Icinga Core, Classic UI & IDOUtils 1.4.2 released

Due to the recent fixes in 1.4.1 the XSS vulnerability caused the command expander in config.cgi not to work as expected. Alongside this bug, there were various other things to resolve while working on the 1.5 dev branches. All important fixes have been backported into 1.4 tree and can now be found in a revamped 1.4.2 release on Core, Classic UI and IDOUtils.

Download 1.4.2 now or wait for your distribution to push updated packages 🙂 Special note: 1.4.2 does not require IDOUtils DB upgrading.

Changelog

core: fix freshness_threshold problem in host checks by using check_interval in HARD or OK state, else retry_interval (like service checks) #1331

classic ui: add a check for status data freshness into cgis #1667

classic ui: re-fix xss vulnerability and string escaping for command expansion #1605 #1624

classic ui: remove sidebar.html inclusion in index.html causing troubles on reload #1632

classic ui: fixed: User can execute host/servicegroup commands even if not authorized for (Sven Nierlein) #1679

classic ui: fixed: plugin_output_short didn’t get checked properly and caused segfault in status.cgi #1673

idoutils: do not update start_time of already started downtimes #1658

idoutils: fix started downtime update for table scheduleddowntime in oracle #1658

install: fix make install-idoutils overwrites sample – adding idoutils.cfg-sample instead #1625



Please report any bugs/feature requests/etc to our development tracker and/or community channels! 🙂