Eric Schirra f1b1ce54b2 Accepting request 1311996 from home:ecsos:monitoring ...

- Update to 2.15.1
  * Security
    - CVE-2025-61907: Prevent API users from accessing variables and objects they
      don't have access to within filter expressions.
      This allowed authenticated API users to learn information they aren't allowed
      to access directly.
    - CVE-2025-61908: Add a missing null pointer check while evaluating expressions.
      This allowed authenticated API users to crash the Icinga 2 daemon by supplying
      a crafted filter expression.
    - CVE-2025-61909: Don't send signals as root in safe-reload script and logrotate config.
      This allowed a limited privilege escalation from the Icinga 2 service user to root.
      The scope is limited to sending SIGHUP or SIGUSR1 to an arbitrary process. #10590
    - Windows: Update to OpenSSL 3.0.18. #10591
  * Bugfixes
    - When a reload triggered from Icinga Director (or the /v1/config API) fails,
      the corresponding state is cleared, allowing to deploy a new config
      without having to restart Icinga 2 manually first. #10584
  * Enhancements
    - Add JSON-RPC utilization metrics and troubleshooting docs. #10586
    - When sending cluster messages to other zones, prefer endpoints in the order
      as specified in the zone configuration. #10587
    - Track the number of JSON-RPC messages received for each message type per endpoint. #10585
    - Add support for building with Boost v1.89 and use it on Windows. #10578
- Drop 76fa0d9e8054f405dc3d1e39a4b48f21e86afdf0.patch because now in upstream.

OBS-URL: https://build.opensuse.org/request/show/1311996
OBS-URL: https://build.opensuse.org/package/show/server:monitoring/icinga2?expand=0&rev=200

2025-10-17 11:24:51 +00:00

143 KiB

Raw Permalink Blame History

View Raw