it makes it into binaries/scripts. So set it to ${SYSCONFDIR} and then
(because cmake doesn't let us simply override variables at install time
like autoconf does) patch the generated cmake_install.cmake files to
install under share/examples.
* classic-ui: fix status.cgi gets stuck in loop when sorting on "All Unhandled Problems" #5886 - RB
* classic ui: Only show command expander if backend is Icinga 1.x (incompatible with Icinga 2) #6408 - MF
* classic ui: Fix CSRF protection in cmd.cgi matches only compiled in URL #6459 - MF
* classic-ui: config.cgi missing new option #6502 - RB
* cgi.cfg: Add url_cgi_path allowing to override the default '$htmurl/cgi-bin' required for CSRF checks #6459
CVE-2013-7106, CVE-2013-7107 https://dev.icinga.org/issues/5250
The icinga web gui is susceptible to several buffer overflow flaws,
which can be triggered as a logged on user. A remote attacker may
utilize a CSRF (cross site request forgery) attack vector against a
logged in user to exploit this flaw remotely.
CVE-2013-7108 https://dev.icinga.org/issues/5251
The icinga web gui are susceptible to an "off-by-one read" error
resulting from an improper assumption in the handling of user submitted
CGI parameters. [..] by sending a specially crafted cgi parameter,
the check routine can be forced to skip the terminating null pointer
and read the heap address right after the end of the parameter list.
Depending on the memory layout, this may result in a memory corruption
condition/crash or reading of sensitive memory locations.
not being updated on core restart, also fixes JSON unicode character export in
the classic ui, and failure on core reload with multiple idomod neb modules.
Also thanks to Michael Friedrich (upstream) for sending out helpful notes
to package maintainers about changes in the release which may affect them,
we like projects who do that :)
- update icinga-web to 1.8.1
- now, as the versions of icinga-core and icinga-web seem to diverge,
move version information to the individual Makefiles in core/ and
web/
ok sthen@ (MAINTAINER)
Changes for icinga-core 1.8.3:
Bugs
* idoutils: fix unknown column contactaddress_id (thx fmbiete) #3483 - MF
Changes for icinga-web 1.8.1:
Bugs
* Removed duplicate insert in sql upgrade scripts #3328
* IE7 window fix for cronk save dialog
* Disabled grouping of of unhandled problems grid #3320
* Re-added missing command restriction class #3457
* Removed ghost column after changing to new grid events #3458
* Fixes PNP extension #3427
* Removed flash for packaging and flash security fixes
* Various custom cronk dialog fixes
Features
* Allow xtypes in grid events to customize menues
* Clearcache enhancements
* Make ApiComboBox default for filters (Pagination)
- slight tweaks to upgrade documentation while there; you should still
check the proper upgrade notes from upstream, but the README now points
idodb users at the actual location of the schema update files to save
a bit of hunting.
