2024R1.3.6 - 11/13/2025
=======================

### Security
- Fixed a sudo vulnerability where the `www-data` user could execute commands as the `root` user [GL:NLS#719] - JM
- Wrapped several user-provided command arguments in escapeshellarg() to prevent shell injection [GL:NLS#720] - JM

### Fixed
- Fixed an issue where password fields would be incorrectly hidden when editing an existing local user [GL:NLS#769] - JS
- Fixed duplicate error messages when entering an invalid key [GL:NLS#128] - JM
- Improved the alert creation error message regarding interval times [GL:NLS#129] - JM
- Added proper null handling to several variables to prevent PHP warnings [GL:NLS#768] - JS

2024R1.3.5 - 08/27/2025
==================

### Updated
- Updated the Juniper syslog documentation link [GL:NLS#628] - JM
- Updated the Home page charts to now all load asynchronously, to help with loading times [GL:NLS#163] - JS

### Fixed
- Hide the password field for AD/LDAP users [GL: NLS#481] - JM
- Fixed the Elasticsearch Data Directory not being saved on an upgrade [GL:NLS#642] - JM
- Fixed an issue where snapshot names were not being correctly loaded, preventing snapshots from restoring [GL:NLS#415] - JS
- Fixed an issue where the upgrade script would sometimes fail to detect that Elasticsearch is running [GL:NLS#696] - JS
- Fixed an issue where openjdk-8 would not install correctly on Debian 12 [GL:NLS#693] - JS


2024R1.3.4 - 06/18/2025
==================

### Updated
- Removed the cap on the query results for the Unique Hosts Data [GL:NLS#423] - JM
- Changed the "Select All" functionality on code blocks to a more modern "Copy to Clipboard" feature [GL:NLS#510] - JS
- Updated NXLog Documentation URLs [GL:NLS#564] - JM
- Changed the Elasticsearch service to a systemd service [GL:NLS$629] - JM
- Updated Linux setup script to handle systems that use systemd without rsyslog by default [GL:NLS#568] – JM

### Fixed
- Fixed issues with non-standard Apache ports [GL:NLS#21] - JM
- Fixed display of unique hosts in a cluster [GL:NLS#229] [GL:NLS#230] - JM
- Fixed a bug on API Reference where an Example API Call was covered by a horizontal scroll bar [GL:NLS#510] - JS
- Fixed SSL certificate handling for AD/LDAP integration [GL:#541] - JM

### Removed
- Deprecated support for Ubuntu 20 [GL:#624] - JS

2024R1.3.3 - 04/29/2025
==================

### Fixed
- Fixed a bug with the new job drift calculation causing jobs to run more often than intended [GL:NLS#540] - JS
- Fixed a bug where IPv6 addresses in the cluster_hosts file would cause Elasticsearch to fail to start [GL:#427] - JS

2024R1.3.2 - 04/03/2025
==================

### Security
- Fixed an issue where a non-admin user can shut down Elasticsearch via the API [GL:NLS#474] - JM
- Fixed an issue where a user can enumerate all the system users and retrieve their API tokens [GL:NLS#475] - JM
- Fixed a privilege ecalation issue where a user can edit their own email and put in an invalid address [GL:NLS#476] - JM

### Fixed
- Fixed an issue where the edit user screen doesn't always show the save/cancel buttons [GL: NLS#479] - JM
- Fixed an issue where alerts were causing warnings to be printed to the jobs log [GL:NLS#447, NLS#446, NLS#444] - JS
- Fixed an issue where background tasks would experience scheduling drift [GL:NLS#17] - SAW

### Updated
- Updated NCPA installation to NCPA 3 for all distros [GL:NLS#431] - JS
- Updated cURL instructions to download scripts from Nagios Log Server to account for self-signed SSL certificates [GL:NLS#422] - JS

2024R1.3.1 - 02/04/2025
==================

### Added
- Added "xi_api_create_passive_objects.php" script to allow sending Passive Objects to XI from NLS output configuration [GL:NLS#409] - JS

### Fixed
- Fixed an issue where reports were not being correctly attached to scheduled and on-demand emails [GL:NLS#404] - JS
- Fixed a chromium dependency preventing reports from generating normally [GL:NLS#404] - JS
- Fixed a security issue where Dashboard ID values were not checked before being sent to the API (Thanks to Institute of Information Engineering, CAS for reporting this) [GL:NLS#377] - JS
- Fixed a variety of PHP Warnings on many pages across the interface [GL:NLS#291]- JS
- Fixed an issue with the memory value calculation on the Instance Status page for both single and multi node clusters [GL:NLS#291]- JS
- Updated breadcrumb logic to omit Elasticsearch UIDs on the Edit User page [GL:NLS#347] - JS
- Fixed a layout issue where the datepicker column 2 was too wide on Custom Dashboard range selction [GL:NLS#374] - JS

2024R1.3 - 12/10/2024
==================

### Added
- Added support for Debian 12 [GL:NLS#151] - JS
- Added date filtering to Snapshots & Maintenance to help with page load times when lots of data exists [GL:NLS#257] - JS
- Added an EOL banner [GL:NLS#319] - GW

### Fixed
- Fixed an issue where Ubuntu 24 would sometimes display errors on upgrade [GL:NLS#346] - JS
- Fixed an issue where LDAP SSL/TLS certificates were not being properly stored [GL:NLS#142] - JS

2024R1.2 - 10/22/2024
==================

### Added
- Added Active Directory functions to LDAP integration for better functionality [GL:NLS#321] - JS
- Added tab key functionality to insert tabs while editing Logstash configuration text [GL:NLS#250] - JS
- Added email-based two factor authentication [GL:NLS#337] - JS

### Fixed
- Updated the method used to detect that Log Server is already installed so it doesn't trigger false positives [GL:NLS#235] - JS
- Updated link to the Nagios Log Server Support Forum displayed when Elasticsearch is not running [GL:NLS#136] - JS
- Updated pricing, renewal, and purchase links to for Nagios products [GL:NLS#126] - JS
- Fixed an issue that prevented changing timezone on Ubuntu 24 [GL:NLS#309] - JS
- Fixed a Chromium issue that prevented installation on Ubuntu 22 [GL:NLS#308] - JS

2024R1.1 - 07/16/2024
==================
- Added ability to trim audit log and alert history [GL:NLS#6] - CD, JS
- Added email macros for log data fields [GL:NLS#74] - JS
- Fixed an issue where when log data is a nested array, alert emails would not send correctly in HTML format [GL:NLS#74] - JS
- Added logging to various Admin, Alerting, and Configuration features [GL:NLS#68] - JS
- Added ability to hide default query buttons on dashboard page [GL:NLS#232] - JS
- Added ability to add/edit/delete custom query buttons based on existing NLS queries [GL:NLS#232] - JS
- Added Ubuntu 24 Support [GL:NLS#152] - JM
- Deprecated EL7 and Debian 10 [GL:NLS#252] - JS
- Added the ability to switch between AI models for the NLP query feature [GL:NLS#220] - SNS
- Fixed an issue where NCPA tokens could not be updated [GL:NLS#297] - JS
- Switched to using a Python venv for automated scripts [GL:NLS#303] - JM

2024R1.0.2 - 06/05/2024
==================
- Added configuration options to allow Elasticsearch to listen on all interfaces [GL:NLS#219] - JM
- Improved error feedback when failing to connect to NRDP over SSL [GL:NLS#156] - JS
- Improved home page performance [GL:NLS#163] - JS
- Updated NCPA's installation process to use a permanent link [GL:NLS#168] - LG
- Updated NRDP connection test to allow self-signed certificates [GL:NLS#156] - JS
- Fixed issue where Host Freshness Alert form wasn't always using the default host value [GL:NLS#170] - JS
- Fixed issue where deleting the last Filter or Input within Per-Instance Configuration did not work [GL:NLS#174] - JS
- Fixed issue with invalid license keys breaking initial install [GL:NLS#130] - JS
- Fixed %uniquehosts% macro for alert emails [GL:NLS#159] - JS
- Fixed importing users from LDAP when users were in nested Organization Units [GL:NLS#15] - JS
- Fixed report downloads when Nagios Log Server is configured with a self-signed certificate [GL:NLS#189] - CD,SAW
- Fixed an issue where a dashboard could crash when querying over too long a timeframe [GL:NLS#158] - JS
- Fixed inability to add to a cluster on Enterprise Linux 9 [GL:NLS#80] - LG
- Fixed easy button queries to be more specific and avoid false positives [GL:NLS#185,#184,#183,#182,#181,#179] - SNS
- Fixed several issues when parsing XI audit logs [GL:NLS#176,#177,178] - LG
- Fixed an issue in Admin->System Status and Admin->Monitoring Backend where status indicators would infinitely spin [GL:NLS#137] - LG
- Fixed an issue where shards do not re-allocate properly for clustered servers [GL:NLS#11] - JS
- Fixed a privilege escalation vulnerability in several backend scripts (Thanks Sarang Tumne for reporting this issue) - SAW
- Fixed an issue where Ubuntu 22 would fail to install the product [GL:XI#1073] - JM
- Fixed missing Save and Cancel buttons when editing administrator users [GL:NLS#242] - JS
- Fixed incorrectly installed Python dependencies on Enterprise Linux 7 [GL:NLS#256] - JS, LG
- Fixed reset_nagiosadmin_password.sh locking users out on some systems [GL:NLS#243] - DA
- Reverted the change to %url% handling for Alert emails [GL:NLS#231] - JS

2024R1.0.1 - 02/20/2024
==================
- Added hostnames to Host Freshness Report emails [GL:NLS #31] - JS
- Changed link in Host Freshness Report emails to point to the Unique Hosts page [GL:NLS #31] - JS
- Updated SourceGuardian [GL:NLS #149] - JM
- Changed per-page memory limit in php.ini to prevent crashes [GL: NLS #165] - JS
- Fixed error logging for php-fpm [GL: NLS # 141] - JS

2024R1 - 12/05/2023
==================
- Added a twice daily chart for total / top 5 log entry senders on home page [GL:NLS #110] - GW
- Fixed an issue when downloading reports on CentOS 9 [GL:NLS #88] - DA
- Fixed an issue where google redirects weren't working [GL:NLS #78] - SNS
- Fixed an issue where French broke the home page and global configurations [GL:NLS #2] - SNS
- Fixed an issue where timezone changes took too long and sometimes didn't go through [GL: NLS#38] - SNS
- Added a feature where the home page displays a two week chart [GL:NLS #91] - KV
- Added a feature where there are buttons to easily query common logs [GL:NLS#20] - SNS
- Added a feature where there query input field is hidden [GL:NLS#106] - SNS
- Added a feature where users can use natural language to make queries [GL:NLS#113] - SNS
- Added the ability to save a dashboard as a report [GL: NLS#92] - DA
- Moved the unique hosts report to the admin page [GL: NLS#89] - DA
- Updated login page presentation [GL: NLS#107] - JS
- Added navigation breadcrumbs [GL:NLS#91] - SNS
- Added 12 new default reports [GL:NLS#108] - SNS
- Fixed an issue where NCPA plugins were not python3 compatible [GL: NLS #71] - SNS
- Fixed an issue where objects were being displayed incorrectly [GL: NLS#95] - SNS
- Fixed and issue when uploading to Custom Includes, the CSS tab would open after uploading [GL: NLS #57] - AC
- Fixed an XSS vulnerability when creating a new user [GL: NLS #42] - AC
- Fixed an issue where unclear directions were given to users during installation setup [GL: NLS 81] - AC
- Fixed an issue where users were unable to extend their trial if they activated a free license [GL: NLS 7] - AC
- Fixed an issue where host freshness alerts were displaying an inaccurate lookback time [GL: NLS 32] - AC
- Fixed an issue where old flash messages were not being properly cleared [GL: NLS 86] - AC
- Fixed an issue where creating an alert wouldn't necessarily use your current query [GL:NLS#30] - BB
- Fixed an issue where logstash init scripts would mis-recognize process IDs [GL:NLS#73] -CD
- Fixed "Update Check" typo [GL: NLS#83] - CD
- Removed "World conference" text [GL: NLS#76] - CD
- Fixed link to regex page [GL: NLS#72] - CD
- Include latest version of NXLog CE [GL: NLS#70] - CD
- Changed location of backup.log [GL: NLS#5] - CD
- Install vim on Ubuntu machines [GL: NLS#62] - CD
- Fixed "incoming logs" typo [GL: NLS#9] - CD
- Updated linux-setup.sh script to replace use of 'which' with 'command' [GL: #120] - DC
- Deprecate Ubuntu 18 - DA

2.1.15 - 4/13/2023
==================
- Fixed issue where you couldn't change timezone via GUI in admin/globals on some distros [GL:NLS #46] -PhW
- Fixed issue with switching user locale on some CentOS 8/9 installations [GL:NLS #61] -SAW
- Fixed issue where SNMP alerts would fail for Ubuntu systems [GL:NLS #48] -SAW
- Fixed issue with installation on RHEL 7 -SAW
- Fixed mangled text when logging user queries in Audit Log [GL:NLS #47] -SAW
- Fixed several issues with Ubuntu 22 support [GL:NLS #44, #45, #50, #51, #52, #53, #54, #55, #58, #59] -SAW
- Updated "Elasticsearch Offline" error to include systemctl-based instructions where applicable [GL: NLS #49] -SAW

2.1.14 - 3/22/2023
==================
- Added support for Debian 11, Ubuntu 22, and CentOS Stream 9 [GL:NLS #34, #35, #36] -SAW, DA
- Added more information to System Profile -SAW
- Updated bundled NCPA to 2.4.1 -SAW
- Deprecated Debian 9, Ubuntu 16 due to end of life -SAW
- Fixed an issue where some hosts were missing from the "Not Sending" table of the Host Freshness report -SS
- Fixed XSS vulnerability in snapshots page (Thanks to Ariane Blow for reporting) [GL:NLS #3] -DA

2.1.13 - 5/10/2022
=================
- Updated NXLog .msi file to version 3.0.2272 -SAW
- Add reload4j as drop-in log4j replacement -SAW
- Fix issue with elasticsearch configuration being replaced on upgrade -SAW
- Fixed exporting dashboards to CSV when using nested fields -SAW

2.1.12 - 2/16/2022
==================
- Removed additional log4j library -SAW
- Fixed version update issue in 2.1.11 -SAW
- Updated jQuery to version 3.6.0 (jQuery 1.12.x is retained on the backend for PDF rendering) -SAW
- Updated NCPA to version 2.3.1 -SAW

2.1.11 - 2/10/2022
===================
- Removed log4j as a dependency from logstash and elasticsearch -SAW

2.1.10 - 12/07/2021
===================
- Fixed several XSS (Thanks SecEnt Security Team) (details forthcoming) -SAW

2.1.9 - 07/20/2021
==================
- Alert ownership no longer changes automatically when edited by an administrator [TPS#15264] -SAW
- Changed default real-time alert creation behavior
    - when using "in" or "not in" operators, the create/update logic will assume a string on the left criterion and a field/property on the right unless specified -SAW
- Fixed issue with Python 2 compatibility -JO,DC
- Fixed several XSS in Admin > Audit Log (thanks Liew Hock Lai and NCC Group) (CVE-2021-35478, CVE-2021-35479) -SAW
- Fixed XSS in Configure > Config Snapshots (CVE-2020-25385) -SAW

2.1.8 - 03/09/2021
==================
- Added support for Debian 10 and Ubuntu 20
- Fixed XSS in Admin > Mail Settings and Configure > Snapshots (CVE-2020-25385) -SAW
- Fixed API to allow queries from existing Nagios Fusion dashlets -SAW
- Fixed issues with ipv6 recognition in Instance Status and related pages [TPS#15357] -SAW
- Fixed spurious "Alert named {x} already exists" error messages [TPS#15481] -SAW
- Fixed dns_reverse_lookup returning a blank string instead of IP or message when reverse dns disabled -JO

2.1.7 - 07/28/2020
==================
- Added separate permission level for Alert Contact visibility/editing [TPS#14984] -SAW
- Fixed issues when using FreeIPA containers with LDAP integration [TPS#15236] -SS
- Fixed host freshness alerts reporting incorrect number of non-sending hosts [TPS#15086] -SAW
- Fixed "Exported CSV Timezone" global setting always displaying "Cluster Timezone" [TPS#15094] -SAW
- Fixed incorrect timestamps showing for AD/LDAP certificate expiration [TPS#15105] -SAW
- Fixed XSS in Notification Methods -> Email Users menu (thanks Jinson Varghese Behanan and Astra Security) (CVE-2020-16157) [TPS#15232] -SAW
- Fixed incorrect handling of "Disable Reverse DNS" global option -SAW
- Fixed setup-linux.sh for Ubuntu 20 [TPS#15188] -SAW,CD
- Fixed performance issue with alerting for installations with many open indices [TPS#15234] -SAW

2.1.6 - 04/23/2020
==================
- Updated Sourceguardian to work with PHP 7.4 -JO
- Added a global option to use the cluster's timezone for the "Export as CSV" button [TPS#15035] -SAW
- Added alert admins without the Configuration permission will receive a notice when deleting real-time alerts [TPS#14980]-SAW
- Fixed "Save User" button missing from "Edit User" page -SAW
- Fixed XSS in "Create User", "Edit User", and "Manage Host Lists" -SAW
- Fixed "Export as CSV" dashboard button no longer displays restricted hosts [TPS#14983] -SAW
- Fixed installation issue with SUSE Extended Support for RHEL systems (Thanks Derek) -JO

2.1.5 - 03/24/2020
==================
- Add a setting to disable DNS reverse lookups -SAW
- Fixed issues when using the 'dns' Logstash filter with Host Visibility restrictions [TPS#14903] -SAW
- Fixed LDAP/AD integration CA certificate upload to allow both root and intermediate on same subject -JO
- Fixed issues with alerting via SNMP Trap when using AuthPriv or AuthNoPriv [TPS#14965] -SAW
- Fixed issue with Disk Usage - Current Index graph when system time was UTC+XX [TPS#14993] -SAW

2.1.4 - 01/28/2020
==================
- Added %lastalertlog% and related e-mail template macros for real-time alerts [TPS#14799] -SAW
- Added a selector to Alert History allowing newly-deleted alerts to be used as a filter [TPS#14795] -SAW
- Updated Japanese translations (thanks Chitose Sasaki) -JO
- Remove broken 'xor' and 'nand' keywords from real-time alert configuration -SAW
- Fixed Logstash plugin upgrades causing install/upgrade scripts to fail and need to be restarted -JO
- Fixed issue with missing CSS classes on some items in the interface [TPS#14762,14769] -SAW,JO
- Fixed alert count in main homepage/dashboard to only show active alerts [TPS#14770] -JO
- Fixed Unique Hosts count in the main homepage/dashboard to use the same query used in the Unique Hosts Report [TPS#14767] -JO
- Fixed boolean logic operators in realtime alerting being improperly translated [TPS#14768] -JO
- Fixed real-time creation and editing for users that could not modify Logstash configuration [TPS#14808] -SAW
- Fixed removal of other notification recipients when non-admins edit alert settings [TPS#14783] -SAW
- Fixed 'Show Query' and 'Show Results' buttons appearing in Alert History for Real-Time and Host Freshness Alerts [TPS#14797] -SAW
- Fixed missing Email Templates 'Remove' button when user has all alerting permissions enabled [TPS#14794] -SAW
- Fixed incorrect real-time alerting criteria when multiple alerts were edited/canceled [TPS#14784] -SAW
- Fixed broken 'Download as CSV' button in Alert History [TPS#14796] -SAW
- Fixed open redirect vulnerability in the redirect parameter on the login page -JO
- Fixed XSS vulnerabilities in dashboard query page, full user name in profile, admin user edit page, and admin audit log page
  (CVE-2020-6584, CVE-2020-6585, CVE-2020-6586) (thanks Mohit Rawat) -JO, SAW
- Fixed display of real-time alert names in dashboard fields [TPS#14798] -SAW
- Fixed duplicated e-mails when editing scheduled reports in clustered environment [TPS#14851] -SAW
- Fixed comma escaping when exporting a CSV from a dashboard -SAW
- Fixed non-admin users able to edit/delete other users' scheduled reports -SAW
- Fixed issue with 'Toggle All' button in User Permissions [TPS#14877] -SAW
- Fixed issue with selecting multiple host lists in User Permissions [TPS#14879] -SAW

2.1.3 - 12/12/2019
==================
- Updated Japanese translations (thanks Chitose Sasaki) -JO
- Updated Home Page "Total Disk Usage" graph to use Elasticsearch's disk drives [TPS#14708] -SAW
- Fixed real-time alerts so that deactivated alerts don't ask to Apply Configuration when deleted [TPS#14687] -SAW
- Fixed Unique Hosts CSV report to include Log Count for active hosts [TPS#14688] -SAW
- Fixed issues with file extensions when downloading/e-mailing reports [TPS#14685,14686] -SAW
- Fixed issue with LDAP/AD certificate management when binary data is in the certificate [TPS#14690] -JO
- Fixed issue with restoring multiple indices from a snapshot [TPS#14748] -SAW
- Fixed LDAP/AD imported users not able to log in after import due to missing username value in DB [TPS#14726] -JO
- Fixed issue with Logstash system status on Ubuntu 18 systems sometimes showing not running [TPS#14729] -JO

2.1.2 - 11/12/2019
==================
- Updated SourceGuardian loaders to now support PHP versions up to 7.3 -JO
- Updated Japanese translations (thanks Chitose Sasaki) -JO
- Updated jQuery to patched jQuery 1.12.4 for CVE-2019-11358 -JO
- Fixed Javascript alert text not being translated -JO
- Fixed Real-Time Alerts, host freshness alerts broken on re-activation [TPS#14559,14574] -SAW
- Fixed garbled text when using international characters in downloaded/e-mailed reports [TPS#14502] -SAW
- Fixed login screen to treat usernames as case-insensitive [TPS#14569] -SAW
- Fixed false positives for 'An alert named <x> already exists' -SAW
- Fixed error messages showing after alert creation is canceled -SAW
- Fixed "Disk Usage -- Current Index" graph when run_index_usage is scheduled at a greater frequency -SAW
- Fixed users able to see restricted data in alert history [TPS#14595] -SAW

2.1.1 - 10/03/2019
==================
- Updated Japanese translations (thanks Chitose Sasaki) -JO
- Fixed error message on login failure to be non-descriptive to not giveaway valid usernames -SW
- Fixed missing form validation for real-time alert names -SAW
- Fixed shebang in restore_backup.sh to work on Debian systems -SW
- Fixed modifying global config after configuring real-time alerts [TPS#14491] -SAW
- Fixed 'Show Alert in Dashboard' button [TPS#14487] -SAW
- Fixed missing 'run_index_usage' subsystem job after upgrades [TPS#14489] -SAW
- Fixed Host Freshness delete button requiring applied configuration [TPS#14522] -SAW
- Fixed system language being preferred over user language in downloaded/e-mailed reports [TPS#14501] -SAW
- Fixed reports scheduled at noon/midnight incorrectly populating edit form [TPS#14503] -SAW
- Fixed "Only alert when Warning or Critical threshold is met" checkbox for host freshness alerts [TPS#14530] -SAW
- Fixed missing multitenancy settings when viewing query results in Alert History [TPS#14548] -SAW
- Fixed issues with Logstash section of API Reference -SAW

2.1.0 - 09/17/2019
==================
- Added a filter for the Nagios XI Audit Log to the default configuration [TPS#13942] -SAW
- Added a status indicator in the Index Status/Cluster status pages for elasticsearch indices that are still re-opening [TPS#5796] -SAW
- Added an e-mail template macro, %count%, which gives the number of matching entries in the query that generates the alert [TPS#7361] -SAW
- Added a way to include custom CSS/javascript/images (from the Admin menu) [TPS#14332] -SAW
- Added the ability to rerun queries from the Audit Log if all queries are being logged [TPS#13128] -SAW
- Added minor interface enhancements [TPS#13504] -CD, SAW
- Added the ability to alert based on logstash conditionals (real-time alerting) [TPS#13994] -SAW
- Added the ability to alert based on previously-configured hosts which are no longer sending logs (host freshness alerting) [TPS#4951] -SAW
- Added restriction to backend API calls to not allow accessing nagioslogserver/nagioslogserver_log index directly -JO
- Added host-based restriction to backend API/dashboards/query-based alerts for multitenancy [TPS#9322] -SAW
- Added report exporting/scheduling [TPS#4303] -SAW
- Added certificate management for AD/LDAP [TPS#6773] -SAW
- Added usernames to backend audit logging [TPS#9107] -SAW
- Added Nagios Cross-Platform Agent (NCPA) by default for Nagios XI integration [TPS#13939] - SAW
- Updated Snapshots & Maintenance Page, adding greater control over which elasticsearch indices are restored [TPS#7230] -SAW
- Updated home page graphics [TPS#4312, 5545, 7442] -SAW
- Updated Audit Log to write to /usr/local/nagioslogserver/var in addition to the existing database [TPS#14022] - SAW
- Fixed issue where multiline logs would be compressed to a single line in e-mail alerts [TPS#14241] -SAW
- Fixed issue where plain-text e-mails would still include HTML tags [TPS#14240] -SAW
- Fixed issue where the System Default alert template wouldn't always use the system language [TPS#13488] -SAW
- Fixed language translations not working properly on Debian and Ubuntu systems -JO
- Fixed check for updates not working properly on Ubuntu 18 systems due to PHP version -JO
- Fixed wording for encryption STARTTLS in LDAP/AD Integration -JO
- Fixed dashboard CSV export for nested data structures (like geoip) -SAW
- Fixed curator not found on Ubuntu 18 [TPS#14371] -SW
- Fixed LDAP multiple naming contexts if context has no dc= in the name [TPS#12435] -JO

2.0.8 - 05/09/2019
==================
- Added messages in e-mail templates for %lastalertlog%, %last10alertlogs%, and %uniquehosts% when no log lines match the alerting query -SAW
- Fixed Reflected XSS on Login page (CVE-2019-15898) (credit Luca Ottoni and Lucas Carmo) [TPS#14072] -SW
- Fixed session ID not reinitializing when logging in -JO
- Fixed debian init file to export ES_HEAP_SIZE to automatically calculate memory [TPS#14099] -SW
- Fixed issue with updating tcp logstash plugin before logstash update -JO

2.0.7 - 02/07/2019
==================
- Fixed issue with newer Debian 9 os-release not passing as a valid OS for install -JO
- Fixed issue with Ubuntu 16.04 rsyslog bug with setup-linux.sh script -JO,AC

2.0.6 - 11/01/2018
==================
- Added missing info to system profile script -CD,JO
- Added page refresh every 30 seconds to Alerts page [TPS#9078] -SW
- Added upgrade.log to be generated during upgrades [TPS#8676] -SW
- Fixed an issue where Auto-Created Snapshots would delete the newest snapshot when full [TPS#13572] - SAW
- Fixed an issue where predefined alert queries would occasionally show as custom queries [TPS#13570] - SAW
- Fixed issue with STARTTLS mail option not setting the proper option -JO
- Fixed issue with bettermap not loading properly -SW
- Fixed fullinstall script to have an option to set NTP server using -t | --ntp-server arg [TPS#9444] -SW
- Fixed issue with base64 decoding of email templates on certain systems with PHP 7+ -JO
- Explicitly set umask to 0022 in fullinstall and upgrade scripts [TPS#9466] -SW

2.0.5 - 08/30/2018
==================
- Fixed issues with languages in Dashboard section not properly translating [TPS#13420] -JO
- Fixed check update section not translating properly [TPS#13512] -JO
- Fixed various XSS vulnerabilities [TPS#13388,13390] -JO

2.0.4 - 06/26/2018
==================
- Fixed issue with system profiles not being able to be created -JO
- Fixed unstick jobs max deviation setting to not have a max since some jobs happen over 12 hours apart -JO

2.0.3 - 06/12/2018
==================
- Fixed issue where deactivated pinned queries cannot be re-activated or accessed in any way [TPS#13059] -SW
- Fixed various CSRF and XSS vulnerabilities [TPS#13049, TPS#13050] -SW
- Fixed RCE vulnerability [TPS#13052] -TM
- Fixed XSS vulnerability [TPS#13195] -JO
- Fixed missing Dashboard labels in Panel tab of Table settings (missing a new CSS class) [TPS#13287] -JO
- Fixed host search when clicking a host in the Unique Hosts report not using quotes in query [TPS#12969] -JO
- Fixed export to CSV not automatically uppercasing AND and OR in query string [TPS#13245] -JO
- Fixed default Windows input charset for encoding to UTF-8 (handled by nxlog in new version we link to) [TPS#13037] -JO

2.0.2 - 12/19/2017
==================
- Fixed issue in dashboards where panels couldn't always be created due to javascript errors [TPS#12859] -JO
- Fixed issues with some icons in the dashboards not showing up properly -JO

2.0.1 - 12/14/2017
==================
- Fixed system status to use hostname instead of IP address -JO
- Fixed issue with add repository popup closing but not submitting when hitting enter [TPS#12726] -CN
- Fixed issue with table pagination data not updating when submitting the form [TPS#12732] -CN
- Fixed login issues with special characters on new installs [TPS#12810] -JO
- Fixed editing alerts causing alert to become a custom alert -JO
- Fixed alert urls in emails for alerts without dashboard queries [TPS#12798] -JO
- Fixed writing LS configuration while ES is starting (will wait 5 minutes) -JO
- Fixed python pip issues on CentOS 6 -JO
- Fixed issue where setup-linux script did not create rsyslog config files properly [TPS#12711] -CN

2.0.0 - 11/14/2017
==================
- Added Czech as a selectable language (localized translation pending) -SW, JO
- Added alert history tracking and page -JO
- Added ability to give users specific permissions (such as viewing/editing alerts and configuration) -JO
- Added reset command subsystem commands in the upgrade script -JO
- Added ability to add q=<id> or a=<id> to the logserver.js dashboard for clicking through alerts and queries [TPS#10622] -JO
- Added more LDAP user account types for importing from different LDAP setups -JO
- Added activation for licenses -JO
- Added automatic activation for licenses with client ID (or token value) from the GUI -JO
- Added maintenance check and maintenance information including renewal link in "License Information" page -JO
- Added internal proxy settings for maintenance, activation, and upgrade checks [TPS#5095] -JO
- Added loading into the dashboards until one of the panels starts loading to indicate an action is happening -JO
- Added initial close time of 30 days to backup and maintenance section on clean installs [TPS#10748] -JO
- Added option for text only emails instead of HTML [TPS#12230] -JO
- Added functionality to the job subsystem that checks for stuck jobs and will reset them [TPS#7176] -JO
- Added last modified time to the snapshots and maintenance section of Admin area [TPS#10802] -JO
- Added a run button to the actions available for command subsystem jobs to manually run a command now easily -JO
- Added the ability to export the table data as a CSV with matching table headers to columns in CSV [TPS#4176] -JO
- Added report for unique hosts -JO
- Updated encrypted files to support PHP 7 and 7.1 -JO
- Updated style to the Nagios standard Modern theme -JO
- Updated Elasticsearch to version 1.7.6 -JO
- Updated Logstash to version 2.4.1 (with all plugins included) -JO
- Updated to elasticsearch-knapsack 1.7.3.0 -JO
- Updated CodeIgniter to 3.1.x -JO
- Updated wording for User permissions in the create user page [TPS#10187] -JO
- Updated license pages and trial expiration pages to a better format and to say the correct values based on the situation -JO
- Updated install to check for nagios users's home directory [TPS#10438] -JO
- Updated alerts page when using a custom query to not send to the wrong dashboard, instead it sends to a raw query result page [TPS#9256] -JO
- Updated Backup & Maintenance admin page to show amount of snapshots -JO
- Updated Backup & Maintenance admin page repository creation to use a modal and repository table to show repo size -JO
- Updated "Backup & Maintenance" page to be called "Snapshots & Maintenance" to better distinguish the different types of backups -JO
- Updated alerts to no longer have Nagios Reactor outputs (people with Reactor outputs will still see their outputs) -JO
- Updated index and cluster index lists to not allow closing the current day's index, only deletion [TPS#9105] -JO
- Fixed issue when importing AD/LDAP users who were unchecked would still verify against username/email [TPS#10233] -JO
- Fixed issue with usernames with "-" character in them not working [TPS#10229] -JO
- Fixed issue where install would exit if ntpdate could not get time [TPS#10301] -JO
- Fixed rsyslog script to use Disk-Assisted Queues if connections cannot be made to Log Server -SW
- Fixed ip address resolution in install/upgrade scripts [TPS#10761] -JO
- Fixed dashboard style selection drop-down showing up even though there are not multiple supported themes yet -JO
- Fixed using GET requests against backend API to do searches with JSON body [TPS#10559] -JO
- Fixed ability to make redirect variable work with any url on login page -JO
- Fixed user permissions on alert notification management pages -JO
- Fixed various CSRF and XSS vulnerabilities -JO
- Fixed alert not sending formatted %time% output in alerting methods [TPS#11842] -JO
- Fixed issue with AD/LDAP importing folders with commas in the name [TPS#11393] -JO
- Fixed session user_id not being verified as existing in DB (deleted user stays logged in) [TPS#11342] -JO
- Fixed some of the high memory usage issues on the admin page (may still need to update PHP max memory on larger systems) -JO

1.4.4 - 11/15/2016
==================
- Fixed curator script not accepting argument at the end of the command [TPS#10109] -JO
- Fixed install page not installing with no error if key has a space at the end [TPS#10068] -JO
- Fixed script alert handler to properly escape the return output and timestamp value so they don't cut off values -JO

1.4.3 - 11/03/2016
==================
- Updated Portuguese translation file -JO
- Updated Japanese translation file -JO
- Updated profile component to add a few more informative checks for support [TPS#9900] -JO
- Fixed issue with forgot password and reset not working -JO
- Fixed admin editing users requiring confirm password field filled out [TPS#8615] -JO
- Fixed issue where instance status showing instances as offline ES/LS when cluster had > 9 nodes [TPS#9207] -JO
- Fixed alert create/edit popup not validating check interval and look-back period [TPS#8890] -JO
- Fixed Japanese language encoding issues on email subject line [TPS#8599] -JO
- Fixed issue in Kibana where histogram wouldn't resize correctly on editing [TPS#8906] -JO
- Fixed issue where modal popups would cut off on smaller screens [TPS#8687] -JO
- Fixed issue with nodes not showing up in config sidebar when there are > 9 nodes -JO
- Fixed create alert button showing for regular users [TPS#9726] -JO
- Fixed issue where curator snapshots (--ignore_unavailable) trying to run on closed indexs or indexes with missing shards [TPS#9504] -JO
- Fixed issue where uploaded dashboard would overwrite current dashboard if saved (must save as before saving) [TPS#9196] -JO
- Fixed issue with not restarting rsyslog when changing timezone setting [TPS#9283] -JO
- Fixed issue with alerting sections only seeing a set number of results on a page [TPS#9641] -JO
- Fixed issue where cmdsubsys commands would sometimes be stuck in "running" states when restoring NLS backups [TPS#8318] -JO
- Fixed backup script not dying when hitting timeout [TPS#9330] -JO
- Fixed timezone being set properly on initial full install -JO

1.4.2 - 07/22/2016
==================
- Fixed German and French language options causing javascript errors in Dashboards tab [TPS#8943] -JO
- Fixed issue where using non-default port to connect would cause Dashboards to not load properly [TPS#8861] -JO
- Fixed audit log 'created_by' field being populated with user ID instead of username [TSP#8609] -JO
- Fixed AD/LDAP import to allow parenthesis [TPS#8920] -SS, JO
- Fixed XSS vulnerability in logs that are viewed through the table in Dashboards section [TPS#8694] -JO
- Fixed various security vulnerabilities -JO
- Fixed issue with bettermap no longer working [TPS#8694] -JO

1.4.1 - 05/05/2016
=====================
- Fixed numerous URLs to use https is Log Server is accessed using SSL -SW
- Fixed double slash in Alert URL when using Interface URL -SW
- Fixed missing sudo at beginning of commands in source setup examples -SW
- Fixed inconsistent verbiage in several source setup files -SW
- Fixed potential problem where proxy server environment variables could cause elasticsearch on localhost to not be reached -SW
- Fixed missing audit logs for failed login attempts using AD/LDAP -SW
- Fixed emails going to exchange with crlf of \n instead of \r\n -JO
- Fixed Alert Method on Alerts Screen not showing username if there were more than 20 users defined [TPS#8037] -JO
- Fixed cmdsubsys jobs using end time instead of start time when calculation next job run time [TPS#7642] -JO
- Fixed missing text value for password field error [TPS#7803] -JO
- Fixed having to manually apply config after a restore to restore old configuration [TPS#7766] -JO
- Fixed misc PHP notice errors -JO
- Fixed password length (5+ chars required) and password change error text [TPS#8305] -JO
- Fixed issue where backup snapshots would not be deleted from repository [TPS#8170] -JO

1.4.0 - 12/21/2015
=====================
- Removed the index.php from URL (although old urls including index.php will still work) -JO
- Updated sourceguardian loaders supporting up to php 5.6 -SW
- Updated elasticsearch curator to 3.4.0 -JO
- Added Log Source Setup instructions for syslog-ng -SW
- Added restore single or multiple indices from snapshots -JO
- Added email templates for alerts -JO
- Added special macros for email alert templates -JO
- Added fullscreen capabilities to the dashboard by clicking "Fullscreen" next to dashboard title -JO
- Added email options to set name of sender and name/email for reply-to field -JO
- Added interface URL in global settings for URL link in alerts -JO
- Fixed nxlog sample config to properly send nxlog.log -SW, JO
- Fixed alert run end time slight offset on slow systems -JO, SW
- Fixed apply configuration to display an error if configuration could not be successfully verified and was not applied -SW
- Fixed manage queries not always refreshing by preventing caching get_queries api calls [TPS#7000] -SW
- Fixed host count on dashboard to no longer count localhost as multiple hosts -JO
- Fixed php date not being set on install for centos 7 nodes -JO

1.3.0 - 10/08/2015
=====================
- Added ability to re-order table view -SW
- Added "Inspect" icon when using quick search -SW
- Change Audit Log to report Alert Name instead of ID -SW
- Fixed some missing translations -SW
- Fixed problem where index didn't exist before adding it to a query -SW
- Fixed bug where maintenance jobs were not run sequentially possible causing indexes to be deleted or closed before being backup -SW
- Fixed bug where IE was not redirecting window.location properly -SW
- Fixed bug where backup and maintenance process would not always complete all steps by re-ordering steps -SW
- Fixed bug causing incorrect index to be selected for alerts, specifically a problem when server timezone is offset from UTC -SW
- Fixed issue where logrotate had windows line endings and giving errors -JO


2015R2.2 - 08/19/2015
=====================
- Remove disabling of bloom filters from maintenance settings as they are no longer used in elasticsearch > 1.4 -SW
- Fixed bug causing URL's in alert emails to have incorrect dates -SW
- Fixed the stats panel description to display properly -SW
- Fixed TopN help, which wasn't displaying properly -SW
- Fixed bug causing logstash config to target wrong cluster when adding instances until manual apply config happened -SW
- Fixed per instance configuration verification, was defaulting to only verify global configurations -SW
- Fixed per instance views of configuration files, was defaulting to only show global configurations -SW
- Fixed additional bug in curator and elasticsearch 1.6.0 causing log backups to not be created -SW
- Fixed bug causing space being added after each colon when trying to export a query -SW
- Fixed many language strings remaining English even when different language was selected -SW
- Fixed "typed" Reports showing blank -SW

2015R2.1 - 07/21/2015
=====================
- Updated alert listing to display 100k alerts -JO
- Updated link in alert emails to display the EXACT period the alert was for instead of a time relative to now -SW
- Added the ability to add columns and sort order from within table view -SW
- Added filter icon on fields list to help show that clicking the field name has an action -SW
- Fixed bug while importing LDAP/AD users that would not assign them the admin level -JO
- Fixed bug that would not allow deleting an added LDAP/AD server -JO
- Fixed bug causing Linux Setup commands to not show -SW
- Fixed Admin Reports page showing blank -SW
- Fixed bug in curator and elasticsearch 1.6.0 causing log backups to not be created -SW


2015R2.0b - 07/16/2015
=====================
Fix bug causing AD user import to not populate the AD username field -JO
Fix bug causing AD import to not populate the name field -JO

2015R2.0 - 07/15/2015
=====================
- Upgraded to Elasticsearch 1.6.0 -SW
- Upgraded to Logstash 1.5.1 -SW
- Upgraded to elasticsearch-knapsack-1.5.2.0 -SW
- Upgraded NXLog CE version to nxlog-ce-2.9.1347 -SW
- Added translations for multiple different languages -JO
- Added LDAP/AD integration and user importing like other Nagios products -JO
- Added advanced editing for alerts - allowing users to edit queries directly via the ES json object that gets passed -JO
- Added ability to setup-linux.sh script to add multiple files at once. e.g. -f "/path/to/file /path/to/another/file/*.log" -SW
- Added configuration snapshot tarballs to the system backup and restore -SW
- Added check-boxes to cluster status to allow open/close/delete functions on multiple indices (can also shift-select) -JO
- Added system profile button to 'System Status' page in admin panel  to create a tar like in XI with system information for support -JO
- Update queries icon in dashboard to magnifying glass from ? to avoid confusion with a "help" icon -SW
- Updated default timestamp for nav-bar search to use localtime -SW
- Fixed backup rotation to properly remove old backup files -SW
- Fixed bug causing system backups to get stuck due to knapsack states. -SW
- Fixed bug causing WARNING alerts to show as OK -SW
- Fixed bug in curator that would cause it to fail in certain circumstances -JO

2015R1.4 - 04/09/2015
=====================
- Update licensing page for easy transition to Free version once trial expires -SW
- Fixed bug so edits to users no longer requires entering a new password -SW
- Fixed bug where URL was incorrect on alerts if cluster_hostname was defined -SW
- Fixed bug in dashboard loading queries from the alert email link or show dashboard link -JO
- Fixed bug when adding an instance to give proper permissions to new instance's first written config files -JO
- Fixed bug causing save button to not populate correctly when importing a dashboard -SW
- Fixed bug causing alert threshold ranges to not work correctly and always return OK -SW
- Fixed bug in configuration where removing the first input/filter/output would make them not apply to the file -JO

2015R1.3 - 02/12/2014
=====================
- Added support for SSL/TLS/STARTTLS security encryption in SMTP Mail Settings -LG
- Added curator.sh script to fix curator path issues on some systems -SW
- Added net-tools install to make sure netstat is installed so Logstash verifications work properly -JO
- Added ability to test Email Settings -SW
- Added Subsystem Commands section in Admin panel for managing subsystem jobs -JO
- Change to use transport protocol from logstash to elasticsearch as http has known bugs leaking file descriptors -SW
- Change querying to make queries with and / or to work with lowercase and and or the same way uppercase joins work -SW
- Fixed issue where opening config section wouldn't be set to the full text size -JO
- Fixed result sizes to be much larger for most internal elasticsearch queries -JO
- Fixed every-other redirect to snapshots page on "Save & Apply" button click -JO
- Fixed issue where global commands weren't given the proper ID and instead have a randomly generated ID -JO
- Fixed no default values for close/delete index time settings in backup and maintenance -JO
- Fixed bug causing you to not be able to enter 0 on backup and Maintenance page -SW
- Fixed bug causing alert threshold set to 0 to not function properly -SW
- Fixed bug in broad search where events Over Time legend would not update after changing query -SW

2015R1.2b - 12/15/2014
=====================
- Fixed firewall issue on RHEL/CentOS 7 install -JO
- Fixed opening config options modal in dashboard scrolling the page to the top -JO

2015R1.2 - 12/11/2014
=====================
- Added support for RHEL/CentOS 7 installs -JO
- Added ability to change timezone from inside the web GUI -JO
- Fixed delete icons on backup page to not be the same as the refresh symbol -JO
- Fixed the "FREE" license key to be able to be set correctly -JO
- Fixed hostname/servicename for NRDP alerts not showing up when editing the alert -JO
- Fixed user management page to only display the first 10 users -JO
- Fixed issue where right-clicking Dashboard link wouldn't open drop-down menu -JO
- Fixed bug where Dashboard panels do not conform to set sizes if labels are overly large -JO

2015R1.1 - 11/18/2014
=====================
- Added auto-focus on username field on login page -JO
- Removed style selection in dashboard editor since it's no longer available (dark theme doesn't work, possibly more themes later) -JO
- Fixed bug with restoring snapshot if index was deleted -SW
- Fixed RHEL license check on install -JO
- Fixed sending alerts only on warning/critical (the check-box wasn't working properly) -JO
- Fixed saving configurations of instance nodes not changing global config -JO
- Fixed saving configurations output filter being set to active/inactive properly -JO
- Fixed alerts created in Dashboard not showing "Created By" field -JO
- Fixed output message for weird config verification issues -JO
- Fixed CentOS 5 installation -JO

2015R1.0 - 10/14/2014
=====================
Initial Release
