Centreon Web 19.10.21¶
Bug fixes¶
[Core] Update centreon copyright dates
[Install] Complete the Last step upgrade redirection
[Administration/About] Update about page with current team
Security fixes¶
[Core] Cross-site Scripting (XSS) in index.php
[Lib] Update jQuery to version >= 3.5.1
Centreon Web 19.10.20¶
Bug fixes¶
[Configuration] Non-admin users can’t create host/service
[Core] PHP 7.3 issue with recurrent downtimes
Security fixes¶
[Administration] Cross-site Scripting (XSS) Stored/Persistent in Ressource Access form - CVE-2020-22425
[Administration] XSS stored in the LDAP form
[Apache] Remove deprecated ciphers for HTTPS configuration example
[Authentication] Session is active longer than expected
[Authentication] User enumeration in login page
[Configuration] Cross-site Scripting (XSS) Reflected in Hosts form
[Core] Vulnerable handlebars.js library
[Reporting] Cross-site Scripting (XSS) Reflected in “Dashboard > Hosts” page
[Service details] Too much “Unable to hide passwords in command”
Centreon Web 19.10.19¶
Bug fixes¶
[CLAPI] Create user with language
[CLAPI] Import fails on password type macros
Security fixes¶
[ACL/Access Groups] Cross-site Scripting (XSS) Stored/Persistent for search
[ACL/Actions Access] Cross-site Scripting (XSS) Stored/Persistent for search
[ACL/Resources Access] Cross-site Scripting (XSS) Stored/Persistent for search
[API] Missing access control mechanism in rest API v1
[Configuration > Servicegroups] Leak of technical information
[Configuration/H/HTPL/S/STPL] Password in plain text
[Core] Centreon token is vulnerable against replay attack
[Core] Token usage is not mandatory
[Media] PHP warning about missing tmp dir used during media upload
Centreon Web 19.10.18¶
Bug fixes¶
[Apache] apache example file for https declaration of SSLCipherSuite
[Authentication] Reach Centreon Front-end parameter ineffective
[LDAP] new LDAP configurations are broken
[Login] Invalid credentials after edit profile changes
Security fixes¶
[Apache] Support for the HTTP TRACE method
[Configuration] Leak of technical information in “Configuration > Service Groups”
[Configuration] Cross-site Scripting (XSS) Stored/Persistent in “Commands > Connectors”
[Configuration] Cross-site Scripting (XSS) Stored/Persistent in “Users > Contact Groups”
[Media] Unrestricted file upload
[Monitoring] XSS in updateContactParam.php & commonJS.php
Centreon Web 19.10.17¶
Enhancements¶
[Remote Server] Add the possibility to configure mail for users
[Remote Server] Hide the “Configure host / service” buttons from monitoring legacy pages
Bug fixes¶
[Administration] ‘options’ table for centreon database is sometimes empty
[Administration] Quiet SSH for Engine statistics collection
[Administration] Script centreon-backup errors
[CLAPI] Export clapi duplicates contacts
[Core/Partitioning] Partitioning starts at epoch
[Core] Perl lib db query bad looping parameters
[Core] Too much rows in extended_service_informations tables
[Custom Views] Select2 popin error on custom view sharing
[Event logs] Inoperative filters when exporting
[Graphs] Performance graph legend does not update dynamically
[Reporting] Dashboard won’t build when having service by hostgroup
Security fixes¶
[Administration] Password in plain text in “Administration > Logs”
[Apache] Lack of click diversion protection (Clickjacking)
[Core] Update moment.js library
[Media] Broken authentication of uploaded files
[Monitoring] Blind SQL Injection in “Monitoring > Downtimes > Downtimes”
[Custom Views] List of user accounts in custom view
Centreon Web 19.10.16¶
Newly shared views do not break widget preferences. But, if you have already broken widget preferences for users who add a shared view, you’ll need to :
Login centreon web with the user who share the custom view
Switch to the custom view with broken preferences for other users
Click on “Share view”, and then click on “Share”
This will restore preferences for other users
Bug fixes¶
[ACL] Incorrect inheritance of categories/severities for services
[CLAPI] Add getparams
[CLAPI] Carriage return and line feed breaks comments
[Configuration] Dependencies not deleted when last parent deleted
[Dashboard] Time is shown in epoch format on the dashboard timeline
[Eventlog] Acknowledged alerts status show “OK” but it’s wrong
[Graphs][legacy pages] 1000/1024 graph template ignored
[Monitoring Status output not correctly displayed with chinese characters
[Remote-Server] incorrect url to contact Centreon Central Server
[Widgets] Can’t change position of widgets
[Widgets] Parameters are deleted when importing/deleting/importing a custom view
Security fixes¶
[API] Information Disclosure in centreon_wiki internal API
[API] ]Cross-site Scripting (XSS) Reflected in centreon_wiki internal API
[Administration] Horizontal privilege escalation / session takeover
[Configuration] Cross Site Scripting in widget rename
[Configuration] RCE in SNMP trap import
[Configuration] Vulnérabilités d’injections SQL in “Configuration > Host categories”
[Configuration] Vulnérabilités d’injections SQL in “Configuration > Service categories”
[Configuration] ]Vulnérabilités d’injections SQL in “Configuration > Service Groups”
[Knowledge-Base] ]Password in plain text in “Configuration > Knowledge base” menu
Centreon Web 19.10.15¶
Enhancements¶
[Backend] HTTP2 compatibility
Bug fixes¶
[CEIP] centreon-send-stats.php script failed when one script fails
[Configuration/CLAPI] APPLYCFG rises errors for hosts with disabled host templates
[Configuration] Notifications are sent to wrong contacts when using services by host groups
[Configuration] improve message to use Remote Server as proxy
[Dashboard] Reporting is broken when a host is renamed
[LDAP] legacy errors in the logs
[Monitoring] Correct API v1 host filters
[Monitoring] Service limit when sending an external command
Security fixes¶
[Administration] SQL injection in “Administration > Parameters > Data”
[Configuration] RCE in Post command execution - CVE-2019-19699
[Configuration] SQL injection in Knowledge Base pages
[Configuration] SQL injection in centreonTraps.class.php
[Custom views] Missing access control mechanism in widget action
[Custom views] Missing access control mechanism in widget preferences
[Custom views] SQL injection in loadServiceFromHost
[Monitoring] Missing access control mechanism in hostSendCommand/ serviceSendCommand
[Monitoring] XSS in setHistory.php and commonJS.php
[Platform Status] Fix vulnerability for file loading
Centreon Web 19.10.14¶
Bug fixes¶
[Backup] Unable to mount ext4 partitions (PR #8770)
[Configuration] Invalid check command prevent notification of meta-services (PR #8783)
[Reporting] Scheduled downtimes are wrongly managed when cancelled (PR #8775)
[Trap] Remove default value when options are configured (PR #8767)
Security fixes¶
[Backup] Privilege escalation from backup cron
[Configuration] Sanitize geocoords values in the form
[Web] Multiple SQL injections
Centreon Web 19.10.13¶
Enhancements¶
[Clapi] Add possibility to get children of a host (PR #7982)
Bug fixes¶
[Configuration] Wrongly linked service template in service group (PR #8589)
[Clapi] Import failure (PR #8724)
[Clapi] Fix/Improve RTDOWNTIME (PR #8275)
[Auth] Authentication type does not fallback from LDAP to local automatically (PR #8713)
[Monitoring] Service groups not displayed when no services found into it (non-admin users) (PR #8529)
[PPM] Remove media error when inserting a plugin (PR #8732)
Security fixes¶
[Web] DoS issue in include/eventLogs/xml/data.php
[Web] RCE using command line path’s argument (CVE-2020-12688)
Centreon Web 19.10.12¶
Enhancements¶
[Install] Add dependencies mechanism during extensions install/remove process
[Monitoring] Hide graphs when no metrics in Details Page (PR #8329)
Bug Fixes¶
[Monitoring] Correctly compute downtime duration (PR #7606)
[Backend] Add Asia/Yangon to the timezone list (PR #8711)
[Backend] host-graph-v2 do not display all graph
Security¶
Vulnerabilities in centreon_home_customview API (PR #8448)
SQL Injection in makeXMLForAck.php (PR #8652)
Vulnerabilities with displayServiceStatus.php (PR #8467)
Centreon Web 19.10.10¶
Bug Fixes¶
[Configuration] Export “NULL” values correctly to Remote Server (PR #8281)
[Dashboard] Report displays templates instead of services (PR #8406)
[Centcore] External commands processed every second if in multiple files (PR #8407)
Centreon Web 19.10.9¶
Bug Fixes¶
[LDAP] Sync user deletion from groups (PR #8287)
[Top Counters] Use session cache to store results (PR #8189)
[Configuration] Geo coordinates of hosts not exported to Remote Server (PR #8390)
Centreon Web 19.10.8¶
Bug Fixes¶
[Documentation] Typos fixed in the documentation (#8336) (#8364)
[Documentation] Remove useless checks (#8360)
[Install] remove harcoded version in source install (#8332)
[Install] source installation script fixes (#8341)
[Install] replace macro in cron files (#8359)
[Web] correct delete comments (#8367)
Security¶
[ACL] set read only access by default instead of read/write (#8317)
Centreon Web 19.10.7¶
Bug Fixes¶
[Charts] Problem using zoom in when having timezone (PR #8286)
[Source install] Several files are not copied in centreon directory
[Status Details] “Display details” strange behaviour when “Summary” selected in by Hostgroup page (PR #8265)
[UI] Add nowrap style to badge class to avoid wrap in dense typeface environments like chinese (PR #8314)
[Mobile] Third level menus are not accessible (PR #8320)
Security¶
Do not expose session ID identifier in URL (PR #8291)
Technical¶
Remove all unused front-end code
Centreon Web 19.10.6¶
Bug Fixes¶
[Status Details] Services shown as CRITICAL while OK (PR #8253)
[Status Details] Cannot empty “Hostgroup” drop-down list in “Services by Hostgroup” (PR #8257)
[Autologin] Access to URI with arguments (PR #8262)
[Configuration] Check command –help display won’t work (PR #8255 and #8268)
[Event Logs] Filter on disabled objects (PR #8238)
[Services Grid] Filters not used correctly (PR #8260)
Centreon Web 19.10.5¶
Bug Fixes¶
[Install] Check MariaDB version before using ALTER USER (PR/#8068)
[Install] Update libinstall scripts (PR/#8180, PR/#8188)
[Status Details] “Display details” not working when “Summary” selected (PR/#8200)
[Traps] Cannot save trap configuration (PR/#8165, PR/#8169)
[Clapi] Fix overlapping in clapi export (PR/#8191 fixes #7562)
[Clapi] Add parameters for HOST object (PR/#8085)
[API] Improve consistency of getparam (PR/#8201)
[Custom View] fix display for user with no widget preferences (PR #8159 fixes #7875)
[Web] Issue with random blank pages (PR/#8187,#8193)
[Web] Search in media page does not work (PR/#8203)
[Web] Improve authentication messages in login.log (PR/#7943)
Security¶
[Web] Bump terser-webpack-plugin to 1.4.2 (PR/#8182)
[Web] Upgrade handlebars dependencies (PR/#8224)
Centreon Web 19.10.4¶
Documentation¶
Clearly indicate that dependencies between pollers are not possible
Improvements¶
[Downtimes] Manage downtimes for host and service (PR/#8110)
Bug Fixes¶
[Custom Views] Define new custom view error file template (PR/#8141)
[Custom Views] Fix double quote in widget title (PR/#8161)
[ACL] Remove ACL notice on lvl3 calculation (PR/#8120)
[Configuration] Fix performance regression in notification system (PR/#8143)
[Remote] Host and service templates are not properly imported (PR/#8147)
[Topology] Correct URL options for service pages (PR/#8164)
Centreon Web 19.10.3¶
Bug Fixes¶
[LDAP] Correct double slashes in the saved DN (PR/#8121)
Security Fixes¶
Fix call of service macros list without authentication - CVE-2019-17645 (PR/#8035)
Fix call of host macros list without authentication - CVE-2019-17644 (PR/#8037)
Centreon Web 19.10.2¶
Enhancements¶
[API] Return curve metric name (PR/#8055)
[Install] Display complete release note of a Major version (commit 06f714d55c)
[Install] Improve last web install step intall button (PR/#7873)
Documentation¶
Display release notes per section in upgrade process
Update FAQ to install RRDCacheD on el7 (PR/#8052)
Bug Fixes¶
[API] Add macro password option for service template using CLAPI (PR/#8012)
[API] Unable to set host notification to None through the API (PR/#8077)
[Charts] Match metric name with metric value (#5959, #7477, PR/#7764)
[Charts] Curves in graph not synchronized on display (PR/#8039)
[Charts] Fix rrd command line with v1.5 (PR/#7804)
[Configuration] fix host name filter history (PR/#8134)
[Install] Check mariaDB version before using ALTER USER (PR/#8068)
[LDAP] Add missing Okta selector (PR/#8028, 7825)
[LDAP] Ldap users using the auto-import cannot login (PR/#8112)
[Configuration] Remove unused radio button in meta service configuration (PR/#7992)
[Monitoring] Fix recurrent downtimes filter (PR/#7989, #7987)
[Notification] Link properly contact with contact template on file generation (PR/#8080)
[Remote Server] Export properly trap matching and hostgroups (PR/#8054)
[Remote Server] Additional Remote Server config fails (#8104, PR/#8105)
[Remote Server] Hostgroup and servicegroup not exported (PR/#8135)
[Traps SNMP] Fix traps regression with same oid (PR/#8118)
[Traps SNMP] Accept null value for description (PR/#8109)
[UI] Fix breacrumb url for parent’s levels (PR/#8108)
[UI] Correctly toggle edit load and header of widgets (PR/#8114)
Security Fixes¶
Avoid SQL injections in multiple monitoring pages - CVE-2019-17647 (PR/#8063, PR/#8094)
Cross-site scripting (reflected) - Dont’ return js (PR/#8095)
Do not allow to get all services using downtime ajax file - CVE-2019-17643 (PR/#8022)
Do not allow to unhide password macros (PR/#8071)
Filter access to api using external entry point - CVE-2019-17646 (PR/#8021)
Fix default contact_autologin_key value
Fix security on LDAP page - CVE-2019-15300 - (PR/#8008)
RCE on mib import from manufacturer input - CVE-2019-15298 (PR/#8023)
Performance¶
Set LDAP contactgroup synchronization every hour (PR/#8070)
Technical¶
Correct the call of static method (PR/#8026)
Improve centreonworker logging (PR/#7712)
Optimize select all in select2 component (PR/#7926)
Poc new update field pollers (PR/#8093, PR/#8100)
Update dependency of centreon-react-components (PR/#8024)
Centreon Web 19.10.1¶
Bug Fixes¶
[Install/update] correct loop issue on installation/update (PR/#7997)
Centreon Web 19.10.0¶
Features¶
[Authentication] Add Keycloak SSO authentication in Centreon (PR/#7700)
[API v2] New real time monitoring JSON REST API v2 for services and hosts - currently in beta version (PR/#7821)
[API v2] Manage acknowledgements (PR/#7907)
[Notification] Add new options for Contacts & Contact groups method calculation (PR/#7917, PR/#7960, PR/#7963, PR/#7965, PR/#7971):
Vertical Inheritance Only: get contacts and contactgroups of resources and linked templates, using additive inheritance enabled option (Legacy method, keep for upgrade)
Closest Value: get most closed contacts and contactgroups of resources including templates
Cumulative inheritance: Cumulate all contacts and contactgroups of resources and linked templates (method used for new installation)
Enhancements¶
[Administration] [Audit logs] Add purge function for audit logs (PR/#7710)
[Authentication] Add Okta LDAP template (PR/#7825)
[Charts] Centreon-Web Graph Display and png export is coherent (PR/#7676)
[Charts] Better management of virtual metrics: you can display or not a virtual metric (PR/#7676)
[Charts] Only one color by curve: users see the same color curve (PR/#7676)
[Configuration] Add display locked checkbox for objects listing (#7444)
[Configuration] Add contactgroups filter in list of contacts (PR/#7744)
[Configuration] Add status and vendor filters in list of SNMP traps (PR/#7758)
[Configuration] Move global rrdcached option to Centreon Broker form for each broker (PR/#7791)
[Configuration] Allow to redifine action command for Centeron Engine & Centreon Broker (PR/#7810)
[Install] Allow people to use another user that has root privileges when installing centreon (PR/#7445)
[Install] Add possibility to install widget during last step (PR/#7890)
[Install] New script that aims at automating all manual steps that are required when installing Centreon from packages (PR/#7853)
[Remote Server] Poller attached to multiple remote servers (PR/#7849)
[Remote-Server] Allow to use direct ssh connection to poller from central (PR/#7680)
[Remote-Server] Optimize execution time of export/import (PR/#7749)
[Remote-Server] Improve centreonworker logging (PR/#7712)
[UI] Do not display round values in detailed top counter (PR/#7547)
[UI] Style default select to be as much like select2 as possible (PR/#7819)
[UI] Update style of checkbox, radio, tabs (PR/#7845)
[UI] Adding cursor pointer to icons (PR/#7613)
[Widgets] Add multiselect on severity preference (PR/#7752)
[Widgets] Upgrade poller preference of engine-status widget (PR/#7820)
[Widgets] Add connectors for servicegroups and severities (PR/#7753)
Performance¶
[ACL] centAcl optimize memory and time execution (PR/#7751)
[API] Improve performance of clapi call through REST API (PR/#7842)
[Chart] Increase performance on server side when we get data from rrd files to display charts: between 70% and 90% (PR/#7676)
Documentation¶
Doc correct migration using Nagios reader (PR/#7781)
Update MySQL prerequisites for master (PR/#7904)
Improve documentation for MySQL/MariaB strict mode (PR/#7806)
Improve migration procedure (commit 47be1c3)
Improve prerequisites (commit 7200461)
Fix typo Centreon word (and one variable) (PR/#7796, PR/#7806)
Add link to Centreon API JSON REST v2 (commit bfac416)
Add OS update (commit 04e9942)
Bug Fixes¶
[ACL] Redirect to login page when user is unauthorized (PR/#7687)
[ACL] Add ACL to select meta-services for list of services in performance menu (PR/#7736)
[ACL] Fix cron renaming bound variable name (PR/#7984)
[API] Delete services when host template is detached from host (PR/#7784)
[API] Fix import of contactgroup when linked to ldap (PR/#7797)
[API v2] Fix bad verification when an admin has access group (PR/#7972)
[Charts] Fix export png for splited graph (PR/#7676)
[Charts] Graph is smoothed to much (PR/#7676, #4898)
[Charts] Unit curves not displayed when only 1 metric (PR/#7676, #5533)
[Charts] strange char & missing dates in exports (PR/#7676, #7310)
[Charts] HTML code instead of accented characters in graphs (PR/#7676, #6318)
[Charts] Graphs Period Showing Different Times (PR/#7676, #5939)
[Charts] Match metric name with metric value in export (#5959, #7477, PR/#7764)
[Centcore] Correct typo in scp command (#7849, PR/#7946)
[Centcore] Create centcore file by action (PR/#6985)
[Configuration] Correct issue in wizard with PR #7849 (commit 2b8a728478)
[Configuration] Fix style of broker modules options checkboxes (PR/#7899)
[Configuration] Select also pollers attached to additional RS for generation (PR/#7922)
[Configuration] Fix the manual activation/disactivation of a contact (PR/#7930)
[Configuration] List contact using escapeSecure method (PR/#7947)
[Configuration] Fix SNMP traps generation by poller (PR/#6416)
[Configuration] Fix stream connector configuration update in Centreon Broker form (PR/#7813)
[Custom-Views] Correction on custom view using spanish (PR/#7778)
[Dashboard] Remove useless columns which break sql strict mode (PR/#7937)
[i18n] Fix issue with translation when several modules are installed (PR/#7916)
[Install] Change the bash interpreter for the native sh (commit (PR/#7911))
[Install] Update wording about cache in install/upgrade process (PR/#7895)
[Install] Fix syntax error in step5 of upgrade process (PR/#7900)
[Install] Disable button when installing modules last step (PR/#7873)
[Menu] Retrieve menu entries as link (PR/#7826)
[Monitoring] Apply downtimes on resources linked to a poller (PR/#7955)
[Monitoring] Save properly monitoring service status filter (PR/#7908)
[Monitoring] Fix pagination display in service monitoring by servicegroups (PR/#7755)
[Monitoring] Fix labels in graph alignment for service details page (PR/#7805)
[Monitoring] Fix double host name display in host details page (PR/#7737)
[Remote-Server] Allow remote server config to be loaded with mysql strict mode enabled (PR/#7887)
[Remote Server] Change grant option for remote server database centreon user (PR/#7888)
[Remote Server] set remote_id/remote_server_centcore_ssh_proxy to NULL/0 (PR/#7878)
[Remote Server] Fix simple remote server creation (PR/#7936)
[Remote Server] Add missing host poller relation in export (PR/#7928)
[Remote-Server] Adapt nagios_server export columns (PR/#7871)
[UI] Do not display autologin shortcut when disabled (PR/#7340)
[UI] Avoid host icon to be flattened (PR/#7870)
[UI] Retrieve space before alias in user menu (PR/#7869)
[UI] Fix compatibility with IE11 (external modules) (PR/#7923)
[UI] Rename contact template titles properly (PR/#7929)
[UI] Fix style of frozen checkboxes (PR/#7882)
[Widgets] Undefined pagination variable when editing custom view (PR/#7935)
[Widgets] set GMT to default if null (PR/#7766)
Security fixes¶
Add rule for max session duration (PR/#7918)
Hide password in command line for status details page (#7414, PR/#7859)
Escape script and input tags by default (PR/#7811)
Add php mandatory params info in source installation (PR/#7897)
Escape persistent and reflected XSS in my account (PR/#7877)
Remove xss injection of service output in host form (PR/#7865)
Sanitize host_id and service_id in makeXMLForOneService.php (PR/#7862)
Session fixation using regenerate_session_id (PR/#7892)
Remove command test execution - CVE 2019-16405 (PR/#7864)
the ini_set session duration param has been moved in php.ini (PR/7896)
Technical¶
[API] Update type of returned activate property (PR/#7851)
[CEIP] Telemetry ceip improvements (PR/#7931)
[Component] Compatibility with RRDtool >= 1.7.x (PR/#7676)
[Component] Update to rh-php72 (PR/#7542)
[Composer] Reduce size of centreon package on packagist (PR/#7818)
[Composer] Add missing translation dependency in composer.json (PR/#7879)
[Configuration] Move filesGeneration directory to /var/cache/centreon (PR/#7735)
[Core] Improve the centreon user service definition in ServiceProvider (PR/#7891)
[CSS] Clean cache at each new centreon version (PR/#7959)
[Database] Start compatibility with MariaDB/MySQL STRICT mode - in progress (PR/#7544)
[Database] Remove useless primary keys on multiple tables (PR/#7542)
[Database] Change type of column widget_models.description to TEXT (PR/#7542)
[Database] Add default value to acl_groups.acl_group_changed table (PR/#7542)
[Database] Update column types of downtimes table (PR/#793)
[Database] Compatibility with MySQL v8.x version (PR/#7801)
[Install] Do not require conf.php files to exist in module upgrade directories (PR/#7914)
[Lib] Upgrade front libraries & improve dynamic import (PR/#7724)
[Select2] Fix default select2 getter on severity (PR/#7814)
[Select2] Allow to display disabled status in select2 options (PR/#7531)
[Test] Fix acceptance test of locked elements (PR/#7910)
[Update] Move alter table statement in a php script for MySQL compatibility (PR/#7838)
[Upgrade] Take into account the removal of older conf.php (PR/#7952)
[Update] Remove upgrade of bigint columns (PR/#7953)
[UI] Remove wizard graph tour in performance view (PR/#7676)
[Update] Finish module update with upgrade to last version (PR/#7956)
Known issue¶
[logs] Fix the limitation of max value for the primary key of the centreon_storage.logs table (Update centreon_storage.logs table)
Centreon Web 19.10.0-rc.1¶
Enhancements¶
[authentication] Add okta LDAP template (PR/#7825)
[Configuration] Add display locked checkbox for objects listing (#7444)
[Install] Add possibility to install widget during last step (PR/#7890)
[Remote Server] Poller attached to multiple remote servers (PR/#7849)
[UI] Do not display round values in detailed top counter (PR/#7547)
Documentation¶
Doc correct migration using nagios reader (PR/#7781)
Update mysql prerequisites for master (PR/#7904)
Bug Fixes¶
[Centcore] Create centcore file by action (PR/#6985)
[Configuration] Correct issue in wizard with PR #7849 (commit 2b8a728478)
[Configuration] Fix style of broker modules options checkboxes (PR/#7899)
[Install] Change the bash interpreter for the native sh (commit (PR/#7911))
[Install] Update wording about cache in install/upgrade process (PR/#7895)
[Install] Fix syntax error in step5 of upgrade process (PR/#7900)
[Monitoring] Save properly monitoring service status filter (PR/#7908)
[Remote-Server] Allow remote server config to be loaded with mysql strict mode enabled (PR/#7887)
[Remote Server] Change grant option for remote server database centreon user (PR/#7888)
[Remote Server] set remote_id/remote_server_centcore_ssh_proxy to NULL/0 (PR/#7878)
[UI] Fix style of frozen checkboxes (PR/#7882)
Security fixes¶
Hide password in command line for status details page (#7414, PR/#7859)
Escape script and input tags by default (PR/#7811)
Add php mandatory params info in source installation (PR/#7897)
Escape persistent and reflected XSS in my account (PR/#7877)
Remove xss injection of service output in host form (PR/#7865)
Sanitize host_id and service_id in makeXMLForOneService.php (PR/#7862)
Session fixation using regenerate_session_id (PR/#7892)
Remove command test execution - CVE 2019-16405 (PR/#7864)
the ini_set session duration param has been moved in php.ini (PR/7896)
Technical¶
[Core] Improve the centreon user service definition in ServiceProvider (PR/#7891)
[Test] Fix acceptance test of locked elements (PR/#7910)
Known issue¶
[logs] Fix the limitation of max value for the primary key of the centreon_storage.logs table (Update centreon_storage.logs table)
Centreon Web 19.10.0-beta.3¶
New features¶
[Authentication] Add Keycloak SSO authentication in Centreon (PR/#7700)
[API] New real time monitoring API for services and hosts (PR/#7821)
Enhancements¶
[Configuration] Move global rrdcached option to Centreon Broker form for each broker (PR/#7791)
[Configuration] Allow to redifine action command for Centeron Engine & Centreon Broker (PR/#7810)
[Install] New script that aims at automating all manual steps that are required when installing Centreon from packages (PR/#7853)
[Remote-Server] Allow to use direct ssh connection to poller from central (PR/#7680)
[Remote-Server] Optimize execution time of export/import (PR/#7749)
[Remote-Server] Improve centreonworker logging (PR/#7712)
[UI] Style default select to be as much like select2 as possible (PR/#7819)
[UI] Update style of checkbox, radio, tabs (PR/#7845)
[UI] Adding cursor pointer to icons (PR/#7613)
[Widgets] Add multiselect on severity preference (PR/#7752)
[Widgets] Upgrade poller preference of engine-status widget (PR/#7820)
[Widgets] Add connectors for servicegroups and severities (PR/#7753)
Documentation¶
Improve documentation for MySQL/MariaB stric mode (PR/#7806)
Improve migration procedure (commit 47be1c3)
Improve prerequisites (commit 7200461)
Fix typo Centreon word (and one variable) (PR/#7796, PR/#7806)
Performance¶
[ACL] centAcl optimize memory and time execution (PR/#7751)
[API] Improve performance of clapi call through REST API (PR/#7842)
Bug fixes¶
[ACL] Redirect to login page when user is unauthorized (PR/#7687)
[API] Delete services when host template is detached from host (PR/#7784)
[API] Fix import of contactgroup when linked to ldap (PR/#7797)
[Charts] Match metric name with metric value in export (#5959, #7477, PR/#7764)
[Configuration] Fix stream connector configuration update in Centreon Broker form (PR/#7813)
[Custom-Views] Correction on custom view using spanish (PR/#7778)
[Install] Disable button when installing modules last step (PR/#7873)
[Menu] Retrieve menu entries as link (PR/#7826)
[Monitoring] Fix labels in graph alignment for service details page (PR/#7805)
[Monitoring] Fix double host name display in host details page (PR/#7737)
[Remote-Server] Adapt nagios_server export columns (PR/#7871)
[UI] Do not display autologin shortcut when disabled (PR/#7340)
[UI] Avoid host icon to be flattened (PR/#7870)
[UI] Retrieve space before alias in user menu (PR/#7869)
Technical¶
Compatibility with MySQL v8.x version (PR/#7801)
[API] Update type of returned activate property (PR/#7851)
[Composer] Reduce size of centreon package on packagist (PR/#7818)
[Composer] Add missing translation dependency in composer.json (PR/#7879)
[Configuration] Move filesGeneration directory to /var/cache/centreon (PR/#7735)
[Select2] Fix default select2 getter on severity (PR/#7814)
[Select2] Allow to display disabled status in select2 options (PR/#7531)
[Update] Move alter table statement in a php script for MySQL compatibility (PR/#7838)
Centreon Web 19.10.0-beta.2¶
Enhancements¶
[Configuration] Add contactgroups filter in list of contacts (PR/#7744)
[Configuration] Add status and vendor filters in list of SNMP traps (PR/#7758)
[Configuration] Fix SNMP traps generation by poller (PR/#6416)
Bug fixes¶
[ACL] add ACL to select meta-services for list of services in performance menu (PR/#7736)
[Monitoring] Fix pagination display in service monitoring by servicegroups (PR/#7755)
[Widget] set GMT to default if null (PR/#7766)
Technical¶
[Lib] Upgrade front libraries & improve dynamic import (PR/#7724)
Centreon Web 19.10.0-beta.1¶
Enhancements¶
[Charts] Centreon-Web Graph Display and png export is coherent (PR/#7676)
[Charts] Better management of virtual metrics: you can display or not a virtual metric (PR/#7676)
[Charts] Only one color by curve: users see the same color curve (PR/#7676)
[Install] Allow people to use another user that has root privileges when installing centreon (PR/#7445)
[Administration] [Audit logs] Add purge function for audit logs (PR/#7710)
Performance¶
Increase performance on server side when we get data from rrd files to display charts: between 70% and 90% (PR/#7676)
Bug fixes¶
[Charts] Fix export png for splitted graph (PR/#7676)
[Charts] Graph is smoothed to much (PR/#7676, #4898)
[Charts] Unit curves not displayed when only 1 metric (PR/#7676, #5533)
[Charts] strange char & missing dates in exports (PR/#7676, #7310)
[Charts] HTML code instead of accented characters in graphs (PR/#7676, #6318)
[Charts] Graphs Period Showing Different Times (PR/#7676, #5939)
Technical¶
Compatibility with rrdtool >= 1.7.x (PR/#7676)
Start compatibility with MariaDB/MySQL STRICT mode - in progress (PR/#7544)
[Database] Remove useless primary keys on multiple tables (PR/#7542)
[Database] Change type of column widget_models.description to TEXT (PR/#7542)
[Database] Add default value to acl_groups.acl_group_changed table (PR/#7542)
Remove wizard graph tour in performance view (PR/#7676)
Update to rh-php72 (PR/#7542)