2024R1.0.1 - 01/10/2024
=======================
- Fixed issues with dashlets being cutoff [GL:FSN#14] - AC
- Fixed use of deprecated PHP functions in AD/LDAP integration [GL:FSN#63] - SAW
- Fixed the Available Dashlets dashboard breaking if dashlets are added too quickly [GL:FSN#67] - AC
- Fixed the ability to use numeric values as the server name [GL:FSN#69] - AC
- Fixed rendering multiple NNA bandwith dashlets on the dashboard [GL:FSN#70] - AC

2024R1 - 11/29/2023
==================
- Added dark theme and theme switching [GL:FSN#37], [GL:FSN#51] - AC
- Added Nagios Network Analyzer integration and dashlets [GL:FSN#64] - AC
- Updated the navbar to align with the XI design standards for a more modern look and improved user experience [GL:FSN#54] -SG
- Updated the login page to align with the XI design standards for a more modern look and improved user experience [GL:FSN#57] - AC

4.2.0 - 10/18/2023
==================
- Added support for CentOS/RHEL 9, Ubuntu 22, and Debian 11 [GL:FSN#29], [GL:FSN#30], [GL:FSN#31] - AC
- Added support for PHP 8 - AC
- Added a home screen notification that shows the number of failed login attempts [GL:FSN#3] - AC
- Updated jQuery to 3.6.0 [GL:FSN#41] - AC
- Fixed an issue where users were unable to Auto-Login to XI [GL:FSN#20] - AC
- Fixed an issue where a whitescreen would occur if license activation failed - AC
- Fixed an issue where Authentication Type gets stuck as Session Authentication and has to be manually reset [GL:FSN#1] - AC
- Fixed an issue where the log files were not being rotated properly [GL:FSN#35] - AC
- Fixed an issue where the Home page would be blank when set as a dashboard - AC
- Fixed an issue where the last successful and failed login times would not update [GL:FSN#3] - AC
- Fixed an issue where the Service Status dashlet would perpetually load - AC
- Fixed an issue where no ip was returned when upgrading on CentOS 8 [GL:FSN#19] - AC
- Fixed an issue where users were being redirected after applying component settings [GL:FSN#62] - AC 
- Fixed an issue where the menu bar system status server links would redirect to an empty edit page [GL:FSN#28] - AC
- Fixed an issue where dashlets would vanish if background was set as transparent [GL:FSN#47] - AC
- Fixed an issue where TLS was automatically enabled when sending email alerts [GL:FSN#15] - AC
- Fixed an issue where timezones were not always being set properly [GL:FSN#38] - AC
- Fixed an issue where users were not being sorted alphabetically when selecting user mappings [GL:FSN#12] - AC
- Fixed an issue where languages were not being set properly [GL:FSN#44] - AC
- Fixed XSS in Admin->LDAP/AD Integration (Thanks Tisha Manandhar for reporting this) [GL:FSN#58] - AC
- Fixed XSS in Admin->License Information (Thanks Tisha Manandhar for reporting this) [GL:FSN#59] - AC
- Fixed XSS in Admin->Email Settings (Thanks Tisha Manandhar for reporting this) [GL:FSN#60,61] - AC
- Removed the Nagios World Conference link from the login page [GL:FSN#49] - AC
- Deprecated support for Debian 9 and Ubuntu 16 due to end of life - AC 

4.1.9 - 02/09/2021
==================
- Updated the supported OS systems for RHEL/CentOS 8, CentOS Stream, Ubuntu 20.04 LTS, and Debian 10 -JO
- Fixed issue where TLS/SSL wasn't showing in LDAP/AD Integration page for servers with encryption selected [TPS#14734] -JO
- Fixed issue where Service Status dashlet would not show data unless users had access to host data [TPS#15420] -SAW
- The following vulnerabilities were mitigated: (Thanks to Shahar Zini and Samir Ghanem from Skylight Cyber Security for reporting them)
- Fixed XSS in several dashlets when attacker has control over fused server (CVE-2020-28903) - SAW
- Fixed authenticated remote code execution (from the context of a low-privilege user) (CVE-2020-28905) - SAW
- Fixed privilege escalation from apache to nagios via command injection in cmd_subsys.php (CVE-2020-28902) - SAW
- Fixed privilege escalation from apache to nagios via command injection in cmd_subsys.php (CVE-2020-28901) - SAW
- Fixed privilege escalation from nagios to root via upgrade_to_latest.sh (CVE-2020-28900) - SAW
- Fixed privilege escalation from apache to root via upgrade_to_latest.sh and modification of proxy config (CVE-2020-28907) - SAW
- Fixed privilege escalation from nagios to root via modification of fusion-sys.cfg (CVE-2020-28906) - SAW
- Fixed privilege escalation from nagios to root via modification of scripts sudoers scripts (CVE-2020-28909) - SAW
- Fixed privilege escalation from apache to nagios via command injection in cmd_subsys.php (CVE-2020-28908) - SAW
- Fixed information disclosure - low-privilege user can discover passwords used to authenticate to fused servers (CVE-2020-28911) - SAW

4.1.8 - 12/03/2019
==================
- Added option to stop polling when users are not logged in to stop large systems polling unnecessarily causing slowdowns -JO
- Added missing fullscreen button to most pages like in other products [TPS#12316] -SAW
- Updated SourceGuardian loaders to now support PHP versions up to 7.3 -JO
- Updated jQuery to a patched version 1.12.4 to fix CVE-2019-11358 -JO
- Fixed wording for encryption STARTTLS in LDAP/AD Integration -JO
- Fixed bug causing ?brevity=1 to be appended (and ignored) when building polling URLs -BH,SW
- Fixed issue with LDAP/AD certificate management when binary data is in the certificate [TPS#14690] -JO
- Fixed issue with mapped user list not displaying when setting the current users mapped users [TPS#14561] -JO

4.1.7 - 02/14/2019
==================
- Fixed bug preventing # in usernames and passwords of linked Nagios XI servers [TPS#13812] -SW
- Fixed forgot password link always giving an error about AD/LDAP when entering even a local user [TPS#13902] -SW
- Fixed issue with newer Debian 9 os-release not passing as a valid OS for install -JO
- Fixed problems with backup/restore script errors for apache cron jobs [TPS#13885] -JO
- Fixed admins not able to remove synced deploayed dashboards from themselves [TPS#14016] -JO

4.1.6 - 11/20/2018
==================
- Major performance increases with large number of mapped users -BH
- Fixed new user created email to show actual username [TPS#13680] -JO
- Fixed link color to be easier to read in dashlets [TPS#12596] -SW

4.1.5 - 08/07/2018
==================
- Change Custom URL dashlet to not be a core dashlet allowing it to be removed [TPS#13412] -SW
- Fixed BPI dashlet showing broken data when only one BPI group exists on the XI server [TPS#13380] -JO
- Fixed adding new users with AD/LDAP from the API [TPS#13467] -JO
- Fixed allowing local auth login for AD/LDAP users when local auth login checkbox has not been checked [TPS#13469] -JO
- Fixed performance graph dashlet not working with XI 5.5+ systems [TPS#13457] -JO
- Fixed XSS in fusionwindow parameter [TPS#13368] -JO

4.1.4 - 06/14/2018
==================
- Update initial install mysql settings [TPS#13160] -JO
- Fixed issue where manage views listing was always limited to 10 views [TPS#13156] -JO
- Fixed various XSS vulnerabilities [TPS#13332-13335] -JO

4.1.3 - 03/15/2018
==================
- Fixed issue where AD/LDAP component displayed a blank screen when attempting to login with incorrect credentials [TPS #13023] -CN
- Fixed some XSS vulnerabilities [TPS #13001] -CN,BH
- Fixed issue where fusing an NLS server would show a blank Tactical Overview dashlet on the home page [TPS #13066] -CN
- Fixed issue where the Host&Service Health dashlet would display incorrect data if a server returned an empty data set. [TPS #13081,13100] -CN,BH
- Fixed indefinite log rotate (*.gz.1.gz.1.gz.1, etc.) [TPS#13061] -BH,LM

4.1.2 - 02/20/2018
==================
- Fixed some wording in updates section -JO
- Fixed some miscellaneous upgrade issues in the 4.1.0 -> 4.1.1 path -BH
- Added message to NLS dashlets to indicate when there is no dashlet data to display -CN
- Added ability to scroll in the NLS Index Statistics dashlet -CN

4.1.1 - 02/16/2018
==================
- Added the ability to manage authentication types in the Add/Edit User pages -CN
- Added the ability to add AD/LDAP users through the API -CN
- Now show the authentication type of any given user on the Manage Users page - BH

4.1.0 - 02/15/2018
==================
- Added license activation and added activation from inside the license pages -JO
- Added check for upgrades page/dashlet like other products -JO
- Added upgrade from the GUI like other products -JO
- Added proxy configuration page for updates, activation, and maintenance checks -JO
- Added AD/LDAP authentication component [TPS #12510] - CN
- Added several dashlets for integration with Nagios Log Server [TPS #12805] -CN
- Added API & various endpoints [TPS #12856] -CN
- Added way to monitor and clear polling locks from the admin menu [TPS #12675] -CN
- Added fix for large mysql ibdata files -BH
- Updated Views rotation timer to not use previous 'internal clock'. [TPS#12589] -SAW
- Updated fusion to not rely on a 'nagiosadmin' user [TPS#12606] -SAW
- Updated custom home page to allow external sites [TPS#12553] -SAW
- Fixed administrators being able to be excluded (can no longer be excluded from seeing server data) [TPS#12569] -SAW
- Fixed nagiosadmin so it cannot be unset as admin. Admins also cannot unset themselves in general [TPS#12606] -SAW
- Fixed polling lock expiry time not being checked properly -BH
- Fixed NSP error on login and javascript errors in IE -JO

4.0.1 - 10/05/2017
==================
- Update debug log to output proper global_auth_interval -JO
- Added sanity testing script -BH
- Added sanity tests to upload component/dashlets to detect errors and prevent installation [TPS#12243] -BH
- Fixed xss vulnerabilties in users/servers (+ some) [TPS#12246,12247] -BH
- Fixed exclusions/server mappings working on newly created users [TPS#12395] -BH
- Fixed trial extension [TPS#12254] -BH
- Fixed locale being unable to reset to en_US after selecting another [TPS#12209] -BH
- Changed 'Force password change' default on edit user [TPS#12396] -BH
- Fixed home/screen overwrite issue with deployed dashboards [TPS#12212] -BH
- Fixed upgrade issues with sourceguardian loader -BH
- Add ability to use relative paths in sys generated URLs [TPS#12481] -BH

4.0.0 - 07/17/2017
==================
- Initial re-write release -BH
- Completely rewrote Polling System, with configurable options in Admin/Settings (or per server) -BH
- Rewrote Network Operations Center component -BH
- Recreated existing dashlets -BH
- Built similar component/dashlet systems as in XI -BH
- Changed Manage Components / Manage Dashlets to be similar to XI -BH
- Added Views functionality like in XI -BH
- Added user mapping (to allow for true multitenancies. User can only see what the mapped user can see) -BH
- Added poll callbacks (to hook functionality in to polling subsystem) -BH
- Added averages/deltas to numeric polled data (as a callback) -BH
- Added ability to track timezone per server, so that display times are accurate -BH,JO
- Added clickthru links to NOC dashlets, Alert dashlets, and Tactical dashlets -BH
- Added Custom Logo component -BH
- Added Custom Login component -BH
- Added Home Page Modification component -BH
- Added Deploy Dashboards component (with a 'Deployed/Synced Dashboards' page as well) -BH
- Added 'Test Fusion Settings' to Servers page -BH
- Added better auto-login functionality -BH,JO
- Added CSRF prevention when adding an XI server -JO
- Added better logging system and Admin/Log page -BH
- Added better Dashlet system (all dashlets have on-the-fly changeable settings, etc.) -BH
- Added static landing page -BH
- Fixed license system -JO