Centreon Web 19.10.23

« Release notes | Centreon Web 19.10.23 | Centreon Web 19.04.18 »

Table Of Contents

Centreon Web 19.10.23

Bug fixes

  • [Administration] Cannot list Pollers in Centreon Engine statistics

Security fixes

  • [Administration] User can install or delete modules with no ACL rights
  • [Configuration] Cross-site Scripting (XSS) Stored/Persistent in Dependency/Notification form
  • [Configuration] SQL injection in user additional information
  • [Configuration] Stored XSS in host Alias for host form
  • [Core] Predictable anti-CSRF token
  • [Lib] Update centreon vulnerable packages

Centreon Web 19.10.22

Bug fixes

  • [Lib] Update moment-timezone to manage new timezones

Security fixes

  • [APIv2] API realtime rights give API configuration rights

Centreon Web 19.10.21

Bug fixes

  • [Core] Update centreon copyright dates
  • [Install] Complete the Last step upgrade redirection
  • [Administration/About] Update about page with current team

Security fixes

  • [Core] Cross-site Scripting (XSS) in index.php
  • [Lib] Update jQuery to version >= 3.5.1

Centreon Web 19.10.20

Bug fixes

  • [Configuration] Non-admin users can’t create host/service
  • [Core] PHP 7.3 issue with recurrent downtimes

Security fixes

  • [Administration] Cross-site Scripting (XSS) Stored/Persistent in Ressource Access form - CVE-2020-22425
  • [Administration] XSS stored in the LDAP form
  • [Apache] Remove deprecated ciphers for HTTPS configuration example
  • [Authentication] Session is active longer than expected
  • [Authentication] User enumeration in login page
  • [Configuration] Cross-site Scripting (XSS) Reflected in Hosts form
  • [Core] Vulnerable handlebars.js library
  • [Reporting] Cross-site Scripting (XSS) Reflected in “Dashboard > Hosts” page
  • [Service details] Too much “Unable to hide passwords in command”

Centreon Web 19.10.19

Bug fixes

  • [CLAPI] Create user with language
  • [CLAPI] Import fails on password type macros

Security fixes

  • [ACL/Access Groups] Cross-site Scripting (XSS) Stored/Persistent for search
  • [ACL/Actions Access] Cross-site Scripting (XSS) Stored/Persistent for search
  • [ACL/Resources Access] Cross-site Scripting (XSS) Stored/Persistent for search
  • [API] Missing access control mechanism in rest API v1
  • [Configuration > Servicegroups] Leak of technical information
  • [Configuration/H/HTPL/S/STPL] Password in plain text
  • [Core] Centreon token is vulnerable against replay attack
  • [Core] Token usage is not mandatory
  • [Media] PHP warning about missing tmp dir used during media upload

Centreon Web 19.10.18

Bug fixes

  • [Apache] apache example file for https declaration of SSLCipherSuite
  • [Authentication] Reach Centreon Front-end parameter ineffective
  • [LDAP] new LDAP configurations are broken
  • [Login] Invalid credentials after edit profile changes

Security fixes

  • [Apache] Support for the HTTP TRACE method
  • [Configuration] Leak of technical information in “Configuration > Service Groups”
  • [Configuration] Cross-site Scripting (XSS) Stored/Persistent in “Commands > Connectors”
  • [Configuration] Cross-site Scripting (XSS) Stored/Persistent in “Users > Contact Groups”
  • [Media] Unrestricted file upload
  • [Monitoring] XSS in updateContactParam.php & commonJS.php

Centreon Web 19.10.17

Enhancements

  • [Remote Server] Add the possibility to configure mail for users
  • [Remote Server] Hide the “Configure host / service” buttons from monitoring legacy pages

Bug fixes

  • [Administration] ‘options’ table for centreon database is sometimes empty
  • [Administration] Quiet SSH for Engine statistics collection
  • [Administration] Script centreon-backup errors
  • [CLAPI] Export clapi duplicates contacts
  • [Core/Partitioning] Partitioning starts at epoch
  • [Core] Perl lib db query bad looping parameters
  • [Core] Too much rows in extended_service_informations tables
  • [Custom Views] Select2 popin error on custom view sharing
  • [Event logs] Inoperative filters when exporting
  • [Graphs] Performance graph legend does not update dynamically
  • [Reporting] Dashboard won’t build when having service by hostgroup

Security fixes

  • [Administration] Password in plain text in “Administration > Logs”
  • [Apache] Lack of click diversion protection (Clickjacking)
  • [Core] Update moment.js library
  • [Media] Broken authentication of uploaded files
  • [Monitoring] Blind SQL Injection in “Monitoring > Downtimes > Downtimes”
  • [Custom Views] List of user accounts in custom view

Centreon Web 19.10.16

Newly shared views do not break widget preferences. But, if you have already broken widget preferences for users who add a shared view, you’ll need to :

  • Login centreon web with the user who share the custom view
  • Switch to the custom view with broken preferences for other users
  • Click on “Share view”, and then click on “Share”

This will restore preferences for other users

Bug fixes

  • [ACL] Incorrect inheritance of categories/severities for services
  • [CLAPI] Add getparams
  • [CLAPI] Carriage return and line feed breaks comments
  • [Configuration] Dependencies not deleted when last parent deleted
  • [Dashboard] Time is shown in epoch format on the dashboard timeline
  • [Eventlog] Acknowledged alerts status show “OK” but it’s wrong
  • [Graphs][legacy pages] 1000/1024 graph template ignored
  • [Monitoring Status output not correctly displayed with chinese characters
  • [Remote-Server] incorrect url to contact Centreon Central Server
  • [Widgets] Can’t change position of widgets
  • [Widgets] Parameters are deleted when importing/deleting/importing a custom view

Security fixes

  • [API] Information Disclosure in centreon_wiki internal API
  • [API] ]Cross-site Scripting (XSS) Reflected in centreon_wiki internal API
  • [Administration] Horizontal privilege escalation / session takeover
  • [Configuration] Cross Site Scripting in widget rename
  • [Configuration] RCE in SNMP trap import
  • [Configuration] Vulnérabilités d’injections SQL in “Configuration > Host categories”
  • [Configuration] Vulnérabilités d’injections SQL in “Configuration > Service categories”
  • [Configuration] ]Vulnérabilités d’injections SQL in “Configuration > Service Groups”
  • [Knowledge-Base] ]Password in plain text in “Configuration > Knowledge base” menu

Centreon Web 19.10.15

Enhancements

  • [Backend] HTTP2 compatibility

Bug fixes

  • [CEIP] centreon-send-stats.php script failed when one script fails
  • [Configuration/CLAPI] APPLYCFG rises errors for hosts with disabled host templates
  • [Configuration] Notifications are sent to wrong contacts when using services by host groups
  • [Configuration] improve message to use Remote Server as proxy
  • [Dashboard] Reporting is broken when a host is renamed
  • [LDAP] legacy errors in the logs
  • [Monitoring] Correct API v1 host filters
  • [Monitoring] Service limit when sending an external command

Security fixes

  • [Administration] SQL injection in “Administration > Parameters > Data”
  • [Configuration] RCE in Post command execution - CVE-2019-19699
  • [Configuration] SQL injection in Knowledge Base pages
  • [Configuration] SQL injection in centreonTraps.class.php
  • [Custom views] Missing access control mechanism in widget action
  • [Custom views] Missing access control mechanism in widget preferences
  • [Custom views] SQL injection in loadServiceFromHost
  • [Monitoring] Missing access control mechanism in hostSendCommand/ serviceSendCommand
  • [Monitoring] XSS in setHistory.php and commonJS.php
  • [Platform Status] Fix vulnerability for file loading

Centreon Web 19.10.14

Bug fixes

  • [Backup] Unable to mount ext4 partitions (PR #8770)
  • [Configuration] Invalid check command prevent notification of meta-services (PR #8783)
  • [Reporting] Scheduled downtimes are wrongly managed when cancelled (PR #8775)
  • [Trap] Remove default value when options are configured (PR #8767)

Security fixes

  • [Backup] Privilege escalation from backup cron
  • [Configuration] Sanitize geocoords values in the form
  • [Web] Multiple SQL injections

Centreon Web 19.10.13

Enhancements

  • [Clapi] Add possibility to get children of a host (PR #7982)

Bug fixes

  • [Configuration] Wrongly linked service template in service group (PR #8589)
  • [Clapi] Import failure (PR #8724)
  • [Clapi] Fix/Improve RTDOWNTIME (PR #8275)
  • [Auth] Authentication type does not fallback from LDAP to local automatically (PR #8713)
  • [Monitoring] Service groups not displayed when no services found into it (non-admin users) (PR #8529)
  • [PPM] Remove media error when inserting a plugin (PR #8732)

Security fixes

  • [Web] DoS issue in include/eventLogs/xml/data.php
  • [Web] RCE using command line path’s argument (CVE-2020-12688)

Centreon Web 19.10.12

Enhancements

  • [Install] Add dependencies mechanism during extensions install/remove process
  • [Monitoring] Hide graphs when no metrics in Details Page (PR #8329)

Bug Fixes

  • [Monitoring] Correctly compute downtime duration (PR #7606)
  • [Backend] Add Asia/Yangon to the timezone list (PR #8711)
  • [Backend] host-graph-v2 do not display all graph

Security

  • Vulnerabilities in centreon_home_customview API (PR #8448)
  • SQL Injection in makeXMLForAck.php (PR #8652)
  • Vulnerabilities with displayServiceStatus.php (PR #8467)

Centreon Web 19.10.10

Bug Fixes

  • [Configuration] Export “NULL” values correctly to Remote Server (PR #8281)
  • [Dashboard] Report displays templates instead of services (PR #8406)
  • [Centcore] External commands processed every second if in multiple files (PR #8407)

Centreon Web 19.10.9

Bug Fixes

  • [LDAP] Sync user deletion from groups (PR #8287)
  • [Top Counters] Use session cache to store results (PR #8189)
  • [Configuration] Geo coordinates of hosts not exported to Remote Server (PR #8390)

Centreon Web 19.10.8

Bug Fixes

  • [Documentation] Typos fixed in the documentation (#8336) (#8364)
  • [Documentation] Remove useless checks (#8360)
  • [Install] remove harcoded version in source install (#8332)
  • [Install] source installation script fixes (#8341)
  • [Install] replace macro in cron files (#8359)
  • [Web] correct delete comments (#8367)

Security

  • [ACL] set read only access by default instead of read/write (#8317)

Centreon Web 19.10.7

Bug Fixes

  • [Charts] Problem using zoom in when having timezone (PR #8286)
  • [Source install] Several files are not copied in centreon directory
  • [Status Details] “Display details” strange behaviour when “Summary” selected in by Hostgroup page (PR #8265)
  • [UI] Add nowrap style to badge class to avoid wrap in dense typeface environments like chinese (PR #8314)
  • [Mobile] Third level menus are not accessible (PR #8320)

Security

  • Do not expose session ID identifier in URL (PR #8291)

Technical

  • Remove all unused front-end code

Centreon Web 19.10.6

Bug Fixes

  • [Status Details] Services shown as CRITICAL while OK (PR #8253)
  • [Status Details] Cannot empty “Hostgroup” drop-down list in “Services by Hostgroup” (PR #8257)
  • [Autologin] Access to URI with arguments (PR #8262)
  • [Configuration] Check command –help display won’t work (PR #8255 and #8268)
  • [Event Logs] Filter on disabled objects (PR #8238)
  • [Services Grid] Filters not used correctly (PR #8260)

Centreon Web 19.10.5

Bug Fixes

  • [Install] Check MariaDB version before using ALTER USER (PR/#8068)
  • [Install] Update libinstall scripts (PR/#8180, PR/#8188)
  • [Status Details] “Display details” not working when “Summary” selected (PR/#8200)
  • [Traps] Cannot save trap configuration (PR/#8165, PR/#8169)
  • [Clapi] Fix overlapping in clapi export (PR/#8191 fixes #7562)
  • [Clapi] Add parameters for HOST object (PR/#8085)
  • [API] Improve consistency of getparam (PR/#8201)
  • [Custom View] fix display for user with no widget preferences (PR #8159 fixes #7875)
  • [Web] Issue with random blank pages (PR/#8187,#8193)
  • [Web] Search in media page does not work (PR/#8203)
  • [Web] Improve authentication messages in login.log (PR/#7943)

Security

  • [Web] Bump terser-webpack-plugin to 1.4.2 (PR/#8182)
  • [Web] Upgrade handlebars dependencies (PR/#8224)

Centreon Web 19.10.4

Documentation

  • Clearly indicate that dependencies between pollers are not possible

Improvements

  • [Downtimes] Manage downtimes for host and service (PR/#8110)

Bug Fixes

  • [Custom Views] Define new custom view error file template (PR/#8141)
  • [Custom Views] Fix double quote in widget title (PR/#8161)
  • [ACL] Remove ACL notice on lvl3 calculation (PR/#8120)
  • [Configuration] Fix performance regression in notification system (PR/#8143)
  • [Remote] Host and service templates are not properly imported (PR/#8147)
  • [Topology] Correct URL options for service pages (PR/#8164)

Centreon Web 19.10.3

Bug Fixes

  • [LDAP] Correct double slashes in the saved DN (PR/#8121)

Security Fixes

  • Fix call of service macros list without authentication - CVE-2019-17645 (PR/#8035)
  • Fix call of host macros list without authentication - CVE-2019-17644 (PR/#8037)

Centreon Web 19.10.2

Enhancements

  • [API] Return curve metric name (PR/#8055)
  • [Install] Display complete release note of a Major version (commit 06f714d55c)
  • [Install] Improve last web install step intall button (PR/#7873)

Documentation

  • Display release notes per section in upgrade process
  • Update FAQ to install RRDCacheD on el7 (PR/#8052)

Bug Fixes

  • [API] Add macro password option for service template using CLAPI (PR/#8012)
  • [API] Unable to set host notification to None through the API (PR/#8077)
  • [Charts] Match metric name with metric value (#5959, #7477, PR/#7764)
  • [Charts] Curves in graph not synchronized on display (PR/#8039)
  • [Charts] Fix rrd command line with v1.5 (PR/#7804)
  • [Configuration] fix host name filter history (PR/#8134)
  • [Install] Check mariaDB version before using ALTER USER (PR/#8068)
  • [LDAP] Add missing Okta selector (PR/#8028, 7825)
  • [LDAP] Ldap users using the auto-import cannot login (PR/#8112)
  • [Configuration] Remove unused radio button in meta service configuration (PR/#7992)
  • [Monitoring] Fix recurrent downtimes filter (PR/#7989, #7987)
  • [Notification] Link properly contact with contact template on file generation (PR/#8080)
  • [Remote Server] Export properly trap matching and hostgroups (PR/#8054)
  • [Remote Server] Additional Remote Server config fails (#8104, PR/#8105)
  • [Remote Server] Hostgroup and servicegroup not exported (PR/#8135)
  • [Traps SNMP] Fix traps regression with same oid (PR/#8118)
  • [Traps SNMP] Accept null value for description (PR/#8109)
  • [UI] Fix breacrumb url for parent’s levels (PR/#8108)
  • [UI] Correctly toggle edit load and header of widgets (PR/#8114)

Security Fixes

  • Avoid SQL injections in multiple monitoring pages - CVE-2019-17647 (PR/#8063, PR/#8094)
  • Cross-site scripting (reflected) - Dont’ return js (PR/#8095)
  • Do not allow to get all services using downtime ajax file - CVE-2019-17643 (PR/#8022)
  • Do not allow to unhide password macros (PR/#8071)
  • Filter access to api using external entry point - CVE-2019-17646 (PR/#8021)
  • Fix default contact_autologin_key value
  • Fix security on LDAP page - CVE-2019-15300 - (PR/#8008)
  • RCE on mib import from manufacturer input - CVE-2019-15298 (PR/#8023)

Performance

  • Set LDAP contactgroup synchronization every hour (PR/#8070)

Technical

  • Correct the call of static method (PR/#8026)
  • Improve centreonworker logging (PR/#7712)
  • Optimize select all in select2 component (PR/#7926)
  • Poc new update field pollers (PR/#8093, PR/#8100)
  • Update dependency of centreon-react-components (PR/#8024)

Centreon Web 19.10.1

Bug Fixes

  • [Install/update] correct loop issue on installation/update (PR/#7997)

Centreon Web 19.10.0

Features

  • [Authentication] Add Keycloak SSO authentication in Centreon (PR/#7700)
  • [API v2] New real time monitoring JSON REST API v2 for services and hosts - currently in beta version (PR/#7821)
  • [API v2] Manage acknowledgements (PR/#7907)
  • [Notification] Add new options for Contacts & Contact groups method calculation (PR/#7917, PR/#7960, PR/#7963, PR/#7965, PR/#7971):
    • Vertical Inheritance Only: get contacts and contactgroups of resources and linked templates, using additive inheritance enabled option (Legacy method, keep for upgrade)
    • Closest Value: get most closed contacts and contactgroups of resources including templates
    • Cumulative inheritance: Cumulate all contacts and contactgroups of resources and linked templates (method used for new installation)

Enhancements

  • [Administration] [Audit logs] Add purge function for audit logs (PR/#7710)
  • [Authentication] Add Okta LDAP template (PR/#7825)
  • [Charts] Centreon-Web Graph Display and png export is coherent (PR/#7676)
  • [Charts] Better management of virtual metrics: you can display or not a virtual metric (PR/#7676)
  • [Charts] Only one color by curve: users see the same color curve (PR/#7676)
  • [Configuration] Add display locked checkbox for objects listing (#7444)
  • [Configuration] Add contactgroups filter in list of contacts (PR/#7744)
  • [Configuration] Add status and vendor filters in list of SNMP traps (PR/#7758)
  • [Configuration] Move global rrdcached option to Centreon Broker form for each broker (PR/#7791)
  • [Configuration] Allow to redifine action command for Centeron Engine & Centreon Broker (PR/#7810)
  • [Install] Allow people to use another user that has root privileges when installing centreon (PR/#7445)
  • [Install] Add possibility to install widget during last step (PR/#7890)
  • [Install] New script that aims at automating all manual steps that are required when installing Centreon from packages (PR/#7853)
  • [Remote Server] Poller attached to multiple remote servers (PR/#7849)
  • [Remote-Server] Allow to use direct ssh connection to poller from central (PR/#7680)
  • [Remote-Server] Optimize execution time of export/import (PR/#7749)
  • [Remote-Server] Improve centreonworker logging (PR/#7712)
  • [UI] Do not display round values in detailed top counter (PR/#7547)
  • [UI] Style default select to be as much like select2 as possible (PR/#7819)
  • [UI] Update style of checkbox, radio, tabs (PR/#7845)
  • [UI] Adding cursor pointer to icons (PR/#7613)
  • [Widgets] Add multiselect on severity preference (PR/#7752)
  • [Widgets] Upgrade poller preference of engine-status widget (PR/#7820)
  • [Widgets] Add connectors for servicegroups and severities (PR/#7753)

Performance

  • [ACL] centAcl optimize memory and time execution (PR/#7751)
  • [API] Improve performance of clapi call through REST API (PR/#7842)
  • [Chart] Increase performance on server side when we get data from rrd files to display charts: between 70% and 90% (PR/#7676)

Documentation

  • Doc correct migration using Nagios reader (PR/#7781)
  • Update MySQL prerequisites for master (PR/#7904)
  • Improve documentation for MySQL/MariaB strict mode (PR/#7806)
  • Improve migration procedure (commit 47be1c3)
  • Improve prerequisites (commit 7200461)
  • Fix typo Centreon word (and one variable) (PR/#7796, PR/#7806)
  • Add link to Centreon API JSON REST v2 (commit bfac416)
  • Add OS update (commit 04e9942)

Bug Fixes

  • [ACL] Redirect to login page when user is unauthorized (PR/#7687)
  • [ACL] Add ACL to select meta-services for list of services in performance menu (PR/#7736)
  • [ACL] Fix cron renaming bound variable name (PR/#7984)
  • [API] Delete services when host template is detached from host (PR/#7784)
  • [API] Fix import of contactgroup when linked to ldap (PR/#7797)
  • [API v2] Fix bad verification when an admin has access group (PR/#7972)
  • [Charts] Fix export png for splited graph (PR/#7676)
  • [Charts] Graph is smoothed to much (PR/#7676, #4898)
  • [Charts] Unit curves not displayed when only 1 metric (PR/#7676, #5533)
  • [Charts] strange char & missing dates in exports (PR/#7676, #7310)
  • [Charts] HTML code instead of accented characters in graphs (PR/#7676, #6318)
  • [Charts] Graphs Period Showing Different Times (PR/#7676, #5939)
  • [Charts] Match metric name with metric value in export (#5959, #7477, PR/#7764)
  • [Centcore] Correct typo in scp command (#7849, PR/#7946)
  • [Centcore] Create centcore file by action (PR/#6985)
  • [Configuration] Correct issue in wizard with PR #7849 (commit 2b8a728478)
  • [Configuration] Fix style of broker modules options checkboxes (PR/#7899)
  • [Configuration] Select also pollers attached to additional RS for generation (PR/#7922)
  • [Configuration] Fix the manual activation/disactivation of a contact (PR/#7930)
  • [Configuration] List contact using escapeSecure method (PR/#7947)
  • [Configuration] Fix SNMP traps generation by poller (PR/#6416)
  • [Configuration] Fix stream connector configuration update in Centreon Broker form (PR/#7813)
  • [Custom-Views] Correction on custom view using spanish (PR/#7778)
  • [Dashboard] Remove useless columns which break sql strict mode (PR/#7937)
  • [i18n] Fix issue with translation when several modules are installed (PR/#7916)
  • [Install] Change the bash interpreter for the native sh (commit (PR/#7911))
  • [Install] Update wording about cache in install/upgrade process (PR/#7895)
  • [Install] Fix syntax error in step5 of upgrade process (PR/#7900)
  • [Install] Disable button when installing modules last step (PR/#7873)
  • [Menu] Retrieve menu entries as link (PR/#7826)
  • [Monitoring] Apply downtimes on resources linked to a poller (PR/#7955)
  • [Monitoring] Save properly monitoring service status filter (PR/#7908)
  • [Monitoring] Fix pagination display in service monitoring by servicegroups (PR/#7755)
  • [Monitoring] Fix labels in graph alignment for service details page (PR/#7805)
  • [Monitoring] Fix double host name display in host details page (PR/#7737)
  • [Remote-Server] Allow remote server config to be loaded with mysql strict mode enabled (PR/#7887)
  • [Remote Server] Change grant option for remote server database centreon user (PR/#7888)
  • [Remote Server] set remote_id/remote_server_centcore_ssh_proxy to NULL/0 (PR/#7878)
  • [Remote Server] Fix simple remote server creation (PR/#7936)
  • [Remote Server] Add missing host poller relation in export (PR/#7928)
  • [Remote-Server] Adapt nagios_server export columns (PR/#7871)
  • [UI] Do not display autologin shortcut when disabled (PR/#7340)
  • [UI] Avoid host icon to be flattened (PR/#7870)
  • [UI] Retrieve space before alias in user menu (PR/#7869)
  • [UI] Fix compatibility with IE11 (external modules) (PR/#7923)
  • [UI] Rename contact template titles properly (PR/#7929)
  • [UI] Fix style of frozen checkboxes (PR/#7882)
  • [Widgets] Undefined pagination variable when editing custom view (PR/#7935)
  • [Widgets] set GMT to default if null (PR/#7766)

Security fixes

  • Add rule for max session duration (PR/#7918)
  • Hide password in command line for status details page (#7414, PR/#7859)
  • Escape script and input tags by default (PR/#7811)
  • Add php mandatory params info in source installation (PR/#7897)
  • Escape persistent and reflected XSS in my account (PR/#7877)
  • Remove xss injection of service output in host form (PR/#7865)
  • Sanitize host_id and service_id in makeXMLForOneService.php (PR/#7862)
  • Session fixation using regenerate_session_id (PR/#7892)
  • Remove command test execution - CVE 2019-16405 (PR/#7864)
  • the ini_set session duration param has been moved in php.ini (PR/7896)

Technical

  • [API] Update type of returned activate property (PR/#7851)
  • [CEIP] Telemetry ceip improvements (PR/#7931)
  • [Component] Compatibility with RRDtool >= 1.7.x (PR/#7676)
  • [Component] Update to rh-php72 (PR/#7542)
  • [Composer] Reduce size of centreon package on packagist (PR/#7818)
  • [Composer] Add missing translation dependency in composer.json (PR/#7879)
  • [Configuration] Move filesGeneration directory to /var/cache/centreon (PR/#7735)
  • [Core] Improve the centreon user service definition in ServiceProvider (PR/#7891)
  • [CSS] Clean cache at each new centreon version (PR/#7959)
  • [Database] Start compatibility with MariaDB/MySQL STRICT mode - in progress (PR/#7544)
  • [Database] Remove useless primary keys on multiple tables (PR/#7542)
  • [Database] Change type of column widget_models.description to TEXT (PR/#7542)
  • [Database] Add default value to acl_groups.acl_group_changed table (PR/#7542)
  • [Database] Update column types of downtimes table (PR/#793)
  • [Database] Compatibility with MySQL v8.x version (PR/#7801)
  • [Install] Do not require conf.php files to exist in module upgrade directories (PR/#7914)
  • [Lib] Upgrade front libraries & improve dynamic import (PR/#7724)
  • [Select2] Fix default select2 getter on severity (PR/#7814)
  • [Select2] Allow to display disabled status in select2 options (PR/#7531)
  • [Test] Fix acceptance test of locked elements (PR/#7910)
  • [Update] Move alter table statement in a php script for MySQL compatibility (PR/#7838)
  • [Upgrade] Take into account the removal of older conf.php (PR/#7952)
  • [Update] Remove upgrade of bigint columns (PR/#7953)
  • [UI] Remove wizard graph tour in performance view (PR/#7676)
  • [Update] Finish module update with upgrade to last version (PR/#7956)

Known issue

  • [logs] Fix the limitation of max value for the primary key of the centreon_storage.logs table (update_centreon_storage_logs)

Centreon Web 19.10.0-rc.1

Enhancements

  • [authentication] Add okta LDAP template (PR/#7825)
  • [Configuration] Add display locked checkbox for objects listing (#7444)
  • [Install] Add possibility to install widget during last step (PR/#7890)
  • [Remote Server] Poller attached to multiple remote servers (PR/#7849)
  • [UI] Do not display round values in detailed top counter (PR/#7547)

Documentation

  • Doc correct migration using nagios reader (PR/#7781)
  • Update mysql prerequisites for master (PR/#7904)

Bug Fixes

  • [Centcore] Create centcore file by action (PR/#6985)
  • [Configuration] Correct issue in wizard with PR #7849 (commit 2b8a728478)
  • [Configuration] Fix style of broker modules options checkboxes (PR/#7899)
  • [Install] Change the bash interpreter for the native sh (commit (PR/#7911))
  • [Install] Update wording about cache in install/upgrade process (PR/#7895)
  • [Install] Fix syntax error in step5 of upgrade process (PR/#7900)
  • [Monitoring] Save properly monitoring service status filter (PR/#7908)
  • [Remote-Server] Allow remote server config to be loaded with mysql strict mode enabled (PR/#7887)
  • [Remote Server] Change grant option for remote server database centreon user (PR/#7888)
  • [Remote Server] set remote_id/remote_server_centcore_ssh_proxy to NULL/0 (PR/#7878)
  • [UI] Fix style of frozen checkboxes (PR/#7882)

Security fixes

  • Hide password in command line for status details page (#7414, PR/#7859)
  • Escape script and input tags by default (PR/#7811)
  • Add php mandatory params info in source installation (PR/#7897)
  • Escape persistent and reflected XSS in my account (PR/#7877)
  • Remove xss injection of service output in host form (PR/#7865)
  • Sanitize host_id and service_id in makeXMLForOneService.php (PR/#7862)
  • Session fixation using regenerate_session_id (PR/#7892)
  • Remove command test execution - CVE 2019-16405 (PR/#7864)
  • the ini_set session duration param has been moved in php.ini (PR/7896)

Technical

  • [Core] Improve the centreon user service definition in ServiceProvider (PR/#7891)
  • [Test] Fix acceptance test of locked elements (PR/#7910)

Known issue

  • [logs] Fix the limitation of max value for the primary key of the centreon_storage.logs table (update_centreon_storage_logs)

Centreon Web 19.10.0-beta.3

New features

  • [Authentication] Add Keycloak SSO authentication in Centreon (PR/#7700)
  • [API] New real time monitoring API for services and hosts (PR/#7821)

Enhancements

  • [Configuration] Move global rrdcached option to Centreon Broker form for each broker (PR/#7791)
  • [Configuration] Allow to redifine action command for Centeron Engine & Centreon Broker (PR/#7810)
  • [Install] New script that aims at automating all manual steps that are required when installing Centreon from packages (PR/#7853)
  • [Remote-Server] Allow to use direct ssh connection to poller from central (PR/#7680)
  • [Remote-Server] Optimize execution time of export/import (PR/#7749)
  • [Remote-Server] Improve centreonworker logging (PR/#7712)
  • [UI] Style default select to be as much like select2 as possible (PR/#7819)
  • [UI] Update style of checkbox, radio, tabs (PR/#7845)
  • [UI] Adding cursor pointer to icons (PR/#7613)
  • [Widgets] Add multiselect on severity preference (PR/#7752)
  • [Widgets] Upgrade poller preference of engine-status widget (PR/#7820)
  • [Widgets] Add connectors for servicegroups and severities (PR/#7753)

Documentation

  • Improve documentation for MySQL/MariaB stric mode (PR/#7806)
  • Improve migration procedure (commit 47be1c3)
  • Improve prerequisites (commit 7200461)
  • Fix typo Centreon word (and one variable) (PR/#7796, PR/#7806)

Performance

  • [ACL] centAcl optimize memory and time execution (PR/#7751)
  • [API] Improve performance of clapi call through REST API (PR/#7842)

Bug fixes

  • [ACL] Redirect to login page when user is unauthorized (PR/#7687)
  • [API] Delete services when host template is detached from host (PR/#7784)
  • [API] Fix import of contactgroup when linked to ldap (PR/#7797)
  • [Charts] Match metric name with metric value in export (#5959, #7477, PR/#7764)
  • [Configuration] Fix stream connector configuration update in Centreon Broker form (PR/#7813)
  • [Custom-Views] Correction on custom view using spanish (PR/#7778)
  • [Install] Disable button when installing modules last step (PR/#7873)
  • [Menu] Retrieve menu entries as link (PR/#7826)
  • [Monitoring] Fix labels in graph alignment for service details page (PR/#7805)
  • [Monitoring] Fix double host name display in host details page (PR/#7737)
  • [Remote-Server] Adapt nagios_server export columns (PR/#7871)
  • [UI] Do not display autologin shortcut when disabled (PR/#7340)
  • [UI] Avoid host icon to be flattened (PR/#7870)
  • [UI] Retrieve space before alias in user menu (PR/#7869)

Technical

  • Compatibility with MySQL v8.x version (PR/#7801)
  • [API] Update type of returned activate property (PR/#7851)
  • [Composer] Reduce size of centreon package on packagist (PR/#7818)
  • [Composer] Add missing translation dependency in composer.json (PR/#7879)
  • [Configuration] Move filesGeneration directory to /var/cache/centreon (PR/#7735)
  • [Select2] Fix default select2 getter on severity (PR/#7814)
  • [Select2] Allow to display disabled status in select2 options (PR/#7531)
  • [Update] Move alter table statement in a php script for MySQL compatibility (PR/#7838)

Centreon Web 19.10.0-beta.2

Enhancements

  • [Configuration] Add contactgroups filter in list of contacts (PR/#7744)
  • [Configuration] Add status and vendor filters in list of SNMP traps (PR/#7758)
  • [Configuration] Fix SNMP traps generation by poller (PR/#6416)

Bug fixes

  • [ACL] add ACL to select meta-services for list of services in performance menu (PR/#7736)
  • [Monitoring] Fix pagination display in service monitoring by servicegroups (PR/#7755)
  • [Widget] set GMT to default if null (PR/#7766)

Technical

  • [Lib] Upgrade front libraries & improve dynamic import (PR/#7724)

Centreon Web 19.10.0-beta.1

Enhancements

  • [Charts] Centreon-Web Graph Display and png export is coherent (PR/#7676)
  • [Charts] Better management of virtual metrics: you can display or not a virtual metric (PR/#7676)
  • [Charts] Only one color by curve: users see the same color curve (PR/#7676)
  • [Install] Allow people to use another user that has root privileges when installing centreon (PR/#7445)
  • [Administration] [Audit logs] Add purge function for audit logs (PR/#7710)

Performance

  • Increase performance on server side when we get data from rrd files to display charts: between 70% and 90% (PR/#7676)

Bug fixes

  • [Charts] Fix export png for splitted graph (PR/#7676)
  • [Charts] Graph is smoothed to much (PR/#7676, #4898)
  • [Charts] Unit curves not displayed when only 1 metric (PR/#7676, #5533)
  • [Charts] strange char & missing dates in exports (PR/#7676, #7310)
  • [Charts] HTML code instead of accented characters in graphs (PR/#7676, #6318)
  • [Charts] Graphs Period Showing Different Times (PR/#7676, #5939)

Technical

  • Compatibility with rrdtool >= 1.7.x (PR/#7676)
  • Start compatibility with MariaDB/MySQL STRICT mode - in progress (PR/#7544)
  • [Database] Remove useless primary keys on multiple tables (PR/#7542)
  • [Database] Change type of column widget_models.description to TEXT (PR/#7542)
  • [Database] Add default value to acl_groups.acl_group_changed table (PR/#7542)
  • Remove wizard graph tour in performance view (PR/#7676)
  • Update to rh-php72 (PR/#7542)
© Copyright 2015-2020 Centreon. Created using Sphinx 1.1.3.