mirror of
https://github.com/Icinga/icinga2.git
synced 2025-07-23 21:55:03 +02:00
Merge pull request #10470 from Icinga/changelog-2144
Add Icinga `2.14.*` & `2.13.12` `CHANGELOG.md` to master
This commit is contained in:
commit
37f0b244cb
112
CHANGELOG.md
112
CHANGELOG.md
@ -7,6 +7,104 @@ documentation before upgrading to a new release.
|
||||
|
||||
Released closed milestones can be found on [GitHub](https://github.com/Icinga/icinga2/milestones?state=closed).
|
||||
|
||||
## 2.14.6 (2025-05-27)
|
||||
|
||||
This security release fixes a critical issue in the certificate renewal logic in Icinga 2, which
|
||||
might incorrectly renew an invalid certificate. However, only nodes with access to the Icinga CA
|
||||
private key running with OpenSSL older than version 1.1.0 (released in 2016) are vulnerable. So this
|
||||
typically affects Icinga 2 masters running on operating systems like RHEL 7 and Amazon Linux 2.
|
||||
|
||||
* CVE-2025-48057: Prevent invalid certificates from being renewed with OpenSSL older than v1.1.0.
|
||||
* Fix use-after-free in VerifyCertificate(): Additionally, a use-after-free was found in the same
|
||||
function which is fixed as well, but in case it is triggered, typically only a wrong error code
|
||||
may be shown in a log message.
|
||||
* Windows: Update OpenSSL shipped on Windows to v3.0.16.
|
||||
|
||||
## 2.14.5 (2025-02-06)
|
||||
|
||||
This release fixes a regression introduced in 2.14.4 that caused the `icinga2 node setup`,
|
||||
`icinga2 node wizard`, and `icinga2 pki request` commands to fail if a certificate was
|
||||
requested from a node that has to forward the request to another node for signing.
|
||||
Additionally, it fixes a small bug in the performance data normalization and includes
|
||||
various documentation improvements.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Don't close anonymous connections before sending the response for a certificate request #10337
|
||||
* Performance data: Don't discard min/max values even if crit/warn thresholds aren’t given #10339
|
||||
* Fix a failing test case on systems `time_t` is only 32 bits #10343
|
||||
|
||||
### Documentation
|
||||
|
||||
* Document the -X option for the mail-host-notification and mail-service-notification commands #10335
|
||||
* Include Nagios in the migration docs #10324
|
||||
* Remove RHEL 7 from installation instructions #10334
|
||||
* Add instructions for installing build dependencies on Windows Server #10336
|
||||
|
||||
## 2.14.4 (2025-01-23)
|
||||
|
||||
This bugfix release is focused on improving HA cluster stability and easing
|
||||
troubleshooting of issues in this area. It also addresses several crashes,
|
||||
in the core itself and both in Icinga DB and IDO (numbers out of range).
|
||||
In addition, it fixes several other issues such as lost notifications
|
||||
or TimePeriod/ScheduledDowntime exceeding specified date ranges.
|
||||
|
||||
### Crash Fixes
|
||||
|
||||
* Invalid `DateTime#format()` arguments in config and console on Windows Server 2016 and older. #10112
|
||||
* Downtime scheduling at runtime with non-existent trigger. #10049
|
||||
* Object creation at runtime during Icinga DB initialization. #10151
|
||||
* Comment on a service of a non-existent host. #9861
|
||||
|
||||
### Miscellaneous Bugfixes
|
||||
|
||||
* Lost notifications after recovery outside the notification time period. #10187
|
||||
* TimePeriod/ScheduledDowntime exceeding specified date range. #9983 #10107
|
||||
* Clean up failure for obsolete Downtimes. #10062
|
||||
* ifw-api check command: use correct process-finished handler. #10140
|
||||
* Email notification scripts: strip 0x0D (CR) for a proper Content-Type. #10061
|
||||
* Several fixes and improvements of the code quality. #10066 #10214 #10254 #10263 #10264
|
||||
|
||||
### Cluster and API
|
||||
|
||||
* Sync runtime objects in topological order to honor their dependencies. #10000
|
||||
* Make parallel config syncs more robust. #10013
|
||||
* After object creation via API fails, clean up properly for the next try. #10111
|
||||
* Close HTTPS connections properly to prevent leaks. #10005 #10006
|
||||
* Reduce the number of cluster messages in memory at the same time. #9991 #9999 #10210
|
||||
* Once a cluster connection shall be closed, stop communicating. #10213 #10221
|
||||
* Remove unnecessary blocking of semaphores. #9992 #9994
|
||||
* Reduce unnecessary cluster messages setting the next check time. #10011
|
||||
|
||||
### Icinga DB and IDO
|
||||
|
||||
* IDO: fix object relations after aborted synchronization. #10065
|
||||
* Icinga DB, IDO: limit all timestamps to four year digits. #10058 #10059
|
||||
* Icinga DB: limit execution\_time and latency (milliseconds) to database schema. #10060
|
||||
|
||||
### Troubleshooting
|
||||
|
||||
* Add `/v1/debug/malloc_info` which calls `malloc_info(3)` if available. #10015
|
||||
* Add log messages about own network I/O. #9993 #10141 #10207
|
||||
* Several fixes and improvements of log messages. #9997 #10021 #10209
|
||||
|
||||
### Windows
|
||||
|
||||
* Update OpenSSL shipped on Windows to v3.0.15. #10170
|
||||
* Update Boost shipped on Windows to v1.86. #10114
|
||||
* Support CMake v3.29. #10037
|
||||
* Don't require to build .msi as admin. #10137
|
||||
* Build configuration scripts: allow custom `$CMAKE_ARGS`. #10312
|
||||
|
||||
### Documentation
|
||||
|
||||
* Distributed Monitoring: add section "External CA/PKI". #9825
|
||||
* Explain how to enable/disable debug logging on the fly. #9981
|
||||
* Update supported OS versions and repository configuration. #10064 #10090 #10120 #10135 #10136 #10205
|
||||
* Several fixes and improvements. #9960 #10050 #10071 #10156 #10194
|
||||
* Replace broken links. #10115 #10118 #10282
|
||||
* Fix typographical and similarly trivial errors. #9953 #9967 #10056 #10116 #10152 #10153 #10204
|
||||
|
||||
## 2.14.3 (2024-11-12)
|
||||
|
||||
This security release fixes a TLS certificate validation bypass.
|
||||
@ -243,6 +341,20 @@ Add `linux_netdev` check command. #9045
|
||||
* Several code quality improvements. #8815 #9106 #9250
|
||||
#9508 #9517 #9537 #9594 #9605 #9606 #9641 #9658 #9702 #9717 #9738
|
||||
|
||||
## 2.13.12 (2025-05-27)
|
||||
|
||||
This security release fixes a critical issue in the certificate renewal logic in Icinga 2, which
|
||||
might incorrectly renew an invalid certificate. However, only nodes with access to the Icinga CA
|
||||
private key running with OpenSSL older than version 1.1.0 (released in 2016) are vulnerable. So this
|
||||
typically affects Icinga 2 masters running on operating systems like RHEL 7 and Amazon Linux 2.
|
||||
|
||||
* CVE-2025-48057: Prevent invalid certificates from being renewed with OpenSSL older than v1.1.0.
|
||||
* Fix use-after-free in VerifyCertificate(): Additionally, a use-after-free was found in the same
|
||||
function which is fixed as well, but in case it is triggered, typically only a wrong error code
|
||||
may be shown in a log message.
|
||||
* Windows: Update OpenSSL shipped on Windows to v3.0.16.
|
||||
* Fix a failing test case on systems `time_t` is only 32 bits #10344.
|
||||
|
||||
## 2.13.11 (2025-01-23)
|
||||
|
||||
This bugfix release addresses several crashes,
|
||||
|
Loading…
x
Reference in New Issue
Block a user