Skip to content

Icinga Web Version 2.11.5

Choose a tag to compare

View all tags
@nilmerg nilmerg released this 26 Mar 09:47
· 592 commits to main since this release
v2.11.5
This tag was signed with the committer’s verified signature.
nilmerg Johannes Meyer
GPG key ID: E2ADBB62F108B3DB
Verified
Learn about vigilant mode.
a5b152f

What's New in Version 2.11.5

Notice: This is a security release. It is recommended to upgrade immediately.

Vulnerabilities, Closed

Cross site scripting is one of the worst attacks on web based platforms. Especially, if carrying it out is as easy as the first two mentioned here. You might recognize the open redirect on the login. You are correct, we attempted to fix it already with v2.11.3 but underestimated PHP's quirks. The last is difficult to exploit, hence the lowest severity of all, but don't be fooled by that!

Big thanks to all finders / reporters! 👍

Bugs, Exterminated

Did you know, that we started Icinga Notifications with support for PostgreSQL first? Reason for that is, we wanted to make sure we are fully compatible with it right away. To ensure things like logging in with a PostgreSQL authentication/group backend is case-insensitive, like it was always the case for MySQL. Now it really is case-insensitive!

  • Login against Postgres DB is case-sensitive #5223
  • Role list has no functioning quick search #5300
Assets 2
Loading