Icinga 1.4.1 released

Icinga 1.4.0 contained several bugs which now have been fixed on the core and web side of development 🙂

The XSS vulnerability in the Classic UI reported by Stefan Schurtz has been resolved too. Download Icinga 1.4.1 now!

Core/ClassicUI/IDOUtils

* core: fix retain status file over an init script reload #1579

* classic ui: fix cross site scripting vulnerability in config.cgi on config expander arguments #1605

* classic ui: better handling of writing to cgi.log in cmd.cgi #1161

* classic ui: fixing tac.cgi header problems with counting and adding pending and descritptions #1505 #1506 #1508

* classic ui: corrected behaviour of pending states in tac header #1508

* install: fix event handlers cmd file location in contrib #1501

Web/API

* fix LDAP auth allows empty passwords #1596

* fix filter information wrong after saving cronk #1525

* fix prefs growing endlessly in Icinga-Web causing lot’s of traffic #1513

* fix cronks page make-up #1509

* principals now work with wildcards

* provided IE JS fix

Docs

* CFLAGS for FreeBSD #1604

* show_tac_header_pending #1529

As usual – please report any bugs/feature requests/etc to our development tracker and/or community channels! 🙂