Merge branch 'release/v2.9.0'

AUTHORS

@@ -1,5 +1,6 @@
 Aaron Collins <acollins@chegg.com>
 Alexander A. Klimov <alexander.klimov@icinga.com>
+Alexander Aleksandrovič Klimov <alexander.klimov@icinga.com>
 Alexander Fuhr <alexander.fuhr@netways.de>
 Alexander Wirt <formorer@debian.org>
 Andreas Olsson <andreas@arrakis.se>
@@ -26,6 +27,7 @@ Christoph Wiechert <wio@psitrax.de>
 Constantin Matheis <constantin.matheis@gmail.com>
 Cornelius Wachinger <cornelius@dercorn.com>
 cstegm <cstegm@users.noreply.github.com>
+Damiano Chini <damiano.chini@wuerth-phoenix.com>
 Daniel <d.lorych@gmail.com>
 Daniel Shirley <aditaa@ig2ad.com>
 Davide Bizzarri <davide.bizzarri@wuerth-phoenix.com>
@@ -56,11 +58,13 @@ Jiri Pejchal <jiri.pejchal@gmail.com>
 Joe Doherty <git@pjuu.com>
 Johannes Meyer <johannes.meyer@icinga.com>
 Joonas Kylmälä <joonas.kylmala@kirjastot.fi>
+Jorge Vallecillo <jorgevallecilloc@gmail.com>
 Jo Rhett <jo@chegg.com>
 Ken Jungclaus <lum33n@web.de>
 Klaus Jrgensen <klaus@blackwoodseven.com>
 Lee Clemens <java@leeclemens.net>
 Loei Petrus Marogi <loeipetrus.marogi@netways.de>
+log1-c <24474580+log1-c@users.noreply.github.com>
 Louis Sautier <sautier.louis@gmail.com>
 mapa82 <maik.paetzold@akra.de>
 Marc DeTrano <marc@gridshield.net>
@@ -71,6 +75,7 @@ Mario Rimann <mario@rimann.org>
 Marius Hein <marius.hein@netways.de>
 Markus Frosch <markus.frosch@icinga.com>
 Markus Opolka <opolkams@iis.fraunhofer.de>
+Massimiliano Torromeo <massimiliano.torromeo@gmail.com>
 Matthias Jentsch <matthias.jentsch@netways.de>
 Matthias <pub@matthias-henning.de>
 Max Kozlov <m.v.kozlov@gmail.com>
@@ -99,9 +104,11 @@ Pieter Lexis <pieter.lexis@powerdns.com>
 PunkoIvan <punkoivan@gmail.com>
 Ramy Talal <ramy@thinkquality.nl>
 Raphael Bicker <raphael@bicker.ch>
+Ravi Kumar Kempapura Srinivasa <ravi.srinivasa@icinga.com>
 rbelinsky <rbelinsky@dalet.com>
 realitygaps <github@gapsinreality.com>
 Rene Moser <rene.moser@swisstxt.ch>
+Rick Henry <rjh@rick-h.xyz>
 rkcpi <thieme.sandra@gmail.com>
 Roland Hopferwieser <rhopfer@ica.jku.at>
 Rudy Gevaert <rudy.gevaert@ugent.be>
@@ -111,6 +118,8 @@ Sander Ferdinand <sa.ferdinand@gmail.com>
 sant-swedge <simon.wedge@sant.ox.ac.uk>
 Simone Orsi <simahawk@users.noreply.github.com>
 ss23 <stephen@zxsecurity.co.nz>
+sukhwinder33445 <54990055+sukhwinder33445@users.noreply.github.com>
+Sukhwinder Dhillon <sukhwinder33445@gmail.com>
 Susanne Vestner-Ludwig <susanne.vestner-ludwig@inserteffect.com>
 Sylph Lin <sylph.lin@gmail.com>
 tfylling <torbfylling@gmail.com>

CHANGELOG.md

@@ -4,6 +4,68 @@ Please make sure to always read our [Upgrading](doc/80-Upgrading.md) documentati
 
 ## What's New
 
+### What's New in Version 2.9.0
+
+You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/59?closed=1).
+
+Please make sure to also check the respective [upgrading section](https://icinga.com/docs/icinga-web-2/latest/doc/80-Upgrading/#upgrading-to-icinga-web-2-29x)
+in the documentation.
+
+This release is accompanied by the minor releases v2.7.5 and v2.8.3 which include the security fixes mentioned below.
+
+#### Icinga DB
+
+We continue our endeavour soon. Icinga Web 2 is still a crucial part of it and this update is again required
+for Icinga DB. If you like to participate again, don't forget to update Icinga Web 2 as well.
+
+#### Security Fixes
+
+This release includes two security related fixes. Both were published as part of a security advisory on Github.
+They allow the circumvention of custom variable protection rules and blacklists as well as a path traversal if
+the `doc` module is enabled. Please check the respective advisory for details.
+
+* Custom variable protection and blacklists can be circumvented [GHSA-2xv9-886q-p7xx](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx)
+* Possible path traversal by use of the `doc` module [GHSA-cmgc-h4cx-3v43](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43)
+
+#### RBAC, The Elephant In Icinga Web 2
+
+Role Based Access Control, for the non-initiated. I'll make it short: Permission refusals, Role inheritance,
+Privilege Audit. Icinga DB will also solve the long-standing issue [#2455](https://github.com/Icinga/icingaweb2/issues/2455)
+and also allows [#3349](https://github.com/Icinga/icingaweb2/issues/3349) and [#3550](https://github.com/Icinga/icingaweb2/issues/3550).
+I've also written a blog post about this very topic: https://icinga.com/blog/2021/04/07/web-access-control-redefined/
+
+* Authorization enhancements [#4306](https://github.com/Icinga/icingaweb2/pull/4306)
+* Audit View [#4336](https://github.com/Icinga/icingaweb2/pull/4336)
+* Highlight modules with permissions set inside a role [#4241](https://github.com/Icinga/icingaweb2/issues/4241)
+
+#### Support for PHP 8
+
+PHP 8 is released and with Icinga Web 2.9 it will now (hopefully) work flawlessly. We also took the chance
+to prepare to drop the support of some legacy PHP versions. We now require PHP 7.3 at a minimum and all
+versions below that will not be supported anymore with the release of v2.11.
+
+* Support PHP 8 [#4289](https://github.com/Icinga/icingaweb2/pull/4289)
+* Raise minimum required PHP version to 7.3 [#4397](https://github.com/Icinga/icingaweb2/pull/4397)
+
+#### Stay, Be Remembered
+
+Have you ever been disappointed that Icinga Web 2 always forgets you after closing your browser? This is in
+your hands now! Just tick the new checkbox on the login screen and Icinga Web 2 doesn't forget your presence
+anymore. Unless of course the administrator or you on a different device clears your session.
+
+* Implement a "remember me" feature [#2495](https://github.com/Icinga/icingaweb2/issues/2495)
+
+#### It Does Matter, When
+
+Browsers are bad when it's about date and time inputs. (I'm looking at you Mozilla!) Now we've given our hopes
+up and use a specifically invented solution to show you a date and time picker throughout every browser. With
+Icinga v2.13 onwards you will also be able to use this when defining an expiry date for comments! Though, you
+might not necessarily use it that often once you've configured new custom defaults for downtime endings.
+
+* Add datetime picker widget [#4354](https://github.com/Icinga/icingaweb2/pull/4354)
+* Expire Option for Comments [#3447](https://github.com/Icinga/icingaweb2/issues/3447)
+* Custom defaults for downtime end, comment and duration [#4364](https://github.com/Icinga/icingaweb2/issues/4364)
+
 ### What's New in Version 2.8.2
 
 **Notice**: This is a security release. It is recommended to immediately upgrade to this release.

VERSION

@@ -1 +1 @@
-v2.8.2
+v2.9.0

application/forms/Config/GeneralConfigForm.php

@@ -43,7 +43,7 @@ class GeneralConfigForm extends ConfigForm
         parent::onRequest();
 
         if ($this->config->getConfigObject()->global->config_backend === 'ini') {
-            $this->warning('The preferences backend of type INI is deprecated and will be removed with version 2.10');
+            $this->warning('The preferences backend of type INI is deprecated and will be removed with version 2.11');
         }
     }
 }

doc/80-Upgrading.md

@@ -5,6 +5,37 @@ v2.6 to v2.8 requires to follow the instructions for v2.7 too.
 
 ## Upgrading to Icinga Web 2 2.9.x
 
+**Installation**
+
+* Icinga Web 2 now requires the [Icinga PHP Library (ipl)](https://github.com/Icinga/icinga-php-library) (>= 0.6)
+  and [Icinga PHP Thirdparty](https://github.com/Icinga/icinga-php-thirdparty) (>= 0.10). Please make sure to
+  install both when upgrading. We provide packages for them and if you've installed Icinga Web 2 already by
+  package they should be installed automatically during the upgrade.
+* [Icinga Business Process Modelling](https://github.com/Icinga/icingaweb2-module-businessprocess/releases/tag/v2.3.1)
+  has been updated to v2.3.1. If you're using this module, this version is required when upgrading.
+
+**General**
+
+* For database connections to the IDO running on MySQL, a default charset (`latin1`) is now applied.
+  If you had previously problems with special characters and umlauts and you've set this charset
+  already manually, no change is required. However, if your IDO resource configuration has another
+  charset configured than this, it is highly recommended to clear this setting. Otherwise the default
+  won't apply and characters may still be shown incorrectly in the UI.
+
+**Database Schema**
+
+* Icinga Web 2 now permits its users to stay logged in. This requires a new database table.
+  * Please apply the `v2.9.0.sql` upgrade script depending on your database vendor.
+    In package installations this file can be found in `/usr/share/doc/icingaweb2/schema/*-upgrades/`
+
+**Breaking changes**
+
+* Password changes are not allowed by default anymore
+  * The fake refusal `no-user/password-change` has now been changed to a grant `user/password-change`.
+    Any user that had `no-user/password-change` previously still cannot change passwords. Though any
+    user that didn't have this *permission*, needs to be granted `user/password-change` now in order
+    to change passwords.
+
 **Deprecations**
 
 * Support for EOL PHP versions (5.6, 7.0, 7.1 and 7.2) will be removed with version 2.11
@@ -12,6 +43,24 @@ v2.6 to v2.8 requires to follow the instructions for v2.7 too.
   * New features after v2.9 will already not (necessarily) be available in Internet Explorer
 * `user.local_name` replaces the `user:local_name` macro in restrictions, and the latter will be removed with
   version 2.11
+* The configuration backend type `INI` is not configurable anymore. **A database is now mandatory.**
+  * Existing configurations using this configuration backend type will stop working with the
+    release of v2.11.
+  * Note that this only applies to user preferences. Other configurations are still stored
+    in `.ini` files. (#3770)
+* The Vagrant file and all its assets will be removed with version 2.11
+
+**Framework changes affecting third-party code**
+
+* The `jquery-migrate` compatibility layer for Javascript code working with jQuery 2.x has been removed.
+  It has been introduced with v2.7 when we upgraded jQuery to v3.4.1 in order to allow module developers
+  a seamless upgrade chance. If a module still has UI glitches after an upgrade to v2.9, please contact
+  the module developer.
+* The method `getHtmlForEvent` of the `EventDetailsExtensionHook` previously received the host or service
+  object of an event. Now the actual event object is passed to it instead.
+* Asset support for modules (#3961) introduced with v2.8 has now been deprecated in favor of library
+  support (#4272) and will be removed with v2.10. We don't expect broad usage of this feature since
+  it's been introduced with the latest major version, so it's already being removed with the next one.
 
 ## Upgrading to Icinga Web 2 2.8.x
 

library/Icinga/Application/Version.php

@@ -8,7 +8,7 @@ namespace Icinga\Application;
  */
 class Version
 {
-    const VERSION = '2.8.2';
+    const VERSION = '2.9.0';
 
     /**
      * Get the version of this instance of Icinga Web 2

library/Icinga/User/Preferences/PreferencesStore.php

@@ -127,7 +127,7 @@ abstract class PreferencesStore
         }
 
         if ($type === 'Ini') {
-            Logger::warning('The preferences backend of type INI is deprecated and will be removed with version 2.10');
+            Logger::warning('The preferences backend of type INI is deprecated and will be removed with version 2.11');
             $config->location = Config::resolvePath('preferences');
         } elseif ($type === 'Db') {
             $config->connection = new DbConnection(ResourceFactory::getResourceConfig($config->resource));

modules/doc/module.info

@@ -1,4 +1,4 @@
 Module: doc
-Version: 2.8.2
+Version: 2.9.0
 Description: Documentation module
  Extracts, shows and exports documentation for Icinga Web 2 and its modules.

modules/migrate/module.info

@@ -1,5 +1,5 @@
 Module: migrate
-Version: 2.8.2
+Version: 2.9.0
 Description: Migrate module
  This module was introduced with the domain-aware authentication feature in version 2.5.0.
  It helps you migrating users and user configurations according to a given domain.

modules/monitoring/module.info

@@ -1,5 +1,5 @@
 Module: monitoring
-Version: 2.8.2
+Version: 2.9.0
 Description: Icinga monitoring module
  IDO accessor and UI for your monitoring. This is the initial instalment for a
  graphical presentation of Icinga environments. The predecessor of Icinga DB.

modules/setup/module.info

@@ -1,5 +1,5 @@
 Module: setup
-Version: 2.8.2
+Version: 2.9.0
 Description: Setup module
  Web based wizard for setting up Icinga Web 2 and its modules.
  This includes the data backends (e.g. relational database, LDAP),

modules/test/module.info

@@ -1,5 +1,5 @@
 Module: test
-Version: 2.8.2
+Version: 2.9.0
 Description: Translation module
  This module allows developers to run (unit) tests against Icinga Web 2 and
  any of its modules. Usually you do not need to enable this.

modules/translation/module.info

@@ -1,5 +1,5 @@
 Module: translation
-Version: 2.8.2
+Version: 2.9.0
 Description: Translation module
  This module allows developers and translators to translate modules for multiple
  languages. You do not need this module to run an internationalized web frontend.