Centreon 19.04.5

Enhancements

• [API] Return curve metric name (PR/#8055)
• [Configuration] Rename contact template titles properly (PR/#7929)

Bug Fixes

• [API] Add macro password option for service template using CLAPI (PR/#8012)
• [API] Unable to set host notification to None through the API (PR/#8077)
• [ACL] Renaming bound variable name (PR/#7984)
• [Configuration] Fix stream connector update (PR/#7813)
• [Configuration] Remove unused radio button in meta service configuration (PR/#7992)
• [Downtimes] Apply downtime on resources linked to a poller (PR/#7955)
• [Install] Check mariaDB version before using ALTER USER (PR/#8068)
• [LDAP] ldap users using the auto-import cannot login (PR/#8113)
• [Monitoring] Fix double host name display in host detail (PR/#7737)
• [Monitoring] fix recurrent downtimes filter (PR/#7989, #7987)
• [UI] Redirect to login page when user is unauthorized (PR/#7687)
• [UI] Do not display autologin shortcut when disabled (PR/#7340)
• [UI] Correctly toggle edit load and header of widgets (PR/#8114)

Documentation

• Correct migration using nagios reader (PR/#7781)
• Correct release number for 19.04 migration (commit bfcedd1)
• Improve migration procedure (commit 359cb6f)
• Improve prerequisites (commit 9a39911)
• Remove install poller via VM (commit 98624e7)
• Update mysql prerequisites (PR/#7903)
• Update FAQ to install RRDCacheD on el7 (PR/#8052)

Security Fixes

• Avoid SQL injections in multiple monitoring pages - CVE-2019-17647 (PR/#8063, PR/#8094)
• Add php mandatory param info for source installation (PR/#7898)
• Add rule for max session duration (PR/#7913)
• Contact list using escapeSecure method (PR/#7947)
• Cross-site scripting (reflected) - Dont' return js (PR/#8095)
• Do not allow to get all services using downtime ajax file - CVE-2019-17643 (PR/#8022)
• Escape persistent and reflected XSS in my account - CVE-2019-16195 (PR/#7877)
• Escape script and input tags by default (PR/#7811)
• Filter access to api using external entry point - CVE-2019-17646 (PR/#8021)
• Fix default contact_autologin_key value
• Fix security on LDAP page - CVE-2019-15300 - (PR/#8008)
• Hide password in command line (#7414, PR/#7859)
• RCE on mib import from manufacturer input - CVE-2019-15298 (PR/#8023)
• Remove command test execution - CVE-2019-16405 (PR/#7864)
• Remove xss injection of service output in host form (PR/#7865) # TODO
• Sanitize host_id and service_id (PR/#7862)
• Session fixation using regenerate_session_id (PR/#7892)
• The ini_set session duration param has been moved in php.ini (PR/#7896)

Performance

• Set LDAP contactgroup synchronization every hour (PR/#8070)

Technical

• Backport fix of menu memory leak (PR/#7988)
• Better handling PNG export failure (PR/#7823)
• Correct the call of static method (PR/#8025)
• Fix compatibility with IE11 (external modules) (PR/#7923)
• Improve coding style checks (PR/#7843)
• Improve centreonworker logging (PR/#7712)
• Move alter table statement in a php script (PR/#7838)
• Optimize select all in select2 component (#7926)
• Retrieve menu entries as link (#7847)

Centreon 18.10.8

Enhancements

• [Configuration] Rename contact template titles properly (PR/#7929)

Bug Fixes

• [API] Add macro password option for service template using CLAPI (PR/#8012)
• [Charts] Match metric name with metric value (#5959, #7477, PR/#7764)
• [Configuration] Add missing column for engine configuration (PR/#8125)
• [Configuration] Fix stream connector update (PR/#7813)
• [Configuration] Remove unused radio button in meta service configuration (PR/#7992)
• [Downtimes] Apply downtime on resources linked to a poller (PR/#7955)
• [Export] Better handling PNG export failure (PR/#7823)
• [Monitoring] Fix double host name display in host detail (PR/#7737)
• [monitoring] fix recurrent downtimes filter (PR/#7989, #7987)
• [UI] Redirect to login page when user is unauthorized (PR/#7687)
• [UI] Do not display autologin shortcut when disabled (PR/#7340)

Documentation

• Correct migration using nagios reader (PR/#7781)
• Improve prerequisites (commit 7955e7a)
• Remove install poller via VM (commit 472623f)
• Update mysql prerequisites (PR/#7903)
• Update FAQ to install RRDCacheD on el7 (PR/#8052)

Security Fixes

• Avoid SQL injections in multiple monitoring pages - CVE-2019-17647 (PR/#8063, PR/#8094)
• Add php mandatory param info for source installation (PR/#7898)
• Add rule for max session duration (PR/#7919)
• Cross-site scripting (reflected) - Dont' return js (PR/#8095)
• Contact list using escapeSecure method (PR/#7947)
• Do not allow to get all services using downtime ajax file - CVE-2019-17643 (PR/#8022)
• Escape persistent and reflected XSS in my account - CVE-2019-16195 (PR/#7877)
• Escape script and input tags by default (PR/#7811)
• Fix default contact_autologin_key value
• Filter access to api using external entry point - CVE-2019-17646 (PR/#8021)
• Fix security on LDAP page - CVE-2019-15300 - (PR/#8008)
• Hide password in command line (#7414, PR/#7859)
• RCE on mib import from manufacturer input - CVE-2019-15298 (PR/#8023)
• Remove command test execution - CVE-2019-16405 (PR/#7864)
• Remove xss injection of service output in host form (PR/#7865)
• Sanitize host_id and service_id (PR/#7862)
• Session fixation using regenerate_session_id (PR/#7892)
• The ini_set session duration param has been moved in php.ini (PR/#7896)

Centreon 2.8.30

Documentation

• Correct migration using nagios reader (PR/#7781)

Security

• Avoid SQL injections in multiple monitoring pages - CVE-2019-17647 (PR/#8029, PR/#8094)
• Contact list using escapeSecure method (PR/#7947)
• Control directory indexes with an htaccess (PR/#8115)
• Do not allow to get all services using downtime ajax file - CVE-2019-17643 (PR/#8022)
• Escape myAccount special characters - CVE-2019-16195 (PR/#7876)
• Escape persistent and reflected XSS in my account (PR/#7865)
• Escape script and input tags by default (PR/#7811)
• Fix default contact_autologin_key value
• Fix security on LDAP page - CVE-2019-15300 (PR/#8009)
• Hide password in command line (#7414, PR/#7883)
• RCE on mib import from manufacturer input - CVE-2019-15298 (PR/#8023)
• Remove command test execution - CVE-2019-16405 (PR/#7884)
• Sanitize host_id and service_id (PR/#7880)
• Session fixation using regenerate_session_id (PR/#7893)

Centreon Web 19.10.1

Centreon Web 19.10.1

Bug Fixes

• [Install/update] correct loop issue on installation/update (PR/#7997)

Centreon Web 19.10.0

Centreon Web 19.10.0

Features

• [Authentication] Add Keycloak SSO authentication in Centreon (PR/#7700)

• [API v2] New real time monitoring JSON REST API v2 for services and hosts - currently in beta version (PR/#7821)

• [API v2] Manage acknowledgements (PR/#7907)

• [Notification] Add new options for Contacts & Contact groups method calculation (PR/#7917, PR/#7960, PR/#7963, PR/#7965, PR/#7971):

  • Vertical Inheritance Only: get contacts and contactgroups of resources and linked templates, using additive inheritance enabled option (Legacy method, keep for upgrade)
  • Closest Value: get most closed contacts and contactgroups of resources including templates
  • Cumulative inheritance: Cumulate all contacts and contactgroups of resources and linked templates (method used for new installation)

Enhancements

• [Administration] [Audit logs] Add purge function for audit logs (PR/#7710)
• [Authentication] Add Okta LDAP template (PR/#7825)
• [Charts] Centreon-Web Graph Display and png export is coherent (PR/#7676)
• [Charts] Better management of virtual metrics: you can display or not a virtual metric (PR/#7676)
• [Charts] Only one color by curve: users see the same color curve (PR/#7676)
• [Configuration] Add display locked checkbox for objects listing (#7444)
• [Configuration] Add contactgroups filter in list of contacts (PR/#7744)
• [Configuration] Add status and vendor filters in list of SNMP traps (PR/#7758)
• [Configuration] Move global rrdcached option to Centreon Broker form for each broker (PR/#7791)
• [Configuration] Allow to redifine action command for Centeron Engine & Centreon Broker (PR/#7810)
• [Install] Allow people to use another user that has root privileges when installing centreon (PR/#7445)
• [Install] Add possibility to install widget during last step (PR/#7890)
• [Install] New script that aims at automating all manual steps that are required when installing Centreon from packages (PR/#7853)
• [Remote Server] Poller attached to multiple remote servers (PR/#7849)
• [Remote-Server] Allow to use direct ssh connection to poller from central (PR/#7680)
• [Remote-Server] Optimize execution time of export/import (PR/#7749)
• [Remote-Server] Improve centreonworker logging (PR/#7712)
• [UI] Do not display round values in detailed top counter (PR/#7547)
• [UI] Style default select to be as much like select2 as possible (PR/#7819)
• [UI] Update style of checkbox, radio, tabs (PR/#7845)
• [UI] Adding cursor pointer to icons (PR/#7613)
• [Widgets] Add multiselect on severity preference (PR/#7752)
• [Widgets] Upgrade poller preference of engine-status widget (PR/#7820)
• [Widgets] Add connectors for servicegroups and severities (PR/#7753)

Performance

• [ACL] centAcl optimize memory and time execution (PR/#7751)
• [API] Improve performance of clapi call through REST API (PR/#7842)
• [Chart] Increase performance on server side when we get data from rrd files to display charts: between 70% and 90% (PR/#7676)

Documentation

• Doc correct migration using Nagios reader (PR/#7781)
• Update MySQL prerequisites for master (PR/#7904)
• Improve documentation for MySQL/MariaB strict mode (PR/#7806)
• Improve migration procedure (commit 47be1c3)
• Improve prerequisites (commit 7200461)
• Fix typo Centreon word (and one variable) (PR/#7796, PR/#7806)
• Add link to Centreon API JSON REST v2 (commit bfac416)
• Add OS update (commit 04e9942)

Bug Fixes

• [ACL] Redirect to login page when user is unauthorized (PR/#7687)
• [ACL] Add ACL to select meta-services for list of services in performance menu (PR/#7736)
• [ACL] Fix cron renaming bound variable name (PR/#7984)
• [API] Delete services when host template is detached from host (PR/#7784)
• [API] Fix import of contactgroup when linked to ldap (PR/#7797)
• [API v2] Fix bad verification when an admin has access group (PR/#7972)
• [Charts] Fix export png for splited graph (PR/#7676)
• [Charts] Graph is smoothed to much (PR/#7676, #4898)
• [Charts] Unit curves not displayed when only 1 metric (PR/#7676, #5533)
• [Charts] strange char & missing dates in exports (PR/#7676, #7310)
• [Charts] HTML code instead of accented characters in graphs (PR/#7676, #6318)
• [Charts] Graphs Period Showing Different Times (PR/#7676, #5939)
• [Charts] Match metric name with metric value in export (#5959, #7477, PR/#7764)
• [Centcore] Correct typo in scp command (#7849, PR/#7946)
• [Centcore] Create centcore file by action (PR/#6985)
• [Configuration] Correct issue in wizard with PR #7849 (commit 2b8a728)
• [Configuration] Fix style of broker modules options checkboxes (PR/#7899)
• [Configuration] Select also pollers attached to additional RS for generation (PR/#7922)
• [Configuration] Fix the manual activation/disactivation of a contact (PR/#7930)
• [Configuration] List contact using escapeSecure method (PR/#7947)
• [Configuration] Fix SNMP traps generation by poller (PR/#6416)
• [Configuration] Fix stream connector configuration update in Centreon Broker form (PR/#7813)
• [Custom-Views] Correction on custom view using spanish (PR/#7778)
• [Dashboard] Remove useless columns which break sql strict mode (PR/#7937)
• [i18n] Fix issue with translation when several modules are installed (PR/#7916)
• [Install] Change the bash interpreter for the native sh (commit (PR/#7911))
• [Install] Update wording about cache in install/upgrade process (PR/#7895)
• [Install] Fix syntax error in step5 of upgrade process (PR/#7900)
• [Install] Disable button when installing modules last step (PR/#7873)
• [Menu] Retrieve menu entries as link (PR/#7826)
• [Monitoring] Apply downtimes on resources linked to a poller (PR/#7955)
• [Monitoring] Save properly monitoring service status filter (PR/#7908)
• [Monitoring] Fix pagination display in service monitoring by servicegroups (PR/#7755)
• [Monitoring] Fix labels in graph alignment for service details page (PR/#7805)
• [Monitoring] Fix double host name display in host details page (PR/#7737)
• [Remote-Server] Allow remote server config to be loaded with mysql strict mode enabled (PR/#7887)
• [Remote Server] Change grant option for remote server database centreon user (PR/#7888)
• [Remote Server] set remote_id/remote_server_centcore_ssh_proxy to NULL/0 (PR/#7878)
• [Remote Server] Fix simple remote server creation (PR/#7936)
• [Remote Server] Add missing host poller relation in export (PR/#7928)
• [Remote-Server] Adapt nagios_server export columns (PR/#7871)
• [UI] Do not display autologin shortcut when disabled (PR/#7340)
• [UI] Avoid host icon to be flattened (PR/#7870)
• [UI] Retrieve space before alias in user menu (PR/#7869)
• [UI] Fix compatibility with IE11 (external modules) (PR/#7923)
• [UI] Rename contact template titles properly (PR/#7929)
• [UI] Fix style of frozen checkboxes (PR/#7882)
• [Widgets] Undefined pagination variable when editing custom view (PR/#7935)
• [Widgets] set GMT to default if null (PR/#7766)

Security fixes

• Add rule for max session duration (PR/#7918)
• Hide password in command line for status details page (#7414, PR/#7859)
• Escape script and input tags by default (PR/#7811)
• Add php mandatory params info in source installation (PR/#7897)
• Escape persistent and reflected XSS in my account (PR/#7877)
• Remove xss injection of service output in host form (PR/#7865)
• Sanitize host_id and service_id in makeXMLForOneService.php (PR/#7862)
• Session fixation using regenerate_session_id (PR/#7892)
• Remove command test execution - CVE 2019-16405 (PR/#7864)
• the ini_set session duration param has been moved in php.ini (PR/7896)

Technical

• [API] Update type of returned activate property (PR/#7851)
• [CEIP] Telemetry ceip improvements (PR/#7931)
• [Component] Compatibility with RRDtool >= 1.7.x (PR/#7676)
• [Component] Update to rh-php72 (PR/#7542)
• [Composer] Reduce size of centreon package on packagist (PR/#7818)
• [Composer] Add missing translation dependency in composer.json (PR/#7879)
• [Configuration] Move filesGeneration directory to /var/cache/centreon (PR/#7735)
• [Core] Improve the centreon user service definition in ServiceProvider (PR/#7891)
• [CSS] Clean cache at each new centreon version (PR/#7959)
• [Database] Start compatibility with MariaDB/MySQL STRICT mode - in progress (PR/#7544)
• [Database] Remove useless primary keys on multiple tables (PR/#7542)
• [Database] Change type of column widget_models.description to TEXT (PR/#7542)
• [Database] Add default value to acl_groups.acl_group_changed table (PR/#7542)
• [Database] Update column types of downtimes table (PR/#793)
• [Database] Compatibility with MySQL v8.x version (PR/#7801)
• [Install] Do not require conf.php files to exist in module upgrade directories (PR/#7914)
• [Lib] Upgrade front libraries & improve dynamic import (PR/#7724)
• [Select2] Fix default select2 getter on severity (PR/#7814)
• [Select2] Allow to display disabled status in select2 options (PR/#7531)
• [Test] Fix acceptance test of locked elements (PR/#7910)
• [Update] Move alter table statement in a php script for MySQL compatibility (PR/#7838)
• [Upgrade] Take into account the removal of older conf.php (PR/#7952)
• [Update] Remove upgrade of bigint columns (PR/#7953)
• [UI] Remove wizard graph tour in performance view (PR/#7676)
• [Update] Finish module update with upgrade to last version (PR/#7956)

Known issue

• [logs] Fix the limitation of max value for the primary key of the centreon_storage.logs table (:ref:update_centreon_storage_logs)

Centreon Web 2.8.29

Centreon Web 2.8.29

Bug Fixes

• [ACL] Add ACL to select meta-services for service performance (#6534, PR/#7736)
• [Configuration] Add possibility to save service_interleave_factor in Centreon Engine form (PR/#7591)
• [Widget] Fix preferences #7641 (#6988, PR/#7641)

Security

• [UI] Add escapeshellarg to nagios_bin binary passed to shell_exec (PR/#7694 closes CVE-2019-13024)

Others

• [SQL] Use pearDb (PR/#7668)
• [Generation] Fix requirement (PR/#7703)

Centreon Web 19.04.4

Centreon Web 19.04.4

Enhancements

• [Administration] Add the possibility to define the refresh frequency for LDAP settings for users (PR/#7627)
• [API] Update output of getparam command on host object (PR/#7678)
• [Configuration] Close tooltip when user clicks somewhere else (PR/#7729)

Bug fixes

• [ACL] Add ACL to select meta-services for service performance (#6534, PR/#7736)
• [Backup] Change backup path of httpd24-httpd (PR/#7577)
• [Configuration/Administration] Fix filters save with pagination (PR/#7732)
• [Configuration] Fix meta service generation with special char (#7608, PR/#7705)
• [Configuration] Trap generation reindexing pollers id (#6205, PR/#6416)
• [Clapi] Delete services when host template is detached from host (#4371, PR/#7784)
• [Clapi] Fix import of contactgroup when linked to ldap (PR/#7797)
• [Centcore] Use correct ssh port (PR/#7677)
• [Graphs] Issue with export of splitted graphs fixed (PR/#7822)
• [Menu] translate properly menu entries
• [Monitoring] Fix pagination display in service monitoring (PR/#7755)
• [Remote-Server] Check bam installation on remote server is http only (#7626, PR/#7640)
• [Remote-Server] Fix enableremote parameters parsing and setting (PR/#7711)
• [System] Compatibility with MySQL v8
• [UI] Remove chrome password autocomplete in several form (#6283, PR/#7697)
• [UI] Custom view page is no longer broken with spanish language (PR/#7778)

Documentation

• Correct CLAPI Host parameters (PR/#7658)
• Correct SSH exchange notice (#7620, PR/#7639)

Technical

• [Lib] update composer

Centreon Web 18.10.7

Centreon Web 18.10.7

Enhancements

• [Configuration] Close tooltip when user clicks somewhere else (PR/#7729)

Bug fixes

• [ACL] Add ACL to select meta-services for service performance (#6534, PR/#7736)
• [Configuration/Administration] Fix filters save with pagination (PR/#7732)
• [Configuration] Fix meta service generation with special char (#7608, PR/#7705)
• [Configuration] Trap generation reindexing pollers id (#6205, PR/#6416)
• [Centcore] Use correct ssh port (PR/#7677)
• [Clapi] Delete services when host template is detached from host (#4371, PR/#7784)
• [Graphs] Issue with export of splitted graphs fixed (PR/#7822)
• [Monitoring] Fix pagination display in service monitoring (PR/#7755)
• [Remote-Server] Check bam installation on remote server is http only (#7626, PR/#7640)
• [Remote-Server] Fix enableremote parameters parsing and setting (PR/#7711)
• [System] Compatibility with MySQL v8
• [UI] Remove chrome password autocomplete in several form (#6283, PR/#7697)
• [UI] Custom view page is no longer broken with spanish language (PR/#7778)

Documentation

• Correct CLAPI Host parameters (PR/#7658)
• Correct SSH exchange notice (#7620, PR/#7639)

Technical

• [Lib] update composer

Centreon 19.04.3

Enhancements

• [Traps] Increase trap special command database field (#7610)
• [Traps] Make @hostid@ macro available for trap configuration (#7592)
• [Traps] You can create a trap with matching mode regexp (#7679)
• [UI] Enhance helper (tooltip) for mail configuration (#7584)
• [UI] Translate notification delay parameters (#7696)

Bug fixes

• [Centcore] Issue fixed with commands that were overwritten (#7650)
• [Configuration] Correctly save service_interleave_factor value in Engine configuration form (#7591)
• [Configuration] Correctly search services by "disabled" state (#7612)
• [Downtime] Correctly compute downtime duration & end date (#7601)
• [Event Logs] Several issues fixed on CSV export (group arrows, host filter)
• [Installation] Missing template directory in tar.gz package
• [Monitoring] Correctly display services with special character "+" (#7624)
• [Remote Server] Update only properties of selected poller (#7633)
• [Remote Server] Do not compare bugfix version on task import (#7638)
• [Remote Server] Increase size of database field to store large FQDN (#7637 closes #7615)
• [Remote Server] Set task in failed if an error appears during import/export (#7634)
• [Remote Server] Filter output to master on NEB category only (#7695)
• [Reporting] Correctly apply ACL on reporting dashboard (#7604)
• [UI] Add scrollbar to remote server configuration wizard (#7600)
• [UI] Change icon cursor when exporting graphs to PNG (#7613)
• [Upgrade] Issue with upgrade from 18.10.x to 19.04.x (#7602 closes #7596)

Documentation

• [Onboarding] Improve actual content for Quick Start and add more (#7609)

Security fixes

• [UI] add escapeshellarg to nagios_bin binary passed to shell_exec (#7694 closes CVE-2019-13024)

Centreon 18.10.6

Enhancements

• [LDAP] Optimizing data sent when importing contact (#7559)
• [Traps] Increase trap special command database field (#7610)
• [Traps] Make @hostid@ macro available for trap configuration (#7592)
• [UI] Enhance helper (tooltip) for mail configuration (#7584)
• [UI] Translate notification delay parameters (#7696)
• [Traps] You can create a trap with matching mode regexp (#7679)

Bug fixes

• [Installation] Missing template directory in tar.gz package
• [Centcore] Issue fixed with commands that were overwritten (#7650)
• [Remote Server] Do not compare bugfix version on task import (#7638)
• [Remote Server] Set task in failed if an error appears during import/export (#7634)
• [Remote Server] Increase size of database field to store large FQDN (#7637 closes #7615)
• [Remote Server] Update only properties of selected poller (#7633)
• [Remote Server] Filter output to master on NEB category only (#7695)
• [Monitoring] Correctly display services with special character "+" (#7624)
• [Configuration] Correctly search services by "disabled" state (#7612)
• [Downtime] Correctly compute downtime duration & end date (#7601)
• [Event Logs] Several issues fixed on CSV export (group arrows, host filter)
• [Configuration] Correctly save service_interleave_factor value in Engine configuration form (#7591)
• [Reporting] Correctly apply ACL on reporting dashboard (#7604)
• [UI] Add scrollbar to remote server configuration wizard (#7600)
• [UI] Change icon cursor when exporting graphs to PNG (#7613)
• [Upgrade] Execute again missing PHP update from 2.8.27 (#7434)
• [Upgrade] add missing upgrade script for 2.8.28

Documentation

• [Onboarding] Improve actual content for Quick Start and add more (#7609)

Security fixes

• [UI] add escapeshellarg to nagios_bin binary passed to shell_exec (#7694 closes CVE-2019-13024)