21.04.18

21.04.18

Release date: September 20, 2022

Bug Fixes

• [Configuration] Fixed an error in the Configuration > Services > Templates menu causing HTML code to be displayed
• [Core] Cleaned code in forMyAccount
• [Core] Corrected escapeSecure usage
• [Widgets] Restored possibility to not select a poller in preferences

Security fixes

• [Administration] Applied validation of format with media synchronization
• [Administration] Sanitized and bound Centreon ACL class queries
• [CLAPI] Added a check to verify that the user has the admin role
• [Configuration] Fixed SQLi in poller's resource creation
• [Configuration] Sanitized and bound queries in centreonConnector file
• [Configuration] Sanitized and bound queries in contactgroup file
• [Configuration] Sanitized and bound queries in listServiceCategories file
• [Configuration] Sanitized and bound queries in listVirtualMetrics file
• [Configuration] Sanitized and bound queries in service argumentsXml file
• [Configuration] Sanitized and bound queries in service host categories file
• [Configuration] Sanitized and bound queries in servicegroup_dependency file
• [Monitoring] Fixed XSS vulnerability in deprecated services status details page

22.04.4

22.04.4

Release date: September 2, 2022

Bug fixes

• [Core] Fixed potential empty values in index_data.special that could block Centreon Broker
• [Install] Fixed update process that threw an "unable to execute SQL query" error

21.10.9

21.10.9

Release date: August 26, 2022

Enhancements

• [Install] Improved error handling during installation

Bug fixes

• [CLAPI] Column names were displayed several times when listing recurrent downtimes
• [Configuration] Extended the size of the URL, Notes and Action URL fields to avoid truncating long URLs
• [Configuration] Fixed a regression: multiple trap definitions can use the same OID again
• [Configuration] Fixed contact/contactgroup additive inheritance configuration using massive change
• [Core] Fixed SQL queries when databases names contained a dash
• [Core] Fixed the database partitioning for MySQL 8
• [Monitoring] Fixed deletion of comments
• [Monitoring] Fixed the "Last_update" column in legacy pages
• [Widget] Fixed hostgroup multiple selection

Security fixes

• [Administration] Sanitized SQLi in media synchronization
• [Administration] Sanitized and bound ACL group queries
• [Administration] Sanitized and bound ACL menus definitions queries
• [Administration] Sanitized and bound Auth class queries
• [Administration] Sanitized and bound queries in ACL actions definition
• [Configuration] Fixed an XSS vulnerability in the Broker configuration page
• [Configuration] Fixed an XSS vulnerability in the service template form
• [Configuration] Sanitized and bound "poller" queries
• [Configuration] Sanitized and bound contact form queries
• [Configuration] Sanitized and bound downtime queries
• [Configuration] Sanitized and bound escalation form queries
• [Configuration] Sanitized and bound hosts dependencies configuration queries
• [Configuration] Sanitized and bound hosts queries
• [Configuration] Sanitized and bound queries in Centreon Broker configuration listing
• [Configuration] Sanitized and bound queries in CentreonXMLBGRequest class
• [Configuration] Sanitized and bound queries in Meta Services dependency configuration
• [Configuration] Sanitized and bound queries in generateImage file
• [Configuration] Sanitized and bound queries in hostgroups dependency configuration
• [Configuration] Sanitized and bound queries in virtual metrics configuration
• [Configuration] Sanitized and bound service configuration queries
• [Configuration] Sanitized and bound service dependency queries
• [Configuration] Sanitized and bound timeperiod form queries
• [Core] Cleaned code in centreonUser.class.php
• [Core] Updated PHP libraries for security issues
• [Cron] Fixed SQL queries when databases names contain dash
• [Install] Sanitized and bound update queries
• [Monitoring] Sanitized SQLi in Centreon centreonGraph class

22.04.3

22.04.3

Release date: August 25, 2022

Enhancements

• [API] Added endpoint to perform all web updates
• [Authentication] Added a log message when an unregistered user tries logging in
• [Configuration] Use API to select metrics in virtual metrics configuration form
• [UI] Reduce spacing and align access buttons in user menu

Bug fixes

• [APIv1] Using the CLAPI import function no longer results in a PHP fatal error for the mentioned versions
• [Administration] Fixed consistency of ACLs with new poller creation wizard structure
• [Configuration] Fixed a regression: multiple trap definitions can use the same OID again
• [Cron] Fixed SQL queries when database names contain a dash
• [Install] Make it possible to connect as user centreon-engine for Debian packaging
• [Install] Fixed Debian packages build when npm is not installed
• [Install] Fixed dependency name for Debian packaging
• [Monitoring] Fixed deletion of comments
• [Monitoring] Fixed the bug that canceled the display of text in graphics after an export in png
• [UI] Fixed OpenID configuration form with Safari
• [UI] Fixed dark mode theme switch
• [Widget] Fixed hostgroup multiple selection

Security fixes

• [Administration] Sanitized SQLi in media synchronization
• [Administration] Sanitized and bound ACL menus definitions queries
• [Administration] Sanitized and bound Auth class queries
• [Administration] Sanitized and bound queries in ACL actions definition
• [Configuration] Fixed an XSS vulnerability in the Broker configuration page
• [Configuration] Fixed an XSS vulnerability in the service template form
• [Configuration] Sanitized and bound hosts dependencies configuration queries
• [Configuration] Sanitized and bound queries in Centreon Broker configuration listing
• [Configuration] Sanitized and bound queries in CentreonXMLBGRequest class
• [Configuration] Sanitized and bound queries in Meta Services dependency configuration
• [Configuration] Sanitized and bound queries in generateImage file
• [Configuration] Sanitized and bound queries in hostgroups dependency configuration
• [Configuration] Sanitized and bound service configuration queries
• [Configuration] Sanitized and bound service dependency queries
• [Core] Clean code in centreonUser.class.php
• [Core] Remove unused appKey feature
• [Monitoring] Sanitized SQLi in Centreon centreonGraph class

21.04.17

21.04.17

Release date: August 22, 2022

Enhancement

• [Install] Improved error handling during installation
• [Configuration] Use API to select metrics in virtual metrics configuration form

Bug Fixes

• [Configuration] Fixed contact/contactgroup additive inheritance configuration using massive change
• [Core] Fixed the database partitioning for MySQL 8

Security fixes

• [Administration] Sanitized SQLi in media synchronization
• [Administration] Sanitized and bound ACL group queries
• [Administration] Sanitized and bound ACL menus definitions queries
• [Administration] Sanitized and bound Auth class queries
• [Administration] Sanitized and bound queries in ACL actions definition
• [Configuration] Fixed an XSS vulnerability in the Broker configuration page
• [Configuration] Fixed an XSS vulnerability in the service template form
• [Configuration] Sanitized and bound downtime queries
• [Configuration] Sanitized and bound escalation form queries
• [Configuration] Sanitized and bound hosts dependencies configuration queries
• [Configuration] Sanitized and bound hosts queries
• [Configuration] Sanitized and bound queries in Centreon Broker configuration listing
• [Configuration] Sanitized and bound queries in CentreonXMLBGRequest class
• [Configuration] Sanitized and bound queries in Meta Services dependency configuration
• [Configuration] Sanitized and bound queries in generateImage file
• [Configuration] Sanitized and bound queries in hostgroups dependency configuration
• [Configuration] Sanitized and bound queries in virtual metrics configuration
• [Configuration] Sanitized and bound service configuration queries
• [Configuration] Sanitized and bound service dependency queries
• [Configuration] Sanitized and bound timeperiod form queries
• [Core] Clean code in centreonUser.class.php
• [Install] Sanitized and bound update queries
• [Monitoring] Sanitized SQLi in Centreon centreonGraph class

22.04.2

22.04.2

Release date: August 3, 2022

Bug fixes

• [Upgrade] Fixed Symfony cache rebuild during upgrade

21.10.8

21.10.8

Release date: August 3, 2022

Security

• [Configuration] Fixed SQLi vulnerability in escalations configuration
• [Configuration] Fixed XSS vulnerability in escalations configuration

21.04.16

21.04.16

Release date: August 3, 2022

Security

• [Configuration] Fixed SQLi vulnerability in escalations configuration
• [Configuration] Fixed XSS vulnerability in escalations configuration

22.04.1

22.04.1

Release date: July 28, 2022

Enhancements

• [Administration] Added consistency in ACLs with the new structure of the poller creation wizard
• [Authentication] Added the permission to import automatically new users using the OpenId Connect protocol
• [Authentication] Applied an ACL Group(s) definition on login for OpenID Connect users
• [Configuration] Extended the size of the URL, Notes and Action URL fields to avoid truncating long URLs
• [Core] Properly managed the switch between Resource Status repositories
• [Install] Improved error handling during installation
• [UX] Improved the OpenId Connect form

Bug fixes

• [API] Fixed MBI APIs with the latest version of Centreon
• [Administration] Fixed the display of the end date of the licenses
• [Administration] Fixed the scrolling when reducing the screen size to access all items
• [Configuration] Fixed contact/contactgroup additive inheritance configuration using massive change
• [Configuration] Fixed empty host template from mappers (Host Discovery) by using default template form Plugin Packs discovery rule
• [Configuration] Fixed the export when the host group is disabled
• [Configuration] Fixed the export when the service group is disabled
• [Configuration] Fixed the export when the service template is disabled
• [Core] Fixed href on links that were broken in menus
• [Core] Fixed SQL queries when databases names contained a dash
• [Core] Fixed the database partitioning for MySQL 8
• [Install] Fixed an SQL issue during update
• [Install] Fixed rights on the /usr/share/centreon/.env.local.php file for Debian package
• [Install] Fixed the waterfall visual effect in the extension's details tile
• [Monitoring] Fixed the "Last_update" column in legacy pages
• [Monitoring] Fixed the notifications number in legacy pages
• [Resources Status] Fixed the timeperiod group button and custom period selectors heights
• [UI] Fixed header and skeleton UI instability
• [UI] Fixed the display of CSS code with Firefox browser
• [UI] Now close the menu when a navigation item is clicked
• [UX] Reduced the timeout to prevent the menu from closing unexpectedly
• [Widget] Now use ACL to get list of pollers in widget configuration to filter display of services

Security fixes

• [Administration] Sanitized and bound ACL Group queries
• [Administration] Sanitized and bound ACL resources queries
• [Configuration] Fixed SQLi vulnerability in escalation form
• [Configuration] Fixed XXS vulnerability in escalation form
• [Configuration] Sanitized and bound "User" class queries
• [Configuration] Sanitized and bound "downtime" queries
• [Configuration] Sanitized and bound "hostgroups" queries
• [Configuration] Sanitized and bound "hosts" queries
• [Configuration] Sanitized and bound "meta_service" related queries
• [Configuration] Sanitized and bound "pollers" queries
• [Configuration] Sanitized and bound contact form queries
• [Configuration] Sanitized and bound escalation form queries
• [Configuration] Sanitized and bound queries in virtual metrics configuration
• [Configuration] Sanitized and bound timeperiod form queries
• [Core] Removed deprecated switch in encodePass() method
• [Core] Updated PHP libraries for security issues
• [Install] Sanitized and bound update queries

20.10.18

20.10.18

Release date: June 16, 2022

Bug fixes

• [Configuration] Fixed checkbox selection after enabling/disabling a contact via icons
• [UX] Improved interface response time if CEIP is enabled but the browser does not have internet access

Security Fixes

• [Apache] Fixed cookies with missing or contradictory properties
• [Apache] Improved Apache configuration to enable HSTS
• [Core] Passwords are now obfuscated in the page's HTML source
• [Security] Fixed SQLi in virtual metrics
• [Security] Sanitized and bound "User" class queries