Skip to content

Icinga Web 2 Version 2.7.4
Compare
Choose a tag to compare
@nilmerg nilmerg released this 19 Aug 09:05
v2.7.4
This tag was signed with the committer’s verified signature. The key has expired.
nilmerg Johannes Meyer
GPG key ID: E5AC28E26B4B43A4
Expired
Learn about vigilant mode.
3ebfb5c

What's New in Version 2.7.4

Notice: This is a security release. It is recommended to immediately upgrade to this release.

Path Traversal Vulnerability

The vulnerability in question allows an attacker to access arbitrary files which are readable by the process running Icinga Web 2. Technical details can be found at the corresponding CVE-2020-24368 and in the issue below.

  • Possible path traversal when serving static image files #4226

Upgrading from 2.7.x

RHEL/SLES:
yum install icingaweb2*2.7.4 icingacli-2.7.4 php-Icinga-2.7.4

Debian/Ubuntu:
apt-get upgrade icingaweb2=2.7.4-1.* icingaweb2-common=2.7.4-1.* php-icinga=2.7.4-1.*

Assets 2
Loading