Centreon Web 19.10.21

Bug fixes

  • [Core] Update centreon copyright dates

  • [Install] Complete the Last step upgrade redirection

  • [Administration/About] Update about page with current team

Security fixes

  • [Core] Cross-site Scripting (XSS) in index.php

  • [Lib] Update jQuery to version >= 3.5.1

Centreon Web 19.10.20

Bug fixes

  • [Configuration] Non-admin users can’t create host/service

  • [Core] PHP 7.3 issue with recurrent downtimes

Security fixes

  • [Administration] Cross-site Scripting (XSS) Stored/Persistent in Ressource Access form - CVE-2020-22425

  • [Administration] XSS stored in the LDAP form

  • [Apache] Remove deprecated ciphers for HTTPS configuration example

  • [Authentication] Session is active longer than expected

  • [Authentication] User enumeration in login page

  • [Configuration] Cross-site Scripting (XSS) Reflected in Hosts form

  • [Core] Vulnerable handlebars.js library

  • [Reporting] Cross-site Scripting (XSS) Reflected in “Dashboard > Hosts” page

  • [Service details] Too much “Unable to hide passwords in command”

Centreon Web 19.10.19

Bug fixes

  • [CLAPI] Create user with language

  • [CLAPI] Import fails on password type macros

Security fixes

  • [ACL/Access Groups] Cross-site Scripting (XSS) Stored/Persistent for search

  • [ACL/Actions Access] Cross-site Scripting (XSS) Stored/Persistent for search

  • [ACL/Resources Access] Cross-site Scripting (XSS) Stored/Persistent for search

  • [API] Missing access control mechanism in rest API v1

  • [Configuration > Servicegroups] Leak of technical information

  • [Configuration/H/HTPL/S/STPL] Password in plain text

  • [Core] Centreon token is vulnerable against replay attack

  • [Core] Token usage is not mandatory

  • [Media] PHP warning about missing tmp dir used during media upload

Centreon Web 19.10.18

Bug fixes

  • [Apache] apache example file for https declaration of SSLCipherSuite

  • [Authentication] Reach Centreon Front-end parameter ineffective

  • [LDAP] new LDAP configurations are broken

  • [Login] Invalid credentials after edit profile changes

Security fixes

  • [Apache] Support for the HTTP TRACE method

  • [Configuration] Leak of technical information in “Configuration > Service Groups”

  • [Configuration] Cross-site Scripting (XSS) Stored/Persistent in “Commands > Connectors”

  • [Configuration] Cross-site Scripting (XSS) Stored/Persistent in “Users > Contact Groups”

  • [Media] Unrestricted file upload

  • [Monitoring] XSS in updateContactParam.php & commonJS.php

Centreon Web 19.10.17

Enhancements

  • [Remote Server] Add the possibility to configure mail for users

  • [Remote Server] Hide the “Configure host / service” buttons from monitoring legacy pages

Bug fixes

  • [Administration] ‘options’ table for centreon database is sometimes empty

  • [Administration] Quiet SSH for Engine statistics collection

  • [Administration] Script centreon-backup errors

  • [CLAPI] Export clapi duplicates contacts

  • [Core/Partitioning] Partitioning starts at epoch

  • [Core] Perl lib db query bad looping parameters

  • [Core] Too much rows in extended_service_informations tables

  • [Custom Views] Select2 popin error on custom view sharing

  • [Event logs] Inoperative filters when exporting

  • [Graphs] Performance graph legend does not update dynamically

  • [Reporting] Dashboard won’t build when having service by hostgroup

Security fixes

  • [Administration] Password in plain text in “Administration > Logs”

  • [Apache] Lack of click diversion protection (Clickjacking)

  • [Core] Update moment.js library

  • [Media] Broken authentication of uploaded files

  • [Monitoring] Blind SQL Injection in “Monitoring > Downtimes > Downtimes”

  • [Custom Views] List of user accounts in custom view

Centreon Web 19.10.16

Newly shared views do not break widget preferences. But, if you have already broken widget preferences for users who add a shared view, you’ll need to :

  • Login centreon web with the user who share the custom view

  • Switch to the custom view with broken preferences for other users

  • Click on “Share view”, and then click on “Share”

This will restore preferences for other users

Bug fixes

  • [ACL] Incorrect inheritance of categories/severities for services

  • [CLAPI] Add getparams

  • [CLAPI] Carriage return and line feed breaks comments

  • [Configuration] Dependencies not deleted when last parent deleted

  • [Dashboard] Time is shown in epoch format on the dashboard timeline

  • [Eventlog] Acknowledged alerts status show “OK” but it’s wrong

  • [Graphs][legacy pages] 1000/1024 graph template ignored

  • [Monitoring Status output not correctly displayed with chinese characters

  • [Remote-Server] incorrect url to contact Centreon Central Server

  • [Widgets] Can’t change position of widgets

  • [Widgets] Parameters are deleted when importing/deleting/importing a custom view

Security fixes

  • [API] Information Disclosure in centreon_wiki internal API

  • [API] ]Cross-site Scripting (XSS) Reflected in centreon_wiki internal API

  • [Administration] Horizontal privilege escalation / session takeover

  • [Configuration] Cross Site Scripting in widget rename

  • [Configuration] RCE in SNMP trap import

  • [Configuration] Vulnérabilités d’injections SQL in “Configuration > Host categories”

  • [Configuration] Vulnérabilités d’injections SQL in “Configuration > Service categories”

  • [Configuration] ]Vulnérabilités d’injections SQL in “Configuration > Service Groups”

  • [Knowledge-Base] ]Password in plain text in “Configuration > Knowledge base” menu

Centreon Web 19.10.15

Enhancements

  • [Backend] HTTP2 compatibility

Bug fixes

  • [CEIP] centreon-send-stats.php script failed when one script fails

  • [Configuration/CLAPI] APPLYCFG rises errors for hosts with disabled host templates

  • [Configuration] Notifications are sent to wrong contacts when using services by host groups

  • [Configuration] improve message to use Remote Server as proxy

  • [Dashboard] Reporting is broken when a host is renamed

  • [LDAP] legacy errors in the logs

  • [Monitoring] Correct API v1 host filters

  • [Monitoring] Service limit when sending an external command

Security fixes

  • [Administration] SQL injection in “Administration > Parameters > Data”

  • [Configuration] RCE in Post command execution - CVE-2019-19699

  • [Configuration] SQL injection in Knowledge Base pages

  • [Configuration] SQL injection in centreonTraps.class.php

  • [Custom views] Missing access control mechanism in widget action

  • [Custom views] Missing access control mechanism in widget preferences

  • [Custom views] SQL injection in loadServiceFromHost

  • [Monitoring] Missing access control mechanism in hostSendCommand/ serviceSendCommand

  • [Monitoring] XSS in setHistory.php and commonJS.php

  • [Platform Status] Fix vulnerability for file loading

Centreon Web 19.10.14

Bug fixes

  • [Backup] Unable to mount ext4 partitions (PR #8770)

  • [Configuration] Invalid check command prevent notification of meta-services (PR #8783)

  • [Reporting] Scheduled downtimes are wrongly managed when cancelled (PR #8775)

  • [Trap] Remove default value when options are configured (PR #8767)

Security fixes

  • [Backup] Privilege escalation from backup cron

  • [Configuration] Sanitize geocoords values in the form

  • [Web] Multiple SQL injections

Centreon Web 19.10.13

Enhancements

  • [Clapi] Add possibility to get children of a host (PR #7982)

Bug fixes

  • [Configuration] Wrongly linked service template in service group (PR #8589)

  • [Clapi] Import failure (PR #8724)

  • [Clapi] Fix/Improve RTDOWNTIME (PR #8275)

  • [Auth] Authentication type does not fallback from LDAP to local automatically (PR #8713)

  • [Monitoring] Service groups not displayed when no services found into it (non-admin users) (PR #8529)

  • [PPM] Remove media error when inserting a plugin (PR #8732)

Security fixes

  • [Web] DoS issue in include/eventLogs/xml/data.php

  • [Web] RCE using command line path’s argument (CVE-2020-12688)

Centreon Web 19.10.12

Enhancements

  • [Install] Add dependencies mechanism during extensions install/remove process

  • [Monitoring] Hide graphs when no metrics in Details Page (PR #8329)

Bug Fixes

  • [Monitoring] Correctly compute downtime duration (PR #7606)

  • [Backend] Add Asia/Yangon to the timezone list (PR #8711)

  • [Backend] host-graph-v2 do not display all graph

Security

  • Vulnerabilities in centreon_home_customview API (PR #8448)

  • SQL Injection in makeXMLForAck.php (PR #8652)

  • Vulnerabilities with displayServiceStatus.php (PR #8467)

Centreon Web 19.10.10

Bug Fixes

  • [Configuration] Export “NULL” values correctly to Remote Server (PR #8281)

  • [Dashboard] Report displays templates instead of services (PR #8406)

  • [Centcore] External commands processed every second if in multiple files (PR #8407)

Centreon Web 19.10.9

Bug Fixes

  • [LDAP] Sync user deletion from groups (PR #8287)

  • [Top Counters] Use session cache to store results (PR #8189)

  • [Configuration] Geo coordinates of hosts not exported to Remote Server (PR #8390)

Centreon Web 19.10.8

Bug Fixes

  • [Documentation] Typos fixed in the documentation (#8336) (#8364)

  • [Documentation] Remove useless checks (#8360)

  • [Install] remove harcoded version in source install (#8332)

  • [Install] source installation script fixes (#8341)

  • [Install] replace macro in cron files (#8359)

  • [Web] correct delete comments (#8367)

Security

  • [ACL] set read only access by default instead of read/write (#8317)

Centreon Web 19.10.7

Bug Fixes

  • [Charts] Problem using zoom in when having timezone (PR #8286)

  • [Source install] Several files are not copied in centreon directory

  • [Status Details] “Display details” strange behaviour when “Summary” selected in by Hostgroup page (PR #8265)

  • [UI] Add nowrap style to badge class to avoid wrap in dense typeface environments like chinese (PR #8314)

  • [Mobile] Third level menus are not accessible (PR #8320)

Security

  • Do not expose session ID identifier in URL (PR #8291)

Technical

  • Remove all unused front-end code

Centreon Web 19.10.6

Bug Fixes

  • [Status Details] Services shown as CRITICAL while OK (PR #8253)

  • [Status Details] Cannot empty “Hostgroup” drop-down list in “Services by Hostgroup” (PR #8257)

  • [Autologin] Access to URI with arguments (PR #8262)

  • [Configuration] Check command –help display won’t work (PR #8255 and #8268)

  • [Event Logs] Filter on disabled objects (PR #8238)

  • [Services Grid] Filters not used correctly (PR #8260)

Centreon Web 19.10.5

Bug Fixes

  • [Install] Check MariaDB version before using ALTER USER (PR/#8068)

  • [Install] Update libinstall scripts (PR/#8180, PR/#8188)

  • [Status Details] “Display details” not working when “Summary” selected (PR/#8200)

  • [Traps] Cannot save trap configuration (PR/#8165, PR/#8169)

  • [Clapi] Fix overlapping in clapi export (PR/#8191 fixes #7562)

  • [Clapi] Add parameters for HOST object (PR/#8085)

  • [API] Improve consistency of getparam (PR/#8201)

  • [Custom View] fix display for user with no widget preferences (PR #8159 fixes #7875)

  • [Web] Issue with random blank pages (PR/#8187,#8193)

  • [Web] Search in media page does not work (PR/#8203)

  • [Web] Improve authentication messages in login.log (PR/#7943)

Security

  • [Web] Bump terser-webpack-plugin to 1.4.2 (PR/#8182)

  • [Web] Upgrade handlebars dependencies (PR/#8224)

Centreon Web 19.10.4

Documentation

  • Clearly indicate that dependencies between pollers are not possible

Improvements

  • [Downtimes] Manage downtimes for host and service (PR/#8110)

Bug Fixes

  • [Custom Views] Define new custom view error file template (PR/#8141)

  • [Custom Views] Fix double quote in widget title (PR/#8161)

  • [ACL] Remove ACL notice on lvl3 calculation (PR/#8120)

  • [Configuration] Fix performance regression in notification system (PR/#8143)

  • [Remote] Host and service templates are not properly imported (PR/#8147)

  • [Topology] Correct URL options for service pages (PR/#8164)

Centreon Web 19.10.3

Bug Fixes

  • [LDAP] Correct double slashes in the saved DN (PR/#8121)

Security Fixes

  • Fix call of service macros list without authentication - CVE-2019-17645 (PR/#8035)

  • Fix call of host macros list without authentication - CVE-2019-17644 (PR/#8037)

Centreon Web 19.10.2

Enhancements

  • [API] Return curve metric name (PR/#8055)

  • [Install] Display complete release note of a Major version (commit 06f714d55c)

  • [Install] Improve last web install step intall button (PR/#7873)

Documentation

  • Display release notes per section in upgrade process

  • Update FAQ to install RRDCacheD on el7 (PR/#8052)

Bug Fixes

  • [API] Add macro password option for service template using CLAPI (PR/#8012)

  • [API] Unable to set host notification to None through the API (PR/#8077)

  • [Charts] Match metric name with metric value (#5959, #7477, PR/#7764)

  • [Charts] Curves in graph not synchronized on display (PR/#8039)

  • [Charts] Fix rrd command line with v1.5 (PR/#7804)

  • [Configuration] fix host name filter history (PR/#8134)

  • [Install] Check mariaDB version before using ALTER USER (PR/#8068)

  • [LDAP] Add missing Okta selector (PR/#8028, 7825)

  • [LDAP] Ldap users using the auto-import cannot login (PR/#8112)

  • [Configuration] Remove unused radio button in meta service configuration (PR/#7992)

  • [Monitoring] Fix recurrent downtimes filter (PR/#7989, #7987)

  • [Notification] Link properly contact with contact template on file generation (PR/#8080)

  • [Remote Server] Export properly trap matching and hostgroups (PR/#8054)

  • [Remote Server] Additional Remote Server config fails (#8104, PR/#8105)

  • [Remote Server] Hostgroup and servicegroup not exported (PR/#8135)

  • [Traps SNMP] Fix traps regression with same oid (PR/#8118)

  • [Traps SNMP] Accept null value for description (PR/#8109)

  • [UI] Fix breacrumb url for parent’s levels (PR/#8108)

  • [UI] Correctly toggle edit load and header of widgets (PR/#8114)

Security Fixes

  • Avoid SQL injections in multiple monitoring pages - CVE-2019-17647 (PR/#8063, PR/#8094)

  • Cross-site scripting (reflected) - Dont’ return js (PR/#8095)

  • Do not allow to get all services using downtime ajax file - CVE-2019-17643 (PR/#8022)

  • Do not allow to unhide password macros (PR/#8071)

  • Filter access to api using external entry point - CVE-2019-17646 (PR/#8021)

  • Fix default contact_autologin_key value

  • Fix security on LDAP page - CVE-2019-15300 - (PR/#8008)

  • RCE on mib import from manufacturer input - CVE-2019-15298 (PR/#8023)

Performance

  • Set LDAP contactgroup synchronization every hour (PR/#8070)

Technical

  • Correct the call of static method (PR/#8026)

  • Improve centreonworker logging (PR/#7712)

  • Optimize select all in select2 component (PR/#7926)

  • Poc new update field pollers (PR/#8093, PR/#8100)

  • Update dependency of centreon-react-components (PR/#8024)

Centreon Web 19.10.1

Bug Fixes

  • [Install/update] correct loop issue on installation/update (PR/#7997)

Centreon Web 19.10.0

Features

  • [Authentication] Add Keycloak SSO authentication in Centreon (PR/#7700)

  • [API v2] New real time monitoring JSON REST API v2 for services and hosts - currently in beta version (PR/#7821)

  • [API v2] Manage acknowledgements (PR/#7907)

  • [Notification] Add new options for Contacts & Contact groups method calculation (PR/#7917, PR/#7960, PR/#7963, PR/#7965, PR/#7971):

    • Vertical Inheritance Only: get contacts and contactgroups of resources and linked templates, using additive inheritance enabled option (Legacy method, keep for upgrade)

    • Closest Value: get most closed contacts and contactgroups of resources including templates

    • Cumulative inheritance: Cumulate all contacts and contactgroups of resources and linked templates (method used for new installation)

Enhancements

  • [Administration] [Audit logs] Add purge function for audit logs (PR/#7710)

  • [Authentication] Add Okta LDAP template (PR/#7825)

  • [Charts] Centreon-Web Graph Display and png export is coherent (PR/#7676)

  • [Charts] Better management of virtual metrics: you can display or not a virtual metric (PR/#7676)

  • [Charts] Only one color by curve: users see the same color curve (PR/#7676)

  • [Configuration] Add display locked checkbox for objects listing (#7444)

  • [Configuration] Add contactgroups filter in list of contacts (PR/#7744)

  • [Configuration] Add status and vendor filters in list of SNMP traps (PR/#7758)

  • [Configuration] Move global rrdcached option to Centreon Broker form for each broker (PR/#7791)

  • [Configuration] Allow to redifine action command for Centeron Engine & Centreon Broker (PR/#7810)

  • [Install] Allow people to use another user that has root privileges when installing centreon (PR/#7445)

  • [Install] Add possibility to install widget during last step (PR/#7890)

  • [Install] New script that aims at automating all manual steps that are required when installing Centreon from packages (PR/#7853)

  • [Remote Server] Poller attached to multiple remote servers (PR/#7849)

  • [Remote-Server] Allow to use direct ssh connection to poller from central (PR/#7680)

  • [Remote-Server] Optimize execution time of export/import (PR/#7749)

  • [Remote-Server] Improve centreonworker logging (PR/#7712)

  • [UI] Do not display round values in detailed top counter (PR/#7547)

  • [UI] Style default select to be as much like select2 as possible (PR/#7819)

  • [UI] Update style of checkbox, radio, tabs (PR/#7845)

  • [UI] Adding cursor pointer to icons (PR/#7613)

  • [Widgets] Add multiselect on severity preference (PR/#7752)

  • [Widgets] Upgrade poller preference of engine-status widget (PR/#7820)

  • [Widgets] Add connectors for servicegroups and severities (PR/#7753)

Performance

  • [ACL] centAcl optimize memory and time execution (PR/#7751)

  • [API] Improve performance of clapi call through REST API (PR/#7842)

  • [Chart] Increase performance on server side when we get data from rrd files to display charts: between 70% and 90% (PR/#7676)

Documentation

  • Doc correct migration using Nagios reader (PR/#7781)

  • Update MySQL prerequisites for master (PR/#7904)

  • Improve documentation for MySQL/MariaB strict mode (PR/#7806)

  • Improve migration procedure (commit 47be1c3)

  • Improve prerequisites (commit 7200461)

  • Fix typo Centreon word (and one variable) (PR/#7796, PR/#7806)

  • Add link to Centreon API JSON REST v2 (commit bfac416)

  • Add OS update (commit 04e9942)

Bug Fixes

  • [ACL] Redirect to login page when user is unauthorized (PR/#7687)

  • [ACL] Add ACL to select meta-services for list of services in performance menu (PR/#7736)

  • [ACL] Fix cron renaming bound variable name (PR/#7984)

  • [API] Delete services when host template is detached from host (PR/#7784)

  • [API] Fix import of contactgroup when linked to ldap (PR/#7797)

  • [API v2] Fix bad verification when an admin has access group (PR/#7972)

  • [Charts] Fix export png for splited graph (PR/#7676)

  • [Charts] Graph is smoothed to much (PR/#7676, #4898)

  • [Charts] Unit curves not displayed when only 1 metric (PR/#7676, #5533)

  • [Charts] strange char & missing dates in exports (PR/#7676, #7310)

  • [Charts] HTML code instead of accented characters in graphs (PR/#7676, #6318)

  • [Charts] Graphs Period Showing Different Times (PR/#7676, #5939)

  • [Charts] Match metric name with metric value in export (#5959, #7477, PR/#7764)

  • [Centcore] Correct typo in scp command (#7849, PR/#7946)

  • [Centcore] Create centcore file by action (PR/#6985)

  • [Configuration] Correct issue in wizard with PR #7849 (commit 2b8a728478)

  • [Configuration] Fix style of broker modules options checkboxes (PR/#7899)

  • [Configuration] Select also pollers attached to additional RS for generation (PR/#7922)

  • [Configuration] Fix the manual activation/disactivation of a contact (PR/#7930)

  • [Configuration] List contact using escapeSecure method (PR/#7947)

  • [Configuration] Fix SNMP traps generation by poller (PR/#6416)

  • [Configuration] Fix stream connector configuration update in Centreon Broker form (PR/#7813)

  • [Custom-Views] Correction on custom view using spanish (PR/#7778)

  • [Dashboard] Remove useless columns which break sql strict mode (PR/#7937)

  • [i18n] Fix issue with translation when several modules are installed (PR/#7916)

  • [Install] Change the bash interpreter for the native sh (commit (PR/#7911))

  • [Install] Update wording about cache in install/upgrade process (PR/#7895)

  • [Install] Fix syntax error in step5 of upgrade process (PR/#7900)

  • [Install] Disable button when installing modules last step (PR/#7873)

  • [Menu] Retrieve menu entries as link (PR/#7826)

  • [Monitoring] Apply downtimes on resources linked to a poller (PR/#7955)

  • [Monitoring] Save properly monitoring service status filter (PR/#7908)

  • [Monitoring] Fix pagination display in service monitoring by servicegroups (PR/#7755)

  • [Monitoring] Fix labels in graph alignment for service details page (PR/#7805)

  • [Monitoring] Fix double host name display in host details page (PR/#7737)

  • [Remote-Server] Allow remote server config to be loaded with mysql strict mode enabled (PR/#7887)

  • [Remote Server] Change grant option for remote server database centreon user (PR/#7888)

  • [Remote Server] set remote_id/remote_server_centcore_ssh_proxy to NULL/0 (PR/#7878)

  • [Remote Server] Fix simple remote server creation (PR/#7936)

  • [Remote Server] Add missing host poller relation in export (PR/#7928)

  • [Remote-Server] Adapt nagios_server export columns (PR/#7871)

  • [UI] Do not display autologin shortcut when disabled (PR/#7340)

  • [UI] Avoid host icon to be flattened (PR/#7870)

  • [UI] Retrieve space before alias in user menu (PR/#7869)

  • [UI] Fix compatibility with IE11 (external modules) (PR/#7923)

  • [UI] Rename contact template titles properly (PR/#7929)

  • [UI] Fix style of frozen checkboxes (PR/#7882)

  • [Widgets] Undefined pagination variable when editing custom view (PR/#7935)

  • [Widgets] set GMT to default if null (PR/#7766)

Security fixes

  • Add rule for max session duration (PR/#7918)

  • Hide password in command line for status details page (#7414, PR/#7859)

  • Escape script and input tags by default (PR/#7811)

  • Add php mandatory params info in source installation (PR/#7897)

  • Escape persistent and reflected XSS in my account (PR/#7877)

  • Remove xss injection of service output in host form (PR/#7865)

  • Sanitize host_id and service_id in makeXMLForOneService.php (PR/#7862)

  • Session fixation using regenerate_session_id (PR/#7892)

  • Remove command test execution - CVE 2019-16405 (PR/#7864)

  • the ini_set session duration param has been moved in php.ini (PR/7896)

Technical

  • [API] Update type of returned activate property (PR/#7851)

  • [CEIP] Telemetry ceip improvements (PR/#7931)

  • [Component] Compatibility with RRDtool >= 1.7.x (PR/#7676)

  • [Component] Update to rh-php72 (PR/#7542)

  • [Composer] Reduce size of centreon package on packagist (PR/#7818)

  • [Composer] Add missing translation dependency in composer.json (PR/#7879)

  • [Configuration] Move filesGeneration directory to /var/cache/centreon (PR/#7735)

  • [Core] Improve the centreon user service definition in ServiceProvider (PR/#7891)

  • [CSS] Clean cache at each new centreon version (PR/#7959)

  • [Database] Start compatibility with MariaDB/MySQL STRICT mode - in progress (PR/#7544)

  • [Database] Remove useless primary keys on multiple tables (PR/#7542)

  • [Database] Change type of column widget_models.description to TEXT (PR/#7542)

  • [Database] Add default value to acl_groups.acl_group_changed table (PR/#7542)

  • [Database] Update column types of downtimes table (PR/#793)

  • [Database] Compatibility with MySQL v8.x version (PR/#7801)

  • [Install] Do not require conf.php files to exist in module upgrade directories (PR/#7914)

  • [Lib] Upgrade front libraries & improve dynamic import (PR/#7724)

  • [Select2] Fix default select2 getter on severity (PR/#7814)

  • [Select2] Allow to display disabled status in select2 options (PR/#7531)

  • [Test] Fix acceptance test of locked elements (PR/#7910)

  • [Update] Move alter table statement in a php script for MySQL compatibility (PR/#7838)

  • [Upgrade] Take into account the removal of older conf.php (PR/#7952)

  • [Update] Remove upgrade of bigint columns (PR/#7953)

  • [UI] Remove wizard graph tour in performance view (PR/#7676)

  • [Update] Finish module update with upgrade to last version (PR/#7956)

Known issue

Centreon Web 19.10.0-rc.1

Enhancements

  • [authentication] Add okta LDAP template (PR/#7825)

  • [Configuration] Add display locked checkbox for objects listing (#7444)

  • [Install] Add possibility to install widget during last step (PR/#7890)

  • [Remote Server] Poller attached to multiple remote servers (PR/#7849)

  • [UI] Do not display round values in detailed top counter (PR/#7547)

Documentation

  • Doc correct migration using nagios reader (PR/#7781)

  • Update mysql prerequisites for master (PR/#7904)

Bug Fixes

  • [Centcore] Create centcore file by action (PR/#6985)

  • [Configuration] Correct issue in wizard with PR #7849 (commit 2b8a728478)

  • [Configuration] Fix style of broker modules options checkboxes (PR/#7899)

  • [Install] Change the bash interpreter for the native sh (commit (PR/#7911))

  • [Install] Update wording about cache in install/upgrade process (PR/#7895)

  • [Install] Fix syntax error in step5 of upgrade process (PR/#7900)

  • [Monitoring] Save properly monitoring service status filter (PR/#7908)

  • [Remote-Server] Allow remote server config to be loaded with mysql strict mode enabled (PR/#7887)

  • [Remote Server] Change grant option for remote server database centreon user (PR/#7888)

  • [Remote Server] set remote_id/remote_server_centcore_ssh_proxy to NULL/0 (PR/#7878)

  • [UI] Fix style of frozen checkboxes (PR/#7882)

Security fixes

  • Hide password in command line for status details page (#7414, PR/#7859)

  • Escape script and input tags by default (PR/#7811)

  • Add php mandatory params info in source installation (PR/#7897)

  • Escape persistent and reflected XSS in my account (PR/#7877)

  • Remove xss injection of service output in host form (PR/#7865)

  • Sanitize host_id and service_id in makeXMLForOneService.php (PR/#7862)

  • Session fixation using regenerate_session_id (PR/#7892)

  • Remove command test execution - CVE 2019-16405 (PR/#7864)

  • the ini_set session duration param has been moved in php.ini (PR/7896)

Technical

  • [Core] Improve the centreon user service definition in ServiceProvider (PR/#7891)

  • [Test] Fix acceptance test of locked elements (PR/#7910)

Known issue

Centreon Web 19.10.0-beta.3

New features

  • [Authentication] Add Keycloak SSO authentication in Centreon (PR/#7700)

  • [API] New real time monitoring API for services and hosts (PR/#7821)

Enhancements

  • [Configuration] Move global rrdcached option to Centreon Broker form for each broker (PR/#7791)

  • [Configuration] Allow to redifine action command for Centeron Engine & Centreon Broker (PR/#7810)

  • [Install] New script that aims at automating all manual steps that are required when installing Centreon from packages (PR/#7853)

  • [Remote-Server] Allow to use direct ssh connection to poller from central (PR/#7680)

  • [Remote-Server] Optimize execution time of export/import (PR/#7749)

  • [Remote-Server] Improve centreonworker logging (PR/#7712)

  • [UI] Style default select to be as much like select2 as possible (PR/#7819)

  • [UI] Update style of checkbox, radio, tabs (PR/#7845)

  • [UI] Adding cursor pointer to icons (PR/#7613)

  • [Widgets] Add multiselect on severity preference (PR/#7752)

  • [Widgets] Upgrade poller preference of engine-status widget (PR/#7820)

  • [Widgets] Add connectors for servicegroups and severities (PR/#7753)

Documentation

  • Improve documentation for MySQL/MariaB stric mode (PR/#7806)

  • Improve migration procedure (commit 47be1c3)

  • Improve prerequisites (commit 7200461)

  • Fix typo Centreon word (and one variable) (PR/#7796, PR/#7806)

Performance

  • [ACL] centAcl optimize memory and time execution (PR/#7751)

  • [API] Improve performance of clapi call through REST API (PR/#7842)

Bug fixes

  • [ACL] Redirect to login page when user is unauthorized (PR/#7687)

  • [API] Delete services when host template is detached from host (PR/#7784)

  • [API] Fix import of contactgroup when linked to ldap (PR/#7797)

  • [Charts] Match metric name with metric value in export (#5959, #7477, PR/#7764)

  • [Configuration] Fix stream connector configuration update in Centreon Broker form (PR/#7813)

  • [Custom-Views] Correction on custom view using spanish (PR/#7778)

  • [Install] Disable button when installing modules last step (PR/#7873)

  • [Menu] Retrieve menu entries as link (PR/#7826)

  • [Monitoring] Fix labels in graph alignment for service details page (PR/#7805)

  • [Monitoring] Fix double host name display in host details page (PR/#7737)

  • [Remote-Server] Adapt nagios_server export columns (PR/#7871)

  • [UI] Do not display autologin shortcut when disabled (PR/#7340)

  • [UI] Avoid host icon to be flattened (PR/#7870)

  • [UI] Retrieve space before alias in user menu (PR/#7869)

Technical

  • Compatibility with MySQL v8.x version (PR/#7801)

  • [API] Update type of returned activate property (PR/#7851)

  • [Composer] Reduce size of centreon package on packagist (PR/#7818)

  • [Composer] Add missing translation dependency in composer.json (PR/#7879)

  • [Configuration] Move filesGeneration directory to /var/cache/centreon (PR/#7735)

  • [Select2] Fix default select2 getter on severity (PR/#7814)

  • [Select2] Allow to display disabled status in select2 options (PR/#7531)

  • [Update] Move alter table statement in a php script for MySQL compatibility (PR/#7838)

Centreon Web 19.10.0-beta.2

Enhancements

  • [Configuration] Add contactgroups filter in list of contacts (PR/#7744)

  • [Configuration] Add status and vendor filters in list of SNMP traps (PR/#7758)

  • [Configuration] Fix SNMP traps generation by poller (PR/#6416)

Bug fixes

  • [ACL] add ACL to select meta-services for list of services in performance menu (PR/#7736)

  • [Monitoring] Fix pagination display in service monitoring by servicegroups (PR/#7755)

  • [Widget] set GMT to default if null (PR/#7766)

Technical

  • [Lib] Upgrade front libraries & improve dynamic import (PR/#7724)

Centreon Web 19.10.0-beta.1

Enhancements

  • [Charts] Centreon-Web Graph Display and png export is coherent (PR/#7676)

  • [Charts] Better management of virtual metrics: you can display or not a virtual metric (PR/#7676)

  • [Charts] Only one color by curve: users see the same color curve (PR/#7676)

  • [Install] Allow people to use another user that has root privileges when installing centreon (PR/#7445)

  • [Administration] [Audit logs] Add purge function for audit logs (PR/#7710)

Performance

  • Increase performance on server side when we get data from rrd files to display charts: between 70% and 90% (PR/#7676)

Bug fixes

  • [Charts] Fix export png for splitted graph (PR/#7676)

  • [Charts] Graph is smoothed to much (PR/#7676, #4898)

  • [Charts] Unit curves not displayed when only 1 metric (PR/#7676, #5533)

  • [Charts] strange char & missing dates in exports (PR/#7676, #7310)

  • [Charts] HTML code instead of accented characters in graphs (PR/#7676, #6318)

  • [Charts] Graphs Period Showing Different Times (PR/#7676, #5939)

Technical

  • Compatibility with rrdtool >= 1.7.x (PR/#7676)

  • Start compatibility with MariaDB/MySQL STRICT mode - in progress (PR/#7544)

  • [Database] Remove useless primary keys on multiple tables (PR/#7542)

  • [Database] Change type of column widget_models.description to TEXT (PR/#7542)

  • [Database] Add default value to acl_groups.acl_group_changed table (PR/#7542)

  • Remove wizard graph tour in performance view (PR/#7676)

  • Update to rh-php72 (PR/#7542)