<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>
* * * Release notes for Xymon 4.3.23 * * *
<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>
This documents the important changes between Xymon releases, i.e.
changes you should be aware of when upgrading.
For a full list of changes and enhancements, please see the
Changes file.
Changes for 4.3.23
==================
Fixes a bug in 4.3.22 where RRD tracking of number of matching processes or
ports open on a client was not being performed.
Changes for 4.3.22
==================
The default rules for HTTP response codes have been simplified and made more
generic:
1xx = Warning (when the final code received)
2xx = OK
3xx = Warning (except 302/303/307 = OK)
4xx = Critical
5xx = Critical
The specific changes from previous versions are:
- 401 and 403 response codes are now considered Critical (were OK)
- 301 Permanent Redirect response code is now considered a Warning (was OK)
- "Extended" or new HTTP status codes in the 4xx and 5xx range
are now considered Critical (unknown codes were previously a Warning)
In the case of 301, 401, and 403 HTTP codes, if you're expecting to receive
this HTTP status from a URL query, you should add the code explicitly to
the check by using the "httpstatus" syntax (see hosts.cfg(5)).
Basic HTTP Authentication is supported for testing logins to a site.
*** Special note: Many vendor-supplied default "Welcome" pages on unconfigured
apache servers are actually generated by a 403 error handler. Generically
testing for these pages will now show a red status instead of a green one. To
fix, simply place an index.html page at the root of the site so that 403's are
not generated.
The 'sslcert' test will now indicate the signature algorithm and cipher
that was actually used in the connection, instead of a list of all ciphers.
Use --showallciphers to restore the previous behavior.
On new installs, the default apache configuration no longer requires a trailing
slash when accessing the xymon pages. http://www.example.com/xymon will work.
NTPDATEOPTS, FPINGOPTS, and TRACEROUTEOPTS variables are now present in
xymonserver.cfg and will override the default options for the associated
xymonnet calls.
Note: The suggested options to 'traceroute' were never actually used as
the default on a standard installation. In a future release,
'-n -q 2 -w 2 -m 15' may be used unless overridden or otherwise specified.
Darwin clients (Mac OS X) now exclude AFS and read-only volumes (which are
usually just mounted disk images) from processing, properly handle volumes with
spaces in their names, and correctly process inode details.
A chpasswd.sh file is now provided which allows a logged-in user to
change their own .htpasswd password (after verification). Because it
verifies their existing password first, it requires the '-v' option to
htpasswd, which is only available in Apache 2.4.5 or higher.
By default, it is installed in the /xymon-seccgi/ directory, but can be
moved to the /xymon-cgi/ directory to allow all users to change their
password. Basic input validation is provided, but this CGI should be
used with caution and only with relatively-trusted user bases.
xymongen used to skip over host groups on pages when it calcuated that
there were no test results to be displayed in that table. These groups are
now displayed, but you can restore the previous behavior by passing it
the --no-showemptygroups option.
