README for Xymon 4.3.12
NOTE: This release includes a bugfix for a security issue
in the xymond_history and xymond_rrd modules. A "drophost"
command sent to the xymond port (default: 1984) from an IP
listed in the --admin-senders access control list can be
used to delete files owned by the user running the xymond
daemon. This is allowed by default, so it is highly recommended
List of changes:
* rev 7211
* Security fix: Guard against directory traversal via hostname in "drophost" commands
* Fix crash in xymongen introduced in 4.3.11
* SCO client: Fix overflow in memory calculation when >2 GB memory
* Fix so "include" and "directory" definitions in configuration files now handle <tab> after the keyword
* Fix for the Xymon webpage menu on iPad's and Android (touch devices)
* Fix "drophost" handling so the host data directory is also cleared
* xymond_rrd now processes data from "clear" status messages
* Xymon clients now report the version number in the client data
* Linux clients now align "ps" output so it is more readable.
* New "generic" client message handler allows log/file monitoring from systems that are not known to Xymon.
* The Xymon client now works if invoked with a relative path to the runclient.sh script
* Other minor / internal bugfixes