Icinga 1.4.0 contained several bugs which now have been fixed on the core and web side of development :-)

The XSS vulnerability in the Classic UI reported by Stefan Schurtz has been resolved too. Download Icinga 1.4.1 now!

Core/ClassicUI/IDOUtils

* core: fix retain status file over an init script reload #1579

* classic ui: fix cross site scripting vulnerability in config.cgi on config expander arguments #1605
* classic ui: better handling of writing to cgi.log in cmd.cgi #1161
* classic ui: fixing tac.cgi header problems with counting and adding pending and descritptions #1505 #1506 #1508
* classic ui: corrected behaviour of pending states in tac header #1508

* install: fix event handlers cmd file location in contrib #1501

Web/API

* fix LDAP auth allows empty passwords #1596
* fix filter information wrong after saving cronk #1525
* fix prefs growing endlessly in Icinga-Web causing lot’s of traffic #1513
* fix cronks page make-up #1509
* principals now work with wildcards
* provided IE JS fix

Docs

* CFLAGS for FreeBSD #1604
* show_tac_header_pending #1529

As usual – please report any bugs/feature requests/etc to our development tracker and/or community channels! :-)