diff --git a/CHANGELOG.md b/CHANGELOG.md index 816fe60cf..2f57f375f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,20 @@ Please make sure to always read our [Upgrading](doc/80-Upgrading.md) documentati ## What's New +### What's New in Version 2.9.6 + +**Notice**: This is a security release. It is recommended to upgrade immediately. + +#### Security Fixes + +This release includes three security related fixes. The first is a path traversal issue that affects installations +of v2.9.0 and above. Another one allows admins to run arbitrary PHP code just by accessing the UI. The last one may +disclose unwanted details to restricted users. Please check the advisories on GitHub for more details. + +* Path traversal in static library file requests for unauthenticated users [GHSA-5p3f-rh28-8frw](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw) +* SSH resources allow arbitrary code execution for authenticated users [GHSA-v9mv-h52f-7g63](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63) +* Unwanted disclosure of hosts and related data, linked to decommissioned services [GHSA-qcmg-vr56-x9wf](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf) + ### What's New in Version 2.9.5 This is a hotfix release which fixes the following issues: diff --git a/VERSION b/VERSION index a4d862ddb..1fa6ccd53 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v2.9.5 +v2.9.6 diff --git a/library/Icinga/Application/Version.php b/library/Icinga/Application/Version.php index 0044cd7d7..d9315c382 100644 --- a/library/Icinga/Application/Version.php +++ b/library/Icinga/Application/Version.php @@ -8,7 +8,7 @@ namespace Icinga\Application; */ class Version { - const VERSION = '2.9.5'; + const VERSION = '2.9.6'; /** * Get the version of this instance of Icinga Web 2 diff --git a/modules/doc/module.info b/modules/doc/module.info index c1bc6ff3c..ca2002317 100644 --- a/modules/doc/module.info +++ b/modules/doc/module.info @@ -1,4 +1,4 @@ Module: doc -Version: 2.9.5 +Version: 2.9.6 Description: Documentation module Extracts, shows and exports documentation for Icinga Web 2 and its modules. diff --git a/modules/migrate/module.info b/modules/migrate/module.info index b31614f4e..3541a2d2f 100644 --- a/modules/migrate/module.info +++ b/modules/migrate/module.info @@ -1,5 +1,5 @@ Module: migrate -Version: 2.9.5 +Version: 2.9.6 Description: Migrate module This module was introduced with the domain-aware authentication feature in version 2.5.0. It helps you migrating users and user configurations according to a given domain. diff --git a/modules/monitoring/module.info b/modules/monitoring/module.info index fb2d71365..611db44bc 100644 --- a/modules/monitoring/module.info +++ b/modules/monitoring/module.info @@ -1,5 +1,5 @@ Module: monitoring -Version: 2.9.5 +Version: 2.9.6 Description: Icinga monitoring module IDO accessor and UI for your monitoring. This is the initial instalment for a graphical presentation of Icinga environments. The predecessor of Icinga DB. diff --git a/modules/setup/module.info b/modules/setup/module.info index 80822ddc0..0cecb895d 100644 --- a/modules/setup/module.info +++ b/modules/setup/module.info @@ -1,5 +1,5 @@ Module: setup -Version: 2.9.5 +Version: 2.9.6 Description: Setup module Web based wizard for setting up Icinga Web 2 and its modules. This includes the data backends (e.g. relational database, LDAP), diff --git a/modules/test/module.info b/modules/test/module.info index 2ee0639dd..8bbe57b37 100644 --- a/modules/test/module.info +++ b/modules/test/module.info @@ -1,5 +1,5 @@ Module: test -Version: 2.9.5 +Version: 2.9.6 Description: Translation module This module allows developers to run (unit) tests against Icinga Web 2 and any of its modules. Usually you do not need to enable this. diff --git a/modules/translation/module.info b/modules/translation/module.info index 9fbfbcc39..77518a4e4 100644 --- a/modules/translation/module.info +++ b/modules/translation/module.info @@ -1,5 +1,5 @@ Module: translation -Version: 2.9.5 +Version: 2.9.6 Description: Translation module This module allows developers and translators to translate modules for multiple languages. You do not need this module to run an internationalized web frontend.