| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| xymon-4.3.18.tar.gz | 2015-02-03 | 2.8 MB | |
| README | 2015-02-03 | 3.4 kB | |
| Totals: 2 Items | 2.8 MB | 0 | |
<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>
* * * Release notes for Xymon 4.3.18 * * *
<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>
4.3.18 fixes a buffer overflow vulnerability in the acknowledge.cgi
script (CVE-2015-1430). All users are encouraged to upgrade.
Thank you to Mark Felder for noting the impact and Martin Lenko
for the original patch.
In previous versions, the Xymon web CGI programs were run through
a shell-script wrapper, which took care of setting up the environment
for the Xymon programs. In light of the bash 'Shell shock' bug, this
is no longer the case. Instead, a binary 'cgiwrap' utility is used
to load the xymonserver.cfg and cgioptions.cfg files before invoking
the CGI programs. This means that the cgioptions.cfg file is no longer
parsed as a shell script, so if you rely on this then it will no
longer work. In that case you must replace the symlink(s) in
xymon/cgi-bin/ with shell script wrappers which source the
cgioptions.cfg file.
<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>
* * * Release notes for Xymon 4.3.17 * * *
<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>
This is a bug-fix release only. The most critical bugfix solves the
problem of xymon crashing when sending it a "schedule" command to
schedule a future disable/enable of a test.
This release fixes a few problems with building Xymon from source on
Solaris, and in some uncommon configurations.
<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>
* * * Release notes for Xymon 4.3.16 * * *
<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>
The only user-visible change since 4.3.14 is the new support for regular
expressions in client-local.cfg. 4.3.15 accidentally caused all matching
sections in client-local.cfg to be merged, so a host would receive both
a host-specific configuration and the OS-default configuration.
4.3.16 reverts this behaviour unless you run xymond with the new
"--merge-clientconfig" option.
<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>
* * * Release notes for Xymon 4.3.14 * * *
<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>
In previous Xymon versions, a client-only configuration (i.e. one
configured with "./configure --client") would place the client
files in a "client" subdirectory below the directory specified
during configuration. This is the same directory layout as a server
installation, where the server and client parts of Xymon are
in separate subdirectories.
In 4.3.14, the default has changed so a client-only installation
now installs in the directory given during the configure-step.
The "/client" has been eliminated, so if you are upgrading an
existing client you must either move the old client installation
one level up from the "client/" directory, or change the Makefile
generated by "configure --client" and add "/client" to the
XYMONTOPDIR setting.
The SNI support added in 4.3.13 causes problems with some older
webservers, whose SSL implementation cannot handshake correctly
when SNI is used. The failed handshake causes Xymon to report
the site as down. In 4.3.14, the default is changed so SNI is
disabled. A new "--sni" option was added to xymonnet to control the
default setting, and two new tags "sni" and "nosni" can be used in
hosts.cfg to control SNI for each host that is tested.