Name | Modified | Size | Downloads / Week |
---|---|---|---|
Parent folder | |||
xymon-4.3.18.tar.gz | 2015-02-03 | 2.8 MB | |
README | 2015-02-03 | 3.4 kB | |
Totals: 2 Items | 2.8 MB | 0 |
<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>> * * * Release notes for Xymon 4.3.18 * * * <<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>> 4.3.18 fixes a buffer overflow vulnerability in the acknowledge.cgi script (CVE-2015-1430). All users are encouraged to upgrade. Thank you to Mark Felder for noting the impact and Martin Lenko for the original patch. In previous versions, the Xymon web CGI programs were run through a shell-script wrapper, which took care of setting up the environment for the Xymon programs. In light of the bash 'Shell shock' bug, this is no longer the case. Instead, a binary 'cgiwrap' utility is used to load the xymonserver.cfg and cgioptions.cfg files before invoking the CGI programs. This means that the cgioptions.cfg file is no longer parsed as a shell script, so if you rely on this then it will no longer work. In that case you must replace the symlink(s) in xymon/cgi-bin/ with shell script wrappers which source the cgioptions.cfg file. <<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>> * * * Release notes for Xymon 4.3.17 * * * <<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>> This is a bug-fix release only. The most critical bugfix solves the problem of xymon crashing when sending it a "schedule" command to schedule a future disable/enable of a test. This release fixes a few problems with building Xymon from source on Solaris, and in some uncommon configurations. <<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>> * * * Release notes for Xymon 4.3.16 * * * <<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>> The only user-visible change since 4.3.14 is the new support for regular expressions in client-local.cfg. 4.3.15 accidentally caused all matching sections in client-local.cfg to be merged, so a host would receive both a host-specific configuration and the OS-default configuration. 4.3.16 reverts this behaviour unless you run xymond with the new "--merge-clientconfig" option. <<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>> * * * Release notes for Xymon 4.3.14 * * * <<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>> In previous Xymon versions, a client-only configuration (i.e. one configured with "./configure --client") would place the client files in a "client" subdirectory below the directory specified during configuration. This is the same directory layout as a server installation, where the server and client parts of Xymon are in separate subdirectories. In 4.3.14, the default has changed so a client-only installation now installs in the directory given during the configure-step. The "/client" has been eliminated, so if you are upgrading an existing client you must either move the old client installation one level up from the "client/" directory, or change the Makefile generated by "configure --client" and add "/client" to the XYMONTOPDIR setting. The SNI support added in 4.3.13 causes problems with some older webservers, whose SSL implementation cannot handshake correctly when SNI is used. The failed handshake causes Xymon to report the site as down. In 4.3.14, the default is changed so SNI is disabled. A new "--sni" option was added to xymonnet to control the default setting, and two new tags "sni" and "nosni" can be used in hosts.cfg to control SNI for each host that is tested.