20.10.16

20.10.16

Release date: April 1, 2022

Enhancements

• [Authentication] Autologin Validation reinforcement
• [UX] Add TheWatch URL to Centreon footer

Bug fixes

• [Authentication] Improve LDAP authentication and authorization
• [Core] Fixed SQL request syntax error for cron with MySQL 8
• [Install] Fixed SQL errors in upgrade process from Centreon version < 2.8.5
• [Resources Status] Fixed the display of old downtimes in the Details tab

Security Fixes

• [Administration] SQL injection on Knowledge Base configuration form
• [Administration] SQL injections on ACL group listing
• [Administration] SQL injections on LDAP listing
• [Configuration] Command path traversal resulting in RCE on command edition form
• [Configuration] SQL injection on export configuration
• [Configuration] SQL injections on SNMP traps edition form
• [Configuration] SQL injection in Resources form
• [Core] Disabling allow_url_fopen in PHP
• [Core] RCE in legacy PHP's class autoload
• [Dashboard] XSS in reporting dashboard
• [Monitoring] SQL injection on performance curve edition form
• [Resources Status] XSS reflected from plugin's metric output