xymon/Changes at main · xPTM1219/xymon · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Changes from 4.3.29 -> 4.3.30 (05 Sep 2019)
===========================================

* rev 8010

* Fix reports with dashes or underscores not visible in history logs (Thanks, Tom Schmidt)
* Really fix do_temperature.c report parsing for parentheses (Thanks, Tom Schmidt)
* Fix truncation on exec strings causing missing custom RRD titles (Thanks, Tom Schmidt)
* RPC buffer calculation on snprintf taking improper sizeof (Thanks, Tom Schmidt)
* Don't crash on a missing allevents file
* Fix assorted crashes with xymongen report generation after string changes
* Add guards around GCC diagnostics pragma to allow for building on older vers
* xymonclient-linux: Provide wide/untrimmed IP support in netstat port list
* Fix problems with meta-combostatuses (Thanks, Dominique Delporte)


Changes from 4.3.28 -> 4.3.29 (23 Jul 2019)
===========================================

* rev 8070

* Security Fixes: A number of potential buffer overflows have been resolved
  CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
  CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486
* Deal with Set-Cookie deprecation on normal pages (Thanks, Erik Schminke)
* Support glibc->tirpc migration on newer distributions
* Fix certain flags not being set on GCC 8/9
* Fix wrong doc for --merge-clientlocal option (Thanks, Thomas Eckert)
* Fix CSP errors on trends pages (Thanks, John Thurston)
* Accept minimum libcares version >= 1.5.1; update bundled to 1.15.0
* Fix RRD parsing for recent netstat (net-tools) on Linux
* Ensure Content-Type always set in HTML headers (Thanks, Christoph Berg)
* Ignore additional common tmpfs partitions on recent Linux
* Fix NONETPAGE parsing (Thanks, John Horne)
* Increase hard max xymon message size from 10MB to 64MB to match 4.4-alpha
* Fix line-off-by-one error in logfetch retrieval when triggers are used
  (Thanks, Toshimitsu FUJIWARA)
* Fixes to do_temperature parsing (Thanks, Michael Pins)
* Add support for GNU Hurd and GNU/kFreeBSD
* Don't require apache authz_groupfile module by default when not needed
* Add --no-cpu-listing option to xymond_client to block 'top' output in
  cpu test (Thanks, John Horne)
* Double-quote the display name of host titles handed to RRD
* Ensure NTP checks not hung for unreachable hosts (Thanks, Tom Schmidt)
* Standardize xymonnet SMTP/s protocol conversation (Thanks, Tom Schmidt)
* AIX: Report Actual Memory and Phys/Entitled CPU capacity (Thanks, Stef Coene)
* snmp: Fix parsing error with SNMPv3 config parsing (Thanks, Jeremy Laidman)
* RRD: Fix parsing error with DS files containing commas - http* only (Thanks, John Horne)


Changes from 4.3.27 -> 4.3.28 (17 Jan 2017)
===========================================

* rev 8005

* Catch addition possible errors during SSL handshake
  for standard TCP checks
* Fix misparsing of --timelimit and --huge options in
  xymonnet (Reported by Foster Patch)
* Fix memory leak when processing netapp test reports
  (Reported by Peter Welter)
* The included version of c-ares has been bumped to version 1.12.0
* Fix for building on OpenSSL 1.1.0 (Thanks, Axel Beckert)
* Add TLS variant specification to http checks, using newer funcs
  in OpenSSL 1.1.0 (From Henrik)
* Fix overflow when skipping >2G pending data in logfetch
  (Reported by Sergey, a_s_y at sama.ru)
* xymond_alert will no longer exit and be relaunched if started
  while there's no actual alertable condition. (Thanks, Franco G.)
* Fix mis-parsing of PCRE regex's in client-local.cfg when char
  ranges are present (Reported by Erik D. Schminke)
* The size limit of message data passed to SCRIPT alerts is
  configurable with the MAXMSG_ALERTSCRIPT variable.
* Summary messages should work again (Thanks, Axel)
* Many typos in comments and man pages have been corrected
  (Thanks, Axel et al. at Debian)
* Change netstat RRD numbers to be slightly more human-readable
  (Thanks Roland Rosenfeld)


Changes from 4.3.26 -> 4.3.27 (24 Mar 2016)
===========================================

* rev 7957

* Don't treat empty (0 byte) directory size as invalid
  (Reported by Bert Willekens)
* Fix looping redirect on criticaleditor.sh
* Allow NK-critical acknowledgements from status pages
* Fix redirect to criticalview.sh, which is just a
  regular CGI
* Properly recognize https URLs as summary links (Thanks,
  David Steinn Geirsson)
* Add compile-time check for SSLv3 support


Changes from 4.3.25 -> 4.3.26 (19 Feb 2016)
===========================================

* rev 7906

* Fix javascript failures on info/trends pages caused by CSP fixes
* Fix incorrect HTTP refresh on rejected enadis.sh POSTs
* Do not auto-refresh info or trends svcstatus pages
* Revert default svcstatus page refresh interval from 30s back to 60s
* Re-introduce XYMWEBREFRESH variable to control refresh interval
* HTML encode most fields on info page
* Restrict characters allowed for hostnames and testnames
* HTML encode error log output on xymond/net/gen pages
* HTML encode ghost hostnames output on xymond/ghostlist pages
* logfetch: only evaluate the first config of a given type seen for
  the same file name
* xymongen/reports: fix vague error message around missing history files
  and properly exclude clientlog statuses (Reported by Magdi Mahmoud)
* Ensure configured CLASS overrides in hosts.cfg are always passed on
  to client workers, regardless of 'class' for that specific message
  (Reported by Steve Hill)

Changes from 4.3.24 -> 4.3.25 (05 Feb 2016)
===========================================

* rev 7890

* Resolve buffer overflow when handling "config" file requests (CVE-2016-2054)
* Restrict "config" files to regular files inside the $XYMONHOME/etc/ directory
  (symlinks disallowed) (CVE-2016-2055). Also, require that the initial filename
  end in '.cfg' by default
* Resolve shell command injection vulnerability in useradm and chpasswd CGIs
  (CVE-2016-2056)
* Tighten permissions on the xymond BFQ used for message submission to restrict
  access to the xymon user and group. It is now 0620. (CVE-2016-2057)
* Restrict javascript execution in current and historical status messages by
  the addition of appropriate Content-Security-Policy headers to prevent XSS
  attacks. (CVE-2016-2058)

We would like to thank Markus Krell for reporting the above issues, and for
working with us to resolve them.


* Fix "TRENDS" entries in hosts.cfg improperly handling partial matches with
  other graph names (Reported by Jeremy Laidman)
* A possible crash in when loading confreport.cgi has been fixed
  (Thanks, Axel Beckert)
* Improve error handling slightly in the CGI wrapper
* Fix missing network interface graph data on FreeBSD (Niko <nicolas@lienard.name>)
* In xymonnet, a rare SSL error state that could occur after a
  connection is opened will now be considered "service down"
* Fix a crash in xymonnet when handling certain malformed SSL certificates
  (Reported by Thomas Leavitt, originally via Jeremy Laidman)
* Add new trends_header and trends_footer for use on associated Trends pages
* "Jump to page" redirect functionality fixed on findhost.sh (Reported by Francois Claire)
* When a note is present for a host, the info page no longer has a spurious
  hostname on the text link
* Add --noexec option to logfetch to ignore commands to dynamically list files, modifiable
  via new LOGFETCHOPTS variable in xymonclient.cfg (Suggested by Jeremy Laidman)
* Add variables in xymonclient.cfg for overriding config files for xymond_client
  and logfetch when client is running in --local mode without editing xymonclient.sh
* Add file globbing capabilities to logfetch to avoid need to fork commands
  to create dynamic lists (Suggested by Jeremy Laidman)
* The "Valid Until" time for an acknowledgement is now displayed on the ack log
  report page (Thanks, Dominique Frise)
* The xymon.sh and runclient.sh scripts are themselves now more LSB compliant
  (Thanks, Nikolai Lifanov)
* Windows systems now have a better calculation of "Actual" memory usage
  (Thanks, John Rothlisberger)
* A bug in xymond_alert that could cause pages about hosts.cfg not present at inital start
  to cause inconsistent alerting has been fixed
* xymond_alert now reloads its hostlist at regular intervals


Changes from 4.3.23 -> 4.3.24 (23 Nov 2015)
===========================================

* rev 7774

* Fix occasional crash in xymond when handling group names (Thanks, Franco Gasperino)
* Fix non-special HTTP <400 status codes red instead of yellow >.<


Changes from 4.3.22 -> 4.3.23 (12 Nov 2015)
===========================================

* rev 7740

* Fix broken 'TRACK' and 'OPTIONAL' identifiers in analysis.cfg
* Prevent logfetch from segfaulting if a file we're tracking line matching
  deltacounts for wasn't found
* Fix a type mismatch compiler warning in display group name alert matching


Changes from 4.3.21 -> 4.3.22 (6 Nov 2015)
===========================================

* rev 7723

* Ensure we don't leave xymond_hostdata or xymond_history zombies lying around
  after dropping host records (Reported by Scot Kreienkamp)
* Fix up HTML list layout to reflect current standards (Thanks, hallik@calyc3.com)
* Fix documentation incorrectly describing multigraph syntax as (e.g.) GRAPH_cpu.
  Should be GRAPHS_cpu (Thanks, Galen Johnson)
* Supports scientific notation for NCV data (Thanks, Axel Beckert)
* Increase resolution of xymonnet poll timing results (Thanks, Christoph Berg)
* New clock skew RRD files will allow for negative delta values (Thanks, Axel Beckert)
* Fix lots of typos! (Debian)
* Don't skip over "mailq.rrd" (Roland Rosenfeld)
* The signature algorithm used on an SSL-enabled TCP test run by xymonnet is now shown
  on the sslcert page. (Thanks, Ralph Mitchell)
* The cipher list displayed in 'sslcert' tests will now be limited to the cipher that was
  actually used on the SSL connection. The --showallciphers option to xymonnet will
  restore the previous behavior. (From idea from Ralph Mitchell)
* Provide configurable environment overrides in xymonserver.cfg for standard xymonnet
  options to fping/xymonping, ntpdate, and traceroute binaries. In regular installs, the
  intended default options to traceroute (-n -q 2 -w 2 -m 15) were not actually used. This
  may change in a future release, so it's suggested that users move any custom options to
  the new TRACEROUTEOPTS setting in xymonserver.cfg.
  (Orig. thanks, Axel Beckert, ntpdate issues pointed out by Matt Vander Werf)
* Enable latent additional SHA digest strengths (sha256, sha512, sha224, sha384)
* Don't crash generating wml cards for statuses w/ very long lines (Reported by Axel Beckert)
* Flip SenderIP and Hostname columns on ghostlist pages to allow easier cutting and pasting
  to hosts files
* Fix multiple disk volumes reported in on Darwin (OS X) clients. (Thanks, Axel Beckert)
* Fix COMPACT parsing; update docs to match expected syntax (Thanks, Brian Scott)
* Trailing slash no longer required for URL alias ("http://www.example.com/xymon" should work)
* A new XYMONLOCALCLIENTOPTS variable in xymonclient.cfg allows options (e.g., --no-port-listing)
  to be given to xymond_client when running in local client mode.
* Add a method to indicate lines which should be skipped by the NCV RRD processor or
  which mark the end of data-to-be-processed in the message.
* Ensure that nostale is passed down during graph zooming (Thanks, Stef Coene)
* Add missing XMH_DATA in loadhosts (Thanks, Jacek Tomasiak)
* Search in more locations for default environment files when using xymoncmd
* Add a "noflap" override to disable flap detection for any/all tests on a given host (Thanks, Martin Lenko)
* Simplify default HTTP error code settings for xymonnet (2xx = green; 3xx = yellow; 4xx/5xx = red)
* The protocol.cfg entry for RDP network tests has been updated and should work again (Thanks, Rob Steuer)
* Add UDP ports to netstat output returned from darwin clients (Mac OS X)
* Fixes to df/inode parsing on darwin clients (Mac OS X) (Thanks, Jason White et al.)
* Add httphdr= tag to hosts.cfg to inject arbitrary headers into xymonnet HTTP tests for that host.
* Turn memory test yellow if nonsensical numbers are found (>100% used for 'Actual' or Swap)
* "optional include" and "optional directory" support actually added
* xymongrep: load from the hosts.cfg file and error if unable, unless --loadhostsfromxymond is specified
* Collect number of total cores in client data
* combostatus: Fix parenthesis processing (Thanks, Andy Smith)
* Add per-group anchors to generated pages when a group title is present (Thanks, Thomas Giordmaina)
* xymongen: Display group tables even if group has no test results yet unless --no-showemptygroups given
* Add chpasswd CGI for user-level htpasswd file updates. Requires Apache 2.4.5 or later (Thanks, Andy Smith)
* Fix memory/display on multihost hostgraphs.cgi reports; remove multi-disk (which won't work as-is)
* Add ACK_COOKIE_EXPIRATION for environment control of cookie validity duration (Noted by Thomas Giordmaina)
* combostatus: fix core dumps on Solaris when dealing with erroneous config


Changes from 4.3.20 -> 4.3.21 (22 May 2015)
===========================================

* rev 7668

* RSS feeds should now display the short description of the event again.


Changes from 4.3.19 -> 4.3.20 (15 May 2015)
===========================================

* rev 7661

* Summaries should be properly displayed again, and will display on the
  nongreen.html page as well.
* An icon for green acknowledged states is now included -- ironically, the
  original icon that the other checkmarks were based off of.
* The various utilities in cgi-bin and cgi-secure are now hardlinked to
  cgiwrap at install time instead of softlink, to allow for FollowSymLinks-less
  apache configurations
* The protocol section of URLs in hosts.cfg is now case-insensitive, and ftps
  URLs (FTP-over-SSL, not sftp) are recognized as a protocol.
* hosts.cfg docs have been clarified to include delayyellow and delayred as
  allowable options (Reported by John Thurston)
* 'optional include' and 'optional directory' syntax has been documented
* pulldata directives in the hosts.cfg file now honor a given IP address and port
  XMH_FLAG_PULLDATA is now retired; XMH_PULLDATA must be used in its place
* confreport.sh not displaying time-restricted alerts properly has been fixed
  (Reported by Gavin Stone-Tolcher)
* Planned downtime settings are now applied to 'purple' statuses as well
  (Thanks, Torsten Richter)
* Column documentation links should be working again (Reported by Andy Smith)
* Fix missing null termination in certain logfetch situations (Reported by
  Johan Sjberg)
* New httphead tag to force an http request using HEAD instead of GET
* Fix a memory leak introduced in parsing Windows SVCS test data
* A divide-by-zero condition when systems erroneously report 0MB of physical
  memory has been corrected (Reported by John Thurston)
* Parse either critical config or xymond-formatted acknowledgements on the
  report page, and add documentation for the --ack-log option in xymond
  (Thanks, Andy Smith)
* The graphs to be displayed on a specific status page can be customized
  with environment variables - see xymonserver.cfg(5). From Werner Maier.
* When clients are in "server" mode (sending raw data to the xymond server
  to be centrally processed), a 'clientlog' column will now be shown on
  xymon pages (similar to trends and info columns). This can be disabled on
  a per-host basis by adding a 'noclient' tag to the hosts.cfg line,
  or globally by adding that to the .default. host.
* Add protocols.cfg entries for amqp(s), svn, ircd, and mail (submission).
  (Note that smtp testing here may suffer the same occasional issue as
  regular smtp conversations with regard to out-of-order commands.)
* Fix a crash on non-glibc systems when testing xymond_alert configs with
  a host not in hosts.cfg (Reported by John Thurston)
* On newer Linux kernels with recent procps-ng, use the "Available" memory
  reported by the kernel to give a more accurate reading for "Actual Used"
  in the client's memory status. (Reported by Dominique Frise)


Changes from 4.3.18 -> 4.3.19 (30 Mar 2015)
===========================================

* rev 7619

* Don't crash when receiving an AAAA DNS response (BSD, thanks Mark Felder)
* xymonclient.sh running in --local mode was generating reports that were
  marked as duplicates (and thus being ignored). Reported by Guillaume Chane.
* Building with old versions of libpcre not supporting PCRE_FIRSTLINE should
  once again work
* Memory reporting on FreeBSD and OpenBSD has been fixed (Mark Felder)
* The process list visible in the 'procs' test of Linux and FreeBSD clients
  is now generated in ASCII "forest" mode for increased legibility.
* clientlog, hostinfo, and modify messages are now tracked in xymond stats
* In environment config files (xymonserver.cfg, xymonclient.cfg, and cfgoptions.cfg)
  an initial "export " line (as if it were actually a shell script) will be
  ignored and the remainder of the line parsed as normal.
* headermatch will now match the headers of an HTTP response even if the body
  is empty (eg, matching for a 302 Redirect)
* --debug mode in most daemons should cause *much* less of a performance hit, and
  output will be timestamped in microseconds
* xymondboard can now be used to PCRE-match against the raw message, and
  acknowledgement and disable comments. Inequalities can be specified against the
  lastchange, logtime, validtime, acktime, disabletime fields (in epoch timestamps).
  The existing net= and tag= filters have been documented.
* The sample xymon.conf apache snippet now supports apache 2.4 syntax
* Fix missing newline when returning upcoming 'schedule' commands.
* EXTIME= syntax in analysis.cfg and alerts.cfg has been added. This is applied
  after any TIME= filter. Use (e.g.) to exclude Wednesday afternoons on a line
  which is already restricted to 9:00a to 5:00p on weekdays only.
* The included version of c-ares has been bumped to version 1.10.0.
* Support for older EGD (entropy gathering daemon) has been removed (Thanks, Bernard Spil)
* A crash when xymond_rrd was run in --debug mode on non GNU/glibc systems has
  been fixed
* The msgs and procs tests are now HTML-encoded to ensure that lines with brackets
  are properly displayed
* An acknowledgements.sh log report has been added in (Submitted by Andy Smith)
* A number of logfetch issues have been addressed:
  - --debug syntax is now supported. (If modifying the command line in xymonclient.sh,
    use --debug=stderr to prevent spurious lines being sent in the client report.)
  - Invalid POSIX regular expressions for ignore or trigger lines will now be reported
    but should not cause crashes
  - Null characters in a log file will no longer cause further processing to stop (Thanks,
    Franco Gasperino.)
  - All lines matching a 'trigger' regex will be reported back, even if the total size
    exceeds the "maxbytes" limit. (Up to the maximum compiled buffer size.) As much of
    the final section as can be fit in the space remaining will be included, similar
    to the previous behavior if maxbytes was exceeded but no trigger lines were given.
    (Thanks, Franco Gasperino.)
  - The current location (where the previous run left off) is now marked in the status
    report.
  - The '<...SKIPPED...>' and '<...CURRENT...>' texts can be overridden by specifying
    values for LOGFETCHSKIPTEXT and LOGFETCHCURRENTTEXT in xymonclient.cfg
  - The "scrollback" (number of positions in previous "runs" back) that logfetch starts
    at can now be specified with the LOGFETCHSCROLLBACK variable, from 0 - 6 (the default)
* "deltacount" can be used to count the number of lines matching a specific regex in
  client-local.cfg, counting only since the last run. These will be shown on the trends page.
  NOTE: Unlike the "linecount:" option, deltacount is specified after a specific "log:" line.
  See the client-local.cfg file for details.
* ifstat and netstat output from the new Windows PowerShell client is now graphed properly.
* Hostnames beginning with a number (allowed by RFC1123) are now supported in combo.cfg
* When a Windows service's status has been changed (ie, stopped or started), the relevant line
  in the 'svcs' test will now be updated to reflect this. (Reported by Gavin Stone-Tolcher and
  Neil Simmonds)
* Various build issues, compiler fixes, and valgrind complaints have been fixed.


Changes from 4.3.17 -> 4.3.18 (3 Feb 2015)
===========================================

* rev 7494

* Fix CVE-2015-1430, a buffer overflow in the acknowledge.cgi script.
  Thank you to Mark Felder for noting the impact and Martin Lenko
  for the original patch.
* Mitigate CVE-2014-6271 (bash 'Shell shock' vulnerability) by
  eliminating the shell script CGI wrappers
* Don't crash in XML board output when there is no sender for status
* Fix IP sender-address check for maintenance commands, when
  the target host is listed with IP 0.0.0.0 in hosts.cfg.
* Linux client:
    - Generate 'raid' status from mdstat data
    - Include UDP listen ports in netstat data
    - Include full OS version data from SuSE clients
* FreeBSD client: Handle 'actual' memory item, once the client
  starts reporting it.
* Additional bugfixes:
  - xymond_capture: Fix exclude-test pattern handling
  - xymonlaunch: Guard against cron-times triggering twice in one minute
  - xymond_client: Fix DISPLAYGROUP handling in analysis.cfg rules
  - xymonnet: Handle AAAA records in dns checks
  - xymond_channel: Fix matching in --filter code
  - xymond: BFQ id may be zero
  - xymond: Fix bug in hostfilter matching code
  - xymond: Fix memory leak
  - xymond: Fix list manipulation for "modify" commands
  - xymond_rrd: Fix restart of external processor
  - Linux client: Set CPULOOP for correct top output
  - AIX client: vmstat behaves differently


Changes from 4.3.16 -> 4.3.17 (23 Feb 2014)
===========================================

* rev 7446

* Fix crash in xymond when using 'schedule' command
* Configure/build/install fixes:
  - Allow specifying location of the PCRE include/library files
    for client-side configuration build.
  - Pass IDTOOL to client installation (for Solaris).
  - Fix broken configure+Makefiles for client-side configuration
  - C-ARES: Fix wrong call to Makefile.test-cares during configure
  - Dont error out if www-dir or man-dir is empty. Mostly an
    issue when building packages with non-standard layouts.
* Fix wrong timestamp on a new status arriving with a non-green
  status while DOWNTIME was active. Such a status would appear to
  have been created on Jan 1st, 1970.
* Fix hostgraphs so it obeys RRDWIDTH / RRDHEIGHT settings
* Add upper limit to showgraph CGI when generating self-referring URI's
  From Werner Maier
* Extra sanity check on extcombo message offsets.
* The Enable/Disable webpage now permits filtering on CLASS value.
  From Galen Johnson


Changes from 4.3.15 -> 4.3.16 (9 Feb 2014)
==========================================

* rev 7394

* Fix xymonnet crash on sending http test results
* Fix xymond crash if client-local.cfg contains empty sections
* Fix RPM-based initscript for clients with explicit hostname
* Fix misleading error-message when testing for C-ARES library
* Fix client-local.cfg handling, so by default it will not merge
  sections together, i.e. behave like previous 4.x releases.
  NOTE: The new regexp matching can still be used.
* Add "--merge-clientlocal" option for xymond, which causes it
  to merge all matching sections from client-local.cfg into one.
* Use native POSIX binary-tree handling code


Changes from 4.3.14 -> 4.3.15 (31 Jan 2014)
===========================================

* rev 7384

* Fix xymond_alert crashes introduced in 4.3.14
* Fix missing C-ARES build files
* client-local.cfg: Support expression matching of sections
* acknowledge.cgi: Acks are enabled for all ALERTCOLORS, not just red and yellow


Changes from 4.3.13 -> 4.3.14 (26 Jan 2014)
===========================================

* rev 7377

* Fix critical ack not working for hosts where the display-name is
  set (via "NAME:" tag). From Any Smith.
* SNI (Server Name Indication) causes some SSL connections to fail
  due to server-side buggy SSL implementations. Add "sni" and "nosni"
  flags to control SNI for specific hosts, and "--sni" option for
  xymonnet to control the default. Reported by Mark Felder.
* Fix build process to fully obey any XYMONTOPDIR setting from the
  top-level Makefile. NOTE: Client-only builds no longer install the
  client in a "client/" subdirectory below XYMONHOME.
* Fix showgraph so it silently ignores stale rrdctl files when trying
  to flush RRD data before showing a graph.
* Fix xymond_alert crashing when trying to strip <cr> characters
  from the alert message. Bug introduced in 4.3.13.
* Fix Solaris client to report memory even when no swap is configured.
* Fix bug where alerts that were initially suppressed due to TIME
  restrictions are delayed until REPEAT interval expires.
* Fix crash in xymonlaunch when trying to find tasks.cfg
* Fix HTML generated by acknowledge.cgi (missing '>')
* Fix Linux client reporting garbled client data if top output ends
  without a new-line (causes CPU load and other vmstat graphs to
  stop updating)
* Fix Debian installation so it enables Apache mod_rewrite
* Fix merge-lines utility crashing when first line was an include
* Fix "make install" failing when server/www/help was a symlink
* Document existing OPTIONAL setting in analysis.cfg for file-checks
  on files which may not exist.
* Document existing CLASS setting in alerts.cfg
* Add new INFOCOLUMNGIF and TRENDSCOLUMNGIF settings so the icons
  used for these pages are configurable.
* Enhance Solaris client to correctly handle Solaris zones.
* Add new search facilities to xymond to select hosts with the
  'xymondboard' and 'hostinfo' commands.
* New --ack-each-color option for xymondd changes ack behaviour so a
  yellow ack does not apply when status changed to red, but a red ack
  applies if status goes yellow
* New "headermatch" tag for http tests so content checks can look at
  HTTP headers in addition to the HTML body.
* Use system-wide c-ares library. The pre-built Debian packages now
  require the "libc-ares2" package.


Changes from 4.3.12 -> 4.3.13 (08 Jan 2014)
===========================================
* rev 7339

* Fixes to FreeBSD client code, from Mark Felder (FreeBSD maintainer)
* Fix crash on "client" data sent via status channel when host is unknown
* Strip carriage-return from text sent to mail alerts, to avoid mail
  programs treating the message as binary and putting it in an attachment
* xymonnet network tester supports Server Name Indication (SNI) for SSL
  enabled virtual websites.
* HTTP tests now use "Cache-control" header for HTTP/1.1 (default) and
  "Pragma" for HTTP/1.0, so it is protocol compliant.
* netbios-ssn, snpp and lpd protocol.cfg entries (Tom Schmidt)
* "temperature" status strips html tags from sensor names (Tom Schmidt)
* Extra "total network I/O" line on ifstat graph (Tom Schmidt)
* New "backfeed" queue for high-speed transmission of Xymon status updates
  between modules located on the same server as xymond. Note: This is
  disabled by default, see the README.backfeed file.
* New "extcombo" message type allows for combo messages of all types
  (usually "status" and "data").
* Status webpage will return an HTTP error code for invalid requests
  instead of reporting an Ok status (some log analysis tools warn
  about attack attempts when an 'OK' status is reported).
* New setting IMAGEFILETYPE removes hardcoded ".gif" on the various
  image-files in the "gifs" directory. Directory name is unchanged, though.
* FreeBSD: Change from maintainer to enable building with CLANG.
* New modifier for https tests for selecting only TLSv1 as protocol
* CGI's now return a proper HTTP status code in case of errors (e.g. "404"
  when requesting a status for a non-existing host).
* Fix problem with xymond_rrd dying if an external processors crashes
  (from J. Cleaver)
* Fix configure/build problem with detecting POSIX realtime-clock functions.
* Fix for FreeBSD 5+ vmstat reporting (from Jeremy Laidman)
* Fix for "make install" not setting correct file/directory permissions
* Re-add the "--hf-file" option for criticalview CGI (removed in 4.3.7)


Changes from 4.3.11 -> 4.3.12 (24 Jul 2013)
===========================================
* rev 7211

* Security fix: Guard against directory traversal via hostname in "drophost" commands
* Fix crash in xymongen introduced in 4.3.11
* SCO client: Fix overflow in memory calculation when >2 GB memory
* Fix so "include" and "directory" definitions in configuration files now handle <tab> after the keyword
* Fix for the Xymon webpage menu on iPad's and Android (touch devices)
* Fix "drophost" handling so the host data directory is also cleared
* xymond_rrd now processes data from "clear" status messages
* Xymon clients now report the version number in the client data
* Linux clients now align "ps" output so it is more readable.
* New "generic" client message handler allows log/file monitoring from systems that are not known to Xymon.
* The Xymon client now works if invoked with a relative path to the runclient.sh script
* Other minor / internal bugfixes

Changes from 4.3.10 -> 4.3.11 (21 Apr 2013)
===========================================
* rev 7188

* Fix wrong file permissions when installing
* Linux client: Fix handling of root filesystem when mounted on "/dev/root"
* trends webpage: Fix case where hostname disappears after zoom.
* FreeBSD client: Memory patch for FreeBSD 8.0+
* xymond_alert: Fix problem with UNMATCHED rules triggering when there are
  actual recipients, but their alerts are suppressed due to a REPEAT
  setting not having expired.
* xymond_rrd: Dont crash if called with an empty status/data message
* xymond_channel: Report cause when channel-child exits/crashes
* xymongen: Geneate an overview page with only reds (like non-green)
* xymongen: Optionally define env. variable BOARDFILTER to select
  hosts/tests included in the generated pages
* links: Add pdf, docx and odt as known document formats
* Fix potential crashes after an alert cookie expired
* Fix potential crash after deleting/renaming a host
* Speedup loading of the hosts.cfg file, noticeable with very
  large hosts.cfg files (100.000+ hosts)

Changes from 4.3.9 -> 4.3.10 (6 Aug 2012)
=========================================
* rev 7164

* Fix build problems with "errno"
* Fix build problems with OpenSSL in non-default locations
* Fix build problems with certain LDAP configurations
* Fix build problems with RRDtool on FreeBSD / OpenBSD
* Fix problem with ifstat data from Fedora in graphs
* "inode" check on FreeBSD, OpenBSD, OSX, Solaris, HP/UX, AIX
  in addition to existing support for Linux
* Document building and installing Xymon on common platforms
  (Linux, FreeBSD, OpenBSD, Solaris)
* Enhance xymoncfg so it can be used to import Xymon configuration
  settings into shell-scripts.

Changes from 4.3.8 -> 4.3.9 (15 Jul 2012)
=========================================
* rev 7120

* Fix crash when XYMSRV is undefined but XYMSERVERS is
* Fix error in calculating combo-status messages with
  forward references
* Fix error in disable-until-TIME or disable-until-OK code
* Fix documentation of DURATION in alerts.cfg / xymond_alert so
  it is consistenly listed as being in "minutes".
* Permit explicit use of ">" and ">=" in alerts.cfg
* Permit building without the RRDtool libraries, e.g. for
  a network-tester build, but with trend-graphing disabled.
* Full compiler-warning cleanup
* Various configuration/build-script issues fixed.

Changes from 4.3.7 -> 4.3.8 (15 Jul 2012)
=========================================
* rev 7082

Bugfixes
* Workaround for DNS timeout handling, now fixed at approximately 25
  seconds.
* "hostinfo" command for xymond documented
* confreport only shows processes that are monitored
* analysis.cfg parsing of COLOR for UP rules was broken
* RRD handlers no longer crash after receiving 1 billion updates
* Using .netrc for authentication could crash xymonnet
* "directory" includes would report the wrong filename for missing
  directories.
* useradm CGI would invoke htpassword twice
* "include" and "directory" now ignores trailing whitespace
* SSLv2 support disabled if SSL-library does not support it
* Minor bugfixes and cleanups of compiler warnings.

Enhancements
* Service status on info page now links to the detailed status page.
* Add RRDGRAPHOPTS setting to permit global user-specified RRD options,
  e.g. for font to showgraph CGI
* Add check for the size of public keys used in SSL certificates
  (enabled via --sslkeysize=N option for xymonnet)
* Optionally disable the display of SSL ciphers in the sslcert status
  (the --no-cipherlist option for xymonnet)
* Improved build-scripts works on newer systems with libraries in
  new and surprising places
* Reduce xymonnet memory usage and runtime for ping tests when there
  are multiple hosts.cfg entries with the same IP-address.
* Add code for inode-monitoring on Linux. Does not currently work on
  any other client platform.
* Added the ability to disable tests until a specific time, instead of
  for some interval. Disabling a test also now computes the expire time
  for the disable to happen at the next closest minute.


Changes from 4.3.6 -> 4.3.7 (13 Dec 2011)
=========================================
* rev 6803
* Fix acknowledge CGI (broken in 4.3.6)
* Fix broken uptime calculation for systems reporting "1 day"
* Workaround Solaris breakage in the LFS-support detection
* Fix/add links to the HTML man-page index.
* Fix "Stop after" value not being shown on the "info" page.
* Fix broken alert texts when using FORMAT=SMS
* Fix wrong description of xymondboard CRITERIA in xymon(1)
* Fix missing columnname in analysis.cfg(5) DS example
* Fix missing space in output from disk IGNORE rules in
  xymond_client --dump-config
* Fix overwrite of xymon-apache.conf when upgrading
* Fix installation so it does not remove include/directory
  lines from configuration files.
* Add client/local/ directory for custom client script

Changes from 4.3.5 -> 4.3.6 (5 Dec 2011)
========================================
* rev 6788
* Optionally choose the color for the "cpu" status when it goes
  non-green due to uptime or clock offset.
* Allow for "include" and "directory" in combo.cfg and protocols.cfg
* New INTERFACES definition in hosts.cfg to select which network
  interfaces are tracked in graphs.
* New access control mechanism for some CGI scripts returning
  host-specific information. Access optionally checked against
  an Apache-style "group" file (see xymonwebaccess(5) CGI manpage).
* New "vertical" page-definitions (vpage, vsubpage,vsubparent)
  for listing hosts across and tests down on a page.
* Fix hostlist CGI crash when called with HTTP "HEAD"
* Fix svcstatus CGI crash when called with non-existing hostname
* Fix "ackinfo" updates being cleared when host hits a
  DOWNTIME period.
* Fix compile-errors on Solaris due to network libraries
  not being included.
* Fix "logrotate" messages not being sent to some channels.
* Fix problem with loading the hosts.cfg file.
* STATUSLIFETIME now provides the default time a status is valid (in xymond).
* Critical systems view: Use priority 99 for un-categorised priorities
  (imported from NK tags) and show this as 'No priority' on the webpage.
* useradm CGI: Sort usernames
* New xymond module - xymond_distribute - can forward
  administrative commands (drop, rename, disable, enable)
  from one Xymon server to another.
* New tool: appfeed CGI provides data for the Android "xymonQV" app
  by Darrik Mazey.

Changes from 4.3.4 -> 4.3.5 (9 Sep 2011)
========================================
* rev 6754
* Fix crash in CGI generating the "info" status column.
* Fix broken handling of IGNORE for log-file analysis.
* Fix broken clean-up of obsolete cookies (no user impact).
* Devmon RRD handler: Fix missing initialisation, which
  might cause crashes of the RRD handler.
* Fix crashes in xymond caused by faulty new library for
  storing cookies and host-information.
* Fix memory corruption/crash in xymond caused by logging
  of multi-source statuses.
* New "delayred" and "delayyellow" definitions for a host
  can be used to delay change to a yellow/red status for
  any status column (replaces the network-specific "badFOO"
  definitions).
* analysis.cfg and alerts.cfg: New DISPLAYGROUP setting to
  select hosts by the group/group-only/group-except text.
* New HOSTDOCURL setting in xymonserver.cfg. Replaces the
  xymongen "--docurl" and "--doccgi" options, and is used
  by all tools.
* xymond_history option to control location of PID file.
* Critical Systems view: Optionally show eventlog for the
  hosts present on the CS view.
* Critical Systems view: Multiple --config options can
  now be used, to display critical systems from multiple
  configurations on one page.
* Detailed status display: Speedup by no longer having to
  load the hosts.cfg file.
* xymongen and xymonnet: Optionally load the hosts.cfg
  from xymond instead of having to read the file.

Changes from 4.3.3 -> 4.3.4 (1 Aug 2011)
========================================
* rev 6722
* Fix crashes and data corruption in Xymon worker modules
  (xymond_client, xymond_rrd etc) after handling large
  messages.
* Fix xymond lock-up when renaming/deleting hosts
* Fix xymond cookie lookup mechanism
* Webpages: Add new HOSTPOPUP setting to control what values from
  hosts.cfg are displayed as a "comment" to the hostname (either
  in pop-up's or next to the hostname).
* Fix xymond_client crash if analysis.cfg contains invalid configuration
  entries, e.g. expressions that do not compile.
* Fix showgraph CGI crash when legends contain colon.
* xymonnet: Include hostname when reporting erroneous test-spec
* CGI utils: Multiple potential security fixes involving buffer-
  overruns when generating responses.
* CGI utils: Fix crash when invoked with HTTP "HEAD"
* CGI utils: Fix crashes on 64-bit platforms due to missing prototype
  of "basename()" function.
* svcstatus CGI: Dont crash if history log is not a file.
* Critical systems view CGI: Cross-site scripting fix
* Fix recovery-messages for alerts sent to a GROUP
* RRD "memory" status handler now recognizes the output from the
  bb-xsnmp.pl module (for Cisco routers).
* Web templates modified so the menu CSS can override the default
  body CSS.
* Acknowledge web page now allows selecting minutes/hours/days
* Enable/Disable webpage enhanced, so when selecting multiple hosts
  the "Tests" column only lists the tests those hosts have.

Changes from 4.3.2 -> 4.3.3 (6 May 2011)
========================================
* rev6684
* SECURITY FIX: Some CGI parameters were used to construct
  filenames of historical logfiles without being sanitized,
  so they could be abused to read files on the webserver.
* SECURITY FIX: More cross-site scripting vulnerabilities.
* Remove extra "," before "History" button on status-view
* Critical view: Shring priority-column to 10% width
* hosts.cfg loader: Check for valid IP spec (nibbles in
  0-255 range). Large numbers in a nibble were accepted,
  triggering problems when trying to ping the host.
* Alert macros no longer limited to 8kB

Changes from 4.3.1 -> 4.3.2 (4 Apr 2011)
========================================
* rev6672
* Web UI: Fix bug introduced with the 4.3.1 XSS fixes.

Changes from 4.3.0 -> 4.3.1 (3 Apr 2011)
========================================
* Web UI: SECURITY FIX - fix potential cross-site scripting vulnerabilities.
  Initial report by David Ferrest (email April 1st 2011).
* Solaris Makefile: Drop guessing of what linker is being used, since we
  get it wrong too often.
* configure: Add missing <string.h> include to fix compile failure on
  some systems.
* get_ostype(): Check that we have a valid OS identifier.
  Dont assume we can write to the string passed us.
* xymond user messages: Improve error message for oversize messages.
  Document the MAXMSG_USER setting.
* combostatus: Make the set of error-colors configurable. Change default set so
  BLUE and PURPLE are not considered errors (only RED is an error by default).
* xymon(1) manpage: Add missing description of some fields available in the
  xymondboard command.
* hosts.cfg manpage: Fix wrong NOPROP interpretation. From Thomas Brand.
* Demotool: Change Hobbit->Xymon

Changes from 4.3.0 RC 1 -> 4.3.0 (4 Mar 2011)
=============================================
* Critical view and other webpages: Make the 'All systems OK' message
  configurable. Also allow the header/footer for the Critical Systems
  view to be configurable.
  Suggestion and preliminary patch from Buchan Milne.
* xymonnet: Improve error report when HTTP tests get an empty response -
  'HTTP error 0' sounds weird.
* report / snapshot CGI's: Fix buffer overrun in the HTML delimiter
  generated in the "please wait..." message. Also, fix potential buffer
  overrun in report CGI if invoked with a large value for the "style"
  parameter.
  Reported by Rolf Biesbroek.
* Graph definitions (graphs.cfg): Multi graphs cannot use a regex pattern.
  Problem report by Brian Majeska
* Solaris interface statistics: Filter out "mac" and "wrsmd" devices at
  the client side.
  Update RRD handler to also filter "wrsmd" at the server side, like we
  already did for "mac" devices.
  Cf. http://www.xymon.com/archive/2009/06/msg00204.html
* Documentation: Document the XMH_* fields available in xymondboard commands.
* Documentation: Document SPLITNCV and "trends" methods of doing
  custom graphs.
* RRD definitions: Allow override of --step/-s option for rrdcreate,
  from template supplied in rrddefinitions.cfg.
  Suggestion from Brian Majeska.
* mailack: Remove restriction on how long a subjectline/message body can be.
* Build procedure: Add notice about running upgrade script before
  installing the new version.
* xymond_alert: Document --trace option
* Alerts: For recovery messages, add information so you can tell
  whether the recovery was due to the service actually recovering, or
  if it was merely disabled.
* xymond_alert: Fix missing element in array of alert status texts used
  for tracing.
  Spotted by Dominique Frise.
* Add support for FreeBSD v8 modified ifstat output
* Documentation: Update information about the Xymon mailing lists
  following move to Mailman and new archive URL.
* HP/UX client: Use "swapinfo" to extract memory utilisation data,
  instead of the hpux-meminfo utility.
  By Earl Flack http://lists.xymon.com/pipermail/xymon/2010-December/030100.html

Changes from 4.3.0 beta 3 -> 4.3.0 RC 1 (23 Jan 2011)
=====================================================
* hosts.cfg badldap documentation: Document that for LDAP URL's you must
  use 'badldapurl'. Reported by Simo Hmami.
* xymond flap detection: Make number of tracked status changes and the
  flap-check period configurable. Change the defaults to trigger flapping
  at more than 5 status changes in a 30 minute period.
* sendmessage: Enhanced error reporting, to help track down communication
  problems.
* xymond_client: Fix Windows SVC status handling to avoid coredumps,
  memory corruption and other nasties.
  Will now report the real name of the service, instead of the pattern used in
  the analysis.cfg file.
  NOTE: Slight change to status message format.
* Client handler: Fix owner/user check parsing. Reported by Ian Marsh
  http://www.xymon.com/archive/2011/01/msg00133.html (also broken in 4.2.3).
* xymongen: Fix broken --doc-window option handling. Reported by Tom Schmitt.
* Xymongen: Fix documentation of the --doc-window/--no-doc-window options.
* Webpage background: Use a CSS and a new set of gif's to implement a
  background that works on all displays, regardless of width. Uses a new
  xymonbody.css stylesheet which can also control some other aspects of the
  webpage. From Francois Claire.
* Documentation: The xymon 'rename' command should be used AFTER renaming
  a host in hosts.cfg, not before. From Tom Georgoulias.
* Memory status: Add some sanity checks for the memory utilisation reported
  by clients. Occasionally we get completely bogus data from clients, so only
  act on them if percentages do not exceed 100.
* Critical systems view: Add "--tooltips" option so you can save screen space
  by hiding the host descriptions in a tooltip, like we do on the statically
  generated pages. Feature request from Chris Morris.
* Solaris client: Report "swap -l" in addition to "swap -s" for swap usage.
  Backend prefers output from "swap -l" when determining swap utilisation.
* Webpage menu: Use the CSS and GIF's by Malcolm Hunter - they are much nicer
  than the ones from Debian. Distribute both the blue and the grey version,
  and configure which one to use in xymonserver.cfg.
* Graph zoom: Use float variables when calculating the upper/lower limits
  of the graph. Fixes vertical zoom.
* xymond: Make sure we do not perform socket operations on invalid sockets
  (e.g. those from a scheduled task pseudo-connection)
* Installation: Remove any existing old commands before creating symlinks
* xymonproxy: Fix broken compatibility option '--bbdisplay'
* Fix eventlog summary/count enums so they dont clash with Solaris predefined
  entities
* History- and hostdata-modules: Dont save data if there is less than 5%
  free space on the filesystem. Also, dont save hostdata info more than 5
  times per hour.
* Historical statuslog display: Work-around for crash when status-log is
  empty
* fping.sh configure sub-script: Fix syntax error in suggested 'sudoers'
  configuration, and point to the found fping binary. From Steff Coene.
* namematch routine: Fix broken matching when doing simple matching against
  two strings where one was a subset of the other.
  http://www.xymon.com/archive/2010/11/msg00177.html .  Reported by Elmar Heeb
  who also provided a patch, although I chose a different solution to this.
* Xymon net: Fix broken compile when LDAP-checks are disabled. Reported by
  Roland Soderstrom, fix from Ralph Mitchell.
* xymon(7) manpage: Drop notice that renaming in 4.3.0 is not complete
* Installation: Setup links for the commonly used Hobbit binaries
  (bb, bbcmd, bbdigest, bbhostgrep, bbhostshow)
* Upgrade script: Setup symlinks for the old names of the standard webpages
* xymonserver.cfg.DIST: Missing end-quote in compatibility
  BBSERVERSECURECGIURL setting. From Ralph Mitchell
* xymongrep: Fix broken commandline parsing resulting from trying to be
  backwards-compatible. Reported by Jason Chambers.

Changes from 4.3.0 beta 2 -> 4.3.0 beta 3 (15 Nov 2010)
=======================================================

* Reflect the renaming of the project at Sourceforge
  in documentation, links etc.
* Any data going into graphs can now trigger a status to
  change color, if the value of the data is outside
  thresholds. This can be used to e.g. trigger an alert
  if the response-time of a network test is longer than
  expected, even though the service is responding. Also
  works for custom tests that feed data into graphs.
  (see analysis.cfg "DS" definition). This uses a
  new xymond command, "modify".
* Clients can now use several modules to send "client"
  data to the Xymon server, all of which are passed to
  (specialised) client-data processors on the Xymon server.
* All tools for the "Critical Systems View" now have a
  "--config=FILENAME" option for which file to load
  the configuration from.

Configuration files:
* Document the "directory" include syntax
* Allow the "include" and "directory" definitions to be
  indented.

xymongen:
* New "--no-nongreen" option for bbgen disables generating the
  "All Non-green" page, since this is not useful on large
  installations.
* If xymongen cannot load the current status from xymond,
  abort updating of the webpages instead of generating
  a 100% green set of webpages.

xymonnet:
* New "--source-ip=ADDRESS" option for xymonnet to
  set the default source IP used for network tests.
* HTTP tests now use the source-IP.
* New "--ping-tasks=N" option for xymonnet to split
  the ping-tests to multiple processes. Needed to speed
  up ping of large installations.
* Disable support for the old Big Brother syntax for
  HTTP proxies in web checks. Necessary to allow testing
  of URL's beginning with "http". If necessary, the old
  Big Brother compatible behaviour is enabled with the
  new "--bb-proxy-syntax" option for xymonnet.

xymonproxy:
* Rename "--bbdisplay" option to "--server".
* Drop support for sending data to Big Brother servers.
  This means that the Big Brother "page" messages will
  no longer be relayed by bbproxy, so the "--bbpager"
  and "--hobbitd" options have been removed.

msgcache / xymonfetch:
* Fix off-by-one bug when reading data. Could lead to
  data corruption, crashes and other nasty behaviour.
* Remove port-numbers from the "Message received from..."
  line so these don't show up as multi-source.

xymonlaunch:
* Support for cron-style time specification, so tasks
  will run at specific times.

xymon tool:
* New "--response" option overrides auto-detection of
  whether to expect a response back from the server.
* Support the new "usermsg" and "modify" commands.

hosts.cfg configuration settings:
* New "multihomed" option disables the multi-source detection
  for a host.

xymond:
* Support multiple client-collector modules for each host.
* Detect when the same host receives updates from multiple source
  IP adresses. Usually indicates a misconfigured client reporting
  with the name of another server. May erroneously flag some
  multi-homed hosts, so this check can be disabled with the
  "multihomed" flag in bb-hosts.
* Detect when a status is rapidly switching between to states.
  In that case, the most severe state is enforced until the
  flapping stops. Such flapping would lead to a huge number of
  status messages being stored as historical logs.
* Fix rare bug where missing status-log data could crash xymond.
* Fix small memory leak in processing "config" and "download" commands.

xymond_capture:
* New server-side tool to capture selected messages from a Xymon channel.