Skip to content

Releases: Icinga/icingaweb2

Icinga Web Version 2.9.3

10 Aug 08:52
v2.9.3
Compare
Choose a tag to compare

What's New in Version 2.9.3

You can also find the issues related to this release on our Roadmap.

Staying remembered on RHEL/CentOS 7 now possible

RHEL/CentOS 7 still relies on OpenSSL v1.0.2 by default. A change in v2.9.1 resulted in an error in combination with
this when ticking Stay Logged In during authentication. Staying logged in now works fine also on this platform.

  • Stay Logged In - Unknown cipher algorithm #4493

Missing icons with SLES/OpenSUSE 15

If you're running Icinga Web 2 Version 2.9.x on a SLES/OpenSUSE 15.x, you may have noticed some missing icons in the UI.
This is due to a missing PHP extension fileinfo. By upgrading to this release using packages, this dependency will now
be installed automatically.

  • Missing fileinfo php extension on SLES/OpenSUSE 15+ #4503

Child downtimes for services are now removed automatically

With Icinga v2.13, Icinga Web 2 will now make sure that service downtimes that were created automatically are also
removed automatically. This will only work for downtimes you create with the All Services option after upgrading
to this release. It will not work for downtimes created with earlier versions of Icinga Web 2.

  • If appropriate, set the API parameter all_services for schedule-downtime #4501

Icinga Web Version 2.9.2

28 Jul 08:17
v2.9.2
Compare
Choose a tag to compare

What's New in Version 2.9.2

💡 This is a hotfix release. v2.9.1 included a change that wasn't compatible with PostgreSQL again. This has been fixed in this release. (#4490)
💡 I have included all the v2.9.1 release notes here again, for visibility reasons. So from here on, it's these notes now.

You can find all issues related to v2.9.1 on our Roadmap.

Please make sure to also check the respective upgrading section in the documentation.

This release is accompanied by the minor releases v2.7.6 and v2.8.4 which include the fix for the flattened custom variables.

Pancakes everywhere

One of the security fixes included in v2.7.5, v2.8.3 and v2.9.0 went rampant and let you see similarities between custom
variables and pancakes. These are gone now. Also, the login allowed some users to bake pancakes on their CPUs. However,
we'd still recommend not to. What we do recommend, is to use graphical details to ease recognition. A pancake 🥞 in
performance data labels for example.

  • Nested custom variables are flattened #4439
  • Disable login orb animation and all orbs for themes #4468
  • SVG chart library doesn't process input as UTF-8 #4462

Staying remembered too difficult

We all have sometimes difficulties remembering people we rarely meet. Especially obvious is this on those that slip
through because they don't do the same things we do. With v2.9.0 this has happened for PostgreSQL, PHP v5.6-v7.0 and
setup wizard users. Now they get their deserved attention, and Icinga Web 2 will remember them just like all others.

  • RememberMe not working with only PostgreSQL #4441
  • RememberMe compatibility with php version 5.6+ #4472
  • RememberMe fails after running the wizard for grants #4434

Being picky pays off

A custom datetime picker was introduced with v2.9.0. It had it's issues, but we didn't anticipate that much headwind.
After careful reconsideration, we chose to only show the custom datetime picker for Firefox and IE users. Other browsers
have their own capable enough native implementation which, in Chrome's case, may even be superior. If it is now used,
it also closes automatically and doesn't swallow unrelated key presses.

  • Datetimepicker not usable by keyboard #4442
  • Close the datepicker automatically #4461
  • Paragraphs in Acknowledge/Downtime not possible #4443

Icinga Web Version 2.9.1

27 Jul 15:09
v2.9.1
Compare
Choose a tag to compare

What's New in Version 2.9.1

You can find all issues related to this release on our Roadmap.

Please make sure to also check the respective upgrading section in the documentation.

This release is accompanied by the minor releases v2.7.6 and v2.8.4 which include the fix for the flattened custom variables.

Pancakes everywhere

One of the security fixes included in v2.7.5, v2.8.3 and v2.9.0 went rampant and let you see similarities between custom
variables and pancakes. These are gone now. Also, the login allowed some users to bake pancakes on their CPUs. However,
we'd still recommend not to. What we do recommend, is to use graphical details to ease recognition. A pancake 🥞 in
performance data labels for example.

  • Nested custom variables are flattened #4439
  • Disable login orb animation and all orbs for themes #4468
  • SVG chart library doesn't process input as UTF-8 #4462

Staying remembered too difficult

We all have sometimes difficulties remembering people we rarely meet. Especially obvious is this on those that slip
through because they don't do the same things we do. With v2.9.0 this has happened for PostgreSQL, PHP v5.6-v7.0 and
setup wizard users. Now they get their deserved attention, and Icinga Web 2 will remember them just like all others.

  • RememberMe not working with only PostgreSQL #4441
  • RememberMe compatibility with php version 5.6+ #4472
  • RememberMe fails after running the wizard for grants #4434

Being picky pays off

A custom datetime picker was introduced with v2.9.0. It had it's issues, but we didn't anticipate that much headwind.
After careful reconsideration, we chose to only show the custom datetime picker for Firefox and IE users. Other browsers
have their own capable enough native implementation which, in Chrome's case, may even be superior. If it is now used,
it also closes automatically and doesn't swallow unrelated key presses.

  • Datetimepicker not usable by keyboard #4442
  • Close the datepicker automatically #4461
  • Paragraphs in Acknowledge/Downtime not possible #4443

Icinga Web 2 Version 2.8.4

27 Jul 15:09
v2.8.4
Compare
Choose a tag to compare

What's New in Version 2.8.4

This release only contains a single fix for flattened custom variables. #4439

Icinga Web 2 Version 2.7.6

27 Jul 15:08
v2.7.6
Compare
Choose a tag to compare

What's New in Version 2.7.6

This release only contains a single fix for flattened custom variables. #4439

Icinga Web Version 2.9.0

12 Jul 12:00
v2.9.0
Compare
Choose a tag to compare

What's New in Version 2.9.0

You can find all issues related to this release on our Roadmap.

Please make sure to also check the respective upgrading section in the documentation.

This release is accompanied by the minor releases v2.7.5 and v2.8.3 which include the security fixes mentioned below.

Icinga DB

We continue our endeavour soon. Icinga Web 2 is still a crucial part of it and this update is again required
for Icinga DB. If you like to participate again, don't forget to update Icinga Web 2 as well.

Security Fixes

This release includes two security related fixes. Both were published as part of a security advisory on Github.
They allow the circumvention of custom variable protection rules and blacklists as well as a path traversal if
the doc module is enabled. Please check the respective advisory for details.

RBAC, The Elephant In Icinga Web 2

Role Based Access Control, for the non-initiated. I'll make it short: Permission refusals, Role inheritance,
Privilege Audit. Icinga DB will also solve the long-standing issue #2455 and also allows #3349 and #3550.
I've also written a blog post about this very topic: https://icinga.com/blog/2021/04/07/web-access-control-redefined/

  • Authorization enhancements #4306
  • Audit View #4336
  • Highlight modules with permissions set inside a role #4241

Support for PHP 8

PHP 8 is released and with Icinga Web 2.9 it will now (hopefully) work flawlessly. We also took the chance
to prepare to drop the support of some legacy PHP versions. We now require PHP 7.3 at a minimum and all
versions below that will not be supported anymore with the release of v2.11.

  • Support PHP 8 #4289
  • Raise minimum required PHP version to 7.3 #4397

Stay, Be Remembered

Have you ever been disappointed that Icinga Web 2 always forgets you after closing your browser? This is in
your hands now! Just tick the new checkbox on the login screen and Icinga Web 2 doesn't forget your presence
anymore. Unless of course the administrator or you on a different device clears your session.

  • Implement a "remember me" feature #2495

It Does Matter, When

Browsers are bad when it's about date and time inputs. (I'm looking at you Mozilla!) Now we've given our hopes
up and use a specifically invented solution to show you a date and time picker throughout every browser. With
Icinga v2.13 onwards you will also be able to use this when defining an expiry date for comments! Though, you
might not necessarily use it that often once you've configured new custom defaults for downtime endings.

  • Add datetime picker widget #4354
  • Expire Option for Comments #3447
  • Custom defaults for downtime end, comment and duration #4364

Icinga Web 2 Version 2.8.3

12 Jul 11:59
v2.8.3
Compare
Choose a tag to compare

What's New in Version 2.8.3

Notice: This is a security release. It is recommended to upgrade to this release if you don't plan to upgrade to v2.9.0.

You can find all fixes related to this release on our Project.

Security Fixes

This release includes two security related fixes. Both were published as part of a security advisory on Github.
They allow the circumvention of custom variable protection rules and blacklists as well as a path traversal if
the doc module is enabled. Please check the respective advisory for details.

Icinga Web 2 Version 2.7.5

12 Jul 11:59
v2.7.5
Compare
Choose a tag to compare

What's New in Version 2.7.5

Notice: This is a security release. It is recommended to upgrade to this release if you don't plan to upgrade to v2.9.0.

You can find all fixes related to this release on our Project.

Security Fixes

This release includes two security related fixes. Both were published as part of a security advisory on Github.
They allow the circumvention of custom variable protection rules and blacklists as well as a path traversal if
the doc module is enabled. Please check the respective advisory for details.

Icinga Web 2 v2.8.2

19 Aug 09:05
v2.8.2
Compare
Choose a tag to compare

What's New in Version 2.8.2

Notice: This is a security release. It is recommended to immediately upgrade to this release.

You can find all issues related to this release on the respective milestone.

Path Traversal Vulnerability

The vulnerability in question allows an attacker to access arbitrary files which are readable by the process running Icinga Web 2. Technical details can be found at the corresponding CVE-2020-24368 and in the issue below.

  • Possible path traversal when serving static image files #4226

Broken Negated Filters with PostgreSQL

We've also included a small non-security related fix. Searching for e.g. servicegroup!=support leads to an error instead of the desired result when using a PostgreSQL database.

  • Single negated membership filter fails with PostgreSQL #4196

Icinga Web 2 Version 2.7.4

19 Aug 09:05
v2.7.4
Compare
Choose a tag to compare

What's New in Version 2.7.4

Notice: This is a security release. It is recommended to immediately upgrade to this release.

Path Traversal Vulnerability

The vulnerability in question allows an attacker to access arbitrary files which are readable by the process running Icinga Web 2. Technical details can be found at the corresponding CVE-2020-24368 and in the issue below.

  • Possible path traversal when serving static image files #4226

Upgrading from 2.7.x

RHEL/SLES:
yum install icingaweb2*2.7.4 icingacli-2.7.4 php-Icinga-2.7.4

Debian/Ubuntu:
apt-get upgrade icingaweb2=2.7.4-1.* icingaweb2-common=2.7.4-1.* php-icinga=2.7.4-1.*