mirror of
https://github.com/Icinga/icinga2.git
synced 2025-07-27 07:34:15 +02:00
Icinga 2.14.6
This commit is contained in:
Julian Brost
Yonas Habteab
parent
8c7ed2faca
commit
404136141b
13
CHANGELOG.md
13
CHANGELOG.md
@ -7,6 +7,19 @@ documentation before upgrading to a new release.
|
|||||||
|
|
||||||
Released closed milestones can be found on [GitHub](https://github.com/Icinga/icinga2/milestones?state=closed).
|
Released closed milestones can be found on [GitHub](https://github.com/Icinga/icinga2/milestones?state=closed).
|
||||||
|
|
||||||
|
## 2.14.6 (2025-05-27)
|
||||||
|
|
||||||
|
This security release fixes a critical issue in the certificate renewal logic in Icinga 2, which
|
||||||
|
might incorrectly renew an invalid certificate. However, only nodes with access to the Icinga CA
|
||||||
|
private key running with OpenSSL older than version 1.1.0 (released in 2016) are vulnerable. So this
|
||||||
|
typically affects Icinga 2 masters running on operating systems like RHEL 7 and Amazon Linux 2.
|
||||||
|
|
||||||
|
* CVE-2025-48057: Prevent invalid certificates from being renewed with OpenSSL older than v1.1.0.
|
||||||
|
* Fix use-after-free in VerifyCertificate(): Additionally, a use-after-free was found in the same
|
||||||
|
function which is fixed as well, but in case it is triggered, typically only a wrong error code
|
||||||
|
may be shown in a log message.
|
||||||
|
* Windows: Update OpenSSL shipped on Windows to v3.0.16.
|
||||||
|
|
||||||
## 2.14.5 (2025-02-06)
|
## 2.14.5 (2025-02-06)
|
||||||
|
|
||||||
This release fixes a regression introduced in 2.14.4 that caused the `icinga2 node setup`,
|
This release fixes a regression introduced in 2.14.4 that caused the `icinga2 node setup`,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user