5.10.0 - 05/16/2023 ================== - Added the ability to change service display names in the Bulk Renaming Tool [GL:XI#88] - CL - Added force mass immediate check functionality to the API [GL:XI#129] - DA - Added the ability to export and import dashboards [GL:XI#90] -AC - Added the ability to undo/redo recent changes when modifying dashlets - SNS - Added the CSV output type to the API [GL:XI#53] - CL,DA - Added the ability to send mail with OAuth2 using Microsoft - BB - Added the ability to send mail with OAuth2 using Google - BB - Improved readability for the SDESC/EDESC section of a defined trap in the SNMP Trap Interface [GL:XI#41] - PG - Updated Nagios Core to 4.4.10 - SAW - Updated the Core Config Manager (CCM) to 3.2.0 - Fixed an issue where Tools crashed when deleting added tools [GL:XI#128] - AC - Fixed an issue where certain dependencies would throw warning during installation [GL:XI#100] - SNS - Fixed an issue where links in BPI groups were incorrect [GL:XI#75] - PG - Fixed an issue where xml errors occured when using bulk renaming tools [GL:XI#88] - CL, BB - Fixed an issue where notify-host-by-email and notify-service-by-email would not send mail on CentOS Stream 9 [GL:XI#198] - SAW - Fixed an issue where nagios.log was not included in the system profile [GL:XI#114] - CL - Fixed an issue where adding a host or service to Nagvis would fail in MySQL 8 [GL: XI#106] - AC - Fixed an issue where the Nagvis component was not being upgraded to version 2.1.4 during an XI upgrade. [GL:XI#101] - AC - Fixed an issue where Autodiscovery and NCPA configuration wizards would break on systems running PHP 8 [GL:XI#123] -AC - Fixed an issue in the Manage MIBs page where one MIB entry showed two entries [GL:XI#77] - DA - Fixed an issue where certain logs would become cluttered when XI was offline [GL:XI#64] - PG - Fixed an issue where a white screen occurs when bulk-modifying contact groups on Ubuntu [GL:XI#170] - AC - Fixed an issue where LDAP/AD users had to conform to local password requirements [GL:XI#109] - AC - Fixed several issues with configuring SSL/TLS for AD/LDAP integration [GL:XI#4,5,112] - BB - Fixed an issue where dashlet borders were using Modern theme colors on Modern Dark theme when resizing [GL:XI#66] - AC - Fixed an issue where the Edit function of the SNMP Trap Interface was loading improperly [GL:XI#135] - PG - Fixed an issue in the profile script where Oracle system's Linux distribution was incorrectly displayed [GL:XI#25] - SG - Fixed an issue where deactivating a service marked all services on that host as "not applied" [GL:XI#103] - DA - Fixed an issue where PHP-FPM would exhaust usable memory [GL:XI#152] - DA - Fixed an issue where the check_xi_update plugin would fail on PHP 8 [GL:XI#134] - SNS - Fixed an issue where feedback messages were not being displayed properly after applying bulk changes in the SNMP Trap Interface [GL:XI#183] - SG - Fixed an issue where phpmailer.log was not rotated, causing it to grow indefinitely [GL:XI#121] - SNS - Fixed several issues during installation while FIPS mode is enabled [GL:XI#139] - DA - Removed installation handling for unsupported operating systems [GL:XI#98] - SNS - Disabled TRACE, TRACK, OPTIONS, HEAD methods for apache [GL:XI#57] - DA - Deprecated PostgreSQL - SAW CCM 3.2.0 - 04/01/2023 ---------------------- - Added the ability to add and delete additional Arguments in CCM [GL:XI93] - PG - Fixed an issue where users were able to configure invalid service escalations [GL:XI#102] - AC - Fixed issue where a white screen would be displayed when editing contacts on Ubuntu [GL:XI#155] - AC 5.9.3 - 02/01/2023 ================== - Fixed possible timing attack when using insecure ticket authentication (Thanks to Kevin Joensen of CSIS for reporting this issue) (CVE-2023-24035) -SAW - Fixed open redirect in Twilio component (Thanks Kevin Joensen and CSIS) (CVE-2023-24034) -SAW - Improve authentication token and salt generation (Thanks Kevin Joensen and CSIS) (CVE-2023-24036) -SAW - Deprecate Debian 9 and Ubuntu 16.04 due to end-of-life [GL:XI#27] - SNS - Update default php resource values [GL:XI#28] - SNS - Fixed bad text wrapping in Availability Report graphs [GL:XI#73] -DA 5.9.2 - 12/5/2022 ================== - Fixed issues with missing timestamp with rrdtool xport [GL:XI#1] -LG - Fixed issues with NRPE 4.1.0 Upgrade - [GL:XI#26] -SAW - Upgrade Nagios Core to 4.4.9 -SAW - Made several improvements to RHEL/CentOS 8/9 compatibility -SAW,LG 5.9.1 - 08/31/2022 ================== - Fixed issues with MySQL tuning on Ubuntu 22 systems not adding the proper values in the config -JO - Fixed problem with SNMP traps in Ubuntu 22 not working properly due to permissions -JO Core Config Manager (CCM) - 3.1.9 --------------------------------- - Fixed issue with newer PHP 8+ systems having PHP fatal errors when editing objects -JO 5.9.0 - 08/18/2022 ================== - Added support for CentOS 9 Stream / RHEL 9 and Ubuntu 22 systems -JO - Updated PHP versions supported to include 8.0 and 8.1 -JO - Updated NRPE to 4.10 for security fixes -SAW - Updated php.ini config options for new installs to have better defaults -JO 5.8.10 - 06/16/2022 =================== - Updated max_connections, max_open_files, disable_log_bin in mysql_tune.sh -SAW - Updated install to give an error message on RHEL 8 systems when codeready-builder repo does not exist -JO - Fixed issue where sometimes SID stored in $_COOKIE could cause invalid login token error until clearing cookies [TPS#15632] -JO - Fixed issue with SLA report causing not authorized error when selecting [Host Only] option [TPS#15734] -JO - Fixed an issue with previous cacerts directory fix [TPS#15713] -JO - Fixed issue with snmptt_service_results.php where it could create a file in place of the nagios.cmd pipe [TPS#15747] -JO - Fixed error in AD/LDAP integration where cert directory wasn't properly being set on Ubuntu/Debian systems -JO Core Config Manager (CCM) - 3.1.8 --------------------------------- - Fixed issue with contact deletion where host/service configs were not being re-written on apply config [TPS#15744] -JO 5.8.9 - 04/28/2022 ================== - Added peer verification when loading external URLs -SAW - Updated Nagios Core to 4.4.7 -SAW - Updated users account settings to require password confirmation to change email (CVE-2022-29270) (Thanks Alwin Warringa) -JO - Updated admin account settings to require password confirmation to change password and email (CVE-2022-29270) (Thanks Alwin Warringa) -JO - Updated automysqlbackup script to default root mysql password if none is set [TPS#15739] -JO - Fixed stored XSS security issue in Nagios BPI with the info URL not being escaped properly -JO - Fixed stored XSS security issue with command names having no encoding in the apply config error text -JO - Fixed stored XSS related to update checking -SAW - Fixed redirect on login page where redirect parameter urls could redirect user externally after login (CVE-2022-29272) (Thanks Alwin Warringa) -JO - Fixed issue in 5.8.0 upgrade for Debian and Ubuntu users -SAW - Fixed scheduled report/send report email script allowing HTML code to be used in the message field (CVE-2022-29269) (Thanks Alwin Warringa) -JO - Fixed scheduled downtime page allowing read-only users to submit downtimes via crafted POST requests (CVE-2022-29271) (Thanks Alwin Warringa) -JO Core Config Manager (CCM) - 3.1.7 --------------------------------- - Fixed copying of service object not copying excludes for Host/Hostgroups [TPS#15732] -JO - Fixed reflected XSS security issue in lock page Cancel button not urlencoding the returnurl value -JO - Properly fixed XSS security issue in search input on audit log page (thanks Hieu Tran(jkana101) from VCB STeam)) -JO 5.8.8 - 03/08/2022 ================== - Fixed issue with Availability report rounding/data error in service averages in the data table [TPS#15609] -JO - Fixed issue in which NCPA CPU Usage metric did not display [TPS#15673] -PhW - Fixed both objects/servicestatus and objects/hoststatus to allow filtering by last_hard_state [TPS#15710] -JO - Fixed restore_xi.sh script to include all libexec plugins not just ones with file extension [TPS#15696] -JO - Fixed file permissions by having automysqlbackup script keep perms in /store/backups/mysql not world readable [TPS#15699] -JO - Fixed default mysql config file options during a clean install (does not get changed on upgrade) [TPS#15692,TPS#15698] -JO - Fixed AD ldapSlashes to properly fix escaping parens [TPS#15709] -JO - Fixed cacerts directory for AD/LDAP certificate management [TPS#15713] -JO Core Config Manager (CCM) - 3.1.6 --------------------------------- - Fixed issue where search was case-sensitive -JO - Fixed XSS security issue in search and deletion (thanks Hieu Tran(jkana101) from VCB STeam) -JO 5.8.7 - 11/02/2021 ================== - Updated install to support Debian 11 systems -JO - Updated System Settings for "allow html" to separate options for status and comments under Other Settings and added a warning -JO - Updated migrate.php script to ensure that the nagios_bundler.py is not a security issue by copying it after tarball extraction -JO - Updated NRDP to version 2.0.5 to fix issue with receiving spooled passive checks [TPS#15621] -JO - Updated NSCA to version 2.10.1 to fix security issues -SAW - Fixed issue with "Finish as Template" button not adding services do to new wizards using json encode/decode rather than serialize [TPS#15635] -JO - Fixed capactiyplanning.py giving out a lot of ValueErrors when pending checks are just starting to run -JO - Fixed XSS vulnerability in Nagios Core ui by patching Core for XI systems with escape_string() -JO - Fixed XSS vulnerability in SSH Terminal page url parameter and the Account Information page api_key parameter -JO - Fixed XSS vulnerability in Audit Log page Send to NLS form -JO - Fixed security permissions issue with apache user and temp directory used by Highcharts -JO - Fixed security permissions issue with nocscreen component sounds directory -JO - Fixed manage_services.shs script vulnerability with systemctl not using the --no-pager option -JO - Fixed issue where cloning user would not clone the user's meta data [TPS#15617] -JO - Fixed bulk modifications issue when trying to remove Free Variables [TPS#15653] -JO - Fixed sysstat data on systemd systems when XML entities are in the output text causing the Admin > System Status to show "No Data" [TPS#15657] -JO - Fixed issue with cfgmaker with contact/location newlines causing it not to work [TPS#15666] -JO,SS - Fixed various security issues: (thanks chenhuiliang@qianxin.com and chenruiqi@qianxin.com from Codesafe Team of Legendsec at Qi'anxin Group) - Fixed various XSS vulnerabilities in the auditlog.php admin page -JO - Fixed SQL injection possibility in mib_name parameter when uploading new MIBs in Manage MIBs page -JO - Fixed XSS vulnerability in the Admin > system performance settings page -JO - Fixed XSS vulnerabilities in the Admin > system settings page -JO - Fixed XSS vulnerability in ajax.php script in CCM 3.1.5 -JO - Fixed security vulnerability in nagiosna component in version 1.4.5 -JO - Fixed security vulnerability in MTR component in version 1.0.4 -JO - Fixed security issue in NRDS with version 1.2.8 -JO Core Config Manager (CCM) - 3.1.5 --------------------------------- - Fixed Down stalking option not working for Host Templates in Alert Settings tab [TPS#15625] -JO - Fixed XSS vulnerability in ajax.php script -JO - Fixed issue with case insensitivity in regards to host/service names when importing configs (or running wizard) [TPS#15620] -JO 5.8.6 - 09/02/2021 ================== - Added Stalking Notification and None options to Single Config Option for Bulk Modifications Tool [TPS#15597] -PhW - Updated Bulk Modifications Tool UI to use actual option names, and mirror UI from normal config page -PhW - Updated NagVis component to version 2.0.9 to fix security issue (thanks Scott Tolley from Synopsys Cybersecurity Research Center (CyRC)) -JO - Fixed issue with special characters in Top Alert Producers, State History, and Notifications reports [TPS#15599] -JO - Fixed built in DEV tools, so you can log values and monitor them through the web UI. -PhW - Fixed styling issue on the Check for Updates page when in Modern Dark theme -JO - Fixed command injection security issue during installation of components, wizards, and dashlets in cmdsubsys -JO (thanks Guillaume André of Synacktiv (https://synacktiv.com)) (CVE-2021-40345) - Fixed security issue in backend API auth where it was not properly authing the insecure login ticket -JO - Fixed security vulnerability with file permissions for the migrate nagios_unbundler.py script (thanks Guillaume André of Synacktiv (https://synacktiv.com)) (CVE-2021-40343) -JO - Fixed SQL injection in the Manage MIBs admin page and Bulk Modifications page -JO - Fixed XSS security vulnerability in Manage My Dashboards page edit dashboard title attribute (thanks Matthew Dunn) (CVE-2021-38156) -JO - Fixed SSRF vulnerability in Scheduled Report URL when scheduled page URL is outside the Nagios XI system (thanks Ben Leonard-Lagarde (Modux)) (CVE-2021-37223) (TPS#15594) -PhW,JO - Fixed issue in which deleting a host having an escalation caused an invalid config. -PhW Core Config Manager (CCM) - 3.1.4 --------------------------------- - Fixed reflective XSS in the test command due to double encoded html entities -JO (thanks Amit Raut of Trend Micro Security Research working with Trend Micro Zero Day Initiative) 5.8.5 - 07/15/2021 ================== - Fixed issue where critical or warning values in certain disk space metrics were rendered as green. -PhW - Added extra folder name sanatization to the getprofile.sh script to make it more secure -JO - Fixed password email going out when AD/LDAP user is created without local password auth [TPS#15547] -JO - Fixed failed backup email sent when running a manual local backup [TPS#15546] -JO - Fixed timezone for Istanbul in utils-time.inc.php [TPS#15532] -JO - Fixed longserviceoutput macro not properly converting newlines to breaks in HTML email notifications [TPS#15537] -JO - Fixed issue when generating PDFs (and auth tokens in general) on usernames with uppercase letters in them [TPS#15542] -JO - Fixed display issue of host/service notes where double quotes were not displayed correctly [TPS#15543] -JO - Fixed SQL injection vulnerability in Bulk Modifications Tool for some single config option types -JO - Fixed post auth RCE in autodiscovery due to path tranversal issue in job id -JO - Fixed issue with index.php page value not being properly validated before being passed to display page function -JO - Fixed possible insecurity in Nagios Mobile authentication where it would not exit/quit after redirecting unauthenticated users -JO - Fixed redirection vulnerability in login redirect url for some styles of urls -JO - Fixed vulnerability with xi-sys.cfg being imported from the var directory for some scripts with elevated perms -JO - Fixed issue where AD/LDAP wouldn't search in base directory [TPS#15495] -JO - Fixed empty XML output when outputtype=xml for hostgroup/servicegroup API endpoints when there are no groups -JO - Fixed issue with manage_services.sh and restarting php-fpm on EL8 systems -JO - Fixed insecure permissions on migrate.php and repairmysql.sh file (thanks Ben Leonard-Lagarde (Modux) & Lucas Fedyniak-Hopes (Modux)) (CVE-2021-36363, CVE-2021-36365) -JO - Fixed issue with Nagios Mobile not verifying a comment is set for scheduled downtime or acknowledge -JO - Fixed security issue with backup_xi.sh and manage_services.sh allowing using wildcards -JO (thanks Ben Leonard-Lagarde (Modux) & Lucas Fedyniak-Hopes (Modux)) (CVE-2021-36364, CVE-2021-36366) -JO Core Config Manager (CCM) - 3.1.3 --------------------------------- - Fixed SQL injection from improper escaping of values in search text -JO - Fixed timeperiod template name adding _copy_x to the template name even if empty which caused errors [TPS#15550] -JO NDO - 3.0.7 ----------- - Added option "log_failed_queries" to ndo.cfg. Set this to 0 to disable failed query logging -SAW - Fixed issue where nagios_objects.name2 would occasionally be set to NULL -SAW - Fixed issue where leftover comments and other objects would cause hosts and services to continue showing in the database after deletion. [TPS#15549] -SAW - Widened all text columns significantly -SAW 5.8.4 - 06/10/2021 ================== - Updated getprofile.sh to delete a new profile's folder before generating contents -JO - Fixed install on newer Debian 9 systems due to default pip version [TPS#15535] -JO - Fixed issues with logrotate -JO,DC - Fixed getprofile.sh db_host value to properly pull from config.inc.php -JO,DC - Fixed vulnerability in getprofile.sh not clearing directory before creating profile -JO - Fixed restore_xi.sh using relative directory path -JO,DC - Fixed SQL injection vulnerability in Bulk Modifications Tool -JO - Fixed XSS security vulnerability in about section -JO - Fixed the "use" option to properly apply when using the config/contacts API endpoint -SS,JO - Fixed security issue for config when upgrading system [TPS#15551] -JO Core Config Manager (CCM) - 3.1.2 --------------------------------- - Fixed XSS security vulnerability in CCM lock page functionality -JO 5.8.3 - 03/31/2021 ================== - Updated jQuery to version 3.6.0 to fix minor issues -JO - Updated email validation to require RFC 822 valid email addresses to fix possible security vulnerabilities -JO - Fixed install process on Oracle Linux 8 due to mod_php being used instead of php-fpm like CentOS/RHEL -JO - Fixed config/ endpoints to properly display array of contacts (and other objects) when using append (+) in config [TPS#15509] -JO - Fixed argument quoting in mysqlrepair and restore_xi scripts -DC,JO - Fixed issue with Scheduled Backups sending local backup success email with SSH or FTP emails [TPS#15501] -JO - Fixed API help/example PUT config calls not working properly due to space not being url encoded [TPS#15505] -JO - Fixed XSS vulnerability in user Email Address field when on Send Test Notification page -JO - Fixed possible RCE vulnerability via Email Address not being properly validated (CVE-2020-24899) -JO - Fixed scheduled reports jobs not changing with username change [TPS#15502] -JO - Fixed issue where masquerade button in the Manage Users page wasn't working on some OS/PHP versions -JO - Fixed issues with MIB integration after upgrading to SNMPTT 1.4.2 [TPS#15376] -SAW - Fixed issues with Undo Trap Processing button [TPS#15500] -SAW - Fixed issue with downgraded ndo2db systems where limited users would not properly load data due to is_ndo_loaded failing -JO 5.8.2 - 02/25/2021 ================== - Removed deprecated code related to NDO 2 (get_db_backend_status, get_ndoutils_info_xml, API's system/statusdetail dbbackend) -SAW - Updated php.ini settings to add some more restrictive session options for better security -JO - Updated NRDP version to 2.0.4 to fix jQuery CVE and update Bootstrap version -JO - Fixed issue with Enterprise message showing up on Rapid Response URL page even though it shouldn't -JO - Fixed jquery 3 compat script not loading for wkhtmltopdf report generation when jQuery 1.x is disabled -JO - Fixed wkhtmltopdf delay/timeout not being set properly for page pdf generation -JO - Fixed default date, number, and week format set when creating a new user to match config settings [TPS#15428] -JO - Fixed special characters in ansible passwords with Deploy and Migrate scripts [TPS#15443] -JO - Fixed typo in Performance Settings Database tab [TPS#15446] -JO - Fixed issue with custom API endpoints not being passed the $args as an array -JO - Fixed Nagios Configuration location being passed to the migrate script when using advanced options in Migrate Server page -JO - Fixed Bulk Modifications Tool to make ARG8 work properly and fix checkboxes when setting a new command [TPS#15458] -JO - Fixed issue with snmptraphandling.py script not working properly with Python 3 [TPS#15461] -JO - Fixed My Scheduled Reports History tab to work properly with old PostgresQL installs of XI [TPS#15467] -JO - Fixed user permissions on newer MySQL servers to allow backup_xi.sh to do a mysqldump [TPS#15462] -JO - Fixed issue with backslash in service names not showing up when editing a Nagios BPI group [TPS#15457] -JO - Fixed snmptrapd not enabled/starting on some Debian and Ubuntu installations [TPS#15473] -JO - Fixed Two Factor email authentication in Nagios Mobile interface [TPS#15399] -JO - Fixed rrdexport API endpoint to allow passing the maxrows value to no longer be limited to the default [TPS#15433] -JO - Fixed issue installing on RHEL 8.3 due to codeready builder repo requirement [TPS#15463] -JO - Fixed permissions issues with Deploy Dashboards component -JO - Fixed permissions on the send_to_nls.php file to be owned by root and read only to other users -JO - Fixed Nagios BPI sync when applying configuration not waiting for NDO3 to load all data before running [TPS#15448] -JO - Fixed issue where php-fpm was not being restarted during CA cert add in LDAP/AD cert management page -JO Core Config Manager (CCM) - 3.1.1 --------------------------------- - Fixed issue where overlay would not allow scrolling for Free Variables list [TPS#15452] -JO - Fixed copying host/services with backslash in the name not copying the full name with backslash [TPS#15460] -JO - Fixed XSS security vulnerabilities in config_name and service_description on the Services page -JO - Fixed XSS security vulnerabilities in Overlay modals -JO - Fixed issue with writing out host with backslash in the host_name -JO NDO - 3.0.6 ----------- - Increased performance for queries involving comment history and downtimes on large/long-running systems - Fixed error when adding downtimes which expire after 2038 5.8.1 - 01/15/2021 ================== - Fixed issue with Admin > Manage Components page where the proper component name was not being set -JO 5.8.0 - 01/13/2021 ================== - Added Migrate Server utility to Admin section to migrate Nagios Core systems to Nagios XI -JO,SAW - Added new Configuration Snapshots page with ability to see raw diffs between configuration changes that have been applied -JO - Added services tab into Host Status Details page to see service status without leaving the page -JO - Added ability to deploy agents from the Auto Discovery tool and show if agents have been deployed to hosts that are discovered -JO - Added Microsoft 365 Config Wizard -LG - Added Linux Server Legacy Config Wizard that uses NRPE -LG - Added notification options to Scheduled Backups to notify via email when backups succeed or if they fail -JO - Added ease of use enhancements to the New Password input and Email User New Password checkbox in the Edit Users page -JO - Added Scheduled Reports History tab to My Scheduled Reports page and Report Managment section to view reports ran and the status -JO - Added ability to send URL parameters to PUT API config endpoints in case a parameter cannot be passed via the URL path -JO - Added support for deploying agents on Windows machines (if openssh server is enabled and configured) via Deploy Agents -JO - Updated Rapid Response page sizing on mobile devices -JO - Updated Linux Server Config Wizard to use NCPA instead of NRPE -LG - Updated NDO to version 3.0.5 -JO,SAW - Updated Highcharts to version 7.2.2 for bug fixes -JO - Fixed Scheduled Backup logging so it logs output and errors directly into the scheduledbackups.log file when backups are ran -JO - Fixed issue with the coreuiproxy not properly working with URL encoded strings [TPS#15381] -JO - Fixed Scheduled Reporting logging file (/usr/local/nagiosxi/var/scheduledreporting.log) not being created by default -JO - Fixed Bulk Modifications Tool to properly apply check_command on host/services that do not have one [TPS#15385] -JO - Fixed Bulk Modifications Tool logging output not showing the proper host/service names in the audit log [TPS#15384] -JO - Fixed issue with forward slashes in name/definition of object configs in Nagios BPI [TPS#15356] -JO - Fixed service selection dropdown from changing sizes in Graph Explorer's Multistacked graph tab [TPS#15368] -JO - Fixed issue with Auto Discovery not having Actions buttons if a running job finishes before moving off or refreshing the page -JO - Fixed theme/CSS issue with column sizes on large screens -JO - Fixed Ansible package installation on Ubuntu 18.04 LTS systems -JO - Fixed 2FA causing issues with the Core username/password authentication .htaccess file [TPS#15401] -JO - Fixed API endpoints config/host and config/service to make host_name and config_name values case sensitive -JO - Fixed changing timezone in EL8 systems not restarting php-fpm which causes php to have the wrong timezone until restarted -JO - Fixed issue with system/commands when using multiple command IDs [TPS#15408] -JO,SS - Fixed security vulnerability where PNP's PHP templates were accessible from the interface -JO - Fixed stored XSS security vulnerability in My Tools page (thanks Matthew Aberegg) -JO - Fixed security vulnerability in Manage Plugins upload when using convert line endings option (CVE-2020-35578) (thanks Haboob Team) -JO - Fixed styling on Rapid Response page when using a trial enterprise license -JO - Fixed serial number for self signed SSL generated when selecting SSL option during install -JO - Fixed sysstat cron job cpu stats on newer versions of iostat in CentOS/RHEL systems -JO,DC - Fixed XSS security vulnerability in Nagios BPI config IDs (thanks Matt Aberegg) -JO - Fixed XSS security vulnerability in views url (thanks Matt Aberegg) -JO - Fixed issue with Bulk Modifications Tool when removing a free variable where relationships would not show -JO - Fixed XSS security vulnerability in SSH Terminal page (CVE-2021-25299) (thanks Nipun Gupta of Cloudfuzz) -JO - Fixed security vulnerability in Graph Template upload and PNP share directory (thanks Xinjie Ma from Chaitin Security Research Lab) -JO Core Config Manager (CCM) - 3.1.0 --------------------------------- - Added checkbox in Import Config Files page that hides all configs outside of the import directory -JO - Added service excludes checkbox into Service Escalations -JO - Updated service object Misc Settings tab to remove config options that are not able to be set for services -JO - Updated Misc Settings information for how to use specific fields -JO - Fixed issue where object names with multiple spaces in a row would not import properly [TPS#15374] -JO - Fixed check command close button over the command output and command output sizing [TPS#15353] -JO - Fixed Service Escalations showing * for contact/contact group options since it is not usable [TPS#15403] -JO - Fixed Service not removing hosts properly when deleting a host and the service also has a hostgroup assigned [TPS#15415] -JO - Fixed excluding services, hosts, host groups from Service Escalations [TPS#15321] -JO - Fixed importing services on Service Escalations when host_name is set to * [TPS#15321] -JO - Fixed XSS security vulnerability with the Active/Actions buttons in the templates pages (thanks Matt Aberegg) -JO NDO - 3.0.5 ----------- - Drastically reduced startup time for some systems - Fixed occasional long shutdown times in Nagios Core - Fixed segmentation faults related to severed MySQL connections - Fixed issue with service display_name being set to the service description 5.7.5 - 11/12/2020 ================== - Fixed security issues with AngularJS 1.3.9 by upgrading to 1.8.2 -JO - Fixed various XSS security issues with older version of Bootstrap 3.3.x by upgrading to 3.4.1 in both Desktop and Mobile -JO - Fixed mobile redirect when trying to access the rapid response URL [TPS#15372] -JO - Fixed various XSS security vulnerabilities in Manage Users, Notification Settings, Agent Management, and Deploy Dashboard pages (thanks Namratha) -JO (CVE-2020-27988, CVE-2020-27989, CVE-2020-27990, CVE-2020-27991) - Fixed privilege escalation security vulnerability with Auto-Discovery php script (thanks Chris Lyne of Tenable) -JO - Fixed authenticated remote code execution in Auto-Discovery component (thanks Shahar Zini and Samir Ghanem from Skylight Cyber Security) -JO Core Config Manager (CCM) - 3.0.8 --------------------------------- - Fixed various XSS security vulnerabilities in overlay and notification/check period -JO - Fixed issue with command escaping in Test Check Command [TPS#15167] -JO 5.7.4 - 10/15/2020 ================== - Fixed issue with mysqladmin credentials not being set when creating a support Profile [TPS#15324] -JO - Fixed SQL injection vulnerability in the edit page for SNMP Trap Interface (thanks Matthew Aberegg) -JO - Fixed typos in Deploy Agent page [TPS#15336] -JO - Fixed issue with servicegroup_name not being populated in schedule downtime popup on Service Group Grid/Overview pages [TPS#15328] -JO - Fixed search box autocomplete not working on Host/Service Details pages -JO - Fixed Auto Discovery component when scheduling a recurring scan at either 12 AM or PM [TPS#15342] -JO - Fixed issue when updating a single component using the install button on the Manage Components page [TPS#15337] -JO - Fixed renaming objects via PUT request in API with only a name change causing apply config issues [TPS#15156] -JO - Fixed Recurring Scheduled Downtime for limited users services not showing up [TPS#15354] -SS,JO - Fixed CSRF security vulnerabilities in Manage MIBs page and SNMP Trap Interface (CVE-2020-5790) (thanks Chris Lyne of Tenable) -JO - Fixed RCE security vulnerability in the Manage MIBs page (CVE-2020-5791) (thanks Chris Lyne of Tenable) -JO - Fixed Command Argument Injection vulnerability in SNMP Trap Interface (CVE-2020-5792) (thanks Chris Lyne of Tenable) -JO - Fixed Nagios BPI issues with newer systems with newer versions of git cmd using an invalid cmdline parameter -JO - Fixed issue with filtered output in SLA/Availability report when advanced options are set [TPS#15358] -JO - Fixed empty pending host/service check that could show up after hard system reset -JO Core Config Manager (CCM) - 3.0.7 --------------------------------- - Fixed various XSS sercurity vulnerabilities in the object edit pages (thanks Matthew Aberegg) -JO - Fixed various SQL injection security vulnerabilities in the object edit pages (thanks Matthew Aberegg) -JO - Fixed bug in the CCM Audit Log page which would not allow searching -JO NDO - 3.0.4 ----------- - Fixed issue with downtime brokering on startup - Fixed logging of failed queries for WRITE_HOSTS/WRITE_SERVICES/WRITE_CONTACTS - Fixed blank host/service status rows that may get added during a hard restart 5.7.3 - 09/03/2020 ================== - Added missing scheduled downtime comment data to Host/Service Status Details pages [TPS#15190] -JO - Fixed search on services page to properly search in a case insensitive way [TPS#15241] -JO - Fixed typo in Admin > Performance Settings max comment history age field [TPS#15227] -JO - Fixed information tooltips in security popup during LDAP/AD user import [TPS#15247] -JO - Fixed library path for mrtg2, in cfgmaker. In some OS versions, the path needs to be ../lib64/mrtg2, instead of ../lib/mrtg2 [TPS#15213] -LG - Fixed library path for mrtg2, in mrtg. In some OS versions, the path needs to be ../lib64/mrtg2, instead of ../lib/mrtg2 [TPS#15213] -LG - Fixed parameter problem_has_been_acknowledged not working on hoststatus and servicestatus API endpoints [TPS#15256] -JO - Fixed backup/restore scripts to no longer copy over old nagiosmobile HTTPD config [TPS#15266] -JO - Fixed issue with the parameter host_object_id (host_id works) not working with objects API calls [TPS#15263] -JO - Fixed XSS security vulnerability in Admin -> Manage Users (Thanks Christian Weiler) [TPS#15277] -SAW - Fixed XSS security vulnerability in Add/Manage Dashboard page and popup [TPS#15292]-JO - Fixed privilege escalation in backend scripts ran as root where some included files were editable by nagios user (CVE-2020-15903) (thanks ERNW) -JO - Fixed command injection vulnerability in report PDF Download (Thanks Christian Weiler) [TPS#15278] -SAW - Fixed privilege escalation vulnerability in getprofile.sh (Thanks Christian Weiler) [TPS#15279] -SAW - Fixed issue with Capacity Planning python script on Ubuntu 20.04 [TPS#15283] -JO - Fixed Inbound Email Processing when using Outlook and other clients that use Windows line endings [TPS#15285] -JO - Fixed clearner.php error on systems still running postgresql [TPS#15299] -JO - Fixed Host/Servicegroup summary dashlets commands link not working while they are inside dashboards [TPS#15196] -JO - Fixed Host/Service Details pages on smaller screen sizes having the record count/search bar overlap eachother [TPS#15304] -JO - Fixed issues with Dark Theme Highcharts graphs to be more readable and usable -JO NDO 3.0.3 --------------------------------- - Fixed issue with version comparison in database upgrade script - Fixed issue with failed timed_event brokering on startup - Fixed issue with erroneous logging of notification brokering failures - Fixed improper handling of callback registration when some event types were disabled 5.7.2 - 07/14/2020 ================== - Updated NDO to 3.0.2 to fix issues with slow startup with large systems and truncating tables -SAW,JO - Fixed NDO issue where renaming hosts and services with uppercase/lowercase letters caused inconsistencies [TPS#15205] -SAW,JO - Fixed restricting access to auto deploy output JSON files -JO - Fixed brevity settings for objects/hoststatus and objects/servicestatus when using outputtype=xml -JO - Fixed issue with NDO connection in Nagios XI using latin1 as default charset instead of utf8 -JO - Fixed error updating audit log when removing a user [TPS#15172] -JO - Fixed warning/critical toggle button icon placement on Highcharts graphs with single dataset [TPS#15175] -JO - Fixed XML brevity causing isseus with Mass Acknowledge and other systems that rely on XML data [TPS#15179] -JO - Fixed displaying inactive objects that have been disabled in nagios_objects table -JO - Fixed security vulernability with audio import directory allowing php files to be uploaded/ran from that directory (thanks @TactiFail) -JO - Fixed XSS security vulnerability in background color in Dashboards (thanks @TactiFail) -JO - Fixed XSS security vulnerability in Config Management > Edit Config page in BPI component (thanks @TactiFail) -JO - Fixed XSS security vulnerability in Graph Explorer link url option (CVE-2020-15902) (thanks ERNW) -JO - Fixed RCE vulnerability with ajaxhelper.php when running certain commands through cmdsubsys (CVE-2020-15901) (thanks ERNW) -JO - Fixed issue where the "Check for Updates" button on Wizards/Components was not checking latest XI 5.7 versions -JO - Fixed Top Alert Producers report not showing on CentOS 8 / MySQL 5.7+ [TPS#15202] -JO - Fixed LDAP integration missing function causing a PHP error when trying to import users from LDAP -JO - Fixed backend cache causing problems when empty data was returned -JO - Fixed mod_gearman issue with NDO3 causing it to not use the mod_gearman module -SAW - Fixed ansible version issue for Auto Deployment component on Ubuntu 16 and Debian 9 systems [TPS#15200] -JO - Fixed issue with PHP 7 and Scheduling Queue page not showing up properly -JO - Fixed python setup for Ubuntu 20 systems which have both Python 2 and Python 3 installed -JO - Fixed NagVis installation issue with Ubuntu 20 and CentOS/RHEL 8 due to using Python 3 -JO - Fixed Manage Deployed Agents page where OS version would not always update or add when adding new agents [TPS#15192] -JO Core Config Manager (CCM) - 3.0.6 --------------------------------- - Fixed security vulnerability with Static Config Editor allowing editing apache owned files outside static directory (thanks @TactiFail) -JO 5.7.1 - 06/11/2020 ================== - Updated NDO 3 to 3.0.1 to fix some errors on certain systems and upgrade issues -SAW,JO - Updated jQuery to version 3.5.1 to fix security vulnerabilities -JO - Fixed non-admins not able to process host/service relations from the db causing the user to see no hosts/services -JO - Fixed issue with State History report causing a PHP error and would not display state data -JO - Fixed installation issue on RHEL 8 with redhat-lsb-core package installed -JO - Fixed sourceguardian upgrade issue with old versions of XI on 32bit systems -JO - Fixed resolving hostname in IP Mismatch popup check for systems with hostnames in the program URL -JO - Fixed styling issues on Configure main page when using Modern Dark theme -JO - Fixed the ndo2db manage_services.sh script status check to return a message since ndo2db was removed -JO - Fixed object status retries in the Performance Settings page not saving when set -JO - Fixed restore snapshot in CCM broker_module being overwritten with ndo2 version of broker module line -JO 5.7.0 - 06/08/2020 ================== - Added new Nagios Mobile interface that better integrates with Nagios XI -CN,SAW - Added support for CentOS/RHEL/Oracle 8 -JO - Added support for Ubuntu 20.04 LTS and Debian 10 -JO - Added NCPA agent deployment and updated NCPA config wizard -JO - Added notice to the login alert box that mentions if hostname or ip is valid in program url [TPS#2327] -JO - Added add and remove servicegroups to and from services in Bulk Modifications Tool [TPS#13587] -CN - Added ability to play sounds when state changes occur in the NOC screen [TPS#10777] -SAW - Added Audit Log messages for REST API calls [TPS#6913] -SAW - Added configuration options to send the Audit Log to Nagios Log Server [TPS#13942] -SAW - Added ability to set Dashboard backgrounds to transparent [TPS#14284] -JO - Added Config Management section to Nagios BPI component [TPS#14473] -JO - Added search box into LDAP/AD import page to decrease amount of users displayed and to find specific users [TPS#10230] -JO - Added new JSON configuration wizard -JO - Added new XML configuration wizard -JO - Updated NDOutils to NDO 3.0.0 for performance increase and no longer using kmq or the ndo2db daemon -JO - Updated NRDP to version 2.0.3 -JO - Updated NRPE to version 4.0.3 -JO - Updated Nagios Core to version 4.4.6 -JO - Updated Nagios Plugins to version 2.3.3 -JO - Updated objects API to no longer convert XML to JSON for a more consistent output and always returns the same structure at any result size [TPS#14740] -JO - Updated Bulk Modifications Tool to allow only setting certain arguments selected by checkboxes [TPS#14765] -JO - Updated layout on host/service status pages to maximize space and allow removing summary dashlets via page config settings -JO - Updated Hostgroup and Servicegroup command buttons to use popups instead of going to old Core proxy pages -JO - Updated access methods for subsystems that needed random credentials and removed the Admin > "Security Credentials" page -JO - Updated restore_xi.sh script to ask for MySQL password when running if it cannot connect to MySQL [TPS#14294] -JO - Updated layout for LDAP/AD import user selection page to make more usable when selecting many users -JO - Updated Exchange config wizards to use NCPA instead of NSClient++ -LG,JO - Updated Windows Server/Desktop to use NCPA instead of NSClient++ -JO - Updated Legacy NSClient++ configuration wizard (used to be Windows Server/Desktop) -JO - Updated Availability report to increase speed by reducing the amount of data parsed when filtering -JO - Fixed Unconfigured Objects auto-configure templates to use ID to not cause config errors if template is deleted [TPS#14328] -JO - Fixed issue with LDAP/AD select users toggle all/none checkbox not working properly -JO - Fixed limited LDAP/AD queries (PHP 5.3.x will require a search but will notify when limit is reached) [TPS#10230] -JO - Fixed resizing issue when updating dashlets in Capacity Planning tab in the host/service status details pages [TPS#15053] -JO - Fixed custom time range on SLA report to use proper time range specified [TPS#15048] -JO - Fixed issues with old RRDtool graphs not displaying properly in Performance Graph page [TPS#15076] -JO - Fixed certain NCPA checks running through test command causing wrong output -JO - Fixed backend API using insecure login ticket (backend API is deprecated and will be removed in XI 6) [TPS#15087] -JO - Fixed CCM page in use message not clearing when on apply config page if they are expired [TPS#15163] -JO 5.6.14 - 04/21/2020 =================== - Fixed postauth RCE issue with CCM test command function in command_test.php (X-Force 179405) -JO - Fixed postauth RCE issue in RRD exporting script export-rrd.php (X-Force 179404) -JO - Fixed issues with order by on SNMP Trap Interface SQL injections with a whitelist (X-Force 179406) -JO - Fixed issue with CORS policy for API endpoints -JO - Fixed input filter text box in schedule host downtime page and CCM not working in Chrome [TPS#15073] -JO,SAW - Fixed installation issue with SUSE Extended Support for RHEL systems (Thanks Derek) -JO 5.6.13 - 04/07/2020 =================== - Fixed minor usability issues with SNMP Trap Interface -SAW - Fixed post auth XSS vulnerabilities (CVE-2020-10819, CVE-2020-10820, CVE-2020-10821) -JO - Fixed security issues with Highcharts SVG generation -JO - Fixed RCE vulnerability in admin section's NRDP/NSCA outbound check configuration (thanks @TactiFail) -JO 5.6.12 - 02/27/2020 =================== - Fixed issue with backups not properly generating due to tar creation errors -JO 5.6.11 - 02/25/2020 =================== - Fixed LDAP/AD integration CA certificate upload to allow both root and intermediate on same subject [TPS#14855] -JO - Fixed Bulk Modifications Tool add/remove free variables not setting last_modified value causing changes not to be written [TPS#14875] -JO - Fixed BPI removing host/services out of the groups when they are renamed [TPS#14929] -JO - Fixed unauthenticated XSS/SSRF in highcharts local exporting tool -SAW - Fixed unauthenticated username disclosure in suggest.php -SAW 5.6.10 - 01/16/2020 =================== - Fixed RCE vulnerability with apache user code execution in Scheduled Reporting component (CVE-2019-20197) -JO - Fixed XSS vulnerability in Scheduled Reporting component and nocscreen (nocscreen can be upgraded from Admin > Manage Components) (CVE-2019-20139) -JO - Fixed login redirection to remove double slashes as part of redirection security parsing -JO Core Config Manager (CCM) - 3.0.5 --------------------------------- - Fixed several issues with importing service dependencies [TPS#14737] -SAW 5.6.9 - 12/10/2019 ================== - Fixed CSS styling for host/service status tables in IE when using the dark theme [TPS#14653] -JO - Fixed issue in config/service API call that would not set free variables on already existing services [TPS#14660] -JO - Fixed service notes not showing in the Misc Info section of the Service Details page [TPS#14679] -JO - Fixed issue in AD/LDAP certificate management where certificates with binary data couldn't be added [TPS#14690] -JO - Fixed the ndo preloading functions only searching for is_active=1 potentially causing duplicate objects on large systems -JO - Fixed issue with service/host filters not properly aligned on top of the table when hidedashlets=1 is set [TPS#14699] -JO - Fixed issue where Running "last week" report on first day of week gives wrong weeks data [TPS#14722] -SW - Fixed issue with search bar location when hideoptions is set [TPS#14735] -JO Core Config Manager (CCM) - 3.0.4 --------------------------------- - Fixed issue with CCM config imports that would delete all free variables when importing leaving only new ones -JO - Fixed form validation for object names and service descriptions to match the default illegal_object_name_chars directive in nagios.cfg -SAW 5.6.8 - 11/05/2019 ================== - Updated SourceGuardian loaders to now support PHP versions up to 7.3 -JO - Updated the getprofile.sh script to add the BPI configurations to the profile.zip -JO - Updated jQuery to 3.4.1 and patched jQuery 1.12.4 for CVE-2019-11358 -JO - Fixed issue on SLA report where advanced options were not properly applying [TPS#14538] -JO - Fixed threshold/range function in check_rrdtraf plugin -CD,JO - Fixed issue with BPI sync checkbox being required when checking remove host/services that are missing on apply config [TPS#14590] -JO - Fixed negative numbers in Capacity Planning report and wizard -SAW - Fixed multiple security vulnerabilities that allowed nagios user command injections (thanks Jeremy Brown) -JO - Fixed issue with overwriting user meta data on each page load causing LDAP/AD import blank screen for LDAP/AD users [TPS#14636] -JO - Fixed issue with BPI configuration comments and hash tags in hostgroup/servicegroup names -JO - Fixed issue where deleting multiple services from a host would cause only one to delete at a time during BPI sync [TPS#14649] -JO 5.6.7 - 09/26/2019 ================== - Added IBM i service and custom sql config wizards on new installs -JO - Updated Nagios Core to version 4.4.5 for bug fixes -JO - Fixed objects/bpi REST API output to properly display status text when there is HTML in the text [TPS#14406] -JO - Fixed issue with SNMPv3 checks using Perl on Ubuntu 18 systems [TPS#14432] -JO - Fixed problem where you cannot import time periods where timeperiod_name contains space [TPS#14440] -SW - Fixed logrotate configuration to set the user/group for xidebug.log and fix for snmptt log rotation -SW - Fixed issue with & used in BPI group name and when running plugin against that group [TPS#14464] -JO - Fixed issue where clearing and empty unconfigured objects list when there was no objects file would cause permissions issues on the file [TPS#14469] -JO - Fixed scheduled reporting for latest NagVis component so that scheduled pages can be sent as PDFs [TPS#14428] -JO - Fixed auth token and insecure auth token sessions to properly load user meta session data directly after login -JO - Fixed issue on EL7 systems where some output displayed by systemctl status during sysstat checks caused PHP XML parse warnings [TPS#14498] -JO 5.6.6 - 08/20/2019 ================== - Fixed issue where re-configuring objects page would not allow switching them back to notify immediately [TPS#14340] -JO - Fixed issue where Graph Explorer exporting would be broken after upgrades [TPS#14372] -SAW - Fixed BPI api_tool.php NDO wait timeout to allow for longer NDO startup times [TPS#14398] -JO - Fixed issue with dashlets that have been uploaded unable to be downloaded due to file permissions in tmp directory [TPS#14363] -JO - Fixed CCM form validation to allow backslashes in object names/service descriptions -SAW - Fixed MIB uploading/processing on Postgres-based systems [TPS#14365] -SAW - Fixed XSS and privilege escalation security vulnerability in Profile component and getprofile.sh script (CVE-2019-15949) (Thanks Jak Gibb) [TPS#14364] -JO - Fixed API DELETE methods not allowing URL path to be used like in the help section [TPS#14370] -JO - Fixed Bulk Modifications Tool find relationship listings to be sorted alphabetically [TPS#12156] -JO - Fixed logrotate configuration to set the user/group on systems except el6 which doesn't require it -JO - Fixed issue with Recurring Scheduled Downtime not showing when services is set to only the * wildcard [TPS#14388] -JO - Fixed Nagios XI Bug Report: Config Wizard Template Notification Interval could not be set to 0 [TPS#14391] -SW - Fixed problem with reading multiple line hashes sent when an inbound email response is wrapped [TPS#14396] -JO - Fixed issue in Schedule Downtime page when deleting host/service group from list and it saying none are selected [TPS#14402] -JO 5.6.5 - 07/18/2019 ================== - Updated NRDP to version 2.0.2 to fix XML parsing causing passive check failures and no last check time -JO - Fixed nagiosxi-deps to properly upgrade even if the install is from a version prior to XI 5 -SW - Fixed SLA dashlet not updating once sent to dashboard [TPS#14349] -SAW 5.6.4 - 07/09/2019 ================== - Updated NRDP to version 2.0.0 -JO - Fixed issue with Bulk Modifications Tool where host/service templates would output SQL error when logging to audit log -JO - Fixed issue with Manage MIBs where duplicate MIBs would cause SQL error [TPS#14312] -SAW - Fixed Misc info section in services not populating hostname and service description macros properly [TPS#14296] -JO - Fixed Metrics component NCPA checks state status in the Summary and Gauge tabs [TPS#14293] -JO - Fixed BPI sync issue when hostgroup and servicegroup have the same name [TPS#14291] -JO - Fixed API edit contact command not updating and not running the proper update function [TPS#14304] -JO - Fixed issue in API where editing services using PUT commands with / in their description doesn't work [TPS#14311] -JO - Fixed issue with multiple commands in inbound email responses not scheduling downtime properly [TPS#14313] -JO - Fixed ramdisk issue with CentOS 6 installs and npcd not starting on restart [TPS#14318] -JO - Fixed restart_nagios_with_export.sh script lock file location to be the var directory instead of scripts -JO - Fixed issue with HTML in comments when sending HTML emails into the inbound email response system -JO - Fixed older postgres systems upgrading to newer versions having problems setting permissions on upgrade -SAW Core Config Manager (CCM) - 3.0.3 --------------------------------- - Fixed CCM database error when writing configs when a hostgroup of * for a service is selected [TPS#14334] -JO 5.6.3 - 06/11/2019 ================== - Updated PHPMailer to version 5.2.27 for security fixes -JO - Fixed sumoselect dropdowns to allow larger names in the selection boxes [TPS#14232] -JO - Fixed reset_config_perms.sh setting permissions for components folder in scripts directory -JO - Fixed Schedule Downtime services page not showing services when a user has a host and some unrelated services assigned [TPS#14253] -JO - Fixed upgrade error in ndoutils upgrade on old systems with non-standard MySQL port specified in config.inc.php -JO - Fixed an issue where imported SNMP Traps would not be associated with their parent MIB [TPS#14260] -SAW - Fixed issue with php upgrades on certain rhel systems not finding the proper php package name [TPS#14259] -JO - Fixed Custom Includes component folder permissions on upgrade [TPS#14266] -JO - Fixed issue with autotls being turned on by default in PHPMailer [TPS#14270] -JO - Fixed Graph Explorer icon permissions for hosts when a user does not have access to the host -JO - Fixed issue with Inbound Email Settings where selecting POP3 would not change the connection type -JO - Fixed usernames not syncing properly with the cgi.cfg and htpasswd.users files with uppercase characters [TPS#14273] -JO - Fixed scheduleddowntime API endpoint to accept passing multiple services with services[][] -JO - Fixed permissions on autodiscovery job folder from permissions changes to main autodiscovery script -JO - Fixed wording for STARTTLS encryption in LDAP/AD Integration component -JO - Fixed issue where session was not recorded in the database but wouldn't be added until re-login -JO Core Config Manager (CCM) - 3.0.2 --------------------------------- - Fixed CCM database error when specifying database port number in the config.inc.php for nagiosql [TPS#14263] -JO - Fixed limited CCM users permissions not properly applying until after a new cached permissions call is made [TPS#14276] -JO 5.6.2 - 05/15/2019 ================== - Fixed an issue where HTML e-mails were not handled correctly by the Inbound E-mail Processor [TPS#14205] -SAW - Fixed an issue where the Manage MIBs page would fail to load on Debian/Ubuntu -SAW - Fixed authenticator error message in cleaner.log when using Inbound E-mail Processor -TG,JO - Fixed alert screen checkbox in User Account Settings not set to checked by default -JO - Fixed issue with logrotate error from root:nagios var directory ownership -JO - Fixed enterprise features trial buttons on SLA and Capacity Planning report pages -JO - Fixed nxti.php script issues with SNMP Trap Interface on Debian systems -SAW - Fixed Scheduled Backups FTP backup limit deletion issue with PHP versions less than 5.6 -SS Core Config Manager (CCM) - 3.0.1 --------------------------------- - Fixed issue with default page limits and session page limits being set [TPS#14215] -JO - Fixed demo mode message and static directory location in Static Config Editor -JO - Fixed user language and translations not being applied for some variations of CCM user access types -JO - Fixed issue with Manage Users no result message and not allowing pagination or limiting -JO - Fixed config output of semicolon in check_command for config files to be escaped instead of url encoded [TPS#14225] -JO 5.6.1 - 04/30/2019 ================== - Fixed style issue in Modern Dark theme re-configure notifications tab select boxes [TPS#14156] -JO - Fixed ownership permissions on folders and scripts and locations of sudo related scripts -JO - Fixed issue where newer NCPA versions checks were not showing up in metrics component [TPS#14032] -CN - Fixed issue where Validate SSL certificate checkbox in Inbound Email Settings would not allow being saved as unchecked -JO - Fixed FTP backup connection not using rawurlencode() for passwords causing connection problems -SS - Fixed error emails for inbound check commands to send out an error email when an email with no valid command is parsed -JO - Fixed upgrade issue where deps package would stop upgrade on systems without it [TPS#14184] -JO - Fixed issue with event_handler.php where the lock file would not be overwritten and stopped notifications being sent [TPS#14180] -JO 5.6.0 - 04/18/2019 ================== - Added ability to acknowledge problems via email response [TPS#885] -JO - Added the config option in system settings > security to set the rapid response URL -JO - Added proper display name and alias resolution on host and service status and status detail pages -JO - Added Scheduling Queue page in Monitoring Process section [TPS#9566] -JO - Added a new Modern Dark theme which is the same as the current Modern theme but dark -JO - Added User Sessions page to show who is logged in, where they are, and IP address of logged in user [TPS#8732] -JO - Added higher page limits for Scheduled Downtime page and other pages including no limit [TPS#13530] -JO - Added ability to set host/services to inactive instead of deleting them with the Deadpool reaper [TPS#11390] -JO - Added more default checks on initial install [TPS#11013] -JO - Added Unconfigured Objects API endpoint (objects/unconfigured) [TPS#12181] -JO - Added scheduled downtime for child hosts as option for hosts in recurring downtime [TPS#13598] -JF,JO - Added configurable sql limit for the event_handler cron job -BH - Added ability for recurring scheduled downtime to update with host/service and hostgroup/servicegroup name changes [TPS#8060] -JO - Added callbacks: NOTIFICATION_EMAIL_SENT and NOTIFICATION_SMS_SENT and updated existing NOTIFICATION callback arguments -BH - Added performance data graphs to notification emails [TPS#12650] -BH - Added the ability to add/remove free variables in Bulk Modifications Tool [TPS#11775] -SAW - Added a configuration wizard and plugin for capacity planning [TPS#2173] - SAW - Added ability to show customvars in objects/host, objects/service, and objects/contact by sending customvars=1 in API request [TPS#12420] -JO - Added ability to schedule all hosts and/or services for hostgroups and servicegroups in Schedule Downtime page [TPS#10043] -JO - Added focus the first field of every page in the config wizards [TPS#11259] -SW - Added saving tactical overview configuration settings as a per-user setting. [TPS#6923] -SW - Added [datetime] macro to scheduled reports [TPS#9635] -SW - Added confirmation dialog when clicking the X on dashlets to confirm you want to delete the dashlet [TPS#7377] -SW - Added ability to edit alias and display_name on reconfigure host page and display_name on reconfigure service page [TPS#8724] -SW - Added better searching from host/service detail page to filter the displayed results instead of taking you back to the top level [TPS#13810] -SW - Added timestamp to filenames of downloaded and emailed PDFs, CSVs and JPGs [TPS#10680] -SW - Added ability to specify custom ports to scan in auto discovery [TPS#12383] -SW - Added downtime icons to Hostgroup Overview, Hostgroup Grid, Servicegroup Overview, Servicegroup Grid [TPS#10200] -SW - Added setting for trimming of Max Comment Age in Admin -> Performance Settings -> Databases [TPS#12313] -SW - Added /usr/share/snmp/ & /etc/snmp/ & /home/nagios to backup and restore scripts [TPS#10202] -SW - Added more time period options to Graph Explorer time period dropdown [TPS#13378] -JO - Added the ability to enable/disable the web GUI terminal [TPS#13690] -CN - Added notes, notes url, actions url in a Misc section on Host and Service details pages [TPS#13997] -JO - Added object type and states to Top Alert Producers as filter dropdowns like other reports -SS - Added ability to use config_name in api/config/services to update services with multiple hosts or hostgroups [TPS#13605] -JO - Added copying of all template and information linked to services when using Add Service in Bulk Modification Tool [TPS#13585] -JO - Added objects/timeperiod to the Objects API to show what time periods are available [TPS#13425] -JO - Added ability to set new user account information email text and subject in System Settings > User Accounts [TPS#11830] -JO - Added user's API key allowing auth to Nagios Core JSON API endpoints via components/nagioscore/ui/(objectjson.php,statusjson.php,archivejson.php) [TPS#12717] -JO - Added "Create as Monitoring Contact" checkbox in Users edit page when applicable [TPS#14046] -SAW - Added new features to the Manage MIBs page [TPS#13946, TPS#4810] -SAW - Added ability for deleting multiple objects via the config API commands [TSP#10435] -JO - Added is_volatile to the list of single config options that can be changed in the Bulk Modifications Tool [TPS#14105] -JO - Added api/config options such as the PUT edit endpoints and added hostgroups and servicegroups [TPS#13425] -JO - Added right-hand alignment on system statistic dashlets (thanks Steve B) -JO - Added ability to select the default system theme on install -JO - Moved Legacy Network Status Map link into Legacy Reports section in the Reports tab -JO - Fixed auto discovery status to no longer show throbber if it is waiting for it's first scheduled run [TPS#7097] -SW - Fixed wording in deadpool emails to no longer say deleted if objects are to be deactivated -JO - Fixed large systems with lots of limited users receiving duplicate key SQL error text in UI after apply config -JO - Fixed issue in Custom URL dashlet where it would not properly load certain pages when dashboard is exported as PDF -JO - Fixed re-configure "Edit in CCM" button when two services with the same name but have a different case -JO - Fixed Restart Nagios Core button in User Macros component not working properly -JO - Fixed Object Does Not Exist message on large systems when ndoutils database is loading with new adjustable performance setting [TPS#14108] -JO - Fixed scheduledowntime API endpoint not allowing author paramter to be set [TPS#14141] -SW,JO - Fixed issue in basic auth where username/user id would not be populated correctly (Thanks Mickey) -SAW Core Config Manager (CCM) - 3.0.0 --------------------------------- - Added deletion of services with host if services do not have hostgroups or other hosts attached [TPS#13537] -JO - Added proper audit logging to all the sections/actions that are performed [TPS#13495] -JO - Added ability to edit free variables instead of having to remove and re-add them [TPS#12054] -JO - Added Manage Service Groups and Manage Dependent Service Groups buttons to service dependency objects [TPS#9066] -JO - Added ability to import excluded hosts/hostgroups [TPS#14113] -JO - Added checkboxes for Host Groups and Service Groups in the CCM limited access permissions panel in user edit -JO - Added Service Groups to Service Escalation Objects [TPS#14136] -SAW - Added renaming of perfdata when a service or host is renamed [TPS#14143] -JO - Fixed issue where host/services applied to service groups would not show as Unknown for limited CCM users -JO 5.5.11 - 02/28/2019 =================== - Fixed command injection security vulnerability in Autodiscovery script (CVE-2019-9164) (thanks Paolo Giai of Shielder) -JO - Fixed issue with permissions on config.inc.php and import_xiconfig.php allowing users to write to files (CVE-2019-9166) (thanks Paolo Giai of Shielder) -JO - Fixed an XSS vulnerability that can be passed in using the xiwindow parameter (CVE-2019-9167) (thanks Paolo Giai of Shielder) -JO - Fixed SQL injection when using Fuse Key and certain parameters (CVE-2019-9165) (thanks Paolo Giai of Shielder) -JO 5.5.10 - 02/12/2019 =================== - Updated Host and Service Status pages to hide dashlets by passing hidedashlets=1 in the URL -JO - Updated ADODB library to version 5.20.14 to fix bugs and XSS security vulnerability -JO - Updated Japanese translation files -JO - Updated Graph Explorer fields to be searchable like other selectable dropdowns [TPS#13975] -SW,JO - Removed technicians' diagnostic tool from SNMP Trap Interface -SAW - Fixed CCM "Changes detected!" message now checks against each section, instead of specific config files [TPS#13970] -SAW - Fixed issues with Capacity Planning backend in preparation for configuration wizard and plugin [TPS#13817] -SAW - Fixed issue where parts of the SNMP Trap Interface would fail when using the XI 2014 theme [TPS#14024] -SAW - Fixed Object Does Not Exist error on Service Details page when using + in the service description [TPS#14003] -JO - Fixed services in Service Group which have the same beginning of a name on the same host not showing in config [TPS#14007] -JO - Fixed Unconfigured Objects not properly parsing host status check results [TPS#14009] -JO - Fixed Unconfigured Objects auto import host/service template selections not saving -SS - Fixed issue where the flash message bar would be underneath the help icon when help system is enabled -JO - Fixed URL links in PDF generated reports to properly use the external/internal URLs for links [TPS#14026] -JO - Fixed issue where enterprise restrictions weren't activated properly in the SNMP Trap Interface [TPS#14025] -SAW - Fixed initial file permissions for auditlog.log when it is initially generated [TPS#14038] -JO - Fixed MySQL nagiosql errors in cmdsubsys.log for regular users with limited CCM access [TPS#14045] -JO 5.5.9 - 01/17/2019 ================== - Updated Nagios Core to version 4.4.3 to fix various bugs and security issues -JO - Fixed issue with Event Log decoding HTML elements improperly -JO - Fixed CCM imported service templates defaulting 0 for max_check_attempts, check_interval, retry_interval [TPS#13954] -JO - Fixed descriptions and raw data can be removed when editing a trap definition in SNMP Trap Interface [TPS#13971] -SAW - Fixed windows DOS line endings from user-inputted raw data in SNMP Trap Interface [TPS#13989] -SAW - Fixed an issue where table records would not load correctly in the SNMP Trap Interface using PostgreSQL -SAW - Fixed an issue in the SNMP Trap Interface where Trap Definitions could not be edited on systems using PostgreSQL [TPS#13968] -SAW - Fixed exporting perfdata when in two-column mode only rendering half of the graph [TPS#13979] -JO 5.5.8 - 12/11/2018 ================== - Fixed tmp directory for exporting RRD performance data -JO - Fixed UTF-8 characters in host/service names not allowing for external commands from the GUI to be processed [TPS#13833] -JO - Fixed upgrading Config Wizards due to wizards with the same directory name [TPS#13857] -JO - Fixed XSS security vulnerabilities in rss_dashlet -JO - Fixed an issue where importing configuration from files/REST API would sometimes cause duplicate service definitions [TPS#13871] -SAW,JO - Fixed Availability dashlet to work like a normal dashlet and lookback period is properly set based on the report it's created from [TPS#13841] -JO - Fixed issue with nmap multiple IP addresses causing problems running because of security fix -JO,SS - Fixed issue with specific configurations in ndoutils causing Core to crash by updating ndoutils to 2.1.3 -JO - Fixed lock file permissions for Core 4.2.4 (if users are using mod_gearman or had to downgrade to XI's old version of Core) -JO Core Config Manager (CCM) - 2.7.4 --------------------------------- - Added icon to relationship popup for host/services that are inactive [TPS#13852] -JO - Fixed missing hosts/service from relationships popup when applied to groups that are set as inactive [TPS#13852] -JO 5.5.7 - 11/13/2018 ================== - Fixed privilege escalation security vulnerability in MRTG graphing component by running as nagios user/group (thanks Daniel Sayk of Telekom Security) [TPS#13778] -JO - Fixed security vulnerability with API key regeneration function allowing non-admins to regenerate other user's API keys (thanks Chris Lyne of Tenable) [TPS#13780] -JO - Fixed security vulnerability in BPI's api_tool.php where the script could be accessed through the web server (thanks Chris Lyne of Tenable) [TPS#13780] -JO - Fixed security vulnerability in command subsystem with some commands not being escaped properly (thanks Chris Lyne of Tenable) [TPS#13780] -JO - Fixed security vulnerability in Auto Discovery component where some commands not being escaped properly (thanks Chris Lyne of Tenable) [TPS#13780] -JO - Fixed XSS security vulnerabilities in the interface (thanks Chris Lyne of Tenable) [TPS#13780] -JO - Fixed old lock file location in snapshots by restoring lock file setting on snapshot restore [TPS#13795] -JO - Fixed Notes and Actions URL button links URL encoding in Host/Service Status pages [TPS#13802] -JO - Fixed Core issue (#572) causing service recovery emails to be sent when a initial notification wasn't sent. [TPS#13805] -SW - Fixed Core issue (#575) where soft recovery states did not apply for services -JO - Fixed issue in API where hostgroup/servicegroup scheduled downtime would not schedule service downtimes [TPS#13818] -JO - Fixed BPI service group sync to not add empty service groups that cause an error on the screen [TPS#13777] -JO - Fixed BPI issue with the processing of subgroups applied to multiple groups failing to set proper status [TPS#13816] -JO Core Config Manager (CCM) - 2.7.3 --------------------------------- - Fixed issue with free variable escaping on CCM importing configuration files [TPS#13794] -JO 5.5.6 - 10/30/2018 ================== - Updated PHPMailer to version 5.2.26 for security/bug fixes -JO - Added documentation link to Deadpool Settings [TPS#11295] -SW - Fixed Capacity Planning report issues with UTF-8 characters in host/service names -JO - Fixed auth/session checks in Capacity Planning API calls -JO - Fixed inconsistency with Hostgroup/Servicegroup members being pulled from the API causing dashlet issues in Fusion [TPS#13650] -SW - Fixed creating performance graph dashlet on host/service status pages causing page to scroll to top [TPS#13671] -JO - Fixed service config for ndoutils causing issues sometimes with starting when lock/sock exist -JO,BO - Fixed sorting of MIBS to be case in-sensitive [TPS#10281] -SW - Fixed default NRDP token to be set in config file on first visit to Admin -> Inbound Transfers [TPS#12198] -SW - Fixed Gauge Bug where gauge would not display of the value was just 0 [TPS#13757] -SW - Fixed Capacity Planning PDFs to have warning/critical lines when set to display automatically [TPS#13772] -JO Core Config Manager (CCM) - 2.7.2 --------------------------------- - Fixed not saving * selection for hostgroups and saving of negated hosts/hostgroups on services [TPS#13664] -JO - Fixed slow loading of objects (hosts/services/etc) on large systems due to no limits on main SQL query [TPS#13692] -JO - Fixed hosts and services menus go to the first page after a config is deleted or cloned [TPS#13766] -SW 5.5.5 - 10/11/2018 ================== - Fixed adding new user creating a message that says current user should update their API key if they haven't yet -JO - Fixed login link on rapid response URL when a ticket does not exist or has expired -JO - Fixed status check for NDO in BPI component API tool so that it properly sleeps after each call -JO - Fixed audit log max age value undefined default to 180 instead of 30 and added to performance settings -JO - Fixed an issue where notification settings would sometimes display incorrectly [TPS#13613] -SAW - Fixed an issue where hosts/services with forward-slashes ("/") in their names would not reconfigure correctly [TPS#13607] -SAW - Fixed various PHP notices in error log -JO - Fixed issue with SLA report links not going to external (or program url if external is empty) when PDF is generated [TPS#13619] -JO - Fixed logging scheduled reporting pdf generation to wkhtmltox.log -JO - Fixed issue with reports/pages missing data in PDFs [TPS#13628] -JO - Fixed user permissions on non-active objects causing large/slow SQL queries on some systems -JO 5.5.4 - 09/20/2018 ================== - Updated jQuery library to 3.3.1 due to security vulnerabilities with older jQuery versions [TPS#13541] -JO - Updated config.inc.php config value (set $cfg['old_browser_compat'] = 1;) to set jQuery to older version for IE 8 -JO - Fixed cron for deadpool using old script that was not available on new installs -SW - Fixed misspelling in NXTI component when editing a defined trap [TPS#13558] -JO - Fixed issue with Recurring Downtime wildcards not working [TPS#13562] -JO - Fixed BPI output displayed when in problem state to not have HTML because output is too long [TPS#13552] -JO - Fixed malformed combined availability reports [TPS#13573] -CN - Fixed issue with configuraiton snapshot page permissions (Thanks Nathan Jones) -JO - Fixed XSS in auto login admin management page (Thanks Nathan Jones) -JO - Fixed issue with Nagios Core notifications during downtime -SW 5.5.3 - 08/28/2018 ================== - Updated Nagios Core to version 4.4.2 to fix some issues that weren't patched in XI's Core version -JO - Fixed nom script that runs automated config backups to use full nagios config check instead of nagios init script -JO - Fixed local backups not getting pruned [TPS#13474] -SW - Fixed issue with deadpool cron job not being able to delete host/services due to script changes -JO - Fixed SNMP Trap Interface issue with deleting defined traps on Postgres upgraded systems [TPS#13480] -JO - Fixed SLA report to have show/hide details links in hostgroup/servicegroup SLA reports [TPS#13479] -JO - Fixed SNMP Trap Interface issue where timestamps would sometimes show all zeroes [TPS#13508] - SAW - Fixed Manage MIBs "Process All Traps" button to use the same MIB conversion rules as the "Add to SNMPTT" option - SAW - Fixed SNMP Trap Interface issue where Show Test File Contents/Show Unknown Trap Log could freeze the browser - SAW 5.5.2 - 07/26/2018 ================== - Fixed missing comments on hover for host/services on service detail page [TPS#13423] -JO - Fixed Scheduled Downtime page scheduling using full name not username like other places in GUI [TPS#13426] -JO - Fixed issue where scheduling some pages would cause PDF to have session timeout error [TPS#13427] -JO - Fixed dashboard background not working and background color selector in some browsers not showing shading [TPS#13432] -JO - Fixed performance graph title url link not working properly if service has url encoded name [TPS#13431] -JO - Fixed recurring downtime not able to read the recurring downtime configuration from older systems [TPS#13440] -JO - Fixed recurring downtime not properly scheduling services if host had any related downtimes [TPS#13441] -JO - Fixed issue where Nagios Core would have two running processes after upgrade from < 5.5 on EL6 -JO - Fixed issue in Nagios Core where scheduled flexible downtimes would not trigger downtime start -JO - Fixed bulk modifications tool to only shop the inheritance options when the configuration type allows them [TPS#13455] -JO 5.5.1 - 07/12/2018 ================== - Updated host and service details pages to show notes_url and actions_url links -JO - Updated notes_url and actions_url in host and service status/details pages to support some basic macro expansion [TPS#13387] -JO - Updated options in the BPI config settings to turn off automatic sync and object removal -JO - Fixed issue in Schedule Downtime page where services won't show if user is not a contact on the host [TPS#13374] -JO - Fixed missing fields in Audit Log for certain commands in cmdsubsys [TPS#13382] -JO - Fixed issue with Trial Extensions not applying if they weren't a certain length [TPS#13379] -JO - Fixed auth token generation and login issue on upgraded PostgresQL systems -JO - Fixed SSL errors causing broken PDF reports on some systems configured for SSL -JO - Fixed issue where Nagios Core UI proxy would ask for authentication [TPS#13395] -JO - Fixed fix check_interval and retry_interval bug in Core 4.4.1 (Core Patch) -SW,JO - Fixed passive checks sending recovery email when host was previously UP (Core Patch) -SW - Fixed check_http causing certificate checks to fail if location was forbidden or had an error after check (Plugin Patch) -SW - Fixed metrics component to work with new NCPA wizard command names [TPS#13409] -JO - Fixed scheduled backups so that the proper amount of backups are retained in FTP/SSH backups -JO - Fixed tables for SNMP Trap Interface for upgraded systems -JO - Fixed sync and auto removing to run in BPI to their own cmdsubsys command that also checks if NDO is loaded [TPS#13407] -JO - Fixed display names on host and service status pages [TPS#13415] -SW,JO Core Config Manager (CCM) - 2.7.1 --------------------------------- - Fixed permissions not updating properly when a non-admin user creates a host/service object [TPS#13397] -JO 5.5.0 - 06/28/2018 ================== - Added mobile phone verification to be able to receive text message notifications (on upgrade, already entered numbers will be set to verified) [TPS#12042] -JO - Added the host and service notes_url and action_url icons/links to the host/service status pages in XI [TPS#7893] -JO - Added versions for Nagios Core, Nagios-Plugins, SSH Terminal, NRPE, NSCA, PNP, etc in profile [TPS#1456] -JO - Added installed components, wizards, and dashlets version numbers in profile [TPS#1456] -JO - Added ipcs command to profile [TPS#9108] -BH - Added audit logging for CCM -> Write Config Files [TPS#7954] -BH - Added ability to click username to edit user in Manage Users admin page [TPS#6186] -JO - Added state filtering into state history report [TPS#5970] -JO - Added removal of user's scheduled reports from the apache cron tab when deleting a user [TPS#8239] -JO - Added SSH key authentication as a scheduled backup SSH authentication method [TPS#4689] -JO - Added encryption to the passwords that are stored from scheduled backups FTP and SSH auths [TPS#4689] -JO - Added number of checkpoints held as an option in performance settings under "Snapshots" [TPS#8345] -JO - Added new Manage Reports page to the Reports tab for admins to manage users scheduled reports [TPS#11609] -JO - Added checkbox in user's Account settings section under Notification Methods to have emails send as plain text only [TPS#10895] -JO - Added two factor authentication for users by verifying the user received an email token [TPS#12189] -JO - Added setting for two factor authentication to remember a user and browser to skip two factor auth [TPS#12189] -JO - Added shellinabox as a replacement for Ajaxterm which has been removed for SSH Terminal enterprise feature [TPS#12202] -JO - Added setting in system settings > password & accounts to not allow old passwords to be used again when changing passwords [TPS#12132] -JO - Added allow SSL/HTTPS-only option on install [TPS#12073] -JO - Added table sorting to the downtime scheduling page [TPS#9194] -JO - Added auto configuration/import of unknown incoming passive checks if enabled in unconfigured objects page [TPS#2231] -JO - Added session timeout and keepalive settings to security tab in Admin > System Settings section [TPS#9938] -JO - Added ability to select week format (week starts on Sunday or Monday) [TPS#8082] -JO - Added new datetimepicker to reports to easily be able to select times including hours, mins, and seconds [TPS#12048] -JO - Added commands (core), scheduleddowntime, auth servers into system API backend -JO - Added raw import, commands, into config API backend -JO - Added auth tokens for single-use login and ability to authenticate to an API endpoint -JO - Added insecure login security setting to allow old backend ticket-based auth on per-user basis -JO - Added automatic BPI sync (and remove missing hosts/service) on Apply Configuration in the CCM [TPS#6127] -JO - Added ability to activate product from inside the GUI without having to manually get activation code -JO - Added setting in system settings to disable renewal reminders for non-admin users -JO - Added a help document with instructions for updating and creating translations [TPS#12830] -JO - Added links to the host/service details pages for hostgroups and servicegroups [TPS#12055] -JO - Updated backend for re-configure and apply configuration (reconfigure_nagios.sh) to no longer use wget [TPS#9908] -JO - Updated backend helper and deletion scripts (ccm_delete_objects.php) to no longer use wget [TPS#9908] -JO - Updated layout of profile.zip file and added timestamp to profile folder -JO - Updated Nagios Plugins to version 2.2.1 [TPS#11685] -JO - Updated NRPE to version 3.2.1 [TPS#11687] -JO - Updated Nagios Core to version 4.4.1 [TPS#12028] -JO - Updated NRDP to version 1.5.2 -JO - Updated NagVis version to 1.9.8 with auto-login Nagios modules -JO - Updated host and service detail menu links to say status instead, in line with the actual page titles [TPS#12059] -JO - Updated host and service SMS (text) message subject fields to be able to be blank [TPS#7099] -JO - Updated nagiosxi database username field to allow for 255 character long usernames [TPS#11608] -JO - Updated user passwords to a more secure algorithm/process [TPS#12158] -JO - Updated wording for display host/service aliases (to accurately reflect that they display the display name) [TPS#7112] -BH - Updated PDF and JPG report exports to use localhost/local url instead of internal url -JO - Updated permissions for sudo-ran scripts in fullinstall and reset_config_perms.sh [TPS#12730] -JO - Updated layout for Capacity Planning report to utilize the full screen size -JO - Updated API objects backend to use json_encode() instead of xml2json for PHP version consistency which also removed "list" from API output -JO - Fixed issue with host and service template filter search box in bulk modification tool [TPS#13163] -JO - Fixed minor XSS vulnerabilities [TPS#13211,13213] -JO - Fixed links in notification report when host or service has an alias defined [TPS#13251] -JO Core Config Manager (CCM) - 2.7.0 --------------------------------- - Added CCM limited and full access via session for regular users (CCM 'Power User') [TPS#13227] -JO - Added contact alias next to contact name in contact overlay when an alias exists [TPS#10049] -JO - Added services applied to hostgroups to the host services list on service groups [TPS#13158] -JO - Updated copying a service change the service name and not the config name [TPS#12270] -JO - Updated writing configs to no longer rely on pear library HTML_Template_IT [TPS#12386] -JO - Updated importing config search to be case-insensitive -JO - Fixed importing services with multiple objects finding the proper config name [TPS#13303] -JO 5.4.13 - 03/13/2018 =================== - Added notification alteration callbacks -JO - Added notification template callbacks, updated documentation -BH - Fixed NPCD not showing as running in systemctl on EL7 systems even though it is running [TPS#12924] -JO - Fixed command subsystem to only try to package and download components/dashlets/configwizards that exist -JO - Fixed XSS vulnerability in views page -JO - Fixed RCE vulnerability in component download page (Thanks Bjoern Brixner at Telekom Security) -TM - Fixed enterprise only banner for sending single report emails [TPS#13025] -JO - Fixed permalink URL generation to use the proper location when sending xiwindow url [TPS#13036] -JO - Fixed scheduled report subject field to not append generic text when subject is set [TPS#13062] -JO - Fixed deadpool not running properly on it's cron [TPS#13075] -SW - Fixed BPI calculation to use round() properly so groups > 1000 objects shows proper statuses [TPS#13078] -JO - Fixed dashboards disappearing with non-UTF8 names/titles (can use config.inc.php option $cfg['db_conn_utf8'] = 0; in some cases) [TPS#13051] -JO - Fixed vulnerability in NagiosQL (Thanks @iotennui, @BennyHusted, @0xC413 on twitter) [CVE-2018-8733,CVE-2018-8734,CVE-2018-8735,CVE-2018-8736] -JO,TM Core Config Manager (CCM) - 2.6.11 ---------------------------------- - Fixed u option in service dependencies for execution_failure_criteria & notification_failure_criteria to reak Unknown instead of Unreachable -SW - Fixed hostgroup excludes on service management page [TPS#12952] -JO - Fixed CCM importing config name value in service definitions -JO 5.4.12 - 01/16/2018 =================== - Fixed double percents (%%) in performance graph legends [TPS#12701] -JO - Fixed url encoding in outbound NRDP checks [TPS#12742] -SAW - Fixed MRTG cron job arguments for lock file for EL7 in rpms [TPS#12865] -JO - Fixed flexible downtime duration setting in scheduled downtime page [TPS#12890] -JO - Fixed downtime duration column to show proper duration for fixed and flexible in scheduled downtime page [TPS#12890] -JO - Fixed install script not recognizing IP address on ipv6-only machines [TPS#8588] - SAW - Fixed upgrade from GUI where upgrade textarea would stop updating even though upgrade finishes [TPS#12571] -JO - Fixed htmlentities in SLA report breaking UTF-8 characters [TPS#12905] -JO 5.4.11 - 10/31/2017 =================== - Fixed ampersand encoding in URLs on the views page [TPS#12526] -JO - Fixed perfdata graphs legend data units of measurement when first unit has none specified [TPS#12504] -JO - Fixed the acknowledgment/handled state icon in BPI -JO - Fixed issue where some groups would not get proper status checks (due to recursion) in BPI [TPS#12488] -JO - Fixed issue with utf8 character encoding with MySQL connections in Bulk Renaming Tool and elsewhere [TPS#12537] -JO - Fixed time stamp in eventqueue [TPS#12597] -SAW - Fixed issue with graph explorer dashify not checking NSP [TPS#12562] -SAW - Fixed Recurring Scheduled Downtime service descriptions with * in them not showing up in list [TPS#12616] -JO - Fixed alert histogram link in Nagios Core UI from host/service advanced section [TPS#12655] -JO - Fixed issue where XML for BPI was being read from cache only on API calls -JO,CN - Fixed issue where manually running a check command would display the value of potentially sensitive user macros [TPS#12673] -CN Core Config Manager (CCM) - 2.6.10 ---------------------------------- - Fixed flap detection options values not showing properly in the CCM as selected [TPS#12654] -JO 5.4.10 - 09/20/2017 =================== - Fixed recurring downtime services tab for users to correctly show downtimes they have created if they have service perms [TPS#12434] -JO - Fixed LDAP multiple naming contexts if context has no dc= in the name [TPS#12435] -JO - Fixed issue with IPv6 addresses not redirecting properly [TPS#12461] -JO Core Config Manager (CCM) - 2.6.9 --------------------------------- - Fixed new MySQLi database connection charset to be UTF8 [TPS#12441] -JO 5.4.9 - 09/07/2017 ================== - Updated Japanese language translations (thanks Suzuki) -JO - Fixed XSS security vulnerabilities (Thanks Björn Brixner at Telekom Security, Sobolev Eugene, itpsl.org, H_D, PenGenKiddy, and RO421) [TPS#12285,TPS#12374] -JO - Fixed language settings for user not showing up as translated -JO,SB - Fixed schedule downtime (and others) requirement check to trim data before doing field required checks [TPS#12303] -JO - Fixed some pages admin-only permissions -JO - Fixed AD/LDAP import when password complexity requirements are enabled [TPS#12334] -JO - Fixed unconfigured objects for host-only results [TPS#12361] -JO - Fixed installation on systems with non-standard CentOS/RHEL suoders file by trying to fix issues if possible [TPS#12380] -JO 5.4.8 - 08/02/2017 ================== - Fixed inconsistency with different object types in the API help examples for configs [TPS#12162] -JO - Fixed perfdata graph links for services with spaces in them [TPS#12170] -JO - Fixed host comment and acknowledgment icons not linking to the details page like the service ones [TPS#12184] -JO - Fixed some text inconsistencies in the bulk modifications tool [TPS#12172] -JO - Fixed auto-login button on main page not doing an auto login [TPS#12203] -JO - Fixed XSS security vulnerability (thanks Olvieira Lima) -JO - Fixed issue with SLA dashlet/report where certain custom time frames wouldn't show up properly [TSP#12248] -JO Core Config Manager (CCM) - 2.6.8 --------------------------------- - Fixed issue when cloning timeperiods that have a 'name' value set (templates) [TPS#12159] -JO - Fixed the free variable number to update after closing the free variable box [TPS#12176] -JO - Fixed issue with importing host and service names with + in them [TPS#12161] -JO 5.4.7 - 07/11/2017 ================== - Updated encrypted files to work with PHP 7.0.x and 7.1.x -JO,SW - Fixed issue with SLA report SLA Target value being set to an int [TPS#12079] -JO - Fixed issue in secured rapid response where URL was not passing proper parameters when users are redirected after login [TPS#12098] -JO - Fixed popup view of recent snapshots view action on the CCM splash page [TPS#12083] -JO - Fixed executive summary PDF and JPG download option not working [TPS#12105] -SS,JO - Fixed PDF generation missing some fonts on EL7 full installs [TPS#12104] -JO - Fixed get_xml_comments() in host and service ajax helpers to limit comment query down to only the objects that are visible [TPS#12064] -JO - Fixed various minor security issues [TPS#12112,12113,12117,12120] -JO 5.4.6 - 06/27/2017 ================== - Updated languages to include Bulgarian translations (Thanks Ludmil) -JO, LM - Fixed upgrade failing if no services or host config files existed in the main config directories [TPS#11921] -JO - Fixed issue on host/service status details pages where changing page limit from low to high showed no results found until refresh [TPS#11897] -JO - Fixed inactive contacts from being selectable on the contact list in bulk modifications tool [TPS#11950] -JO - Fixed link to CCM from "Re-configure" section in host/service details page to remove "Config Name" value when doing search [TPS#11700] -JO - Fixed dashlet refresh rates on object status pages to show up in "dashlet" tab in performance settings [TPS#11974] -JO - Fixed state history link in Top Alert Producers report page [TPS#12045] -JO 5.4.5 - 05/31/2017 ================== - Updated re-configure service message and link for advanced configurations [TPS#11700] -BH - Updated validation for URLs to use internal PHP validation on PHP 5.2+ [TPS#11689] -JO - Updated BPI host and service group sync to actually remove host and service groups from BPI that have been deleted or have no members [TPS#11743] -JO - Fixed issue with MySQL ports configured in-line inside config.inc.php [TPS#11688] -JO - Fixed Nagios BPI issue where adding new groups would cause spacing issues in the config [TPS#11721] -JO - Fixed issue with port for MySQL in automysqlbackup, repair, backup, and restore scripts [TPS#11754] -SS, JO - Fixed typos in API reference config object help section [TPS#11782] -JO - Fixed reset password sending username in GET parameters with password reset token [TPS#11793] - Fixed restore_xi.sh script to allow for overriding default password [TPS#9710] -BH - Fixed various minor security issues -JO Core Config Manager (CCM) - 2.6.7 --------------------------------- - Fixed result limit box in the CCM settings page to be a dropdown to match the CCM pages [TPS#11648] -JO 5.4.4 - 04/25/2017 ================== - Removed support for new installs and upgrades on CentOS/RHEL 5 due to end of life -JO - Changed cron job logs to append instead of truncate every time and updated logrotate to delete files. -BH - Moved SB_LOGLEVEL definition into constants php file so it can be set (defaults to ERROR) [TSP#11535] -JO - Fixed search fields on host/service details pages to keep search value in the search box [TPS#11376] -JO - Fixed long host/service names in availability report causing data to be hidden [TPS#11361] -JO - Fixed CSRF security vulnerabilities in scheduled reporting email template form [TPS#11400] -JO - Fixed writing configuration files to import (Config Wizards) not writing out % symbols in host object values [TPS#11465] -JO - Fixed issue in bulk modifications tool with adding host groups to hosts with existing hostgroup [TPS#11493] -JO - Fixed issue with Autodiscovery permissions on xml files [TPS#11521] -JO - Fixed BPI issue where replacing synced host/service grips would cause extra spaces after the first run [TPS#11501] -JO - Fixed initial install mib directory permissions [TPS#11526] -JO - Fixed ndoutils post install and upgrade scripts from updating kernel settings if they are already set higher [TPS#11143] -JO - Fixed display not able to scroll on smaller screens [TPS#11630] -JO 5.4.3 - 03/16/2017 ================== - Fixed Rapid Response not respecting acknowledgement defaults [TPS#11014] -BH - Fixed scheduled downtime where multiple hosts and "apply for all services" do not create host downtime and doubling services [TPS#11060] -JO - Fixed reset_defaults.sh to ask if user wants to reset before running [TPS#11065] -JO - Fixed gauge dashlet from not working on certain datastore names [TPS#10923] -JO,BH - Fixed extra memory usage that could hit php memory limit in graph explorer's fetch_rrd function -JO - Fixed additional hard-coded database name in SQL query [TPS#10936] -JO - Fixed Schedule Downtime using the browser's hostname instead of localhost for downtime query [TPS#11153] -BH - Fixed deadpool hostname escaping issue when running final stage deletion command -JO - Fixed deadpool cron run time from every 5 minutes to every minute [TPS#11230] -JO - Fixed sorting order in create and edit BPI group host/services member slection list [TPS#11204] -JO - Fixed permalink creation to create based on external url and urlencoded frame url [TPS#11198] -JO - Fixed command check test showing up as html entities in 
 tags [TPS#11244] -JO
- Fixed deadpool service filters regex match looking at hostname instead of servicename [TPS#11301] -JO

    Core Config Manager(CCM) - 2.6.6
    --------------------------------
    - Fixed default page limit to be set properly [TPS#11026|11028] -JO,BH
    - Updated CCM Table to accurately display 'Config Name' instead of 'Service Name' [TPS#11170] -BH

    Nagios Core
    -----------
    - Fixed issue with flexible downtime disabling notifications for host/services (4.2.4 patch) -JO,JF

5.4.2 - 02/07/2017
==================
- Fixed ndoutils segfault issue with patch for ndoutils 2.1.2 -JO, JF
- Fixed no output on repair_databases.sh script when locked -BH
- Fixed no newline occasionally on API Error [TPS#10883] -BH
- Fixed deadpool cron to use the default language set for the Nagios XI server in "User Defaults" [TPS#10764] -JO
- Fixed license key wording when switching from FREE to licensed to give better information [TPS#10858] -JO
- Fixed issue where the shown scheduled backup directory was set to /usr/local/nagiosxi in the interface [TPS#10868] -JO
- Fixed license page enterprise license key display message [TSP#10860] -JO
- Fixed issue with ndo2db upstart job conflicting with ndo2db init script [TPS#10882] -JO
- Fixed issue where nagios.log cannot be read by the nagios group causing legacy report failures [TPS#10891] -JO
- Fixed initial libexec plugin permissions on initial install [TPS#10900] -JO
- Fixed perfgraph page to show dropdown options as "Last x days" to accurately reflect the lookback period [TPS#10902] -JO
- Fixed issue with htmlentities on scheduled report message not displaying non-english characters correctly [TPS#10893] -JO
- Fixed gauge not showing for Root Partitions [TPS#10923] -BH
- Fixed issue with Bulk Mod Tool that used a hardcoded table name instead of one in config.inc.php [TPS#10936] -JO

5.4.1 - 01/26/2017
==================
- Fixed upgrade properly detecting mysql/mariadb [TPS#10603] -BH
- Fixed restore_defaults.sh inability to be ran outside of scripts/ dir [TPS#10605] -BH
- Fixed restore_defaults.sh to take offloaded db into consideration, and now uses proper credentials [TPS#10627] -BH
- Fixed issue in Safari that made scheduled downtime page not be able to select hosts/services [TPS#10617] -JO
- Fixed issue where some systems would show ndo2db as not running in the GUI even though the daemon is running [TPS#10636] -JO
- Fixed issue on AD/LDAP import page where errors were not displaying and server wasn't re-selected on form submit [TPS#10640] -JO
- Fixed PHPMailer security vulnerabilities by updating to 5.2.22 -JO
- Fixed issue with host/service detail table status page graphs exporting using Highcharts dropdown [TPS#10672] -JO
- Fixed issue with Help System not loading help videos in systems using HTTPS [TPS#10697] -JO
- Fixed issue with Help System where resizing the windows would empty the help popup -JO
- Fixed empty or FREE license key giving invalid key message during trial time period on license page [TPS#10725] -JO
- Fixed deployed, synced dashboards to automatically be removed when the dashboard is deleted by the source dashboard [TPS#10720] -JO
- Fixed legacy network map from not changing map type when selecting type icons [TPS#10774] -JO
- Fixed status map issues with single hosts (Core 4.2.4 update) [TPS#10808] -JO
- Fixed profile component to have more logging lines and the more useful log files [TPS#10829] -JO

    Core Config Manager (CCM) - 2.6.5
    ---------------------------------
    - Fixed services and escalations showing 'unreachable' opposed to 'unknown' [TPS#10589|10533] -BH, JO
    - Fixed issue where test commands did not work on systems with a php version less than 5.3 [TPS#10633] -SW
    - Fixed dropdown items per page not working when selecting "None" [TPS#10632] -JO
    - Fixed issue with CCM import not accepting commas even though it splots on them [TPS#10736] -JO

5.4.0 - 12/28/2016
==================
- Upgraded Nagios Core to version 4.2.4 -JO
- Upgraded NDOUtils to version 2.1.2 -JO
- Upgraded NRDP to version 1.4.0 -JO
- Added combined CSV export option for availability report [TPS#9682] -LG
- Added support for offloaded databases in the repair_databases.sh script [TPS#6270] -BH
- Fixed email not being updated for XI Contact when XI User is updated [TPS#6291] -BH
- Fixed security type not being respected properly by LDAP/AD Integration component [TPS#8557] -BH
- Fixed issue where system status popup would show white text for non-admins who can view it [TPS#10055] -JO
- Fixed issue with French translations in LDAP/AD import/manage servers pages [TPS#10473] -JO
- Fixed various XSS vulnerabilities (BPI url, Scheduled Backups url) -JO
- Fixed issue spaces in mibs cause snmptt to fail (manage mibs page now replaces spaces with _ on upload) [TPS#10486] -JO
- Fixed text on views popups to not have unprocessed html output in them [TPS#10499] -JO
- Fixed issue with RRD exporting that would not work with : in the service description [TPS#10566] -SS, JO

    Core Config Manager (CCM) - 2.6.4
    ---------------------------------
    - Fixed issue with ID and page number not being an int -JO
    - Fixed various XSS vulnerabilities (search bar and others) -JO
    - Fixed issue with returnUrl set to non-CCM url -JO
    - Fixed issue with importing contacts/contact groups not importing all contact options [MT#800] -JO
    - Fixed exclamation points being unable to be used in command arguments in CCM [TPS#9741] -BH

5.3.4 - 12/14/2016
==================
- Fixed NTP on full install (was enabled but not started) -JO
- Fixed apache cron permissions for backup and restore scripts -JO
- Fixed sudo call for getprofile.sh call to use full path [TPS#10195] -JO
- Fixed use of * character in AD/LDAP directory/group names [TPS#10238] -JO
- Fixed cancel button on multiple pages still submitted form [TPS#10253] -SW
- Fixed shell scripts to use full path [TPS#10278] -BH
- Fixed alias being updated when 'Name' field changed on user update [TPS#10288] -BH
- Fixed missing delete button image on unconfigured objects page -JO
- Fixed perfdata graph sizing on availability report [TPS#10294] -JO
- Fixed system status layout on 2014 and classic themes [TPS#10308] -JO
- Fixed multiple styling issues with 2014 and classic themes -JO
- Fixed XML escaping to work properly on large values [TPS#10355] -JO, BH
- Fixed default last, avg, max values to be set for perfdata graphs [TPS#10359] -JO
- Fixed so shapes of highchart graph series data in tooltips will now match the legend in all template files [TPS#8017] -LG
- Fixed perfdata graph dashlets to resize to default values [TPS#10413] -JO
- Fixed non-standard ports for databases breaking upgrade [TPS#10440] -BH
    
    Core Config Manager (CCM) - 2.6.3
    ---------------------------------
    - Fixed issue where some objects (timeperiods, commands) could not view relationship info in popup [TPS#10117] -JO
    - Fixed issue where Cancel button would not return to the view list when editing from a relationship link [TPS#10224] -JO
    - Fixed session tracking adding sessions from localhost (when scripts are ran on the CCM) [TPS#10380] -JO

5.3.3 - 11/21/2016
==================
- Updated Japanese translations (thanks Sasaki) -JO
- Fixed logarithmic perfdata graphs when having negative values in Highcharts [TPS#9966] -LG
- Fixed postgres re-sequencing script in tools directory using the correct import_xiconfig script -JO
- Fixed Bulk Modifications tool "find relationships" button JS errors -JO
- Fixed legend in graphs not displaying properly when gray theme is used [TPS#10008] -BH
- Fixed import not creating duplicate services when multiple hostgroups defined [TPS#9708] -BH
- Fixed calendar not displaying properly occasionally in graph explorer [TPS#10098] -BH
- Fixed issue where DB connection fails while waiting for MySQL to actually start and shows repair DB messages -JO
- Fixed encoding issue on My Tools page [TPS#10161] -JO
- Fixed encoding issues for French language on a couple pages -JO

    Core Config Manager (CCM) - 2.6.2
    ---------------------------------
    - Fixed issue with service escalations page showing two * in selection box after saving the service escalation [TPS#10045] -JO
    - Fixed missing * option in host escalation hosts and host group options that are in service escalation [TPS#10046] -JO
    - Fixed not being able to delete objects from the XI GUI (Reconfigure Tab) [TPS#10078] -BH

5.3.2 - 11/01/2016
==================
- Fixed bug in usermacro component where screen size would position the clear filter button in the wrong place [TPS#9842] -LG
- Fixed translation issues on the mass acknowledgement "Check All Items" button after clicking [TPS#9838] -JO
- Fixed modal sizing issues in bulk modifications tool [TPS#9870] -JO
- Fixed translations in settings popout on the new status map [TPS#9847] -JO
- Fixed various XSS vulnerabilities -JO
- Fixed automatically setting secure cookie value with SSL enabled -JO
- Fixed jQuery migrate XSS vulnerabilities (updated to 1.4.1) -JO
- Fixed clean install adding the postgresql backup script even though postgres isn't installed [TPS#9878] -JO
- Fixed add to my reports functionality when reports are added from other sections in XI [TPS#9849] -JO
- Fixed login redirect url to validate redirection better -JO
- Fixed permalink to use a relative location instead of a full URL for xiwindow variable -JO
- Fixed nagiosql database name being set in sql schema for those who have a different db name [TPS#9910] -JO
- Fixed event_meta base64 encoding when storing event_meta in the database -JO, BH
- Fixed upgrade increase_open_file_limits.sh check on certain systems and stopped the script from exiting install -JO, BH
- Fixed mrtg lock directory used in cron job to take volatile tmpfs directories into consideration -BH, JO

    Core Config Manager (CCM) - 2.6.1
    ---------------------------------
    - Fixed issue with host/service escalations now showing set escalation options in the GUI [TPS#9873] -JO
    - Fixed CCM showing login screen when not logged into XI (must be logged into XI session to view CCM) (Thanks CK) -JO
    - Fixed swapped UP/UNREACHABLE on host escalations and OK/DOWN on service escalations pages [TPS#9916] -JO
    - Fixed issue with contact relationships popup not displaying the dependant icon for some objects -JO

5.3.1 - 10/19/2016
==================
- Fixed issue on clean XI install (or on upgrades if you upgrade component to 1.0.1) custom-includes component folder permissions [TPS#9705] -JO
- Fixed issue on scheduled downtime page in older browsers and IE [TPS#9748] -JO
- Fixed issue on scheduled downtime page that would allow user to submit endtime before starttime and auto update datetimepicker fields [TPS#9711] -LG
- Fixed issue causing session timeouts on CentOS/RHEL 5.x systems [TPS#9727] -JO
- Fixed issue where upgrade would stop if the open limits file (/etc/security/limits.conf) was not writeable -JO
- Fixed issue with new status map requiring Nagios Core login information to view the page -JO
- Fixed issue on scheduled downtime page where selecting via checkbox would not add the ID of the downtime to selected list -JO
- Fixed PHP notices from SSL version constants that do not exist in PHP < 5.5 -JO
- Fixed backup and restore scripts not keeping apache cron jobs (scheduled reporting / scheduled downtimes) [TPS#9774] -JO
- Fixed scheduled downtime page to correctly put scheduled and removed downtime in audit log [TPS#9779] -JO
- Fixed dashlet pin/unpin functionality on dashboards [TPS#9794] -JO
- Fixed view rotation continuing while on manage views page by pausing view rotation when clicking link to page [TPS#9757] -JO
- Fixed issue where title of perfdata graphs was showing up URL encoded -JO
- Fixed issue in graph explorer on timeline graphs in IE -JO
- Fixed bug in usermacro component causing detection to break when no system macros were selected -LG
- Fixed Japanese translation issues in certain sections -JO

5.3.0 - 10/03/2016
==================
- Updated cmdsubsys auditlog to show username in the log message -LG
- Updated scheduled downtime page to allow searching, filtering, and pagination -JO
- Updated adding multiple hosts/services through scheduled downtime pages -JO
- Updated performance graphs page to follow modern report/page format -JO
- Updated all Highcharts graphs with new styling -LG
- Updated API help section to explain how to filter object API calls -JO
- Updated perfdata page with report-style layout -JO
- Updated performance graphs popup layout on host/service status pages -JO
- Updated Global Event Handlers to use considerably less memory -BH
- Updated ADODB database library to version 5.19 -JO
- Updated Japanese translations (thanks Sasaki) -JO
- Added timepicker to some datepicker fields -JO
- Added use of currently selected time format in datetimepickers in Reports and other areas -JO
- Added export functionality to perfdata/timeline/stack graphs [TPS#2601] -BH
- Added objects/rrdexport to API [TPS#2601] -BH
- Added objects/cpexport to API (capacity planning data export) [TPS#8441] -JO
- Added API Key regeneration function to user pages [TPS#7200..7203|7135] -BH
- Added system/applyconfig to POST for API [TPS#7198] -BH
- Added Highcharts default display type [TPS#7617] -BH
- Added Callbacks for User Creation/Password Change/Deletion [TPS#7155] -BH
- Added callback help section documentaiton -BH
- Added names to list of system status icons in system status dropdown menu -JO
- Added option in config.inc.php to allow php to connect with persistent or normal connections -JO
- Added custom-includes component to include custom css, js, and images that won't get overwritten on upgrade -JO
- Added meaningful API messages -BH
- Added logging to the auditlog when submitting a core command through the coreuiproxy using constants-nagioscore.inc.php [TPS#8147] -LG
- Added the rest of the NSCA encryption methods to inbound/outbound transfer admin pages [TPS#8406] -JO
- Added ability to download Capacity Planning graphs as CSV file with timestamp,value fields [TPS#8441] -JO
- Added ability to disable/enable user accounts [TPS#6771] -BH
- Added navbar search to default to the appropriate page depending on which category you click on in suggest box [TPS#8332] -BH
- Added service search to navbar search box [TPS#8331] -BH
- Added advanced setting for Availability report labeled "Do not show service data" that will force it to only show host data [TPS#8382] -JO
- Added some basic default MySQL tuning options on fullinstall and an additional script for performing basic tune manually [TPS#8586] -BH
- Added get_xml_backend cache to Performance Settings [TPS#8584] -BH
- Added automatic increase of global and root user open file limits -BH
- Added ability to add free variables via API [TPS#8675] -SS,BH
- Added required current password field for non-admins to change passwords [TPS#8731] -BH
- Added output to repair database scripts to inform user if they succeeded or failed [TPS#8701] -TL,JO
- Added query documentation into API [TPS#8835] -JO
- Added capacity planning data to be exported via the API [TPS#8441] -JO
- Added ability to select multiple hosts/services to schedule downtime for on scheduled downtime page -JO
- Added ability to put all services for a host into schedule downtime at once -JO
- Added a new Core Component Usermacros for managing user and system macros in Nagios XI [TPS#9008] -LG
- Added translation of USER macros to all eligible wizard input fields [TPS#6739] -LG
- Added custom API endpoint functionality [TPS#8979] -BH
- Added ability to save tabs selected on scheduling page report [TPS#9050] -BH
- Added tab to system settings in admin section for password complexity, lockout, and max trials [TPS#8729..8730] -BH
- Added more verbose logging for PHPmailer which shows action, method and referer and will include successfully sent messages [TPS#9136] -LG
- Added snmptt restart to nagios init script [TPS#9234] -BH
- Added more user meta information for better security and auditing [TPS#9269] -JO
- Added improved clickjacking security -JO
- Added imporved warning/critical lines in Highcharts graphs which can be toggled on and off -LG
- Added rel="noreferrer" to target="_blank" hrefs -BH
- Added core detection for speeding up compilation during fullinstall/upgrade -BH
- Added default cURL SSL connection type to TLSv1.2 and added editing setting in System Settings page [TPS#9483] -JO
- Added clipboard.js and removed the old zclip jquery plugin which relied on ZeroClipboard -JO
- Added options in global settings to customize Highcharts Avg/Max/Last values (or disable them) [TPS#9611] -JO
- Added option in global settings to tell Highcharts graphs to ignore null values when calculating 'Avg' [TPS#9611] -JO
- Fixed non-admin users who had large quantity of services recieving SQL error [TPS#7820] -BH
- Fixed load_url function to send error messages to apache error_log instead of never giving an error message -JO
- Fixed recurring downtime to not accept invalid days of month [TPS#8487] -BH
- Fixed view start/stop reverting to English when different language is selected [TPS#7107] -BH
- Fixed reports not respecting show host/service alias options [TPS#6518] -BH
- Fixed buttons to show config changes and errors on Apply Configuration page merging together [TPS#6902] -JO
- Fixed check_mssql to use PDO opposed to deprecated MSSQL_* functions [TPS#8633] -BH
- Fixed nagiosxi DB engine type on newer versions of MySQL/MariaDB -BH
- Fixed admin user not being added to CGI config if configuration cannot be applied [TPS#8819] -BH
- Fixed searching for host in host status reverting to status detail [TPS#8867] -BH
- Fixed xiprepimport tool saving comments in filename [TPS#8865] -BH
- Fixed inability to delete deployed [screen] dashboards, and stopped them from being deployable [TPS#8862] -BH
- Fixed re-configure object (host/service) not respecting removing hostgroups/parent hosts/servicegroups [TPS#8931] -BH
- Fixed slow Host/Service Status Details page load for non-admin users [TPS#9024] -SS,BH
- Fixed newly scheduled pages sending corrupt .pdf files [TPS#8874] -JO
- Fixed API help section that showed the improper usage of deleting a user [TPS#8634] -LG
- Fixed SANS Internet Storm Center Top 10 Rising Ports dashlet to use new SANS backend [TSP#9044] -BH
- Fixed various minor security vulnerabilities (thanks John Page aka HYP3RLINX) -JO
- Fixed Multistacked Graph Numbers displaying more than 3 decimal points on hover [TPS#9169] -BH
- Fixed javascript searchable dropdown boxes to be easier to use and have proper styling -JO
- Fixed unconfigure objects remaining in list even after pressing delete [TPS#9215] -BH
- Fixed snmptt daemon restart on MIB upload on el7 systems [TPS#9237] -SS,JO
- Fixed scheduled downtime showing a maximum duration of 9hrs (only a display issue) -JO
- Fixed LDAP/AD component LDAP is_user to accept organizationalPerson and person [TPS#9272] -JO
- Fixed LDAP/AD component issue with popup not centering [TPS#9272] -JO
- Fixed invalid service configuration when using bulk host import to import a service with multiple hosts defined [TPS#9369] -BH
- Fixed 'this week' time period in reports showing the last 8 days if a report is ran on sunday [TPS#9357] -JO
- Fixed issue with the + symbol in hostnames not creating a proper URL to service details pages for services on that host [TPS#9443] -JO
- Fixed process_perfdata.pl setting counters for output with 'c' values making graphs show up as 0 [TPS#9479] -JO
- Fixed persistent comment/acknowledge checkbox on host/service details page [TPS#9488] -JO
- Fixed issue where LDAP would not close if start TLS failed [TPS#9498] -JO
- Fixed issue with perfdata that has a space in the value [TPS#9523] -SS,JO
- Fixed scheduled backups local backups page to be sorted by timestamp -JO

    Core Config Manager (CCM) - 2.6.0
    ---------------------------------
    - Added ability to set host/hostgroups as "exclude" for services, service templates, host groups, service escalations, and host escalations [TPS#3966] -JO
    - Added icons for tools, configuration, and other nav links -JO
    - Added escape key binding to close overlays [TPS#8911] -BH
    - Updated theme to match the rest of Nagios XI (Modern) -JO
    - Updated splash page to have more information about current configuration -JO
    - Updated 'Run Check Command' to evaluate user macros [TPS#8264] -BH
    - Updated 'Run Check Command' to use cmdsubsys and execute as nagios user [TPS#6578] -BH
    - Updated 'Run Check Command' User Interface to be more intuitive and friendly and use NSP [TPS#9185] -BH
    - Fixed de-activating a contact from the edit page not respecting dependency check [TPS#8777] -BH
    - Fixed services table loading nothing if you delete all of a configs service definitions when selecting a config name from dropdown -JO
    - Fixed CCM not respecting etc/nagios.cfg illegal_object_name_chars [TPS#8864] -BH
    - Fixed various minor security vulnerabilities (thanks John Page aka HYP3RLINX) -JO

5.2.9 - 06/14/2016
==================
- Updated scheduled downtime to use XML backend as opposed to coreuiproxy for better speed on larger systems [TPS#8591] -BH
- Fixed multiple security vulnerabilities -JO
- Fixed issue in config/service API section not using the check_command argument [TPS#8629] -JO
- Fixed notification preferences priority email checkbox to automatically set the email checkbox [TPS#8621] -JO
- Fixed AD/LDAP component looking for proper structure names - now lowercase versions will show up [TPS#8563] -JO
- Fixed AD/LDAP component root directory not showing user objects [TPS#8563] -JO
- Fixed some instances of MRTG not using correct version [TPS#8635] -BH
- Fixed windowssnmp plugins reverting on upgrade [TPS#8647] -BH
- Fixed issue in CCM config writing where # did not actually need to be converted since it isn't an in-line comment like ; -JO
- Fixed bug in recurringdowntime.pl regarding days of week [TPS#8773] -BH

5.2.8 - 05/24/2016
==================
- Fixed RHEL install issues [TPS#8215 && TPS#8214] -BH
- Fixed config/service API section from requiring check_command (can be inherited) [TPS#8222] -JO
- Fixed tools fullscreen button not working properly on iframes with domains that are not the same as the XI system -JO
- Fixed Components "Install Updates" button returning improper code [TPS#8271] -BH
- Fixed using ; and # in $ARGx$ values in the CCM [TPS#8292] -JO
- Fixed certain pages not redirecting to login is session was timed out -SW
- Fixed issue where non-admin users could not see all time periods for advanced settings in reports (but could in Core) [TPS#7974] -JO
- Fixed no SNMPv3 being used in Switch Wizard since v2.3.0 [TPS#8325] -BH
- Fixed usernames with spaces being unable to schedule downtime [TPS#8338] -SS,BH
- Fixed some perl plugins being affected by a version compare [TPS#8365] -BH
- Fixed multiple security vulnerabilities [TPS#8372] -BH
- Fixed dbmaint cron script not properly removing old events -BH
- Fixed apache mod_rewrite section breaking ssl.conf when not standard base apache default with no VirtualHost defined [TPS#8457] -BH,JO
- Fixed API not deleting some hosts correctly [TPS#8500] -BH
- Fixed password reset token to have sane timeout properties -BH

5.2.7 - 04/06/2016
==================
- Fixed performance graph issues -BH
- Fixed bug causing "change username" confirmation to display when adding a user -BH

5.2.6 - 04/04/2016
==================
- Fixed renewal reminder for greater than 3 year subscriptions -JO
- Fixed bug in Availability report when exporting that did not follow downtime advanced options [TPS#7811] -LG
- Fixed availability report showing wrong data when using different advanced options and exporting as a CSV [TPS#7894] -LG
- Fixed scheduled downtime not submitting for all services on Hostgroup Summary/Overview > Hostgroup commands page -JO
- Fixed blank error message in user edit page when trying to demote a user that can't be demoted [TPS#7840] -JO
- Fixed monitoring wizard bug when hiding notification delay, but not notification options [TPS#7825] -BH
- Fixed histogram report not aligning proper dates/days of week/days of month with data [TPS#7864] -BH
- Fixed multi-tenancy issue in Scheduled Downtime [TPS#7876] -BH
- Fixed Metrics components not accounting for specific metric types for Linux SNMP [TPS#7883] -BH
- Fixed fullscreen button causing weird display issues on host/service status pages [TPS#7947] -JO
- Fixed scheduled downtime incorrectly scheduling downtime if core date_format was changed from default [TPS#7977] -BH
- Fixed recurring downtime not properly adhering to days_of_week specified [TPS#7971] -BH
- Fixed incorrect permissions on CCM settings.php [TPS#7992] -BH
- Fixed internal server error in graphexplorer/ajax/datatypes -BH
- Fixed multiple security vulnerabilities -BH
- Fixed cancel button updating user preferences [TPS#8015] -BH
- Added CONFIGWIZARD_SKIP_OBJECTS_RECONFIGURE flag to allow configwizards ability to skip adding notification options, etc. [TPS#8026] -BH
- Fixed host alias not showing up properly in Service Status page [TPS#8030] -BH
- Fixed renaming a user that is defined as a contact causes snapshot to revert [TPS#8034] -BH
- Added current and max check attempt into utils-xmlstatus.php to verify soft/hard states from anywhere -LG

5.2.5 - 02/19/2016
================== 
- Fixed solution to downtime only working on PHP versions 5.3.x -JO

5.2.4 - 02/18/2016
================== 
- Fixed system API endpoint to allow POST requests for applyconfig and importconfig -JO
- Fixed restore_xi.sh script to use manage_services.sh instead of service -JO
- Fixed two+ line title dashlet buttons not being clickable [TPS#7247] -JO
- Fixed bug causing gethistoricalservicestatus backend cmd to not have a valid time -SW
- Fixed GUI based upgrade to use proxy configuration -SW
- Fixed SLA report PDF from duplicating table headers across multiple pages, overlaying other table items [TPS#7297] -SW
- Fixed issue in BPI component where ; was being used instead of :: for services [TPS#7367] -SS
- Fixed current outdated retention.dat not being added to backups causing program state to not be retained correctly [TPS#7416] -SW
- Fixed admin users able to have "Read-only user" permission -JO
- Fixed searching for hosts and services where object name contained : [TPS#7463] -SW
- Fixed restore_xi.sh to work for restoring oldersystem which use postgresql [TPS#7467] -SW
- Fixed bug where searching in  manage users to sometimes reverted to edit page of previous user [TPS#7471] -SW
- Fixed install on CentOS 7.2+ systems that do not come with firewalld pre-installed -JO
- Fixed Host Status Summary links not displaying correctly in dashlets [TPS#7616] -BH
- Fixed FreeIPA LDAP server working with user importing [TPS#7552] -SS
- Fixed Capacity Planning PDF report hanging system [TPS#7149] -BH
- Fixed Custom URL Dashlet ignoring width/height [TPS#7448] -BH
- Fixed Scheduled Downtime incorrectly picking some dates [TPS#7476] -BH
- Fixed Warning/Critical Display setting not working in Capacity Planning report [TPS#7514] -BH
- Fixed LDAP Import of UPPERCASE username causing report functionality to break [TPS#7555] -BH
- Fixed non-highcharts perfgraph dashlet links [TPS#7633] -BH
- Fixed security bug that would allow read access to system files -SW
- Fixed potential SQL injection in notification search -SW
- Fixed possible XSS in startdate and enddate fields in reports -SW
- Fixed XSS injection possibility in menu system -SW
- Fixed XSS injection possibility in my reports -SW
- Fixed scheduled report menu-item addition/removal [TPS#7679] -BH
- Fixed SLA report ignoring advanced options [TPS#7685] -BH
- Fixed bug in Availability report utilizing incorrect assumed service states for warning and unknown [TPS#7690] -LG
- Fixed bug in Scheduled Downtime where the chosen date format was not being respected [TPS#7692] -LG
- Fixed repair_databases.sh not checking for MySQL DB nagiosxi [TPS#7730] -BH
- Fixed Hard coded base_url's in scheduled reports allowing for different base_url's -SW
- Fixed Graph Explorer component's multistacked graph from sometimes overwriting a selected item when adding items to graph -SS

    Core Config Manager (CCM) - 2.5.3
    ---------------------------------
    - Fixed bug allowing filtering when adding host/service to contact notification commands [TPS#7207] -LG
    - Fixed bug where removing CCM users was not working properly [TPS#7540] -BH
    - Fixed import to properly check for duplicates [TPS#7551] -BH
    - Fixed Hard coded base_url -SW

5.2.3 - 12/07/2015
==================
- Fixed error being displayed when upgrading components/wizards from the UI when they were actually installed correctly -SW
- Fixed Perfdata not maintaining time period selection when filtering hosts [TPS#6970][OTRS#11217] -SW
- Fixed translation errors on a few pages (recurring downtime, recent alerts, metrics) [TPS#6991] -JO
- Fixed missing icons on recurring downtime page [TPS#6992] -JO
- Fixed showing scheduled downtime buttons on scheduled downtime page to read-only users [TPS#6974] -JO
- Fixed scheduled downtime not adding trigger id when set [TPS#6977] -JO
- Fixed scheduled downtime not adding flexible when selected [TPS#6972] -JO
- Fixed send_nrdp.sh handling of XML special chars. [TPS#6846] -SW
- Fixed bulk modifications when changing templates on hosts/services with no templates [TPS#7016] -JO
- Fixed minemap dashlet not keeping size on home dashboard [TPS#7024] -JO
- Fixed permissions on autodiscovery jobs directory to run on new installs [TPS#7038] -JO
- Fixed reset password to give an error if trying to set an AD/LDAP user password unless they have 'allow local auth' checked [TPS#7022] -JO
- Fixed issue where API would say it removed a host or service with dependencies when it really couldn't and would leave the host/service in the CCM -JO
- Fixed possible XSS on login page -SW
- Fixed possible clickjacking by forcing login page to be the top frame element -SW
- Fixed scheduled downtime problems with certain types of date format selected -JO
- Fixed garbled Japanese characters in home page title [TPS#7100] -JO
- Fixed box sizing cutting off some text in manage dashlets pages [TPS#7071] -JO
- Fixed capacity planning when disabled auto-running reports select boxes for time periods and extrapolation methods [TPS#7076] -JO
- Fixed capacity planning when disabled auto-running reports is from blanking out during page changes -JO
- Fixed autodiscovery wizard, rss dashlet, and escalation wizard from not being available on certain systems [TPS#7096] -JO
- Fixed Event Log report not showing up in reports list for users with 'can see/control monitoring engine' [TPS#7110] -JO
- Fixed user edit when selecting preferences would remove all checked security setting boxes [TPS#7113] -JO
- Fixed issue with graph.php no allowing you to pass in view and start timestamps -SW
- Fixed BPI hostgroup/servicegroup names not showing proper Japanese characters [TPS#7116][M#11] -SS

    Core Config Manager (CCM) - 2.5.2
    ---------------------------------
    - Fixed return URL (cancel button) links for host/services edited from clicking through the splash page [TPS#7095] -JO
    
5.2.2 - 11/12/2015
==================
- Fixed xi-sys.cfg using old config.inc.php values if the config.inc.php has changed since an upgrade/install -JO
- Fixed state colors for non-english versions of BPI -SW
- Fixed issue where upgrade of components/wizards through UI was not using proxy settings -SW
- Fixed creating multiple objects rapidly in API to now not write out files and instead import more directly -JO
- Fixed upgrade script to install all dependencies before performing upgraded of other components -SW
- Fixed garbled UTF chars in BBMap Tooltip -SW
- Fixed requirement of both start and end date when specifying custom dates for Performance Graphs -SW
- Fixed fresh installs stating that additional steps are required to run auto-discovery to run -SW

5.2.1 - 11/10/2015
==================
- Updated sourceguardian loaders supporting up to php 5.6 -SW
- Updated Highcharts to 4.1.9 -JO
- Updated htpasswd to use stronger SHA encryption -JO
- Fixed issue where update available still displays after upgrade by forcing check for updates to run after upgrade -JO
- Fixed autoupgrade_backup.x.tar.gz filename when running upgrade from web UI -JO
- Fixed numerous php notice/warnings -JO
- Fixed issue where Nagios::Monitoring::Plugin is now required by several default plugins -SW
- Fixed custom logo display issue in classic and 2014 themes -JO
- Fixed issue in AD/LDAP component with import not working correctly with parenthesis -JO
- Fixed issue where creating a new user would not update the htpasswd users file -JO
- Fixed ndo2db init script to remove "cannot open file errors" on restart -SW
- Fixed some unreadable service names in BBMap component -SW
- Fixed bug causing htpasswd.users to not be updated immediately when user is forced to change password -SW
- Fixed bug where object wouldn't acknowledge properly if no comment was entered through Rapid Response URL -SW
- Fixed auto-discovery exclude IP's to only have one --exclude statement in nmap scan -SW
- Fixed bug where commands through UI (ack/comments/etc.) would not submit properly if host or service_description had unicode chars -SW
- Fixed CCM Relationship button on commands page to show dependent relationships for hosts, services, hosttemplates, servicetemplates -SW
- Fixed searching for hosts in alert stream (with auto-complete) -JO
- Fixed error message returning on submit for Inbound NSCA settings -JO
- Fixed adding contacts/contact_groups to hosts/services created in the new API -JO
- Fixed creating host/service templates in API -JO
- Fixed scheduled backup limit being set to 0 resetting to 7 -JO
- Fixed old (upgraded intalls of XI < 5) nagiosadmins possibly not being able to log in locally if set to AD/LDAP -JO
- Fixed issue with AD/LDAP component not working with commas -JO
- Fixed various spelling errors -JO
- Fixed user management page select all functionality -JO
- Fixed invalid XML when using outbound transfers and check output had XML special chars -SW, SS
- Fixed webinject install to make sure we have proper permissions -SW
- Fixed bug where self signed SSL certificate sites could not schedule downtime -SW, SS
- Fixed my tools and common tools to be sorted alphabetically -JO
- Fixed bulk modifications tool to re-write host config on service config_name changes -JO
- Fixed permissions for nagios libexec directory -JO
- Fixed API creating only the last service sent when sending multiple service creations quickly -JO
- Fixed users who were set to local who were originally AD/LDAP users still being forced to skip local auth -SS
- Fixed 404 page when clicking on newly created 'My Scheduled Reports' link after creating a scheduled report -JO
- Fixed bulk modifications tool when setting contacts/contact groups via host/service groups -JO
- Fixed blank Alert Timeline when using a UTC offset -SW
- Fixed sizing of Alert Timeline to show more alerts -JO
- Fixed Top Alert Producers report column showing wrong date in Latest Alert column -SW
- Fixed Top Alert Producers CSV export column showing wrong date and label -SW
- Fixed BPI component check_bpi high CPU usage with lots of BPI checks -JO
- Fixed gauge dashlet creation popup loading slow on large installs -JO
- Fixed AD/LDAP import bug where users who already existed were trying to be imported instead of erroring -JO

    Core Config Manager (CCM) - 2.5.1
    ---------------------------------
    - Added ability for import issue to update host/service escalations/dependencies by adding in # config_name  to written config output -JO
    - Added ability for import issue to add host/service escalations/dependencies with specific config_name using # config_name  in config to import -JO
    - Updated some styles for easier readability -JO
    - Fixed import issue where items that needed config_name would use the host_name as the config_name causing only one item to be imported -JO
    - Fixed imported service escalation/dependency services not always showing up in services selection list -JO
    - Fixed php errors being thrown -JO
    - Fixed bug in CCM splash page where the number of dependecies were incorrect and updated to use a database query which will speed up the page for large systems -LG


5.2.0 - 10/08/2015
==================
- Upgraded CCM to 2.5.0 which added multiple features and changes (see below) -JO
- Added checkbox to admin section user creation/edit pages to enable/disable notifications -JO
- Added phone numbers next to emails for users to user management table -JO
- Added table name to oracle tablespace wizard services -JO
- Added dashlet hover option to show/hide dashlet title -JO
- Added &force=1 to config API endpoints to force configuration without doing a check for all parameters -JO
- Added additional documentation for user creation via API -JO
- Added additional popup documentation for user permissions in user creation/editing -JO
- Fixed LDAP/AD integration settings saving in user edit/creation pages -JO
- Fixed LDAP/AD integration 'allow local login' when checked -JO
- Fixed issue in BPI component that wouldn't use :: properly -JO
- Fixed issue where user opened/closed menu sections weren't properly applying -JO
- Fixed installing config wizards with configwizard- in zip file name -JO
- Fixed PHPMailer using non RFC compliant charset content type setting -JO
- Fixed dashboard font sizes -JO
- Fixed dashlets showing 'Pin' instead of 'Unpin' popup text when loading page -JO
- Fixed dashlet sizes and title spacing -JO
- Fixed opscreen showing all hosts as down when unhandled showing -JO
- Fixed issue with defining check_commands via host/service config api calls -JO
- Fixed schedule downtime predefined timestamp to show accurate time -JO
- Fixed regular users with specific settings able to acknowledge problems via new popup command -JO
- Fixed user creation section of API -JO
- Fixed NDO upgrade script for offloaded tables with different name -JO
- Fixed upgrade web UI sometimes showing red upgrade failed status bar even though upgrade was successful -JO
- Fixed BPI syncing from replacing and instead updates -JO,SS
- Fixed the old backend api output in json to no longer cause issues in PHP 5.1.x -JO

    Core Config Manager (CCM) - 2.5.0
    ---------------------------------
    - Added double click functionality in selection popups -JO
    - Fixed tooltips showing up in the wrong spots -JO
    
5R1.0 - 09/28/2015
=====================
- Upgraded Nagios Core 4.1.1 ( see below ) -SW
- Upgraded Bulk Modifications component to 2.0.0 which includes numerous new modifications to be performed (listed below) -JO
- Upgraded CCM to 2.4.0 which adds multiple features (listed below) -JO
- Upgraded Alert Stream to 2.0.0 which removes all Java apps from XI and instead uses D3.js -JO
- Upgraded LDAP and AD components with a single component which allows importing LDAP/AD users and easier LDAP/AD user management in users section -JO
- Upgraded to latest version of nmap in Auto-Discovery component -JO
- Upgraded check_wmi_plus plugin to 1.60, more functionality -LG,SW
- Updated Host/Service Detail pages to just show icon for tabs that have them specified to provide more real estate -SW
- Updated detail page so most tab content on detail pages doesn't load until selected improving performance -SW
- Updated perfdataproc.php cron job to utilize a better mechanism to move large amounts of files avoiding "Argument list too long" errors -SW
- Updated search functionality on users list in admin section to do mid-text searching on email, username, and full name -JO
- Updated deploy notification component to be more user-friendly -JO
- Updated the Metrics Component to display a wider range of agent data, optionally utilize the highcharts graphs, allow graph timeperiods to be selected, added advanced options and increased tab and display performance -LG
- Updated Bandwidth report to optionally use highcharts graphs -LG
- Updated the Windows WMI, Windows SNMP and Linux SNMP wizards to run a smart scan and prepopulate disks, processes and services -LG
- Updated all reports to now use asynchronous loading of report information -JO
- Updated all reports to have a new layout -JO
- Updated loading icons throughout XI -JO
- Updated configuration main page and configuration wizards page layout -JO
- Updated available dashlets page layout -JO
- Updated notification management section to be more intuitive when saving/applying templates to users -JO
- Updated full search box in XI 5 to a search icon in the main header nav bar -JO
- Updated host/service detail actions/advanced actions to use popups instead of old command pages -JO
- Updated homepage splash screen -JO
- Updated graph explorer multistacked graphs to actually 'stack' instead of overlay -JO
- Added manage dashboards page -JO
- Added manage views page -JO
- Added permissions to the actions component for individual actions -JO
- Added button 'Install Updates' to auto-upgrade components either per component or for all components with updates -JO
- Added button 'Install Updates' to auto-upgrade config wizards either per config wizard or for all config wizards with updates -JO
- Added a new scheduled downtime page with ajax popups for scheduling downtime -JO
- Added configuration wizard 'advanced settings' (step 3-5) templates (global/user) and a template manager -JO
- Added default template for configuration wizards which will set config wizard step3-5 fields with the proper variables -JO
- Added "API Key" to users section (instead of using username+ticket for API calls - backwards compatible though) -JO
- Added a fusion API Key for later fusion integration -JO
- Added integrated Help section for API Documentation -JO
- Added new REST API with objects, config, and system sections which allows adding host/services -JO
- Added a new theme for XI 5 release (Modern) -JO
- Added tabs to global configuration settings in admin area -JO
- Added numbers of saved reports and scheduled reports to left hand menu section -JO
- Added icons to a number of commonly used links -JO
- Added ability to filter config wizards on main config wizard page -JO
- Added ability to import users from AD/LDAP locations -JO
- Added ability to manage server certificates for AD/LDAP connections -JO
- Added links to deadpool from admin section -JO
- Added ability to customize email notification priority of notification per-user and per notification type, editable in Notification Preferences -SW
- Added ability to use custom host/service variables in actions component -SW
- Added ability to bulk rename config files for services in bulk rename component -SW
- Added ability for users to enable/disable Host and Service Acknowledgments in Notification Preferences -SW
- Added ability to toggle displaying of aliases in host/service detail pages. This is adjustable per user under Account Information -SW
- Added NavBar Search to search for host, hostgroup, and servicegroup and take user directly to results page -SW
- Added pagination additionally to top of host/service status tables -SW
- Added ability for users with "Can (re)configure hosts and services" perms to add/remove contactgroups they are members of when running wizards and reconfiguring objects -SW
- Added ability for users to just save config to database without Applying Configuration when running wizards -SW
- Added Auto-discovery option to use system DNS -SW
- Added ability to use logarithmic scaling with highchart perfdata charts -SW
- Added embeddable highcharts performance graphs that can be placed in an iframe passing host/service/width/height/username/token -SW
- Added Auto-discovery option to specify scan delay to throttle activity -SW
- Added %hostgroupnames% and %servicegroupnames% macros to actions component -SW
- Added ability to filter Capacity Planning report by Host/Hostgroup/Servicegroup with additional search -SW
- Added numerous performance enhancements to Auto-discovery to improve scan performance -SW
- Added URL target specification to actions component -SW
- Added searching capabilities to Acknowledgments page -SW
- Added ability to filter WARNING/UNKNOWN/UNREACHABLE states in Availability and SLA reports -SW
- Added auto updating of Tools on tool creation -JO
- Added auto updating of My Scheduled Reports when adding new scheduled report -JO
- Added number of reports to My Reports and My Scheduled Reports menu headers -JO
- Added auto updating of My Reports when saving new Report -SW
- Added dashlet functionality to SLA and Availability Report -LG
- Added language support for CCM help popups -SW
- Added JPG export option to all reports -SW
- Added option in State History Report to show only hosts or only services -SW
- Added in ability to filter by Host, Hostgroup, Servicegroup in Notification Report -SW
- Added sorting of Contacts and Contact groups in Wizard and object configuration pages -SW
- Added "Schedule a forced check for host and all services" to host detail advanced tab -SW
- Added ability to toggle Handled Problems in Birdseye Component -SW
- Added a user specified refresh rate to the configuration options in Custom URL Dashlet -SW
- Added hostgroups and service groups to host/service detail pages -SW
- Added advanced option to Executive Summary Report giving ability to hide scheduled downtime, etc. -SW
- Added ability to specify months in recurring downtime. -SW
- Added additional details column to auditlog -SW
- Added additional services to nagios config for localhost on a new install, checking crond,  httpd, mysqld, ndo2db, npcd, ntpd  -SW
- Added ability to filter Operations Center by host/hostgroup/servicegroup -SW
- Added to all reports a service drop down list that will display/update based on host selection -LG
- Added ability to filter Operations Center by service state -SW
- Added option to nagiosmobile to have page auto-refresh -SW
- Added sortable and searchable dropdown filtering by Host/Service/Hostgroup/Servicegroup to latest alerts component -SW
- Added remembering sort order (per-user) of items in CCM when returning to table of objects -SW
- Added showing the most recent comment in the status list comment tooltips -SW
- Added per-user theme settings -JO
- Added setting to global config to uncheck Sticky Acknowledgement box by default -SW
- Added login failures to Audit Log -SW
- Added features to the Audit Log report including scheduled report, pdf version, and filters by log type and source -JO
- Added cfg variable error_level and removed php notice errors from the error_log in production -JO
- Added the Warning/Critical lines to all XI graphs (toggle default active/inactive) -LG
- Added backing up of Nagvis to XI backup/restore scripts -JO
- Added log type and log source filter dropdowns to auditlog -JO
- Added config information to the downloadable system profile -JO
- Added the ability in Admin > System Settings > General to write Nagios XI auditlog to a file -LG
- Added new wizards: Folder Watch, Mountpoint, SLA -LG
- Remove displaying of service detail links for hosts without services -SW
- Remove nmap from being fully wildcard sudo'd, preventing hijacking from other system users -SW
- Fixed hypermap to be full size of page -JO
- Fixed deletion of local backup files in scheduled backup component. -SW
- Fixed bug causing nrdp.conf apache config to not work on CentOS/RHEL 7 -SW
- Fixed Common Tools from improperly encoding URL's -SW
- Fixed bug in CCM causing Execution failure criteria to not populate correctly for 'd' -SW
- Fixed bug causing NRDS Windows clients to not have correct permissions to build executable -SW
- Fixed bug where clicking on icons in sort columns on host/service status tables would not sort -SW
- Fixed bug in Event Log Report to allow searching for ; and : chars -SW
- Fixed bug causing Unified Hostgroup views to not refresh -SW
- Fixed bug causing search buttons on CCM import page to import files -SW 
- Fixed URL redirection when following permalink and user isn't logged-in -SW
- Fixed bug in the Scheduled Backups using FTP to use the indicated port (Previously default port 21) -LG
- Fixed XSS vulnerability in nagiosbpi component -SW
- Fixed check_rrdtraf from mislabeling UOM if Bytes was selected -SW
- Fixed many generic bugs with the deploy notification component and saving templates -JO
- Fixed bug causing + symbol in host, service, hostgroup and servicegroups making links in UI not work correctly -SW
- Fixed restore_xi.sh script to account for differences when moving from OS 6 to OS 7 -SW
- Fixed bug causing CCM to not work properly if specifying non-default MySQL port -SW
- Fixed bug where the Alias was not displaying for the Availability Report -LG
- Fixed bug in Switch wizard where the Warning/Critical percentages were not calculating using decimal places -LG
- Fixed bug causing passwords with special chars such as $ or & to not write .htpasswd file correctly -SW
- Fixed bug in Hostgroup Overview to display the correct service list when selecting a service instead of all hosts in the group -LG
- Fixed bug where setting new UI theme would not actually change theme until next page load -JO
- Fixed bug in ndoutils which could cause message queue to not empty -SW
- Fixed bug where deleting backup would not remove the local backup -JO
- Fixed bug in Hostgoup Overview to display the correct service list when selecting a service instead of all hosts in the group -LG

    Core Config Manager (CCM) - 2.4.0
    ---------------------------------
    - Added Core Config Manager landing page -LG
    - Fixed 'Manage Parents' to now show child relationships while making them non-selectable -JO
    - Fixed bug where changing a parent host's host name would cause config not to apply until doing a full delete/rewrite of configs -JO 

    Bulk Modifications - 2.0.0
    --------------------------
    - Changed bulk mod procedure to be a step by step process -JO
    - Added ability to change ARG variables on hosts/services -JO
    - Added ability to add/remove multiple contacts/contact groups from hosts/services and host groups/service groups -JO
    - Added ability to select multiple host groups to add -JO
    - Added ability to remove host groups, services, and parents (hosts and services) -JO
    - Added ability to select hosts/services via selecting hostgroups or service groups -JO
    - Added ability to set templates (and template order) on hosts/services -JO
    - Added select boxes for config options that are selectable -JO
    - Added inheritance options for contacts/contact groups -JO
    - Added ability to update config name for services -JO
    - Updated change single config option to change more options -JO
    - Updated change single config option time period autocomplete functionality -JO
    
    Nagios Core - 4.1.1
    --------------------------
        ENHANCEMENTS
        * Promoted JSON CGIs to released status (Eric Stanley)
        * New graphical CGI displays: statusmap, trends, histogram (Eric Stanley)
        * Make sticky status for acks and comments configurable enhancement #20 (Trevor McDonald / Scott Wilkerson)
        * Add host_down_disable_service_checks directive to nagios.cfg #44 (Trevor McDonald / Scott Wilkerson)
        * httpd.conf doesn't support Apache versions > 2.3 (DanielB / John Frickson)

        FIXES
        * Fix for not all service dependencies created (John Frickson)
        * Fix SIGSEGV with empty custom variable (orbis / John Frickson)
        * Fix contact macros in environment variables (dvoryanchikov)
        * Fixed host's current attempt goes to 1 after going to hard state (John Frickson)
        * Fixed two bugs/problems: Replace use of %zd in base/utils.c & incorrect va_start() in cgi/jsonutils.c (Peter Eriksson)
        * Fixed: Let remove_specialized actually remove all workers (Phil Mayers)
        * Fixed log file spam caused when using perfdata command directives in nagios.cfg (shashikanthbussa)
        * Fixed off-by-one error in bounds check leads to segfault (Phil Mayers)
        * Added links for legacy graphical displays (Eric Stanley)
        * Update embedded URL's to https versions of Nagios websites (scottwilkerson)
        * Fixed doxygen comments to work with latest doxygen 1.8.9.1 #30 (Trevor McDonald)
        * Fixed makefile target "html" to PHONY to fix GitHub issue #28 (Trevor McDonald)
        * Fixed typo as per GitHub issue #27 (Trevor McDonald)
        * Fixed jsonquery.php 404 not found error, and disabled Send Query button until form populates #43 (Scott Wilkerson)
        * Fixed linking in Tactical Overview for several of the Host entries in Featured section #48 (Scott Wilkerson)
        * Fixed passing limit and sort options to pagination and sort links #42 (Scott Wilkerson)
        * Added form field for icon URL and clean-up when it changes in CGI Status Map. (Eric Stanley)
        * Added options to cgi.cfg to uncheck sticky and send when acknowledging a problem (Trevor McDonald)
        * Low impact changes to automate the generation of RPMs from nagios.spec file. (T.J. Yang)
        * Update index.php (Trevor McDonald)
        * Fixed escaping of corewindow parameter to account for possible XSS injection (Scott Wilkerson)
        * Typo correction (T.J. Yang)
        * Make getCoreStatus respect cgi_base_url (Moritz Schlarb)
        * Adjusted map layout to work within frames (Eric Stanley)
        * Fixed map displays are now the full size of browser window (Eric Stanley)
        * Fixed labels and icons on circular markup no longer scale on zoom (Eric Stanley)
        * Got all maps except circular markup working with icons (Eric Stanley)
        * Fixes to make legacy CGIs work again. (Eric Stanley)
        * Fixes to make all/html target tolerant of being run multiple times (Eric Stanley)
        * For user-supplied maps, converted node group to have transform (Eric Stanley)
        * Fixed issue transitioning from circular markup map to other maps (Eric Stanley)
        * Fix displayForm to trigger on the buttom press (Scott Wilkerson)
        * Fix fo getBBox crash on Firefox (Eric Stanley)
        * Fixed map now resets zoom when form apply()'d (Eric Stanley)
        * Fixed so close box on dialogs actually closes dialog (Eric Stanley)
        * Corrected directive in trends display (Eric Stanley)
        * Fixed minor issue with link in trends linkes (Eric Stanley)
        * Fixed issue with map displaying on Firefox (Eric Stanley)
        * Added exclusions for ctags generation (Eric Stanley)
        * Update map-popup.html (Scott Wilkerson)
        * Initial commit of new graphical CGIs (Eric Stanley)
        * Fixed Github bug #18 - archivejson.cgi returns wrong host for state change query (Eric Stanley)
        * Status JSON: Added next_check to service details (Eric Stanley)
        * Fixed escaping of keys for scalar values in JSON CGIs (Eric Stanley)
        * build: Include  if it exists. (Eric J. Mislivec)
        * lib-tests: test-io{cache|broker} need -lsocket to link. (Eric J. Mislivec)
        * lib-tests: test-runcmd assumes GNU echo. (Eric J. Mislivec)
        * lib-tests: Signal handlers don't return int on most platforms, and using a cast was the wrong way to resolve this. (Eric J. Mislivec)
        * Fix some type/format mismatch warnings for pid_t. (Eric J. Mislivec)
        * Fix build on Solaris. (Eric J. Mislivec)
        * runcmd: Fix build when we don't HAVE_SETENV. (Eric J. Mislivec)
        * Fixed checkresult output processing (Eric Mislivec)
        * Corrected escaping of long output macros (Eric Mislivec)
        * Fixed null pointer dereferences in archive JSON (Eric Stanley)
        * Fixed memory overwrite issue in JSON string escaping (Eric Stanley)
        * JSON CGI: Now escaping object and array keys (Eric Stanley)