Release/v2.12.3 (#5342)

CHANGELOG.md

@@ -4,6 +4,41 @@ Please make sure to always read our [Upgrading](doc/80-Upgrading.md) documentati
 
 ## What's New
 
+### What's New in Version 2.12.3
+
+**Notice:** This is a security release. It is recommended to upgrade _immediately_.
+
+You can find all issues related to this release on our Roadmap.
+
+#### Vulnerabilities, Closed
+
+Cross site scripting is one of the worst attacks on web based platforms. Especially, if carrying it out is as easy as
+the first two mentioned here. You might recognize the open redirect on the login. You are correct, we attempted to fix
+it already with v2.11.3 but underestimated PHP's quirks. The last is difficult to exploit, hence the lowest severity
+of all, but don't be fooled by that!
+
+All four of them are backported to v2.11.5.
+
+* XSS in embedded content [CVE-2025-27405](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-3x37-fjc3-ch8w)
+* DOM-based XSS [CVE-2025-27404](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-c6pg-h955-wf66)
+* Open redirect on login page [CVE-2025-30164](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-8r73-6686-wv8q)
+* Reflected XSS [CVE-2025-27609](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5cjw-fwjc-8j38)
+
+Big thanks to all finders / reporters! :+1:
+
+#### Bugs, Exterminated
+
+Did you know, that we started [Icinga Notifications](https://icinga.com/docs/icinga-notifications/latest/) with support
+for PostgreSQL first? Reason for that is, we wanted to make sure we are fully compatible with it right away. To ensure
+things like logging in with a PostgreSQL authentication/group backend is case-insensitive, like it was always the case
+for MySQL. Now it **really** is case-insensitive! There are also two issues fixed, which many of you will probably have
+noticed since v2.12.2, sorry that it took so long :)
+
+* Login against Postgres DB is case-sensitive [#5223](https://github.com/Icinga/icingaweb2/issues/5223)
+* Role list has no functioning quick search [#5300](https://github.com/Icinga/icingaweb2/issues/5300)
+* After clicking on Check now, the page does not refresh itself [#5293](https://github.com/Icinga/icingaweb2/issues/5293)
+* Service States display wrong since update to 2.12.2 [#5290](https://github.com/Icinga/icingaweb2/issues/5290)
+
 ### What's New in Version 2.12.2
 
 You can find all issues related to this release on our Roadmap.

VERSION

@@ -1 +1 @@
-v2.12.2
+v2.12.3

application/views/scripts/error/error.phtml

@@ -23,7 +23,7 @@ $modReason = [];
 
 if (isset($requiredVendor, $requiredProject) && $requiredVendor && $requiredProject) {
     // TODO: I don't like this, can we define requirements somewhere else?
-    $coreDeps = ['icinga-php-library' => '>= 0.13.2', 'icinga-php-thirdparty' => '>= 0.12'];
+    $coreDeps = ['icinga-php-library' => '>= 0.14.2', 'icinga-php-thirdparty' => '>= 0.12'];
 
     foreach ($coreDeps as $libraryName => $requiredVersion) {
         if (! $libraries->has($libraryName)) {

doc/02-Installation.md

@@ -399,7 +399,7 @@ You will need to install certain dependencies depending on your setup:
   monitor your infrastructure
 * A web server, e.g. Apache or Nginx
 * PHP version ≥ 7.2
-* [Icinga PHP Library (ipl)](https://github.com/Icinga/icinga-php-library) (≥ 0.13.2)
+* [Icinga PHP Library (ipl)](https://github.com/Icinga/icinga-php-library) (≥ 0.14.2)
 * [Icinga PHP Thirdparty](https://github.com/Icinga/icinga-php-thirdparty) (≥ 0.12)
 * The following PHP modules must be installed: cURL, json, gettext, fileinfo, intl, dom, OpenSSL and xml
 * The [pdfexport](https://github.com/Icinga/icingaweb2-module-pdfexport) module (≥0.10) is required for the

library/Icinga/Application/Version.php

@@ -8,7 +8,7 @@ namespace Icinga\Application;
  */
 class Version
 {
-    const VERSION = '2.12.2';
+    const VERSION = '2.12.3';
 
     /**
      * Get the version of this instance of Icinga Web 2

modules/doc/module.info

@@ -1,4 +1,4 @@
 Module: doc
-Version: 2.12.2
+Version: 2.12.3
 Description: Documentation module
  Extracts, shows and exports documentation for Icinga Web 2 and its modules.

modules/migrate/module.info

@@ -1,5 +1,5 @@
 Module: migrate
-Version: 2.12.2
+Version: 2.12.3
 Description: Migrate module
  This module was introduced with the domain-aware authentication feature in version 2.5.0.
  It helps you migrating users and user configurations according to a given domain.

modules/monitoring/module.info

@@ -1,5 +1,5 @@
 Module: monitoring
-Version: 2.12.2
+Version: 2.12.3
 Description: Icinga monitoring module
  IDO accessor and UI for your monitoring. This is the initial instalment for a
  graphical presentation of Icinga environments. The predecessor of Icinga DB.

modules/setup/library/Setup/WebWizard.php

@@ -602,7 +602,7 @@ class WebWizard extends Wizard implements SetupWizard
         )));
 
         $set->add(new WebLibraryRequirement(array(
-            'condition'     => ['icinga-php-library', '>=', '0.13.2'],
+            'condition'     => ['icinga-php-library', '>=', '0.14.2'],
             'alias'         => 'Icinga PHP library',
             'description'   => mt(
                 'setup',

modules/setup/module.info

@@ -1,5 +1,5 @@
 Module: setup
-Version: 2.12.2
+Version: 2.12.3
 Description: Setup module
  Web based wizard for setting up Icinga Web 2 and its modules.
  This includes the data backends (e.g. relational database, LDAP),

modules/test/module.info

@@ -1,5 +1,5 @@
 Module: test
-Version: 2.12.2
+Version: 2.12.3
 Description: Translation module
  This module allows developers to run (unit) tests against Icinga Web 2 and
  any of its modules. Usually you do not need to enable this.

modules/translation/module.info

@@ -1,5 +1,5 @@
 Module: translation
-Version: 2.12.2
+Version: 2.12.3
 Description: Translation module
  This module allows developers and translators to translate modules for multiple
  languages. You do not need this module to run an internationalized web frontend.