All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
This changelog format was introduced in NAV 5.4.0. Older changelogs can be found in the HISTORY file.
- Added option to enable secure cookies in new web security section of
webfront.conf(#2194, #2815) - Made
mod_auth_mellon(SAML) work for logins (#2740)- Also added howto for setting up
mod_auth_mellonfor Feide authentication.
- Also added howto for setting up
- Cycle session IDs on login/logout to protect against potential session fixation attacks (#2804, #2813, #2836, #2835)
- Flush sessions on logout (#2828)
- Prevent clickjacking attacks on NAV by disallowing putting NAV site in document frames (#2816, #2817)
- Cleaned up overview/intro docs (#2827)
- Various cleanups of the test suites:
- Removed nonsensical pydantic requirement (#2867)
- Removed warnings when building docs (#2856)
- Modernize installation of NAV scripts/binaries using
pyproject.toml(#2676, #2679) - Changed the documentation theme from "Bootstrap" to "Read The Docs", as the Bootstrap theme was no longer being maintained. This also avoids unnecessary JavaScript libraries in the docs (#2805, #2825, #2824, #2834, #2837, #2833, #2853, #2868)
- Various changes needed to move NAV closer to being fully compatible with Python 3.11:
- Replaced all uses of
pkg_resourceswithimportlib(#2791, #2798, #2799) - Upgraded Twisted to a version that supports Python 3.11 (#2792, #2796)
- Upgraded psycopg to 2.9.9 (#2793, #2795)
- Dropped code that was there to support Django's older than 3.2 (#2823)
- Upgraded
python-ldapfrom 3.4.0->3.4.4 (#2830) - Enabled running test suite on Python 3.10 by default (#2838)
- Stopped running test suite on Python 3.8 by default (#2851)
- Fixed invalid/deprecated backslash escapes in MIB dump files, as warned about in newer Python versions (#2846, #2848)
- Fixed deprecation warning for Django 4.0 in test suite (#2844)
- Removed an adaption to Pythons older than 3.7 (#2840)
- Install Node/NPM in docker dev environment (#2855)
- Vendor the PickleSerializer (#2866)
- Replaced all uses of
- Allow admins to configure ports with invalid or unset native VLANs in PortAdmin (#2477, #2786)
- Fix bug that caused PoE config to be completely disabled for Cisco devices where at least one port did not support PoE (#2781)
- Fix PortAdmin save button moving around for ports without PoE support (#2782)
- Fix PortAdmin bug that prevented switching PoE state back and forth without reloading entire page (#2785)
- Fix regression that caused maintenance tasks to be un-editable (#2783, #2784)
- Fix broken "operate as user" function in User and API Administration tool (#2766, #2777)
- Fix crashing PDU widget (#2776)
- Fix bug that caused PortAdmin to stop working for Cisco switches (#2773, #2774)
- Constrain version of 3rd party module
ciscoconfparse, in order to avoid NAV not working under Python 3.7 (#2770, #2771) - Fix ipdevpoll crash error from using SNMP v2c profile example that came with NAV (#2767, #2768)
- Gracefully handle encoding errors in invalid sysname/IP input in SeedDB IP Device form (#2764)
- Gracefully handle errors from invalid profiles list input in SeedDB IP Device form (#2765)
- Initial SNMPv3 support added to most parts of NAV
- Add an SNMPv3 management profile type (#2693, #2699)
- Add SNMPv3 session support to the synchronous SNMP libraries used by most parts of NAV except ipdevpoll (#2700, #2710)
- Add SNMPv3 reachability tests in SeedDB IP Device registration forms (#2704, #2734, #2727, #2730)
- Add SNMPv3 support to Portadmin (#2712, #2731)
- Add SNMPv3 support to
navsnmpcommand line program (#2724, #2725) - Add SNMPv3 support to Arnold (#2726, #2733)
- Add SNMPv3 session support to ipdevpoll's asynchronous SNMP libraries (#2736, #2743)
- Add SNMPv3 support to
navoidverifyandnaventitycommand line programs (#2747, #2748)
- Power-over-Ethernet configuration support for Cisco and Juniper equipment in PortAdmin (#2632, #2633, #2666, #2635, #2759)
- Extract VLAN association from router port names on Checkpoint firewalls (#2684, #2701)
- Add link to our GitHub discussion forums in "Getting help" documentation (#2746)
- Add subcommand to
navusercommand line program for deleting users (#2705) - Add toggle in
webfront.conffor automatic creation of remote users (#2698, #2707) - Add proper documentation index page for all howto guides (#2716)
- Add description to threshold alarms (#2691, #2709)
- Add tests for overview of alert profiles page (#2741)
- Add make rule for cleaning
docdirectory (#2717) - Add an snmpd service container for SNMPv3 comms testing (#2697)
- Improve validation of maintenance form input in order to avoid unintentional crash reports (#2757)
- Handle invalid alert profile ID form input without crashing (#2756)
- Prevent crash errors in esoteric situations where multiple dashboards have been erroneously marked as a user's default dashboard (#2680)
- Fix broken
navoidverifycommand on Linux (#2737) - Several regressions related to input validation in Alert Profiles were fixed:
- Fix regression that prevented filter groups from being deleted from an alert profile (#2729)
- Fix regression that prevented activation/deactivation of alert profiles (#2732)
- Fix form validation with "equal" and "in" operators for adding expression with group to filter (#2750)
- Add more expression operator tests for alert profiles and fix cleaning in
ExpressionForm(#2752)
- Restructure alert profile tests (#2739)
- Allow write-enabled SNMP profiles to be used for reading when device has no read-only SNMP profiles (#2735, #2751)
- Improved howto guide for setting up remote user authentication using
mod_auth_oidc(#2708)
- Refactored web authentication code in preparation for future changes to authentication flow (#2706)
- Remove remaining uses of
Netbox.snmp_version(#2522) - Remove unused function
snmp_parameter_factory(#2753) - Remove deprecated Netbox SNMP properties (#2754, #2761)
- Even more complex and flexible configuration of NAV logging is now supported through
logging.yml(#2659) - Added howto guide for log configuration (#2660)
- Currently non-functional (aka. "blacklisted") alert sender mechanisms are now flagged in the Alert Profiles tool wherever an affected alert address is displayed (#2653, #2664, #2677, #2678)
- Added support for polling and alerting on Juniper chassis and system alerts (#2358, #2388)
- Added a new
contains_addressfilter to theprefixAPI endpoint, to enable lookup of matching prefix/vlan details from a single IP or subnet address (#2577, #2578) - Defined and added abstract methods for Power-over-Ethernet configuration to PortAdmin management handler classes (#2636)
- These are needed for the upcoming vendor specific implementations of PoE config in PortAdmin.
- Implemented configuration file parsing for upcoming local JWT token feature (#2568)
- Properly dispose of outgoing alert notifications to invalid alert addresses (#2661)
- Fixed crash when attempting to log device errors with an empty comment in the Device History tool (#2579, #2580)
- Fixed bad styling and missing linebreaks in traceback section of the 500 error page (#2607, #2628)
- Show help text instead of error when running
navcommand without arguments (#2601, #2603) - Prevent users from entering invalid
sysObjectIDvalues when editing Netbox types in SeedDB (#2584, #2566) - Removed upper version bound for Pillow image manipulation library, to fix security warnings (#2567)
- Alerts that cannot be sent due to blacklisted media plugins will no longer fill up
alertengine.logevery 30 seconds, unless DEBUG level logging is enabled (#1787, #2652) - DNS lookups in ipdevinfo are now properly case insensitive (#2615, #2650)
- Alert Profiles will now properly require Slack alert addresses to be valid URLs (#2657)
- 5 minute and 15 minute load average values will now be collected correctly for Juniper devices (#2671, #2672)
- Fix cabling API, which broke due to internal refactorings (#2621)
- Only install NAV's custom
epollreactor2in ipdevpoll if running on Linux (#2503, #2604)- Stops ipdevpoll from crashing on BSDs.
- Moved more of NAV's packaging definition to
pyproject.toml(#2655) - Pin pip to version 23.1.0 for CI pipelines to continue working (#2647)
- Improve ipdevpoll logging of SQL queries and from Twisted library (#2640)
- Stop making skipped validation tests for non HTML content (#2623)
- Version-locked indirect dependencies of test suites (#2622, #2617)
- Improve SNMP forwarding/proxying container setup, including adding IPv6 support (#2637, #2516)
- Documented a recipe for establishing SNMP tunnels when testing devices on otherwise unreachable networks (#2426, #2435)
- Run Django development web server in "insecure" mode to improve simulation of a production environment when debug flag is turned off (#2625)
- Added a proper docstring to
bootstrap_django()function (#2619, #2168) - Stop restoring stale tox environment caches in GitHub workflows (#2605)
- Added tests for ipdevpoll worker euthanization (#2599, #2548)
- Added tests to ensure snmptrapd can properly look up a NAV router that sends traps from one of its non-management IP addresses (#2500, #2510)
- Avoid redundant graphite time formatting strings by re-using constant (#2588, #2543)
- Make detection of running in a virtualenv more compatible with modern toolchain (#2573)
- Revert to having tox run its own dependency installer (#2572)
- Added explicit back-relation names for several Django ORM models (#2544, #2546, #2547, #2549, #2550, #2551)
- Document a recipe for establishing SNMP tunnels using socat/SSH (#2426, #2435)
- Updated/added explicit relation names to various ORM models (#2544, #2546, #2547, #2549, #2550, #2551, #2595, #2596)
- Added tests for simple searches (#2597)
- Ensure event variables are always posted in transactions, so the event engine does not accidentally end up processing incomplete event information (#2594)
- Report broken cache configuration as an error in Ranked Statistics tool, rather than taking down the whole NAV site (#2561, #2563)
- Show error message on invalid ip address in ipdevinfo (#2590, #2589)
- Link to correct room in room report if room has a space in its name (#2593, #2592)
- Work around duplicate internal serial numbers in Juniper equipment by trusting data only from the device with the lowest entity index (#2583, #2493)
- Make save function in AlertHistory, EventHistory and AlertQueue atomic (#2594)
- Ignore LDAP server referral responses, rather then erroring out during the login process (#2576, #1166)
- Include the
new_versionvariable in alert message templates for device hw/fw/sw upgrades (#2565) - Update NAV blog widget to use the new blog URL (#2585)
- Handle invalid IP address input in ipdevinfo device searches gracefully, rather then crashing with a 500 error (#2589, #2590)
- Fix broken links to room details from room report for rooms with spaces in their names (#2592, #2593)
- Catch Validation error in filtering of prefixes in API (#2606, #2608)
- Redesign the 500 Error page so that the exception traceback if formatted as one
- NAPALM/NETCONF management profiles can now be configured with custom timeout values (#2460, #2390)
- Post lifecycle events the first time new chassis/module/PSU/fan devices are seen (#2391, #2414)
- Accept JSON Web Tokens signed by third-parties as valid API authentication/authorization tokens (#2483, #2511)
- Collect "chassis" serial numbers from Aruba wireless controllers (#2514)
- Added an API endpoint for module information (#2517, #2520)
- Result caching added to ranked statistics - including the ability to populate the cache regularly behind-the-scenes in a cronjob ((#1504, #2398)
- Added
buglog.pyoption to fetch issue numbers from git reflog (#2474) - Added tests for
get_memory_usagefor all memory MIBs (#2376, #2441) - Added tests to discover invalid MIB dumps from smidump (#2501, (#2521)
- Updated/added explicit relation names to various ORM models (#2539, #2540, #2541, #2542)
- Empty alert messages are no longer sent when device software upgrades are detected (#2533)
- Merged two fixes from the 5.4.x stable series that never actually made it into the 5.5 series:
- Properly log (for posterity) old and new revision numbers with every software/hardware/firmware upgrade event NAV posts (#2515, #2545, #2560)
- snmpwalk routine for synchronous NAV code now correctly handles end-of-mib-view errors (#1925, #2489)
- Removed deprecation warnings from command line programs
navsnmp,naventityandnavoidverify(#2389, #2429)
- Use pip-compile's backtracking dependency resolver to fix failing CI pipelines (#2509)
- Updated libsnmp dependency for newer Ubuntu runners in GitHub pipelines (#2532)
- Use same version of Django for pylint runs as the latest stable release (#2536)
- Fixed a slew of new CI pipeline / test suite problems that appear after new years (#2537)
- Fix serious collection breakdown in ipdevpoll by re-generating a valid Python representation of CISCO-ENHANCED-MEMPOOL-MIB (#2494, #2495)
- Fix broken trap processing in snmptrapd (#2497, #2498)
- Delete and ignore module devices with fake serial number
BUILTIN, as reported by Juniper equipment, in order to avoid spamming withdevice[SFH]wUpgradealerts (#2491, #2492)
- Bump
lxmlfrom 4.6.5 to 4.9.1 in /tests (#2443) - Links and documented references to the NAV mailing lists have changed to the
lister.sikt.nodomain.
- Add link to #nav irc channel on Libera.Chat to README file (#2475)
- Add
mac_addressesattribute to/netbox/API endpoint (#2487, #2490) - Add ability to filter by alert severity in the status tool (#2467)
- Support for fetching ARP cache entries from all Arista VRF instances (#2262, #2454))
- Link aggregation information added to NAV API (#1765, #2440)
- Support fetching memory stats from
CISCO-ENHANCED-MEMPOOL-MIB(#2236, #2439) - Added a flag to
navcheckservicethat shows all available handler plugins (#2378, #2437) - Post
deviceHwUpgrade/deviceSwUpgrade/deviceFwUpgradeevents when changes are detected to devices' hardware, software or firmware revisions (#2393, #2413) - Call a
cleanup()method for individual container objects after ipdevpoll save stage (#2421) - Added
Devicemethods to resolve and return related objects/entities (chassis, modules, fans, power supplied) and extended device descriptions (#2428)
- Avoid potential resource leaks by properly closing configuration files after reading them (#2451)
- Geomap "link to this configuration" now actually opens the correct location at the correct zoom level (#2412, #2488)
- snmptrapd can now identify an SNMP agent from any of its interface addresses (#2387, #2461)
- PortAdmin now ignores incorrectly configured VLAN tags (tagged as
NA) on Juniper switches, instead of crashing (#2452, #2453) - Fix potential ipdevpoll crashes due to database fetches in wrong thread (#2478, #2480)
- Handle Graphite connection issues gracefully in ranked statistics page (#2459)
- Handle Graphite connection issues gracefully in device group detail page (#2345, #2434)
- Removed needless carbon data chunking from
activeipcollector(#1696, #2462) - Evaluate
0.0as a valid numeric metric value during threshold rule evaluations (#2447 - Updated dead links in Geomap documentation (#2419)
- Link from IPAM to reserve prefixed in SeedDB now works again (#2410, #2422)
- Improved inefficient database queries in Arnold (#2425)
- Updated tox examples in hacking documentation (#2427, #2430)
- Fixed an
AttributeErrorcrash bug in thenaventitycommand line program (#2433, #2444)
- The changelog format has changed from the legacy format into one based on Keep a Changelog.
- Transceivers are no longer classed as modules (#1154)
- Generate more secure API tokens (#2366)
- Remaining instances of "Uninett" in footer FAQ have changed to Sikt (#2367)
- Upgrade to napalm 3.4.1 (#2403)
- Support more recent AKCP environment probes (#2107
- Collect and graph temperature readings from JUNIPER-MIB (#2342)
- Add support for wildcards in report IN operator (a.k.a.
(,,)) (#2347) - Get VLAN tag from Juniper chassis cluster redundant ethernet interface ("RETH") names (#2357)
- Collect and graph memory usage from JUNIPER-MIB (#2359)
- Document NAV's various command line utilities (#2368)
- Add a contrib script to ship ISC DHCP server lease stats to NAV's Graphite instance (#2371)
- Don't display JavaScript alert dialog box when generating links to the current Geomap configuration (#1016)
- Optimize SeedDB prefix listing queries (#2156)
- Fix broken deletion of quick links from "My stuff"-menu (#2334)
- Display friendlier Juniper RPC error reports in Portadmin (#2362)
- Get rid of warning:
CacheKeyWarning: Cache key contains characters that will cause errors if used with memcached(#2379) - Get rid of warning:
DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated(#2381) - Get rid of warning:
django.contrib.postgres.fields.JSONField is deprecated. Support for it (except in historical migrations) will be removed in Django 4.0.(#2382) - Rotate room image thumbnails correctly based on EXIF orientation tag (#2385)
- Fix Django JSONField import deprecation warnings (#2396)
- Fix broken documentation build environment in Read The Docs (#2399)
- Optimize SeedDB room listing queries (#2400)
- Optimize SeedDB netboxtype listing queries (#2401)
- Optimize SeedDB vlan listing queries (#2402)
- Fix broken deserialization of Rack data (#2407)
- Remove unnecessary quotation marks in SeedDB (#2416)
- Fix incorrect handling of stateless event posting in internal APIs (#2417)
- Remaining Python 2 compatibility code (#2319)
- Dependency on the
sixPython module