[Xymon] Xymon 4.3.12 released
henrik at hswn.dk
henrik at hswn.dk
Wed Jul 24 11:13:00 CEST 2013
Hi,
I have released version 4.3.12 of Xymon on Sourceforge, and it is
available from http://sourceforge.net/projects/xymon/files/Xymon/4.3.12/
. Due to a security bugfix, I strongly recommend upgrading to this
version.
Regards,
Henrik
NOTE: This release includes a bugfix for a security issue
in the xymond_history and xymond_rrd modules. A "drophost"
command sent to the xymond port (default: 1984) from an IP
listed in the --admin-senders access control list can be
used to delete files owned by the user running the xymond
daemon. This is allowed by default, so it is highly recommended
List of changes:
* rev 7211
* Security fix: Guard against directory traversal via hostname in
"drophost" commands
* Fix crash in xymongen introduced in 4.3.11
* SCO client: Fix overflow in memory calculation when >2 GB memory
* Fix so "include" and "directory" definitions in configuration files
now handle <tab> after the keyword
* Fix for the Xymon webpage menu on iPad's and Android (touch devices)
* Fix "drophost" handling so the host data directory is also cleared
* xymond_rrd now processes data from "clear" status messages
* Xymon clients now report the version number in the client data
* Linux clients now align "ps" output so it is more readable.
* New "generic" client message handler allows log/file monitoring from
systems that are not known to Xymon.
* The Xymon client now works if invoked with a relative path to the
runclient.sh script
* Other minor / internal bugfixes
More information about the Xymon
mailing list