21.10.7

21.10.7

Release date: June 10, 2022

Bug Fixes

• [API] Fixed /monitoring/host endpoint to return service state
• [API] Fixed SQL syntax when retrieving service_id field
• [Business Activity] Fixed synchronization of configuration with Remote Server
• [Configuration] Fixed export when host group is disabled
• [Configuration] Fixed export when service group is disabled
• [Configuration] Fixed export when service template is disabled
• [Core] Fixed database partitioning issue with MySQL 8
• [Dashboard] Fixed displaying of first service in host reporting dashboard
• [Discovery] Fixed critical error when searching host templates with notification option in mappers configuration
• [Install] Fixed error when installing Centreon with remote DBMS
• [Monitoring] Fixed notification number in legacy pages
• [Remote Server] Fixed synchronization of configuration
• [Resource Status] Fixed color when resources are selected in downtime or acknowledged
• [UX] Fixed timezone when adding a downtime or an acknowledgement
• [UX] Follow user configuration for Date/Time display
• [Widget] The list of pollers is now filtered according to the user's ACLs

Security

• [Security] Fixed RCE in command
• [Security] Fixed SQLi in virtual metrics
• [Security] Sanitize and bind "hostgroups" queries
• [Security] Sanitize and bind "meta_service" related queries
• [Security] Sanitize and bind "poller" queries
• [Security] Sanitize and bind ACL resources queries

21.04.15

21.04.15

Release date: June 10, 2022

Bug Fixes

• [API] Fixed /monitoring/host endpoint to return service state
• [API] Fixed SQL syntax when retrieving service_id field
• [Business Activity] Fixed synchronization of configuration with Remote Server
• [Install] Fixed error when installing Centreon with remote DBMS
• [Remote Server] Fixed synchronization of configuration
• [Widget] The list of pollers is now filtered according to the user's ACLs

Security

• [Security] Fixed RCE in command
• [Security] Fixed SQLi in virtual metrics
• [Security] Sanitize and bind "User" class query
• [Security] Sanitize and bind "hostgroups" queries
• [Security] Sanitize and bind "meta_service" related queries
• [Security] Sanitize and bind "poller" queries
• [Security] Sanitize and bind ACL resources queries

22.04.0

chore(install): update version to 22.04.0 (#11134)

* chore(install): update version to 22.04.0

* Update Update-22.04.0.php

* remove unneeded swp file

21.10.6

21.10.6

Release date: May 2, 2022

Bug Fixes

• [API] Fixed an issue in the icons API endpoint that always returned 0 for total number of results
• [Banner] Fixed display of empty skeleton
• [Charts] Fixed slowdown in graphics display
• [Configuration] Fixed an issue that caused the export of the poller configuration files to fail when a disabled host template was used
• [Configuration] Fixed checkbox selection after enabling/disabling a contact via icons
• [Core] Fixed an issue where proxy settings were saved with empty parameters
• [Install] Fixed an issue in database user creation with remote DBMS
• [Monitoring] Fixed display of acknowledgement information in legacy Resources Status pages
• [Monitoring] Fixed relation issue for recurrent downtimes
• [Reporting] Fixed an issue where MBI graphs reports were not using graph templates
• [Resources Status] Fixed default settings for acknowledgments and downtimes
• [Resources Status] Fixed display of acknowledgements comments
• [Resources Status] Fixed Hard/Soft translation
• [Resources Status] Fixed monitoring command that was not displayed in Resources Status Details panel
• [UX] Fixed display of date with UTC timezone in datepickers
• [UX] Improved interface response time if CEIP is enabled but the browser does not have internet access

Security Fixes

• [Apache] Fixed cookies with missing or contradictory properties
• [Apache] HTTPS Apache configuration now includes HSTS
• [Configuration] Fixed an SQL injection issue in Configuration > Poller > Resources
• [Core] Passwords are now obfuscated in the page's HTML source
• [Core] Replace Math.random by Crypto JS API
• [PHP] Disabled allow_url_fopen in PHP

21.04.14

21.04.14

Release date: May 2, 2022

Bug Fixes

• [API] Fixed an issue in the icons API endpoint that always returned 0 for total number of results
• [Configuration] Fixed checkbox selection after enabling/disabling a contact via icons
• [Core] Fixed an issue where proxy settings were saved with empty parameters
• [Install] Fixed an issue in database user creation with remote DBMS
• [Reporting] Fixed an issue where MBI graphs reports were not using graph templates
• [Resources Status] Fixed default settings for acknowledgments and downtimes
• [Resources Status] Fixed display of acknowledgements comments
• [Resources Status] Fixed monitoring command that was not displayed in Resources Status Details panel
• [UX] Improved interface response time if CEIP is enabled but the browser does not have internet access

Security Fixes

• [Apache] Fixed cookies with missing or contradictory properties
• [Apache] HTTPS Apache configuration now includes HSTS
• [Core] Passwords are now obfuscated in the page's HTML source
• [Core] Replace Math.random by Crypto JS API

20.10.17

20.10.17

Release date: April 15, 2022

Bug fixes

• [Core] Proxy settings were saved with empty parameters
• [MBI] MBI graphs reports were not using graph templates
• [Resources Status] Fixed monitoring command not displayed in Resources Status Details panel

20.10.16

20.10.16

Release date: April 1, 2022

Enhancements

• [Authentication] Autologin Validation reinforcement
• [UX] Add TheWatch URL to Centreon footer

Bug fixes

• [Authentication] Improve LDAP authentication and authorization
• [Core] Fixed SQL request syntax error for cron with MySQL 8
• [Install] Fixed SQL errors in upgrade process from Centreon version < 2.8.5
• [Resources Status] Fixed the display of old downtimes in the Details tab

Security Fixes

• [Administration] SQL injection on Knowledge Base configuration form
• [Administration] SQL injections on ACL group listing
• [Administration] SQL injections on LDAP listing
• [Configuration] Command path traversal resulting in RCE on command edition form
• [Configuration] SQL injection on export configuration
• [Configuration] SQL injections on SNMP traps edition form
• [Configuration] SQL injection in Resources form
• [Core] Disabling allow_url_fopen in PHP
• [Core] RCE in legacy PHP's class autoload
• [Dashboard] XSS in reporting dashboard
• [Monitoring] SQL injection on performance curve edition form
• [Resources Status] XSS reflected from plugin's metric output

21.04.13

21.04.13

Release date: April 1, 2022

Bug Fixes

• [Chart] Fixed a PHP warning and removed a debug text appearing at the bottom of the page when modifying a curve template in "Monitoring > Performances > Curves"
• [UX] When users did not have the "Action access" rights for the top counter, the top counter was displayed "skeleton style". This has been fixed.

Security Fixes

• [Administration] SQL injections on ACL group listing
• [Administration] SQL injection on Knowledge Base configuration form
• [Administration] SQL injections on LDAP listing
• [Configuration] Command path traversal resulting in RCE on command edition form
• [Configuration] SQL injection on export configuration
• [Configuration] SQL injections on SNMP traps edition form
• [Configuration] SQL injection on Resources form
• [Core] RCE in legacy PHP's class autoload
• [Monitoring] SQL injection on performance curve edition form

21.10.5

21.10.5

Release date: March 21, 2022

Security Fixes

• [Administration] SQL injections on ACL group listing
• [Administration] SQL injection on Knowledge Base configuration form
• [Administration] SQL injections on LDAP listing
• [Configuration] Command path traversal resulting in RCE on command edition form
• [Configuration] SQL injection on export configuration
• [Configuration] SQL injections on SNMP traps edition form
• [Core] RCE in legacy PHP's class autoload
• [Monitoring] SQL injection on performance curve edition form

21.04.12

21.04.12

Enhancements

• [Statistics] Manage exception for statistics
• [Resource Status] Added custom variables definition in URL/Action URL

Bug Fixes

• [Authentication] Improve LDAP authentication and authorization
• [Configuration] Fixed an issue in the contact form. When a non-admin user modified another non-admin user, only access groups that were common to both users were kept, other access groups were lost for the second user.
• [Configuration] Fixed an issue in the contact form: when a non-admin user modified a duplicated contact, it resulted in a blank screen.
• [Knowledge Base] Fixed links to knowledge base
• [Resource Status] Fixed display of old downtimes

Security Fixes

• Disabling allow_url_fopen in PHP
• XSS reflected from plugin's metric output
• XSS in reporting dashboard
• SQL Injections on ACL group listing