20.04.11

20.04.11

March 23, 2021

Bugfixes

• [CLAPI] CFGMOVE & APPLYCFG don't work
• [Core] Update centreon copyright dates
• [Install] Complete the Last step upgrade redirection
• [Administration/About] Update about page with current team

Security fixes

• [Core] Cross-site Scripting (XSS) in index.php
• [Lib] Update jQuery to version >= 3.5.1

20.10.4

20.10.4

February 25, 2021

Enhancements

• [Configuration] Add the 'instance_heartbeat_interval' parameter in Engine configuration
• [Configuration] Improve access to the list of pollers
• [Core] Performance improvements for partitioning
• [Core] Update PHP 7.3 compatibility
• [Core] Use Gorgone to dispatch downtimes locally
• [Status Details] Display of comments in the host details page
• [Top counters] Displayed values for services don't consider host acknowledgements

Bugfixes

• [CLAPI] No control on dependencies relations
• [Configuration/] "Conf Changed" yes is green instead of red in pollers listing
• [Configuration] Creation forms generate status code 400 errors
• [Configuration] Non-admin users can't create host/service
• [Resources Status] Display order of events in timeline
• [Resources Status] Panel does not display radius
• [Resources Status] Unexpected behavior when setting a DT with an empty comment field

Security fixes

• [Administration] Cross-site Scripting (XSS) Stored/Persistent in "ACL > Resources Access" - CVE-2020-22425
• [Administration] XSS stored in the LDAP form
• [Apache] Remove deprecated TLS ciphers
• [Authentication] Session is active longer than expected
• [Authentication] User enumeration in login page
• [Configuration] Cross-site Scripting (XSS) Reflected in "Configuration > Hosts"
• [Core] Vulnerable handlebars.js library
• [Reporting] Cross-site Scripting (XSS) Reflected in "Dashboard > Hosts"

19.10.20

Centreon Web 19.10.20

February 23, 2021

Bug fixes

• [Configuration] Non-admin users can't create host/service
• [Core] PHP 7.3 issue with recurrent downtimes

Security fixes

• [Administration] Cross-site Scripting (XSS) Stored/Persistent in Ressource Access form
• [Administration] XSS stored in the LDAP form
• [Apache] Remove deprecated ciphers for HTTPS configuration example
• [Authentication] Session is active longer than expected
• [Authentication] User enumeration in login page
• [Configuration] Cross-site Scripting (XSS) Reflected in Hosts form
• [Core] Vulnerable handlebars.js library
• [Reporting] Cross-site Scripting (XSS) Reflected in "Dashboard > Hosts" page
• [Service details] Too much "Unable to hide passwords in command"

20.04.10

20.04.10

February 24, 2021

Enhancements

• [Configuration] Add the 'instance_heartbeat_interval' parameter in Engine configuration
• [Configuration] Improve access to the list of pollers
• [Core] Performance improvements for partitioning
• [Core] Update PHP 7.3 compatibility
• [Core] Use Gorgone to dispatch downtimes locally
• [Status Details] Display of comments in the host details page
• [Top counters] Displayed values for services don't consider host acknowledgements

Bugfixes

• [CLAPI] No control on dependencies relations
• [Configuration] Non-admin users can't create host/service

Security fixes

• [Administration] Cross-site Scripting (XSS) Stored/Persistent in "ACL > Resources Access" - CVE-2020-22425
• [Administration] XSS stored in the LDAP form
• [Apache] Remove deprecated TLS ciphers
• [Authentication] Session is active longer than expected
• [Authentication] User enumeration in login page
• [Configuration] Cross-site Scripting (XSS) Reflected in "Configuration > Hosts"
• [Core] Vulnerable handlebars.js library
• [Reporting] Cross-site Scripting (XSS) Reflected in "Dashboard > Hosts"

2.8.36

###################
Centreon Web 2.8.36
###################

February 23, 2021

Bugfix

• [Configuration] Non-admin users can't create host/service

Security

• [Administration/ACL] Cross-site Scripting (XSS) Stored/Persistent in Ressource Access
• [Administration/LDAP] XSS stored in the LDAP form
• [Authentication] Session is active longer than expected
• [Authentication] User enumeration in login page
• [Core] 4.2.3 Vulnerable handlebars.js library
• [Reporting/Dashboard/Hosts] Cross-site Scripting (XSS) Reflected

19.10.19

enh(doc): Add Centreon Web 19.10.19 release note (#9440)

20.10.3

20.10.3

February 08, 2021

Enhancements

• [API] Add endpoint for Topology/enableRemote
• [API] Add Delete method for Topology/enableRemote
• [Core] [Refactor the script to register new server in bash instead of PHP

Bugfixes

• [Administration] ACL Menus Access - Lines alignment
• [Administration] ACL Menus Access - Unable to select subgroup access options
• [CLAPI] APPLYCFG on a Poller behind a Remote Server doesn't trigger sync task for the RS itself
• [CLAPI] Cancel RTACKNOWLEDGEMENT doesn't work for services
• [CLAPI] Create user with language
• [CLAPI] Import fails on password type macros
• [CLAPI] Show RTACKNOWLEDGEMENT for a service only shows first one to have been defined
• [Update] Central IP is override by 127.0.0.1 in platform_topology table

Security fixes

• [ACL/Access Groups] Cross-site Scripting (XSS) Stored/Persistent for search
• [ACL/Actions Access] Cross-site Scripting (XSS) Stored/Persistent for search
• [ACL/Resources Access] Cross-site Scripting (XSS) Stored/Persistent for search
• [API] Missing access control mechanism in rest API v1
• [Configuration > Servicegroups] Leak of technical information
• [Configuration/H/HTPL/S/STPL] Password in plain text
• [Core] Centreon token is vulnerable against replay attack
• [Core] Token usage is not mandatory
• [Media] PHP warning about missing tmp dir used during media upload

2.8.35

fix(doc): complete release note

20.04.9

chore(ci): use discoverGitReferenceBuild instead of reference build (…

20.10.2

fix(mediawiki): manage properly mediawiki url of host templates (#9367)

Refs: MON-6321