From 77244b2c1b01d7befd51672a8c3d0b7558fa9836 Mon Sep 17 00:00:00 2001 From: Johannes Meyer Date: Fri, 14 Aug 2020 13:37:59 +0200 Subject: [PATCH 1/2] Raise version to v2.8.2 --- VERSION | 2 +- library/Icinga/Application/Version.php | 2 +- modules/doc/module.info | 2 +- modules/migrate/module.info | 2 +- modules/monitoring/module.info | 2 +- modules/setup/module.info | 2 +- modules/test/module.info | 2 +- modules/translation/module.info | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/VERSION b/VERSION index 30505b0b8..f671dd08e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v2.8.1 +v2.8.2 diff --git a/library/Icinga/Application/Version.php b/library/Icinga/Application/Version.php index 1fd623785..a863cd439 100644 --- a/library/Icinga/Application/Version.php +++ b/library/Icinga/Application/Version.php @@ -8,7 +8,7 @@ namespace Icinga\Application; */ class Version { - const VERSION = '2.8.1'; + const VERSION = '2.8.2'; /** * Get the version of this instance of Icinga Web 2 diff --git a/modules/doc/module.info b/modules/doc/module.info index 0be71b07d..5adbceef5 100644 --- a/modules/doc/module.info +++ b/modules/doc/module.info @@ -1,4 +1,4 @@ Module: doc -Version: 2.8.1 +Version: 2.8.2 Description: Documentation module Extracts, shows and exports documentation for Icinga Web 2 and its modules. diff --git a/modules/migrate/module.info b/modules/migrate/module.info index 082d9566b..ef6e5aa1e 100644 --- a/modules/migrate/module.info +++ b/modules/migrate/module.info @@ -1,5 +1,5 @@ Module: migrate -Version: 2.8.1 +Version: 2.8.2 Description: Migrate module This module was introduced with the domain-aware authentication feature in version 2.5.0. It helps you migrating users and user configurations according to a given domain. diff --git a/modules/monitoring/module.info b/modules/monitoring/module.info index 08dd9a0ff..6d3efdd32 100644 --- a/modules/monitoring/module.info +++ b/modules/monitoring/module.info @@ -1,5 +1,5 @@ Module: monitoring -Version: 2.8.1 +Version: 2.8.2 Description: Icinga monitoring module IDO accessor and UI for your monitoring. This is the initial instalment for a graphical presentation of Icinga environments. The predecessor of Icinga DB. diff --git a/modules/setup/module.info b/modules/setup/module.info index 29e84b7b5..d7eba9228 100644 --- a/modules/setup/module.info +++ b/modules/setup/module.info @@ -1,5 +1,5 @@ Module: setup -Version: 2.8.1 +Version: 2.8.2 Description: Setup module Web based wizard for setting up Icinga Web 2 and its modules. This includes the data backends (e.g. relational database, LDAP), diff --git a/modules/test/module.info b/modules/test/module.info index 1c46c73fd..4fcfeecd5 100644 --- a/modules/test/module.info +++ b/modules/test/module.info @@ -1,5 +1,5 @@ Module: test -Version: 2.8.1 +Version: 2.8.2 Description: Translation module This module allows developers to run (unit) tests against Icinga Web 2 and any of its modules. Usually you do not need to enable this. diff --git a/modules/translation/module.info b/modules/translation/module.info index 6a590ce93..196c63dce 100644 --- a/modules/translation/module.info +++ b/modules/translation/module.info @@ -1,5 +1,5 @@ Module: translation -Version: 2.8.1 +Version: 2.8.2 Description: Translation module This module allows developers and translators to translate Icinga Web 2 and its modules for multiple languages. You do not need this module to run an From 8a529d4842facf2381427f9661c11a5028cc0683 Mon Sep 17 00:00:00 2001 From: Johannes Meyer Date: Fri, 14 Aug 2020 14:23:18 +0200 Subject: [PATCH 2/2] Update CHANGELOG.md --- CHANGELOG.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 57f43b828..f994dfafb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,27 @@ Please make sure to always read our [Upgrading](doc/80-Upgrading.md) documentati ## What's New +### What's New in Version 2.8.2 + +**Notice**: This is a security release. It is recommended to immediately upgrade to this release. + +You can find all issues related to this release on the respective [milestone](https://github.com/Icinga/icingaweb2/milestone/62?closed=1). + +#### Path Traversal Vulnerability + +The vulnerability in question allows an attacker to access arbitrary files which are readable by the process running +Icinga Web 2. Technical details can be found at the corresponding [CVE-2020-24368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24368) +and in the issue below. + +* Possible path traversal when serving static image files [#4226](https://github.com/Icinga/icingaweb2/issues/4226) + +#### Broken Negated Filters with PostgreSQL + +We've also included a small non-security related fix. Searching for e.g. `servicegroup!=support` leads to an error +instead of the desired result when using a PostgreSQL database. + +* Single negated membership filter fails with PostgreSQL [#4196](https://github.com/Icinga/icingaweb2/issues/4196) + ### What's New in Version 2.8.1 You can find all issues related to this release on the respective [milestone](https://github.com/Icinga/icingaweb2/milestone/61?closed=1).