Nagios Changelogs

The following are the recent changes to Nagios products

Nagios XI
Log Server
Network Analyzer
Fusion

2024R1.3.1 - 11/12/2024

Security

Added CSRF protection to favorites component (Thanks to Ruben Meeuwissen for reporting this) [GL:XI#1339] – DA
Fixed a security vulnerability in history content tab (Thanks to Ruben Meeuwissen for reporting this) [GL:XI#1338] – DA
Fixed Neptune Tools allowing protocols other than HTTP and HTTPS (Thanks to Ruben Meeuwissen for reporting this) [GL:XI#1325] – DA
Fixed user enumeration vulnerability in deprecated backend API (Thanks to Ruben Meeuwissen for reporting this) [GL:XI#1326] – DA
Removed the ability for read only users to add their own tools (Thanks to Ruben Meeuwissen for reporting this) [GL:XI#1324] – DA

Added

Added the ability to set TDS version in MSSQL wizards and plugin. [XI:#1288] – CN,SG
Added host header verification option in security settings [GL:XI#1334] – DA
Added NCPA 3 support in Ansible roles for the Deploy Agent feature. [GL:XI!1106] – MPB

Fixed

Cleaned up upgrade scripts [GL:XI!1121] – DA,BB
Cleaned up many PHP warnings displayed in logs across the application [GL:XI#1345] – JS
Fixed an issue where custom includes were not applied correctly in Neptune themes [GL:XI#1313] – SG
Fixed an issue where updating contacts created by template in the CCM could sometimes fail [GL:XI#1333] – JS
Fixed some checkboxes and UI interactions throughout the Neptune theme [GL:XI!1134] – DA
Fixed upgrade scripts in the case where the installtype variable isn’t determined. [GL#1352] – JM
Updated checking of xi-itype file during upgrades [GL:XI!1132] – DA
Updated Neptune Network Error Handling [GL:XI!1111] – DA
Updated styling for dialogs and fixed a variety of small errors with the Neptune theme [GL:XI!1128] – DA

Removed

Removed exclusion of net-snmp package on RHEL/Oracle 8 systems [GL:XI#1066] – SG
Removed superfluous links from Capacity Planning graphs – CN

2024R1.3 - 10/15/2024

Added check for Nagios Core version before upgrading to NDO 3.1.1 [GL:XI#1307] – DA
Added check for NEB modules before upgrading [GL:XI#1307] – DA
Added enter functionality to Neptune search and improved search results [GL:XI#1190] – DA
Added graphs to Network Reports [GL:XI#413] – DA
Added support for Debian 12 [GL:XI#576] – AC
Added the ability to set TDS version to support different version of MS SQL [XI:#1288] – CN
Fixed an issue where a plugin for the Network Switch / Router Wizard was not being copied to the correct directory on install & upgrade [GL:XI#1280] – CN
Fixed an issue where some wizards did not display saved templates [GL:XI#580] – GW
Fixed an issue where systems without the xi-itype file could not upgrade [GL:XI#1315] – DA
Fixed an issue where users could encounter a broken page with SQL errors when adding custom variables [GL:XI#605] – GW
Fixed an issue with a link in the service status details page redirecting to the current page [GL:XI#1140] – GW
Fixed an issue with broken buttons in graph context menus in Graph Explorer – CN
Fixed an issue with external help resource links opening in current window instead of a new tab [GL:XI#916] – GW
Fixed custom includes not reflecting edits in the interface without refreshing the page [GL:XI#1231] – GW
Fixed Modern Gauge Dashlet title and toggle [GL:XI#733] – GW,DA
Fixed PHP warnings and search functionality and made a UI improvement on MRTG File Management page [GL:XI#1233] – GW
Fixed service names incorrectly being converted to lowercase [GL:XI#1248] – GW
Fixed three instances of links being shown to unauthorized users [GL:XI#1102,1069,1070] – GW
Updated Alert History Dashlet to correctly reflect the current theme [GL:XI#1145] – GW
Updated birdseye to choose dark mode when theme is set to Neptune [GL:XI#1197] – GW
Updated deployment script to install the Nagios repo’s GPG key to resolve deployment errors [GL:XI#947] – BB
Updated the UI in the Local Backup Archives and Manage Views pages [GL:XI#893] – GW

2024R1.2.2 - 09/24/2024

Added a script to fix db corruption [GL:XI#1217] – LG
Added help text to upgrade.sh [GL:XI#1257] – ATC
Fixed an issue where the vSphere plugin’s –list-datacenters option wasn’t functioning properly – BB
Fixed an issue where the vSphere plugin’s –list-clusters option wasn’t functioning properly [GL:XI#1170] – BB
Fixed an issue where the vSphere plugin would be unable to connect on certain OSs due to pyVmomi version – BB
Fixed an issue where service groups could not be edited in the CCM in some cases [GL:XI#1254] – CN
Fixed an issue where install/upgrade could be prevented from succeeding on EL9 if xinetd was present [GL:XI#1040] – JS
Fixed an issue where auto-login would not work with certain languages set [GL:XI#1164] – JS
Fixed an issue where timeouts when sending emails weren’t being handled properly [GL:XI#1103] – CN
Fixed an issue where loading the mail settings page would cause PHP errors when OAuth credentials are empty – BB
Fixed an issue where upgrade scripts could run on a non-corresponding installation type [GL:#1122] – CN
Fixed an issue where logrotate config was sometimes not being properly modified – [GL:XI#333] – JS
Fixed an issue where Neptune theme ad/ldap edit erroneously displayed password field [GL:XI#1251] – LG
Fixed an issue where users could see an unhelpful error when BBMap dashlet does not get any data [GL:XI#1052] – JS
Fixed an issue where PDFs from scheduled emails would sometimes be corrupted based on Program/External URL [GL:XI#1161] – JS
Fixed an issue with SELinux and reporting backend [GL:XI!1022] – DA
Fixed an issue with the Linux Server wizard would not display plugins on Step 2 [GL:XI#1121] – JS
Fixed a vulnerability to host header injection attacks [GL:XI#1216] – JS
Fixed broken pipe errors with backup generation [GL:XI#1117] – DA
Fixed timezone changing issues on Ubuntu 24 [GL:XI#1250] – DA
Fixed missing MIBs on Ubuntu 24 [GL:XI!1073] – DA
Fixed PHP error in Capacity Planning reports [GL:XI!1025] – SAW
Fixed CCM routing in the Neptune theme [GL:XI#1199] – DA
Fixed PHP error when deploying an agent [GL:XI!1051] – DA
Fixed formatting issues where scheduled emails and other pages would be sent with bad links back to XI [GL:XI#1161] – JS
Fixed various log file permissions [GL:XI!1066] – DA
Removed unnecessary percent markers from NCPA and Linux Server wizards [GL:XI#1260] – JS
Removed download options that were erroneously added to highcharts graphs [GL:XI#1064] – DA
Updated jQuery from 1.12 to 1.13.2 [GL:XI#1218] – CN
Updated Nagios Plugins to version 2.4.12 – DA
Updated default error behavior when network requests fail [GL:XI#1159] – DA
Updated styling of licensing messages on first login [GL:XI#1191] – DA
Updated the vSphere wizard’s “Datastore usage” metric to more accurately reflect the metric [GL:XI#1201] – BB

2024R1.2.1 - 08/29/2024

Fixed NRDP upgrades failing when trying to run the XI update again [GL:XI#1269] – DA
Fixed dependency conflict between chromium and mysql on Ubuntu [GL:XI#1271] – DA
Fixed an issue where a modified php.ini file could break installation or upgrade [GL:XI#511] – JS
Fixed MySQL password saving on repeated usage of the full install script [GL:XI#1253] – DA
Removed php-imap from EL9 dependencies [GL:XI#1261] – BB
Updated UX for downloading reports as PDFs – DA

2024R1.2 - 08/13/2024

Added Neptune Light theme [GL:XI#1028] – SG
Added configuration wizard to monitor Windows via WinRM [GL:XI#1172] – AC
Update framework for several pages [GL:XI#1049,#1050,!828] – SG, GW
Added support for Ubuntu 24 [GL:XI#577] – GW, JM
Added History tab to Home->Details->Host Details and Host->Details->Service Details [GL:XI#897] – LG
Added Home->Incident Management->Mass Downtime page to schedule and remove downtime en masse [GL:XI#1044] – GW
Added support for ModSecurity Web Application Firewall [#1084] – DA
Added ability for Nagios-Core-only contacts to use Nagios XI’s mailing configuration [GL:XI#339] – BB
Added new `filter` parameter to the `v1/config/host` REST API endpoint [GL:XI#1017] – LG
Added the ability to view data from Home->Graphs->Performance Graphs as a table [GL:XI#1005] – SG, CN
Added the ability to download from Home->Graphs->Performance Graphs as a CSV [GL:XI#1007] – SG
Added the ability to download Timestacked and Multistacked graph data from Home->Graphs->Graph Explorer as a CSV [GL:XI#1011,1010] – SG
Added filtering by Hostgroup or Servicegroup to Home->Graphs->Performance Graphs [GL:#1006] – CN
Added filtering by Hostgroup or Servicegroup to several dashlets [GL:XI#1053,!949] – GW
Added the ability to enable/disable PHPMailer debugging via the interface [GL:XI#175] – GW
Added inbound mail processing for systems that lack the PHP-IMAP library [GL:XI#61/1059] – BB
Improved Graph Explorer’s Neptune theme by putting graph management controls in a sliding drawer [GL:XI#1008] – LG
Improved Graph Explorer’s Multistacked performance graph by adding grouping by hostgroup/servicegroup [GL:XI#1008] – LG
Improved recognition of WEBP images when uploading via the Custom Includes component [GL:XI#1095] – DA
Improved Network Switch/Router wizard to allow monitoring by Interface Name or Description [GL:XI#344] – SAW
Updated MySQL configuration to include default settings for max_allowed_packet, max_connections, and open_files_limit [GL:XI#1080] – GW
Updated NagVis to resolve PHP deprecations [GL:XI!919] – GW
Updated SLA Report and SLA Dashlet for Neptune [GL:XI!904] – GW
Updated Nagios Core to version 4.5.3 – DA
Updated nagios-plugins to version 2.4.10 – DA
Updated NDO to version 3.1.1 – DA
Fixed an issue in the NCPA wizard where typing a hostname into the “address” field would cause configuration to fail [GL:XI#1124] – SAW
Fixed issue with snmptrapsender component mistakenly indicating it wasn’t installed [GL:XI#1094] – DA
Fixed an issue where the “import config files” checkbox did not function when using the Neptune theme [GL:XI#1112] – SG
Fixed the PDF generation for the Bandwidth Usage Report [GL:XI#1079] – LG
Fixed an html issue on the report pages [GL:XI!897] – LG
Fixed a Neptune dashlet offset when dashlets were stacked on Host & Service Status pages [GL:XI!897] – LG
Fixed a Neptune issue for Service Status of a down Host would have a background color on the Host Status Summary [GL:XI!897] – LG
Fixed an issue in the Switch/Router wizard where SNMP v3 credentials could be used to scan networked devices even when SNMP v1/v2 were selected [GL:XI#1215] – SAW
Fixed issue where LDAP would not show users properly [GL:XI!952] – AC
Fixed privilege escalation via nagvis.conf (Thanks Exodus Intelligence for reporting this) [GL:XI#1207] – SAW
Improved validation in Docker wizard and mitigated NULL poisoning vulnerability on systems with older PHP distributions (Thanks Exodus Intelligence for reporting this) [GL:XI#1206] – SAW
Improved validation in several NRDP server plugins (Thanks Exodus Intelligence for reporting this) [GL:XI#1208] – SAW
Deprecated Debian 10, CentOS Stream 8, and EL7 [GL:XI!980] – GW

CCM 3.5.0 - 08/13/2024

Added support for MRTG configuration file management [GL:XI#48] – SAW

2024R1.1.5 - 07/23/2024

Restrict RPM and offline deployments and servers with a proxy configured from performing source upgrades via web interface [GL:XI#1126,#1160] – SG
Fixed XSS vulnerabilities on Hostgroup and Servicegroup status pages (Thanks to Samuel Lima for reporting this) [GL:XI#1155] – CN,DA
Fixed an issue where graphs could not be removed from multistacked performance graphs [GL:XI#1135] – GW
Fixed missing “Query” input in MSSQL Query wizard [GL:XI#629] – SAW
Fixed Help->Check for Updates spinning forever when using the Custom Logo Component [GL:XI#1132] – SAW
Fixed an issue where the Neptune theme’s search bar would fail to complete the search [GL:XI#1119] – DA
Fixed the Manage MIBs page failing to load in most non-English languages [GL:XI#1156] – SAW
Fixed check_snmp_storage_wizard.pl so that it always shows performance data in a consistent order [GL:XI#1072] – SAW
Fixed log messages and other output when running background jobs and scripts [GL:XI#1117,!953] – DA
Fixed issue where an incorrect language value would cause the front end to not render [GL:XI#!944] – DA

CCM 3.4.0 - 07/23/2024

Add support for ‘*’ to dependent services – SAW
Add support for ‘!’ (exclusion) to dependent services – SAW

2024R1.1.4 - 06/12/2024

Added verification before upgrades to ensure that Nagios Core configuration is applied and valid – SAW
Fixed issue in NagVis where a user could use schemes other than http as a hover url (Thanks to Márk Rákóczi for reporting this) [#1062] – DA
Fixed issue in Admin->Check for Updates where the interface would not indicate a successfully completed update – SAW
Prevent postfix being unable to start from stopping the install process [GL:XI#1137] – DA
Fixed issue where new API could halfway complete upgrading, rendering the application unusable [GL:XI#1131] – SAW

CCM 3.3.1 - 06/12/2024

Fix regression where setting max_check_attempts (among others) to 3 caused the entry to disappear from the applied configuration text file [GL:XI#1133,#108] – SAW

2024R1.1.3 - 05/28/2024

Added default log rotation settings for snmptrapsender.log [GL:XI#860] – SAW
Added default MRTG configuration when installing or upgrading Nagios XI via RPM package [GL:XI#782] – SG
Improved report options and fixed various associated issues [GL:XI#897,#899,#905] – GW
Improved the UX of applying configurations in the CCM to make it faster and easier [GL:XI#1027] – BB
Several minor interface improvements [GL:XI#593,#867,#868,#869,#870,#871,#872,#874,#875,#877,#880,#884,#887,#889,#890,#898,#900,#902,#903,#906,#913,#919,#920,#921,#922,#923,#926,#927,#930,#932,#934,#935,#936,#938,#939,#940,#942,#943,#945,#947,#948,#949,#959,#961,#962,#964,#967,#968,#969,#971,#974,#975,#979,#981,#1004,#1043,#1067,!868] – GW,SAW,DA
Updated icons on the My Tools and Common Tools page [GL:XI#918] – KV
Updated icons in the Announcement Banners page [GL:XI#925] – KV
Updated icons in the AD/LDAP page [GL:XI#924] – KV
Updated required versions and corrected various versioning issues across several components – GW
Updated and fully released the vSphere wizard – BB
Updated default log rotation to include new report exporting backend’s log files [GL:XI!863] – DA
Do not allow jinja2 templates in migrate_core.yml (Thanks to Márk Rákóczi for reporting this) [GL:XI#1063] – DA
Fixed an issue where some dashlets would not save dimensions altered by the user [GL:XI#1001] – GW
Fixed a crash in the database maintenance background job [GL:XI#1031] – SAW
Fixed an issue in the NRPE wizard where the NRPE command would always use the default settings [GL:XI#1042] – SG
Fixed an issue where swap metric would not load unless the user manually set the graph’s viewport [GL:XI#983] – GW
Fixed an issue in Host/Service Details where “View Performance Graphs” would fail to load when the service’s name was “/” [GL:XI#790] – SAW
Fixed an issue where files with capitalized file extensions could not be uploaded to Admin->Custom Includes [GL:XI#816] – SAW
Fixed an issue in the NLS wizard where it would fail to connect if NLS was configured to use HTTPS [GL:XI#793] – SG
Fixed incorrect SNMP version in checks configured by the Watchguard configuration wizard [GL:XI#1034] – SAW
Fixed an issue where monitoring objects could not inherit from templates when configured via the API [GL:XI#108] – SG
Fixed issues with ‘$’ and ‘!’ in ncpa tokens and escaped values in Docker Wizard [GL:XI#855] – SG
Fixed issues with ‘$’ and ‘!’ in ncpa tokens in Cloud VM, Hyper-V, Java Application Server, and Windows Event Log Wizards [GL:XI!739] – SG
Fixed a non-working fallback when users add AD/LDAP certificates on systems with older versions of OpenSSL [GL:XI#1074] – SAW
Fixed an issue in the Network Switch / Router Wizard where user-inputted whitespace in the IP Address field would cause the wizard to fail [GL:XI#792] – SAW
Fixed an issue in the Network Switch / Router Wizard where the table in the second page was not readable on the Modern Dark theme [GL:XI#720] – SAW
Fixed an issue where users without permission could add hosts and services in the Core Config Manager [GL:XI#846] – CN
Fixed bulk entry in the Network Switch / Router Wizard [GL:XI#777] – SAW
Fixed an issue where users in nested Organizational Units were not found when importing users from AD/LDAP – [GL:XI#72] – CN
Fixed an issue where HTML tags would be displayed in error feedback when applying configurations [GL:XI#1023] – CN
Fixed an issue where bulk modification would not work with multiple options [GL:XI#631] – GW
Fixed an issue where the Bulk Modifications tool could not find relationships when one or more objects had a ‘#’ in its name [GL:XI#797] – CN
Fixed two cases where the Bulk Modification tool would crash on clicking “Find Relationships” and while trying to remove Custom Variables [GL:XI#603] – JS
Fixed an issue where NDO failed to start when using an offloaded database [GL:XI#95] – CN
Fixed an issue where a user’s password change would cause a user ID (and not username) to be logged in the Audit Log [GL:XI#1056] – SAW,AC
Fixed an issue where non-authorized users could access wizards via Popular Wizards [GL:XI#734] – GW
Fixed an issue where RPM upgrades from before 2024R1 would incorrectly encrypt inbound NRDP tokens [GL:XI#844] – DA
Fixed an issue where uploading a plugin with the same name as an existing plugin would replace the plugin with no warning [GL:XI#676] – SG
Fixed broken link in Esensors Websensor wizard – SAW
Fixed deprecated code in RSS Dashlet [GL:XI#578] – SAW
Fixed issue with views URLs in the Neptune theme [GL:XI!807] – DA
Fixed permissions in users endpoint in the new V2 API (Thanks to Márk Rákóczi for reporting this) [GL:XI#1036] – DA
Fixed an issue where phpmailer.log did not have the correct permissions [GL:XI#856] – LG
Fixed an issue in network reports, network queries, and the NNA Wizard where network requests were silently failing when Nagios XI was configured with HTTPS and NNA was configured with HTTP [GL:XI#852,#1015,#1014] – SG
Fixed an issue in the Alert History dashlet where all cells would show as red in when no state changes had occurred [GL:XI#859] – SAW
Fixed Backup and Restore across Linux distributions that use different database collations. [GL:XI#361]- LG
Fixed an issue where the “User Sessions” page would show spurious session entries [GL:XI#695] – DA
Fixed an issue where a password change wouldn’t invalidate other sessions (Thanks to Jack Eli for reporting this) [GL:XI#850] – DA
Fixed an issue in the NCPA wizard where users could not utilize the same plugins, services and products more than once for service checks. [GL:XI#785] – KV
Fixed an issue in the NCPA wizard where the wizard would crash when the network connection to NCPA was inconsistent [GL:XI#551] – LG
Fixed inability to set custom URL and title for the Neptune theme in the Home Page Modifications component [GL:XI#632] – DA
Fixed inability to use the manage dashboards page in all themes [GL:XI!795] – DA
Fixed unencrypted v3 SNMP passwords from SNMP Trap Sender component [GL:XI#557] – DA
Fixed XSS in Capacity Planning component (Thanks to Márk Rákóczi for reporting this) [GL:XI!834] – DA
Fixed PHP 8 deprecation warnings – DA
Fixed both XSS in Executive Summary report and ajaxhelper endpoint that was too open (Thanks to Márk Rákóczi for reporting this) [GL:XI#1046] – DA
Fixed an issue where the words “Enterprise License” were erroneously displayed [GL:XI#1054] – LG
Fixed an issue where the Neptune theme was missing from the Audit Log’s “Send to Nagios Log Server” page [GL:XI#1051] – LG
Fixed a Ubuntu 22 Install issue [GL:XI#1073] – JM
Fixed issues with scaled dashlets going outside of their boundaries [GL:XI!853] – DA
Fixed missing language packages on RPM installs on Enterprise Linux 8 [GL:XI!889] – DA
Fixed restoring XI from a backup when all passwords are the same [GL:XI#1091] – DA
Removed the scroll bar from a number of dashlets that shouldn’t have it [GL:XI#1002] – GW

CCM 3.2.5 - 05/28/2024

Fixed an issue where timeranges could not be removed from timeperiods [GL:XI#1003] – SAW
Fixed an issue where indrect servicegroup relationships were not being found, allowing bidirectional relationships to be created erroneously [GL:XI#996] – CN

2024R1.1.2 - 04/23/2024

Fixed an issue where unused API endpoints posed a security vulnerability (Thanks to Márk Rákóczi for reporting this) [GL:XI#1036] – DA
Fixed an issue where any user could modify an insecure login ticket (Thanks to Márk Rákóczi for reporting this) [GL:XI#1037] – DA
Fixed an issue where the login form would submit to the current url and not login.php (Thanks to Kevin De Frene for reporting this) [GL:XI#1041] – DA

2024R1.1.1 - 03/27/2024

Fixed an issue where the Neptune theme would crash on CentOS 8 and RHEL 8 – SAW

2024R1.1 - 03/26/2024

Added new Neptune UI theme – AC,GW,KV,LG,DA,CN,SAW,SG,SNS,BB,JS
Added new vSphere configuration wizard [GL:XI#313] – JL,BB,SG
Added new Alert History dashlet (calendar view) [GL:XI!488] – SAW
Added the ability to select metric to view in Metrics dashlet [GL:XI#15] – GW
Fixed broken wizard favorites and added duplicate removal to favorites [GL:XI#502/564] – GW
Fixed issue where the Mail Server wizard would fail to apply configuration after completion [GL:XI#827] – CN
Fixed issue with Network Report where records variable was not converting from object to array [GL:XI#549] – GW
Fixed deprecation warnings when using “My Reports” page on newer linux distributions – SAW
Fixed issue where the Amazon EC2 wizard would timeout [GL:XI#826] – CN
Fixed an issue where upgrades would fail when HTTP was disabled [GL:XI#783] – SAW
Deprecated Folder Watch wizard [GL:XI#832] – JS
Fixed SSH Proxy wizard issue that prevented services from being added correctly [GL:XI#833] – JS
Fixed several issues in the Bulk Host Import Wizard [GL:XI#820] – SG
Fixed several issues in the Passive Check wizard [GL:XI#831] – SG,SAW
Fixed XSS in page-missing.php (Thanks to Adam Kues from Assetnote for reporting this) [GL:XI#849] – DA
Replaced wkhtmltox reporting backend with chromium [GL:XI#795] – DA
Fixed several issues in the Passive Objects Wizard [GL:XI#834] – KV
Fixed an issue with restoring XI2024R1 to another XI2024R1 server [GL:XI#572] – LG, DA
Fixed an issue with randomized folders in backup tarball [GL:XI#818] – DA
Fixed an issue where a fatal php error was thrown while editing my reports – SG
Removed “Download as JPG” button for all reports

CCM 3.2.4 - 03/26/2024

Fixed white-on-white input and button text in CCM login page on Modern Dark theme [GL:XI#719] – SAW

2024R1.0.2 - 02/21/2024

Fixed issue with column statistics table not existing with offloaded databases and backups [GL:XI#247] – DA
Fixed an issue where users would not be able to upgrade when they had offloaded databases [GL:XI#584] – DA
Fixed an issue where backups would fail due to a full tmp directory [GL:XI#602] – DA
Fixed XSS in Nagios Core command expansion page (Thanks to Joran LEREEC for reporting this) [GL:XI#654] – DA
Fixed a SQL injection vulnerability in favorites component. (Thanks to Jarod Jaslow for reporting this) (CVE-2024-24401) [GL:XI#667] – DA
Fixed a privilege escalation vulnerability from nagios to root (Thanks to Jarod Jaslow for reporting this) (CVE-2024-24402) [GL:XI#668] – DA
Fixed a privilege escalation vulnerability in autodiscover_new.php (Thanks to Wahab Khadir for reporting this) [GL:XI#669] – DA
Fixed an issue where recurring_downtime.php would exit because of it’s own pid [GL:XI#693] – DA
Deprecated Ubuntu 18 [GL:XI#579] – DA

CCM 3.2.3 - 02/21/2024

Fix a regression from XI 2024R1.0.1 where the “Remove all” button was broken on some overlays – SAW

2024R1.0.1 - 01/16/2024

Added timestamps to logs found in /usr/local/nagiosxi/var/ [GL:XI#65] – CD
Added convenience script to load MySQL passwords from configuration files [GL:XI#509] – DA
Corrected formatting of admin-provided user data [GL:XI#548] – JM
Improved icons and help text in page footer [GL:XI#530] – GW
Improved troubleshooting experience for AD/LDAP debugging [GL:XI#474,GL:XI#585] – SAW,SG
Improved performance on systems that monitor many NCPA nodes by adjusting check_ncpa.py timeout [GL:XI#507] – SG
Disallow use of wildcard selector for restricted CCM users [GL:XI#174] – GW
Updated icons in the System Component Status dashlet [GL:XI#529] – GW
Fix an privilege escalation vulnerability in the System Profile component (Thanks to Matthew Bach from Hack The Box Ltd for reporting this) [GL:XI#532] – KF
Fixed XSS vulnerability in NOC screen (Thanks Cosmin-Constantin Cojocaru for reporting this issue) (CVE-2023-51072) [GL:XI#568] – DA
Fixed an issue where users would not be able to upgrade to XI 2024R1 if they changed their root MySQL password [GL:XI#588] – SAW
Fixed an issue where the CCM would prevent some valid service dependencies from being configured [GL:XI#113] – GW
Fixed UI visibility issues when using the Migrate Server feature in dark mode [GL:XI#435] – KV
Fixed minor UI issues when completing a configuration wizard [GL:XI#538] – GW
Fixed an issue in BPI where dropdown chevron was pointing in the wrong direction on page refresh [GL:XI#513] – GW
Fixed PDF report generation on reports with large amounts of data [GL:XI#350] – DA
Fixed missing debug logging in the AD/LDAP configuration on Enterprise Linux 8 and 9 [GL:XI#442] – DA
Fixed inconsistent file permissions related to the Network Switch/Router wizard on Ubuntu [GL:XI#471] – SG
Fixed issue where the SLA Report, Capacity Planning Report, and Audit Log were incorrectly blocked for some users with valid enterprise trials [GL:XI#522] – GW
Fixed Graph Explorer icons not working for hosts that have a space in their hostnames [GL:XI#470] – GW
Fixed PHP warnings when adding a service in the CCM [GL:XI#484] – GW
Fixed an issue where timezone changes were not correctly applied on Enterprise Linux 9 [GL:XI#458] – GW
Fixed two cases where the Bulk Modifications tool would crash when modifying more than 200 hosts or services [GL:XI#373] – JS
Fixed an issue where the recurring downtime background job would have mutliple processes running at once [GL:XI#309] – SG
Fixed an issue where the recurring downtime background job would log errors when modifying empty host groups [GL:XI#309] – SG
Fix an issue with dark mode in user macros page [GL:XI#524] – SG
Fixed an issue where Highcharts graphs would use online exporting when local exporting was selected [GL:XI#29] – AC
Fixed an issue where MRTG files would not have the correct permissions set on upgrades [GL:XI#38] – BB
Fixed a divide-by-zero issue and some warnings in metrics component [GL:XI#512] – GW
Fixed an issue where new user tours would sometimes fail to reset [GL:XI!426] – BB
Fixed an issue where the notifications history page would not save parameters when saved as a view [GL:XI#146] – BB
Restored “Home” menu link when Custom Logo component is in use [GL:XI#550] – CN
Removed world read permissions from resource.cfg [GL:XI#256] – DA
Removed uses of deprecated strftime function [GL:XI#489] – JS

2024R1 - 12/06/2023

Added tours for the homepage and wizards [GL:XI#402] – BB
Added the ability to view the most used and most recently used configuration wizards [GL:XI#462] – GW
Added Colorblind theme for users with red-green colorblindness [GL:XI#453] – JS
Added a page to enable/disable notifications for hosts and services en masse [GL:XI#378] – SG
Added new home dashboard [GL:XI#397] – CN
Added client side form validation and updated appearance for most Wizards [GL:XI#300,XI#395] – LG
Added a new built-in “demo” dashboard and associated new dashlet [GL:XI#473] – GW
Added configuration wizard to monitor OpenAI Usage. [GL:#403] – PhW
Added configuration wizard to set up Slack notifications [GL:XI#399] – BB
Added configuration wizard to set up Discord notifications [GL:XI#400] – BB
Added new SNMP Trap Volume dashlet – SAW
Added new Modern Gauge dashlet – BB
Added an Enterprise top-level menu and page – [GL:XI#452] – KV
Added sticky header and sort by status to BBMap [GL:XI#448,#449] – LG
Improved multiple-selection widgets in several configuration wizards [GL:XI#444, GL:XI#475] – PhW
Improved security of default database password generation (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#424] – DA
Improved security of randomly-generated text, including API keys (Thanks to Abdulmohsen Alotaibi for reporting this) [GL:XI#433] – DA
Improved security of Ansible Vault credentials in Nagios Core-to-XI migration tool (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#426] – DA
Improved authorization requirements when editing USER and System Macros in the CCM (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#425] – DA
Improved input validation in send_to_nls.php script (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#427] – DA
Updated login page [GL:XI#394] – CN
Moved the help menu to a dropdown in the upper-right corner of the screen [GL:XI#455] – SG
Fixed incorrect table header in Configure->Core Config Manager->Hosts [GL:XI#477] – KV
Fixed PHP Warnings when adding a host in the CCM [GL:XI#483] – SAW
Fixed PHP warnings from use of deprecated split() function [GL:XI#467] – GW
Fixed vulnerability with time-based port scanning on ftp connections in Scheduled Backups component (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#422] – DA
Fixed PHP warnings when processing SNMP Traps in the Manage MIBs page [GL:XI#480] – SAW
Fixed a security issue in migrate.php that allowed root code execution from user input (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#415] – DA
Fixed an issue that allowed users with expired trial and enterprise licenses to access enterprise features [GL:XI#437] – GW
Fixed PHP warnings when adding a hostgroup in the CCM [GL:XI#483] – SAW
Fixed PHP warnings when adding a servicegroup in the CCM [GL:XI#481] – SAW
Fixed use of deprecated utf8_encode() in Locale selection and CCM Audit Log [GL:XI#491] – SAW
Fixed an XSS vulnerability in the graphexplorer component (Thanks to Pankaj Kumar Thrakur for reporting this) [GL:XI#468] – DA
Fixed use of deprecated functions in CCM log management [GL:XI:#490] – SAW
Fixed plaintext storage of sensitive information in the database (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#421] – DA
Fixed a security issue with backup_xi.sh allowing deletion of arbitrary directories (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#428] – DA
Fixed some missing access controls in the Nagios XI 5 API (Thanks Matthew Bach and Hack The Box Ltd for reporting this) (CVE-2023-51124) [GL:XI#520] – SAW
Disabled web SSH Terminal by default (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#416] – DA
Removed DROP and DELETE permissions from the nagiosxi user for the auditlog table (Thanks to Oliver Brooks and Colin Brum from NCC group for reporting this) [GL:XI#420] – DA
Removed support for PostgreSQL – SAW

5.11.3 - 11/01/2023

Added the ability to modify homepage settings when a dashboard is set as the homepage – BB
Improved UX of the Operation Center configure sound modal [GL:XI#370] – SG
Fixed an issue where phantomjs was not working properly on an offline upgrade – CB
Fixed an issue with unhelpful error messages in email settings [GL:XI#363] – AC
Fixed an issue in Executive Summary where the report would be named incorrectly for [Host Only] and [All Services] reports [GL:XI#340] – SAW
Fixed an issue in State History where the report would show service states when [Host Only] was selected [GL:XI#340] – SAW
Fixed typo in Performance Settings – SAW
Fixed an issue where Homepage Customization would indicate that it was disabled when it was enabled [GL:XI#376] – BB
Fixed an issue where Homepage Customization cog would not show in the dashboard view [GL:XI#376] – BB
Fixed an issue that caused “Send Test Email” button to break if “From Address” was invalid [GL:XI#367] – BB
Fixed an issue that caused performance graphs to display an incorrect “Max” value [GL:XI#336] – BB
Fixed an issue where host and service statuses would be partially truncated on Ubuntu [GL:XI#259] – BB
Fixed an issue where the Announcement Banners table looked broken when there were no banners configured [GL:XI#358] – SG
Fixed an issue that caused errors to show when using a dashboard as the home page – BB
Fixed an issue where Deploy Agent would fail when deploying to an Ubuntu minimal install [GL:XI#177] – BB
Fixed an issue that was causing browser console errors on the Email page – BB
Fixed an issue where the Host status detail page was showing OK when a service was Pending [GL:XI#352] – BB
Fixed an issue where adding/editing a command in the CCM would have a broken page – BB
Fixed an issue where CCM forms could show errors when editing commands or services – BB
Fixed an issue where Bulk Modifications -> Add Parent Host would break on PHP 8 [GL:XI#375] – BB
Fixed missing dependency (php-pecl-ssh2) in Scheduled Backups [GL:XI#290] – BB
Fixed an XSS in the custom logo component (Thanks Astrid Tedenbrant and Outpost24 for reporting this) [GL:XI#412] – BB
Fixed a Remote Code Execution vulnerability in the Core Config Manager (Thanks Abdulmohsen Nasser Alotaibi for reporting this) [GL:XI#383] – SNS
Fixed an XSS vulnerability in the Graph Explorer component (Thanks Aleksey Solovev from Positive Technologies for reporting this) [GL:XI#384] – SG
Fixed an XSS vulnerability in bandwidthreport component (Thanks Aleksey Solovev from Positive Technologies for reporting this) [GL:XI#385,#463] – SG
Fixed an XSS vulnerability in Bulk Modifications component (Thanks Aleksey Solovev from Positive Technologies and Abdulmohsen Nasser Alotaibi for reporting this) [GL:XI#386] – SG
Fixed a CSRF and XSS vulnerability in the custom-includes component (Thanks Aleksey Solovev from Positive Technologies for reporting this) [GL:XI#387] – BB
Fixed a CSRF and XSS vulnerability in the hypermap replay component (Thanks Aleksey Solovev from Positive Technologies for reporting this) [GL:XI#388] – BB
Fixed an XSS vulnerability in the CCM (Thanks Aleksey Solovev from Positive Technologies for reporting this) [GL:XI#389] – BB
Fixed several SQL injection vulnerabilities in the Bulk Modifications Tool (Thanks Aleksey Solovev from Positive Technologies for reporting this) [GL:XI#390] – SG
Fixed a shell injection vulnerability in the Manage MIBs page (Thanks Aleksey Solovev from Positive Technologies for reporting this) [GL:XI#392] – SG
Fixed missing authorization controls in Unconfigured Objects (Thanks Oliver Brooks and Colin Brum from NCC Group for reporting this) [GL:XI#419] – BB
Fixed an XSS vulnerability in Manage Users (Thanks Oliver Brooks and Colin Brum from NCC Group for reporting this) [GL:XI#429] – BB
Fixed a PHP code injection vulnerability in the graph template editor (Thanks Oliver Brooks and Colin Brum from NCC Group for reporting this) [GL:XI#430] – BB
Fixed a Remote Code Execution vulnerability in the Core Config Manager (Thanks Abdulmohsen Nasser Alotaibi for reporting this) [GL:XI#383] – SNS

5.11.2 - 09/11/2023

Added fuzzy search to the Configuration Wizard page – SNS
Added the ability to resize some dashlets [GL:XI#285] – SNS
Added “Maximum Downtime History Age” to performance settings [GL:XI#287] – SAW
Added security setting to block remote sites from loading via xiwindow parameter [GL:XI#302] – DA
Fixed XSS in Custom Logo component (Thanks Astrid Tedenbrant and Outpost24 for reporting this) (CVE-2023-40932) – AC
Fixed SQL injection vulnerability acknowledging an announcement banner (Thanks Astrid Tedenbrant and Outpost24 for reporting this) (CVE-2023-40931) – SG
Fixed SQL injection vulnerability in the accouncement banner configuration interface (Thanks Astrid Tedenbrant and Outpost24 for reporting this) (CVE-2023-40933) – BB
Fixed an issue that caused sound settings to not display correctly in the operation center [GL:XI#24] – SG
Fixed an issue with logrotate permissions for the CentOS 9 OVA [GL:XI#197] – DA
Fixed an issue with password reset emails not containing correct URLs [GL:XI#23] – DA
Fixed an issue where macro variables weren’t expanding properly in notes URLs [GL:XI#315] – SG
Fixed an issue where new users weren’t being shown existing banner messages [GL:XI#277] – SG
Fixed an issue with the announcement banner switch showing incorrect status on page load [GL:XI#266] – SG
Fixed an issue where the License Information screen would fail to load [GL:XI#249] – SAW
Fixed an issue with permissions in the Network Switch Wizard [GL:XI#347] – SG
Fixed an issue where several tables would not get truncated in a script for removing historical data [GL:XI#284] -TG
Fixed an issue in network switch wizard where the Bulk Configuration Settings were not handling mismatched field inputs [GL:XI#312] – SG
Fixed an issue in the update process where the settings would be unexpectedly reset upon upgrading in the oracle tablespace wizard [GL:XI#311] – SG
Fixed an issue where selected months would start with a comma under certain circumstances in recurring downtime [GL:XI#330] – SG
Fixed an issue in the views tab where the fullscreen button moved while in fullscreen during rotating views [GL:XI#163] – SG
Fixed an issue in dark mode where cloning a user and canceling the menu would display non-dark mode css [GL:XI#271] – SG
Fixed an issue in AD/LDAP where having more than 1000 users would cause layout issues [GL:XI#13] – SG
Fixed an issue causing reports to fail to run successfully [GL:XI#316,#296] – DA
Fixed an issue where users without enterprise feature can set snmp traps in the manage mibs interface [GL:XI#176] – SG
Fixed an issue where pages would throw console errors [GL:XI#258] – BB
Fixed an issue where a sufficiently large amount of logs would crash the audit log page [GL:XI#325] – DA
Fixed an issue where unused service and host check tables were enabled by default sometimes causing database corruptions [GL:XI#242] – SG
Fixed an issue where the Sans Rising Ports dashlet would create many DB access errors [GL:XI#338] – DA
Fixed an issue where SNMPv2-PDU had a bad trap definition [GL:XI#78] – DA
Fixed an issue where the side menu wouldn’t automatically update when scheduled reports were added or deleted [GL:XI#331] – DA
Fixed an issue where the redirect parameter on the login page wouldn’t work if the user was already authenticated [GL:XI#150] – DA
Fixed an issue where the application log would show database errors on systems that were integrated with deprecated products [GL:XI#303] -TG
Fixed an issue with the contact PUT endpoint in the API did not allow custom variables [GL:XI#115] – DA
Fixed an issue where XI would fail to export performance data graphs when offline [GL:XI#29] – SNS
Fixed an issue where the SLA page would render incorrectly due to some variable definitions [GL:XI#345] – SNS
Fixed an issue where Wizard Search did not catch quick inputs [GL:XI#265] – SNS
Fixed an issue where the Oracle Serverspace Wizard was overwritting settings on upgrades [GL:XI#343] – SG
Fixed an issue where the Oracle Query Wizard was overwritting settings on upgrades [GL:XI#342] – SG
Fixed an issue where Email Settings would fail to save but indicated that the credentials were saved [GL:XI#263] – BB
Fixed an issue where the services list on the Host Detail page was showing the display name instead of the service description [GL:XI#293] – BB
Fixed an issue where python was not defined in report scripts [GL:XI#307] – SNS
Fixed an issue that would sometimes cause dashlets to reappear on the Home page when deleted [GL:XI#85] – SNS
Fixed an issue where editing SNMP Trap Sender settings would break on PHP 8+ [GL:XI#149] – SG
Fixed an issue that could lead to a blank screen when editing service templates while utilizing PHP 8+ [GL:XI#334] – SG
Fixed an issue where Wizard fields with trailing whitespaces would break data visualizations [GL:XI#308] – SNS
Fixed an issue where whitespaces in the License Information page would cause problems [GL:XI#341] – SNS
Fixed an issue where adding a dashlet would break the page if a confirmation window was open [GL:XI#323] – BB
Fixed an issue where deleting multiple dashlets would cause console errors [GL:XI#324] – BB
Fixed an issue where sendmail couldn’t send to @localhost on PHP 8 [GL:XI#229] – BB
Fixed an issue where external redirects weren’t being blocked when using PHP 8 [GL:XI#199] – BB
Fixed an issue where the logrotate configuration wasn’t being updated properly [GL:XI#333] – BB
Fixed an issue where service descriptions weren’t displaying properly [GL:XI#293] – BB
Fixed an issue where the NCPA wizard would crash on PHP 8 [GL:XI#240] – BB
Fixed an issue where OAuth credentials could indicate that they succeeded when they failed if the user manually modified the files incorrectly [GL:XI#263] – BB
Fixed an issue where Highcharts graphs would show 0 for the Max: field in the labels [GL:XI#336] – BB
Fixed an issue with Email settings where it would check for SSL/TLS if None was selected [GL:XI#227] – BB
Fixed an issue where removing multiple dashlets would cause errors [GL:XI#324] – BB
Fixed an issue where Bootstrap popups wouldn’t close when switching tabs in the application [GL:XI#122] – BB
Improved clarity of error messages in CCM when attempting to modify a host with broken sql tables [GL:XI#173] – SG
Updated verbiage in the Mountpoint Wizard for clarity [GL:XI#110,#279] – DA
Updated styling on the home page [GL:XI#169] – DA
Updated verbiage surrounding custom variables to be more consistent [GL:XI#151] – SG
Updated modal presented when acknowledging problems for clarity [GL:XI#299] – SG
Removed Nagios News Feed Dashlet [GL:XI#298] – SNS
Removed autcomplete from Wizard Address Field [GL:XI#87] – SNS
Removed Alert Cloud Dashlet because Flash is no longer supported [GL:XI#164] – SNS
Deprecated WMI and Web Transaction [GL:XI#317] – SNS

CCM 3.2.1 - 09/11/2023

Fixed issue allowing users to select inactive timeperiods [GL:XI#162] -AC
Fixed SQL injection vulnerability in the CCM Host and Service Escalation pages (Thanks Astrid Tedenbrant and Outpost24 for reporting this) (CVE-2023-40934) – DA

5.11.1 - 06/28/2023

Fixed an issue where NDO would be misconfigured on upgrade – SAW
Fixed an issue where the NCPA configuration wizard would fail to load on some operating systems [GL:XI#123] – AC
Fixed an issue where the Autodiscovery configuration wizard would fail to load on some operating systems [GL:XI#123] – SS

5.11.0 - 06/27/2023

Added the Windows SSH wizard to replace the Windows WMI wizard [GL:XI#117] – SNS
Added the ability to globally set number of hops in the Traceroute Action component [GL:XI#167] – PG
Added the ability to set system-wide banner messages [GL:XI#82] – SG
Added the ability to sort by additional parameters on the Manage Users page [GL:XI#80] – PG
Changed BPI Groups page so that groups are sorted in descending status order. [GL:XI#160,#276] – PG, DA
Improved styling of “Email All Users” modal in dark mode on Manage Users page [GL:XI#250] – SG
Improved user experience in the SNMP Trap Interface [GL:XI#185] – PG
Improved performance in Capacity Planning report [GL:XI#52] – SNS
Updated Nagios Core to version 4.4.13 – SAW
Updated nagios-plugins to version 2.4.5 – SAW
Updated NDO to version 3.1.0 [GL:XI#244] – SAW
Fixed an issue in the help section where a duplicate document was being created [GL:XI#231] – AC
Fixed an issue in Report Management where negative page values caused an error to display [GL:XI#233] – SG
Fixed an issue with PostgreSQL to MySQL migration when the XI server was migrated across Linux distributions [GL:XI#230] – SAW
Fixed an issue causing an error on any page with a checkbox [GL:XI#238] – AC
Fixed an issue where TLS was always enabled when using SMTP on systems running PHP 7.4 or greater [GL:XI#237] – AC
Fixed an issue where removing certain optional dependencies would cause all dependencies to uninstall [GL:XI#241] – SAW
Fixed an issue where certain valid trial keys would fail to activate – SAW
Fixed a UI issue in Chromium-based browsers when mutliple banners are shown [GL:XI#275] – SG, DA
Fixed minor interface issue in Host and Service Status Detail pages [GL:XI#273] – SG
Fixed spelling error in scheduled backups [GL:XI#267] – SG

5.10.0 - 05/16/2023

Added the ability to change service display names in the Bulk Renaming Tool [GL:XI#88] – CL
Added force mass immediate check functionality to the API [GL:XI#129] – DA
Added the ability to export and import dashboards [GL:XI#90] -AC
Added the ability to undo/redo recent changes when modifying dashlets – SNS
Added the CSV output type to the API [GL:XI#53] – CL,DA
Added the ability to send mail with OAuth2 using Microsoft – BB
Added the ability to send mail with OAuth2 using Google – BB
Improved readability for the SDESC/EDESC section of a defined trap in the SNMP Trap Interface [GL:XI#41] – PG
Updated Nagios Core to 4.4.10 – SAW
Updated the Core Config Manager (CCM) to 3.2.0
Fixed an issue where Tools crashed when deleting added tools [GL:XI#128] – AC
Fixed an issue where certain dependencies would throw warning during installation [GL:XI#100] – SNS
Fixed an issue where links in BPI groups were incorrect [GL:XI#75] – PG
Fixed an issue where xml errors occured when using bulk renaming tools [GL:XI#88] – CL, BB
Fixed an issue where notify-host-by-email and notify-service-by-email would not send mail on CentOS Stream 9 [GL:XI#198] – SAW
Fixed an issue where nagios.log was not included in the system profile [GL:XI#114] – CL
Fixed an issue where adding a host or service to Nagvis would fail in MySQL 8 [GL: XI#106] – AC
Fixed an issue where the Nagvis component was not being upgraded to version 2.1.4 during an XI upgrade. [GL:XI#101] – AC
Fixed an issue where Autodiscovery and NCPA configuration wizards would break on systems running PHP 8 [GL:XI#123] -AC
Fixed an issue in the Manage MIBs page where one MIB entry showed two entries [GL:XI#77] – DA
Fixed an issue where certain logs would become cluttered when XI was offline [GL:XI#64] – PG
Fixed an issue where a white screen occurs when bulk-modifying contact groups on Ubuntu [GL:XI#170] – AC
Fixed an issue where LDAP/AD users had to conform to local password requirements [GL:XI#109] – AC
Fixed several issues with configuring SSL/TLS for AD/LDAP integration [GL:XI#4,5,112] – BB
Fixed an issue where dashlet borders were using Modern theme colors on Modern Dark theme when resizing [GL:XI#66] – AC
Fixed an issue where the Edit function of the SNMP Trap Interface was loading improperly [GL:XI#135] – PG
Fixed an issue in the profile script where Oracle system’s Linux distribution was incorrectly displayed [GL:XI#25] – SG
Fixed an issue where deactivating a service marked all services on that host as “not applied” [GL:XI#103] – DA
Fixed an issue where PHP-FPM would exhaust usable memory [GL:XI#152] – DA
Fixed an issue where the check_xi_update plugin would fail on PHP 8 [GL:XI#134] – SNS
Fixed an issue where feedback messages were not being displayed properly after applying bulk changes in the SNMP Trap Interface [GL:XI#183] – SG
Fixed an issue where phpmailer.log was not rotated, causing it to grow indefinitely [GL:XI#121] – SNS
Fixed several issues during installation while FIPS mode is enabled [GL:XI#139] – DA
Fixed SNMP Trap UI-UX on both edit and copy modals [GL: XI#188] – PG
Removed installation handling for unsupported operating systems [GL:XI#98] – SNS
Disabled TRACE, TRACK, OPTIONS, HEAD methods for apache [GL:XI#57] – DA
Deprecated PostgreSQL – SAW

CCM 3.2.0 - 04/01/2023

Added the ability to add and delete additional Arguments in CCM [GL:XI93] – PG
Fixed an issue where users were able to configure invalid service escalations [GL:XI#102] – AC
Fixed issue where a white screen would be displayed when editing contacts on Ubuntu [GL:XI#155] – AC

5.9.3 - 02/01/2023

Fixed possible timing attack when using insecure ticket authentication (Thanks to Kevin Joensen of CSIS for reporting this issue) (CVE-2023-24035) -SAW
Fixed open redirect in Twilio component (Thanks Kevin Joensen and CSIS) (CVE-2023-24036) -SAW
Improve authentication token and salt generation (Thanks Kevin Joensen and CSIS) (CVE-2023-24037) -SAW
Deprecate Debian 9 and Ubuntu 16.04 due to end-of-life [GL:XI#27] – SNS
Update default php resource values [GL:XI#28] – SNS
Fixed bad text wrapping in Availability Report graphs [GL:XI#73] -DA

5.9.2 - 12/05/2022

Fixed issues with missing timestamp with rrdtool xport [GL:XI#1] -LG
Fixed issues with NRPE 4.1.0 Upgrade – [GL:XI#26] -SAW
Upgrade Nagios Core to 4.4.9 -SAW
Made several improvements to RHEL/CentOS 8/9 compatibility -SAW,LG
Fixed insecure auth token generation (Thanks to Kevin Joensen of CSIS for reporting this) -SAW

5.9.1 - 08/31/2022

Fixed issues with MySQL tuning on Ubuntu 22 systems not adding the proper values in the config -JO
Fixed problem with SNMP traps in Ubuntu 22 not working properly due to permissions -JO

Core Config Manager (CCM) - 3.1.9

Fixed issue with newer PHP 8+ systems having PHP fatal errors when editing objects -JO

5.9.0 - 08/18/2022

Added support for CentOS 9 Stream / RHEL 9 and Ubuntu 22 systems -JO
Updated PHP versions supported to include 8.0 and 8.1 -JO
Updated NRPE to 4.1.0 for security fixes -SAW
Updated php.ini config options for new installs to have better defaults -JO

5.8.10 - 06/16/2022

Updated max_connections, max_open_files, disable_log_bin in mysql_tune.sh -SAW
Updated install to give an error message on RHEL 8 systems when codeready-builder repo does not exist -JO
Fixed issue where sometimes SID stored in $_COOKIE could cause invalid login token error until clearing cookies [TPS#15632] -JO
Fixed issue with SLA report causing not authorized error when selecting [Host Only] option [TPS#15734] -JO
Fixed an issue with previous cacerts directory fix [TPS#15713] -JO
Fixed issue with snmptt_service_results.php where it could create a file in place of the nagios.cmd pipe [TPS#15747] -JO
Fixed error in AD/LDAP integration where cert directory wasn’t properly being set on Ubuntu/Debian systems -JO

Core Config Manager (CCM) - 3.1.8

Fixed issue with contact deletion where host/service configs were not being re-written on apply config [TPS#15744] -JO

5.8.9 - 04/28/2022

Added peer verification when loading external URLs -SAW
Updated Nagios Core to 4.4.7 -SAW
Updated users account settings to require password confirmation to change email (CVE-2022-29270) (Thanks Alwin Warringa) -JO
Updated admin account settings to require password confirmation to change password and email (CVE-2022-29270) (Thanks Alwin Warringa) -JO
Updated automysqlbackup script to default root mysql password if none is set [TPS#15739] -JO
Fixed stored XSS security issue in Nagios BPI with the info URL not being escaped properly -JO
Fixed stored XSS security issue with command names having no encoding in the apply config error text -JO
Fixed stored XSS related to update checking -SAW
Fixed redirect on login page where redirect parameter urls could redirect user externally after login (CVE-2022-29272) (Thanks Alwin Warringa) -JO
Fixed issue in 5.8.0 upgrade for Debian and Ubuntu users -SAW
Fixed scheduled report/send report email script allowing HTML code to be used in the message field (CVE-2022-29269) (Thanks Alwin Warringa) -JO
Fixed scheduled downtime page allowing read-only users to submit downtimes via crafted POST requests (CVE-2022-29271) (Thanks Alwin Warringa) -JO

Core Config Manager (CCM) - 3.1.7

Fixed copying of service object not copying excludes for Host/Hostgroups [TPS#15732] -JO
Fixed reflected XSS security issue in lock page Cancel button not urlencoding the returnurl value -JO
Properly fixed XSS security issue in search input on audit log page (thanks Hieu Tran(jkana101) from VCB STeam)) -JO

5.8.8 - 03/08/2022

Fixed issue with Availability report rounding/data error in service averages in the data table [TPS#15609] -JO
Fixed issue in which NCPA CPU Usage metric did not display [TPS#15673] -PhW
Fixed both objects/servicestatus and objects/hoststatus to allow filtering by last_hard_state [TPS#15710] -JO
Fixed restore_xi.sh script to include all libexec plugins not just ones with file extension [TPS#15696] -JO
Fixed file permissions by having automysqlbackup script keep perms in /store/backups/mysql not world readable [TPS#15699] -JO
Fixed default mysql config file options during a clean install (does not get changed on upgrade) [TPS#15692,TPS#15698] -JO
Fixed AD ldapSlashes to properly fix escaping parens [TPS#15709] -JO
Fixed cacerts directory for AD/LDAP certificate management [TPS#15713] -JO

Core Config Manager (CCM) - 3.1.6

Fixed issue where search was case-sensitive -JO
Fixed XSS security issue in search and deletion (thanks Hieu Tran(jkana101) from VCB STeam)) -JO

5.8.7 - 11/02/2021

Updated install to support Debian 11 systems -JO
Updated System Settings for “allow html” to separate options for status and comments under Other Settings and added a warning -JO
Updated migrate.php script to ensure that the nagios_bundler.py is not a security issue by copying it after tarball extraction -JO
Updated NRDP to version 2.0.5 to fix issue with receiving spooled passive checks [TPS#15621] -JO
Updated NSCA to version 2.10.1 to fix security issues -SAW
Fixed issue with “Finish as Template” button not adding services do to new wizards using json encode/decode rather than serialize [TPS#15635] -JO
Fixed capactiyplanning.py giving out a lot of ValueErrors when pending checks are just starting to run -JO
Fixed XSS vulnerability in Nagios Core ui by patching Core for XI systems with escape_string() -JO
Fixed XSS vulnerability in SSH Terminal page url parameter and the Account Information page api_key parameter -JO
Fixed XSS vulnerability in Audit Log page Send to NLS form -JO
Fixed security permissions issue with apache user and temp directory used by Highcharts -JO
Fixed security permissions issue with nocscreen component sounds directory -JO
Fixed manage_services.shs script vulnerability with systemctl not using the –no-pager option -JO
Fixed issue where cloning user would not clone the user’s meta data [TPS#15617] -JO
Fixed bulk modifications issue when trying to remove Free Variables [TPS#15653] -JO
Fixed sysstat data on systemd systems when XML entities are in the output text causing the Admin > System Status to show “No Data” [TPS#15657] -JO
Fixed issue with cfgmaker with contact/location newlines causing it not to work [TPS#15666] -JO,SS
Fixed various security issues: (thanks chenhuiliang@qianxin.com and chenruiqi@qianxin.com from Codesafe Team of Legendsec at Qi’anxin Group)
Fixed various XSS vulnerabilities in the auditlog.php admin page -JO
Fixed SQL injection possibility in mib_name parameter when uploading new MIBs in Manage MIBs page -JO
Fixed XSS vulnerability in the Admin > system performance settings page -JO
Fixed XSS vulnerabilities in the Admin > system settings page -JO
Fixed XSS vulnerability in ajax.php script in CCM 3.1.5 -JO
Fixed security vulnerability in nagiosna component in version 1.4.5 -JO
Fixed security vulnerability in MTR component in version 1.0.4 -JO
Fixed security issue in NRDS with version 1.2.8 -JO

Core Config Manager (CCM) - 3.1.5

Fixed Down stalking option not working for Host Templates in Alert Settings tab [TPS#15625] -JO
Fixed XSS vulnerability in ajax.php script -JO
Fixed issue with case insensitivity in regards to host/service names when importing configs (or running wizard) [TPS#15620] -JO

5.8.6 - 09/02/2021

Added Stalking Notification and None options to Single Config Option for Bulk Modifications Tool [TPS#15597] -PhW
Updated Bulk Modifications Tool UI to use actual option names, and mirror UI from normal config page -PhW
Updated NagVis component to version 2.0.9 to fix security issue (thanks Scott Tolley from Synopsys Cybersecurity Research Center (CyRC)) -JO
Fixed issue with special characters in Top Alert Producers, State History, and Notifications reports [TPS#15599] -JO
Fixed built in DEV tools, so you can log values and monitor them through the web UI. -PhW
Fixed styling issue on the Check for Updates page when in Modern Dark theme -JO
Fixed command injection security issue during installation of components, wizards, and dashlets in cmdsubsys -JO
(thanks Guillaume André of Synacktiv (https://synacktiv.com)) (CVE-2021-40345)
Fixed security issue in backend API auth where it was not properly authing the insecure login ticket -JO
Fixed security vulnerability with file permissions for the migrate nagios_unbundler.py script -JO
(thanks Guillaume André of Synacktiv (https://synacktiv.com)) (CVE-2021-40343)
Fixed SQL injection in the Manage MIBs admin page and Bulk Modifications page -JO
Fixed XSS security vulnerability in Manage My Dashboards page edit dashboard title attribute (thanks Matthew Dunn) (CVE-2021-38156) -JO
Fixed SSRF vulnerability in Scheduled Report URL when scheduled pages URL is outside the Nagios XI system
(thanks Ben Leonard-Lagarde (Modux)) (CVE-2021-37223) (TPS#15594) -PhW,JO
Fixed issue in which deleting a host having an escalation caused an invalid config. -PhW

Core Config Manager (CCM) - 3.1.4

Fixed reflective XSS in the test command due to double encoded html entities -JO
(thanks Amit Raut of Trend Micro Security Research working with Trend Micro Zero Day Initiative)

5.8.5 - 07/15/2021

Fixed issue where critical or warning values in certain disk space metrics were rendered as green. -PhW
Added extra folder name sanatization to the getprofile.sh script to make it more secure -JO
Fixed password email going out when AD/LDAP user is created without local password auth [TPS#15547] -JO
Fixed failed backup email sent when running a manual local backup [TPS#15546] -JO
Fixed timezone for Istanbul in utils-time.inc.php [TPS#15532] -JO
Fixed longserviceoutput macro not properly converting newlines to breaks in HTML email notifications [TPS#15537] -JO
Fixed issue when generating PDFs (and auth tokens in general) on usernames with uppercase letters in them [TPS#15542] -JO
Fixed display issue of host/service notes where double quotes were not displayed correctly [TPS#15543] -JO
Fixed SQL injection vulnerability in Bulk Modifications Tool for some single config option types -JO
Fixed post auth RCE in autodiscovery due to path tranversal issue in job id -JO
Fixed issue with index.php page value not being properly validated before being passed to display page function -JO
Fixed possible insecurity in Nagios Mobile authentication where it would not exit/quit after redirecting unauthenticated users -JO
Fixed redirection vulnerability in login redirect url for some styles of urls -JO
Fixed vulnerability with xi-sys.cfg being imported from the var directory for some scripts with elevated perms -JO
Fixed issue where AD/LDAP wouldn’t search in base directory [TPS#15495] -JO
Fixed empty XML output when outputtype=xml for hostgroup/servicegroup API endpoints when there are no groups -JO
Fixed issue with manage_services.sh and restarting php-fpm on EL8 systems -JO
Fixed insecure permissions on migrate.php and repairmysql.sh file (thanks Ben Leonard-Lagarde (Modux) & Lucas Fedyniak-Hopes (Modux)) (CVE-2021-36363, CVE-2021-36365) -JO
Fixed issue with Nagios Mobile not verifying a comment is set for scheduled downtime or acknowledge -JO
Fixed security issue with backup_xi.sh and manage_services.sh allowing using wildcards -JO
(thanks Ben Leonard-Lagarde (Modux) & Lucas Fedyniak-Hopes (Modux)) (CVE-2021-36364, CVE-2021-36366) -JO

Core Config Manager (CCM) - 3.1.3

Fixed SQL injection from improper escaping of values in search text -JO
Fixed timeperiod template name adding _copy_x to the template name even if empty which caused errors [TPS#15550] -JO

NDO - 3.0.7

Added option “log_failed_queries” to ndo.cfg. Set this to 0 to disable failed query logging -SAW
Fixed issue where nagios_objects.name2 would occasionally be set to NULL -SAW
Fixed issue where leftover comments and other objects would cause hosts and services to continue showing in the database after deletion. [TPS#15549] -SAW
Widened all text columns significantly -SAW

5.8.4 - 06/10/2021

Updated getprofile.sh to delete a new profile’s folder before generating contents -JO
Fixed install on newer Debian 9 systems due to default pip version [TPS#15535] -JO
Fixed issues with logrotate -JO,DC
Fixed getprofile.sh db_host value to properly pull from config.inc.php -JO,DC
Fixed vulnerability in getprofile.sh not clearing directory before creating profile -JO
Fixed restore_xi.sh using relative directory path -JO,DC
Fixed SQL injection vulnerability in Bulk Modifications Tool -JO
Fixed XSS security vulnerability in about section -JO
Fixed the “use” option to properly apply when using the config/contacts API endpoint -SS,JO
Fixed security issue for config when upgrading system [TPS#15551] -JO

Core Config Manager (CCM) - 3.1.2

Fixed XSS security vulnerability in CCM lock page functionality -JO

5.8.3 - 03/31/2021

Updated jQuery to version 3.6.0 to fix minor issues -JO
Updated email validation to require RFC 822 valid email addresses to fix possible security vulnerabilities -JO
Fixed install process on Oracle Linux 8 due to mod_php being used instead of php-fpm like CentOS/RHEL -JO
Fixed config/ endpoints to properly display array of contacts (and other objects) when using append (+) in config [TPS#15509] -JO
Fixed argument quoting in mysqlrepair and restore_xi scripts -DC,JO
Fixed issue with Scheduled Backups sending local backup success email with SSH or FTP emails [TPS#15501] -JO
Fixed API help/example PUT config calls not working properly due to space not being url encoded [TPS#15505] -JO
Fixed XSS vulnerability in user Email Address field when on Send Test Notification page -JO
Fixed possible RCE vulnerability via Email Address not being properly validated (CVE-2020-24899) -JO
Fixed scheduled reports jobs not changing with username change [TPS#15502] -JO
Fixed issue where masquerade button in the Manage Users page wasn’t working on some OS/PHP versions -JO
Fixed issues with MIB integration after upgrading to SNMPTT 1.4.2 [TPS#15376] -SAW
Fixed issues with Undo Trap Processing button [TPS#15500] -SAW
Fixed issue with downgraded ndo2db systems where limited users would not properly load data due to is_ndo_loaded failing -JO

5.8.2 - 02/25/2021

Removed deprecated code related to NDO 2 (get_db_backend_status, get_ndoutils_info_xml, API’s system/statusdetail dbbackend) -SAW
Updated php.ini settings to add some more restrictive session options for better security -JO
Updated NRDP version to 2.0.4 to fix jQuery CVE and update Bootstrap version -JO
Fixed issue with Enterprise message showing up on Rapid Response URL page even though it shouldn’t -JO
Fixed jquery 3 compat script not loading for wkhtmltopdf report generation when jQuery 1.x is disabled -JO
Fixed wkhtmltopdf delay/timeout not being set properly for page pdf generation -JO
Fixed default date, number, and week format set when creating a new user to match config settings [TPS#15428] -JO
Fixed special characters in ansible passwords with Deploy and Migrate scripts [TPS#15443] -JO
Fixed typo in Performance Settings Database tab [TPS#15446] -JO
Fixed issue with custom API endpoints not being passed the $args as an array -JO
Fixed Nagios Configuration location being passed to the migrate script when using advanced options in Migrate Server page -JO
Fixed Bulk Modifications Tool to make ARG8 work properly and fix checkboxes when setting a new command [TPS#15458] -JO
Fixed issue with snmptraphandling.py script not working properly with Python 3 [TPS#15461] -JO
Fixed My Scheduled Reports History tab to work properly with old PostgresQL installs of XI [TPS#15467] -JO
Fixed user permissions on newer MySQL servers to allow backup_xi.sh to do a mysqldump [TPS#15462] -JO
Fixed issue with backslash in service names not showing up when editing a Nagios BPI group [TPS#15457] -JO
Fixed snmptrapd not enabled/starting on some Debian and Ubuntu installations [TPS#15473] -JO
Fixed Two Factor email authentication in Nagios Mobile interface [TPS#15399] -JO
Fixed rrdexport API endpoint to allow passing the maxrows value to no longer be limited to the default [TPS#15433] -JO
Fixed issue installing on RHEL 8.3 due to codeready builder repo requirement [TPS#15463] -JO
Fixed permissions issues with Deploy Dashboards component -JO
Fixed permissions on the send_to_nls.php file to be owned by root and read only to other users -JO
Fixed Nagios BPI sync when applying configuration not waiting for NDO3 to load all data before running [TPS#15448] -JO
Fixed issue where php-fpm was not being restarted during CA cert add in LDAP/AD cert management page -JO

Core Config Manager (CCM) - 3.1.1

Fixed issue where overlay would not allow scrolling for Free Variables list [TPS#15452] -JO
Fixed copying host/services with backslash in the name not copying the full name with backslash [TPS#15460] -JO
Fixed XSS security vulnerabilities in config_name and service_description on the Services page -JO
Fixed XSS security vulnerabilities in Overlay modals -JO
Fixed issue with writing out host with backslash in the host_name -JO

NDO - 3.0.6

Increased performance for queries involving comment history and downtimes on large/long-running systems
Fixed error when adding downtimes which expire after 2038

5.8.1 - 01/15/2021

Fixed issue with Admin > Manage Components page where the proper component name was not being set -JO

5.8.0 - 01/13/2021

Added Migrate Server utility to Admin section to migrate Nagios Core systems to Nagios XI -JO,SAW
Added new Configuration Snapshots page with ability to see raw diffs between configuration changes that have been applied -JO
Added services tab into Host Status Details page to see service status without leaving the page -JO
Added ability to deploy agents from the Auto Discovery tool and show if agents have been deployed to hosts that are discovered -JO
Added Microsoft 365 Config Wizard -LG
Added Linux Server Legacy Config Wizard that uses NRPE -LG
Added notification options to Scheduled Backups to notify via email when backups succeed or if they fail -JO
Added ease of use enhancements to the New Password input and Email User New Password checkbox in the Edit Users page -JO
Added Scheduled Reports History tab to My Scheduled Reports page and Report Managment section to view reports ran and the status -JO
Added ability to send URL parameters to PUT API config endpoints in case a parameter cannot be passed via the URL path -JO
Added support for deploying agents on Windows machines (if openssh server is enabled and configured) via Deploy Agents -JO
Updated Rapid Response page sizing on mobile devices -JO
Updated Linux Server Config Wizard to use NCPA instead of NRPE -LG
Updated NDO to version 3.0.5 -JO,SAW
Updated Highcharts to version 7.2.2 for bug fixes -JO
Fixed Scheduled Backup logging so it logs output and errors directly into the scheduledbackups.log file when backups are ran -JO
Fixed issue with the coreuiproxy not properly working with URL encoded strings [TPS#15381] -JO
Fixed Scheduled Reporting logging file (/usr/local/nagiosxi/var/scheduledreporting.log) not being created by default -JO
Fixed Bulk Modifications Tool to properly apply check_command on host/services that do not have one [TPS#15385] -JO
Fixed Bulk Modifications Tool logging output not showing the proper host/service names in the audit log [TPS#15384] -JO
Fixed issue with forward slashes in name/definition of object configs in Nagios BPI [TPS#15356] -JO
Fixed service selection dropdown from changing sizes in Graph Explorer’s Multistacked graph tab [TPS#15368] -JO
Fixed issue with Auto Discovery not having Actions buttons if a running job finishes before moving off or refreshing the page -JO
Fixed theme/CSS issue with column sizes on large screens -JO
Fixed Ansible package installation on Ubuntu 18.04 LTS systems -JO
Fixed 2FA causing issues with the Core username/password authentication .htaccess file [TPS#15401] -JO
Fixed API endpoints config/host and config/service to make host_name and config_name values case sensitive -JO
Fixed changing timezone in EL8 systems not restarting php-fpm which causes php to have the wrong timezone until restarted -JO
Fixed issue with system/commands when using multiple command IDs [TPS#15408] -JO,SS
Fixed security vulnerability where PNP’s PHP templates were accessible from the interface -JO
Fixed stored XSS security vulnerability in My Tools page (thanks Matthew Aberegg) -JO
Fixed security vulnerability in Manage Plugins upload when using convert line endings option (CVE-2020-35578) (thanks Haboob Team) -JO
Fixed styling on Rapid Response page when using a trial enterprise license -JO
Fixed serial number for self signed SSL generated when selecting SSL option during install -JO
Fixed sysstat cron job cpu stats on newer versions of iostat in CentOS/RHEL systems -JO,DC
Fixed XSS security vulnerability in Nagios BPI config IDs (thanks Matt Aberegg) -JO
Fixed XSS security vulnerability in views url (thanks Matt Aberegg) -JO
Fixed issue with Bulk Modifications Tool when removing a free variable where relationships would not show -JO
Fixed XSS security vulnerability in SSH Terminal page (CVE-2021-25299) (thanks Nipun Gupta of Cloudfuzz) -JO
Fixed security vulnerability in Graph Template upload and PNP share directory (thanks Xinjie Ma from Chaitin Security Research Lab) -JO

Core Config Manager (CCM) - 3.1.0

Added checkbox in Import Config Files page that hides all configs outside of the import directory -JO
Added service excludes checkbox into Service Escalations -JO
Updated service object Misc Settings tab to remove config options that are not able to be set for services -JO
Updated Misc Settings information for how to use specific fields -JO
Fixed issue where object names with multiple spaces in a row would not import properly [TPS#15374] -JO
Fixed check command close button over the command output and command output sizing [TPS#15353] -JO
Fixed Service Escalations showing * for contact/contact group options since it is not usable [TPS#15403] -JO
Fixed Service not removing hosts properly when deleting a host and the service also has a hostgroup assigned [TPS#15415] -JO
Fixed excluding services, hosts, host groups from Service Escalations [TPS#15321] -JO
Fixed importing services on Service Escalations when host_name is set to * [TPS#15321] -JO
Fixed XSS security vulnerability with the Active/Actions buttons in the templates pages (thanks Matt Aberegg) -JO

5.8.0 - 01/13/2021

Added Migrate Server utility to Admin section to migrate Nagios Core systems to Nagios XI -JO,SAW
Added new Configuration Snapshots page with ability to see raw diffs between configuration changes that have been applied -JO
Added services tab into Host Status Details page to see service status without leaving the page -JO
Added ability to deploy agents from the Auto Discovery tool and show if agents have been deployed to hosts that are discovered -JO
Added Microsoft 365 Config Wizard -LG
Added Linux Server Legacy Config Wizard that uses NRPE -LG
Added notification options to Scheduled Backups to notify via email when backups succeed or if they fail -JO
Added ease of use enhancements to the New Password input and Email User New Password checkbox in the Edit Users page -JO
Added Scheduled Reports History tab to My Scheduled Reports page and Report Managment section to view reports ran and the status -JO
Added ability to send URL parameters to PUT API config endpoints in case a parameter cannot be passed via the URL path -JO
Added support for deploying agents on Windows machines (if openssh server is enabled and configured) via Deploy Agents -JO
Updated Rapid Response page sizing on mobile devices -JO
Updated Linux Server Config Wizard to use NCPA instead of NRPE -LG
Updated NDO to version 3.0.5 -JO,SAW
Updated Highcharts to version 7.2.2 for bug fixes -JO
Fixed Scheduled Backup logging so it logs output and errors directly into the scheduledbackups.log file when backups are ran -JO
Fixed issue with the coreuiproxy not properly working with URL encoded strings [TPS#15381] -JO
Fixed Scheduled Reporting logging file (/usr/local/nagiosxi/var/scheduledreporting.log) not being created by default -JO
Fixed Bulk Modifications Tool to properly apply check_command on host/services that do not have one [TPS#15385] -JO
Fixed Bulk Modifications Tool logging output not showing the proper host/service names in the audit log [TPS#15384] -JO
Fixed issue with forward slashes in name/definition of object configs in Nagios BPI [TPS#15356] -JO
Fixed service selection dropdown from changing sizes in Graph Explorer’s Multistacked graph tab [TPS#15368] -JO
Fixed issue with Auto Discovery not having Actions buttons if a running job finishes before moving off or refreshing the page -JO
Fixed theme/CSS issue with column sizes on large screens -JO
Fixed Ansible package installation on Ubuntu 18.04 LTS systems -JO
Fixed 2FA causing issues with the Core username/password authentication .htaccess file [TPS#15401] -JO
Fixed API endpoints config/host and config/service to make host_name and config_name values case sensitive -JO
Fixed changing timezone in EL8 systems not restarting php-fpm which causes php to have the wrong timezone until restarted -JO
Fixed issue with system/commands when using multiple command IDs [TPS#15408] -JO,SS
Fixed security vulnerability where PNP’s PHP templates were accessible from the interface -JO
Fixed stored XSS security vulnerability in My Tools page (thanks Matthew Aberegg) -JO
Fixed security vulnerability in Manage Plugins upload when using convert line endings option (CVE-2020-35578) (thanks Haboob Team) -JO
Fixed styling on Rapid Response page when using a trial enterprise license -JO
Fixed serial number for self signed SSL generated when selecting SSL option during install -JO
Fixed sysstat cron job cpu stats on newer versions of iostat in CentOS/RHEL systems -JO,DC
Fixed XSS security vulnerability in Nagios BPI config IDs (thanks Matt Aberegg) -JO
Fixed XSS security vulnerability in views url (thanks Matt Aberegg) -JO
Fixed issue with Bulk Modifications Tool when removing a free variable where relationships would not show -JO
Fixed XSS security vulnerability in SSH Terminal page (CVE-2021-25299) (thanks Nipun Gupta of Cloudfuzz) -JO
Fixed security vulnerability in Graph Template upload and PNP share directory (thanks Xinjie Ma from Chaitin Security Research Lab) -JO

5.8.0 - 01/13/2021

Added Migrate Server utility to Admin section to migrate Nagios Core systems to Nagios XI -JO,SAW
Added new Configuration Snapshots page with ability to see raw diffs between configuration changes that have been applied -JO
Added services tab into Host Status Details page to see service status without leaving the page -JO
Added ability to deploy agents from the Auto Discovery tool and show if agents have been deployed to hosts that are discovered -JO
Added Microsoft 365 Config Wizard -LG
Added Linux Server Legacy Config Wizard that uses NRPE -LG
Added notification options to Scheduled Backups to notify via email when backups succeed or if they fail -JO
Added ease of use enhancements to the New Password input and Email User New Password checkbox in the Edit Users page -JO
Added Scheduled Reports History tab to My Scheduled Reports page and Report Managment section to view reports ran and the status -JO
Added ability to send URL parameters to PUT API config endpoints in case a parameter cannot be passed via the URL path -JO
Added support for deploying agents on Windows machines (if openssh server is enabled and configured) via Deploy Agents -JO
Updated Rapid Response page sizing on mobile devices -JO
Updated Linux Server Config Wizard to use NCPA instead of NRPE -LG
Updated NDO to version 3.0.5 -JO,SAW
Updated Highcharts to version 7.2.2 for bug fixes -JO
Fixed Scheduled Backup logging so it logs output and errors directly into the scheduledbackups.log file when backups are ran -JO
Fixed issue with the coreuiproxy not properly working with URL encoded strings [TPS#15381] -JO
Fixed Scheduled Reporting logging file (/usr/local/nagiosxi/var/scheduledreporting.log) not being created by default -JO
Fixed Bulk Modifications Tool to properly apply check_command on host/services that do not have one [TPS#15385] -JO
Fixed Bulk Modifications Tool logging output not showing the proper host/service names in the audit log [TPS#15384] -JO
Fixed issue with forward slashes in name/definition of object configs in Nagios BPI [TPS#15356] -JO
Fixed service selection dropdown from changing sizes in Graph Explorer’s Multistacked graph tab [TPS#15368] -JO
Fixed issue with Auto Discovery not having Actions buttons if a running job finishes before moving off or refreshing the page -JO
Fixed theme/CSS issue with column sizes on large screens -JO
Fixed Ansible package installation on Ubuntu 18.04 LTS systems -JO
Fixed 2FA causing issues with the Core username/password authentication .htaccess file [TPS#15401] -JO
Fixed API endpoints config/host and config/service to make host_name and config_name values case sensitive -JO
Fixed changing timezone in EL8 systems not restarting php-fpm which causes php to have the wrong timezone until restarted -JO
Fixed issue with system/commands when using multiple command IDs [TPS#15408] -JO,SS
Fixed security vulnerability where PNP’s PHP templates were accessible from the interface -JO
Fixed stored XSS security vulnerability in My Tools page (thanks Matthew Aberegg) -JO
Fixed security vulnerability in Manage Plugins upload when using convert line endings option (CVE-2020-35578) (thanks Haboob Team) -JO
Fixed styling on Rapid Response page when using a trial enterprise license -JO
Fixed serial number for self signed SSL generated when selecting SSL option during install -JO
Fixed sysstat cron job cpu stats on newer versions of iostat in CentOS/RHEL systems -JO,DC
Fixed XSS security vulnerability in Nagios BPI config IDs (thanks Matt Aberegg) -JO
Fixed XSS security vulnerability in views url (thanks Matt Aberegg) -JO
Fixed issue with Bulk Modifications Tool when removing a free variable where relationships would not show -JO
Fixed XSS security vulnerability in SSH Terminal page (CVE-2021-25299) (thanks Nipun Gupta of Cloudfuzz) -JO
Fixed security vulnerability in Graph Template upload and PNP share directory (thanks Xinjie Ma from Chaitin Security Research Lab) -JO

NDO - 3.0.5

Drastically reduced startup time for some systems
Fixed occasional long shutdown times in Nagios Core
Fixed segmentation faults related to severed MySQL connections
Fixed issue with service display_name being set to the service description

5.7.5 - 11/12/2020

Fixed security issues with AngularJS 1.3.9 by upgrading to 1.8.2 -JO
Fixed various XSS security issues with older version of Bootstrap 3.3.x by upgrading to 3.4.1 in both Desktop and Mobile -JO
Fixed mobile redirect when trying to access the rapid response URL [TPS#15372] -JO
Fixed various XSS security vulnerabilities in Manage Users, Notification Settings, Agent Management, and Deploy Dashboard pages (thanks Namratha) -JO
(CVE-2020-27988, CVE-2020-27989, CVE-2020-27990, CVE-2020-27991)
- Fixed privilege escalation security vulnerability with Auto-Discovery php script (thanks Chris Lyne of Tenable) (CVE-2020-28648) -JO
- Fixed authenticated remote code execution in Auto-Discovery component (thanks Shahar Zini and Samir Ghanem from Skylight Cyber Security) -JO

Core Config Manager (CCM) - 3.0.8

Fixed various XSS security vulnerabilities in overlay and notification/check period -JO
Fixed issue with command escaping in Test Check Command [TPS#15167] -JO

5.7.4 - 10/15/2020

Fixed issue with mysqladmin credentials not being set when creating a support Profile [TPS#15324] -JO
Fixed SQL injection vulnerability in the edit page for SNMP Trap Interface (thanks Matthew Aberegg) -JO
Fixed typos in Deploy Agent page [TPS#15336] -JO
Fixed issue with servicegroup_name not being populated in schedule downtime popup on Service Group Grid/Overview pages [TPS#15328] -JO
Fixed search box autocomplete not working on Host/Service Details pages -JO
Fixed Auto Discovery component when scheduling a recurring scan at either 12 AM or PM [TPS#15342] -JO
Fixed issue when updating a single component using the install button on the Manage Components page [TPS#15337] -JO
Fixed renaming objects via PUT request in API with only a name change causing apply config issues [TPS#15156] -JO
Fixed Recurring Scheduled Downtime for limited users services not showing up [TPS#15354] -SS,JO
Fixed CSRF security vulnerabilities in Manage MIBs page and SNMP Trap Interface (CVE-2020-5790) (thanks Chris Lyne of Tenable) -JO
Fixed RCE security vulnerability in the Manage MIBs page (CVE-2020-5791) (thanks Chris Lyne of Tenable) -JO
Fixed Command Argument Injection vulnerability in SNMP Trap Interface (CVE-2020-5792) (thanks Chris Lyne of Tenable) -JO
Fixed Nagios BPI issues with newer systems with newer versions of git cmd using an invalid cmdline parameter -JO
Fixed issue with filtered output in SLA/Availability report when advanced options are set [TPS#15358] -JO
Fixed empty pending host/service check that could show up after hard system reset -JO

Core Config Manager (CCM) - 3.0.7

Fixed various XSS sercurity vulnerabilities in the object edit pages (thanks Matthew Aberegg) -JO
Fixed various SQL injection security vulnerabilities in the object edit pages (thanks Matthew Aberegg) -JO
Fixed bug in the CCM Audit Log page which would not allow searching -JO

NDO - 3.0.4

Fixed issue with downtime brokering on startup
Fixed logging of failed queries for WRITE_HOSTS/WRITE_SERVICES/WRITE_CONTACTS
Fixed blank host/service status rows that may get added during a hard restart

5.7.3 - 09/03/2020

Updated NDO to 3.0.3 -SAW,JO
Added missing scheduled downtime comment data to Host/Service Status Details pages [TPS#15190] -JO
Fixed search on services page to properly search in a case insensitive way [TPS#15241] -JO
Fixed typo in Admin > Performance Settings max comment history age field [TPS#15227] -JO
Fixed information tooltips in security popup during LDAP/AD user import [TPS#15247] -JO
Fixed library path for mrtg2, in cfgmaker. In some OS versions, the path needs to be ../lib64/mrtg2, instead of ../lib/mrtg2 [TPS#15213] -LG
Fixed library path for mrtg2, in mrtg. In some OS versions, the path needs to be ../lib64/mrtg2, instead of ../lib/mrtg2 [TPS#15213] -LG
Fixed parameter problem_has_been_acknowledged not working on hoststatus and servicestatus API endpoints [TPS#15256] -JO
Fixed backup/restore scripts to no longer copy over old nagiosmobile HTTPD config [TPS#15266] -JO
Fixed issue with the parameter host_object_id (host_id works) not working with objects API calls [TPS#15263] -JO
Fixed XSS security vulnerability in Admin -> Manage Users (Thanks Christian Weiler) [TPS#15277] -SAW
Fixed XSS security vulnerability in Add/Manage Dashboard page and popup [TPS#15292]-JO
Fixed privilege escalation in backend scripts ran as root where some included files were editable by nagios user (CVE-2020-15903) (thanks ERNW) -JO
Fixed command injection vulnerability in report PDF Download (Thanks Christian Weiler) [TPS#15278] -SAW
Fixed privilege escalation vulnerability in getprofile.sh (Thanks Christian Weiler) [TPS#15279] -SAW
Fixed issue with Capacity Planning python script on Ubuntu 20.04 [TPS#15283] -JO
Fixed Inbound Email Processing when using Outlook and other clients that use Windows line endings [TPS#15285] -JO
Fixed clearner.php error on systems still running postgresql [TPS#15299] -JO
Fixed Host/Servicegroup summary dashlets commands link not working while they are inside dashboards [TPS#15196] -JO
Fixed Host/Service Details pages on smaller screen sizes having the record count/search bar overlap eachother [TPS#15304] -JO
Fixed issues with Dark Theme Highcharts graphs to be more readable and usable -JO

NDO - 3.0.3

Fixed issue with version comparison in database upgrade script
Fixed issue with failed timed_event brokering on startup
Fixed issue with erroneous logging of notification brokering failures
Fixed improper handling of callback registration when some event types were disabled

5.7.2 - 07/14/2020

Updated NDO to 3.0.2 to fix issues with slow startup with large systems and truncating tables -SAW,JO
Fixed NDO issue where renaming hosts and services with uppercase/lowercase letters caused inconsistencies [TPS#15205] -SAW,JO
Fixed restricting access to auto deploy output JSON files -JO
Fixed brevity settings for objects/hoststatus and objects/servicestatus when using outputtype=xml -JO
Fixed issue with NDO connection in Nagios XI using latin1 as default charset instead of utf8 -JO
Fixed error updating audit log when removing a user [TPS#15172] -JO
Fixed warning/critical toggle button icon placement on Highcharts graphs with single dataset [TPS#15175] -JO
Fixed XML brevity causing isseus with Mass Acknowledge and other systems that rely on XML data [TPS#15179] -JO
Fixed displaying inactive objects that have been disabled in nagios_objects table -JO
Fixed security vulernability with audio import directory allowing php files to be uploaded/ran from that directory (thanks @TactiFail) -JO
Fixed XSS security vulnerability in background color in Dashboards (thanks @TactiFail) -JO
Fixed XSS security vulnerability in Config Management > Edit Config page in BPI component (thanks @TactiFail) -JO
Fixed XSS security vulnerability in Graph Explorer link url option (CVE-2020-15902) (thanks ERNW) -JO
Fixed RCE vulnerability with ajaxhelper.php when running certain commands through cmdsubsys (CVE-2020-15901) (thanks ERNW) -JO
Fixed issue where the “Check for Updates” button on Wizards/Components was not checking latest XI 5.7 versions -JO
Fixed Top Alert Producers report not showing on CentOS 8 / MySQL 5.7+ [TPS#15202] -JO
Fixed LDAP integration missing function causing a PHP error when trying to import users from LDAP -JO
Fixed backend cache causing problems when empty data was returned -JO
Fixed mod_gearman issue with NDO3 causing it to not use the mod_gearman module -SAW
Fixed ansible version issue for Auto Deployment component on Ubuntu 16 and Debian 9 systems [TPS#15200] -JO
Fixed issue with PHP 7 and Scheduling Queue page not showing up properly -JO
Fixed python setup for Ubuntu 20 systems which have both Python 2 and Python 3 installed -JO
Fixed NagVis installation issue with Ubuntu 20 and CentOS/RHEL 8 due to using Python 3 -JO
Fixed Manage Deployed Agents page where OS version would not always update or add when adding new agents [TPS#15192] -JO

NDO - 3.0.2

Fixed host/service/contact tables being truncated on restarts (long-standing PENDING states in Nagios XI host/service status)
Fixed issue with writing contacts to object tables during startup when duplicate objects exist in the nagios configuration
Fixed issues around NDO trying to broker its own error logs when MySQL was disconnected or disabled
Fixed issues with NEB callback registration priority for Mod Gearman compatibility
Fixed issue where changing capitalization of an existing host/service would partially fail
Improved MySQL reconnection logic to increase chances of successful reconnection and reduce performance impact
Made previously compile-time debugging configuration available in ndo.cfg
Added more information to the logs when handling errors during startup
Added removal of inactive objects from the host/service/contact status tables instead of truncating them completelya

Core Config Manager (CCM) - 3.0.6

Fixed security vulnerability with Static Config Editor allowing editing apache owned files outside static directory (thanks @TactiFail) -JO

5.7.1 - 06/11/2020

Updated NDO 3 to 3.0.1 to fix some errors on certain systems and upgrade issues -SAW,JO
Updated jQuery to version 3.5.1 to fix security vulnerabilities -JO
Fixed non-admins not able to process host/service relations from the db causing the user to see no hosts/services -JO
Fixed issue with State History report causing a PHP error and would not display state data -JO
Fixed installation issue on RHEL 8 with redhat-lsb-core package installed -JO
Fixed sourceguardian upgrade issue with old versions of XI on 32bit systems -JO
Fixed resolving hostname in IP Mismatch popup check for systems with hostnames in the program URL -JO
Fixed styling issues on Configure main page when using Modern Dark theme -JO
Fixed the ndo2db manage_services.sh script status check to return a message since ndo2db was removed -JO
Fixed object status retries in the Performance Settings page not saving when set -JO
Fixed restore snapshot in CCM broker_module being overwritten with ndo2 version of broker module line -JO

NDO - 3.0.1

Fixed failure on startup due to oversized subqueries in ndo_write_contact_objects, ndo_write_services_objects, and ndo_write_hosts_objects
Fixed errors when re-running the upgrade script for 2.1.3->3.0.x
Fixed “name1 is null” error messages during startup due to missing timeperiods.

5.7.0 - 06/08/2020

Added new Nagios Mobile interface that better integrates with Nagios XI -CN,SAW
Added support for CentOS/RHEL/Oracle 8 -JO
Added support for Ubuntu 20.04 LTS and Debian 10 -JO
Added NCPA agent deployment and updated NCPA config wizard -JO
Added notice to the login alert box that mentions if hostname or ip is valid in program url [TPS#2327] -JO
Added add and remove servicegroups to and from services in Bulk Modifications Tool [TPS#13587] -CN
Added ability to play sounds when state changes occur in the NOC screen [TPS#10777] -SAW
Added Audit Log messages for REST API calls [TPS#6913] -SAW
Added configuration options to send the Audit Log to Nagios Log Server [TPS#13942] -SAW
Added ability to set Dashboard backgrounds to transparent [TPS#14284] -JO
Added Config Management section to Nagios BPI component [TPS#14473] -JO
Added search box into LDAP/AD import page to decrease amount of users displayed and to find specific users [TPS#10230] -JO
Added new JSON configuration wizard -JO
Added new XML configuration wizard -JO
Updated SourceGuardian loaders to now support PHP versions up to 7.4 -JO
Updated NDOutils to NDO 3.0.0 for performance increase and no longer using kmq or the ndo2db daemon -JO
Updated NRDP to version 2.0.3 -JO
Updated NRPE to version 4.0.3 -JO
Updated Nagios Core to version 4.4.6 -JO
Updated Nagios Plugins to version 2.3.3 -JO
Updated objects API to no longer convert XML to JSON for a more consistent output and always returns the same structure at any result size [TPS#14740] -JO
Updated Bulk Modifications Tool to allow only setting certain arguments selected by checkboxes [TPS#14765] -JO
Updated layout on host/service status pages to maximize space and allow removing summary dashlets via page config settings -JO
Updated Hostgroup and Servicegroup command buttons to use popups instead of going to old Core proxy pages -JO
Updated access methods for subsystems that needed random credentials and removed the Admin > “Security Credentials” page -JO
Updated restore_xi.sh script to ask for MySQL password when running if it cannot connect to MySQL [TPS#14294] -JO
Updated layout for LDAP/AD import user selection page to make more usable when selecting many users -JO
Updated Exchange config wizards to use NCPA instead of NSClient++ -LG,JO
Updated Windows Server/Desktop to use NCPA instead of NSClient++ -JO
Updated Legacy NSClient++ configuration wizard (used to be Windows Server/Desktop) -JO
Updated Availability report to increase speed by reducing the amount of data parsed when filtering -JO
Fixed Unconfigured Objects auto-configure templates to use ID to not cause config errors if template is deleted [TPS#14328] -JO
Fixed issue with LDAP/AD select users toggle all/none checkbox not working properly -JO
Fixed limited LDAP/AD queries (PHP 5.3.x will require a search but will notify when limit is reached) [TPS#10230] -JO
Fixed resizing issue when updating dashlets in Capacity Planning tab in the host/service status details pages [TPS#15053] -JO
Fixed custom time range on SLA report to use proper time range specified [TPS#15048] -JO
Fixed issues with old RRDtool graphs not displaying properly in Performance Graph page [TPS#15076] -JO
Fixed certain NCPA checks running through test command causing wrong output -JO
Fixed backend API using insecure login ticket (backend API is deprecated and will be removed in XI 6) [TPS#15087] -JO
Fixed CCM page in use message not clearing when on apply config page if they are expired [TPS#15163] -JO

5.6.14 - 04/21/2020

Fixed postauth RCE issue with CCM test command function in command_test.php (X-Force 179405) -JO
Fixed postauth RCE issue in RRD exporting script export-rrd.php (X-Force 179404) -JO
Fixed issues with order by on SNMP Trap Interface SQL injections with a whitelist (X-Force 179406) -JO
Fixed issue with CORS policy for API endpoints -JO
Fixed input filter text box in schedule host downtime page and CCM not working in Chrome [TPS#15073] -JO,SAW
Fixed installation issue with SUSE Extended Support for RHEL systems (Thanks Derek) -JO

5.6.13 - 04/07/2020

Fixed minor usability issues with SNMP Trap Interface -SAW
Fixed post auth XSS vulnerabilities (CVE-2020-10819, CVE-2020-10820, CVE-2020-10821) -JO
Fixed security issues with Highcharts SVG generation -JO
Fixed RCE vulnerability in admin section’s NRDP/NSCA outbound check configuration (thanks @TactiFail) -JO

5.6.12 - 02/27/2020

Fixed issue with backups not properly generating due to tar creation errors -JO

5.6.11 - 02/25/2020

Fixed LDAP/AD integration CA certificate upload to allow both root and intermediate on same subject [TPS#14855] -JO
Fixed Bulk Modifications Tool add/remove free variables not setting last_modified value causing changes not to be written [TPS#14875] -JO
Fixed BPI removing host/services out of the groups when they are renamed [TPS#14929] -JO
Fixed unauthenticated XSS/SSRF in highcharts local exporting tool -SAW
Fixed unauthenticated username disclosure in suggest.php -SAW

5.6.10 - 01/16/2020

Fixed RCE vulnerability with apache user code execution in Scheduled Reporting component (CVE-2019-20197) -JO
Fixed XSS vulnerability in Scheduled Reporting component and nocscreen (nocscreen can be upgraded from Admin > Manage Components) (CVE-2019-20139) -JO
Fixed login redirection to remove double slashes as part of redirection security parsing -JO

Core Config Manager (CCM) - 3.0.5

Fixed several issues with importing service dependencies [TPS#14737] -SAW

5.6.9 - 12/10/2019

Fixed CSS styling for host/service status tables in IE when using the dark theme [TPS#14653] -JO
Fixed issue in config/service API call that would not set free variables on already existing services [TPS#14660] -JO
Fixed service notes not showing in the Misc Info section of the Service Details page [TPS#14679] -JO
Fixed issue in AD/LDAP certificate management where certificates with binary data couldn’t be added [TPS#14690] -JO
Fixed the ndo preloading functions only searching for is_active=1 potentially causing duplicate objects on large systems -JO
Fixed issue with service/host filters not properly aligned on top of the table when hidedashlets=1 is set [TPS#14699] -JO
Fixed issue where Running “last week” report on first day of week gives wrong weeks data [TPS#14722] -SW
Fixed issue with search bar location when hideoptions is set [TPS#14735] -JO

Core Config Manager (CCM) - 3.0.4

Fixed issue with CCM config imports that would delete all free variables when importing leaving only new ones -JO
Fixed form validation for object names and service descriptions to match the default illegal_object_name_chars directive in nagios.cfg -SAW

5.6.8 - 11/05/2019

Updated SourceGuardian loaders to now support PHP versions up to 7.3 -JO
Updated the getprofile.sh script to add the BPI configurations to the profile.zip -JO
Updated jQuery to 3.4.1 and patched jQuery 1.12.4 for CVE-2019-11358 -JO
Fixed issue on SLA report where advanced options were not properly applying [TPS#14538] -JO
Fixed threshold/range function in check_rrdtraf plugin -CD,JO
Fixed issue with BPI sync checkbox being required when checking remove host/services that are missing on apply config [TPS#14590] -JO
Fixed negative numbers in Capacity Planning report and wizard -SAW
Fixed multiple security vulnerabilities that allowed nagios user command injections (thanks Jeremy Brown) -JO
Fixed issue with overwriting user meta data on each page load causing LDAP/AD import blank screen for LDAP/AD users [TPS#14636] -JO
Fixed issue with BPI configuration comments and hash tags in hostgroup/servicegroup names -JO
Fixed issue where deleting multiple services from a host would cause only one to delete at a time during BPI sync [TPS#14649] -JO

5.6.7 - 09/26/2019

Added IBM i service and custom sql config wizards on new installs -JO
Updated Nagios Core to version 4.4.5 for bug fixes -JO
Fixed objects/bpi REST API output to properly display status text when there is HTML in the text [TPS#14406] -JO
Fixed issue with SNMPv3 checks using Perl on Ubuntu 18 systems [TPS#14432] -JO
Fixed problem where you cannot import time periods where timeperiod_name contains space [TPS#14440] -SW
Fixed logrotate configuration to set the user/group for xidebug.log and fix for snmptt log rotation -SW
Fixed issue with & used in BPI group name and when running plugin against that group [TPS#14464] -JO
Fixed issue where clearing and empty unconfigured objects list when there was no objects file would cause permissions issues on the file [TPS#14469] -JO
Fixed scheduled reporting for latest NagVis component so that scheduled pages can be sent as PDFs [TPS#14428] -JO
Fixed auth token and insecure auth token sessions to properly load user meta session data directly after login -JO
Fixed issue on EL7 systems where some output displayed by systemctl status during sysstat checks caused PHP XML parse warnings [TPS#14498] -JO

5.6.6 - 08/20/2019

Fixed issue where re-configuring objects page would not allow switching them back to notify immediately [TPS#14340] -JO
Fixed issue where Graph Explorer exporting would be broken after upgrades [TPS#14372] -SAW
Fixed BPI api_tool.php NDO wait timeout to allow for longer NDO startup times [TPS#14398] -JO
Fixed issue with dashlets that have been uploaded unable to be downloaded due to file permissions in tmp directory [TPS#14363] -JO
Fixed CCM form validation to allow backslashes in object names/service descriptions -SAW
Fixed MIB uploading/processing on Postgres-based systems [TPS#14365] -SAW
Fixed XSS and privilege escalation security vulnerability in Profile component and getprofile.sh script (CVE-2019-15949) (Thanks Jak Gibb) [TPS#14364] -JO
Fixed API DELETE methods not allowing URL path to be used like in the help section [TPS#14370] -JO
Fixed Bulk Modifications Tool find relationship listings to be sorted alphabetically [TPS#12156] -JO
Fixed logrotate configuration to set the user/group on systems except el6 which doesn’t require it -JO
Fixed issue with Recurring Scheduled Downtime not showing when services is set to only the * wildcard [TPS#14388] -JO
Fixed Nagios XI Bug Report: Config Wizard Template Notification Interval could not be set to 0 [TPS#14391] -SW
Fixed problem with reading multiple line hashes sent when an inbound email response is wrapped [TPS#14396] -JO
Fixed issue in Schedule Downtime page when deleting host/service group from list and it saying none are selected [TPS#14402] -JO

5.6.5 - 07/18/2019

Updated NRDP to version 2.0.2 to fix XML parsing causing passive check failures and no last check time -JO
Fixed nagiosxi-deps to properly upgrade even if the install is from a version prior to XI 5 -SW
Fixed SLA dashlet not updating once sent to dashboard [TPS#14349] -SAW

5.6.4 - 07/09/2019

Updated NRDP to version 2.0.0 -JO
Fixed issue with Bulk Modifications Tool where host/service templates would output SQL error when logging to audit log -JO
Fixed issue with Manage MIBs where duplicate MIBs would cause SQL error [TPS#14312] -SAW
Fixed Misc info section in services not populating hostname and service description macros properly [TPS#14296] -JO
Fixed Metrics component NCPA checks state status in the Summary and Gauges tabs [TPS14293] -JO
Fixed BPI sync issue when hostgroup and servicegroup have the same name [TPS#14291] -JO
Fixed API edit contact command not updating and not running the proper update function [TPS#14304] -JO
Fixed issue in API where editing services using PUT commands with / in their description doesn’t work [TPS#14311] -JO
Fixed issue with multiple commands in inbound email responses not scheduling downtime properly [TPS#14313] -JO
Fixed ramdisk issue with CentOS 6 installs and npcd not starting on restart [TPS#14318] -JO
Fixed restart_nagios_with_export.sh script lock file location to be the var directory instead of scripts -JO
Fixed issue with HTML in comments when sending HTML emails into the inbound email response system -JO
Fixed older postgres systems upgrading to newer versions having problems setting permissions on upgrade -SAW

Core Config Manager (CCM) - 3.0.3

Fixed CCM database error when writing configs when a hostgroup of * for a service is selected [TPS#14334] -JO

5.6.3 - 06/11/2019

Updated PHPMailer to version 5.2.27 for security fixes -JO
Fixed sumoselect dropdowns to allow larger names in the selection boxes [TPS#14232] -JO
Fixed reset_config_perms.sh setting permissions for components folder in scripts directory -JO
Fixed Schedule Downtime services page not showing services when a user has a host and some unrelated services assigned [TPS#14253] -JO
Fixed upgrade error in ndoutils upgrade on old systems with non-standard MySQL port specified in config.inc.php -JO
Fixed an issue where imported SNMP Traps would not be associated with their parent MIB [TPS#14260] -SAW
Fixed issue with php upgrades on certain rhel systems not finding the proper php package name [TPS#14259] -JO
Fixed Custom Includes component folder permissions on upgrade [TPS#14266] -JO
Fixed issue with autotls being turned on by default in PHPMailer [TPS#14270] -JO
Fixed Graph Explorer icon permissions for hosts when a user does not have access to the host -JO
Fixed issue with Inbound Email Settings where selecting POP3 would not change the connection type -JO
Fixed usernames not syncing properly with the cgi.cfg and htpasswd.users files with uppercase characters [TPS#14273] -JO
Fixed scheduleddowntime API endpoint to accept passing multiple services with services[][] -JO
Fixed permissions on autodiscovery job folder from permissions changes to main autodiscovery script -JO
Fixed wording for STARTTLS encryption in LDAP/AD Integration component -JO
Fixed issue where session was not recorded in the database but wouldn’t be added until re-login -JO

Core Config Manager (CCM) - 3.0.2

Fixed CCM database error when specifying database port number in the config.inc.php for nagiosql [TPS#14263] -JO
Fixed limited CCM users permissions not properly applying until after a new cached permissions call is made [TPS#14276] -JO

5.6.2 - 05/15/2019

Fixed an issue where HTML e-mails were not handled correctly by the Inbound E-mail Processor [TPS#14205] -SAW
Fixed an issue where the Manage MIBs page would fail to load on Debian/Ubuntu -SAW
Fixed authenticator error message in cleaner.log when using Inbound E-mail Processor -TG,JO
Fixed alert screen checkbox in User Account Settings not set to checked by default -JO
Fixed issue with logrotate error from root:nagios var directory ownership -JO
Fixed enterprise features trial buttons on SLA and Capacity Planning report pages -JO
Fixed nxti.php script issues with SNMP Trap Interface on Debian systems -SAW
Fixed Scheduled Backups FTP backup limit deletion issue with PHP versions less than 5.6 -SS

Core Config Manager (CCM) - 3.0.1

Fixed issue with default page limits and session page limits being set [TPS#14215] -JO
Fixed demo mode message and static directory location in Static Config Editor -JO
Fixed user language and translations not being applied for some variations of CCM user access types -JO
Fixed issue with Manage Users no result message and not allowing pagination or limiting -JO
Fixed config output of semicolon in check_command for config files to be escaped instead of url encoded [TPS#14225] -JO

5.6.1 - 04/30/2019

Fixed style issue in Modern Dark theme re-configure notifications tab select boxes [TPS#14156] -JO
Fixed ownership permissions on folders and scripts and locations of sudo related scripts -JO
Fixed issue where newer NCPA versions checks were not showing up in metrics component [TPS#14032] -CN
Fixed issue where Validate SSL certificate checkbox in Inbound Email Settings would not allow being saved as unchecked -JO
Fixed FTP backup connection not using rawurlencode() for passwords causing connection problems -SS
Fixed error emails for inbound check commands to send out an error email when an email with no valid command is parsed -JO
Fixed upgrade issue where deps package would stop upgrade on systems without it [TPS#14184] -JO
Fixed issue with event_handler.php where the lock file would not be overwritten and stopped notifications being sent [TPS#14180] -JO

5.6.0 - 04/18/2019

Added ability to acknowledge problems via email response [TPS#885] -JO
Added the config option in system settings > security to set the rapid response URL -JO
Added proper display name and alias resolution on host and service status and status detail pages -JO
Added Scheduling Queue page in Monitoring Process section [TPS#9566] -JO
Added a new Modern Dark theme which is the same as the current Modern theme but dark -JO
Added User Sessions page to show who is logged in, where they are, and IP address of logged in user [TPS#8732] -JO
Added higher page limits for Scheduled Downtime page and other pages including no limit [TPS#13530] -JO
Added ability to set host/services to inactive instead of deleting them with the Deadpool reaper [TPS#11390] -JO
Added more default checks on initial install [TPS#11013] -JO
Added Unconfigured Objects API endpoint (objects/unconfigured) [TPS#12181] -JO
Added scheduled downtime for child hosts as option for hosts in recurring downtime [TPS#13598] -JF,JO
Added configurable sql limit for the event_handler cron job -BH
Added ability for recurring scheduled downtime to update with host/service and hostgroup/servicegroup name changes [TPS#8060] -JO
Added callbacks: NOTIFICATION_EMAIL_SENT and NOTIFICATION_SMS_SENT and updated existing NOTIFICATION callback arguments -BH
Added performance data graphs to notification emails [TPS#12650] -BH
Added the ability to add/remove free variables in Bulk Modifications Tool [TPS#11775] -SAW
Added a configuration wizard and plugin for capacity planning [TPS#2173] – SAW
Added ability to show customvars in objects/host, objects/service, and objects/contact by sending customvars=1 in API request [TPS#12420] -JO
Added ability to schedule all hosts and/or services for hostgroups and servicegroups in Schedule Downtime page [TPS#10043] -JO
Added focus the first field of every page in the config wizards [TPS#11259] -SW
Added saving tactical overview configuration settings as a per-user setting. [TPS#6923] -SW
Added [datetime] macro to scheduled reports [TPS#9635] -SW
Added confirmation dialog when clicking the X on dashlets to confirm you want to delete the dashlet [TPS#7377] -SW
Added ability to edit alias and display_name on reconfigure host page and display_name on reconfigure service page [TPS#8724] -SW
Added better searching from host/service detail page to filter the displayed results instead of taking you back to the top level [TPS#13810] -SW
Added timestamp to filenames of downloaded and emailed PDFs, CSVs and JPGs [TPS#10680] -SW
Added ability to specify custom ports to scan in auto discovery [TPS#12383] -SW
Added downtime icons to Hostgroup Overview, Hostgroup Grid, Servicegroup Overview, Servicegroup Grid [TPS#10200] -SW
Added setting for trimming of Max Comment Age in Admin -> Performance Settings -> Databases [TPS#12313] -SW
Added /usr/share/snmp/ & /etc/snmp/ & /home/nagios to backup and restore scripts [TPS#10202] -SW
Added more time period options to Graph Explorer time period dropdown [TPS#13378] -JO
Added the ability to enable/disable the web GUI terminal [TPS#13690] -CN
Added notes, notes url, actions url in a Misc section on Host and Service details pages [TPS#13997] -JO
Added object type and states to Top Alert Producers as filter dropdowns like other reports -SS
Added ability to use config_name in api/config/services to update services with multiple hosts or hostgroups [TPS#13605] -JO
Added copying of all template and information linked to services when using Add Service in Bulk Modification Tool [TPS#13585] -JO
Added objects/timeperiod to the Objects API to show what time periods are available [TPS#13425] -JO
Added ability to set new user account information email text and subject in System Settings > User Accounts [TPS#11830] -JO
Added user’s API key allowing auth to Nagios Core JSON API endpoints via components/nagioscore/ui/(objectjson.php,statusjson.php,archivejson.php) [TPS#12717] -JO
Added “Create as Monitoring Contact” checkbox in Users edit page when applicable [TPS#14046] -SAW
Added new features to the Manage MIBs page [TPS#13946, TPS#4810] -SAW
Added ability for deleting multiple objects via the config API commands [TSP#10435] -JO
Added is_volatile to the list of single config options that can be changed in the Bulk Modifications Tool [TPS#14105] -JO
Added api/config options such as the PUT edit endpoints and added hostgroups and servicegroups [TPS#13425] -JO
Added right-hand alignment on system statistic dashlets (thanks Steve B) -JO
Added ability to select the default system theme on install -JO
Moved Legacy Network Status Map link into Legacy Reports section in the Reports tab -JO
Fixed auto discovery status to no longer show throbber if it is waiting for it’s first scheduled run [TPS#7097] -SW
Fixed wording in deadpool emails to no longer say deleted if objects are to be deactivated -JO
Fixed large systems with lots of limited users receiving duplicate key SQL error text in UI after apply config -JO
Fixed issue in Custom URL dashlet where it would not properly load certain pages when dashboard is exported as PDF -JO
Fixed re-configure “Edit in CCM” button when two services with the same name but have a different case -JO
Fixed Restart Nagios Core button in User Macros component not working properly -JO
Fixed Object Does Not Exist message on large systems when ndoutils database is loading with new adjustable performance setting [TPS#14108] -JO
Fixed scheduledowntime API endpoint not allowing author paramter to be set [TPS#14141] -SW,JO
Fixed issue in basic auth where username/user id would not be populated correctly (Thanks Mickey) -SAW

Core Config Manager (CCM) - 3.0.0

Added deletion of services with host if services do not have hostgroups or other hosts attached [TPS#13537] -JO
Added proper audit logging to all the sections/actions that are performed [TPS#13495] -JO
Added ability to edit free variables instead of having to remove and re-add them [TPS#12054] -JO
Added Manage Service Groups and Manage Dependent Service Groups buttons to service dependency objects [TPS#9066] -JO
Added ability to import excluded hosts/hostgroups [TPS#14113] -JO
Added checkboxes for Host Groups and Service Groups in the CCM limited access permissions panel in user edit -JO
Added Service Groups to Service Escalation Objects [TPS#14136] -SAW
Added renaming of perfdata when a service or host is renamed [TPS#14143] -JO
Fixed issue where host/services applied to service groups would not show as Unknown for limited CCM users -JO

5.5.11 - 02/28/2019

Fixed command injection security vulnerability in Autodiscovery script (CVE-2019-9164) (thanks Paolo Giai of Shielder) -JO
Fixed issue with permissions on config.inc.php and import_xiconfig.php allowing users to write to files (CVE-2019-9166) (thanks Paolo Giai of Shielder) -JO
Fixed an XSS vulnerability that can be passed in using the xiwindow parameter (CVE-2019-9167) (thanks Paolo Giai of Shielder) -JO
Fixed SQL injection when using Fuse Key and certain parameters (CVE-2019-9165) (thanks Paolo Giai of Shielder) -JO

5.5.10 - 02/12/2019

Updated Host and Service Status pages to hide dashlets by passing hidedashlets=1 in the URL -JO
Updated ADODB library to version 5.20.14 to fix bugs and XSS security vulnerability -JO
Updated Japanese translation files -JO
Updated Graph Explorer fields to be searchable like other selectable dropdowns [TPS#13975] -SW,JO
Removed technicians’ diagnostic tool from SNMP Trap Interface -SAW
Fixed CCM “Changes detected!” message now checks against each section, instead of specific config files [TPS#13970] -SAW
Fixed issues with Capacity Planning backend in preparation for configuration wizard and plugin [TPS#13817] -SAW
Fixed issue where parts of the SNMP Trap Interface would fail when using the XI 2014 theme [TPS#14024] -SAW
Fixed Object Does Not Exist error on Service Details page when using + in the service description [TPS#14003] -JO
Fixed services in Service Group which have the same beginning of a name on the same host not showing in config [TPS#14007] -JO
Fixed Unconfigured Objects not properly parsing host status check results [TPS#14009] -JO
Fixed Unconfigured Objects auto import host/service template selections not saving -SS
Fixed issue where the flash message bar would be underneath the help icon when help system is enabled -JO
Fixed URL links in PDF generated reports to properly use the external/internal URLs for links [TPS#14026] -JO
Fixed issue where enterprise restrictions weren’t activated properly in the SNMP Trap Interface [TPS#14025] -SAW
Fixed initial file permissions for auditlog.log when it is initially generated [TPS#14038] -JO
Fixed MySQL nagiosql errors in cmdsubsys.log for regular users with limited CCM access [TPS#14045] -JO

5.5.9 - 01/17/2019

Updated Nagios Core to version 4.4.3 to fix various bugs and security issues -JO
Fixed issue with Event Log decoding HTML elements improperly -JO
Fixed CCM imported service templates defaulting 0 for max_check_attempts, check_interval, retry_interval [TPS#13954] -JO
Fixed descriptions and raw data can be removed when editing a trap definition in SNMP Trap Interface [TPS#13971] -SAW
Fixed windows DOS line endings from user-inputted raw data in SNMP Trap Interface [TPS#13989] -SAW
Fixed an issue where table records would not load correctly in the SNMP Trap Interface using PostgreSQL -SAW
Fixed an issue in the SNMP Trap Interface where Trap Definitions could not be edited on systems using PostgreSQL [TPS#13968] -SAW
Fixed exporting perfdata when in two-column mode only rendering half of the graph [TPS#13979] -JO

5.5.8 - 12/11/2018

Fixed tmp directory for exporting RRD performance data -JO
Fixed UTF-8 characters in host/service names not allowing for external commands from the GUI to be processed [TPS#13833] -JO
Fixed upgrading Config Wizards due to wizards with the same directory name [TPS#13857] -JO
Fixed XSS security vulnerabilities in rss_dashlet -JO
Fixed an issue where importing configuration from files/API would sometimes cause duplicate service definitions [TPS#13871] – SAW, JO
Fixed Availability dashlet to work like a normal dashlet and lookback period is properly set based on the report it’s created from [TPS#13841] -JO
Fixed issue with nmap multiple IP addresses causing problems running because of security fix -JO,SS
Fixed issue with specific configurations in ndoutils causing Core to crash by updating ndoutils to 2.1.3 -JO
Fixed lock file permissions for Core 4.2.4 (if users are using mod_gearman or had to downgrade to XI’s old version of Core) -JO

Core Config Manager (CCM) - 2.7.4

Added icon to relationship popup for host/services that are inactive [TPS#13852] -JO
Fixed missing hosts/service from relationships popup when applied to groups that are set as inactive [TPS#13852] -JO

5.5.7 - 11/13/2018

Fixed privilege escalation security vulnerability in MRTG graphing component by running as nagios user/group (thanks Daniel Sayk of Telekom Security) [TPS#13778] -JO
Fixed security vulnerability with API key regeneration function allowing non-admins to regenerate other user’s API keys (thanks Chris Lyne of Tenable) [TPS#13780] -JO
Fixed security vulnerability in BPI’s api_tool.php where the script could be accessed through the web server (thanks Chris Lyne of Tenable) [TPS#13780] -JO
Fixed security vulnerability in command subsystem with some commands not being escaped properly (thanks Chris Lyne of Tenable) [TPS#13780] -JO
Fixed security vulnerability in Auto Discovery component where some commands not being escaped properly (thanks Chris Lyne of Tenable) [TPS#13780] -JO
Fixed XSS security vulnerabilities in the interface (thanks Chris Lyne of Tenable) [TPS#13780] -JO
Fixed old lock file location in snapshots by restoring lock file setting on snapshot restore [TPS#13795] -JO
Fixed Notes and Actions URL button links URL encoding in Host/Service Status pages [TPS#13802] -JO
Fixed Core issue (#572) causing service recovery emails to be sent when a initial notification wasn’t sent. [TPS#13805] -SW
Fixed Core issue (#575) where soft recovery states did not apply for services -JO
Fixed issue in API where hostgroup/servicegroup scheduled downtime would not schedule service downtimes [TPS#13818] -JO
Fixed BPI service group sync to not add empty service groups that cause an error on the screen [TPS#13777] -JO
Fixed BPI issue with the processing of subgroups applied to multiple groups failing to set proper status [TPS#13816] -JO

Core Config Manager (CCM) - 2.7.3

Fixed issue with free variable escaping on CCM importing configuration files [TPS#13794] -JO

5.5.6 - 10/30/2018

Updated PHPMailer to version 5.2.26 for security/bug fixes -JO
Added documentation link to Deadpool Settings [TPS#11295] -SW
Fixed Capacity Planning report issues with UTF-8 characters in host/service names -JO
Fixed auth/session checks in Capacity Planning API calls -JO
Fixed inconsistency with Hostgroup/Servicegroup members being pulled from the API causing dashlet issues in Fusion [TPS#13650] -SW
Fixed creating performance graph dashlet on host/service status pages causing page to scroll to top [TPS#13671] -JO
Fixed service config for ndoutils causing issues sometimes with starting when lock/sock exist -JO,BO
Fixed sorting of MIBS to be case in-sensitive [TPS#10281] -SW
Fixed default NRDP token to be set in config file on first visit to Admin -> Inbound Transfers [TPS#12198] -SW
Fixed Gauge Bug where gauge would not display of the value was just 0 [TPS#13757] -SW
Fixed Capacity Planning PDFs to have warning/critical lines when set to display automatically [TPS#13772] -JO

Core Config Manager (CCM) - 2.7.2

Fixed not saving * selection for hostgroups and saving of negated hosts/hostgroups on services [TPS#13664] -JO
Fixed slow loading of objects (hosts/services/etc) on large systems due to no limits on main SQL query [TPS#13692] -JO
Fixed hosts and services menus go to the first page after a config is deleted or cloned [TPS#13766] -SW

5.5.5 - 10/11/2018

Fixed adding new user creating a message that says current user should update their API key if they haven’t yet -JO
Fixed login link on rapid response URL when a ticket does not exist or has expired -JO
Fixed status check for NDO in BPI component API tool so that it properly sleeps after each call -JO
Fixed audit log max age value undefined default to 180 instead of 30 and added to performance settings -JO
Fixed an issue where notification settings would sometimes display incorrectly [TPS#13613] -SAW
Fixed an issue where hosts/services with forward-slashes (“/”) in their names would not reconfigure correctly [TPS#13607] -SAW
Fixed various PHP notices in error log -JO
Fixed issue with SLA report links not going to external (or program url if external is empty) when PDF is generated [TPS#13619] -JO
Fixed logging scheduled reporting pdf generation to wkhtmltox.log -JO
Fixed issue with reports/pages missing data in PDFs [TPS#13628] -JO
Fixed user permissions on non-active objects causing large/slow SQL queries on some systems -JO

5.5.4 - 09/20/2018

Updated jQuery library to 3.3.1 due to security vulnerabilities with older jQuery versions [TPS#13541] -JO
Updated config.inc.php config value (set $cfg[‘old_browser_compat’] = 1;) to set jQuery to older version for IE 8 -JO
Fixed cron for deadpool using old script that was not available on new installs -SW
Fixed misspelling in NXTI component when editing a defined trap [TPS#13558] -JO
Fixed issue with Recurring Downtime wildcards not working [TPS#13562] -JO
Fixed BPI output displayed when in problem state to not have HTML because output is too long [TPS#13552] -JO
Fixed malformed combined availability reports [TPS#13573] -CN
Fixed issue with configuraiton snapshot page permissions (Thanks Nathan Jones) -JO
Fixed XSS in auto login admin management page (Thanks Nathan Jones) -JO
Fixed issue with Nagios Core notifications during downtime -SW

5.5.3 - 08/28/2018

Updated Nagios Core to version 4.4.2 to fix some issues that weren’t patched in XI’s Core version -JO
Fixed nom script that runs automated config backups to use full nagios config check instead of nagios init script -JO
Fixed local backups not getting pruned [TPS#13474] -SW
Fixed issue with deadpool cron job not being able to delete host/services due to script changes -JO
Fixed SNMP Trap Interface issue with deleting defined traps on Postgres upgraded systems [TPS#13480] -JO
Fixed SLA report to have show/hide details links in hostgroup/servicegroup SLA reports [TPS#13479] -JO
Fixed SNMP Trap Interface issue where timestamps would sometimes show all zeroes [TPS#13508] – SAW
Fixed Manage MIBs “Process All Traps” button to use the same MIB conversion rules as the “Add to SNMPTT” option – SAW
Fixed SNMP Trap Interface issue where Show Test File Contents/Show Unknown Trap Log could freeze the browser – SAW

5.5.2 - 07/26/2018

Fixed missing comments on hover for host/services on service detail page [TPS#13423] -JO
Fixed Scheduled Downtime page scheduling using full name not username like other places in GUI [TPS#13426] -JO
Fixed issue where scheduling some pages would cause PDF to have session timeout error [TPS#13427] -JO
Fixed dashboard background not working and background color selector in some browsers not showing shading [TPS#13432] -JO
Fixed performance graph title url link not working properly if service has url encoded name [TPS#13431] -JO
Fixed recurring downtime not able to read the recurring downtime configuration from older systems [TPS#13440] -JO
Fixed recurring downtime not properly scheduling services if host had any related downtimes [TPS#13441] -JO
Fixed issue where Nagios Core would have two running processes after upgrade from < 5.5 on EL6 -JO
Fixed issue in Nagios Core where scheduled flexible downtimes would not trigger downtime start -JO
Fixed bulk modifications tool to only shop the inheritance options when the configuration type allows them [TPS#13455] -JO

5.5.1 - 07/12/2018

Updated host and service details pages to show notes_url and actions_url links -JO
Updated notes_url and actions_url in host and service status/details pages to support some basic macro expansion [TPS#13387] -JO
Updated options in the BPI config settings to turn off automatic sync and object removal -JO
Fixed issue in Schedule Downtime page where services won’t show if user is not a contact on the host [TPS#13374] -JO
Fixed missing fields in Audit Log for certain commands in cmdsubsys [TPS#13382] -JO
Fixed issue with Trial Extensions not applying if they weren’t a certain length [TPS#13379] -JO
Fixed auth token generation and login issue on upgraded PostgresQL systems -JO
Fixed SSL errors causing broken PDF reports on some systems configured for SSL -JO
Fixed issue where Nagios Core UI proxy would ask for authentication [TPS#13395] -JO
Fixed fix check_interval and retry_interval bug in Core 4.4.1 (Core Patch) -SW,JO
Fixed passive checks sending recovery email when host was previously UP (Core Patch) -SW
Fixed check_http causing certificate checks to fail if location was forbidden or had an error after check (Plugin Patch) -SW
Fixed metrics component to work with new NCPA wizard command names [TPS#13409] -JO
Fixed scheduled backups so that the proper amount of backups are retained in FTP/SSH backups -JO
Fixed tables for SNMP Trap Interface for upgraded systems -JO
Fixed sync and auto removing to run in BPI to their own cmdsubsys command that also checks if NDO is loaded [TPS#13407] -JO
Fixed display names on host and service status pages [TPS#13415] -SW,JO

Core Config Manager (CCM) - 2.7.1

Fixed permissions not updating properly when a non-admin user creates a host/service object [TPS#13397] -JO

Core Config Manager (CCM) - 2.7.0

Added CCM limited and full access via session for regular users (CCM ‘limited’ user) [TPS#13227] -JO
Added contact alias next to contact name in contact overlay when an alias exists [TPS#10049] -JO
Added services applied to hostgroups to the host services list on service groups [TPS#13158] -JO
Updated copying a service change the service name and not the config name [TPS#12270] -JO
Updated writing configs to no longer rely on pear library HTML_Template_IT [TPS#12386] -JO
Updated importing config search to be case-insensitive -JO
Fixed importing services with multiple objects finding the proper config name [TPS#13303] -JO

5.4.13 - 03/13/2018

Added notification alteration callbacks -JO
Added notification template callbacks, updated documentation -BH
Fixed NPCD not showing as running in systemctl on EL7 systems even though it is running [TPS#12924] -JO
Fixed command subsystem to only try to package and download components/dashlets/configwizards that exist -JO
Fixed XSS vulnerability in views page -JO
Fixed RCE vulnerability in component download page (Thanks Bjoern Brixner at Telekom Security) -TM
Fixed enterprise only banner for sending single report emails [TPS#13025] -JO
Fixed permalink URL generation to use the proper location when sending xiwindow url [TPS#13036] -JO
Fixed scheduled report subject field to not append generic text when subject is set [TPS#13062] -JO
Fixed deadpool not running properly on it’s cron [TPS#13075] -SW
Fixed BPI calculation to use round() properly so groups > 1000 objects shows proper statuses [TPS#13078] -JO
Fixed dashboards disappearing with non-UTF8 names/titles (can use config.inc.php option $cfg[‘db_conn_utf8’] = 0; in some cases) [TPS#13051] -JO
Fixed vulnerability in NagiosQL (Thanks @iotennui, @BennyHusted, @0xC413 on twitter) [CVE-2018-8733,CVE-2018-8734,CVE-2018-8735,CVE-2018-8736] -JO,TM

Core Config Manager (CCM) - 2.6.11

Fixed u option in service dependencies for execution_failure_criteria & notification_failure_criteria to reak Unknown instead of Unreachable -SW
Fixed hostgroup excludes on service management page [TPS#12952] -JO
Fixed CCM importing config name value in service definitions -JO

5.4.12 - 01/16/2018

Fixed double percents (%%) in performance graph legends [TPS#12701] -JO
Fixed url encoding in outbound NRDP checks [TPS#12742] -SAW
Fixed MRTG cron job arguments for lock file for EL7 in rpms [TPS#12865] -JO
Fixed flexible downtime duration setting in scheduled downtime page [TPS#12890] -JO
Fixed downtime duration column to show proper duration for fixed and fledible in scheduled downtime page [TPS#12890] -JO
Fixed install script not recognizing IP address on llipv6-only machines [TPS#8588] – SAW
Fixed upgrade from GUI where upgrade textarea would stop updating even though upgrade finishes [TPS#12571] -JO
Fixed htmlentities in SLA report breaking UTF-8 characters [TPS#12905] -JO

5.4.11 - 10/31/2017

Fixed ampersand encoding in URLs on the views page [TPS#12526] -JO
Fixed perfdata graphs legend data units of measurement when first unit has none specified [TPS#12504] -JO
Fixed the acknowledgment/handled state icon in BPI -JO
Fixed issue where some groups would not get proper status checks (due to recursion) in BPI [TPS#12488] -JO
Fixed issue with utf8 character encoding with MySQL connections in Bulk Renaming Tool and elsewhere [TPS#12537] -JO
Fixed time stamp in eventqueue [TPS#12597] -SAW
Fixed issue with graph explorer dashify not checking NSP [TPS#12562] -SAW
Fixed Recurring Scheduled Downtime service descriptions with * in them not showing up in list [TPS#12616] -JO
Fixed alert histogram link in Nagios Core UI from host/service advanced section [TPS#12655] -JO
Fixed issue where XML for BPI was being read from cache only on API calls -JO,CN
Fixed issue where manually running a check command would display the value of potentially sensitive user macros [TPS#12673] -CN

Core Config Manager (CCM) - 2.6.10

Fixed flap detection options values not showing properly in the CCM as selected [TPS#12654] -JO

5.4.10 - 09/20/2017

Fixed recurring downtime services tab for users to correctly show downtimes they have created if they have service perms [TPS#12434] -JO
Fixed LDAP multiple naming contexts if context has no dc= in the name [TPS#12435] -JO
Fixed issue with IPv6 addresses not redirecting properly [TPS#12461] -JO

Core Config Manager (CCM) - 2.6.9

Fixed new MySQLi database connection charset to be UTF8 [TPS#12441] -JO

5.4.9 - 09/07/2017

Updated Japanese language translations (thanks Suzuki) -JO
Fixed XSS security vulnerabilities (Thanks Björn Brixner at Telekom Security, Sobolev Eugene, itpsl.org, H_D, PenGenKiddy, and RO421) [TPS#12285,TPS#12374] -JO
Fixed language settings for user not showing up as translated -JO,SB
Fixed schedule downtime (and others) requirement check to trim data before doing field required checks [TPS#12303] -JO
Fixed some pages admin-only permissions -JO
Fixed AD/LDAP import when password complexity requirements are enabled [TPS#12334] -JO
Fixed unconfigured objects for host-only results [TPS#12361] -JO
Fixed installation on systems with non-standard CentOS/RHEL suoders file by trying to fix issues if possible [TPS#12380] -JO

5.4.8 - 08/02/2017

Fixed inconsistency with different object types in the API help examples for configs [TPS#12162] -JO
Fixed perfdata graph links for services with spaces in them [TPS#12170] -JO
Fixed host comment and acknowledgment icons not linking to the details page like the service ones [TPS#12184] -JO
Fixed some text inconsistencies in the bulk modifications tool [TPS#12172] -JO
Fixed auto-login button on main page not doing an auto login [TPS#12203] -JO
Fixed XSS security vulnerability (thanks Olvieira Lima) -JO
Fixed issue with SLA dashlet/report where certain custom time frames wouldn’t show up properly [TSP#12248] -JO

Core Config Manager (CCM) - 2.6.8

Fixed issue when cloning timeperiods that have a ‘name’ value set (templates) [TPS#12159] -JO
Fixed the free variable number to update after closing the free variable box [TPS#12176] -JO
Fixed issue with importing host and service names with + in them [TPS#12161] -JO

5.4.7 - 07/11/2017

Updated encrypted files to work with PHP 7.0.x and 7.1.x -JO,SW
Fixed issue with SLA report SLA Target value being set to an int [TPS#12079] -JO
Fixed issue in secured rapid response where URL was not passing proper parameters when users are redirected after login [TPS#12098] -JO
Fixed popup view of recent snapshots view action on the CCM splash page [TPS#12083] -JO
Fixed executive summary PDF and JPG download option not working [TPS#12105] -SS,JO
Fixed PDF generation missing some fonts on EL7 full installs [TPS#12104] -JO
Fixed get_xml_comments() in host and service ajax helpers to limit comment query down to only the objects that are visible [TPS#12064] -JO
Fixed various minor security issues [TPS#12112,12113,12117,12120] -JO

5.4.6 - 06/27/2017

Updated languages to include Bulgarian translations (Thanks Ludmil) -JO, LL
Fixed upgrade failing if no services or host config files existed in the main config directories [TPS#11921] -JO
Fixed issue on host/service status details pages where changing page limit from low to high showed no results found until refresh [TPS#11897] -JO
Fixed inactive contacts from being selectable on the contact list in bulk modifications tool [TPS#11950] -JO
Fixed link to CCM from “Re-configure” section in host/service details page to remove “Config Name” value when doing search [TPS#11700] -JO
Fixed dashlet refresh rates on object status pages to show up in “dashlet” tab in performance settings [TPS#11974] -JO
Fixed state history link in Top Alert Producers report page [TPS#12045] -JO

5.4.5 - 05/31/2017

Updated re-configure service message and link for advanced configurations [TPS#11700] -BH
Updated validation for URLs to use internal PHP validation on PHP 5.2+ [TPS#11689] -JO
Updated BPI host and service group sync to actually remove host and service groups from BPI that have been deleted or have no members [TPS#11743] -JO
Fixed issue with MySQL ports configured in-line inside config.inc.php [TPS#11688] -JO
Fixed Nagios BPI issue where adding new groups would cause spacing issues in the config [TPS#11721] -JO
Fixed issue with port for MySQL in automysqlbackup, repair, backup, and restore scripts [TPS#11754] -SS, JO
Fixed typos in API reference config object help section [TPS#11782] -JO
Fixed reset password sending username in GET parameters with password reset token [TPS#11793]
Fixed restore_xi.sh script to allow for overriding default password [TPS#9710] -BH
Fixed various minor security issues -JO

Core Config Manager (CCM) - 2.6.7

Fixed result limit box in the CCM settings page to be a dropdown to match the CCM pages [TPS#11648] -JO

5.4.3 - 03/16/2017

Fixed Rapid Response not respecting acknowledgement defaults [TPS#11014] -BH
Fixed scheduled downtime where multiple hosts and “apply for all services” do not create host downtime and doubling services [TPS#11060] -JO
Fixed reset_defaults.sh to ask if user wants to reset before running [TPS#11065] -JO
Fixed gauge dashlet from not working on certain datastore names [TPS#10923] -JO, BH
Fixed extra memory usage that could hit php memory limit in graph explorer’s fetch_rrd function -JO
Fixed additional hard-coded database name in SQL query [TPS#10936] -JO
Fixed Schedule Downtime using the browser’s hostname instead of localhost for downtime query [TPS#11153] -BH
Fixed deadpool hostname escaping issue when running final stage deletion command -JO
Fixed deadpool cron run time from every 5 minutes to every minute [TPS#11230] -JO
Fixed sorting order in create and edit BPI group host/services member slection list [TPS#11204] -JO
Fixed permalink creation to create based on external url and urlencoded frame url [TPS#11198] -JO
Fixed command check test showing up as html entities in
tags [TPS#11244] -JO Fixed deadpool service filters regex match looking at hostname instead of servicename [TPS#11301] -JO

Core Config Manager (CCM) - 2.6.6

Fixed default page limit to be set properly [TPS#11026|11028] -JO, BH
Updated CCM Table to accurately display ‘Config Name’ instead of ‘Service Name’ [TPS#11170] -BH

Nagios Core

Fixed issue with flexible downtime disabling notifications for host/services (4.2.4 patch) -JO, JF

5.4.2 - 02/07/2017

Fixed ndoutils segfault issue with patch for ndoutils 2.1.2 -JO, JF
Fixed no output on repair_databases.sh script when locked -BH
Fixed no newline occasionally on API Error [TPS#10883] -BH
Fixed deadpool cron to use the default language set for the Nagios XI server in “User Defaults” [TPS#10764] -JO
Fixed license key wording when switching from FREE to licensed to give better information [TPS#10858] -JO
Fixed issue where the shown scheduled backup directory was set to /usr/local/nagiosxi in the interface [TPS#10868] -JO
Fixed license page enterprise license key display message [TSP#10860] -JO
Fixed issue with ndo2db upstart job conflicting with ndo2db init script [TPS#10882] -JO
Fixed issue where nagios.log cannot be read by the nagios group causing legacy report failures [TPS#10891] -JO
Fixed initial libexec plugin permissions on initial install [TPS#10900] -JO
Fixed perfgraph page to show dropdown options as “Last x days” to accurately reflect the lookback period [TPS#10902] -JO
Fixed issue with htmlentities on scheduled report message not displaying non-english characters correctly [TPS#10893] -JO
Fixed gauge not showing for Root Partitions [TPS#10923] -BH
Fixed issue with Bulk Mod Tool that used a hardcoded database name instead of one in config.inc.php [TPS#10936] -JO

5.4.1 - 01/26/2017

Fixed upgrade properly detecting mysql/mariadb [TPS#10603] -BH
Fixed restore_defaults.sh inability to be ran outside of scripts/ dir [TPS#10605] -BH
Fixed restore_defaults.sh to take offloaded db into consideration, and now uses proper credentials [TPS#10627] -BH
Fixed issue in Safari that made scheduled downtime page not be able to select hosts/services [TPS#10617] -JO
Fixed issue where some systems would show ndo2db as not running in the GUI even though the daemon is running [TPS#10636] -JO
Fixed issue on AD/LDAP import page where errors were not displaying and server wasn’t re-selected on form submit [TPS#10640] -JO
Fixed PHPMailer security vulnerabilities by updating to 5.2.22 -JO
Fixed issue with host/service detail table status page graphs exporting using Highcharts dropdown [TPS#10672] -JO
Fixed issue with Help System not loading help videos in systems using HTTPS [TPS#10697] -JO
Fixed issue with Help System where resizing the windows would empty the help popup -JO
Fixed empty or FREE license key giving invalid key message during trial time period on license page [TPS#10725] -JO
Fixed deployed, synced dashboards to automatically be removed when the dashboard is deleted by the source dashboard [TPS#10720] -JO
Fixed legacy network map from not changing map type when selecting type icons [TPS#10774] -JO
Fixed status map issues with single hosts (Core 4.2.4 update) [TPS#10808] -JO
Fixed profile component to have more logging lines and the more useful log files [TPS#10829] -JO

Core Config Manager (CCM) - 2.6.5

Fixed services and escalations showing ‘unreachable’ opposed to ‘unknown’ [TPS#10589|10533] -BH, JO
Fixed issue where test commands did not work on systems with a php version less than 5.3 [TPS#10633] -SW
Fixed dropdown items per page not working when selecting “None” [TPS#10632] -JO
Fixed issue with CCM import not accepting commas even though it splots on them [TPS#10736] -JO

5.4.0 - 12/28/2016

Upgraded Nagios Core to version 4.2.4 -JO
Upgraded NDOUtils to version 2.1.2 -JO
Upgraded NRDP to version 1.4.0 -JO
Added combined CSV export option for availability report [TPS#9682] -LG
Added support for offloaded databases in the repair_databases.sh script [TPS#6270] -BH
Fixed email not being updated for XI Contact when XI User is updated [TPS#6291] -BH
Fixed security type not being respected properly by LDAP/AD Integration component [TPS#8557] -BH
Fixed issue where system status popup would show white text for non-admins who can view it [TPS#10055] -JO
Fixed issue with French translations in LDAP/AD import/manage servers pages [TPS#10473] -JO
Fixed various XSS vulnerabilities (BPI url, Scheduled Backups url) -JO
Fixed issue spaces in mibs cause snmptt to fail (manage mibs page now replaces spaces with _ on upload) [TPS#10486] -JO
Fixed text on views popups to not have unprocessed html output in them [TPS#10499] -JO
Fixed issue with RRD exporting that would not work with : in the service description [TPS#10566] -SS, JO

Core Config Manager (CCM) - 2.6.4

Fixed issue with ID and page number not being an int -JO
Fixed various XSS vulnerabilities (search bar and others) -JO
Fixed issue with returnUrl set to non-CCM url -JO
Fixed issue with importing contacts/contact groups not importing all contact options [MT#800] -JO
Fixed exclamation points being unable to be used in command arguments in CCM [TPS#9741] -BH

5.3.4 - 12/14/2016

Fixed NTP on full install (was enabled but not started) -JO
Fixed apache cron permissions for backup and restore scripts -JO
Fixed sudo call for getprofile.sh call to use full path [TPS#10195] -JO
Fixed use of * character in AD/LDAP directory/group names [TPS#10238] -JO
Fixed cancel button on multiple pages still submitted form [TPS#10253] -SW
Fixed shell scripts to use full path [TPS#10278] -BH
Fixed alias being updated when ‘Name’ field changed on user update [TPS#10288] -BH
Fixed missing delete button image on unconfigured objects page -JO
Fixed perfdata graph sizing on availability report [TPS#10294] -JO
Fixed system status layout on 2014 and classic themes [TPS#10308] -JO
Fixed multiple styling issues with 2014 and classic themes -JO
Fixed XML escaping to work properly on large values [TPS#10355] -JO, BH
Fixed default last, avg, max values to be set for perfdata graphs [TPS#10359] -JO
Fixed shapes of highchart graph series data in tooltips will now match the legend in all template files [TPS#8017] -LG
Fixed perfdata graph dashlets to resize to default values [TPS#10413] -JO
Fixed non-standard ports for databases breaking upgrade [TPS#10440] -BH

Core Config Manager (CCM) - 2.6.3

Fixed issue where some objects (timeperiods, commands) could not view relationship info in popup [TPS#10117] -JO
Fixed issue where Cancel button would not return to the view list when editing from a relationship link [TPS#10224] -JO
Fixed session tracking adding sessions from localhost (when scripts are ran on the CCM) [TPS#10380] -JO

5.3.3 - 11/21/2016

Updated Japanese translations (thanks Sasaki) -JO
Fixed logarithmic perfdata graphs when having negative values in Highcharts [TPS#9966] -LG
Fixed postgres re-sequencing script in tools directory using the correct import_xiconfig script -JO
Fixed Bulk Modifications tool “find relationships” button JS errors -JO
Fixed legend in graphs not displaying properly when gray theme is used [TPS#10008] -BH
Fixed import not creating duplicate services when multiple hostgroups defined [TPS#9708] -BH
Fixed calendar not displaying properly occasionally in graph explorer [TPS#10098] -BH
Fixed issue where DB connection fails while waiting for MySQL to actually start and shows repair DB messages -JO
Fixed encoding issue on My Tools page [TPS#10161] -JO
Fixed encoding issues for French language on a couple pages -JO

Core Config Manager (CCM) - 2.6.2

Fixed issue with service escalations page showing two * in selection box after saving the service escalation [TPS#10045] -JO
Fixed missing * option in host escalation hosts and host group options that are in service escalation [TPS#10046] -JO
Fixed not being able to delete objects from the XI GUI (Reconfigure Tab) [TPS#10078] -BH

5.3.2 - 11/01/2016

Fixed bug in usermacro component where screen size would position the clear filter button in the wrong place [TPS#9842] -LG
Fixed translation issues on the mass acknowledgement “Check All Items” button after clicking [TPS#9838] -JO
Fixed modal sizing issues in bulk modifications tool [TPS#9870] -JO
Fixed translations in settings popout on the new status map [TPS#9847] -JO
Fixed various XSS vulnerabilities -JO
Fixed automatically setting secure cookie value with SSL enabled -JO
Fixed jQuery migrate XSS vulnerabilities (updated to 1.4.1) -JO
Fixed clean install adding the postgresql backup script even though postgres isn’t installed [TPS#9878] -JO
Fixed add to my reports functionality when reports are added from other sections in XI [TPS#9849] -JO
Fixed login redirect url to validate redirection better -JO
Fixed permalink to use a relative location instead of a full URL for xiwindow variable -JO
Fixed nagiosql database name being set in sql schema for those who have a different db name [TPS#9910] -JO
Fixed event_meta base64 encoding when storing event_meta in the database -JO, BH
Fixed upgrade increase_open_file_limits.sh check on certain systems and stopped the script from exiting install -JO, BH
Fixed mrtg lock directory used in cron job to take volatile tmpfs directories into consideration -BH, JO

Core Config Manager (CCM) - 2.6.1

Fixed issue with host/service escalations now showing set escalation options in the GUI [TPS#9873] -JO
Fixed CCM showing login screen when not logged into XI (must be logged into XI session to view CCM) (Thanks CK) -JO
Fixed swapped UP/UNREACHABLE on host escalations and OK/DOWN on service escalations pages [TPS#9916] -JO
Fixed issue with contact relationships popup not displaying the dependant icon for some objects -JO

5.3.1 - 10/19/2016

Fixed issue on clean XI install (or on upgrades if you upgrade component to 1.0.1) custom-includes component folder permissions [TPS#9705] -JO
Fixed issue on scheduled downtime page in older browsers and IE [TPS#9748] -JO
Fixed issue on scheduled downtime page that would allow user to submit endtime before starttime and auto update datetimepicker fields [TPS#9711] -LG
Fixed issue causing session timeouts on CentOS/RHEL 5.x systems [TPS#9727] -JO
Fixed issue where upgrade would stop if the open limits file (/etc/security/limits.conf) was not writeable -JO
Fixed issue with new status map requiring Nagios Core login information to view the page -JO
Fixed issue on scheduled downtime page where selecting via checkbox would not add the ID of the downtime to selected list -JO
Fixed PHP notices from SSL version constants that do not exist in PHP < 5.5 -JO
Fixed backup and restore scripts not keeping apache cron jobs (scheduled reporting / scheduled downtimes) [TPS#9774] -JO
Fixed scheduled downtime page to correctly put scheduled and removed downtime in audit log [TPS#9779] -JO
Fixed dashlet pin/unpin functionality on dashboards [TPS#9794] -JO
Fixed view rotation continuing while on manage views page by pausing view rotation when clicking link to page [TPS#9757] -JO
Fixed issue where title of perfdata graphs was showing up URL encoded -JO
Fixed issue in graph explorer on timeline graphs in IE -JO
Fixed bug in usermacro component causing detection to break when no system macros were selected -LG
Fixed Japanese translation issues in certain sections -JO

5.3.0 - 10/03/2016

Updated cmdsubsys auditlog to show username in the log message -LG
Updated scheduled downtime page to allow searching, filtering, and pagination -JO
Updated adding multiple hosts/services through scheduled downtime pages -JO
Updated performance graphs page to follow modern report/page format -JO
Updated all Highcharts graphs with new styling -LG
Updated API help section to explain how to filter object API calls -JO
Updated perfdata page with report-style layout -JO
Updated performance graphs popup layout on host/service status pages -JO
Updated Global Event Handlers to use considerably less memory -BH
Updated ADODB database library to version 5.19 -JO
Updated Japanese translations (thanks Sasaki) -JO
Added timepicker to some datepicker fields -JO
Added use of currently selected time format in datetimepickers in Reports and other areas -JO
Added export functionality to perfdata/timeline/stack graphs [TPS#2601] -BH
Added objects/rrdexport to API [TPS#2601] -BH
Added objects/cpexport to API (capacity planning data export) [TPS#8441] -JO
Added API Key regeneration function to user pages [TPS#7200..7203|7135] -BH
Added system/applyconfig to POST for API [TPS#7198] -BH
Added Highcharts default display type [TPS#7617] -BH
Added Callbacks for User Creation/Password Change/Deletion [TPS#7155] -BH
Added callback help section documentaiton -BH
Added names to list of system status icons in system status dropdown menu -JO
Added option in config.inc.php to allow php to connect with persistent or normal connections -JO
Added custom-includes component to include custom css, js, and images that won’t get overwritten on upgrade -JO
Added meaningful API messages -BH
Added logging to the auditlog when submitting a core command through the coreuiproxy using constants-nagioscore.inc.php [TPS#8147] -LG
Added the rest of the NSCA encryption methods to inbound/outbound transfer admin pages [TPS#8406] -JO
Added ability to download Capacity Planning graphs as CSV file with timestamp,value fields [TPS#8441] -JO
Added ability to disable/enable user accounts [TPS#6771] -BH
Added navbar search to default to the appropriate page depending on which category you click on in suggest box [TPS#8332] -BH
Added service search to navbar search box [TPS#8331] -BH
Added advanced setting for Availability report labeled “Do not show service data” that will force it to only show host data [TPS#8382] -JO
Added some basic default MySQL tuning options on fullinstall and an additional script for performing basic tune manually [TPS#8586] -BH
Added get_xml_backend cache to Performance Settings [TPS#8584] -BH
Added automatic increase of global and root user open file limits -BH
Added ability to add free variables via API [TPS#8675] -SS,BH
Added required current password field for non-admins to change passwords [TPS#8731] -BH
Added output to repair database scripts to inform user if they succeeded or failed [TPS#8701] -TL,JO
Added query documentation into API [TPS#8835] -JO
Added capacity planning data to be exported via the API [TPS#8441] -JO
Added ability to select multiple hosts/services to schedule downtime for on scheduled downtime page -JO
Added ability to put all services for a host into schedule downtime at once -JO
Added a new Core Component Usermacros for managing user and system macros in Nagios XI [TPS#9008] -LG
Added translation of USER macros to all eligible wizard input fields [TPS#6739] -LG
Added custom API endpoint functionality [TPS#8979] -BH
Added ability to save tabs selected on scheduling page report [TPS#9050] -BH
Added tab to system settings in admin section for password complexity, lockout, and max trials [TPS#8729..8730] -BH
Added more verbose logging for PHPmailer which shows action, method and referer and will include successfully sent messages [TPS#9136] -LG
Added snmptt restart to nagios init script [TPS#9234] -BH
Added more user meta information for better security and auditing [TPS#9269] -JO
Added improved clickjacking security -JO
Added improved warning/critical lines in Highcharts graphs which can be toggled on and off -LG
Added rel=”noreferrer” to target=”_blank” hrefs -BH
Added core detection for speeding up compilation during fullinstall/upgrade -BH
Added default cURL SSL connection type to TLSv1.2 and added editing setting in System Settings page [TPS#9483] -JO
Added clipboard.js and removed the old zclip jquery plugin which relied on ZeroClipboard -JO
Added options in global settings to customize Highcharts Avg/Max/Last values (or disable them) [TPS#9611] -JO
Added option in global settings to tell Highcharts graphs to ignore null values when calculating ‘Avg’ [TPS#9611] -JO
Added event_handler cron job to process events from DB queue -BH
Fixed non-admin users who had large quantity of services recieving SQL error [TPS#7820] -BH
Fixed load_url function to send error messages to apache error_log instead of never giving an error message -JO
Fixed recurring downtime to not accept invalid days of month [TPS#8487] -BH
Fixed view start/stop reverting to English when different language is selected [TPS#7107] -BH
Fixed reports not respecting show host/service alias options [TPS#6518] -BH
Fixed buttons to show config changes and errors on Apply Configuration page merging together [TPS#6902] -JO
Fixed check_mssql to use PDO opposed to deprecated MSSQL_* functions [TPS#8633] -BH
Fixed nagiosxi DB engine type on newer versions of MySQL/MariaDB -BH
Fixed admin user not being added to CGI config if configuration cannot be applied [TPS#8819] -BH
Fixed searching for host in host status reverting to status detail [TPS#8867] -BH
Fixed xiprepimport tool saving comments in filename [TPS#8865] -BH
Fixed inability to delete deployed [screen] dashboards, and stopped them from being deployable [TPS#8862] -BH
Fixed re-configure object (host/service) not respecting removing hostgroups/parent hosts/servicegroups [TPS#8931] -BH
Fixed slow Host/Service Status Details page load for non-admin users [TPS#9024] -SS,BH
Fixed newly scheduled pages sending corrupt .pdf files [TPS#8874] -JO
Fixed API help section that showed the improper usage of deleting a user [TPS#8634] -LG
Fixed SANS Internet Storm Center Top 10 Rising Ports dashlet to use new SANS backend [TSP#9044] -BH
Fixed various minor security vulnerabilities (thanks John Page aka HYP3RLINX) -JO
Fixed Multistacked Graph Numbers displaying more than 3 decimal points on hover [TPS#9169] -BH
Fixed javascript searchable dropdown boxes to be easier to use and have proper styling -JO
Fixed unconfigure objects remaining in list even after pressing delete [TPS#9215] -BH
Fixed snmptt daemon restart on MIB upload on el7 systems [TPS#9237] -SS,JO
Fixed scheduled downtime showing a maximum duration of 9hrs (only a display issue) -JO
Fixed LDAP/AD component LDAP is_user to accept organizationalPerson and person [TPS#9272] -JO
Fixed LDAP/AD component issue with popup not centering [TPS#9272] -JO
Fixed invalid service configuration when using bulk host import to import a service with multiple hosts defined [TPS#9369] -BH
Fixed ‘this week’ time period in reports showing the last 8 days if a report is ran on sunday [TPS#9357] -JO
Fixed issue with the + symbol in hostnames not creating a proper URL to service details pages for services on that host [TPS#9443] -JO
Fixed process_perfdata.pl setting counters for output with ‘c’ values making graphs show up as 0 [TPS#9479] -JO
Fixed persistent comment/acknowledge checkbox on host/service details page [TPS#9488] -JO
Fixed issue where LDAP would not close if start TLS failed [TPS#9498] -JO
Fixed issue with perfdata that has a space in the value [TPS#9523] -SS,JO
Fixed scheduled backups local backups page to be sorted by timestamp -JO
Fixed event_handler scripts to push to DB queue for event_handler cron -BH

Core Config Manager (CCM) - 2.6.0

Added ability to set host/hostgroups as “exclude” for services, service templates, host groups, service escalations, and host escalations [TPS#3966] -JO
Added icons for tools, configuration, and other nav links -JO
Added escape key binding to close overlays [TPS#8911] -BH
Updated theme to match the rest of Nagios XI (Modern) -JO
Updated splash page to have more information about current configuration -JO
Updated ‘Run Check Command’ to evaluate user macros [TPS#8264] -BH
Updated ‘Run Check Command’ to use cmdsubsys and execute as nagios user [TPS#6578] -BH
Updated ‘Run Check Command’ User Interface to be more intuitive and friendly and use NSP [TPS#9185] -BH
Fixed de-activating a contact from the edit page not respecting dependency check [TPS#8777] -BH
Fixed services table loading nothing if you delete all of a configs service definitions when selecting a config name from dropdown -JO
Fixed CCM not respecting etc/nagios.cfg illegal_object_name_chars [TPS#8864] -BH
Fixed various minor security vulnerabilities (thanks John Page aka HYP3RLINX) -JO

5.2.9 - 06/14/2016

Updated scheduled downtime to use XML backend as opposed to coreuiproxy for better speed on larger systems [TPS#8591] -BH
Fixed multiple security vulnerabilities -JO
Fixed issue in config/service API section not using the check_command argument [TPS#8629] -JO
Fixed notification preferences priority email checkbox to automatically set the email checkbox [TPS#8621] -JO
Fixed AD/LDAP component looking for proper structure names – now lowercase versions will show up [TPS#8563] -JO
Fixed AD/LDAP component root directory not showing user objects [TPS#8563] -JO
Fixed some instances of MRTG not using correct version [TPS#8635] -BH
Fixed windowssnmp plugins reverting on upgrade [TPS#8647] -BH
Fixed issue in CCM config writing where # did not actually need to be converted since it isn’t an in-line comment like ; -JO
Fixed bug in recurringdowntime.pl regarding days of week [TPS#8773] -BH

5.2.8 - 05/24/2016

Fixed RHEL install issues [TPS#8215 && TPS#8214] -BH
Fixed config/service API section from requiring check_command (can be inherited) [TPS#8222] -JO
Fixed tools fullscreen button not working properly on iframes with domains that are not the same as the XI system -JO
Fixed Components “Install Updates” button returning improper code [TPS#8271] -BH
Fixed using ; and # in $ARGx$ values in the CCM [TPS#8292] -JO
Fixed certain pages not redirecting to login is session was timed out -SW
Fixed issue where non-admin users could not see all time periods for advanced settings in reports (but could in Core) [TPS#7974] -JO
Fixed no SNMPv3 being used in Switch Wizard since v2.3.0 [TPS#8325] -BH
Fixed usernames with spaces being unable to schedule downtime [TPS#8338] -SS,BH
Fixed some perl plugins being affected by a version compare [TPS#8365] -BH
Fixed multiple security vulnerabilities [TPS#8372] -BH
Fixed dbmaint cron script not properly removing old events -BH
Fixed apache mod_rewrite section breaking ssl.conf when not standard base apache default with no VirtualHost defined [TPS#8457] -BH,JO
Fixed API not deleting some hosts correctly [TPS#8500] -BH
Fixed password reset token to have sane timeout properties -BH

5.2.7 - 04/06/2016

Fixed performance graph issues -BH
Fixed bug causing “change username” confirmation to display when adding a user -BH

5.2.6 - 04/01/2016

Fixed renewal reminder for greater than 3 year subscriptions -JO
Fixed bug in Availability report when exporting that did not follow downtime advanced options [TPS#7811] -LG
Fixed availability report showing wrong data when using different advanced options and exporting as a CSV [TPS#7894] -LG
Fixed scheduled downtime not submitting for all services on Hostgroup Summary/Overview > Hostgroup commands page -JO
Fixed blank error message in user edit page when trying to demote a user that can’t be demoted [TPS#7840] -JO
Fixed monitoring wizard bug when hiding notification delay, but not notification options [TPS#7825] -BH
Fixed histogram report not aligning proper dates/days of week/days of month with data [TPS#7864] -BH
Fixed multi-tenancy issue in Scheduled Downtime [TPS#7876] -BH
Fixed Metrics components not accounting for specific metric types for Linux SNMP [TPS#7883] -BH
Fixed fullscreen button causing weird display issues on host/service status pages [TPS#7947] -JO
Fixed scheduled downtime incorrectly scheduling downtime if core date_format was changed from default [TPS#7977] -BH
Fixed recurring downtime not properly adhering to days_of_week specified [TPS#7971] -BH
Fixed incorrect permissions on CCM settings.php [TPS#7992] -BH
Fixed internal server error in graphexplorer/ajax/datatypes -BH
Fixed multiple security vulnerabilities -BH
Fixed cancel button updating user preferences [TPS#8015] -BH
Added CONFIGWIZARD_SKIP_OBJECTS_RECONFIGURE flag to allow configwizards ability to skip adding notification options, etc. [TPS#8026] -BH
Fixed host alias not showing up properly in Service Status page [TPS#8030] -BH
Fixed renaming a user that is defined as a contact casues snapshot to revert [TPS#8034] -BH
Added current and max check attempt into utils-xmlstatus.php to verify soft/hard states from anywhere -LG

5.2.5 - 02/19/2016

Fixed scheduled downtime solution only working on PHP versions 5.3.x -JO

5.2.4 - 02/18/2016

Fixed system API endpoint to allow POST requests for applyconfig and importconfig -JO
Fixed restore_xi.sh script to use manage_services.sh instead of service -JO
Fixed two+ line title dashlet buttons not being clickable [TPS#7247] -JO
Fixed bug causing gethistoricalservicestatus backend cmd to not have a valid time -SW
Fixed GUI based upgrade to use proxy configuration -SW
Fixed SLA report PDF from duplicating table headers across multiple pages, overlaying other table items [TPS#7297] -SW
Fixed issue in BPI component where ; was being used instead of :: for services [TPS#7367] -SS
Fixed current outdated retention.dat not being added to backups causing program state to not be retained correctly [TPS#7416] -SW
Fixed admin users able to have “Read-only user” permission -JO
Fixed searching for hosts and services where object name contained : [TPS#7463] -SW
Fixed restore_xi.sh to work for restoring oldersystem which use postgresql [TPS#7467] -SW
Fixed bug where searching in manage users to sometimes reverted to edit page of previous user [TPS#7471] -SW
Fixed install on CentOS 7.2+ systems that do not come with firewalld pre-installed -JO
Fixed Host Status Summary links not displaying correctly in dashlets [TPS#7616] -BH
Fixed FreeIPA LDAP server working with user importing [TPS#7552] -SS
Fixed Capacity Planning PDF report hanging system [TPS#7149] -BH
Fixed Custom URL Dashlet ignoring width/height [TPS#7448] -BH
Fixed Scheduled Downtime incorrectly picking some dates [TPS#7476] -BH
Fixed Warning/Critical Display setting not working in Capacity Planning report [TPS#7514] -BH
Fixed LDAP Import of UPPERCASE username causing report functionality to break [TPS#7555] -BH
Fixed non-highcharts perfgraph dashlet links [TPS#7633] -BH
Fixed security bug that would allow read access to system files -SW
Fixed potential SQL injection in notification search -SW
Fixed possible XSS in startdate and enddate fields in reports -SW
Fixed XSS injection possibility in menu system -SW
Fixed XSS injection possibility in my reports -SW
Fixed scheduled report menu-item addition/removal [TPS#7679] -BH
Fixed SLA report ignoring advanced options [TPS#7685] -BH
Fixed bug in Availability report utilizing incorrect assumed service states for warning and unknown [TPS#7690] -LG
Fixed bug in Scheduled Downtime where the chosen date format was not being respected [TPS#7692] -LG
Fixed repair_databases.sh not checking for MySQL DB nagiosxi [TPS#7730] -BH
Fixed Hard coded base_url’s in scheduled reports allowing for different base_url’s -SW
Fixed Graph Explorer component’s multistacked graph from sometimes overwriting a selected item when adding items to graph -SS

Core Config Manager (CCM) - 2.5.3

Fixed bug allowing filtering when adding host/service to contact notification commands [TPS#7207] -LG
Fixed bug where removing CCM users was not working properly [TPS#7540] -BH
Fixed import to properly check for duplicates [TPS#7551] -BH
Fixed Hard coded base_url -SW

5.2.3 - 12/07/2015

Fixed error being displayed when upgrading components/wizards from the UI when they were actually installed correctly -SW
Fixed Perfdata not maintaining time period selection when filtering hosts [TPS#6970][OTRS#11217] -SW
Fixed translation errors on a few pages (recurring downtime, recent alerts, metrics) [TPS#6991] -JO
Fixed missing icons on recurring downtime page [TPS#6992] -JO
Fixed showing scheduled downtime buttons on scheduled downtime page to read-only users [TPS#6974] -JO
Fixed scheduled downtime not adding trigger id when set [TPS#6977] -JO
Fixed scheduled downtime not adding flexible when selected [TPS#6972] -JO
Fixed send_nrdp.sh handling of XML special chars. [TPS#6846] -SW
Fixed bulk modifications when changing templates on hosts/services with no templates [TPS#7016] -JO
Fixed minemap dashlet not keeping size on home dashboard [TPS#7024] -JO
Fixed permissions on autodiscovery jobs directory to run on new installs [TPS#7038] -JO
Fixed reset password to give an error if trying to set an AD/LDAP user password unless they have ‘allow local auth’ checked [TPS#7022] -JO
Fixed issue where API would say it removed a host or service with dependencies when it really couldn’t and would leave the host/service in the CCM -JO
Fixed possible XSS on login page -SW
Fixed possible clickjacking by forcing login page to be the top frame element -SW
Fixed scheduled downtime problems with certain types of date format selected -JO
Fixed garbled Japanese characters in home page title [TPS#7100] -JO
Fixed box sizing cutting off some text in manage dashlets pages [TPS#7071] -JO
Fixed capacity planning when disabled auto-running reports select boxes for time periods and extrapolation methods [TPS#7076] -JO
Fixed capacity planning when disabled auto-running reports is from blanking out during page changes -JO
Fixed autodiscovery wizard, rss dashlet, and escalation wizard from not being available on certain systems [TPS#7096] -JO
Fixed Event Log report not showing up in reports list for users with ‘can see/control monitoring engine’ [TPS#7110] -JO
Fixed user edit when selecting preferences would remove all checked security setting boxes [TPS#7113] -JO
Fixed issue with graph.php no allowing you to pass in view and start timestamps -SW
Fixed BPI hostgroup/servicegroup names not showing proper Japanese characters [TPS#7116][M#11] -SS

Core Config Manager (CCM) - 2.5.2

Fixed return URL (cancel button) links for host/services edited from clicking through the splash page [TPS#7095] -JO

5.2.2 - 11/12/2015

Fixed xi-sys.cfg using old config.inc.php values if the config.inc.php has changed since an upgrade/install -JO
Fixed state colors for non-english versions of BPI -SW
Fixed issue where upgrade of components/wizards through UI was not using proxy settings -SW
Fixed creating multiple objects rapidly in API to now not write out files and instead import more directly -JO
Fixed upgrade script to install all dependencies before performing upgraded of other components -SW
Fixed garbled UTF chars in BBMap Tooltip -SW
Fixed requirement of both start and end date when specifying custom dates for Performance Graphs -SW
Fixed fresh installs stating that additional steps are required to run auto-discovery to run -SW

5.2.1 - 11/10/2015

Updated sourceguardian loaders supporting up to php 5.6 -SW
Updated Highcharts to 4.1.9 -JO
Updated htpasswd to use stronger SHA encryption -JO
Fixed issue where update available still displays after upgrade by forcing check for updates to run after upgrade -JO
Fixed autoupgrade_backup.x.tar.gz filename when running upgrade from web UI -JO
Fixed numerous php notice/warnings -JO
Fixed issue where Nagios::Monitoring::Plugin is now required by several default plugins -SW
Fixed custom logo display issue in classic and 2014 themes -JO
Fixed issue in AD/LDAP component with import not working correctly with parenthesis -JO
Fixed issue where creating a new user would not update the htpasswd users file -JO
Fixed ndo2db init script to remove “cannot open file errors” on restart -SW
Fixed some unreadable service names in BBMap component -SW
Fixed bug causing htpasswd.users to not be updated immediately when user is forced to change password -SW
Fixed bug where object wouldn’t acknowledge properly if no comment was entered through Rapid Response URL -SW
Fixed auto-discovery exclude IP’s to only have one –exclude statement in nmap scan -SW
Fixed bug where commands through UI (ack/comments/etc.) would not submit properly if host or service_description had unicode chars -SW
Fixed CCM Relationship button on commands page to show dependent relationships for hosts, services, hosttemplates, servicetemplates -SW
Fixed searching for hosts in alert stream (with auto-complete) -JO
Fixed error message returning on submit for Inbound NSCA settings -JO
Fixed adding contacts/contact_groups to hosts/services created in the new API -JO
Fixed creating host/service templates in API -JO
Fixed scheduled backup limit being set to 0 resetting to 7 -JO
Fixed old (upgraded intalls of XI < 5) nagiosadmins possibly not being able to log in locally if set to AD/LDAP -JO
Fixed issue with AD/LDAP component not working with commas -JO
Fixed various spelling errors -JO
Fixed user management page select all functionality -JO
Fixed invalid XML when using outbound transfers and check output had XML special chars -SW, SS
Fixed webinject install to make sure we have proper permissions -SW
Fixed bug where self signed SSL certificate sites could not schedule downtime -SW, SS
Fixed my tools and common tools to be sorted alphabetically -JO
Fixed bulk modifications tool to re-write host config on service config_name changes -JO
Fixed permissions for nagios libexec directory -JO
Fixed API creating only the last service sent when sending multiple service creations quickly -JO
Fixed users who were set to local who were originally AD/LDAP users still being forced to skip local auth -SS
Fixed 404 page when clicking on newly created ‘My Scheduled Reports’ link after creating a scheduled report -JO
Fixed bulk modifications tool when setting contacts/contact groups via host/service groups -JO
Fixed blank Alert Timeline when using a UTC offset -SW
Fixed sizing of Alert Timeline to show more alerts -JO
Fixed Top Alert Producers report column showing wrong date in Latest Alert column -SW
Fixed Top Alert Producers CSV export column showing wrong date and label -SW
Fixed BPI component check_bpi high CPU usage with lots of BPI checks -JO
Fixed gauge dashlet creation popup loading slow on large installs -JO
Fixed AD/LDAP import bug where users who already existed were trying to be imported instead of erroring -JO

Core Config Manager (CCM) - 2.5.1

Added ability for import issue to update host/service escalations/dependencies by adding in # config_name to written config output -JO
Added ability for import issue to add host/service escalations/dependencies with specific config_name using # config_name in config to import -JO
Updated some styles for easier readability -JO
Fixed import issue where items that needed config_name would use the host_name as the config_name causing only one item to be imported -JO
Fixed imported service escalation/dependency services not always showing up in services selection list -JO
Fixed php errors being thrown -JO
Fixed bug in CCM splash page where the number of dependecies were incorrect and updated to use a database query which will speed up the page for large systems -LG

5.2.0 - 10/08/2015

Upgraded CCM to 2.5.0 which added multiple features and changes (see below) -JO
Added checkbox to admin section user creation/edit pages to enable/disable notifications -JO
Added phone numbers next to emails for users to user management table -JO
Added table name to oracle tablespace wizard services -JO
Added dashlet hover option to show/hide dashlet title -JO
Added &force=1 to config API endpoints to force configuration without doing a check for all parameters -JO
Added additional documentation for user creation via API -JO
Added additional popup documentation for user permissions in user creation/editing -JO
Fixed LDAP/AD integration settings saving in user edit/creation pages -JO
Fixed LDAP/AD integration ‘allow local login’ when checked -JO
Fixed issue in BPI component that wouldn’t use :: properly -JO
Fixed issue where user opened/closed menu sections weren’t properly applying -JO
Fixed installing config wizards with configwizard- in zip file name -JO
Fixed PHPMailer using non RFC compliant charset content type setting -JO
Fixed dashboard font sizes -JO
Fixed dashlets showing ‘Pin’ instead of ‘Unpin’ popup text when loading page -JO
Fixed dashlet sizes and title spacing -JO
Fixed opscreen showing all hosts as down when unhandled showing -JO
Fixed issue with defining check_commands via host/service config api calls -JO
Fixed schedule downtime predefined timestamp to show accurate time -JO
Fixed regular users with specific settings able to acknowledge problems via new popup command -JO
Fixed user creation section of API -JO
Fixed NDO upgrade script for offloaded tables with different name -JO
Fixed upgrade web UI sometimes showing red upgrade failed status bar even though upgrade was successful -JO
Fixed BPI syncing from replacing and instead updates -JO,SS
Fixed the old backend api output in json to no longer cause issues in PHP 5.1.x -JO

Core Config Manager (CCM) - 2.5.0

Added double click functionality in selection popups -JO
Fixed tooltips showing up in the wrong spots -JO

5R1.0 - 09/28/2015

Upgraded Nagios Core 4.1.1 (see below) -SW
Upgraded Bulk Modifications component to 2.0.0 which includes numerous new modifications to be performed (see below) -JO
Upgraded CCM to 2.4.0 which adds multiple features (see below) -JO
Upgraded Alert Stream to 2.0.0 which removes all Java apps from XI and instead uses D3.js -JO
Upgraded LDAP and AD components with a single component which allows importing LDAP/AD users and easier LDAP/AD user management in users section -JO
Upgraded to latest version of nmap in Auto-Discovery component -JO
Upgraded check_wmi_plus plugin to 1.60, more functionality -LG,SW
Updated Host/Service Detail pages to just show icon for tabs that have them specified to provide more real estate -SW
Updated detail page so most tab content on detail pages doesn’t load until selected improving performance -SW
Updated perfdataproc.php cron job to utilize a better mechanism to move large amounts of files avoiding “Argument list too long” errors -SW
Updated search functionality on users list in admin section to do mid-text searching on email, username, and full name -JO
Updated deploy notification component to be more user-friendly -JO
Updated the Metrics Component to display a wider range of agent data, optionally utilize the highcharts graphs, allow graph timeperiods to be selected, added advanced options and increased tab and display performance -LG
Updated Bandwidth report to optionally use highcharts graphs -LG
Updated the Windows WMI, Windows SNMP and Linux SNMP wizards to run a smart scan and prepopulate disks, processes and services -LG
Updated all reports to now use asynchronous loading of report information -JO
Updated all reports to have a new layout -JO
Updated loading icons throughout XI -JO
Updated configuration main page and configuration wizards page layout -JO
Updated available dashlets page layout -JO
Updated notification management section to be more intuitive when saving/applying templates to users -JO
Updated full search box in XI 5 to a search icon in the main header nav bar -JO
Updated host/service detail actions/advanced actions to use popups instead of old command pages -JO
Updated homepage splash screen -JO
Updated graph explorer multistacked graphs to actually ‘stack’ instead of overlay -JO
Added manage dashboards page -JO
Added manage views page -JO
Added permissions to the actions component for individual actions -JO
Added button ‘Install Updates’ to auto-upgrade components either per component or for all components with updates -JO
Added button ‘Install Updates’ to auto-upgrade config wizards either per config wizard or for all config wizards with updates -JO
Added a new scheduled downtime page with ajax popups for scheduling downtime -JO
Added configuration wizard ‘advanced settings’ (step 3-5) templates (global/user) and a template manager -JO
Added default template for configuration wizards which will set config wizard step3-5 fields with the proper variables -JO
Added “API Key” to users section (instead of using username+ticket for API calls – backwards compatible though) -JO
Added a fusion API Key for later fusion integration -JO
Added integrated Help section for API Documentation -JO
Added new API with objects, config, and system sections which allows adding host/services -JO
Added a new theme for XI 5 release (Modern) -JO
Added tabs to global configuration settings in admin area -JO
Added numbers of saved reports and scheduled reports to left hand menu section -JO
Added icons to a number of commonly used links -JO
Added ability to filter config wizards on main config wizard page -JO
Added ability to import users from AD/LDAP locations -JO
Added ability to manage server certificates for AD/LDAP connections -JO
Added links to deadpool from admin section -JO
Added ability to customize email notification priority of notification per-user and per notification type, editable in Notification Preferences -SW
Added ability to use custom host/service variables in actions component -SW
Added ability to bulk rename config files for services in bulk rename component -SW
Added ability for users to enable/disable Host and Service Acknowledgments in Notification Preferences -SW
Added ability to toggle displaying of aliases in host/service detail pages. This is adjustable per user under Account Information -SW
Added NavBar Search to search for host, hostgroup, and servicegroup and take user directly to results page -SW
Added pagination additionally to top of host/service status tables -SW
Added ability for users with “Can (re)configure hosts and services” perms to add/remove contactgroups they are members of when running wizards and reconfiguring objects -SW
Added ability for users to just save config to database without Applying Configuration when running wizards -SW
Added Auto-discovery option to use system DNS -SW
Added ability to use logarithmic scaling with highchart perfdata charts -SW
Added embeddable highcharts performance graphs that can be placed in an iframe passing host/service/width/height/username/token -SW
Added Auto-discovery option to specify scan delay to throttle activity -SW
Added %hostgroupnames% and %servicegroupnames% macros to actions component -SW
Added ability to filter Capacity Planning report by Host/Hostgroup/Servicegroup with additional search -SW
Added numerous performance enhancements to Auto-discovery to improve scan performance -SW
Added URL target specification to actions component -SW
Added searching capabilities to Acknowledgments page -SW
Added ability to filter WARNING/UNKNOWN/UNREACHABLE states in Availability and SLA reports -SW
Added auto updating of Tools on tool creation -JO
Added auto updating of My Scheduled Reports when adding new scheduled report -JO
Added number of reports to My Reports and My Scheduled Reports menu headers -JO
Added auto updating of My Reports when saving new Report -SW
Added dashlet functionality to SLA and Availability Report -LG
Added language support for CCM help popups -SW
Added JPG export option to all reports -SW
Added option in State History Report to show only hosts or only services -SW
Added in ability to filter by Host, Hostgroup, Servicegroup in Notification Report -SW
Added sorting of Contacts and Contact groups in Wizard and object configuration pages -SW
Added “Schedule a forced check for host and all services” to host detail advanced tab -SW
Added ability to toggle Handled Problems in Birdseye Component -SW
Added a user specified refresh rate to the configuration options in Custom URL Dashlet -SW
Added hostgroups and service groups to host/service detail pages -SW
Added advanced option to Executive Summary Report giving ability to hide scheduled downtime, etc. -SW
Added ability to specify months in recurring downtime. -SW
Added additional details column to auditlog -SW
Added additional services to nagios config for localhost on a new install, checking crond, httpd, mysqld, ndo2db, npcd, ntpd -SW
Added ability to filter Operations Center by host/hostgroup/servicegroup -SW
Added to all reports a service drop down list that will display/update based on host selection -LG
Added ability to filter Operations Center by service state -SW
Added option to nagiosmobile to have page auto-refresh -SW
Added sortable and searchable dropdown filtering by Host/Service/Hostgroup/Servicegroup to latest alerts component -SW
Added remembering sort order (per-user) of items in CCM when returning to table of objects -SW
Added showing the most recent comment in the status list comment tooltips -SW
Added per-user theme settings -JO
Added setting to global config to uncheck Sticky Acknowledgement box by default -SW
Added login failures to Audit Log -SW
Added features to the Audit Log report including scheduled report, pdf version, and filters by log type and source -JO
Added cfg variable error_level and removed php notice errors from the error_log in production -JO
Added the Warning/Critical lines to all XI graphs (toggle default active/inactive) -LG
Added backing up of Nagvis to XI backup/restore scripts -JO
Added log type and log source filter dropdowns to auditlog -JO
Added config information to the downloadable system profile -JO
Added the ability in Admin > System Settings > General to write Nagios XI auditlog to a file -LG
Added new wizards: Folder Watch, Mountpoint, SLA -LG
Remove displaying of service detail links for hosts without services -SW
Remove nmap from being fully wildcard sudo’d, preventing hijacking from other system users -SW
Fixed hypermap to be full size of page -JO
Fixed deletion of local backup files in scheduled backup component. -SW
Fixed bug causing nrdp.conf apache config to not work on CentOS/RHEL 7 -SW
Fixed Common Tools from improperly encoding URL’s -SW
Fixed bug in CCM causing Execution failure criteria to not populate correctly for ‘d’ -SW
Fixed bug causing NRDS Windows clients to not have correct permissions to build executable -SW
Fixed bug where clicking on icons in sort columns on host/service status tables would not sort -SW
Fixed bug in Event Log Report to allow searching for ; and : chars -SW
Fixed bug causing Unified Hostgroup views to not refresh -SW
Fixed bug causing search buttons on CCM import page to import files -SW
Fixed URL redirection when following permalink and user isn’t logged-in -SW
Fixed bug in the Scheduled Backups using FTP to use the indicated port (Previously default port 21) -LG
Fixed XSS vulnerability in nagiosbpi component -SW
Fixed check_rrdtraf from mislabeling UOM if Bytes was selected -SW
Fixed many generic bugs with the deploy notification component and saving templates -JO
Fixed bug causing + symbol in host, service, hostgroup and servicegroups making links in UI not work correctly -SW
Fixed restore_xi.sh script to account for differences when moving from OS 6 to OS 7 -SW
Fixed bug causing CCM to not work properly if specifying non-default MySQL port -SW
Fixed bug where the Alias was not displaying for the Availability Report -LG
Fixed bug in Switch wizard where the Warning/Critical percentages were not calculating using decimal places -LG
Fixed bug causing passwords with special chars such as $ or & to not write .htpasswd file correctly -SW
Fixed bug in Hostgroup Overview to display the correct service list when selecting a service instead of all hosts in the group -LG
Fixed bug where setting new UI theme would not actually change theme until next page load -JO
Fixed bug in ndoutils which could cause message queue to not empty -SW
Fixed bug where deleting backup would not remove the local backup -JO
Fixed bug in Hostgoup Overview to display the correct service list when selecting a service instead of all hosts in the group -LG

Core Config Manager (CCM) - 2.4.0

Added Core Config Manager landing page -LG
Added throbber to all loading pages for ccm actions -LG
Fixed ‘Manage Parents’ to now show child relationships, making them non selectable -JO
Fixed bug where changing a parent host’s host name would cause config not to apply until doing a full delete/rewrite of configs -JO

Bulk Modifications - 2.0.0

Changed bulk mod procedure to be a step by step process -JO
Added ability to change ARG variables on hosts/services -JO
Added ability to add/remove multiple contacts/contact groups from hosts/services and host groups/service groups -JO
Added ability to select multiple host groups to add -JO
Added ability to remove host groups, services, and parents (hosts and services) -JO
Added ability to select hosts/services via selecting hostgroups or service groups -JO
Added ability to set templates (and template order) on hosts/services -JO
Added select boxes for config options that are selectable -JO
Added inheritance options for contacts/contact groups -JO
Added ability to update config name for services -JO
Updated change single config option to change more options -JO
Updated change single config option time period autocomplete functionality -JO

Nagios Core - 4.1.1

ENHANCEMENTS

- Promoted JSON CGIs to released status -ES
- New graphical CGI displays: statusmap, trends, histogram -ES
- Make sticky status for acks and comments configurable enhancement #20 -TM, SW
- Add host_down_disable_service_checks directive to nagios.cfg #44 -TM, SW
- httpd.conf doesn’t support Apache versions > 2.3 -DB, JF

FIXES

- Fix for not all service dependencies created -JF
- Fix SIGSEGV with empty custom variable -orbis, JF
- Fix contact macros in environment variables -dvoryanchikov
- Fixed host’s current attempt goes to 1 after going to hard state -JF
- Fixed two bugs/problems: Replace use of %zd in base/utils.c & incorrect va_start() in cgi/jsonutils.c -PE
- Fixed: Let remove_specialized actually remove all workers -PM
- Fixed log file spam caused when using perfdata command directives in nagios.cfg -shashikanthbussa
- Fixed off-by-one error in bounds check leads to segfault -PM
- Added links for legacy graphical displays -ES
- Update embedded URL’s to https versions of Nagios websites -SW
- Fixed doxygen comments to work with latest doxygen 1.8.9.1 #30 -TM
- Fixed makefile target “html” to PHONY to fix GitHub issue #28 -TM
- Fixed typo as per GitHub issue #27 -TM
- Fixed jsonquery.php 404 not found error, and disabled Send Query button until form populates #43 -SW
- Fixed linking in Tactical Overview for several of the Host entries in Featured section #48 -SW
- Fixed passing limit and sort options to pagination and sort links #42 -SW
- Added form field for icon URL and clean-up when it changes in CGI Status Map. -ES
- Added options to cgi.cfg to uncheck sticky and send when acknowledging a problem -TM
- Low impact changes to automate the generation of RPMs from nagios.spec file. -TY
- Update index.php -TM
- Fixed escaping of corewindow parameter to account for possible XSS injection -SW
- Typo correction -TY
- Make getCoreStatus respect cgi_base_url -MS
- Adjusted map layout to work within frames -ES
- Fixed map displays are now the full size of browser window -ES
- Fixed labels and icons on circular markup no longer scale on zoom -ES
- Got all maps except circular markup working with icons -ES
- Fixes to make legacy CGIs work again. -ES
- Fixes to make all/html target tolerant of being run multiple times -ES
- For user-supplied maps, converted node group to have transform -ES
- Fixed issue transitioning from circular markup map to other maps -ES
- Fix displayForm to trigger on the buttom press -SW
- Fix fo getBBox crash on Firefox -ES
- Fixed map now resets zoom when form apply()’d -ES
- Fixed so close box on dialogs actually closes dialog -ES
- Corrected directive in trends display -ES
- Fixed minor issue with link in trends linkes -ES
- Fixed issue with map displaying on Firefox -ES
- Added exclusions for ctags generation -ES
- Update map-popup.html -SW
- Initial commit of new graphical CGIs -ES
- Fixed Github bug #18 – archivejson.cgi returns wrong host for state change query -ES
- Status JSON: Added next_check to service details -ES
- Fixed escaping of keys for scalar values in JSON CGIs -ES
- build: Include if it exists. -EM
- lib-tests: test-io{cache|broker} need -lsocket to link. -EM
- lib-tests: test-runcmd assumes GNU echo. -EM
- lib-tests: Signal handlers don’t return int on most platforms, and using a cast was the wrong way to resolve this. -EM
- Fix some type/format mismatch warnings for pid_t. -EM
- Fix build on Solaris. -EM
- runcmd: Fix build when we don’t HAVE_SETENV. -EM
- Fixed checkresult output processing -EM
- Corrected escaping of long output macros -EM
- Fixed null pointer dereferences in archive JSON -ES
- Fixed memory overwrite issue in JSON string escaping -ES
- JSON CGI: Now escaping object and array keys -ES

2014R2.7 - 04/23/2015

Changed to not display language setting in Manage Config Access of CCM if using unified XI login -SW
Updated Japanese language file -JO
Updated nagios init script to not exit 0 if process isn’t running -SW
Fixed bug that could be caused by /etc/sudoers.d/nagiosxi file left behind from 2011R2.0 -SW
Fixed CCM Bug preventing “Same Host Dependencies” from being able to save if a dependant host/hostgroup was not specified -SW
Fixed bug in Python 2.7 causing TypeError: XXXXXXXXXXX is not JSON serializable errors in Capacity Planning -JO, SW
Fixed popup overlay resizing issue in the CCM -JO
Fixed Contacts not correctly denoting object relationships to contactgroups in CCM -SW
Fixed bug where protected components were unable to be uploaded and installed via the Web UI -JO
Fixed bug where nrdp clients were not marked executable -SW
Fixed bug in CCM on CentOS 7 when editing a service the service would sometimes not apply yet apply config would say config applied -JO, SW

2014R2.6 - 02/12/2015

Updated collapsing menus to be changed by clicking title instead of just the chevron icon -SW
Update Search in State History and top Alert Producers report to target Host Name, Service Description and output -SW
Update Graph Explorer Time Period menus to more accurately describe what will be display, showing number of days vs.”last” X -SW
Updated check_mssql plugin -SW
Removed hostname in CCM service dependencies overlay and made all services listed are unique -JO
Fixed issue in CCM with filter text field forcing scrolling in overlay popups -JO
Fixed bug where Apply Configuration wasn’t working properly on CentOS/RHEL 7 -SW
Fixed bug where restarting services through the UI wasn’t working properly on CentOS/RHEL 7 -SW
Fixed bug where Top Alert Producers CSV export was blank if limiter was used -SW
Fixed bug where Alert Histogram was not reporting correct values if hostgroup limiter was used -SW
Fixed bug in scheduled backup where day was not populating correctly on page load for local backups -SW
Fixed Executive summary to properly encoding favorite links -SW
Fixed bug where Notifications CSV export always showed “Recovery” in reason column -SW
Fixed audit log being empty when exporting as CSV in language other than english -JO
Fixed old php notice errors on user account page -JO
Fixed PDF generation of alert heatmap to use the new PDF generation -JO
Fixed Capacity Planning PDF creation in scheduled reports -SW
Fixed alert heatmap report to show service alerts that are in hostgroups as well to match all other report behavior -JO
Fixed searching ability in alert heatmap -JO
Fixed the searchable dropdown boxes to show the selection of the proper item when hovering -JO
Fixed alert histogram report to show selected service box after selecting a specific service and running the report -JO

2014R2.5 - 01/26/2015

Added ability for spooled outbound NRDP checks with offline XI servers -JO
Added ability to get reports based on spooled log entries of passive NRDP checks that come in from the past -JO
Added Priority header to messages sent with XI notification handlers where the message is for a non-OK state -SW
Updated styles of searchable select boxes throughout reports -JO
Fixed missing pymssql package which was removed from EPEL Repo -SW
Fixed histogram to actually list all services right away when a host is selected -JO

2014R2.4 - 01/21/2015

Added searchable filter host/service/hostgroup/servicegroup dropdowns to all reports -LG
Added searchable filter in all CCM popup overlays -LG
Added Polish Language -SW
Fix issue causing commands to return “(No output on stdout) stderr:” if mare than 7 args were present -SW
Fix nagios init script to use nagiosxi path for the NagiosLockDir -SW
Fix for per-user collapsing menus -JO
Fix “no data” graphs from displaying in availability report for host/services with no performance data -JO
Fix sorting users on deploy dashboards to be alphabetical -JO
Fixed bug in CCM with free variable definition that would not allow backslashes -JO
Fixed bug in permalink that was not passing request variables if user wasn’t logged in -SW

2014R2.3 - 12/29/2014

Added alias to report if it exists, a host is selected and alias is different than the hostname, alertheatmap, histogram, statehistory, sla, execsummary, availability -SW
Fixed php parse error in state history report -SW
Fixed manage services script on centos 5 to get proper service binary -JO
Fixed capacity planning issues with no label in xml -JO

2014R2.2 - 12/26/2014

Patch Nagios Core 4.0.8 to properly escape LONGSERVICEOUTPUT & LONGHOSTOUTPUT macros -SW
Fixed missing warn/crit values causing issues capacity planning graphs -JO
Fixed bulk modifications tool relying on half ccm/bulk mod css and javascript -JO
Fixed help system bug when displaying per-page help -JO
Fixed custom dates and replacing of newline chars in CSV output in state history and eventlog reports -SW

2014R2.1 - 12/22/2014

Added ability for Alert Histogram report to allow selecting services and shows all host alerts including services or host only -JO
Added SLES, OpenSUSE, and CentOS/RHEL 7 support to the Linux Server config wizard (updated linux agent installer to work on the new systems) -JO
Added the ability to specify an alternate SNMP port and allow optional use of the TCP protocol in the snmptrapsender component -LG
Added a port number in the switch and watchguard wizards to a new column called ‘Port Name’ and the original Port Name field was changed to ‘Service Description’ -LG
Added “Other” to Linux Server config wizard which links to the NRPE config wizard instead -JO
Updated the Manage Components page to be sorted by title (displayed name) and split into user/core sections -JO
Updated perfdata permissions to no longer be word writeable -JO
Updated Japanese language translations (thanks Sasaki) -JO
Updated menu section collapse/show -JO
Updated icons and Linux OS selection list for the sshproxy config wizard -JO
Updated MRTG configuration to use forks by default to process SNMP calls much faster -SW
Fixed bug in graph explorer new 4 hour time frame not setting to 4 hours -JO
Fixed deploy notification options to show SMS and Email specific notification options -JO
Fixed bug in audit log where the amount of records/pages did not function properly -JO
Fixed sorting of dashboards, moving Home dashboard to top of list sorting remainder lexicographically -SW
Fixed bug in CCM that would give config errors when renaming a host -JO
Fixed bug in the CCM log management page that wouldn’t let you delete logs -JO
Fixed bug where CCM auto-login would not set the users CCM language to their selected Nagios XI language -JO
Fixed corruption of character-based languages in the CCM log management page -JO
Fixed bandwidth report ‘view all available’ table to show the description not just port number -JO
Fixed bandwidth report to sort naturally not by numeric -JO
Fixed CCM import to overwrite hosttemplates on hosts -JO
Fixed CCM import error messages not being displayed when there are errors -JO
Fixed CCM issue where spaces at front and end of host_name and config_name were possible -JO
Fixed Alert Stream to show the servers timezone instead of GMT -JO
Fixed backups to now save NRDP/NRDS configs -JO
Fixed scheduled backups not logging debug/info (and added 7 day log rotation) -JO
Fixed issue where clicking “Create Backup” in local backups page would wait for an extremely long time -JO
Fixed bug when trying to restart/start/stop NPCD from the web UI -JO
Fixed issue in bandwidth report so it will not list in ‘see all available reports’ any services that have been deleted -LG
Fixed issue where custom url dashlet would not keep it’s resized size -JO
Fixed sorting of services in CCM table to now sort by host name (config name) and service name -JO
Fixed sorting on Scheduled Downtime page’s tables – now all host/services and groups are sorted alphabetically -JO
Fixed sorting on deploy dashboards page to now sort both the dashboards and users listed -JO
Fixed bug in autobackup scripts where some weekly backups weren’t removed on schedule -JO
Fixed Manage MIBs page to use the add_mib() function to ‘process trap’, if add_mib() is not in the filesystem or is not executable then use snmpttconvertmib to process MIB, but will not write EXEC lines -LG
Fixed Route Request (rr.php), when getting an invalid user_ticket due to load spikes -LG
Fixed WatchGuard wizard so it detects ports correctly and allows support for all SNMP versions -LG
Fixed Capacity Planning graph dashlet’s to export properly when in dashboard -JO
Fixed issue with NDOutils database upgrade rarely not adding columns -JO

2014R2.0 - 11/11/2014

Added support for CentOS/RHEL 7 -JO
Updated Nagios Plugins to 2.0.3 -SW
Added searchable host field in graph explorer -JO
Added ability to set the language of a user as an admin (also fixed bug where language would reset when an admin edited a user) -JO
Added some usability fixes into the renaming tool including updated text and a “do not apply config after running the wizard” checkbox -JO
Added a warning in the CCM when someone tries to add a ! in $ARGn$ values since they are not allowed (they are used to split command lines) -JO
Added functionality to the CCM to go back to the last page when clicking “go back” and when saving/cancelling an object -JO
Added the ability to run Highcharts exporting locally (with install script & settings in component config area) -JO
Added chart name as default filename when exporting a Highchart graph -JO
Added ability for gauges dashlet to take ranges -JO
Added a Last 4 Hours selection to graphexplorer default time frames to match performance data graph dropdown -JO
Added ability to force conversion of plugin line endings to linux on plugin upload -JO
Added ability to bulk cloning wizard to be able to clone services who’s config_name does not match host_name -JO
Added user Auth Level column to users table to see user levels from the main manage users page -JO
Added auto focus to the username field on the login page -JO
Updated the “Send alert notifications to…” checkbox lists (boxes) in step 5 of the “Monitoring Wizard” to be bigger -SW
Updated 2014 XI theme footer bar to be almost half the size of the old bar -JO
Updated a few translations in the Spanish translation files -JO
Fixed Highcharts graph exporting to use the correct height/width of the graph being exported -JO
Fixed bug with subsystem backend user id error messages -JO
Fixed backend url to add proper port if specified in the config -JO
Fixed bug where a small screen would have trouble displaying the license agreement submit button on fresh install -JO
Fixed hostgroup overview services link to link to the specific host that was selected instead of all -JO
Fixed a bug where adding multiple notification handlers to a contact would make it impossible to change notification preferences in XI -JO
Fixed bug in renaming tool that would not apply config correctly when services are on multiple hosts -JO
Fixed bug in SLA report where “show details” and “hide details” weren’t working with auto-run reports disabled -JO
Fixed audit log to show proper date/time in columns -JO
Fixed state history for services to work properly (thanks Brian Christiansen for the patch!) -JO
Fixed mass acknowledge not leaving slashes (thanks Brian Christiansen for the patch!) -JO
Fixed issue where pinning dashboards would make the page jump -JO
Fixed BPI check output to be the standard output practice -JO
Fixed issue in the CCM where sorting and searching did not work properly together -JO
Fixed CCM import breaking with last line continuing on next line (or lines) with \ character at the end -JO
Fixed CCM import creating a value of the key for definitions with keys that have a blank value -JO
Fixed CCM missing “Manage Parents” link on the Host Templates common settings -JO
Fixed CCM inactive message when creating a new object -JO
Fixed issue in gauges dashlet where unit of measurement would not always be just the unit -JO
Fixed CCM issue where alerting on invalid service dependencies would still allow saving them -JO
Fixed bug in Top Alert Producers report where selecting Hostgroup would not show services of the hosts in the hostgroup -JO
Fixed bug in bulk cloning tool that would not keep the + to host_name of services -JO
Fixed the order of BPI groups to be alphabetical -SW
Fixed the Generic Network Device wizard: Servicegroups list was sorted by wrong field -SW
Fixed no performance graph available text -SW
Fixed output of getcontactgroupmembers backend api call to have proper output type -JO
Fixed scheduled reporting to no longer rely on hardcoded php path -JO
Fixed upgrade for offline installs -SW
Fixed capacity planning breaking host/service status page if .rrd existed but .xml did not -JO

2014R1.5 - 10/01/2014

Added the ability to remove perfdata legend on perfdata dashlets when creating the dashlet -JO
Added ability to comment on Host/Service from advanced tab of Host/Service detail page -SW
Added ability to specify notification types per notification method -AB,JO,SW
Updated Highcharts perfdata graphs to be much bigger and easier to read -JO
Updated Monitor Engine Event Queue to use Highcharts -JO
Updated Japanese language file -SW
Fixed PHP notice errors from session calls -JO
Fixed perfdata graphs to show the proper amount of graphs per page -JO
Fixed returning a “1” at the bottom of the page when enterprise features are enabled on enterprise only pages -JO
Fixed having all contacts removed set contacts to null when using re-configure objects page -JO
Fixed bug that allowed charts with no perfdata to display on availability report -JO
Fixed quick delete in CCM -JO
Fixed service timeperiod selection box in contacts from not showing selected service timeperiod in CCM -JO
Fixed full command line in CCM with Classic theme from not wrapping -JO
Fixed apply configuration highlight in CCM when removing an object -JO
Fixed relationship info button in CCM from displaying services instead of host template relationships for host templates -JO
Fixed case sensitive object searches which could result in user not allowed to see object -SW
Fixed default check_command’s to no longer have comments to they import correctly -SW

2014R1.4 - 08/14/2014

Added the ability to specify backup creation timeout with cfg variable “backup_timeout” which defaults to 1200 secs (20 min) if not set -JO
Update to Nagios Core 4.0.8 -SW
Update to Nagios CCM to 2.2.0 -JO
Fixed whitespace issues in textareas -JO
Fixed bug in scheduled backups which caused SSH to remain open while backup was being created which could take 1hr+ -JO
Fixed bug with perfdata Highcharts graphs not showing with units of measurement that started with a number -JO
Fixed issue in Graph Explorer where scalable timeline graphs would not filter on the first selected type -JO
Fixed bug in CCM where Contact Options would always revert to standard -SW
Fixed bug causing preg_match error when processing imported mibs -LG
Fixed PHP notices caused by the new Highcharts perfdata template -JO
Fixed loading image being displayed indefinitely on Views page until refresh after deleting a view -JO
Fixed Japanese character corruption on status dashlets -JO

CCM 2.2.0 Changes

Added automated login when accessed from inside of Nagios XI if the user is an admin -JO
Added ability to use old “separate” login behavior by setting “Separate CCM Login” in Admin > System Config settings page -JO
Added a warning on host/service pages to let someone know if the config needs to be applied in case they have multiple pages of hosts/services -JO
Added red asterisk to “Apply Configuration” button if there are modified object(s) that need the config applied -JO
Added delete all configs from the Write Config Files section -AB,SL
Updated logging so that automated logins are now logged with the Nagios XI username -JO
Updated logging so it does not log Nagios XI’s apply configuration logins which plagued the log file -JO
Updated the “Config Manager Admin” to be viewable to Nagios XI administrators only when automated login is active (default) -JO
Updated the “Configuration Snapshots” link to open in the same frame -JO
Updated the way navigation was happening when clicking links to not involve so much Javascript -JO
Updates to overall style and look -JO
Updated sorting on tables to show what it is sorting by and added back in “Sync Status” sorting -JO
Updated “Sync Missed” and “Synced to File” to “Not Applied” and “Applied” and made other some small text changes throughout -JO
Fixed bug with messages displaying in a hard-to-read fashion when deleting/updating an object -JO
Fixed service description and confg name ordering on services table -JO
Fixed hidden scrollbar issues with popup selection boxes for host/services -JO
Fixed bug in check_command that wouldn’t allow using a ; in the actual checks -JO
Fixed a bug where it would show apply config needed all the time if a config didn’t exist because all objects were inactive for it -JO
Removed code from older versions that is no longer used -JO

2014R1.3 - 07/17/2014

Added “Show Config Changes” and “Show Errors” on Apply Configuration page for admins -JO
Added the ability to force a check even if the host/service is out of it’s check period -JO
Added “Last”, “Avg”, and “Max” to Host Graphs section Highcharts graphs -JO
Added “Delete All Configs” button to CCM -AB
Updated style of host/service details pages -JO
Updated verifications in CCM for host/service escalations to match the requirements for apply config to be successful -JO
Updated verification requirements in CCM for host/service dependency definitions for valid configs -JO
Fixed Japanese character corruption in dashboard names -JO
Fixed bug where CCM could not apply configuration with host/config names with / in them -JO
Fixed bug in CCM where free variables wouldn’t import when importing Nagios Core config files -JO
Fixed schedule immediate check to do a forced check (default in Nagios Core) -JO
Fixed bug where performance graphs were not showing up for services with : in the name -SW
Fixed character corruption in performance graph names -JO
Fixed issue with missing forward slash in response url -JO,TM
Fixed variable definition illegal character check -JO,SW
Fixed bug in CCM that wouldn’t allow & in command definitions -JO
Fixed issue with reconfigure where you could never configure no contacts on a host/service -JO
Fixed bug in Top Alert Producers and State History reports so that the selected state type stayed on page changes -JO
Fixed double % signs in graphs -JO
Fixed bug where searching for a host with no services would return nothing on “Service Status” page -JO

2014R1.2 - 06/23/2014

Update Nagios Core to 4.0.7 -SW
Applied patch to Nagios Plugins 2.0.2 for additional SUID security vulnerability -SW
Added a checkbox for SLA & Availability report to show warning/critical/unknown states as OK during scheduled downtime “Hide downtime” -JO
Added validation of imported configs in CCM -JO
Change Core Config Manager table so Name and Alias are left justified -SW
Fix bug with maintenance displaying as not available when it is -SW,JO
Fix display of bottom bar in classic XI theme to not take up so much room -JO
Fix bug causing delete from host/service detail pages to fail -SW
Fix bug in CCM that allowed reading/editing files that were not inside the static directory -JO
Fix globally for dashlet add dashboard selection dropdown to have dashboards sorted alphabetically -JO
Fix Manage Component/Wizard pages to support version in the format x.x.x -SW
Fix writing of prefdata XML file to properly escape XML special chars ><& -SW
Fix notification url to no longer have double slashes in it -JO
Fix to not show spinner in bottom bar for non-admin users since it shows admin-only data -JO
Fix bug in Graphexplorer preventing users from getting graphs for services if they were not contacts for the host it resides on -SW
Fixed bugs in CCM to allow Japanese (and any character-based language) to create host/service names -JO
Fix bug for passwords containing \ or ‘ not authenticating -JO
Fix sorting of hostgroup/servicegroup names on several reports -SW
Fix character corruption on users page -JO
Fix bug in CCM where host/service dependency “inherit parents” was always checked -JO
Fix bug in CCM that caused free variables to not be removed from the DB on host/service deletion -JO
Fix CCM bug where Apply Configuration would not overwrite all files necessary if object names changed -AB
Fix bug in graph explorer where / would not appear in titles -JO

2014R1.1 - 06/03/2014

Update Nagios Core to 4.0.6 -SW
Update Nagios Plugins to 2.0.2 -SW
Applied patch to Nagios Plugins 2.0.2 for SUID security vulnerability -SW
Applied patch to Nagios Plugins 2.0.2 to correct reverse lookups -SR,SW
Applied patch to Nagios Core to remove extraneous \n from appearing in perfdata of passive checks as well as other check results reaped from the checkresults queue -SW
Changed the Apply Configuration process to only write out changed configuration files -SW, AB
Upgraded wkhtmltopdf from 0.10.0 to 0.12.1 to fix rendering issues for graphs in PDFs -JO
Updated some icons to fit the new theme and not have white backgrounds -JO
Fix Ndoutils situation where db table nagios_logentries has items where `instance_id`,`logentry_time`,`entry_time`,`entry_time_usec` isn’t unique enough. -SW
Fix bug where backend calls were forcing to connect to http://localhost even if forcing ssl -SW
Fix bug where reports would not be able to go through pages if auto-loading was turned off -JO
Fix bux in Network Outages causing incorrect hosts to be listed. -SW
Fix bug preventing new users from being added to the CCM -SW
Fix bug causing Services in Service dependencies to be disabled -SW

2014R1.0 - 05/13/2014

Updated Highcharts library to 4.0.1 with additional modules -JO
Added View service status icon to hosts in service detail table -SW
Added JSON output for backend API by using “outputtype=json” in the API query -JO
Fixed bug where inactive commands displayed in the Check Command list in the CCM -SW
Fixed new highcharts graphs to default in place of RRDtool unless changed in system config -JO
Fixed bugs with Switch / Router wizard and SNMP v3 -JO
Fixed Japanese language corruption in CCM -JO
Fixed website defacement wizard’s Japanese language corruption in regex / command -LG
Fixed bug where number of items being displayed in CCM tables were off by 1 -SW
Fixed bug where all latest alerts were being shown in an individual host was selected in the Executive Summary Report -SW
Fixed bug with pdf reports not showing proper report data in character-based languages -JO

2014R1.0RC3 - 04/29/2014

Added the ability to send emails to all users not just selected users -JO
Added service graphs advanced option to availability report -JO
Added displaying of address for host links when you hover over the hostname -SW
Upgraded Highcharts to version 4.0.0 -JO
Fixed bug in CCM that would not show all the available pages in the Jump To Page box -JO
Fixed some issues with Japanese character corruption -JO
Fixed alert heatmap to now work when using Japanese as the language -JO
Fixed bug in scheduled reporting where the custom message per email wasn’t being sent with the email -JO
Fixed the tools section for languages that use characters -JO
Fixed undefined offsets repopulating ‘Services’, ‘Processes’, and ‘Event Logs’ fields when moving back from previous steps in many wizards. -EM
Fixed MRTG’s cfgmaker to support all priv-protocols -SW
Fixed bug preventing installation from /root -SW

2014R1.0RC2 - 04/18/2014

Added ability to remove Network Analyzer Tab from Host/Service Detail Page -JO
Added Grid lines on tables -JO
Added ability to stop reports and metrics from auto-loading with new performance settings tab -JO
Added new Report tab in Performance Settings to disable automatic loading on report pages -JO
Added the ability to send emails out to selected users from the user management page -JO
Fixed bug in local backup downloads which prevented large backups from being downloaded -SW
Fixed bug that prevented free variables being saved with a value of 0 -SW
Fixed default to highcharts graphs on host/service detail page -SW
Fixes to the automatic DB repair script to not be automated, but suggest the recommended fix. -SW

2014R1.0RC1 - 04/15/2014

CORE COMPONENTS

- Upgraded Nagios Core to version 4.0.5 -SW
- Upgraded NDOutils to version 2 -SW
- Upgraded Nagios Plugins to version 2.0.1 -SW
- Upgraded MRTG to version 2.17.4 -SW

WIZARDS

- Added MongoDB Server Wizard -JO
- Added MongoDB Database Wizard -JO
- Added Nagios Cross Platform Agent (NCPA) Wizard -Nick
- Added Domain Expiration Wizard – LG
- Added Website Defacement Wizard – LG
- Added Nagios Network Analyzer Wizard -JO
- Updated Bulk Host Cloning Wizard to have ability to specify parents and hostgroups -JO

REPORTS

- Added new Service Level Agreement (SLA) report – EG
- Added Network Report with Integration with Nagios Network Analyzer -JO
- Added Network Query Report with Integration with Nagios Network Analyzer -JO
- Added PDF export for the following reports: SLA, Bandwidth Usage, Capacity Planning, Network Report, Network Query -SW
- Added Scheduled reporting for the following reports: SLA, Bandwidth Usage, Capacity Planning, Network Report, Network Query -SW
- Added ability to set the scheduled report email text on a per-user basis -JO
- Updated Availability Report with options to select specific states, add timeperiod filters, assume states during downtime, etc.- JO
- Updated Capacity Planning Report including addition of dashlets to report – JO,NS,SW
- Updated Bandwidth Usage Report to use Host/Service names and look like the other XI reports -JO,SW

VISUALIZATIONS & FUNCTIONALITY

- Added New Theme with cleaner look and quick search from any page -JO
- Added Mass Downtime Deletion ability -SW
- Added ability to archive snapshots -SW,JO
- Added Birdseye visualization -JO
- Added Per-User Menu Collapsing Memory -SW
- Added gauges dashlets to service/host detail pages -SW
- Added Deadpool feature to optionally automatically remove hosts/services from being monitored (Enterprise Feature) -EG,SW
- Added Scheduled Backups Component -JO
- Added Easy Upgrade from web UI – SW, JO
- Added ability to view past upgrade logs (if done from web UI) in web UI -JO
- Added ability to set XI server and PHP timezone from web UI -JO
- Added ability to drill-down to specific hosts by clicking Highcharts perf graphs -JO
- Added RDP and VNC Connection component allowing quick connections to host via RDP, VNC, Telnet and SSH -EG,SW,JO
- Added logging of phpmailer failures to /usr/local/nagiosxi/tmp/phpmailer.log -SW
- Added capacity planning graphs to tabs in Status detail pages -JO
- Added the ability to give hosts a parent in bulk modification tool -JO
- Added the ability to give hosts a hostgroup in bulk modification tool -JO
- Added the ability to add a service (from an existing service as a template) to multiple hosts using the bulk modification tool -JO
- Enhanced Graph Explorer (with Stacked Performance Graphs) -JO
- Enhanced Performance Graphs on Status Details Pages -JO,SW
- Enhanced view rotation time slider -JO
- Fixed bug which was preventing back button from remembering selection for notification_targets in step 5 of the wizard. -SW
- Fixed bug that would allow hosts / services Active checkbox to be unchecked even if it had dependencies -SW
- Fixed bug in license activation with lowercase license keys -EG
- Fixed CCM bug where deletion/deactivation was possible with dependent relationships -SW
- Fixed CCM bug so that saving static configurations to no longer add non-readable line breaks into saved files -JO
- Fixed XSS security issues -JO
- Fixed search for users in Manage Config Access of CCM… What a mess. -SW
- Fixed Network Replay report -EG,JO
- Fixed bug in the CCM where you could activate a service that had parent relationships that were disabled -JO
- Fixed bug in the CCM where you could add a disabled parent to an object that would cause applying the config to fail -JO
- Updated host/service detail pages to have choices of “5”,”10″,”15″,”25″,”50″,”100″,”250″,”500″,”1000″ per page -SW
- Updated Apply Configuration process to remove old host/service .cfg files before writing the new .cfg files, this will help eliminate the possibility of ghost hosts/services. -SW
- Updated Apply Configuration process to only allow one Apply Configuration process to happen at a time. -SW

2012R2.9 - 02/11/2014

Fix to the backup_xi.sh to get place the config.dat that it sources in, into a specific directory. Added quotes around password variables as they could have special chars. -SW
Fix for CSV export on Availability report. Thanks Brian Christiansen for the patch! -SW
Fix for old graphexplorer dashlets to now show up again with new graph explorer -JO
Fix for graphexplorer giving an error in the error log -JO
Fix graphexplorer to show custom selected times properly -JO
Fix bug where autodiscovey jobs never complete -SW
Fixed graphexplorer to show hosts with perfdata that don’t have _HOST_ perfdata -JO

2012R2.8c - 01/20/2014

Fix premature release of switch wizard slated for 2014 release that was missing dependencies -SW

2012R2.8b - 01/17/2014

Fix bug where Configure -> Re-configure this host/service would not work if notification options had not been set -SW

2012R2.8 - 01/15/2014

MIB upload page now runs the custom SNMPTT addmib command if present and process mib box is checked -SW
Fix hostgroup/servicegroup grid dashlets to sort services listed alphabetically -SW
Fix bug where Configure -> Re-configure this host/service would not work if additive inheritance was set in CCM -SW
Add ability to schedule recurring downtime for wildcard services as well as all services on a host. Thanks Brian Christiansen for the patch! -SW
Fixed bug where status table with downtime filter was not showing the correct results. Thanks Brian Christiansen for pointing us in the right direction! -SW
Fixed bug where in the Manage Variable Definitions popup under Misc Settings in CCM, if you insert new definitions the old values don’t get cleared. Thanks Brian Christiansen for the patch! -SW
Fixed bug where when creating a user, if you choose the “Admin” authorization level the checkboxes below are greyed out (except for read-only access). When you go back into that user the boxes are not greyed out and you can select them. If you change the level to User and then back to Admin the boxes are greyed out again. Thanks Brian Christiansen for the patch! -SW
Fixed bug where read_only users were not being added to the nagios cgi.cfg -SW
Fixed bug where key indexes were not getting added to nagios DB until first upgrade was performed -SW
Change graphexplorer to a be a core component -SW
Added ntpd to install and run by default. -SW
Added the ability to perform the Nagios XI upgrades from the web UI with logging (2014 feature) -SW, JO
Fixed check for update button to force an update check -JO
Added proper pagination that doesn’t show all available pages and jump to tables to the CCM on pages that have tables -JO
Added theme section and themes to Nagios XI (2014 feature) -JO
Added ability to change the highcharts graph theme from grey (2014 feature) -JO
Add gauges dashlets to service/host detail pages (2014 feature) -SW
Added timeframe selection to host/service “Performance Graphs” tab (2014 feature) -JO
Clicking the title in a timeline graph will now redirect to the host/service page for the host/service in the graph -JO
Dashlets now snap to each other borders if they are within 10px of eachother -JO
Dashlets now have a slimmer bounding box (2014 feature) -JO
All dashlets will now outline in a light color when resizing or dragging a dashlet -JO
Forgot password now sends an email to confirm resetting a password before actually resetting it -JO
Added new advanced options to availability report (2014 feature) -JO
Updated Availability, Alert Histogram, Executive Summary to use high charts graphs -JO
Updated TAC to use different verbage for active/passive checks, change passive icon to only display if active checks are disabled. Thanks Brian Christiansen for the patch! -SW

2012R2.7 - 11/26/2013

Fixed bug with 2014 features and search bar dissappearing -JO

2012R2.6 - 11/25/2013

Added view rotation users setting so views will remain stopped/started for users when they return to the views page based on their last setting -SW
Add saved user-based collapsible menus (2014 feature) -SW
Added script to allow contacts to send notification using XI mail settings (e.g. via SMTP) -SW
Fix calendar selection on Audit Log -SW
Added exit codes to backup_xi.sh -SW
Fixed bug which was preventing CCM template options to persist -SW
Updated Spanish translations. – LC, SW
Updated reporting to work even if there is a external url the xi server can not connect to. -JO
Added back in links inside PDFs. -JO
Fix bug where clicking on hosts in hostgroup summary, should display the hosts grid, not the services grid. -SW
Fix encoding of imported RSS Feeds -SW
Fix calls to the CLI use compliant languages, updating for the en_EN to be en_US in nearly all locations.. -SW, NS
Fix encoding with imported RSS Feeds -SW
Added base for upgrade through the web UI -SW
Fixed Save button (again) in CCM for all IE versions -SW
Removed console.log debug outout which was causing some browsers to stop processing javascript -SW
Fix XSS vulnerability in Tools Menu. User would have needed account on system to be able to inject items in their own page, but is now resolved. -SW
Additions and fixes to the deadpool (2014 Feature). -SW
Added the ability to create system backups through the UI (2014 Feature) -JO
Add logic to upgrade from the Web UI (2014 Feature). -SW
Remove requirement of installing from /tmp -SW
Added ability to select dates for report with the calendar icons that have been there all along… -SW
Added the ability to DELETE archived config snapshots. Added the ability to RENAME the archived snapshot’s filename. (2014 Feature) -JO

2012R2.5 - 10/11/2013

Fix the broken recurring downtime script -SW
Fix further issues with Wizard form buttons in various browsers. -SW
Fix missing do_page_end in CCM that was possible causing old browsers to not be able to submit form -SW
Fix Mass Acknowledge problem if language was set to en_EN -NS
Fix for Scheduled Reports if they are scheduled in the 12AM hour. -AB
Fix obsess over service in CCM. -AB

2012R2.4b - 09/30/2013

Fix issue with upgrade caused by premature NagiosQL db upgrade run -SW
Fix issue with Chrome submitting the back button instead of Next on Wizards when the Enter Key is pressed. -SW

2012R2.4 - 09/24/2013

Many CCM Internationalization updates/additions -SW
Fix for SQL injection vulnerability in NagiosQL -SW (Thanks Denis Andzakovic)
Fix for multi-byte chars in PDF files -JO,NS
Fixed bug which prevented scheduling recurring downtime if a host did not have any services -SW
Added additional security for old links if $cfg[‘secure_response_url’]=1; in config.inc.php -SW
Fix encoding of form search boxes and tooltips to display UTF-8 chars -SW
Add ability to allow HTML in comments if Allow HTML Tags in Host/Service Status is checked. Thanks Nate Broderick & Brian Christiansen. -SW
Addition of HelpSystem including videos and links to documentation in most pages of XI -SW

2012R2.3 - 08/25/2013

Add Japanese language support. Thanks Jupiter Technology for all the hard work! -SW
Fix where unicode chars entered in comments/acknowledgments are now displaying properly -SW
Fixes for internationalization of email messageCharSet to UTF-8 -SW
Fix “Add User” was not giving descriptive errors when failing -SW
Fix scheduled downtime script to work with RAM disk -SW
Fix PDF on availability report of Host has no services -SW
Add ability to secure notification %responseurl% by setting $cfg[‘secure_response_url’]=1; in config.inc.php -SW
Fix permalink copy to clipboard -SW
User Dashboards are now sorted alphabetically -SW
Removed language conversion from text that goes in images on Availability report as all languages not supported -SW
Reworked CCM to be able to include XI functions. -SW
Fixed CCM Bug where Hostgroups and contactgroups are not added to host/service escalations when you add them for the first time -SW
Fix bug where users without permissions on a host could not set (or view) recurring downtimes for services they are a contact for -SW
Change to load spash page images locally to avoid mixed content -SW
Fix sort order on host, hostgroup, servicegroup dropdown list to be ASC -SW
Fix to allow locale get variable to pass through auto-login -SW
Fixed PNP default template bug that allowed comments to overflow the RRD memory and cause a legend is too long error. – NS
Fix so Host Graphs will display all datasources of performance data for services, not just the first -SW
Fix in CCM to allow quotes in the value section of free variables -SW
Fixed links to localhost issues in Executive summary and NagiosXI pages when sending out schedule reports – NS/SW

2012R2.2 - 06/05/2013

Fix bug causing SSL users to experience some ajax items not loading, apply configuration to go on forever and submitted commands to not return -SW
Fix in CCM where templates didn’t maintain order applied -SW
Fix in CCM where Limit Results didn’t stick if you selected 250 -SW

2012R2.1 - 05/24/2013

Fix upgrade order so new sourceguardian extensions get upgrade BEFORE new encrypted files are applied -SW
Fixed CCM Bug where ‘Static Configuration Directory’ in Config Manager Settings was always /tmp -SW

2012R2.0 - 05/20/2013

Updated sourceguardian extensions to version 9 to allow support for PHP 5.4 -SW
Updated some link references from the Legacy CCM to the New CCM -SW
Add ability for notification templates in Admin -> Notification Management to be deleted – SW
Added inode filesystem check to the profile.zip -SW
Fix for php-mcrypt bug writing module.so instead of mcrypt.so in the mcrypt.ini -SW
Upgrade ndoutils to 1.5.2 -SW
Upgrade to Nagios Core 3.5.0 -SW
Patched Nagios Core 3.5.0 Fixed bug #445: Adding triggered downtime for child hosts causes a SIGSEGV on restart/reload -ES -SW
Patched Nagios Core 3.5.0 Fixed bug #375: Freshness expiration never reached and bug #427: freshness threshold doesn’t work if it is set long (Scott Wilkerson, Eric Stanley) -SW
Fix to support multi-digit sub-versions in components and wizards -SW
Updated the profile component to now fetch system and apache log information – SL / AB
Fixed bug in CCM where clicking “Remove All” left select items disabled (versions 1.6 & 1.7 affected) – MG
Fixed CCM bug where groups couldn’t select objects as members if they had the same name – MG
Fixed bug with Nagios Mobile where host escalations was not authorizing contacts properly – MG
Fixed MIB upload bug where if it didn’t contain any TRAP or NOTIFICATION definitions it would fail -NS
Updated CURLOPT_SSL_VERIFYHOST to 2 in load_url() since support for 1 is about to be removed in PHP 5.4 and Curl – MG
Fixed BPI javascript bug with “Clear All” and re-enabling disabled select options – MG
Fixed BPI bug where syncing host/servicegroups added a duplicated definition and prevented the group from being edited – MG
Fix for object case sensitivity lookup where case sensitivity was not alway ignored – EG
Added ability to turn off HTTPPROXYTUNNEL from proxy component -SW
Added changes so custom logos display on reports if they are added to the custom logo component -SW
Added v3_priv_proto for SNMP v3 in SNMP Wizard -SW
Added ability for Quick find auto-complete to include host alias field -SW
Fixed html entities showing up in the second column of the CCM table -NS
Fixed bug that would perfdataproc cron to stack up processes if host set for outbound transfer was down or entered incorrectly -SW

2012R1.8 - 04/17/2013

Fix bug introduced with mixed case usernames/contacts -EG/SW/MG

2012R1.7 - 03/27/2013

Fixed bug in scheduled reporting where pdf’s wouldn’t generate on certain SSL connections -SW
Added /var/lib/mrtg and /etc/mrtg/mrtg.cfg to the XI backup/restore scripts -SW
Mods to speed up availability report and executive summary for users with “can see all hosts and services” privileges -SW
Fix Bug in Tactical Overview where it wasn’t displaying the correct totals -SW
Allow a locale to be passed to the login page to force a certain language upon login. login.php?locale=en_ES – MG
Added language selection icons on the login page. These will override default settings for the duration of the session – MG
Fixed pass by reference bug that was causing deprecation warnings. – NS
Fixed bug #368 with Notification Deployment templates – MG
Fixed iframe display issues with Ipads/Iphones – MG
Fixed CCM bug with action_url and notes_url not being escaped properly – MG
Updated system profile component to fetch a downloadable zip with useful log information – SL / MG
Fixed CCM bug where wildcards weren’t working correctly – MG
Fixed bug where child hosts weren’t able to be deleted with the nagiosql_delete_host.php script – MG
Fixed BPI PHP warning about division by 0 – MG
Fixed BPI bug with long plugin output not being truncated for display correctly – MG
BPI: Updated to HTML 5 and forced IE to display in Edge mode so it will work correctly without having to manually set compatibility mode – MG
BPI: Fixed bug with BPI groups not re-populating the form for selected child groups – MG
Fixed CCM bug with (+,null,standard) inheritance options not saving correctly – MG
Added CCM feature to denote Service->Servicegroup relationships from Servicegroups page – MG
Fixed bug in CCM where illegal macro characters (`~$&|'”<>) were allowed to be saved – MG
Fixed bug in CCM where @ was being read as an illegal object name character – MG
Forced username to lowercase upon login to prevent problems with Nagios Core permissions – EG
Fixed bug where apache crontab wasn’t being initialized on some systems – used for scheduled reporting – MG
Fixed CCM bug where host and contact description fields were required – MG

2012R1.6 - 02/05/2013

Fix for case-sensitive object ID lookups from NDOUtils – EG
Fix for CCM case-sensitive Config Names not being written to file – MG
Fix for host fields VRML image and statusmap image not repopulating correctly – MG
Fixed Reflected XSS vulnerability related to dashlet AJAX loads (Reported by James Clawson) – MG
Fixed vulnerability where read-only users could access auto-discovery directly (Reported by James Clawson) – MG
Fixed shell vulnerability for autodiscovery tool (Reported by James Clawson) – MG
Removed use of the ‘at’ command for CCM audit log entries. Only selective entries are forwarded along to XI’s audit log now. – MG
Removed setting of putenv(LC_ALL) in CCM, apache was complaining on Cent/RHEL6+ systems – MG
Fixed JS function calls in CCM that used attr() and updated them to use prop() where appropriate. (Chrome Fix) – MG
Fixed bug in notifications report where pdf exports came back empty if the search field was used – MG

2012R1.5 - 01/30/2013

Fix upgrade script so users customized commands aren’t overwritten -SW
Fixed CCM bug with Chrome where selected table rows weren’t being deleted properly – MG
Fixed CCM 1.4-specific bug where CGI Config and Core Config weren’t resaving properly – MG
Forced IE browser mode for maximum compatibility with IE – MG
Mods to quickstart text and links – EG
Fixed bug #348 in Bulk Mods related to object names with spaces not working correctly. – MG
Fixed CCM bug where contactgroups could be assigned to themselves – MG
Fixed bug where login alerts popup would display twice – MG
Fixed a bug where the CCM (apache) was emailing the root user with STDERR output when audit logging – MG
Added fix to prevent CCM configuration file from having improper permissions – MG
Fixed JQuery conflicts causing AJAX load problems in IE9 – MG
Fixed 1.4-specific bug on Tac overview where Up hosts count was always 0 – MG
Fixed CCM bug with IE where notification period wasn’t repopulating the form correctly – MG
Fixed issue where password changes weren’t updating properly in htpasswd.users file – MG

2012R1.4 - 01/16/2013

Fix permissions for unconfigured objects file to allow removing or deleting objects. -SW
Fixed issue in CCM where free variables weren’t escaping backslashes properly – MG
Fix bug where Scheduled Downtime backend API threw error -SW
Fixed bug where CCM audit logging wasn’t working correctly – MG
Fixed bug #325 where cloning a host, service, template, or contact moved custom variables instead of copying them – MG
Fixed tracker item #323 to support custom file locations with Unconfigured objects – MG
Refactored data fetches for status information, resulting in a major decrease in page load times, and less CPU overhead for mysqld/httpd – MG
Fixed 1.3-specific bug with Nagios BPI checks – MG
Fixed 1.3-specific bug with Nagios BPI groups not repopulating the form correctly – MG
Added link for admins to be able to edit the BPI config file at any time. – MG
Added new host commands to the host object details page – MG
Fixed several issues with the screen dashboard – MG
Added a default POT file for easy updates of other translation files – MG
Fixed issue where menu items were not being translated – MG
Added fuzzy translations for German, Spanish, French, Italian, Portuguese, Russian, and Chinese – NS
Added fix to installation script to check for new RHEL subscription method – SR
Fixed “Scheduled Events Over Time” chart to work over https -SW
Updated SQL query for timedeventqueue chart data to pull from host and service status tables instead.
Check statistics are now fetched from Nagios Core status, eliminating the need to use ndoutils hostchecks/servicechecks tables
The following setting can be implemented in ndomod.cfg to reduce SQL overhead on larger installs: data_processing_options=67108669
Refactored Tactical overview dashlets for a substantial improvement in load times – MG
Added host alias to search criteria. Tracker item #337 – MG
Updated default notification messages to use %hostalias% macro – EG
%hostalias% macro now defaults to use value of %host% if not specifically set – EG
Removed empty PNP template for check_smtp checks causing missing performance graphs – MG
Fixed bugs with CCM variable sanitization – MG / NS

2012R1.3 - 12/05/2012

Fix permissions for restore script. -SW
Fix so state history works for individual services -SW
Fix bug in CCM where selected None in Limit Results would reverts back to 15 -SW
Fix bug where users couldn’t change Max Notifications Age on database cleanup -SW
Fix bug where users couldn’t change address for mobile carriers, always used defaults. -SW
Nagios BPI: Fixed bug with empty auth_users printing lots of commas in bpi.conf – MG
Nagios BPI: Added additional commands to be used with the api_tool.php script. Use -h to see usage for available commands. – MG
Nagios BPI: Fixed issue where BPI group states were being calculated unnecessarily on page loads. – MG
Nagios BPI: Fixed bug with empty hostgroups creating ghost entries- MG
Nagios BPI: Fixed bug where config changes could cause both success and error messages to show up in the UI – MG
Add ability for wizards to add unlimited services,processes, mountpoints etc. Many wizards updated in this release -SW
Add ability to automatically process uploaded trap MIBS into snmptt.ini -SW,NB
Added support for internationalization. PO files can be added to /usr/local/nagiosxi/html/includes/lang/locale – MG
Updated sourcegaurdian loaders to eliminate issues with segmentation faults on enterprise components – MG
Update default notification message to just use %host% as %hostalias% isn’t always set -SW
Fixed bug in CCM where notifications_enabled defaulted to “off” if left blank in the form – MG
Fixed bug with duplicate key entries on bulk modifications. – MG
Fixed bug #317 in CCM where using the search bar could cause CCM insert, edit, and delete commands to be rerun – MG
Fixed bug in CCM where renaming config_name for a service could leave behind ghost service configs – MG
Fixed bug in CCM with form validation for required fields – MG
Added feature request #300, services can now be searched by host address. – MG
Added callback functions to allow custom status icons and custom table columns to be added to status tables by components – MG
Added support for a custom login splash page using the Custom Login component – MG
Fixed potential SQL injection vulnerability in legacy CCM for authenticated users – MG
Fixed bug with component/wizard update check not allowing additional uploads – MG/SW
Added proxy support for component/wizard update check – SW
Fixed bug where global settings weren’t able to save properly (Gregory Shapiro)

2012R1.2 - 10/5/2012

Removed perl-DBD-mssql package from 2012 prereqs – MG
Fixed CCM bug where notification options weren’t saving properly for services/service templates – MG
Added fix so fresh CSS / JS files get automatically refreshed in the browser with each version update – MG
Enterprise license trial expiration now lasts at least as long as normal trial – EG
Fixed 1.1-specific bug where CCM page crashed when adding new contacts – SW
Added missing “is_volatile” setting in CCM – MG
Fixed CCM bug where hostgroup->hostgroup relationships could cause circular relationships – MG
Enterprise-only components are now automatically updated with every release. – MG
Updated highcharts library to 2.3.3. Fixes bug with timestack graph – MG

2012R1.1 - 10/25/2012

Added ability to upload MIB’s up to 5MB – SW
Added preliminary gettext support for internationalization – MG
Fixed UI bug in CCM with duplicate contactgroups in selection box -MG
Wkhtml installs now – AG
Updated all Jquery libraries to latest versions to allow all jquery functions to work in IE9 – MG
Fixed bug with IE9 where dashlets were not draggable – MG
Fixed issue in CCM where check commands with single quotes could break javascript functions (bug #305) – MG
Fixed bug #157 in new CCM where free variables weren’t being copied with an object copy. – MG
Fixed issue where Nagios Mobile was not installing on upgrades – MG
Revised fix for bug #201 where unconfigured objects failed to stay deleted – MG
Fixed bug where host template notification_option ‘d’ wasn’t saving correctly – MG
Added fix to CCM import tool to prevent static and pnp configs from being imported – MG
Fixed CCM page navigation bug after users are deleted – MG
“Open Service Problems” page now hides any host that is acnowledged or in scheduled downtime – MG

2012R1.0 - 10/03/2012

Fixed bug #201 where unconfigured objects failed to stay deleted. List can now also be manually cleared – MG
Fixed bug where multiple scheduled reports weren’t all sending – MG
Fixed page bounce on scheduled reporting – MG
Fixed bug with CCM search not repopulating correctly – MG
Fixed CSS issue rounded corners on footer – MG
Fixed issue where some users were seeing Configure tab when they weren’t supposed to – MG
Components and Wizards can check to see if updates are available… -SW
Fixed BPI bug where the drill down wouldn’t happen if there were orphan groups – MG
Added failsafe to Ajaxterm installer to rollback ssl.conf if an apache config issue is created – MG

2012RC4 - 09/20/2011

Fixed bug in new CCM where command defs would fail to save with single quotes – MG
Fixed bug in new CCM with timeperiod definitions not loading with certain versions of mysql – MG
Removed deadpool feature until later in 2012 – MG
Fixed bug introduced in RC3 that broke result limit logic in new CCM – MG
Updated audit logging to summarize the log entry for a large config deletion – MG
Fixed bug with CCM nagios.cfg and cgi.cfg editor – MG
Fixed bug where hosts/services with more than one : in the name showed as unauthorized – SW

2012RC3 - 09/11/2012

Fixed bug where ajaxterm installer failed when installer was run from outside of the /tmp directory -SW
Fixed typo in deadpool.php – MG
Fixed bug where executable permissions were not properly being applied to newly installed components and wizards – MG
Fixed bug with exec summary exporting as the event log – MG
Fixed bug with duplicate report export options – MG
Fixed bug where PDF export was on some reports that can’t actually export to PDF – MG
Fixed bugs with “Email this report” – NS / MG
Fixed issues with search and back buttons on Escalation Wizard and Bulk Renaming tool – MG
Fixed bug #291 where services with a / in the name didn’t display their performance graph (Fix by forum user nagiosadmin42)- MG
Fixed bug #292 with multiple concurrent searches for host graphs. Expanded flexibility of search as well – MG

2012RC2 - 09/04/2012

2012 Standard Edition

- New Core Config Manager
- Configuration Rollback
- Tools menu for external URL tools
- Bandwidth Report
- Executive Summary Report
- Custom Action URL’s
- Nagios BPI 2
- Emailed Reports
- SSH Terminal access built into the UI
- Nagios Mobile now included
- Automatic installation of all current components, dashlets, and wizards
- Deadpool for obsolete hosts and services
- Improved Autodiscovery Wizard
- Custom Home page
- NRDS Config Manager

2012 Enterprise Edition

- *All features mentioned above*
- Capacity Planning Report
- Bulk Renaming Tool
- Bulk Modifications Tool
- Escalation Wizard
- Scheduled Reporting
- Scheduled Page Report
- Notification Settings Management
- Nagios BPI Hostgroup and Servicegroup Syncing
- Audit Logging

2011R3.3 - 08/20/2012

Added in logic for 2012 Configuration Snapshots Rollback Feature -SW
Fixed bug in core to process perfdata even if empty – used in distributed monitoring -SW
Fixed bug where users authorized_for_monitoring_system could not see Event Log in XI but could in Core. -SW
Fixed bug where performance data wasn’t being sent if using NRDP for outbound checks -SW
Fixed issue with backup script not saving properly with backups over 4GB – SW
Fixed issue with upgrade scripts failing if nagios crontab does not exist -MG
Applied patch to Nagios Core that fixes issue with frozen checks when using DNX – MG
Fixed bug #275 where service details ajax could break with a ‘\’ in the service description -MG
Fixed bug #272 where audit log scripts were not executable – MG
Added callback function ability for subsystem dbmaint.php and cleaner.php scripts – MG
Added callback function ability for Apply Configuration and Reconfigure – MG
Added callback function ability for any subsystem command – MG
Patched Nagios Core, previous patch for bug #338 didn’t take into account that flexible downtime events can happen before end_time. -SW
Updated Highcharts library to 2.2.5, fixes bug with scalable performance graphs not resizing/rescaling correctly after zooming. – MG
Fixed bug #279 on unified hostgroups and servicegroups pages where basic auth would be requested -MG
Added support for HTTPS in outbound NRDP check transfers – EG
Compile NRPE with argument support – AG
Added session_write_close() to dashlet-related AJAX calls and pages to improve dashlet load times – MG
Fixed bug #282: security issue in subsystem logging – MG
Fixed XSS security vulnerability with Core Config Manager login page (reported by Adam Baldwin) – MG
Compile Core with disable-embedded-perl option to prevent NEB related memory leaks – MG

2011R3.2 - 06/27/2012

Fixed error in upgrade script with missing dependencies package – EG
Fixed bug in upgrade script where NSCA may not upgrade properly – MG
Fixed issue where backing up crontabs could halt an upgrade if a tempfile already existed – AG
Added external api script to send data to audit log – MG
Added escalation status to notifications report page – EG
Added fix to force correct permissions for all newly installed components, dashlets, and wizards – MG
Added ability to delete hosts or services from the command line. To be documented in “Automated Host Management” doc – MG
Fixed bug with host status search not searching against host_name field – MG
Fixed bug with 2012 availability report where hostgroups showed all host states as 0% -SW
Ndoutils upgrade script now checks existing DB username for any future upgrades -MG
Added escalated status to alertsummary notification macro – EG
Fixed issue with upgrade script stopping because of package conflicts – MG
Added wkhtml installation to upgrade script (not yet implemented)- EG
Added ajaxterm installation to upgrade script(not yet implemented) – EG
Added external URL to global config settings page to allow for custom URL in notification messages, scheduled reporting (future) – EG
Fixed bug #259 where state history report would now show services when using specific hostgroup for report – EG
Patched Nagios Core bug #338 where schedule downtime would not persist properly upon a restart of Nagios (Carlos Velasco) – MG
Fixed issue where duplicate table indexes may have been created upon upgrade (KevinD and gwakem) – MG

2011R3.1 - 06/08/2012

Fixed issue with upgrade script that could remove user-defined cron jobs from root crontab – SW
Fixed bug created in 3.0 where ‘/’ was not allowed in service descriptions – MG

2011R3.0 - 06/04/2012

Added fix for incorrect permissions with MIB and graph template directories – EG
Added support for 2012 notification management functions: Default Messages, and locking notification settings -MG
Improved sanity checks for XI notification settings for XI users -MG
Added ‘getalerthistogram’ to backend API commands. -MG
Fixed XSS vulnerabilities reported by user: 0a29406d9794e4f9b30b3c5d6702c708 -MG
Fixed overlapping values in piechart for both current and 2012 versions -SW
Fixed bug #260 with notifications search(broke in 2.4). Expanded search options for more robust searches -MG
Fixed bug #156 where illegal characters can be passed for object names in the config wizards, now replaced with ‘_’ -MG
Fixed issue where illegal characters could be used with service descriptions in the Core Config Manager -MG
Fixed minor bug with availability CSV export – SW
Updated Nagios Core to 3.4.1
Updated NSCA to 2.9.1
Updated Ndoutils to 1.5.1
Mod applied to Ndoutils 1.5.1 that fixes kernel msg queue issue

2011R2.4 - 04/24/2012

Added top alert producers to backend API via: cmd=gettopalertproducers -MG
Fixed bug where hosts without services may not show available commands or tabs correctly – SW
Fixed an issue where duplicate notifications can populate the notifications report – MG
Added permissions fix in reset_config_perms for future Renaming tool component – MG
Changed EPEL and RPMForge repos to use local rpms for manual installation – MG
Fixed performance data not being sent on outbound transfers with NSCA #254 – SW

2011R2.3 - 04/16/2012

Fixed a bug where some monitoring wizards couldn’t complete because of missing values – SW/MG
0 is now an acceptable value for first_notification_delay on monitoring wizards – MG
Fixed issue where the upgrade script could fail if the /usr/local/nagiosxi/tmp directory was empty -SW
Added new performance options to the Admin->Performance settings page, subsystem procs/logging can be disabled to improve performance – MG
Modified some of the subsystem processes to only run when needed – MG
Added config options for the performance data spool directories to allow for use of RAM disks with XI’s subsystem processes. -MG
$cfg[‘xidpe_dir’] = ‘/usr/local/nagios/var/spool/xidpe’; $cfg[‘perfdata_spool’]= ‘/usr/local/nagios/var/spool/perfdata’;
Fixed comment/author notification variables to now be %comment% and %author%, respectively – EG
Added some python libraries as dependencies in preparation for capacity planning project – AG
Fixes for rapid response authentication – EG
Fixed issue with Date/Time picker for custom graph timeperiods – SW
Fixed issue on 64-bit el5 where removal on librsvg2.i386 failed and held up the installer – AG
Reverted sudoers install script to support CentOS 5 – EG
Added nmap support to sudoers (used by autodiscovery) – EG
Added helper functions to detect if a specific wizard or component is installed – EG
Fixed bug where deleted users weren’t being properly removed from the cgi.cfg file – SW
Bugfix for a small error in table alignment in PDFs – SW
Fixed issue where downtime is scheduled several days into the future, and a couple other problems – SW
CPU Load meter on syssstat dashlet now accounts for multiple CPUs -SW
Fixed issue with rapid response url with read-only users – MG
Fixed bug #250 related to European date formats in reports -SW
Added session performance improvement suggested by CB – EG

2011R2.2 - 03/05/2012

Fixed problem where blank service performance graphs were being displayed – SW
Fixed potential bugs relating to the $CDPATH shell variable – AG
Removed hard-coded package path in 1-prereqs – AG
Streamlined generation of dependency meta-package – AG
Added a “Finish” button to the wizard logic to allow for quick configuration – EG
Added new rapid response feature for notifications – EG
Removed hard-coded db passwords in install scripts – EG
Added uninstall script (consider this beta) – EG
Added new notification variables (%responseurl%, %objecttype%, %objectid%, %notificationauthor%, %notificationcomment%, %alertsummary%) – EG
Fixed offlineinstall for Red Hat systems – AG
Fixed bug that broke performance graphs for some check_mk graph templates -MG
Added login screen splash information for contacting us – EG
Increased the default timeout value for process_perfdata.pl to 15 seconds for new installs – MG
Added ability to reset notification messages to system defaults in account settings – EG
Added option to run same wizard again at completion of monitoring wizard – EG
Fixed bug where availability report not display if one of the values was less than 0.14% but not 0 – SW
Fixed bug #239 where someone can save a service escalation without a contact or contact group. – MG
Fixed bug #238 that prevented service escalations from saving a service list under certain circumstances – MG
Fixed an issue where the unique service descriptions that populated the service escalations page were case insensitive – MG
Fixed bug #202 where custom date selections for performance graphs always led to “All Hosts” page – MG
Fixed a bug where custom date selections can cause all blank graphs upon a new login. – MG

2011R2.1 - 02/09/2012

Fixed sourcegaurdian error upon upgrade -AG
Fixed JS minifiy issues in release prep – AG
Fixed bugs in fullinstall process – AG

2011R2.0 - 02/06/2012

Fixed bug that displayed debugging output on email test page #207 -MG
Fixed bug where email addresses without FQDN’s can vail validation and fail to send (example: root@localhost) -MG
Fixed bug #207 that broke the URL for Unhandled problems in the login alerts window and Nagios Fusion. – MG
Postgres sequence fix script is now run during upgrades, full installs – EG
Added option to specify http port in config.inc.php. Apply Config would fail without a mod_rewrite. -MG
Fixed bug #185 with adding new service escalations and dependencies. Removed safety nets in the UI to allow services with service->hostgroup relationships to work correctly.
Fixed bug #152 related to service escalations creating ghost services upon import. – MG
Added fix/feature for bug #190 to allow html output for host/service status text. Option is switchable in the Admin->Manage System Config page. – MG
Fixed broken link on Unconfigured Objects page – SW
Added a System Profile page to the Admin menu to assist in troubleshooting – MG
Fixed availability report bug where host name was not displayed properly – SW
Fixed bug #122 which displayed inconsistent data in state history reports – EG
Added new backend commands to support future NagiosQL snapshot rollbacks – EG
Fixed bug #218 where servicegroup availability reports contained incorrect host data – EG
Fixed bug #215 where performance graphs in object detail screens could not be added to dashboards – EG
Fixed bug where host and service notifications could not be completely disabled on a per-user basis – EG
Changed Nagios Core hostgroup/servicegroup logic to match Nagios XI – EG
Fixed bug where escalation macro was not getting populated for use in notification messages – EG
Fixed bugs with improperly encoded URLs causing broken links -SW
New installations will have cleaner handling of sudoers, cron jobs, and php limits
Removed freetds and dbd dependencies
Lots of bug fixes in the installer

2011R1.9 - 12/07/2011

Prevented some time-critical SQL queries from being cached – EG
Prevented service graph from being generated in availability reports when a host has no services (issue #198) – EG
Patched recurring downtime script to fix problem with Nagios scheduling it’s own downtimes (issue 136) – submitted by Alexandru Lacraru
Added ability to copy permalink URL to clipboard (suggested by Troy Lea) – EG
Added fix for potential bug that prevented performance graphs from displaying on some systems -MG
Added fix to the rrdtool graph API for improved compatibility with existing PNP graph templates – MG
Fixed security escalation race conditions in crontab install scripts – EG / AG
Fixed XSS vulnerabilty in backend_url javascript link – EG
Fixed XSS vulnerability in xiwindow variables (affected permalinks) – EG
Fixed XSS vulnerability in recurring downtime script – EG
Fixed XSS vulnerability in alertheatmap report, “My reports” listing – EG
Fixed XSS vulnerabilities in status/report page link functions – EG
Fixed security vulnerability during package installation – AG
Special thanks to 0a29406d9794e4f9b30b3c5d6702c708 for reporting security vulnerabilities.
Fixed potential endless loop in non-interactive fullinstall script – AG
Fixed bug with multiple calls to session_start() that produced error messages – EG
Changed home page notifications link to use newer report – EG
Added event log report to legacy reports – EG
Fix for availability report including incorrect data – EG
Fixed bug where custom tabs (eg. object notes) would not appear in service details screens – EG
Added ability to attach multiple files to an email message – EG
Added ability to have multiple recipients in email messages – EG
Fixed minor bug in coreuiproxy.inc.php script that was generating a PHP Warning on CentOS/RHEL 6 installs – MG
Further revision on repairmysql.sh script for more successful repair runs – MG

2011R1.8 - 10/28/2011

Added ability to include attachments in emails – NS
Added group membership query functions – EG
Fixed date in webroot index page (suggested by Troy Lea) – EG
Added MIB management to admin page (suggested by Troy Lea) – EG
Updated jQuery to 1.6.2 – EG
Performance graph panels in object detail pages now only display if panel is selected (suggested by Troy Lea) – EG
Fixed problem with apostrophes being cut off in comments/acknowledgments – EG
Added PNP graph template management (suggested by Troy Lea) – EG
Added custom date/time selection to performance graphs (suggested by Troy Lea) – EG
Added Automatic login feature – EG
Modified cmdsubsys cron job to run daily update checks – EG
Added zip to the prereqs list for CentOS 6 – NS
Fixed bug #191 that created an extra footer div on child pages and prevented buttons and links from working – MG
Added missing dependency for check_by_ssh – AG
Revised OS checker for installer scripts to ensure compatibility and supported installations – AG
Updated the repair_mysql.sh script for more successful repair runs – MG
Modified load_url logging to overwrite load_url.log instead of appending to prevent log flooding with duplicate info. – MG
Fixed bug 194 that created an SQL error in the browser when updating notification preferences – MG
Multiple install attempts will not append to the install.log file instead of overwriting it. – AG
Added CentOS CR repo for CentOS 6 installations. Fixes package conflict for php-mssql package – AG
Updated NPCD daemon to 0.4-latest snapshot. Fixes memory leak that can crash NPCD process. – MG
Fixed memcached support by adding caching TTL (defaults to 10 seconds) – EG
Added a fix that allows update checks to work on a proxy install -MG
http://assets.nagios.com/downloads/nagiosxi/components/proxy.zip – Adds a Proxy Configuration page to the Admin menu.

2011R1.7 - 8/29/2011

More robust installation scripts, support for RHEL 6 -AG
Changed permissions on files under /usr/local/nagiosxi to restrict access to Nagios and Apache users only -EG
Applied fix to check_xi_service_mrtgtraf.php PNP template to fix units problem on perf graphs -NS
Added checks to detect wrong file types when uploading components, wizards, and dashlets -EG
Changed activation logic to require re-activate on IP address change -EG
Fixed permissions in alert heatmap, notifications, histogram, and status history reports (issue #186) – EG
Removed event log report link for non-admins – EG
Fixed errors when determining backend URL (old logic broke with command line scripts) – EG
Added logging when internal and external http calls fail: /usr/local/nagiosxi/var/load_url.log -MG
Updated backend URL logic to fix problem with command-line scripts – EG
Fixed bug in footer with z-index and tray alert transparency – EG
Added an import prep script that preps all .cfg files in a single directory (scripts/xi_prep_dir.php) -MG
Added ability to search for host status by IP address in the “Quick Find” search box – EG
Added sanity checks to all stages of reconfigure_nagios.sh to identify any problems during Apply Configuration -MG
Added error catches for “Apply Configuration” in the browser, problems will now exit the loop with an appropriate error message -MG
Added host alias to the host details page: Tracker Request: #165 -MG
Fixed tracker issue #127 related to status table sort arrows not being clickable -MG
Added ability to filter new reports by a single host. Tracker Request #134 – MG
Fixed bug created in 1.6 that causes slow performance with installs behind NAT -MG
NOTE for proxy installs: Nagios XI needs to make internal calls to localhost, set your proxy accordingly.
Added callbacks to allow for overriding default home page, injecting links in reports – EG
Fixed bug in E-importnagiosql script with Apache not restarting and removed duplicate dependencies in 1-prereqs scripts – AG

2011R1.6 - 07/25/2011

Fixed bug 163: related to long plugin output breaking the host/service details pages. Max status text is now 6k.
Added support for RHEL 6 (0-yum)
Added bug fix to 12-mrtg that was preventing rrd’s from being created correctly from the switch wizard
Added patches to fullinstall and 0-yum that allow for non-interactive installs for 64bit systems.
Fixed bug that was causing the “delete service” command to fail on the XI service details page.
Fixed bug in CCM that prevented lines longer than 4k from being imported and written to file correctly.
Fixed XSS vulnerabilities discovered in status pages (ajax calls)
Updated Windows desktop wizard with bug fixes related to saving preferences when using the back button
Fixed SSL bugs caused by an SSL host-certificate issue with curl.
Modified monitoring wizard API to allow wizards to hide hostgroup, servicegroup, and parent host options
Fixed bug #168 re: permalinks breaking on URLs that contained a space (this affected services and hosts)
Removed hard-coded http calls in new reports
Fixed bug #179 with CCM password limit at 15 characters
Fixes in E-importnagiosql for Apache not being detected as having started

2011R1.5 - 06/23/2011

Added “check all” and “uncheck all” feature to switch wizard
Fixed problem with Windows server wizard modifying port numbers in existing command definitions
Removed custom port options for Windows server wizard (we will reimplement this in a later release)
Fixed problems with incorrect permissions on /usr/local/nagios/var directory files (caused orphan check errors)
Updated Nagios Core init script to suppress error messages about processes that couldn’t be killed (e.g. that no longer exist)

2011R1.4 - 05/16/2011

Modified Nagios Core notification scripts to include the host display name macro and allow it be used used in user notifications (using the %hostdisplayname% variable)
New init script to fix problems with multiple Nagios instances running
Fixed bug in object functions related to instance_id and active state that affected object status pages
Added preliminary support for memcached
Added initial support for automatic logins
Fixed bug in E-importnagiosql script where Apache was not starting properly
Fixed bug where applying configuration changes would hang
Fixed bug where re-notification interval of zero (0) corrupted wizard object definitions
Fixed bug where fullinstall script needed to be run twice
Added a non-interactive option to the fullinstall script for unattended installations

2011R1.3 - 05/24/2011

Added HTTPS support for underlying NagiosQL scripts (“$cfg[‘use_https’]=true” must be set in config.inc.php file)
Fixed bugs that prevented strict SSL compatibility with backend calls. Pure https support now enabled with mod_rewrite. -MG
Created a new performance graph API that fixes several known issues related to performance graphs displaying correctly -MG
Fixed a javascript bug with the blue “fullscreen” triangle.

2011R1.2 - 04/11/2011

Removed event data from component status dashlet (was incorrect for some users)
Fixed error in nagios init script that affected clean restarts
Added lockfile to dbmaint cron job to prevent overlapping jobs running/hanging
Fixed bug in NDOUtils addon where host and service check statistics were no longer being reported
Fixed bug where top alert producers report didn’t have proper authorization checks
Removed javascript scrollpane effect in left navigation bar
Fixed bug in dbmaint cron job that could cause table corruption for some users

2011R1.1 - 03/07/2011

Disabled logging of external commands, passive checks for new installs and upgrades
Fixed bug in unconfigured objects parsing code
Added styled scrollbar to left navigation menu
Added max notifications age setting in database performance page
Stylesheet fixes for Opera and Chrome

2011R1 - 02/28/2011

Added a new “screen” dashboard for attaching dashlets to each screen (top frame)
Added tray alert to footer
Incorporated Exfoliation theme for Nagios Core
Added login alert screen
Renamed “All Graphs” menu link to “Host Graphs”
Added support for saving preferences in performance graphs
Host Performance graphs now do not show hosts for which graphs are not available
Fixed bug where permalinks to dashboards didn’t work
New reports with CSV and PDF output capability
Added “My Reports” feature for favorite reports
Added check for missing posix_getpwuid() when applying config changes
Included highcharts for dynamic report generation (licensed code)
Improvements in MySQL database efficiency with new NDOUtils mods
Added support for new components, including:

- Auto-discovery
- Hypermap
- Alert timeline
- Alert cloud
- Network replay report
- SNMP scan wizard

2024R1.2 - 10/22/2024

Added

Added Active Directory functions to LDAP integration for better functionality [GL:NLS#321] – JS
Added tab key functionality to insert tabs while editing Logstash configuration text [GL:NLS#250] – JS
Added email-based two factor authentication [GL:NLS#337] – JS

Fixed

Updated the method used to detect that Log Server is already installed so it doesn’t trigger false positives [GL:NLS#235] – JS
Updated link to the Nagios Log Server Support Forum displayed when Elasticsearch is not running [GL:NLS#136] – JS
Updated pricing, renewal, and purchase links to for Nagios products [GL:NLS#126] – JS
Fixed an issue that prevented changing timezone on Ubuntu 24 [GL:NLS#309] – JS
Fixed a Chromium issue that prevented installation on Ubuntu 22 [GL:NLS#308] – JS

2024R1.1 - 07/16/2024

Added ability to trim audit log and alert history [GL:NLS#6] – CD, JS
Added email macros for log data fields [GL:NLS#74] – JS
Fixed an issue where when log data is a nested array, alert emails would not send correctly in HTML format [GL:NLS#74] – JS
Added logging to various Admin, Alerting, and Configuration features [GL:NLS#68] – JS
Added ability to hide default query buttons on dashboard page [GL:NLS#232] – JS
Added ability to add/edit/delete custom query buttons based on existing NLS queries [GL:NLS#232] – JS
Added Ubuntu 24 Support [GL:NLS#152] – JM
Deprecated EL7 and Debian 10 [GL:NLS#252] – JS
Added the ability to switch between AI models for the NLP query feature [GL:NLS#220] – SNS
Fixed an issue where NCPA tokens could not be updated [GL:NLS#297] – JS

2024R1.0.2 - 06/05/2024

Added configuration options to allow Elasticsearch to listen on all interfaces [GL:NLS#219] – JM
Improved error feedback when failing to connect to NRDP over SSL [GL:NLS#156] – JS
Improved home page performance [GL:NLS#163] – JS
Updated NCPA’s installation process to use a permanent link [GL:NLS#168] – LG
Updated NRDP connection test to allow self-signed certificates [GL:NLS#156] – JS
Fixed issue where Host Freshness Alert form wasn’t always using the default host value [GL:NLS#170] – JS
Fixed issue where deleting the last Filter or Input within Per-Instance Configuration did not work [GL:NLS#174] – JS
Fixed issue with invalid license keys breaking initial install [GL:NLS#130] – JS
Fixed %uniquehosts% macro for alert emails [GL:NLS#159] – JS
Fixed importing users from LDAP when users were in nested Organization Units [GL:NLS#15] – JS
Fixed report downloads when Nagios Log Server is configured with a self-signed certificate [GL:NLS#189] – CD,SAW
Fixed an issue where a dashboard could crash when querying over too long a timeframe [GL:NLS#158] – JS
Fixed inability to add to a cluster on Enterprise Linux 9 [GL:NLS#80] – LG
Fixed easy button queries to be more specific and avoid false positives [GL:NLS#185,#184,#183,#182,#181,#179] – SNS
Fixed several issues when parsing XI audit logs [GL:NLS#176,#177,178] – LG
Fixed an issue in Admin->System Status and Admin->Monitoring Backend where status indicators would infinitely spin [GL:NLS#137] – LG
Fixed an issue where shards do not re-allocate properly for clustered servers [GL:NLS#11] – JS
Fixed a privilege escalation vulnerability in several backend scripts (Thanks Sarang Tumne for reporting this issue) – SAW
Fixed an issue where Ubuntu 22 would fail to install the product [GL:XI#1073] – JM
Fixed missing Save and Cancel buttons when editing administrator users [GL:NLS#242] – JS
Fixed incorrectly installed Python dependencies on Enterprise Linux 7 [GL:NLS#256] – JS,LG
Fixed reset_nagiosadmin_password.sh locking users out on some systems [GL:NLS#243] – DA
Reverted the change to %url% handling for Alert emails [GL:NLS#231] – JS

2024R1.0.1 - 02/20/2024

Added hostnames to Host Freshness Report emails [GL:NLS #31] – JS
Changed link in Host Freshness Report emails to point to the Unique Hosts page [GL:NLS #31] – JS
Updated SourceGuardian [GL:NLS #149] – JM
Changed per-page memory limit in php.ini to prevent crashes [GL: NLS #165] – JS
Fixed error logging for php-fpm [GL: NLS # 141] – JS

2024R1 - 12/05/2023

Added a twice daily chart for total / top 5 log entry senders on home page [GL:NLS #110] – GW
Fixed an issue when downloading reports on CentOS 9 [GL:NLS #88] – DA
Fixed an issue where google redirects weren’t working [GL:NLS #78] – SNS
Fixed an issue where French broke the home page and global configurations [GL:NLS #2] – SNS
Fixed an issue where timezone changes took too long and sometimes didn’t go through [GL: NLS#38] – SNS
Added a feature where the home page displays a two week chart [GL:NLS #91] – KV
Added a feature where there are buttons to easily query common logs [GL:NLS#20] – SNS
Added a feature where there query input field is hidden [GL:NLS#106] – SNS
Added a feature where users can use natural language to make queries [GL:NLS#113] – SNS
Added the ability to save a dashboard as a report [GL: NLS#92] – DA
Moved the unique hosts report to the admin page [GL: NLS#89] – DA
Updated login page presentation [GL: NLS#107] – JS
Added navigation breadcrumbs [GL:NLS#91] – SNS
Added 12 new default reports [GL:NLS#108] – SNS
Fixed an issue where NCPA plugins were not python3 compatible [GL: NLS #71] – SNS
Fixed an issue where objects were being displayed incorrectly [GL: NLS#95] – SNS
Fixed and issue when uploading to Custom Includes, the CSS tab would open after uploading [GL: NLS #57] – AC
Fixed an XSS vulnerability when creating a new user [GL: NLS #42] – AC
Fixed an issue where unclear directions were given to users during installation setup [GL: NLS 81] – AC
Fixed an issue where users were unable to extend their trial if they activated a free license [GL: NLS 7] – AC
Fixed an issue where host freshness alerts were displaying an inaccurate lookback time [GL: NLS 32] – AC
Fixed an issue where old flash messages were not being properly cleared [GL: NLS 86] – AC
Fixed an issue where creating an alert wouldn’t necessarily use your current query [GL:NLS#30] – BB
Fixed a security bug where users without API permissions had full API access [GL:NLS#69] – BB
Fixed an issue where logstash init scripts would mis-recognize process IDs [GL:NLS#73] -CD
Fixed “Update Check” typo [GL: NLS#83] – CD
Removed “World conference” text [GL: NLS#76] – CD
Fixed link to regex page [GL: NLS#72] – CD
Include latest version of NXLog CE [GL: NLS#70] – CD
Changed location of backup.log [GL: NLS#5] – CD
Install vim on Ubuntu machines [GL: NLS#62] – CD
Fixed “incoming logs” typo [GL: NLS#9] – CD
Updated linux-setup.sh script to replace use of ‘which’ with ‘command’ [GL: #120] – DC
Deprecate Ubuntu 18 – DA

2.1.15 - 04/13/2023

Fixed issue where you couldn’t change timezone via GUI in admin/globals on some distros [GL:NLS #46] -PhW
Fixed issue with switching user locale on some CentOS 8/9 installations [GL:NLS #61] -SAW
Fixed issue where SNMP alerts would fail for Ubuntu systems [GL:NLS #48] -SAW
Fixed issue with installation on RHEL 7 -SAW
Fixed mangled text when logging user queries in Audit Log [GL:NLS #47] -SAW
Fixed several issues with Ubuntu 22 support [GL:NLS #44, #45, #50, #51, #52, #53, #54, #55, #58, #59] -SAW
Updated “Elasticsearch Offline” error to include systemctl-based instructions where applicable [GL: NLS #49] -SAW

2.1.14 - 03/22/2023

Added support for Debian 11, Ubuntu 22, and CentOS Stream 9 [GL:NLS #34, #35, #36] -SAW, DA
Added more information to System Profile -SAW
Updated bundled NCPA to 2.4.1 -SAW
Deprecated Debian 9, Ubuntu 16 due to end of life -SAW
Fixed an issue where some hosts were missing from the “Not Sending” table of the Host Freshness report -SS
Fixed XSS vulnerability in snapshots page (Thanks to Ariane Blow for reporting) [GL:NLS #3] -DA

2.1.13 - 05/10/2022

Updated NXLog .msi file to version 3.0.2272 -SAW
Add reload4j as drop-in log4j replacement -SAW
Fix issue with elasticsearch configuration being replaced on upgrade -SAW
Fixed exporting dashboards to CSV when using nested fields -SAW

2.1.12 - 02/21/2022

Removed additional log4j library -SAW
Fixed version update issue in 2.1.11 -SAW
Updated jQuery to version 3.6.0 (jQuery 1.12.x is retained on the backend for PDF rendering) -SAW
Updated NCPA to version 2.3.1 -SAW

2.1.11 - 02/10/2022

Removed log4j as a dependency from logstash and elasticsearch -SAW

2.1.10 - 12/09/2021

Fixed several XSS (Thanks SecEnt Security Team) (details forthcoming) -SAW

2.1.9 - 07/20/2021

Alert ownership no longer changes automatically when edited by an administrator [TPS#15264] -SAW
Changed default real-time alert creation behavior
when using “in” or “not in” operators, the create/update logic will assume a string on the left criterion and a field/property on the right unless specified -SAW
Fixed issue with Python 2 compatibility -JO,DC
Fixed several XSS in Admin > Audit Log (thanks Liew Hock Lai and NCC Group) (CVE-2021-35478, CVE-2021-35479) -SAW
Fixed XSS in Configure > Config Snapshots (CVE-2020-25385) -SAW

2.1.8 - 03/09/2021

Added support for Debian 10 and Ubuntu 20
Fixed XSS in Admin > Mail Settings and Configure > Snapshots (CVE-2020-25385) -SAW
Fixed API to allow queries from existing Nagios Fusion dashlets -SAW
Fixed issues with ipv6 recognition in Instance Status and related pages [TPS#15357] -SAW
Fixed spurious “Alert named {x} already exists” error messages [TPS#15481] -SAW
Fixed dns_reverse_lookup returning a blank string instead of IP or message when reverse dns disabled -JO

2.1.7 - 07/28/2020

Added separate permission level for Alert Contact visibility/editing [TPS#14984] -SAW
Fixed issues when using FreeIPA containers with LDAP integration [TPS#15236] -SS
Fixed host freshness alerts reporting incorrect number of non-sending hosts [TPS#15086] -SAW
Fixed “Exported CSV Timezone” global setting always displaying “Cluster Timezone” [TPS#15094] -SAW
Fixed incorrect timestamps showing for AD/LDAP certificate expiration [TPS#15105] -SAW
Fixed XSS in Notification Methods -> Email Users menu (credit Jinson Varghese Behanan and Astra Security) (CVE-2020-16157) [TPS#15232] -SAW
Fixed incorrect handling of “Disable Reverse DNS” global option -SAW
Fixed setup-linux.sh for Ubuntu 20 [TPS#15188] -SAW,CD
Fixed performance issue with alerting for installations with many open indices [TPS#15234] -SAW

2.1.6 - 04/23/2020

Updated Sourceguardian to work with PHP 7.4 -JO
Added a global option to use the cluster’s timezone for the “Export as CSV” button [TPS#15035] -SAW
Added alert admins without the Configuration permission will receive a notice when deleting real-time alerts [TPS#14980]-SAW
Fixed “Save User” button missing from “Edit User” page -SAW
Fixed XSS in “Create User”, “Edit User”, and “Manage Host Lists” -SAW
Fixed “Export as CSV” dashboard button no longer displays restricted hosts [TPS#14983] -SAW
Fixed installation issue with SUSE Extended Support for RHEL systems (Thanks Derek) -JO

2.1.5 - 03/24/2020

Add a setting to disable DNS reverse lookups -SAW
Fixed issues when using the ‘dns’ Logstash filter with Host Visibility restrictions [TPS#14903] -SAW
Fixed LDAP/AD integration CA certificate upload to allow both root and intermediate on same subject -JO
Fixed issues with alerting via SNMP Trap when using AuthPriv or AuthNoPriv [TPS#14965] -SAW
Fixed issue with Disk Usage – Current Index graph when system time was UTC+XX [TPS#14993] -SAW

2.1.4 - 01/28/2020

Added %lastalertlog% and related e-mail template macros for real-time alerts [TPS#14799] -SAW
Added a selector to Alert History allowing newly-deleted alerts to be used as a filter [TPS#14795] -SAW
Updated Japanese translations (thanks Chitose Sasaki) -JO
Remove broken ‘xor’ and ‘nand’ keywords from real-time alert configuration -SAW
Fixed Logstash plugin upgrades causing install/upgrade scripts to fail and need to be restarted -JO
Fixed issue with missing CSS classes on some items in the interface [TPS#14762,14769] -SAW,JO
Fixed alert count in main homepage/dashboard to only show active alerts [TPS#14770] -JO
Fixed Unique Hosts count in the main homepage/dashboard to use the same query used in the Unique Hosts Report [TPS#14767] -JO
Fixed boolean logic operators in realtime alerting being improperly translated [TPS#14768] -JO
Fixed real-time creation and editing for users that could not modify Logstash configuration [TPS#14808] -SAW
Fixed removal of other notification recipients when non-admins edit alert settings [TPS#14783] -SAW
Fixed ‘Show Query’ and ‘Show Results’ buttons appearing in Alert History for Real-Time and Host Freshness Alerts [TPS#14797] -SAW
Fixed missing Email Templates ‘Remove’ button when user has all alerting permissions enabled [TPS#14794] -SAW
Fixed incorrect real-time alerting criteria when multiple alerts were edited/canceled [TPS#14784] -SAW
Fixed broken ‘Download as CSV’ button in Alert History [TPS#14796] -SAW
Fixed open redirect vulnerability in the redirect parameter on the login page -JO
Fixed XSS vulnerabilities in dashboard query page, full user name in profile, admin user edit page, and admin audit log page (CVE-2020-6584, CVE-2020-6585, CVE-2020-6586) (thanks Mohit Rawat) -JO, SAW
Fixed display of real-time alert names in dashboard fields [TPS#14798] -SAW
Fixed duplicated e-mails when editing scheduled reports in clustered environment [TPS#14851] -SAW
Fixed comma escaping when exporting a CSV from a dashboard -SAW
Fixed non-admin users able to edit/delete other users’ scheduled reports -SAW
Fixed issue with ‘Toggle All’ button in User Permissions [TPS#14877] -SAW
Fixed issue with selecting multiple host lists in User Permissions [TPS#14879] -SAW

2.1.3 - 12/12/2019

Updated Japanese translations (thanks Chitose Sasaki) -JO
Updated Home Page “Total Disk Usage” graph to use Elasticsearch’s disk drives [TPS#14708] -SAW
Fixed real-time alerts so that deactivated alerts don’t ask to Apply Configuration when deleted [TPS#14687] -SAW
Fixed Unique Hosts CSV report to include Log Count for active hosts [TPS#14688] -SAW
Fixed issues with file extensions when downloading/e-mailing reports [TPS#14685,14686] -SAW
Fixed issue with LDAP/AD certificate management when binary data is in the certificate [TPS#14690] -JO
Fixed issue with restoring multiple indices from a snapshot [TPS#14748] -SAW
Fixed LDAP/AD imported users not able to log in after import due to missing username value in DB [TPS#14726] -JO
Fixed issue with Logstash system status on Ubuntu 18 systems sometimes showing not running [TPS#14729] -JO

2.1.2 - 11/12/2019

Updated SourceGuardian loaders to now support PHP versions up to 7.3 -JO
Updated Japanese translations (thanks Chitose Sasaki) -JO
Updated jQuery to patched jQuery 1.12.4 for CVE-2019-11358 -JO
Fixed Javascript alert text not being translated -JO
Fixed Real-Time Alerts, host freshness alerts broken on re-activation [TPS#14559,14574] -SAW
Fixed garbled text when using international characters in downloaded/e-mailed reports [TPS#14502] -SAW
Fixed login screen to treat usernames as case-insensitive [TPS#14569] -SAW
Fixed false positives for ‘An alert named already exists’ -SAW
Fixed error messages showing after alert creation is canceled -SAW
Fixed “Disk Usage — Current Index” graph when run_index_usage is scheduled at a greater frequency -SAW
Fixed users able to see restricted data in alert history [TPS#14595] -SAW

2.1.1 - 10/03/2019

Updated Japanese translations (thanks Chitose Sasaki) -JO
Fixed error message on login failure to be non-descriptive to not giveaway valid usernames -SW
Fixed missing form validation for real-time alert names -SAW
Fixed shebang in restore_backup.sh to work on Debian systems -SW
Fixed modifying global config after configuring real-time alerts [TPS#14491] -SAW
Fixed ‘Show Alert in Dashboard’ button [TPS#14487] -SAW
Fixed missing ‘run_index_usage’ subsystem job after upgrades [TPS#14489] -SAW
Fixed Host Freshness delete button requiring applied configuration [TPS#14522] -SAW
Fixed system language being preferred over user language in downloaded/e-mailed reports [TPS#14501] -SAW
Fixed garbled text when using international characters in downloaded/e-mailed reports [TPS#14502] -SAW
Fixed reports scheduled at noon/midnight incorrectly populating edit form [TPS#14503] -SAW
Fixed “Only alert when Warning or Critical threshold is met” checkbox for host freshness alerts [TPS#14530] -SAW
Fixed missing multitenancy settings when viewing query results in Alert History [TPS#14548] -SAW
Fixed issues with Logstash section of API Reference -SAW

2.1.0 - 09/17/2019

Added a filter for the Nagios XI Audit Log to the default configuration [TPS#13942] -SAW
Added a status indicator in the Index Status/Cluster status pages for elasticsearch indices that are still re-opening [TPS#5796] -SAW
Added an e-mail template macro, %count%, which gives the number of matching entries in the query that generates the alert [TPS#7361] -SAW
Added a way to include custom CSS/javascript/images (from the Admin menu) [TPS#14332] -SAW
Added the ability to rerun queries from the Audit Log if all queries are being logged [TPS#13128] -SAW
Added minor interface enhancements [TPS#13504] -CD, SAW
Added the ability to alert based on logstash conditionals (real-time alerting) [TPS#13994] -SAW
Added the ability to alert based on previously-configured hosts which are no longer sending logs (host freshness alerting) [TPS#4951] -SAW
Added restriction to backend API calls to not allow accessing nagioslogserver/nagioslogserver_log index directly -JO
Added host-based restriction to backend API/dashboards/query-based alerts for multitenancy [TPS#9322] -SAW
Added report exporting/scheduling [TPS#4303] -SAW
Added certificate management for AD/LDAP [TPS#6773] -SAW
Added usernames to backend audit logging [TPS#9107] -SAW
Added Nagios Cross-Platform Agent (NCPA) by default for Nagios XI integration [TPS#13939] – SAW
Updated Snapshots & Maintenance Page, adding greater control over which elasticsearch indices are restored [TPS#7230] -SAW
Updated home page graphics [TPS#4312, 5545, 7442] -SAW
Updated Audit Log to write to /usr/local/nagioslogserver/var in addition to the existing database [TPS#14022] – SAW
Fixed issue where multiline logs would be compressed to a single line in e-mail alerts [TPS#14241] -SAW
Fixed issue where plain-text e-mails would still include HTML tags [TPS#14240] -SAW
Fixed issue where the System Default alert template wouldn’t always use the system language [TPS#13488] -SAW
Fixed language translations not working properly on Debian and Ubuntu systems -JO
Fixed check for updates not working properly on Ubuntu 18 systems due to PHP version -JO
Fixed wording for encryption STARTTLS in LDAP/AD Integration -JO
Fixed dashboard CSV export for nested data structures (like geoip) -SAW
Fixed curator not found on Ubuntu 18 [TPS#14371] -SW
Fixed LDAP multiple naming contexts if context has no dc= in the name [TPS#12435] -JO

2.0.8 - 05/09/2019

Added messages in e-mail templates for %lastalertlog%, %last10alertlogs%, and %uniquehosts% when no log lines match the alerting query -SAW
Fixed Reflected XSS on Login page (CVE-2019-15898) (credit Luca Ottoni and Lucas Carmo) [TPS#14072] -SW
Fixed session ID not reinitializing when logging in -JO
Fixed Debian init file to export ES_HEAP_SIZE to automatically calculate memory [TPS#14099] -SW
Fixed issue with updating tcp logstash plugin before logstash update -JO

2.0.7 - 02/07/2019

Fixed issue with newer Debian 9 os-release not passing as a valid OS for install -JO
Fixed issue with Ubuntu 16.04 rsyslog bug with setup-linux.sh script -JO,AC

2.0.6 - 11/01/2018

Added missing info to system profile script -CD,JO
Added page refresh every 30 seconds to Alerts page [TPS#9078] -SW
Added upgrade.log to be generated during upgrades [TPS#8676] -SW
Fixed an issue where Auto-Created Snapshots would delete the newest snapshot when full [TPS#13572] – SAW
Fix an issue where predefined alert queries would occasionally show as custom queries [TPS#13570] – SAW
Fixed issue with STARTTLS mail option not setting the proper option -JO
Fixed issue with bettermap not loading properly -SW
Fixed fullinstall script to have an option to set NTP server using -t | –ntp-server arg [TPS#9444] -SW
Fixed issue with base64 decoding of email templates on certain systems with PHP 7+ -JO
Explicitly set umask to 0022 in fullinstall and upgrade scripts [TPS#9466] -SW

2.0.5 - 08/30/2018

Fixed issues with languages in Dashboard section not properly translating [TPS#13420] -JO
Fixed check update section not translating properly [TPS#13512] -JO
Fixed various XSS vulnerabilities [TPS#13388,13390] -JO

2.0.4 - 06/26/2018

Fixed issue with system profiles not being able to be created -JO
Fixed unstick jobs max deviation setting to not have a max since some jobs happen over 12 hours apart -JO

2.0.3 - 06/12/2018

Fixed issue where deactivated pinned queries cannot be re-activated or accessed in any way [TPS#13059] -SW
Fixed various CSRF and XSS vulnerabilities [TPS#13049, TPS#13050] -SW
Fixed RCE vulnerability [TPS#13052] -TM
Fixed XSS vulnerability [TPS#13195] -JO
Fixed missing Dashboard labels in Panel tab of Table settings (missing a new CSS class) [TPS#13287] -JO
Fixed host search when clicking a host in the Unique Hosts report not using quotes in query [TPS#12969] -JO
Fixed export to CSV not automatically uppercasing AND and OR in query string [TPS#13245] -JO
Fixed default Windows input charset for encoding to UTF-8 (handled by nxlog in new version we link to) [TPS#13037] -JO

2.0.2 - 12/19/2017

Fixed issue in dashboards where panels couldn’t always be created due to javascript errors [TPS#12859] -JO
Fixed issues with some icons in the dashboards not showing up properly -JO

2.0.1 - 12/14/2017

Fixed system status to use hostname instead of IP address -JO
Fixed issue with add repository popup closing but not submitting when hitting enter [TPS#12726] -CN
Fixed issue with table pagination data not updating when submitting the form [TPS#12732] -CN
Fixed login issues with special characters on new installs [TPS#12810] -JO
Fixed editing alerts causing alert to become a custom alert -JO
Fixed alert urls in emails for alerts without dashboard queries [TPS#12798] -JO
Fixed writing LS configuration while ES is starting (will wait 5 minutes) -JO
Fixed python pip issues on CentOS 6 -JO
Fixed issue where setup-linux script did not create rsyslog config files properly [TPS#12711] -CN

2.0.0 - 11/14/2017

Added report for unique hosts -JO
Added alert history tracking and page -JO
Added activation for licenses -JO
Added ability to give users specific permissions (such as viewing/editing alerts and configuration) -JO
Added reset command subsystem commands in the upgrade script -JO
Added ability to add q= or a= to the logserver.js dashboard for clicking through alerts and queries [TPS#10622] -JO
Added more LDAP user account types for importing from different LDAP setups -JO
Added automatic activation for licenses with client ID (or token value) from the GUI -JO
Added maintenance check and maintenance information including renewal link in “License Information” page -JO
Added internal proxy settings for maintenance, activation, and upgrade checks [TPS#5095] -JO
Added loading into the dashboards until one of the panels starts loading to indicate an action is happening -JO
Added initial close time of 30 days to backup and maintenance section on clean installs [TPS#10748] -JO
Added option for text only emails instead of HTML [TPS#12230] -JO
Added functionality to the job subsystem that checks for stuck jobs and will reset them [TPS#7176] -JO
Added last modified time to the snapshots and maintenance section of Admin area [TPS#10802] -JO
Added a run button to the actions available for command subsystem jobs to manually run a command now easily -JO
Added the ability to export the table data as a CSV with matching table headers to columns in CSV [TPS#4176] -JO
Added Czech as a selectable language (localized translation pending) -SW, JO
Updated encrypted files to support PHP 7 and 7.1 -JO
Updated style to the Nagios standard Modern theme -JO
Updated Elasticsearch to version 1.7.6 -JO
Updated Logstash to version 2.4.1 (with all plugins included) -JO
Updated to elasticsearch-knapsack 1.7.3.0 -JO
Updated CodeIgniter to 3.1.x -JO
Updated wording for User permissions in the create user page [TPS#10187] -JO
Updated license pages and trial expiration pages to a better format and to say the correct values based on the situation -JO
Updated install to check for nagios users’s home directory [TPS#10438] -JO
Updated alerts page when using a custom query to not send to the wrong dashboard, instead it sends to a raw query result page [TPS#9256] -JO
Updated Backup & Maintenance admin page to show amount of snapshots -JO
Updated Backup & Maintenance admin page repository creation to use a modal and repository table to show repo size -JO
Updated “Backup & Maintenance” page to be called “Snapshots & Maintenance” to better distinguish the different types of backups -JO
Updated alerts to no longer have Nagios Reactor outputs (people with Reactor outputs will still see their outputs) -JO
Updated index and cluster index lists to not allow closing the current day’s index, only deletion [TPS#9105] -JO
Fixed issue when importing AD/LDAP users who were unchecked would still verify against username/email [TPS#10233] -JO
Fixed issue with usernames with “-” character in them not working [TPS#10229] -JO
Fixed issue where install would exit if ntpdate could not get time [TPS#10301] -JO
Fixed rsyslog script to use Disk-Assisted Queues if connections cannot be made to Log Server -SW
Fixed ip address resolution in install/upgrade scripts [TPS#10761] -JO
Fixed dashboard style selection drop-down showing up even though there are not multiple supported themes yet -JO
Fixed using GET requests against backend API to do searches with JSON body [TPS#10559] -JO
Fixed ability to make redirect variable work with any url on login page -JO
Fixed user permissions on alert notification management pages -JO
Fixed various CSRF and XSS vulnerabilities -JO
Fixed alert not sending formatted %time% output in alerting methods [TPS#11842] -JO
Fixed issue with AD/LDAP importing folders with commas in the name [TPS#11393] -JO
Fixed session user_id not being verified as existing in DB (deleted user stays logged in) [TPS#11342] -JO
Fixed some of the high memory usage issues on the admin page (may still need to update PHP max memory on larger systems) -JO

1.4.4 - 11/15/2016

Fixed curator script not accepting argument at the end of the command [TPS#10109] -JO
Fixed install page not installing with no error if key has a space at the end [TPS#10068] -JO
Fixed script alert handler to properly escape the return output and timestamp value so they don’t cut off values -JO

1.4.3 - 11/03/2016

Updated Portuguese translation file -JO
Updated Japanese translation file -JO
Updated profile component to add a few more informative checks for support [TPS#9900] -JO
Fixed issue with forgot password and reset not working -JO
Fixed admin editing users requiring confirm password field filled out [TPS#8615] -JO
Fixed issue where instance status showing instances as offline ES/LS when cluster had > 9 nodes [TPS#9207] -JO
Fixed alert create/edit popup not validating check interval and look-back period [TPS#8890] -JO
Fixed Japanese language encoding issues on email subject line [TPS#8599] -JO
Fixed issue in Kibana where histogram wouldn’t resize correctly on editing [TPS#8906] -JO
Fixed issue where modal popups would cut off on smaller screens [TPS#8687] -JO
Fixed issue with nodes not showing up in config sidebar when there are > 9 nodes -JO
Fixed create alert button showing for regular users [TPS#9726] -JO
Fixed issue where curator snapshots (–ignore_unavailable) trying to run on closed indexs or indexes with missing shards [TPS#9504] -JO
Fixed issue where uploaded dashboard would overwrite current dashboard if saved (must save as before saving) [TPS#9196] -JO
Fixed issue with not restarting rsyslog when changing timezone setting [TPS#9283] -JO
Fixed issue with alerting sections only seeing a set number of results on a page [TPS#9641] -JO
Fixed issue where cmdsubsys commands would sometimes be stuck in “running” states when restoring NLS backups [TPS#8318] -JO
Fixed backup script not dying when hitting timeout [TPS#9330] -JO
Fixed timezone being set properly on initial full install -JO

1.4.2 - 07/22/2016

Fixed German and French language options causing javascript errors in Dashboards tab [TPS#8943] -JO
Fixed issue where using non-default port to connect would cause Dashboards to not load properly [TPS#8861] -JO
Fixed audit log ‘created_by’ field being populated with user ID instead of username [TSP#8609] -JO
Fixed AD/LDAP import to allow parenthesis [TPS#8920] -SS, JO
Fixed XSS vulnerability in logs that are viewed through the table in Dashboards section [TPS#8694] -JO
Fixed various security vulnerabilities -JO
Fixed issue with bettermap no longer working [TPS#8694] -JO

1.4.1 - 05/05/2016

Fixed numerous URLs to use https is Log Server is accessed using SSL -SW
Fixed double slash in Alert URL when using Interface URL -SW
Fixed missing sudo at beginning of commands in source setup examples -SW
Fixed inconsistent verbiage in several source setup files -SW
Fixed potential problem where proxy server environment variables could cause elasticsearch on localhost to not be reached -SW
Fixed missing audit logs for failed login attempts using AD/LDAP -SW
Fixed emails going to exchange with crlf of \n instead of \r\n -JO
Fixed Alert Method on Alerts Screen not showing username if there were more than 20 users defined [TPS#8037] -JO
Fixed cmdsubsys jobs using end time instead of start time when calculation next job run time [TPS#7642] -JO
Fixed missing text value for password field error [TPS#7803] -JO
Fixed having to manually apply config after a restore to restore old configuration [TPS#7766] -JO
Fixed misc PHP notice errors -JO
Fixed password length (5+ chars required) and password change error text [TPS#8305] -JO
Fixed issue where backup snapshots would not be deleted from repository [TPS#8170] -JO

1.4.0 - 12/21/2015

Removed the index.php from URL (although old urls including index.php will still work) -JO
Updated sourceguardian loaders supporting up to php 5.6 -SW
Updated elasticsearch curator to 3.4.0 -JO
Added Log Source Setup instructions for syslog-ng -SW
Added restore single or multiple indices from snapshots -JO
Added email templates for alerts -JO
Added special macros for email alert templates -JO
Added fullscreen capabilities to the dashboard by clicking “Fullscreen” next to dashboard title -JO
Added email options to set name of sender and name/email for reply-to field -JO
Added interface URL in global settings for URL link in alerts -JO
Fixed nxlog sample config to properly send nxlog.log -SW, JO
Fixed alert run end time slight offset on slow systems -JO, SW
Fixed apply configuration to display an error if configuration could not be successfully verified and was not applied -SW
Fixed manage queries not always refreshing by preventing caching get_queries api calls [TPS#7000] -SW
Fixed host count on dashboard to no longer count localhost as multiple hosts -JO
Fixed php date not being set on install for centos 7 nodes -JO

1.3.0 - 10/08/2015

Added ability to re-order table view -SW
Added “Inspect” icon when using quick search -SW
Change Audit Log to report Alert Name instead of ID -SW
Fixed some missing translations -SW
Fixed problem where index didn’t exist before adding it to a query -SW
Fixed bug where maintenance jobs were not run sequentially possible causing indexes to be deleted or closed before being backup -SW
Fixed bug where IE was not redirecting window.location properly -SW
Fixed bug where backup and maintenance process would not always complete all steps by re-ordering steps -SW
Fixed bug causing incorrect index to be selected for alerts, specifically a problem when server timezone is offset from UTC -SW
Fixed issue where logrotate had windows line endings and giving errors -JO

2015R2.2 - 08/19/2015

Remove disabling of bloom filters from maintenance settings as they are no longer used in elasticsearch > 1.4 -SW
Fixed bug causing URL’s in alert emails to have incorrect dates -SW
Fixed the stats panel description to display properly -SW
Fixed TopN help, which wasn’t displaying properly -SW
Fixed bug causing logstash config to target wrong cluster when adding instances until manual apply config happened -SW
Fixed per instance configuration verification, was defaulting to only verify global configurations -SW
Fixed per instance views of configuration files, was defaulting to only show global configurations -SW
Fixed additional bug in curator and elasticsearch 1.6.0 causing log backups to not be created -SW
Fixed bug causing space being added after each colon when trying to export a query -SW
Fixed many language strings remaining English even when different language was selected -SW
Fixed “typed” Reports showing blank -SW

2015R2.1 - 07/21/2015

Updated alert listing to display 100k alerts -JO
Updated link in alert emails to display the EXACT period the alert was for instead of a time relative to now -SW
Added the ability to add columns and sort order from within table view -SW
Added filter icon on fields list to help show that clicking the field name has an action -SW
Fixed bug while importing LDAP/AD users that would not assign them the admin level -JO
Fixed bug that would not allow deleting an added LDAP/AD server -JO
Fixed bug causing Linux Setup commands to not show -SW
Fixed Admin Reports page showing blank -SW
Fixed bug in curator and elasticsearch 1.6.0 causing log backups to not be created -SW

2015R2.0b - 07/16/2015

Fix bug causing AD user import to not populate the AD username field -JO
Fix bug causing AD import to not populate the name field -JO

2015R2.0 - 07/15/2015

Upgraded to Elasticsearch 1.6.0 -SW
Upgraded to Logstash 1.5.1 -SW
Upgraded to elasticsearch-knapsack-1.5.2.0 -SW
Upgraded NXLog CE version to nxlog-ce-2.9.1347 -SW
Added translations for multiple different languages -JO
Added LDAP/AD integration and user importing like other Nagios products -JO
Added advanced editing for alerts – allowing users to edit queries directly via the ES json object that gets passed -JO
Added ability to setup-linux.sh script to add multiple files at once. e.g. -f “/path/to/file /path/to/another/file/*.log” -SW
Added configuration snapshot tarballs to the system backup and restore -SW
Added check-boxes to cluster status to allow open/close/delete functions on multiple indices (can also shift-select) -JO
Added system profile button to ‘System Status’ page in admin panel to create a tar like in XI with system information for support -JO
Update queries icon in dashboard to magnifying glass from ? to avoid confusion with a “help” icon -SW
Updated default timestamp for nav-bar search to use localtime -SW
Fixed backup rotation to properly remove old backup files -SW
Fixed bug causing system backups to get stuck due to knapsack states. -SW
Fixed bug causing WARNING alerts to show as OK -SW
Fixed bug in curator that would cause it to fail in certain circumstances -JO

2015R1.4 - 04/09/2015

Update licensing page for easy transition to Free version once trial expires -SW
Fixed bug so edits to users no longer requires entering a new password -SW
Fixed bug where URL was incorrect on alerts if cluster_hostname was defined -SW
Fixed bug in dashboard loading queries from the alert email link or show dashboard link -JO
Fixed bug when adding an instance to give proper permissions to new instance’s first written config files -JO
Fixed bug causing save button to not populate correctly when importing a dashboard -SW
Fixed bug causing alert threshold ranges to not work correctly and always return OK -SW
Fixed bug in configuration where removing the first input/filter/output would make them not apply to the file -JO

2015R1.3 - 02/12/2014

Added support for SSL/TLS/STARTTLS security encryption in SMTP Mail Settings -LG
Added curator.sh script to fix curator path issues on some systems -SW
Added net-tools install to make sure netstat is installed so Logstash verifications work properly -JO
Added ability to test Email Settings -SW
Added Subsystem Commands section in Admin panel for managing subsystem jobs -JO
Change to use transport protocol from logstash to elasticsearch as http has known bugs leaking file descriptors -SW
Change querying to make queries with and / or to work with lowercase and and or the same way uppercase joins work -SW
Fixed issue where opening config section wouldn’t be set to the full text size -JO
Fixed result sizes to be much larger for most internal elasticsearch queries -JO
Fixed every-other redirect to snapshots page on “Save & Apply” button click -JO
Fixed issue where global commands weren’t given the proper ID and instead have a randomly generated ID -JO
Fixed no default values for close/delete index time settings in backup and maintenance -JO
Fixed bug causing you to not be able to enter 0 on backup and Maintenance page -SW
Fixed bug causing alert threshold set to 0 to not function properly -SW
Fixed bug in broad search where events Over Time legend would not update after changing query -SW

2015R1.2b - 12/15/2014

Fixed firewall issue on RHEL/CentOS 7 install -JO
Fixed opening config options modal in dashboard scrolling the page to the top -JO

2015R1.2 - 12/11/2014

Added support for RHEL/CentOS 7 installs -JO
Added ability to change timezone from inside the web GUI -JO
Fixed delete icons on backup page to not be the same as the refresh symbol -JO
Fixed the “FREE” license key to be able to be set correctly -JO
Fixed hostname/servicename for NRDP alerts not showing up when editing the alert -JO
Fixed user management page to only display the first 10 users -JO
Fixed issue where right-clicking Dashboard link wouldn’t open drop-down menu -JO
Fixed bug where Dashboard panels do not conform to set sizes if labels are overly large -JO

2015R1.1 - 11/18/2014

Added auto-focus on username field on login page -JO
Removed style selection in dashboard editor since it’s no longer available (dark theme doesn’t work, possibly more themes later) -JO
Fixed bug with restoring snapshot if index was deleted -SW
Fixed RHEL license check on install -JO
Fixed sending alerts only on warning/critical (the check-box wasn’t working properly) -JO
Fixed saving configurations of instance nodes not changing global config -JO
Fixed saving configurations output filter being set to active/inactive properly -JO
Fixed alerts created in Dashboard not showing “Created By” field -JO
Fixed output message for weird config verification issues -JO
Fixed CentOS 5 installation -JO

2015R1.0 - 10/14/2014

Initial Release

2024R1.0.3 - 05/15/2024

Fixed a privilege escalation in remove_source.sh (Thanks Sarang Tumne for reporting this issue) – SAW

2024R1.0.2 - 02/27/2024

Fixed an issue where hostnames would fail to show in Source->Queries if hostname resolution was enabled [GL:NA#61] – SAW
Editing, canceling, and clicking the “New Check” button will no longer cause you to edit the previously selected check [GL:NA#45] – SAW
Fixed the time offset of the Abnormal Behavior visualization so that all visible cells have valid data [GL:NA#13] – SAW
Removed support for Ubuntu 16, Ubuntu 18, and Debian 9 due to end of life – SAW

2024R1.0.1 - 01/09/2024

Updated traceroute agent to use NCPA 3.0.0 – SAW
Improved speed of host reverse lookup – DA
Fixed an issue in Route page where dragging the background would cause the route view to be offset [GL:NA#56] – SAW
Fixed an issue where deleting a view which was associated to some sources (but not all) from a source‘s View Management page would fail to delete the view [GL:NA#19] – SAW
Fixed an issue where bandwidth graphs would fail to update after server reboot [GL:NA#17] – SAW

2024R1 - 11/28/2023

Added network path monitoring [GL:NA#39] -SAW
Enable power tools on installation for cent8 and cent9 and add check to see if rrdtool is preinstall during installation. [GL:NA#1] -SG
Add dynamic search bar feature to header [GL:NA#5] – SG
Add support for Ubuntu 22 and Debian 11 [GL:NA#7, NA#8] – SG
Add API endpoint for Fusion NNA integration [GL:FSN#64] – AC
Add support for Centos 9 [GL:NA#6] -SNS
Fixed several issues with the View/Edit Check form – SAW
Fixed a variety of issues with the Nagios Setup page [GL:NA#22,#23] – DA
Fixed an XSS vulnerability in percentile calculator menu, thanks to Tisha Manandhar for finding it [GL:NA#40] – SG
Fixed an issue with init scripts and the nagiosna service not starting after reboot [GL:NA#3] – DA
Updated the login page to match our other products [GL:NA#34] – SG
Fixed an issue where adding a new check fails – [GL: NA#21] – SNS
Fixed an issue where abnormal behavior data pop up was being cut off on the left most timeframe [GL:NA#18] – SG
Fixed an issue where deleting views failed with associatoins [GL:NA#20] – SNS
Added support for FreeIPA/nsContainer to LDAP/AD integration -SS
Improved user experience when changing password [GL:NA#27] – SG
Improved user experience when creating backups [GL:NA#24] – SG

2.4.3 - 03/16/2021

Updated nfdump to patched version that fixes total bytes amount given [TPS#15440] -JO
Fixed issue with reap_files.py script removing the last digit from the summary data -JO
Fixed Chord diagrams cutting off the IP addresses (can also hover over IP and wait for popup) [TPS#15438] -JO
Fixed SQL injection vulnerability on col option for sources read (CVE-2021-28925) (thanks Lucas Carmo from STOLabs) -JO
Fixed XSS vulnerability on Source > Query page (CVE-2021-28924) (thanks Lucas Carmo from STOLabs) -JO

2.4.2 - 12/22/2020

Updated install to work with CentOS/RHEL 8/Stream, Ubuntu 20.04 LTS, and Debian 9/10 -JO
Updated report PDF generation to make reports easier to read -JO
Updated backend to work with Python 3.x -JO
Updated RRDtool to version 1.7.2 -JO
Updated nfdump to version 1.6.22 -JO
Updated jQuery to version 3.5.1 to fix security vulnerabilities -JO
Updated Highcharts to version 7.2.2 -JO
Fixed issue with rrdtool import cache being written to system tmp instead of nagiosna tmp [TPS#14830] -JO
Fixed Expiration Date displayed for LDAP/AD certificates in the LDAP/AD management page [TPS#15407] -JO
Fixed mod_ssl not installed by default on CentOS/RHEL systems [TPS#15130] -JO
Fixed change_timezone.sh script to accommodate newer systems when setting php timezone value [TPS#15268] -JO

2.4.1 - 11/21/2019

Updated SourceGuardian loaders to now support PHP versions up to 7.3 -JO
Updated jQuery to a patched version 1.12.4 to fix CVE-2019-11358 -JO
Fixed typo in Bandwidth graph on Summary page showing Bytes/Sec instead of Bits/Sec -JO
Fixed wording for encryption STARTTLS in LDAP/AD Integration -JO
Fixed issue with LDAP naming context on certain types of LDAP servers -JO
Fixed abnormal behavior check showing in alert creation modal when it can not be selected -SAW
Fixed issue with LDAP/AD certificate management when binary data is in the certificate [TPS#14690] -JO

2.4.0 - 02/14/2019

Added ability to create active checks for abnormal behavior [TPS#1019] -SAW
Added ability to manage certificates for AD/LDAP from web interface [TPS#5987] -SAW
Fixed display port on sources page [TPS#8136] -SW
Fixed issue with different OS installations -SW
Fixed issue with newer Debian 9 os-release not passing as a valid OS for install -JO

2.3.1 - 01/03/2018

Fixed entering key when trial expires -JO
Fixed language files with improper languages in them -JO

2.3.0 - 08/29/2017

Added a few different LDAP account types to import from [TPS#12080] -JO
Added 2h, 4h, 6h, 12h options and default to 2h (Thanks Steve B.) -JO
Added updating the firewall to remove port when source is removed on default system firewall configurations [TPS#10268] -JO
Added state information into email alerting -JO
Updated encrypted files to support PHP 7.0 and 7.1 -JO
Updated RRDTool to version 1.7.0 -JO
Updated nfdump to version 1.6.15 -JO
Updated check output to not have backticks in it for easier use in scripts [TPS#12196] -JO
Updated Report and Query backend to be ~10% faster and not use exceptions -JO
Fixed a bug where swap and memory statistics were displaying wrong values on CentOS 7 [TPS#9965] -LG
Fixed removing a source from a source group when none are selected [TPS#11502] -JO
Fixed importing from AD/LDAP using slashes -JO
Fixed custom reports not updating graphs due to CSRF token failure [TPS#11982] -JO
Fixed wording of netflow data to show proper “Bits/Sec” field and updated interface to show Gi and Mi [TPS#10814] -JO
Fixed hostname needing to be unique when adding host/service alert for Nagios via NRDP [TPS#12388] -JO

2.2.3 - 08/15/2016

Fixed form authorization error on admin LDAP/AD add/edit server pages -JO

2.2.1 - 06/03/2016

Fixed multiple security vulnerabilities -JO,LG
Fixed epel-release install problem -JO

2.2.0 - 01/04/2016

Updated sourceguardian loaders supporting up to php 5.6 -SW
Added –enable-nsel to nfdump to provide support for Cisco ASAs -JO
Added nfdump upgrade/recompile on upgrade -JO
Added character-based language support in PDFs -JO
Added backup and restore scripts and a Backup section in Admin for backup management [TPS#5116] -LG
Fixed PDF generation on servers forcing https -SW
Fixed source names to allow dashes in names -JO
Fixed the deleting of AD/LDAP servers -SW
Fixed raw data warning on timeframe > raw data lifetime -JO
Fixed bug causing edited sources to revert to Netflow even if they were sFlow sources [TPS#7117] -SW
Fixed multiple bugs when exporting graphs by updating highcharts to v4.1.9 [TPS#5440] -LG

2R1.0 - 03/04/2015

Added AD/LDAP user authentication -JO
Added AD/LDAP import user functionality -JO
Added ability to download reports/queries/percentile pages as PDFs -JO
Added global value to try and resolve hostnames for IP addresses on summary, reports, and queries pages and graphs (if it can resolve via DNS) -JO
Added hostname caching for the resolve DNS ability so that reports/queries don’t take as long to generate with resolve DNS turned on -JO
Added ability to change timezones from the web UI -JO
Added warning text on queries/reports when the begin date is longer than the raw data lifetime -JO
Added script to reset nagiosadmin password from the command line -JO
Added user-based dashlet options to dashboard page -JO
Added new graph popups on report/query pages -JO
Added the ability to execute a local script (and pass arguments) on an alert -JO
Added a new “percentile calculator” that allows you to calculate 95th (or more) percentiles on sources, views, and sourcegroups -JO
Added popup on source groups page when there are more than 5 sources listed to reduce clutter and created the ‘show more’ link -JO
Added support for CentOS/RHEL 7 -JO
Added tooltip when hovering over % bytes in summary top talkers section that shows data amount sent -JO
Added daily log rotation for backend.log and 7 days to be kept -JO
Added setting to sources to disable abnormal behavior checking -JO
Added advanced setting to sources to specify location of raw flow data upon source creation -JO
Added a ‘Check for Updates’ section in admin panel -JO
Added ability for updates to be applied from the web UI in the ‘Check for Updates’ section -JO
Updated styles in admin panel -JO
Updated printing CSS styles to make pages right-click printable -JO
Updated the styles on the dashboard and summary pages to have less open space -JO
Updated Highcharts to v4.1.1 for better graph performance -JO
Updated RRDTool to 1.4.9 -JO
Updated parts of the report/query pie graph and chord diagrams -JO
Updated summary page top talkers section to tell user when they are looking beyond the raw flow data -JO
Removed the ip address requirement for sources since they aren’t necessary (multiple ips have always been able to send to one source’s port) -JO
Checks tab on the “Alerting” page now shows the type of check and where it is sending (if anywhere) -JO
Fixed bug with views not automatically expiring raw data at the set raw data lifetime value -JO
Fixed bug on summary page where top talkers would srcip instead of each individual target if upgraded to a specific version -JO
Fixed license check for some RHEL versions -JO
Fixed bug where apikey would get reset when editing user accounts -SW
Fixed bug where nfcapd processes wouldn’t start on server restart -BD
Fixed bug that caused some characters (like ? and ‘) to give invalid report/query name errors -JO
Fixed bug where source listings throughout network analyzer did not list sources alphabetically by name -JO
Fixed bug where alerts aren’t sorted alphabetically -JO
Fixed bug in reports where highlighting on saved reports always defaults to the select box instead of the toporder in the report -JO
Fixed bug where deselecting all associated alerting methods would not actually unassociate any of them -JO
Fixed bug when creating a chord diagram with 4000+ unique ip addresses that caused the python generation script to error -JO

2014R1.9 - 06/17/2014

Updated CI to 2.2.0 for security fixes -JO
Fixed bug with database migration not working correctly when upgrading from 1.7 -JO

2014R1.8 - 06/03/2014

Fixed bug causing NNA not to continue if it can’t connect to XI (aka NRDP checks can now be sent to core) -JO
Fixed issue where old NNA servers wouldn’t migrate to the new “All Sources” -JO

2014R1.7 - 04/15/2014

Fixed bug that wouldn’t allow deleting sourcegroups from the summary page -JO
Added a new source group called “All Sources” that all sources will be added into -JO
Added api calls for product information (version, release number, etc) -JO
Added a new button on Queries/Reports page that shows how to run them using the API via HTTP request -JO

2014R1.6 - 03/14/2014

Fixed print preview/print view -JO
Fixed email validation to allow internal email addresses too (such as user@hostname) -JO
Fixed a bug where queries were not using custom date time properly -JO
Added some needed changes to the API for more Nagios product integration -JO
Added the ability to change the max amount of relations shown on the chord diagrams in global settings -JO
Fixed additional bug causing problems starting sources on 32bit versions of Network Analyzer -SW

2014R1.5 - 02/28/2014

Updated Sourceguardian files to support PHP 5.4.23+ -SW
Fixed bug causing problems starting sources on 32bit versions of Network Analyzer -NS
Updated API for new Nagios XI components and wizards -JO

2014R1.4 - 02/06/2014

Improved API support allowing token to be passed to the API -JO
Fixed report dropdown to properly have destination_port instead of 2 Destination IP listings -JO
Updated to language file for better internationalization support -SW,JO
Bug fixes to the API for better integration with Nagios XI Config Wizard -JO

2014R1.3 - 12/12/2013

Removed self testing IPs from the source code. -NS
Fixed issues with languages not being selectable when language files for that language are created -JO
Fixed issue where languages would only persist through the current session -JO
Added languages (all the ones in XI) including Japanese -JO
Added a global settings admin menu item -JO
Added a default language setting in global settings, this language is what all users will default to if set to default -JO
Made some fixes to the login and help pages that caused them to not translate -JO
Fixed logout translation of error message bug -JO

2014R1.2 - 11/05/2013

Fixed some bugs when sending passive checks to Nagios XI -JO
Fixed bug with integration in NagiosXI using NagiosNA component creating host/services -JO

2014R1.1 - 10/24/2013

Added a pinned sources dashboard to main dashboard -JO
Fixed Source/Sourcegroup/View deletion error with checks associated -JO
Checks are now set to PENDING when created and haven’t yet been ran -JO
Fixed bug where name field would be disabled when creating a new check immediately after editing a check -JO
Bandwidth graphs now have updated colors and only Bytes are selected by default (can add others by clicking on legend) -JO
Updated the netflow check to fail gracefully if there is no netflow data being sent for that source -NS
Changed interpretation of 0, ”, and null in checks to make better comparisons -NS
Sources are sorted alphabetically in the sources tab -JO
Removed python modules from install script -NS
Resolved issues with easy_install on CentOS5 -NS
Resolved an issue with older sudo version -NS
Changed ‘configure’ to ‘administration’ -JO
Adjusted 30m summary graph title and colors -JO
Renamed ‘aberrant’ to ‘abnormal’ behavior -JO
Updated the way alerting and abnormal behavior is displayed in the main dashboard -JO
Moved the system dashboard to administration -JO
Reduced the base font size -JO
Added a “view problem” link to abnormal behavior -JO

2014R1.0 - 09/26/2013

initial release

2024R1.2 - 10/01/2024

Added two factor email authentication support [GL:FSN#89] – AC

2024R1.1.1 - 09/10/2024

Fixed issue where Recent and Top Alerts tables would sometimes be malformed [GL:FSN!104] – AC
Fixed issue where installation would sometimes not finish due to an invalid timestamp conversion [GL:FSN#82] – AC
Fixed issue where upgrade script would run previous database version migrations [GL:FSN#87] – AC
Fixed issue where testing fused server would not honor proxies [GL:FSN#21] – AC
Updated username character restrictions to standardize with Nagios XI [GL:FSN#85] – AC
Deprecated Debian 10 [GL:FSN!109] – AC

2024R1.1 - 07/10/2024

Added Ubuntu 24 support [GL:FSN#72] – AC
Added search capability when adding users from AD/LDAP [GL:FSN#8] – AC
Added configurable page refresh setting for the server status pages [GL:FSN#42] – AC
Added ability for users to customize the email sent to new users [GL:FSN#11] – AC
Fixed issue where LDAP would not show users properly – AC
Fixed issue where an error was sometimes thrown when sending emails on Debian 10/11 [GL:FSN#16] – AC
Deprecated EL7 – AC
Deprecated CentOS 8 Stream – AC

2024R1.0.3 - 05/21/2024

Added fusing option to toggle hostname validation for SSL-enabled servers [GL:FSN#5] – AC
Added a warning banner to alert users that FIPS is not supported and may negatively impact their experience [GL:FSN#43] – AC
Fixed an issue where the system status background job was reporting invalid hardware metrics [GL:FSN#2] – AC
Fixed an issue where the polling background job was causing the system hard drive to run out of space [GL:FSN#24] – AC
Fixed an issue where dashlets would display a login page if the session expires [GL:FSN#27] – AC
Fixed an issue where the core host/servicegroups would not appear in dashlet configurations [GL:FSN#79] – AC
Fixed an issue where enabling debug mode would cause database errors [GL:FSN#81] – AC
Deprecated Ubuntu 18 [GL:FSN#73] – AC

2024R1.0.2 - 02/29/2024

Fixed an issue where MariaDB would cause installs to fail on CentOS 9 [GL:FSN#77] – AC
Fixed an issue where Nagios Fusion was not able to poll host and service status data from Nagios Core – AC

2024R1.0.1 - 01/10/2024

Fixed issues with Open Service Problems and Open Host Problems dashlets being cutoff [GL:FSN#14] – AC
Fixed use of deprecated PHP functions in AD/LDAP integration [GL:FSN#63] – SAW
Fixed the Available Dashlets dashboard breaking if dashlets are added too quickly [GL:FSN#67] – AC
Fixed the ability to use numeric values as the server name [GL:FSN#69] – AC
Fixed the styling for LDAP/AD for the modern dark theme [GL:FSN#74] – AC
Fixed rendering multiple NNA bandwith dashlets on the dashboard [GL:FSN#70] – AC

2024R1 - 11/29/2023

Added dark theme and theme switching [GL:FSN#37], [GL:FSN#51] – AC
Added Nagios Network Analyzer integration and dashlets [GL:FSN#64] – AC
Updated the navbar to align with the XI design standards for a more modern look and improved user experience [GL:FSN#54] -SG
Updated the login page to align with the XI design standards for a more modern look and improved user experience [GL:FSN#57] – AC

4.2.0 - 10/18/2023

Added support for CentOS/RHEL 9, Ubuntu 22, and Debian 11 [GL:FSN#29], [GL:FSN#30], [GL:FSN#31] – AC
Added support for PHP 8 – AC
Added a home screen notification that shows the number of failed login attempts [GL:FSN#3] – AC
Updated jQuery to 3.6.0 [GL:FSN#41] – AC
Fixed an issue where users were unable to Auto-Login to XI [GL:FSN#20] – AC
Fixed an issue where a whitescreen would occur if license activation failed – AC
Fixed an issue where Authentication Type gets stuck as Session Authentication and has to be manually reset [GL:FSN#1] – AC
Fixed an issue where the log files were not being rotated properly [GL:FSN#35] – AC
Fixed an issue where the Home page would be blank when set as a dashboard – AC
Fixed an issue where the last successful and failed login times would not update [GL:FSN#3] – AC
Fixed an issue where the Service Status dashlet would perpetually load – AC
Fixed an issue where no ip was returned when upgrading on CentOS 8 [GL:FSN#19] – AC
Fixed an issue where users were being redirected after applying component settings [GL:FSN#62] – AC
Fixed an issue where the menu bar system status server links would redirect to an empty edit page [GL:FSN#28] – AC
Fixed an issue where dashlets would vanish if background was set as transparent [GL:FSN#47] – AC
Fixed an issue where TLS was automatically enabled when sending email alerts [GL:FSN#15] – AC
Fixed an issue where timezones were not always being set properly [GL:FSN#38] – AC
Fixed an issue where users were not being sorted alphabetically when selecting user mappings [GL:FSN#12] – AC
Fixed an issue where languages were not being set properly [GL:FSN#44] – AC
Fixed XSS in Admin->LDAP/AD Integration (Thanks Tisha Manandhar for reporting this) [GL:FSN#58] – AC
Fixed XSS in Admin->License Information (Thanks Tisha Manandhar for reporting this) [GL:FSN#59] – AC
Fixed XSS in Admin->Email Settings (Thanks Tisha Manandhar for reporting this) [GL:FSN#60,61] – AC
Removed the Nagios World Conference link from the login page [GL:FSN#49] – AC
Deprecated support for Debian 9 and Ubuntu 16 due to end of life – AC

4.1.9 - 02/09/2021

Updated the supported OS systems for RHEL/CentOS 8, CentOS Stream, Ubuntu 20.04 LTS, and Debian 10 -JO
Fixed issue where TLS/SSL wasn’t showing in LDAP/AD Integration page for servers with encryption selected [TPS#14734] -JO
Fixed issue where Service Status dashlet would not show data unless users had access to host data [TPS#15420] -SAW
The following vulnerabilities were mitigated: (Thanks to Shahar Zini and Samir Ghanem from Skylight Cyber Security for reporting them)
Fixed XSS in several dashlets when attacker has control over fused server (CVE-2020-28903) – SAW
Fixed authenticated remote code execution (from the context of a low-privilege user) (CVE-2020-28905) – SAW
Fixed privilege escalation from apache to nagios via command injection in cmd_subsys.php (CVE-2020-28902) – SAW
Fixed privilege escalation from apache to nagios via command injection in cmd_subsys.php (CVE-2020-28901) – SAW
Fixed privilege escalation from nagios to root via upgrade_to_latest.sh (CVE-2020-28900) – SAW
Fixed privilege escalation from apache to root via upgrade_to_latest.sh and modification of proxy config (CVE-2020-28907) – SAW
Fixed privilege escalation from nagios to root via modification of fusion-sys.cfg (CVE-2020-28906) – SAW
Fixed privilege escalation from nagios to root via modification of scripts sudoers scripts (CVE-2020-28909) – SAW
Fixed privilege escalation from apache to nagios via command injection in cmd_subsys.php (CVE-2020-28908) – SAW
Fixed information disclosure – low-privilege user can discover passwords used to authenticate to fused servers (CVE-2020-28911) – SAW

4.1.8 - 12/03/2019

Added option to stop polling when users are not logged in to stop large systems polling unnecessarily causing slowdowns -JO
Added missing fullscreen button to most pages like in other products [TPS#12316] -SAW
Updated SourceGuardian loaders to now support PHP versions up to 7.3 -JO
Updated jQuery to a patched version 1.12.4 to fix CVE-2019-11358 -JO
Fixed wording for encryption STARTTLS in LDAP/AD Integration -JO
Fixed bug causing ?brevity=1 to be appended (and ignored) when building polling URLs -BH,SW
Fixed issue with LDAP/AD certificate management when binary data is in the certificate [TPS#14690] -JO
Fixed issue with mapped user list not displaying when setting the current users mapped users [TPS#14561] -JO

4.1.7 - 02/14/2019

Fixed bug preventing # in usernames and passwords of linked Nagios XI servers [TPS#13812] -SW
Fixed forgot password link always giving an error about AD/LDAP when entering even a local user [TPS#13902] -SW
Fixed issue with newer Debian 9 os-release not passing as a valid OS for install -JO
Fixed problems with backup/restore script errors for apache cron jobs [TPS#13885] -JO
Fixed admins not able to remove synced deploayed dashboards from themselves [TPS#14016] -JO

4.1.6 - 11/20/2018

Major performance increases with large number of mapped users -BH
Fixed new user created email to show actual username [TPS#13680] -JO
Fixed link color to be easier to read in dashlets [TPS#12596] -SW

4.1.5 - 08/07/2018

Change Custom URL dashlet to not be a core dashlet allowing it to be removed [TPS#13412] -SW
Fixed BPI dashlet showing broken data when only one BPI group exists on the XI server [TPS#13380] -JO
Fixed adding new users with AD/LDAP from the API [TPS#13467] -JO
Fixed allowing local auth login for AD/LDAP users when local auth login checkbox has not been checked [TPS#13469] -JO
Fixed performance graph dashlet not working with XI 5.5+ systems [TPS#13457] -JO
Fixed XSS in fusionwindow parameter [TPS#13368] -JO

4.1.4 - 06/14/2018

Update initial install mysql settings [TPS#13160] -JO
Fixed issue where manage views listing was always limited to 10 views [TPS#13156] -JO
Fixed various XSS vulnerabilities [TPS#13332-13335] -JO

4.1.3 - 03/15/2018

Fixed issue where AD/LDAP component displayed a blank screen when attempting to login with incorrect credentials [TPS #13023] -CN
Fixed some XSS vulnerabilities [TPS #13001] -CN,BH
Fixed issue where fusing an NLS server would show a blank Tactical Overview dashlet on the home page [TPS #13066] -CN
Fixed issue where the Host&Service Health dashlet would display incorrect data if a server returned an empty data set. [TPS #13081,13100] -CN,BH
Fixed indefinite log rotate (*.gz.1.gz.1.gz.1, etc.) [TPS#13061] -BH,LM

4.1.2 - 02/20/2018

Fixed some wording in updates section -JO
Fixed some miscellaneous upgrade issues in the 4.1.0 -> 4.1.1 path -BH
Added message to NLS dashlets to indicate when there is no dashlet data to display -CN
Added ability to scroll in the NLS Index Statistics dashlet -CN

4.1.1 - 02/16/2018

Added the ability to manage authentication types in the Add/Edit User pages -CN
Added the ability to add AD/LDAP users through the API -CN
Now show the authentication type of any given user on the Manage Users page – BH

4.1.0 - 02/15/2018

Added license activation and added activation from inside the license pages -JO
Added check for upgrades page/dashlet like other products -JO
Added upgrade from the GUI like other products -JO
Added proxy configuration page for updates, activation, and maintenance checks -JO
Added AD/LDAP authentication component [TPS #12510] – CN
Added several dashlets for integration with Nagios Log Server [TPS #12805] -CN
Added API & various endpoints [TPS #12856] -CN
Added way to monitor and clear polling locks from the admin menu [TPS #12675] -CN
Added fix for large mysql ibdata files -BH
Updated Views rotation timer to not use previous ‘internal clock’. [TPS#12589] -SAW
Updated fusion to not rely on a ‘nagiosadmin’ user [TPS#12606] -SAW
Updated custom home page to allow external sites [TPS#12553] -SAW
Fixed administrators being able to be excluded (can no longer be excluded from seeing server data) [TPS#12569] -SAW
Fixed nagiosadmin so it cannot be unset as admin. Admins also cannot unset themselves in general [TPS#12606] -SAW
Fixed polling lock expiry time not being checked properly -BH
Fixed NSP error on login and javascript errors in IE -JO

4.0.1 - 10/05/2017

Update debug log to output proper global_auth_interval -JO
Added sanity testing script -BH
Added sanity tests to upload component/dashlets to detect errors and prevent installation [TPS#12243] -BH
Fixed xss vulnerabilties in users/servers (+ some) [TPS#12246,12247] -BH
Fixed exclusions/server mappings working on newly created users [TPS#12395] -BH
Fixed trial extension [TPS#12254] -BH
Fixed locale being unable to reset to en_US after selecting another [TPS#12209] -BH
Changed ‘Force password change’ default on edit user [TPS#12396] -BH
Fixed home/screen overwrite issue with deployed dashboards [TPS#12212] -BH
Fixed upgrade issues with sourceguardian loader -BH
Add ability to use relative paths in sys generated URLs [TPS#12481] -BH

4.0.0 - 07/17/2017

Initial re-write release -BH
Completely rewrote Polling System, with configurable options in Admin/Settings (or per server) -BH
Rewrote Network Operations Center component -BH
Recreated existing dashlets -BH
Built similar component/dashlet systems as in XI -BH
Changed Manage Components / Manage Dashlets to be similar to XI -BH
Added Views functionality like in XI -BH
Added user mapping (to allow for true multitenancies. User can only see what the mapped user can see) -BH
Added poll callbacks (to hook functionality in to polling subsystem) -BH
Added averages/deltas to numeric polled data (as a callback) -BH
Added ability to track timezone per server, so that display times are accurate -BH,JO
Added clickthru links to NOC dashlets, Alert dashlets, and Tactical dashlets -BH
Added Custom Logo component -BH
Added Custom Login component -BH
Added Home Page Modification component -BH
Added Deploy Dashboards component (with a ‘Deployed/Synced Dashboards’ page as well) -BH
Added ‘Test Fusion Settings’ to Servers page -BH
Added better auto-login functionality -BH,JO
Added CSRF prevention when adding an XI server -JO
Added better logging system and Admin/Log page -BH
Added better Dashlet system (all dashlets have on-the-fly changeable settings, etc.) -BH
Added static landing page -BH
Fixed license system -JO