logo_icingaWhile you may have seen a lot of updates in our 2.x development head, Icinga 1.x is still alive and being patched and bug-fixed. Some smaller features have also been incorporated into 1.13.0 so consider upgrading your existing installation.

 

Changelog Core, IDOUtils, Classic UI

CHANGES

  • Remove deprecated event_profiling_enabled from icinga.cfg
  • Remove deprecated broker_module from icinga.cfg (use module object configuration instead)
  • Add module config examples in modules/ directory (livestatus, mod_gearman, pnp4nagios, flapjack)
  • Move contrib/downtimes to tools/downtimes and add ‘make install-downtimes’

FEATURES

  • Feature #1867: Recurring Downtimes
  • Feature #6353: deprecate icinga.cfg:broker_module; add more module examples
  • Feature #8007: Implement an option to disable transactions
  • Feature #8139: Add functions for registering file descriptors closed on fork()
  • Feature #8140: Add Check Result List Mutex for NEB modules
  • Feature #8426: Remove constraint from *dependencies tables
  • Feature #8440: Enhance idomod logging

FIXES

  • Bug #6263: Race condition in init.d scripts’ stop
  • Bug #6762: Icinga crashes when “args” attribute is not specified for modules
  • Bug #7004: GET form param has no effect on cmd.cgi acks (again)
  • Bug #8202: Cool tip text for refresh of hosts and services says “I’m so lonely up here. Where should I go?”
  • Bug #8441: require the ‘config_file’ argument in idomod modules configuration
  • Bug #8445: cmd.cgi use_ack_end_time param does not enable tickbox in form

Download icinga-1.13.0 here.

Changelog Web

Security

  • Ewoud Kohl van Wijngaarden found a way for an SQL injection in Icinga Web’s API. An authenticated user could inject SQL code via a crafted JSON filter (#7924, CVE-2015-2685)

We recommend to update your installation to 1.13.0 as the features are minimal invasive.

Notable changes and features

  • The log now contains the ip address of a user login failed, or the user just logged in and out (#7357)
  • We implemented a command log that contains any command that is send to the Icinga core by an user – written to a separate log file command-20XX-XX-XX.log (#7893)
  • (Bug) Acknowledgments where sent without a proper sticky declaration. This problem has been fixed and host or service acknowledgments are now sticky by default – what it should and was intended to be. (#5838 #7003) Please review our documentation if you are not sure what sticky means.
  • Grids can now display customvariables. Because customvariables are customised on every installation, this feature is disabled by default. See  doc/grids_and_customvars.md for further information.

Other bugs

  • When using Kerberos authentication in a web server a user could receive all credentials when he had a role that had no credentials set (#7892) In our tests that only happens with Kerberos users.
  • When a user could not be imported during login the database exception was not generated correctly (#8301)
  • Don’t contact more authentication providers than necessary during login. Thanks to Victor Hahn (#8341)
  • Fixed the irritating error during application state reset (#8523) The state was always cleared, but an error popped up for the user.

Download icinga-web-1.13.0 here.