summarylogtreecommitdiffstats
path: root/icinga2.changelog
blob: f413718e2cb62d9409f76d937af009ba5be5187b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
2.14.0-1
  - New upstream version 2.14.0

2.13.7-1
  - New upstream version 2.13.7

2.13.6-2
  - Add patch to support Boost 1.81

2.13.6-1
  - New upstream version 2.13.6

2.13.5-1
  - New upstream version 2.13.5

2.13.4-1
  - New upstream version 2.13.4

2.13.3-1
  - New upstream version 2.13.3

2.13.2-1
  - New upstream version 2.13.2

2.13.1-1
  - New upstream version 2.13.1
  - Security: Add TLS server certificate validation to ElasticsearchWriter,
    GelfWriter, InfluxdbWriter and Influxdb2Writer (CVE-2021-37698)

2.12.5-1
  - New upstream version 2.12.5
  - Security: PKI ticket salt exposed via API, potentially allowing privilege
    escalation for authenticated API users (CVE-2021-32739)
  - Security: Passwords used to access external services inadvertently exposed
    through API (CVE-2021-32743)

2.12.4-1
  - New upstream version 2.12.4

2.12.3-2
  - Update patches for builing with boost 1.74+ to those merged upstream

2.12.3-1
  - New upstream version 2.12.3
  - Security: Fix that revoked certificates due for renewal will automatically
    be renewed ignoring the CRL (CVE-2020-29663)

2.12.2-2
  - Fix build with boost 1.74

2.12.2-1
  - New upstream version 2.12.2

2.12.1-1
  - New upstream version 2.12.1

2.12.0-1
  - New upstream version 2.12.0

2.11.4-1
  - New upstream version 2.11.4

2.11.3-1
  - New upstream version 2.11.3

2.11.2-3
  - Other workaround for the bug in boost 1.72 now that boost 1.69 is gone from
    the Arch repos

2.11.2-2
  - Build against boost 1.69 as a workaround for a bug in boost 1.72

2.11.2-1
  - New upstream version 2.11.2

2.11.0-2
  - Manually specify boost paths to fix building with boost 1.71.0 and recent
    cmake versions

2.11.0-1
  - New upstream version 2.11.0

2.10.5-1
  - New upstream version 2.10.5

2.10.4-1
  - New upstream version 2.10.4

2.10.3-1
  - New upstream version 2.10.3

2.10.2-1
  - New upstream version 2.10.2

2.10.1-1
  - New upstream version 2.10.1

2.10.0-1
  - New upstream version 2.10.0
  - Some path constants changed in the config (should be backwards-compatible)
  - "namespace" and "using" are now reserved keywords in the config
  - Some configuration errors are now fatal
  - For details, see
    https://icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/#upgrading-to-v210

2.9.1-1
  - New upstream version 2.9.1

2.9.0-1
  - New upstream version 2.9.0
  - Icinga Studio was removed from upstream
  - The package is no longer a split package as most of the libs are now linked
    into the icinga2 binary

2.8.2-1
  - New upstream version 2.8.2, including security fixes for:
    - CVE-2017-16933: chmod on user-writable symlinks, allowing privilege
      escalation.
    - CVE-2018-6532: Denial of service by memory exhaustion if the API
      component is enabled.
    - CVE-2018-6533: Possible privilege escalation via init.conf.
    - CVE-2018-6534: Denial of service due to a NULL pointer dereference.
    - CVE-2018-6535: API lacks a constant-time password comparison.
    - CVE-2018-6536: (not affected when using systemd) The init.d script kills
      a PID supplied by the icinga user as root.
  - As the update removes /etc/icinga2/init.conf, you have to update
    /etc/default/icinga2 if you changed the user or group in init.conf.