js_effects column that no longer exists [Resource Status] Fixed graph tooltip
* Fri Jan 07 2022 Andreas Kwast - update version 21.10.1 Bug Fixes [Authentication] Fixed PHP error when debug is enabled with OIDC authentication [Configuration] Fixed the list of host template that was not available if the database name was different from the default [UX] Non admin user do not have the same submenu subsections [UX] Remove \"Animation effects\" option
* Fri Jan 07 2022 Andreas Kwast - initial version 21.10.0 Enhancements [Authentication] Improve OIDC support (OpenId Connect) Add Okta support Add MS Azure AD / ADFS Add possibility to define which claim is used for Centreon login Add possibility to define complete URL for endpoints Add possibility to use client_secret_basic as authentication. Based on PR #9878 Allow to define no redirect URL. Based on PR #9877 Add errors log in /var/log/centreon/login.log Add possibility to display debug log in /var/log/centreon/login.log Use proxy if defined [API] API versioning is now consistent with Centreon\'s major release number [CEIP] Product Adoption component integration [Configuration] The poller management actions are now only available via buttons: \"Add\" now leads to the wizard. \"Add (advanced)\" leads to the former \"Add\" action (for experts only). \"Delete\" and \"Duplicate\" are converted into buttons. \"Delete\" should normally not be confused with another action. [Configuration] The deprecated \"Logger\" tab of the \"Broker configuration\" menu has been removed [Resources Status] Revamp Search experience [Resources Status] Revamp Timeline [Resources Status] Add Sticky and Persistent options to ACK in Resource Status [Resources Status] Allow detail tiles to be re-ordered for each user [Resources Status] Add multi-select to Resources Status listing [Resources Status] Add \"Last OK\" tile within Details panel [Resources Status] Persist user selected number of rows displayed [Resources Status] Make \"duration\" as the default second sorting criteria [Resources Status] Add link to performance page in detail panel. Based on PR #9822 [Resources Status] Add Graphs panel for Hosts [Resources Status] Add tooltip to explain grayed options [Resources Status] Improve Custom Columns Name Display [Resources Status] Move Shortcuts from dedicated panel to option within Header [Resources Status] Make configure resource icon always visible [Resources Status] Improve readability of command line displayed [UX] Add Feature Flipping for Resources Status vs Legacy Pages [UX] Downtimes can now be scheduled until 2100 [UX] The poller management action buttons are now hidden on Remote Servers Beta enhancements [Configuration] Administrators can toggle a new button in the Pollers top-counter menu that allows them to export and reload the configuration of all pollers from any page Breaking changes Access to API v2 has been changed. All of the beta endpoints have been migrated to version 21.10. This must be modified by \"latest\" or by the version of your Centreon platform (v21.10 for example). For example replace: {protocol}://{server}:{port}/centreon/api/beta/login Copy By: {protocol}://{server}:{port}/centreon/api/latest/login Copy or: By: {protocol}://{server}:{port}/centreon/api/v21.10/login Copy Performances Move to PHP 8.0 Preparing Debian 11 support