880ab1ab41
- Update to 2.15.1 * Security - CVE-2025-61907: Prevent API users from accessing variables and objects they don't have access to within filter expressions. This allowed authenticated API users to learn information they aren't allowed to access directly. - CVE-2025-61908: Add a missing null pointer check while evaluating expressions. This allowed authenticated API users to crash the Icinga 2 daemon by supplying a crafted filter expression. - CVE-2025-61909: Don't send signals as root in safe-reload script and logrotate config. This allowed a limited privilege escalation from the Icinga 2 service user to root. The scope is limited to sending SIGHUP or SIGUSR1 to an arbitrary process. #10590 - Windows: Update to OpenSSL 3.0.18. #10591 * Bugfixes - When a reload triggered from Icinga Director (or the /v1/config API) fails, the corresponding state is cleared, allowing to deploy a new config without having to restart Icinga 2 manually first. #10584 * Enhancements - Add JSON-RPC utilization metrics and troubleshooting docs. #10586 - When sending cluster messages to other zones, prefer endpoints in the order as specified in the zone configuration. #10587 - Track the number of JSON-RPC messages received for each message type per endpoint. #10585 - Add support for building with Boost v1.89 and use it on Windows. #10578 - Drop 76fa0d9e8054f405dc3d1e39a4b48f21e86afdf0.patch because now in upstream.
Eric Schirra2025-10-17 11:24:51 +00:00
3bc2d835c5
Accepting request 1308492 from server:monitoring
Ana Guerrero2025-10-02 17:20:50 +00:00
2611e37136
- Boost.System has been header only since Boost 1.69.0
Eric Schirra2025-09-27 18:09:50 +00:00
0a2edca15d
Accepting request 1287041 from server:monitoring
Ana Guerrero2025-06-20 14:50:17 +00:00
33cf9a494c
- Update ot 2.15.0 * Breaking Changes - API: Fix /v1/objects/* queries with attrs set to [] to return empty attributes instead of all of them. #8169 - Drop the undocumented Checkable#process_check_result and broken System#track_parents DSL functions. #10457 * Enhancements - Gracefully disconnect all clients on shutdown and prevent from accepting new connections. #10460 - Icinga DB: Send data to Redis® exactly as they're stored in the database to avoid extra value-mapping routines by the Go daemon. #10452 - Add support for Icinga 2 dependencies in Icinga DB. #10290 - Take host/service reachability into account when computing its severity. #10399 - Rework the dependency cycle detection to efficiently handle large configs and provide better error messages. #10360 - Don't log next check timestamp in scientific notation. #10352 - Automatically remove child downtimes when removing parent downtime. #10345 - Ensure compatibility with Boost version up to v1.88. #10278#10419 - Reject infinite performance data values. #10077 - Support host_template and service_template tags in ElasticsearchWriter. #10074 - Icinga DB: Support Redis® username authentication. #10102 - Cluster: Distribute host child objects (e.g. services, notifications, etc.) based on the host's name. #10161 - Icinga DB Check: Report an error if both Icinga DB instances are responsible in a HA setup. #10188 - Windows: upgrade build toolchain to Visual Studio 2022. #9747 * Bugfixes * Core - Use Checkable#check_timeout also for rescheduling remote checks. #10443 - Log: Don't unnecessarily buffer log messages that are going to be dropped anyway. #10177 - Don't loose perfdata counter (c) unit when normalizing performance data for Icinga DB. #10432 - Fix broken SELinux policy on Fedora ≥ 41 due to the new /usr/sbin to /usr/bin equivalence. #10429 - Don't load Notification objects before User and UserGroup objects to allow them to be referenced in notifications. #10427 - Ensure consistent DST handling across different platforms. #10422 - Fix Icinga 2 doesn't generate a core dump when it crashes with SIGABRT. #10416 - Don't process concurrent checks for the same checkable. #10372 - Don't process check results after the checker and API listener have been stopped. #10397 - Avoid zombie processes on plugin execution timeout on busy systems. #10375 - Properly restore the notification object state on Recovery notification. #10361 - Fix incorrectly dropped acknowledgement and recovery notifications. #10211 - Prevent checks from always being rescheduled outside the configured check_period. #10070 - Don't send reminder notifications after a Custom notification while interval is set to 0. #7818 - Reset all signal handlers of child processes to their defaults before starting a plugin. #8011 - tests: Fix FormatDateTime test cases with invalid formats on macOS and all BSD-based systems. #10149 - Mark move constructor and assignment operator in String as noexcept to allow optimizations. #10353#10365 * Cluster and API - Fix an inverted condition in ApiListener#IsHACluster() that caused to always return true in a non-HA setup. #10417 - Don't silently accept authenticated JSON-RPC connections with no valid endpoint. #10415 - Sync Notification#notified_problem_users across the cluster to prevent lost recovery notifications. #10380 - Remove superfluous ) from a HTTP request log message. #9966 - Disable TLS renegotiation (handshake on existing connection) on OpenBSD as well. #9943 - Log also the underlying error message when a HTTP request is closed with No data received by Icinga 2. #9928 - Fix a deadlock triggered by concurrent /v1/actions/add-comment and /v1/actions/acknowledge-problem requests on the same checkable, as well as a crash that might occur when running perfectly timed /v1/actions/add-comment and /v1/actions/remove-comment requests targeting the same comment. #9924 * Icinga DB - Fix missing acknowledgement and flapping history entries due to a number overflow. #10467 - Send downtime cancel_time only if it is cancelled. #10379 - Send only the necessary data to the icinga:stats Redis® stream. #10359 - Remove a spin lock in RedisConnection#Connect() to avoid busy waiting. #10265 * Writers - Serialize all required metrics before queueing them to a WorkQueue. #10420 - OpenTsdbWriter: Include checkable name in log messages to ease troubleshooting. #10009 - OpenTsdbWriter: Don't send custom empty tags. #7928 - InfluxDBWriter: Add missing closing quote in validation error message. #10174 * ITL - Add --maintenance_mode_state ($vmware_maintenance_mode_state) argument to vmware-esx-command check command. #10435 - Add -n ($load_procs_to_show$) argument to load check command. #10426 - Add --inode-perfdata ($disk_np_inode_perfdata$) argument to disk check command. #10395 - Add -r ($ssh_remote_version$) and -P ($ssh_remote_protocol$) arguments to ssh check command. #10283 - Add --unplugged_nics_state ($vmware_unplugged_nics_state$) argument to vmware-esx-soap-host-net and vmware-esx-soap-host-net-nic check commands. #10261 - Add -X ($proc_exclude_process$) argument to procs check command. #10232 - Add --dane ($ssl_cert_dane$) argument to ssl_cert check command. #10196 - Fix check_ssl_cert deprecation warnings. #9758 - Fix check_systemd executable name add add all missing arguments. #10035 - Add -M ($snmp_multiplier$ & $snmpv3_multiplier$) argument to snmp and snmpv3 check commands. #9975 - Add --continue-after-certificate ($http_certificate_continue$) argument to http check command. #9974 - Add --ignore-maximum-validity ($ssl_cert_ignore_maximum_validity$) argument to ssl_cert check command. #10396 - Add --maximum-validity ($ssl_cert_maximum_validity$) argument to ssl_cert check command. #9881 - Add --url ($ssl_cert_http_url$) argument to ssl_cert check command. #9759 - Add fuse.sshfs and fuse.* (supported only by Monitoring Plugins) to the list of default disk exclude types. #9749 - Add check_curl check command. #9205 - Add the --extra-opts argument to various commands that support it. #8010 * Documentation - Don't use dnf config-manager to configure Fedora repository and mention icingadb-redis-selinux package. #10479 - Update the outdated cold startup duration documentation to reflect the current behavior. #10446 - Indent second-level unordered lists with four spaces to correctly render them in the HTML documentation. #10441 - Add a reference to the check result state documentation from within the Advanced Topics section. #10421 - Improve the documentation of how to generate Icinga 2 core dumps. #10418 - Update Icinga 2 CLI output examples to match the current output. #10323 - Fix incorrect ping_timeout value in the hostalive check command documentation. #10069 * Code Quality - Simplify deferred SSL shutdown in ApiListener#NewClientHandlerInternal(). #10301 - Don't unnecessarily shuffle configuration items during config load. #10008 - Sort config types by their load dependencies at namespace initialization time to save some round trips during config load. #10148 - Fix livestatus build error on macOS without unity builds. #10176 - Remove unused methods in SharedObject class. #10456 - Remove unused ProcessingResult#NoCheckResult enum value. #10444 - CMake: Drop all third-party cmake modules and use the ones shipped with CMake v3.8+. #10403 - CMake: Raise the minimum required policy to 3.8. #10402#10478 - CMake: Turn on -Wsuggest-override to warn about missing override specifiers. #10225#10356 - Make icinga::Empty a constant to prevent accidental modifications. #10224 - Remove various unused methods in the Registry class. #10222 - Fix missing parent std::atomic<T> constructor call in our Atomic<T> wrapper class. #10215 - Drop unused m_NextHeartbeat member variable from JsonRpcConnection. #10208 - Enhance some of the validation error messages. #10201 - Don't allow Type#GetLoadDependencies() to return non-config object type dependencies. #10169 - Don't allow Type#GetLoadDependencies() to return a set of nullptr type dependencies. #10155 - Remove EOL distros detection code from Utility::ReleaseHelper() function. #10147 - Remove dead code in TLS GetSignatureAlgorithm() function. #9882 - Mark Logger#GetSeverity() as non-virtual to avoid unnecessary vtable lookups. #9851 - Remove unused Stream#Peak() method and unused allow_partial parameter from Stream#Read(). #9734#9736 - Suppress compiler warnings in third-party libraries. #9732 - Fix various compiler warnings. #9731#10442 - Reduce task function allocation overhead by using a per-thread created lambda in WorkQueue. #9575 - Remove redundant trailing empty lines and add missing newlines in some files. #7799 - Drop icinga-pr10278.patch becauise now in upstream. - Change BuildRequires from yajl to nlohmann_json because yajl is dead.
Eric Schirra2025-06-20 05:41:03 +00:00
ae73c828e9
- Update to 2.14.6 - CVE-2025-48057: Prevent invalid certificates from being renewed with OpenSSL older than v1.1.0. - Fix use-after-free in VerifyCertificate(): Additionally, a use-after-free was found in the same function which is fixed as well, but in case it is triggered, typically only a wrong error code may be shown in a log message. - Windows: Update OpenSSL shipped on Windows to v3.0.16. - Rebase icinga-pr10278.patch.
Eric Schirra2025-05-27 17:54:58 +00:00
d45e9d7128
Accepting request 1277874 from server:monitoring
Ana Guerrero2025-05-20 07:34:12 +00:00
74c5a45a98
Fix date format in old changelog entries
Eric Schirra2025-05-15 18:24:51 +00:00
36b072a0e5
Accepting request 1253137 from server:monitoring
Ana Guerrero2025-03-14 22:52:36 +00:00
f9cb8bcfb4
- fix permissions for include and script files
Eric Schirra2025-03-14 16:13:00 +00:00
3afb10d1d2
- add patches from PR10278 to fix build with boost 1.87 https://github.com/Icinga/icinga2/pull/10278 icinga-pr10278.patch - use RPM_BUILD_ROOT variable - fix ownership for include files and scripts - move bash-completions to /usr/share
Eric Schirra2025-03-14 12:04:51 +00:00
37b6c594f9
- Update to 2.14.5 * Bug Fixes - Don't close anonymous connections before sending the response for a certificate request #10337 - Performance data: Don't discard min/max values even if crit/warn thresholds aren’t given #10339 - Fix a failing test case on systems time_t is only 32 bits #10343 * Documentation - Document the -X option for the mail-host-notification and mail-service-notification commands #10335 - Include Nagios in the migration docs #10324 - Remove RHEL 7 from installation instructions #10334 - Add instructions for installing build dependencies on Windows Server #10336Eric Schirra2025-03-13 04:50:57 +00:00
45095afa9d
- Update to 2.14.4 * Crash Fixes - Invalid DateTime#format() arguments in config and console on Windows Server 2016 and older. #10112 - Downtime scheduling at runtime with non-existent trigger. #10049 - Object creation at runtime during Icinga DB initialization. #10151 - Comment on a service of a non-existent host. #9861 * Miscellaneous Bugfixes - Lost notifications after recovery outside the notification time period. #10187 - TimePeriod/ScheduledDowntime exceeding specified date range. #9983#10107 - Clean up failure for obsolete Downtimes. #10062 - ifw-api check command: use correct process-finished handler. #10140 - Email notification scripts: strip 0x0D (CR) for a proper Content-Type. #10061 - Several fixes and improvements of the code quality. #10066#10214#10254#10263#10264 * Cluster and API - Sync runtime objects in topological order to honor their dependencies. #10000 - Make parallel config syncs more robust. #10013 - After object creation via API fails, clean up properly for the next try. #10111 - Close HTTPS connections properly to prevent leaks. #10005#10006 - Reduce the number of cluster messages in memory at the same time. #9991#9999#10210 - Once a cluster connection shall be closed, stop communicating. #10213#10221 - Remove unnecessary blocking of semaphores. #9992#9994 - Reduce unnecessary cluster messages setting the next check time. #10011 * Icinga DB and IDO - IDO: fix object relations after aborted synchronization. #10065 - Icinga DB, IDO: limit all timestamps to four year digits. #10058#10059 - Icinga DB: limit execution_time and latency (milliseconds) to database schema. #10060 * Troubleshooting - Add /v1/debug/malloc_info which calls malloc_info(3) if available. #10015 - Add log messages about own network I/O. #9993#10141#10207 - Several fixes and improvements of log messages. #9997#10021#10209 * Windows - Update OpenSSL shipped on Windows to v3.0.15. #10170 - Update Boost shipped on Windows to v1.86. #10114 - Support CMake v3.29. #10037 - Don't require to build .msi as admin. #10137 - Build configuration scripts: allow custom $CMAKE_ARGS. #10312 * Documentation - Distributed Monitoring: add section "External CA/PKI". #9825 - Explain how to enable/disable debug logging on the fly. #9981 - Update supported OS versions and repository configuration. #10064#10090#10120#10135#10136#10205 - Several fixes and improvements. #9960#10050#10071#10156#10194 - Replace broken links. #10115#10118#10282 - Fix typographical and similarly trivial errors. #9953#9967#10056#10116#10152#10153#10204Eric Schirra2025-01-24 07:00:08 +00:00
40f3d1da4b
Accepting request 1226274 from server:monitoring
Ana Guerrero2024-11-25 22:23:07 +00:00
ebf4b020f2
- Use %{optflags} macro for build flags - Fix build on non-x86_64 architectures
Eric Schirra2024-11-25 13:16:37 +00:00
04b67318b6
Accepting request 1223909 from server:monitoring
Ana Guerrero2024-11-14 15:08:13 +00:00
63e6894c0a
- Update to 2.14.3 - Security: fix TLS certificate validation bypass. CVE-2024-49369 (boo#1233310)
Eric Schirra2024-11-13 10:44:39 +00:00
b55017e930
- Update to 2.14.3 - Security: fix TLS certificate validation bypass. CVE-2024-49369 - Security: update OpenSSL shipped on Windows to v3.0.15. - Windows: sign MSI packages with a certificate the OS trusts by default. - Revision and cleanup of the spec file to remove errors and make it clearer.
Eric Schirra2024-11-13 10:21:45 +00:00
4e9ea8025c
Accepting request 986199 from home:ecsos:monitoring
Eric Schirra2022-07-01 10:24:53 +00:00
6bebf9b894
- add icinga2-vim_syntax.patch: When upgrading vim to version 8 the syntax file does not work anymore: line xxx: E10: \ should be followed by /, ? or & Reason: The line continuation does not work, as vim is reading syntax files now in vi-compatible mode. The patch sets the nocompatible mode manually for that syntax file.
Lars Vogdt
2022-06-29 08:45:38 +00:00
Ana Guerrero
Eric Schirra
Dominique Leuenberger
Lars Vogdt
Richard Brown
Yuchen Lin