Icinga2 Versions Save

The core of our monitoring platform with a powerful configuration language and REST API.

v2.12.9

1 year ago

This release includes some fixes and a performance improvement resulting in faster config validation and reload times.

Bugfixes

  • Fix a race-condition involving object attribute updates that could result in a crash. #9394
  • Speed up config validation by avoiding redundant serialization of objects. #9401
  • Windows: Update bundled version OpenSSL. #9414

v2.12.8

2 years ago

In the previous version 2.12.7, one bugfix was applied incorrectly. This is fixed by this release.

Downtimes

  • Scheduling downtimes for all children and all services no longer fails due to an object name conflict. Only version 2.11.7 was affected by this issue. #9349

Windows

  • Update the bundled version of Boost to 1.79.0. #9359

v2.13.3

2 years ago

This version includes bugfixes for many features of Icinga 2, including fixes for multiple crashes. It also includes a number of fixes and improvements for Icinga DB.

API

  • The /v1/config/stages endpoint now immediately rejects parallel config updates instead of accepting and then later failing to verify and activate them. #9328

Certificates

  • The lifetime of newly issued node certificates is reduced from 15 years to 397 days. #9337
  • Compare cluster certificate tickets in constant time. #9333

Notifications

  • Fix a crash that could happen while sending notifications shortly after Icinga 2 started. #9124
  • Fix missing or redundant notifications after certain combinations of state changes happened while notifications were suppressed, for example during a downtime. #9285

Checks and Commands

  • Fix a deadlock when processing check results for checkables with dependencies. #9228
  • Fix a message routing loop that can happen for event commands that are executed within a zone using command_endpoint that resulted in excessive execution of the command. #9260

Downtimes

  • Fix scheduling of downtimes for all services on child hosts. #9159
  • Creating fixed downtimes starting immediately now send a corresponding notification. #9158
  • Fix some issues involving daylight saving time changes that could result in an hour missing from scheduled downtimes. This fix applies to time periods as well. #9238

Configuration

  • Fix the evaluation order of default templates when used in combination with apply rules. Now default templates are imported first as stated in the documentation and as it already happens for objects defined without using apply. #9290

IDO

  • Fix an issue where contacts were not written correctly to the notification history if multiple IDO instances are active on the same node. #9242
  • Explicitly set the encoding for MySQL connections as a workaround for changed defaults in Debian bullseye. #9312
  • Ship a MySQL schema upgrade that fixes inconsistent version information in the full schema file and upgrade files which could have resulted in inaccurate reports of an outdated schema version. #9139

Performance Data Writers

  • Fix a race condition in the InfluxDB Writers that could result in a crash. #9237
  • Fix a log message where Influxdb2Writer logged as InfluxdbWriter. #9315
  • All writers no longer send metrics multiple times after HA failovers. #9322

Build

  • Fix the order of linker flags to fix builds on some ARM platforms. #9164
  • Fix a regression introduced in 2.13.2 preventing non-unity builds. #9094
  • Fix an issue when building within an unrelated Git repository, version information from that repository could incorrectly be used for Icinga 2. #9155
  • Windows: Update bundled Boost version to 1.78.0 and OpenSSL to 1.1.1n #9325

Internals

  • Fix some race conditions due to missing synchronization. These race conditions should not have caused any practical problems besides incorrect numbers in debug log message. #9306
  • Move the startup.log and status files created when validating incoming cluster config updates to /var/lib/icinga2/api and always keep the last failed startup.log to ease debugging. #9335

Icinga DB

  • The severity attribute was updated to match the sort order Icinga Web 2 uses for the IDO. The documentation for this attribute was already incorrect before and was updated to reflect the current functionality. #9239 #9240
  • Fix the is_sticky attribute for comments. #9303
  • Fix missing updates of is_reachable and severity in the state tables. #9241
  • Removing an acknowledgement no longer incorrectly writes comment history. #9302
  • Fix multiple issues so that in an HA zone, both nodes now write consistent history. #9157 #9182 #9190
  • Fix that history events are no longer written when state information should be updated. #9252
  • Fix an issue where incomplete comment history events were generated. #9301 Note: when removing comments using the API, the dedicated remove-comment action should be used instead of the objects API, otherwise no history event will be generated.
  • Fix handling of non-integer values for the order attribute of command arguments. #9181 Note: You should only specify integer values for order, other values are converted to integer before use so using fractional numbers there has no effect.
  • Add a dependency on icingadb-redis.service to the systemd service file so that Redis is stopped after Icinga 2. #9304
  • Buffer history events in memory when the Redis connection is lost. #9271
  • Add the previous soft state to the state tables. #9214
  • Add missing locking on object runtime updates. #9300

v2.12.7

2 years ago

This version includes bugfixes for many features of Icinga 2, including fixes for multiple crashes.

API

  • The /v1/config/stages endpoint now immediately rejects parallel config updates instead of accepting and then later failing to verify and activate them. #9326

Certificates

  • The lifetime of newly issued node certificates is reduced from 15 years to 397 days. #9338
  • Compare cluster certificate tickets in constant time. #9334

Notifications

  • Fix a crash that could happen while sending notifications shortly after Icinga 2 started. #9125

Checks and Commands

  • Fix a deadlock when processing check results for checkables with dependencies. #9229
  • Fix a message routing loop that can happen for event commands that are executed within a zone using command_endpoint that resulted in excessive execution of the command. #9261

Downtimes

  • Fix scheduling of downtimes for all services on child hosts. #9184
  • Creating fixed downtimes starting immediately now send a corresponding notification. #9185
  • Fix some issues involving daylight saving time changes that could result in an hour missing from scheduled downtimes. This fix applies to time periods as well. #9246
  • Fix a bug where downtimes on the day after a daylight saving time change could be off by an hour. #9253

Configuration

  • Fix the evaluation order of default templates when used in combination with apply rules. Now default templates are imported first as stated in the documentation and as it already happens for objects defined without using apply. #9294

IDO

  • Fix an issue where contacts were not written correctly to the notification history if multiple IDO instances are active on the same node. #9243
  • Explicitly set the encoding for MySQL connections as a workaround for changed defaults in Debian bullseye. #9313
  • Ship a MySQL schema upgrade that fixes inconsistent version information in the full schema file and upgrade files which could have resulted in inaccurate reports of an outdated schema version. #9140

Performance Data Writers

  • Fix a race condition in the InfluxDB Writers that could result in a crash. #9247
  • All writers no longer send metrics multiple times after HA failovers. #9329

Build

  • Fix the order of linker flags to fix builds on some ARM platforms. #9167
  • Fix an issue when building within an unrelated Git repository, version information from that repository could incorrectly be used for Icinga 2. #9156
  • Windows: Update bundled Boost version to 1.78.0 and OpenSSL to 1.1.1n #9320 #9327

Internals

  • Fix some race conditions due to missing synchronization. These race conditions should not have caused any practical problems besides incorrect numbers in debug log message. #9305
  • Move the startup.log and status files created when validating incoming cluster config updates to /var/lib/icinga2/api and always keep the last failed startup.log to ease debugging. #9336
  • Remove outdated and incorrect of the severity attributes #9244

v2.13.2

2 years ago

This version only includes changes needed for the release of Icinga DB 1.0.0 RC2 and doesn't include any other bugfixes or features.

Icinga DB

  • Prefix command_id with command type #9085
  • Decouple environment from Icinga 2 Environment constant #9082
  • Make icinga:history:stream:*#event_id deterministic #9076
  • Add downtime.duration & service_state.host_id to Redis #9084
  • Sync checkables along with their states first #9081
  • Flush both buffered states and state checksums on initial dump #9079
  • Introduce icinga:history:stream:downtime#scheduled_by #9080
  • Actually write parent to parent_id of zones #9078
  • Set value in milliseconds for program_start in stats/heartbeat #9077
  • Clean up vanished objects from icinga:checksum:*:state #9074
  • Remove usernotification history stream #9073
  • Write IDs of notified users into notification history stream #9071
  • Make CheckResult#scheduling_source available to Icinga DB #9072
  • Stream runtime state updates only to icinga:runtime:state #9068
  • Publish Redis schema version via XADD icinga:schema #9069
  • Don't include checkable types in history IDs #9070
  • Remove unused Redis key 'icinga:zone:parent' #9075

v2.13.1

2 years ago

Issues and PRs Blogpost

The main focus of this version is a security vulnerability in the TLS certificate verification of our metrics writers ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer.

Version 2.13.1 also fixes two issues introduced with the 2.13.0 release.

Security

  • Add TLS server certificate validation to ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer (GHSA-cxfm-8j5v-5qr2)

Depending on your setup, manual intervention beyond installing the new versions may be required, so please read the more detailed information in the release blog post carefully.

Bugfixes

  • IDO PgSQL: Fix a string quoting regression introduced in 2.13.0 #8958
  • ApiListener: Automatically fall back to IPv4 in default configuration on systems without IPv6 support #8961

v2.12.6

2 years ago

Blogpost

The focus of this version is a security vulnerability in the TLS certificate verification of our metrics writers ElasticsearchWriter, GelfWriter and InfluxdbWriter.

Security

  • Add TLS server certificate validation to ElasticsearchWriter, GelfWriter and InfluxdbWriter (GHSA-cxfm-8j5v-5qr2)

Depending on your setup, manual intervention beyond installing the new versions may be required, so please read the more detailed information in the release blog post carefully

v2.11.11

2 years ago

Blogpost

The focus of this version is a security vulnerability in the TLS certificate verification of our metrics writers ElasticsearchWriter, GelfWriter and InfluxdbWriter.

Security

  • Add TLS server certificate validation to ElasticsearchWriter, GelfWriter and InfluxdbWriter (GHSA-cxfm-8j5v-5qr2)

Depending on your setup, manual intervention beyond installing the new versions may be required, so please read the more detailed information in the release blog post carefully

v2.13.0

2 years ago

Issues and PRs Blogpost Upgrading docs

Thanks to all contributors: andygrunwald, BausPhi, bebehei, Bobobo-bo-Bo-bobo, efuss, froehl, iustin, JochenFriedrich, leeclemens, log1-c, lyknode, m41kc0d3, MarcusCaepio, mathiasaerts, mcktr, MEschenbacher, Napsty, netson, pdolinic, Ragnra, RincewindsHat, sbraz, sni, sysadt, XnS, yayayayaka

Enhancements

  • Core
    • PerfdataValue: Add units of measurement #7871
    • Flapping: Allow to ignore states in flapping detection #8600
  • Cluster
    • Display log message if two nodes run on incompatible versions #8088
  • API
    • /v1/actions/remove-downtime: Also remove child downtimes #8913
    • Add API endpoint: /v1/actions/execute-command #8040
    • /v1/actions/add-comment: Add param expiry #8035
    • API-Event StateChange & CheckResult: Add acknowledgement and downtime_depth #7736
    • Implement new API events ObjectCreated, ObjectDeleted and ObjectModified #8083
    • Implement scheduling_endpoint attribute to checkable #6326
  • Windows
    • Add support for Windows Event Log and write early log messages to it #8710
  • IDO
    • MySQL: support larger host and service names #8425
  • ITL
    • Add -S parameter for esxi_hardware ITL #8814
    • Add CheckCommands for Thola #8683
    • Add option ignore-sct for ssl_cert to ITL #8625
    • Improve check_dns command when used with monitoring-plugins 2.3 #8589
    • Add parameter -f to snmp-process #8569
    • Add systemd CheckCommand #8568
    • Add new options for ipmi-sensor #8498
    • check_snmp_int: support -a #8003
    • check_fail2ban: Add parameter fail2ban_jail to monitor a specific jail only #7960
    • check_nrpe: Add parameters needed for PKI usage #7907
  • Metrics
    • Support InfluxDB 2.0 #8719
    • Add support for InfluxDB basic auth #8314
  • Docs
    • Add info about ongoing support for IDO #8446
    • Improve instructions on how to setup a Windows dev env #8400
    • Improve instructions for installing wixtoolset on Windows #8397
    • Add section about usage of satellites #8458
    • Document command for verifying the parent node's certificate #8221
    • Clarify TimePeriod/ScheduledDowntime time zone handling #8001
  • Misc
    • Support TLS 1.3 #8718
    • Livestatus: append app name to program_version #7931
    • sd_notify() systemd about what we're doing right now #7874

Bugfixes

  • Core
    • Fix state not being UNKNOWN after process timeout #8937
    • Set a default severity for loggers #8846
    • Fix integer overflow when converting large unsigned integers to string #8742
    • StartUnixWorker(): don't exit() on fork() failure #8427
    • Fix perf data parser not recognizing scientific notation #8492
    • Close FDs based on /proc/self/fd #8442
    • Fix check source getting overwritten on passive check result #8158
    • Clean up temp files #8157
    • Improve perf data parser to allow for special output (e.g. ASCII tables) #8008
    • On check timeout first send SIGTERM #7918
  • Cluster
    • Drop passive check results for unreachable hosts/services #8267
    • Fix state timestamps set by the same check result differing across nodes #8101
  • API
    • Do not override status codes that are not 200 #8532
    • Update the SSL context after accepting incoming connections #8515
    • Allow to create API User with password #8321
    • Send Content-Type as API response header too #8108
    • Display a correct status when removing a downtime #8104
    • Display log message if a permission error occurs #8087
    • Replace broken package name validation regex #8825 #8946
  • Windows
    • Fix Windows command escape for " #7092
  • Notifications/Downtimes
    • Fix no re-notification for non OK state changes with time delay #8562
    • TimePeriod/ScheduledDowntime: Improve DST handling #8921
    • Don't send notifications while suppressed by checkable #8513
    • Fix a crash while removing a downtime from a disappeared checkable #8229
  • IDO
    • Update program status on stop #8730
    • Also mark objects inactive in memory on object deactivation #8626
    • IdoCheckTask: Don't override checkable critical with warn state #8613
    • PostgreSQL: Do not set standard_conforming_strings to off #8123
  • ITL
    • check_http: Fix assignment of check_adress blocking check by hostname #8109
    • check_mysql: Don't set -H if -s is given #8020
  • Metrics
    • OpenTSDB-Writer: Remove incorrect space causing missing tag error #8245

v2.12.5

2 years ago

Issues and PRs Blogpost

Version 2.12.5 fixes two security vulnerabilities that may lead to privilege escalation for authenticated API users. Other improvements include several bugfixes related to downtimes, downtime notifications, and more reliable connection handling.

Security

  • Don't expose the PKI ticket salt via the API. This may lead to privilege escalation for authenticated API users by them being able to request certificates for other identities (CVE-2021-32739)
  • Don't expose IdoMysqlConnection, IdoPgsqlConnection, IcingaDB, and ElasticsearchWriter passwords via the API (CVE-2021-32743)
  • Windows: Update bundled OpenSSL to version 1.1.1k #8885

Depending on your setup, manual intervention beyond installing the new versions may be required, so please read the more detailed information in the release blog post carefully.

Bugfixes

  • Don't send downtime end notification if downtime hasn't started #8877
  • Don't let a failed downtime creation block the others #8863
  • Support downtimes and comments for checkables with long names #8864
  • Trigger fixed downtimes immediately if the current time matches (instead of waiting for the timer) #8889
  • Add configurable timeout for full connection handshake #8866

Enhancements

  • Replace existing downtimes on ScheduledDowntime change #8879
  • Improve crashlog #8865