From 8ca6cc32b2c789a3149861159ad258f2cb9491e3 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 14:39:39 +0200 Subject: Adding upstream version 2.11.4. Signed-off-by: Daniel Baumann --- CHANGELOG.md | 1491 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1491 insertions(+) create mode 100644 CHANGELOG.md (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..1c1a267 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,1491 @@ +# Icinga Web 2 Changelog + +Please make sure to always read our [Upgrading](doc/80-Upgrading.md) documentation before switching to a new version. + +## What's New + +### What's New in Version 2.11.4 + +You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/78?closed=1). + +#### Notable Fixes + +* Add/Edit dashlet not possible [#4970](https://github.com/Icinga/icingaweb2/issues/4970) +* Custom library path + custom library, without slash in its name, results in exception [#4971](https://github.com/Icinga/icingaweb2/issues/4971) +* Reflected XSS vulnerability in User Backends config page [#4979](https://github.com/Icinga/icingaweb2/issues/4979) + +### What's New in Version 2.11.3 + +**Notice**: This is a security release. It is recommended to upgrade immediately. + +You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/77?closed=1). + +#### Minor to Medium Vulnerabilities + +In late November we received multiple security vulnerability reports. They are listed below in order of severity +where you can also find further notes: + +* Open Redirects for logged in users [#4945](https://github.com/Icinga/icingaweb2/issues/4945) + This one is quite old, though got worse and easier to exploit since v2.9. It is for this reason that + this fix has been backported all the way down to v2.9.8. It can be used to exploit incautious users, + no matter their browser and its security settings. They need to click a specifically crafted link + (in the easiest form) and log in to Icinga Web by filling in their access credentials. If they're + already logged in, (due to an existing session or SSO) the browser prevents the exploit from happening. + We encourage you to update to the latest release as soon as possible to mitigate any potential harm. + +* SSH Resource Configuration form XSS Bug [#4947](https://github.com/Icinga/icingaweb2/issues/4947) + Dashlets allow the user to run Javascript code [#4959](https://github.com/Icinga/icingaweb2/issues/4959) + These two are very similar. Both revolve around Javascript getting injected by logged in users + interacting with forms. The SSH resource configuration requires configuration access though and, since + custom dashlets are only shown to the user who created them, the dashlet configuration cannot affect + other users. Note that both interactions cannot be initiated externally by CSRF, the forms are protected + against this. Because of this we assess the severity of these two very low. + +* Role member suggestion endpoint is reachable for unauthorized users [#4961](https://github.com/Icinga/icingaweb2/issues/4961) + This is more a case of missing authorization checks than a full fledged security flaw. But nevertheless, + it allows any logged-in user, by use of a manually crafted request, to retrieve the names of all available + users and usergroups. + +#### The More Usual Dose of Fixes + +* Browser print dialog result broken [#4957](https://github.com/Icinga/icingaweb2/issues/4957) + If you tried to export a view using the browser's builtin print dialog, (e.g. Ctrl+P) you may have + noticed a degradation of fanciness since the update to v2.10. This looks nicer than ever now. + +* Shared navigation items are not accessible [#4953](https://github.com/Icinga/icingaweb2/issues/4953) + Since v2.11.0 the shared navigation overview hasn't been accessible using the configuration menu. + It is now accessible again. + +* While using dropdown filter menu it gets closed automatically due to autorefresh [#4942](https://github.com/Icinga/icingaweb2/issues/4942) + Are you annoyed by the filter editor repeatedly closing the column selection while you're looking for + something? We have you covered with a fix for this and the column selection should stay open as long + as you don't click anywhere else. + +### What's New in Version 2.11.2 + +You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/76?closed=1). + +It brings performance improvements and general fixes. Most notable of which are that having e.g. notifications +disabled globally is now visible in the menu again and that the event history is grouped by days again. + +### What's New in Version 2.11.1 + +You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/75?closed=1). + +This update's main focus is to solve the issue that all history views didn't work correctly or showed invalid +time and dates. ([#4853](https://github.com/Icinga/icingaweb2/issues/4853)) + +### What's New in Version 2.11.0 + +You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/70?closed=1). + +#### Enhancements, Some + +Many of you were waiting for it: PHP 8.1 Support. This means that Icinga Web should be available soon on e.g. +Ubuntu 22.04. You'll also notice that we changed the sidebar, as the user menu went to the very bottom of it. +With it moved the less frequently used menu entries (system and configuration) to a section that pops up by +hovering over the :gear: icon. We did that in order to prepare an area where we can add further functionality +in the future. Oh, and announcements are now visible in fullscreen mode. :upside_down_face: + +* Support for PHP 8.1 [#4609](https://github.com/Icinga/icingaweb2/issues/4609) +* Redesign User Menu [#4651](https://github.com/Icinga/icingaweb2/issues/4651) +* &showFullscreen suppresses announcements [#4596](https://github.com/Icinga/icingaweb2/issues/4596) + +#### Fixes, More + +There are also bug fixes of course. The first mentioned here is one we fixed *accidentally*, as by adding support for +PHP 8.1 we avoided a common PHP quirk responsible for it. If you have a host or service with an asterisk in the name, +it will show up correctly in the detail view now. There was also a remaining issue with the theme mode selection in the +user preferences which is fixed now. + +* Navigation item filter `*` not working [#4772](https://github.com/Icinga/icingaweb2/issues/4772) +* Objects with a `*` in the name are not found [#4682](https://github.com/Icinga/icingaweb2/issues/4682) +* Theme mode switch disabled on theme with mode support [#4744](https://github.com/Icinga/icingaweb2/issues/4744) + +#### When developers become cleaning maniacs + +Usually I write a short note at the start of release notes to make you read the upgrading documentation. This time +however, a more prominent hint is required. We've removed so much (legacy) stuff, anyone tasked with upgrading is +obliged to read [the upgrading documentation](https://icinga.com/docs/icinga-web-2/latest/doc/80-Upgrading/#upgrading-to-icinga-web-211x). +The changes mentioned below only provide a glimpse at it. + +* User preferences in INI files not supported anymore [#4765](https://github.com/Icinga/icingaweb2/pull/4765) +* mysql: use of utf8 vs utfmb4 [#4680](https://github.com/Icinga/icingaweb2/issues/4680) +* Remove Vagrant file and its assets [#4762](https://github.com/Icinga/icingaweb2/pull/4762) + +### What's New in Version 2.10.1 + +It's a rather small update this time without any critical bugs. :tada: So let's get straight to the fixes: + +* Clicking anywhere on a list item in the dashboard now opens the primary link again, instead of nothing [#4710](https://github.com/Icinga/icingaweb2/issues/4710) +* The `Check Now` and `Remove Acknowledgement` quick actions in an object's detail header are now working again [#4711](https://github.com/Icinga/icingaweb2/issues/4711) +* Clicking on the big number in the tactical overview if there are `UNKNOWN` services, shows `UNKNOWN` services now [#4714](https://github.com/Icinga/icingaweb2/issues/4714) +* The contrast of text in the sidebar, while in light mode, has been increased [#4720](https://github.com/Icinga/icingaweb2/issues/4720) +* A theme without mode support, which is set globally, now also prevents users from configuring the mode [#4723](https://github.com/Icinga/icingaweb2/issues/4723) + +### What's New in Version 2.10.0 + +You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/63?closed=1). + +Please make sure to also check the respective [upgrading section](https://icinga.com/docs/icinga-web-2/latest/doc/80-Upgrading/#upgrading-to-icinga-web-2-210x) +in the documentation. + +#### The Appearance of Dark and Light + +We have already spoken a lot about the [theme mode support](https://icinga.com/blog/2021/06/16/introducing-dark-and-light-theme-modes/) +that we were working on [for some time](https://icinga.com/blog/2022/02/10/icinga-web-not-just-black-and-white/) now. +It was planned for v2.9.0, but in respect of many modules and themes out there we gave it the deserved attention. +Below is a glimpse of what this looks like. + +[![Icinga Web 2 Theme Mode Preview](https://icinga.com/wp-content/uploads/2022/03/theme-mode-demo-small.jpg "Icinga Web 2 Theme Mode Preview")](https://icinga.com/wp-content/uploads/2022/03/theme-mode-demo.jpg) + +#### Custom Variables Shown Unaltered – Or not + +Icinga Web 2 had some bad habits when displaying custom variables in the UI. We've driven out the last one regarding +names now. Uppercase characters are now shown as such. What Icinga Web 2 stopped doing though, can now be accomplished +by modules. A new hook that enables modules to influence the rendering of custom variables has been introduced. + +* CustomVarNames should not be converted to lowercase [#4639](https://github.com/Icinga/icingaweb2/issues/4639) +* Display the Director Caption of a Custom Variable [#3479](https://github.com/Icinga/icingaweb2/issues/3479) + +#### Surprising Beauty in Exported Places + +Anyone who already attempted to export a list of services to PDF has seen the degradation of details in recent years. +Be it images, icons, colors or the general layout. We simply reached a technical limit with the builtin PDF export. +That is why we made [Icinga PDF Export](https://github.com/Icinga/icingaweb2-module-pdfexport). Icinga Web 2 has now +a much enhanced compatibility with it. Exporting a list of services while Icinga PDF Export is set up, will now lead +to a much better looking result. + +* Enhance PDF export [#4685](https://github.com/Icinga/icingaweb2/pull/4685) +* Image not found when creating PDF view of objects [#4674](https://github.com/Icinga/icingaweb2/issues/4674) + +### What's New in Version 2.9.6 + +**Notice**: This is a security release. It is recommended to upgrade immediately. + +#### Security Fixes + +This release includes three security related fixes. The first is a path traversal issue that affects installations +of v2.9.0 and above. Another one allows admins to run arbitrary PHP code just by accessing the UI. The last one may +disclose unwanted details to restricted users. Please check the advisories on GitHub for more details. + +* Path traversal in static library file requests for unauthenticated users [GHSA-5p3f-rh28-8frw](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw) +* SSH resources allow arbitrary code execution for authenticated users [GHSA-v9mv-h52f-7g63](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63) +* Unwanted disclosure of hosts and related data, linked to decommissioned services [GHSA-qcmg-vr56-x9wf](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf) + +### What's New in Version 2.9.5 + +This is a hotfix release which fixes the following issues: + +* Some detail views of Icinga Director and other modules are broken with Web 2.9.4 [#4598](https://github.com/Icinga/icingaweb2/issues/4598) +* Error on skipping LDAP Discovery [#4603](https://github.com/Icinga/icingaweb2/issues/4603) + +### What's New in Version 2.9.4 + +You can also find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/68?closed=1). + +#### Broken Preference Configuration + +The preferences configuration broke with the release of v2.9 in some cases. Previously it was possible to access this +and the general configuration without any configuration at all on disk. This is now possible again. The preferences of +some users, which have a theme of a disabled module enabled, also showed an error. This doesn't happen anymore now. + +* Config/Preferences not accessible without config.ini [#4504](https://github.com/Icinga/icingaweb2/issues/4504) +* "My Account" broken after Upgrade from 2.8.2 to 2.9.3 [#4512](https://github.com/Icinga/icingaweb2/issues/4512) + +#### Notable Fixes in the UI + +For a long time now, comments in lists had the bad habit to spread erratically if their content was large. They're +limited to two lines now in lists and are still shown in full glory in their respective detail area. While talking +of lines... Plugin output with subsequent empty lines erroneously showed only one of them. This is now fixed. + +* Proposal for new Feature make comments collapsible [#4515](https://github.com/Icinga/icingaweb2/issues/4515) +* new line character is being removed in the plugin output [#4522](https://github.com/Icinga/icingaweb2/issues/4522) + +#### Less Notable But No Less Important Fixes + +We are actually very committed to provide a good experience for restricted users. So I'm happy to tell you that a nasty +bug is fixed that resulted in the focus being lost randomly. Third party integrations are also important to us, hence +I'm happy that this release fixes an issue where module specific JavaScript didn't load properly. Are you happy now? + +* `announcements` request clears focus [#4543](https://github.com/Icinga/icingaweb2/issues/4543) +* js: Fix regression for loading dependent modules for sub-containers [#4533](https://github.com/Icinga/icingaweb2/issues/4533) + +### What's New in Version 2.9.3 + +You can also find the issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/66?closed=1). + +#### Staying remembered on RHEL/CentOS 7 now possible + +RHEL/CentOS 7 still relies on OpenSSL v1.0.2 by default. A change in v2.9.1 resulted in an error in combination with +this when ticking `Stay Logged In` during authentication. Staying logged in now works fine also on this platform. + +* Stay Logged In - Unknown cipher algorithm [#4493](https://github.com/Icinga/icingaweb2/issues/4493) + +#### Missing icons with SLES/OpenSUSE 15 + +If you're running Icinga Web 2 Version 2.9.x on a SLES/OpenSUSE 15.x, you may have noticed some missing icons in the UI. +This is due to a missing PHP extension `fileinfo`. By upgrading to this release using packages, this dependency will now +be installed automatically. + +* Missing fileinfo php extension on SLES/OpenSUSE 15+ [#4503](https://github.com/Icinga/icingaweb2/issues/4503) + +#### Child downtimes for services are now removed automatically + +With Icinga v2.13, Icinga Web 2 will now make sure that service downtimes that were created automatically are also +removed automatically. This will only work for downtimes you create with the `All Services` option after upgrading +to this release. It will not work for downtimes created with earlier versions of Icinga Web 2. + +* If appropriate, set the API parameter all_services for schedule-downtime [#4501](https://github.com/Icinga/icingaweb2/pull/4501) + +### What's New in Version 2.9.2 + +This is a hotfix release. v2.9.1 included a change that wasn't compatible with PostgreSQL again. This has been fixed +in this release. (#4490) + +### What's New in Version 2.9.1 + +You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/64?closed=1). + +Please make sure to also check the respective [upgrading section](https://icinga.com/docs/icinga-web-2/latest/doc/80-Upgrading/#upgrading-to-icinga-web-2-291) +in the documentation. + +This release is accompanied by the minor releases v2.7.6 and v2.8.4 which include the fix for the flattened custom variables. + +#### Pancakes everywhere + +One of the security fixes included in v2.7.5, v2.8.3 and v2.9.0 went rampant and let you see similarities between custom +variables and pancakes. These are gone now. Also, the login allowed some users to bake pancakes on their CPUs. However, +we'd still recommend not to. What we do recommend, is to use graphical details to ease recognition. A pancake 🥞 in +performance data labels for example. + +* Nested custom variables are flattened [#4439](https://github.com/Icinga/icingaweb2/issues/4439) +* Disable login orb animation and all orbs for themes [#4468](https://github.com/Icinga/icingaweb2/pull/4468) +* SVG chart library doesn't process input as UTF-8 [#4462](https://github.com/Icinga/icingaweb2/issues/4462) + +#### Staying remembered too difficult + +We all have sometimes difficulties remembering people we rarely meet. Especially obvious is this on those that slip +through because they don't do the same things we do. With v2.9.0 this has happened for PostgreSQL, PHP v5.6-v7.0 and +setup wizard users. Now they get their deserved attention, and Icinga Web 2 will remember them just like all others. + +* RememberMe not working with only PostgreSQL [#4441](https://github.com/Icinga/icingaweb2/issues/4441) +* RememberMe compatibility with php version 5.6+ [#4472](https://github.com/Icinga/icingaweb2/pull/4472) +* RememberMe fails after running the wizard for grants [#4434](https://github.com/Icinga/icingaweb2/issues/4434) + +#### Being picky pays off + +A custom datetime picker was introduced with v2.9.0. It had it's issues, but we didn't anticipate that much headwind. +After careful reconsideration, we chose to only show the custom datetime picker for Firefox and IE users. Other browsers +have their own capable enough native implementation which, in Chrome's case, may even be superior. If it is now used, +it also closes automatically and doesn't swallow unrelated key presses. + +* Datetimepicker not usable by keyboard [#4442](https://github.com/Icinga/icingaweb2/issues/4442) +* Close the datepicker automatically [#4461](https://github.com/Icinga/icingaweb2/issues/4461) +* Paragraphs in Acknowledge/Downtime not possible [#4443](https://github.com/Icinga/icingaweb2/issues/4443) + +### What's New in Version 2.9.0 + +You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/59?closed=1). + +Please make sure to also check the respective [upgrading section](https://icinga.com/docs/icinga-web-2/latest/doc/80-Upgrading/#upgrading-to-icinga-web-2-29x) +in the documentation. + +This release is accompanied by the minor releases v2.7.5 and v2.8.3 which include the security fixes mentioned below. + +#### Icinga DB + +We continue our endeavour soon. Icinga Web 2 is still a crucial part of it and this update is again required +for Icinga DB. If you like to participate again, don't forget to update Icinga Web 2 as well. + +#### Security Fixes + +This release includes two security related fixes. Both were published as part of a security advisory on Github. +They allow the circumvention of custom variable protection rules and blacklists as well as a path traversal if +the `doc` module is enabled. Please check the respective advisory for details. + +* Custom variable protection and blacklists can be circumvented [GHSA-2xv9-886q-p7xx](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx) +* Possible path traversal by use of the `doc` module [GHSA-cmgc-h4cx-3v43](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43) + +#### RBAC, The Elephant In Icinga Web 2 + +Role Based Access Control, for the non-initiated. I'll make it short: Permission refusals, Role inheritance, +Privilege Audit. Icinga DB will also solve the long-standing issue [#2455](https://github.com/Icinga/icingaweb2/issues/2455) +and also allows [#3349](https://github.com/Icinga/icingaweb2/issues/3349) and [#3550](https://github.com/Icinga/icingaweb2/issues/3550). +I've also written a blog post about this very topic: https://icinga.com/blog/2021/04/07/web-access-control-redefined/ + +* Authorization enhancements [#4306](https://github.com/Icinga/icingaweb2/pull/4306) +* Audit View [#4336](https://github.com/Icinga/icingaweb2/pull/4336) +* Highlight modules with permissions set inside a role [#4241](https://github.com/Icinga/icingaweb2/issues/4241) + +#### Support for PHP 8 + +PHP 8 is released and with Icinga Web 2.9 it will now (hopefully) work flawlessly. We also took the chance +to prepare to drop the support of some legacy PHP versions. We now require PHP 7.3 at a minimum and all +versions below that will not be supported anymore with the release of v2.11. + +* Support PHP 8 [#4289](https://github.com/Icinga/icingaweb2/pull/4289) +* Raise minimum required PHP version to 7.3 [#4397](https://github.com/Icinga/icingaweb2/pull/4397) + +#### Stay, Be Remembered + +Have you ever been disappointed that Icinga Web 2 always forgets you after closing your browser? This is in +your hands now! Just tick the new checkbox on the login screen and Icinga Web 2 doesn't forget your presence +anymore. Unless of course the administrator or you on a different device clears your session. + +* Implement a "remember me" feature [#2495](https://github.com/Icinga/icingaweb2/issues/2495) + +#### It Does Matter, When + +Browsers are bad when it's about date and time inputs. (I'm looking at you Mozilla!) Now we've given our hopes +up and use a specifically invented solution to show you a date and time picker throughout every browser. With +Icinga v2.13 onwards you will also be able to use this when defining an expiry date for comments! Though, you +might not necessarily use it that often once you've configured new custom defaults for downtime endings. + +* Add datetime picker widget [#4354](https://github.com/Icinga/icingaweb2/pull/4354) +* Expire Option for Comments [#3447](https://github.com/Icinga/icingaweb2/issues/3447) +* Custom defaults for downtime end, comment and duration [#4364](https://github.com/Icinga/icingaweb2/issues/4364) + +### What's New in Version 2.8.2 + +**Notice**: This is a security release. It is recommended to immediately upgrade to this release. + +You can find all issues related to this release on the respective [milestone](https://github.com/Icinga/icingaweb2/milestone/62?closed=1). + +#### Path Traversal Vulnerability + +The vulnerability in question allows an attacker to access arbitrary files which are readable by the process running +Icinga Web 2. Technical details can be found at the corresponding [CVE-2020-24368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24368) +and in the issue below. + +* Possible path traversal when serving static image files [#4226](https://github.com/Icinga/icingaweb2/issues/4226) + +#### Broken Negated Filters with PostgreSQL + +We've also included a small non-security related fix. Searching for e.g. `servicegroup!=support` leads to an error +instead of the desired result when using a PostgreSQL database. + +* Single negated membership filter fails with PostgreSQL [#4196](https://github.com/Icinga/icingaweb2/issues/4196) + +### What's New in Version 2.8.1 + +You can find all issues related to this release on the respective [milestone](https://github.com/Icinga/icingaweb2/milestone/61?closed=1). + +#### Case Sensitivity Problems + +A fix in v2.8.0 led to users being not able to login if they got their username's case wrong. A hostgroup name's case +has also been incorrectly taken into account despite using a `CI` labelled column in the servicegrid and other lists. + +* Login usernames now case sensitive in 2.8 [#4184](https://github.com/Icinga/icingaweb2/issues/4184) +* Case insensitive hostgroup filter in service grid not working [#4178](https://github.com/Icinga/icingaweb2/issues/4178) + +#### Issues With Numbers + +An attempt to avoid misrepresenting environments in the tactical overview had an opposite effect by showing negative +numbers. Filtering for timestamps in the event history also showed no results because our filters couldn't cope with +plain numbers anymore. + +* Tactical overview showing "-1 pending" hosts [#4174](https://github.com/Icinga/icingaweb2/issues/4174) +* Timestamp filters not working correctly in history views [#4182](https://github.com/Icinga/icingaweb2/issues/4182) + +### What's New in Version 2.8.0 + +You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/60?closed=1). + +#### Icinga DB + +It's happening. Yes. Our latest achievement is now available for those who are willing to participate in this enormous +endeavour. Icinga Web 2 is also a crucial part of it and accompanies the first release of Icinga DB. If you like +to participate, don't forget to update Icinga Web 2 as well. + +#### Support for PHP 7.4 and MySQL 8 + +We also made sure that you won't be disappointed by Icinga Web 2 if you're running PHP 7.4 or trying to access a MySQL +database with version 8+. These should pose no issues anymore now. But if you still somehow managed to get issues +please let us now and we'll fix it asap. + +* Exceptions with MySQL 8 [#3740](https://github.com/Icinga/icingaweb2/issues/3740) +* Support for PHP 7.4 [#4009](https://github.com/Icinga/icingaweb2/issues/4009) + +#### Find What You Search For + +It's been previously not possible to properly filter for range values. This was especially true for custom variables +where, if you searched for e.g. `_host_interfaces>=20`, you wouldn't find the correct results. If you often copy some +values in our search fields you may also been a victim of extraneous spaces which are now automatically trimmed. + +* Filter: more/less than doesn't seem to working [#3974](https://github.com/Icinga/icingaweb2/issues/3974) +* Search object followed by a space finds no results [#4002](https://github.com/Icinga/icingaweb2/issues/4002) + +#### Don't Leave Your Little Sheep Unattended + +It's time again to further restrict your users. It's now possible to completely block any access to contacts and +contactgroups for specific roles. These won't ever see again who's notified and who's not. Also, if you are using +single accounts for a group of people you can now disable password changes for those. + +* Prohibit access to contacts and contactgroups [#3973](https://github.com/Icinga/icingaweb2/issues/3973) +* Allow to forbid password changes on specific user accounts [#3286](https://github.com/Icinga/icingaweb2/issues/3286) + +#### In and Out, Access Control Done Right + +While we have no burgers (but cookies!) you are nevertheless welcome to visit Icinga Web 2. And now you can also +successfully leave while being externally authenticated and unsuccessfully enter while being unable to not add +extraneous spaces to your username. + +* External logout not working from the navigation dashboard [#3995](https://github.com/Icinga/icingaweb2/issues/3995) +* Username with extraneous spaces are not invalid [#4030](https://github.com/Icinga/icingaweb2/pull/4030) + +### Changes in Packaging and Dependencies + +Valid for distributions: + +* RHEL / CentOS 7 + * Upgrade to PHP 7.3 via RedHat SCL + * See [Upgrading to Icinga Web 2 2.8.x](doc/80-Upgrading.md#upgrading-to-icinga-web-2-28x) + for manual steps that are required + +#### Discontinued Package Updates + +Icinga Web 2 v2.8+ is not supported on these platforms: + +* RHEL / CentOS 6 +* Debian 8 Jessie +* Ubuntu 16.04 LTS (Xenial Xerus) + +Please consider an upgrade of your central Icinga system to a newer distribution release. + +[icinga.com](https://icinga.com/subscription/support-details/) provides an overview about +currently supported distributions. + +### What's New in Version 2.7.3 + +This is a hotfix release and fixes the following issue: + +* Servicegroups for roles with filtered objects not available [#3983](https://github.com/Icinga/icingaweb2/issues/3983) + +### What's New in Version 2.7.2 + +You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/57?closed=1). + +#### Less Smoky Database Servers + +The release of v2.7.1 introduced a change which revealed an inefficient part of our database queries. We made some +general optimizations on our queries and changed the way we utilize them in some views. The result are faster +response times by less work for the database server. + +* Consuming more CPU resources since upgraded to 2.7.1 [#3928](https://github.com/Icinga/icingaweb2/issues/3928) + +#### Anarchism Infested Dashboards + +Recent history already showed signs of anarchism. (Pun intended) A similar mindset now infested default dashboards +which appeared in a different way than before v2.7.0. We taught their dashlets a lesson and order has been reestablished +as previously. + +* Recently Recovered Services in dashboard "Current Incidents" seems out of order [#3931](https://github.com/Icinga/icingaweb2/issues/3931) + +#### Solitary Downtimes + +We improved the host and service distinction with v2.7.0. The downtimes list however got confused by this and didn't +knew anymore how to combine multiple downtimes. If you now instruct the list to select multiple downtimes this works +again as we removed the confusing parts. + +* Selection of multiple downtimes fails [#3920](https://github.com/Icinga/icingaweb2/issues/3920) + +### What's New in Version 2.7.1 + +You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/56?closed=1). + +#### Sneaky Solution for Sneaky Links + +Usually we try to include only bugs in minor-releases. Sorry, bug-fixes, of course. But thanks to +[@winem_](https://twitter.com/winem_/status/1156531270521896960) we have also a little enhancement this time: +Links in comments, notes, etc. are now [highlighted](https://github.com/Icinga/icingaweb2/pull/3893) as such. + +* Highlight links in the notes of an object [#3888](https://github.com/Icinga/icingaweb2/issues/3888) + +#### Nobody's Perfect, Not Even Developers + +We knew it. We saw it coming. And forgot about it. Some views, especially histories, showed an anarchic behavior +since v2.7.0. The change responsible for this has been undone and history's order is reestablished now. + +* Default sort rules no longer work in 2.7.0 [#3891](https://github.com/Icinga/icingaweb2/issues/3891) + +#### Restrictions Gone ~~Wild~~ Cagey + +A [fix](https://github.com/Icinga/icingaweb2/pull/3868) unfortunately caused restrictions using wildcards to show no +results anymore. This is now solved and such restrictions are as permissive as ever. + +* Wildcard filters in chains broken [#3886](https://github.com/Icinga/icingaweb2/issues/3886) + +### What's New in Version 2.7.0 + +You can find issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/52?closed=1). + +#### Icinga's Amazingness Spreads Further + +All the Japanese and Ukrainian monitoring enthusiasts can now appreciate our web-frontend in their native tongue. Being +so late to the party is also of their advantage, though. Because they can adjust their dashboard without worrying it gets +broke with the next update. (All other admins with non-english users, please have a look at our +[upgrading documentation](doc/80-Upgrading.md#upgrading-to-icinga-web-2-27x-)) + +* Add Japanese language support [#3776](https://github.com/Icinga/icingaweb2/pull/3776) +* Add Ukrainian language support [#3828](https://github.com/Icinga/icingaweb2/pull/3828) +* Don't translate pane and dashlet names in configs [#3837](https://github.com/Icinga/icingaweb2/pull/3837) + +#### Modules - Bonus Functionality Unleashed + +With this release module developers got additional ways to customize Icinga Web 2. Whether you ever wanted to hook into +a configuration form's handling, to perform your very own Ajax requests or enhance our multi-select views with fancy +graphs. All is possible now. + +* Allow to hook into a configuration form's handling [#3862](https://github.com/Icinga/icingaweb2/pull/3862) +* Allow to fully customize click and submit handling [#3794](https://github.com/Icinga/icingaweb2/issues/3767) +* Integrate DetailviewExtension into multi-select views [#3304](https://github.com/Icinga/icingaweb2/pull/3304) + +#### UI - Your Daily Routine and Incident Management, Enhanced + +Users with color deficiencies now have a built-in theme to ease navigating within Icinga Web 2. Also, our forms got +a long overdue re-design and now look less boring. Though, the best of all features is that clicking while holding +the Ctrl-key now actually opens a new browser tab! Lost comments? No more. Defining an expiry date again? No more! + +* Add colorblind theme [#3743](https://github.com/Icinga/icingaweb2/pull/3743) +* Improve the look of forms [#3416](https://github.com/Icinga/icingaweb2/issues/3416) +* Make ctrl-click open new tab [#3723](https://github.com/Icinga/icingaweb2/pull/3723) + +#### Stay Focused - More Room for More Important Stuff + +Some of you know that some checks tend to produce walls of text or measure (too) many interfaces. Now, plugin output +and performance data will collapse if they exceed a certain height. If necessary they can of course be expanded and +keep that way across browser restarts. The same is also true for the sidebar. (Though, this one stays *collapsed*) + +* Persistent Collapsible Containers [#3638](https://github.com/Icinga/icingaweb2/pull/3638) +* Collapsible plugin output [#3870](https://github.com/Icinga/icingaweb2/pull/3870) +* Collapsed sidebar should stay collapsed [#3682](https://github.com/Icinga/icingaweb2/issues/3628) + +#### Markdown - Tables, Lists and Emphasized Text The Easy Way + +Since we now have the possibility to collapse large content dynamically, we allow you to add entire wiki pages to hosts +and services. Though, if you prefer to use a real wiki to maintain those (what we'd strongly suggest) it's now easier +than ever before to link to it. Copy url, paste url, submit comment, Done. + +* Make notes, comments and announcements markdown aware [#3814](https://github.com/Icinga/icingaweb2/pull/3814) +* Transform any URL in a Comment to a clickable Link [#3441](https://github.com/Icinga/icingaweb2/issues/3441) +* Support relative links in plugin output [#2916](https://github.com/Icinga/icingaweb2/issues/2916) + +#### Things You Have Missed Previously + +The tactical overview, our fancy pie charts, is now the very first result when you search something in the sidebar. +If you'll see two entirely green circles there, relax. Also overdue or unreachable checks are now appropriately marked +in list views and the service grid now allows you to switch between everything or problems only. + +* Add tactical overview to global search [#3845](https://github.com/Icinga/icingaweb2/pull/3845) +* Servicegrid: Add toggle to show problems only [#3871](https://github.com/Icinga/icingaweb2/pull/3871) +* Make overdue/unreachable checks better visible [#3860](https://github.com/Icinga/icingaweb2/pull/3860) + +#### Authorization - Knowing and Controlling What's Going On + +Roles can now be even more tailored to users since the introduction of a new placeholder. This placeholder allows to +use a user's name in restrictions. Things like `_service_responsible_person=$user:local_name$` are now possible. The +audit log now receives failed login-attempts, that's been made possible since hooks can now run for anonymous users. + +* Allow roles to filter for the currently logged in user [#3493](https://github.com/Icinga/icingaweb2/issues/3493) +* Add possibility to disable permission checks for hooks [#3849](https://github.com/Icinga/icingaweb2/pull/3849) +* Send failed login-attempts to the audit log [#3856](https://github.com/Icinga/icingaweb2/pull/3856) + +See also the [audit module](https://github.com/Icinga/icingaweb2-module-audit/releases) which got an update and is +required for [#3856](https://github.com/Icinga/icingaweb2/pull/3856) to work. + +### What's New in Version 2.6.3 + +You can find issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/54?closed=1). + +#### PHP 7.3 + +Now supported. :tada: + +#### LDAP - Community contributions, that's the spirit + +With the help of our users we've finally fixed the issue that defining multiple hostnames and enabling STARTTLS has +never properly worked. Also, they've identified that defining multiple hostnames caused a customized port not being +utilized and fixed it themselves. + +There has also a rare case been fixed that caused no group members being found in case object classes had a different +casing than what we expected. (Good news for all the non-OpenLdap and non-MSActiveDirectory users) + +* LDAP connection fails with multiple servers using STARTTLS [#3639](https://github.com/Icinga/icingaweb2/issues/3639) +* LDAPS authentication ignores custom port setting [#3713](https://github.com/Icinga/icingaweb2/issues/3713) +* LDAP group members not found [#3650](https://github.com/Icinga/icingaweb2/issues/3650) + +#### We take care about your data even better now + +With this are newlines and HTML entities (such as ` `) in plugin output and custom variables meant. +Sorry if I've teased some data security folks now. :innocent: + +* Newlines in plugin output disappear [#3662](https://github.com/Icinga/icingaweb2/issues/3662) +* Windows path separators are converted to newlines in custom variables [#3636](https://github.com/Icinga/icingaweb2/issues/3636) +* HTML entities in plugin output are not resolved if no other HTML is there [#3707](https://github.com/Icinga/icingaweb2/issues/3707) + +#### You've wondered how you got into a famous blue police box? + +Don't worry, not only you and the european union are sometimes unsure what's the correct time. + +* Set client timezone on DB connection [#3525](https://github.com/Icinga/icingaweb2/issues/3525) +* Ensure a valid default timezone is set in any case [#3747](https://github.com/Icinga/icingaweb2/pull/3747) +* Fix that the event detail view is not showing times in correct timezone [#3660](https://github.com/Icinga/icingaweb2/pull/3660) + +#### UI - The portal to your monitoring environment, improved + +The collapsible sidebar introduced with v2.5 has been plagued by some issues since then. They're now fixed. Also, +the UI should now flicker less and properly preserve the scroll position when interacting with action links. (This +also allows the business process module to behave more stable when using drag and drop in large configurations.) + +* Collapsible Sidebar Issues [#3187](https://github.com/Icinga/icingaweb2/issues/3187) +* Fix title when closing right column [#3654](https://github.com/Icinga/icingaweb2/issues/3654) +* Preserve scroll position upon form submits [#3661](https://github.com/Icinga/icingaweb2/pull/3661) + +#### Corrected things we've broke recently + +That's due to preemptive changes to protect you from bad individuals. Unfortunately this meant that some unforeseen +side-effects appeared after the release of v2.6.2. These are now fixed. + +* Multiline values in ini files broken [#3705](https://github.com/Icinga/icingaweb2/issues/3705) +* PHP ini parser doesn't strip trailing whitespace [#3733](https://github.com/Icinga/icingaweb2/issues/3733) +* Escaped characters in INI values are not unescaped [#3648](https://github.com/Icinga/icingaweb2/issues/3648) + +Though, if you've faced issue [#3705](https://github.com/Icinga/icingaweb2/issues/3705) you still need to take manual +action (if not already done) as the provided fix does only prevent further occurrences of the resulting error. The +required changes involve the transformation of all real newlines in Icinga Web 2's INI files to literal `\n` or `\r\n` +sequences. (Files likely having such are the `roles.ini` and `announcements.ini`) + +### What's New in Version 2.6.2 + +You can find issues and features related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/53?closed=1). + +This bugfix release addresses the following topics: + +* Database connections to MySQL 8 no longer fail +* LDAP connections now have a timeout configuration which defaults to 5 seconds +* User groups are now correctly loaded for externally authenticated users +* Filters are respected for all links in the host and service group overviews +* Fixed permission problems where host and service actions provided by modules were missing +* Fixed an SQL error in the contact list view when filtering for host groups +* Fixed time zone (DST) detection +* Fixed the contact details view if restrictions are active +* Doc parser and documentation fixes + +### What's New in Version 2.6.1 + +You can find issues and features related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/51?closed=1). + +The command audit now logs a command's payload as JSON which fixes a +[bug](https://github.com/Icinga/icingaweb2/issues/3535) that has been introduced in version 2.6.0. + +### What's New in Version 2.6.0 + +You can find issues and features related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/48?closed=1). + +#### Enabling you to do stuff you couldn't before + +* Support for PHP 7.2 added +* Support for SQLite resources added +* Login and Command (monitoring) auditing added with the help of a dedicated [module](https://github.com/Icinga/icingaweb2-module-audit) +* Pluginoutput rendering is now hookable by modules which allows to render custom icons, emojis and .. cute kitties :octocat: + +#### Avoiding that you miss something + +* It's now possible to toggle between list- and grid-mode for the host- and servicegroup overviews +* The servicegrid now supports to flip its axes which allows it to be put into a [landscape mode](https://github.com/Icinga/icingaweb2/pull/3449#issue-185415579) +* Contacts only associated with services are visible now when restricted based on host filters +* Negated and combined membership filters now work as expected ([#2934](https://github.com/Icinga/icingaweb2/issues/2934)) +* A more prominent error message in case the monitoring backend goes down +* The filter editor doesn't get cleared anymore upon hitting Enter + +#### Making your life a bit easier + +* The tactical overview is now filterable and can be safely put into [the dashboard](https://github.com/Icinga/icingaweb2/pull/3446#issue-185379142) +* It is now possible to register new announcements over the [REST Api](https://github.com/Icinga/icingaweb2/issues/2749#issuecomment-279667189) +* Filtering for custom variables now works in UTF8 environments + +#### Ensuring you understand everything + +* The monitoring health is now beautiful to look at and properly behaves in [narrow environments](https://github.com/Icinga/icingaweb2/pull/3515#issue-200075373) +* Updated German localization +* Updated Italian localization + +#### Freeing you from unrealiable things + +* Removed support for PHP < 5.6 +* Removed support for persistent database connections + +### What's New in Version 2.5.3 + +You can find issues and features related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/50?closed=1). + +#### Fixes + +A fix for an issue introduced with v2.5.2 that prevented service-only contacts from appearing in the UI resulted in long +database response times and has been reverted. + +### What's New in Version 2.5.2 + +You can find issues and features related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/49?closed=1). + +#### UI Changes + +The sidebar's search behaviour has been changed so that it does only react to user-input after the user stopped typing. +Also, the cursor does not jump to the end of form-inputs anymore in case of an auto-refresh. We've also fixed an issue +that caused [custom icons](https://github.com/Icinga/icingaweb2/issues/3181#issuecomment-378875462) to be inverted when +placed in the sidebar. Last but not least, the header now expands its width beyond the 3840px mark and single dashlets +do not show a horizontal scrollbar anymore. + +#### PHP7 MSSQL Compatibility + +Support for Microsoft's `sqlsrv` extension has been added. Also, it's now possible to setup MSSQL resources in the +front-end using the `dblib` extension. + +#### Proper Error Responses + +An issue introduced with v2.5.1 has been resolved where some errors (especially HTTP 404 Not Found) were masked +by another subsequent error. + +#### Broken LDAP Group Memberships + +An issue introduced with v2.5.1 has been resolved where users with a domain in their name were not associated with any +LDAP groups. + +#### Monitoring Module + +Issuing a check using the "Check Now" action now properly causes a check being made by Icinga 2 even if outside the +timeperiod. (Note: This issue was only present if using the Icinga 2 Api as command transport.) + +#### Login/Logout Expandability + +It's now possible for modules to provide hooks for the user authorization. This for example allows to transparently +authenticate users in third-party applications such as [Grafana](https://github.com/Icinga/icingaweb2/pull/3401#issue-178030542). + +### What's New in Version 2.5.1 + +You can find issues and features related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/47?closed=1). + +Besides many other bug fixes, Icinga Web 2 v2.5.1 fixes an issue where it was no longer possible to filter by host +custom variables in service related views. Also, this release introduces detail views for the event history and +improved upgrading docs. Furthermore, this version censors sensitive information (e.g. LDAP passwords) in exception +stack traces. + +### What's New in Version 2.5.0 + +You can find issues and features related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/45?closed=1). + +#### Raised PHP Version Dependency + +Icinga Web 2 now requires at least PHP 5.6. + +#### UI Changes + +The style of the login screen and menu have been changed. Also, the menu of Icinga Web 2 is now collapsible. +Browser tabs will not auto-refresh if they are inactive. Users are now allowed to change the default pagination limit +via their preferences. + +#### Domain-aware Authentication for Active Directory and LDAP Backends + +If there are multiple AD/LDAP authentication backends with distinct domains, you are now able to make Icinga Web 2 +aware of the domains. This can be done by configuring each AD/LDAP backend's domain. You can also use the GUI for this +purpose. Please read our [documentation](doc/05-Authentication.md#domain-aware-auth) for more information about this +feature. + +#### Changes in Packaging and Dependencies + +Valid for distributions: + +* RHEL / CentOS 6 + 7 + * Upgrading to PHP 7.0 / 7.1 via RedHat SCL (new dependency) + * See [Upgrading to FPM](doc/02-Installation.md#upgrading-to-fpm) for manual steps that are required +* SUSE SLE 12 + * Upgrading PHP to >= 5.6.0 via the alternative packages. + You might have to confirm the replacement of PHP < 5.6 - but that should work with any other PHP app as well + * Make sure to enable the new Apache module `a2enmod php7` and restart `apache2` + +#### Discontinued Package Updates + +For the following distributions Icinga Web 2 won't be updated past 2.4.x anymore: + +* Debian 7 wheezy +* Ubuntu 14.04 LTS (trusty) +* SUSE SLE 11 (all service packs) + +Please think about replacing your central Icinga system to a newer distribution release. + +Also see [packages.icinga.com](https://packages.icinga.com) for the currently supported distributions. + +### What's New in Version 2.4.2 + +#### Bugfixes + +* Bug 2965: Transport config: Default port not changing upon auto-submit +* Bug 2926: Wrong order when sorting by host_severity +* Bug 2923: Number fields should be valid when empty +* Bug 2919: Fix cached loading of module config +* Bug 2911: Acknowledgements are not working without an expiry time +* Bug 2878: process-check-result Button is visible even when user isn't allowed to use it +* Bug 2850: Link to acknowledgements is wrong in the timeline +* Bug 2841: Wrong menu height when switching back from mobile layout +* Bug 2806: Wrong service state count in hostgroup overview +* Bug 2805: Response from the Icinga 2 API w/ an empty result set leads to exception +* Bug 2801: Wrong help text for the director in the icingacli +* Bug 2784: Module and gravatar images are not served with their proper MIME type +* Bug 2776: Defaults not respected when acknowledging problems +* Bug 2767: Monitoring module: Config field protected vars not updated after zeroing config.ini +* Bug 2728: Gracefully handle invalid Icinga 2 API response types +* Bug 2718: Hide check attempt for hard states in history views +* Bug 2716: Web 2 doesn't detect the browser time zone if the time zone offset is negative +* Bug 2714: icingacli module disable fails on consecutive calls +* Bug 2695: Macros cannot be used for a navigation item's url-port +* Bug 2684: [dev.icinga.com #14027] Translation module should not write absolute path to .po files +* Bug 2683: [dev.icinga.com #14025] Translation module should remove temp files +* Bug 2661: [dev.icinga.com #13651] Don't offer the Icinga 2 API as transport if PHP cURL is missing +* Bug 2660: [dev.icinga.com #13649] Make the Icinga 2 API the default command transport +* Bug 2656: [dev.icinga.com #13627] Wrong count of handled critical service in the hover text +* Bug 2645: [dev.icinga.com #13539] Improve error handling and validation of multiple LDAP URIs +* Bug 2598: [dev.icinga.com #12977] Adding an empty user backend fails +* Bug 2545: [dev.icinga.com #12640] MSSQL ressource not working +* Bug 2523: [dev.icinga.com #12410] Click on Host in Service Grid can cause "Invalid Filter" error +* Bug 2519: [dev.icinga.com #12330] Filter editor may show wrong values after searching +* Bug 2509: [dev.icinga.com #12295] group_name_attribute should be "sAMAccountName" by default + +### What's New in Version 2.4.1 + +Our public repositories and issue tracker have been migrated to GitHub. + +#### Bugfixes + +* Bug 2651: [dev.icinga.com #13607] Displayed times messed up in Icinga Web 2.4.0 w/ PostgreSQL +* Bug 2654: [dev.icinga.com #13615] Setup wizard: Not possible to setup Icinga Web 2 with an external database +* Bug 2663: [dev.icinga.com #13691] Hook::all() is broken on CLI +* Bug 2669: [dev.icinga.com #13735] Setup wizard: Progress bar isn't shown correctly, if setup is at finish step +* Bug 2681: [dev.icinga.com #13957] Support failover API command transport configuration +* Bug 2686: Granular module permissions do not work for hooks +* Bug 2687: Update URLs to icinga.com, remove wiki & update to GitHub + +### What's New in Version 2.4.0 + +#### Feature + +* Feature 12598 (Authentication & Authorization): Support nested AD groups for Roles and not just login +* Feature 11809 (Authentication & Authorization): Test and document multiple LDAP-URIs separated by space in LDAP ressources +* Feature 10616 (Authentication & Authorization): Users w/o administrative permissions should be allowed to change their password +* Feature 13381 (CLI): Allow to configure the default listen address for the CLI command web serve +* Feature 11820 (Configuration): Check whether chosen locale is available +* Feature 11214 (Configuration): Logger: Allow to configure the Syslog Facility +* Feature 13117 (Framework): Add charset UTF-8 to default content type +* Feature 12634 (Framework): Possibitlity to fold and unfold filter by click +* Feature 11198 (Framework): Announce banner +* Feature 11115 (Framework): Add SSL support to MySQL database resources +* Feature 8270 (Installation): Add SELinux policy for Icinga Web 2 +* Feature 13187 (Monitoring): Command toolbar in the host and service detail views +* Feature 12873 (Monitoring): Change default for sticky option of acknowledgements from true to false +* Feature 12820 (Monitoring): Export detail views to JSON +* Feature 12766 (Monitoring): Show flapping events in the host and service history views +* Feature 12764 (Monitoring): Display downtime end even if it hasn't been started yet +* Feature 12125 (Monitoring): Allow th in plugin output +* Feature 11952 (Monitoring): Allow changing default of 'sticky' in acknowledgement and other command options +* Feature 11398 (Monitoring): Send commands over Icinga 2's API +* Feature 11835 (UI): Add clear button to search field +* Feature 11792 (UI): Show hint if notifications are disabled globally +* Feature 11664 (UI): Show git HEAD for modules if available +* Feature 13461 (Vendor Libraries): Use Icinga's fork of Zend Framework 1 icingaweb2-vendor-zf1 + +#### Bugfixes + +* Bug 12396 (Authentication & Authorization): Hooks don't respect module permissions +* Bug 12164 (Authentication & Authorization): REDIRECT_REMOTE_USER not evaluated during external auth +* Bug 12108 (Authentication & Authorization): assertPermission allows everything for unauthenticated requests +* Bug 13357 (Configuration): Persistent database resources cannot be made non-persistent +* Bug 12848 (Configuration): Empty "Protected Custom Variables" falls back to defaults +* Bug 12655 (Configuration): Permission application/log is not configurable +* Bug 12170 (Configuration): Adding a DB resource via webinterface requires one to enter a password +* Bug 10401 (Configuration): LdapUserGroupBackendForm: user_* settings not purged +* Bug 9804 (Configuration): Renaming the resource used for the config backend does not update the global configuration +* Bug 11920 (Dashboard): Add to dashboard: wrong url makes whole dashboard unusable +* Bug 13387 (Documentation): Can't display documentation of disabled modules +* Bug 12923 (Framework): Navigation Item name must be of type string or NavigationItem +* Bug 12852 (Framework): Hosts without any services are hidden from roles with monitoring/filter/objects set +* Bug 12760 (Framework): Do not log exceptions other than those resulting in a HTTP 500 status-code +* Bug 12583 (Framework): Unhandled exceptions while handling REST requests will silently drop the http response code +* Bug 12580 (Framework): REST requests cannot be anonymous +* Bug 12557 (Framework): Module description cannot be on a single line +* Bug 12299 (Framework): FilterExpression renders a&!b as a=1&b!=1 +* Bug 12161 (Framework): Icinga Web 2 doesn't set Content-Type +* Bug 12065 (Framework): IniRepository: update/delete not possible with iterator +* Bug 11743 (Framework): INI writer must not persist section keys with a null value +* Bug 11185 (Framework): SummaryNavigationItemRenderer should show worst state +* Bug 10361 (Framework): Handle E_RECOVERABLE_ERROR +* Bug 13459 (Installation): Setup: Can't view monitoring config summary with Icinga 2 API as command transport +* Bug 13467 (JavaScript): renderLayout has side-effects +* Bug 13115 (JavaScript): actiontable should not clear active row in case there is no newer one +* Bug 12541 (JavaScript): Menu not reloaded in case no search is available +* Bug 12328 (JavaScript): Separate vendor JavaScript libraries w/ semicolons and newlines on import +* Bug 10704 (JavaScript): JS: Always use the jQuery find method w/ node context when selecting elements +* Bug 10703 (JavaScript): JS: Don't use var self = this, but var _this = this +* Bug 11431 (Modules): Modules can't require permission on menu items +* Bug 10870 (Modules): Refuse erroneous module folder names when enabling the module +* Bug 13243 (Monitoring): Inconsistent host and service flags +* Bug 12889 (Monitoring): Timeline broken +* Bug 12810 (Monitoring): Scheduling a downtime for all services of a host does not work w/ the Icinga 2 API as command transport +* Bug 12313 (Monitoring): Multi-line strings within host.notes are being displayed as single line +* Bug 12223 (Monitoring): State not highlighted in plugin output if it contains HTML +* Bug 12019 (Monitoring): Contact view shows service filters with 'Downtime' even if not set +* Bug 11915 (Monitoring): Performance data: negative values not handled +* Bug 11859 (Monitoring): Can't separate between SOFT and HARD states in the history views +* Bug 11766 (Monitoring): Performance data: Fit label column to show as much text as possible +* Bug 11744 (Monitoring): Empty user groups are not displayed +* Bug 10774 (Monitoring): Scheduling downtimes for child hosts doesn't work w/ Icinga 2.x (waiting for Icinga 2) +* Bug 10537 (Monitoring): Filtering with not-equal on custom variable doesn't show hosts without this cv +* Bug 7755 (Monitoring): Remove autosubmit in eventgrid +* Bug 12133 (Navigation): Username and password not being passed in navigation item URLs +* Bug 12776 (Print & Export): dompdf fails when border-style is set to auto +* Bug 12723 (Print & Export): Allowed memory size exhausted when exporting the history view to CSV +* Bug 12660 (QA): Choosing the Icinga theme floods the log with error messages +* Bug 12774 (UI): Lot's of in Output +* Bug 12134 (UI): Copy and paste: Plugin output contains unicode zero-width space characters +* Bug 10691 (UI): Closing the detail area does not update the rows selected counter +* Bug 13095 (Vagrant VM): TicketSalt constant missing +* Bug 12717 (Vagrant VM): PluginContribDir constant removed during vagrant provisioning + +### What's New in Version 2.3.4/2.3.3 + +#### Bugfixes + +* Bug 11267: Links in plugin output don't behave as expected +* Bug 11348: Host aliases are not shown in detail area +* Bug 11728: First non whitespace character after comma stripped from plugin output +* Bug 11729: Sort by severity depends on state type +* Bug 11737: Zero width space characters destroy state highlighting in plugin output +* Bug 11796: Zero width space characters may destroy links in plugin output +* Bug 11831: module.info parsing fails in case it contains newlines that are not part of the module's description +* Bug 11850: "Add to menu" tab unnecessarily appears in command forms +* Bug 11871: Colors used in the timeline are not accessible +* Bug 11883: Delete action on comments and downtimes in list views not accessible because they lack context +* Bug 11885: Database: Asterisk filters ignored when combined w/ other filters +* Bug 11910: Web 2 lacks mobile meta tags +* Fix remote code execution via remote command transport + +### What's New in Version 2.3.2 + +#### Feature + +* Feature 11629: Simplified event-history date and time representation + +#### Bugfixes + +* Fix a privilege escalation issue in the monitoring module for authenticated users +* Bug 10486: Menu rendering fails when no monitoring backend was configured +* Bug 10847: Warn about illogical dates +* Bug 10848: Can't change items per page if filter is in modify state +* Bug 11392: Can't configure monitoring backend via the web interface when no monitoring backend was configured + +### What's New in Version 2.3.1 + +#### Bugfixes + +* Bug 11598: Invalid SQL queries for PostgreSQL + +### What's New in Version 2.3.0 + +#### Features + +* Feature 10887: lib: Provide User::getRoles() +* Feature 10965: Roles: Restrict visibility of custom variables +* Feature 11404: Add is_reachable filter column to host and service data views +* Feature 11485: lib/LDAP: Support scopes base and one +* Feature 11495: Support data URIs in href +* Feature 11529: Don't offer command disable notifications /w expire time if backend is Icinga 2 + +#### Bugfixes + +* Bug 9386: Improve order of documentation chapters +* Bug 10820: Style problems with long plugin output lines +* Bug 11078: Can't remove default dashboards +* Bug 11099: Mobile menu icon is mispositioned +* Bug 11128: Menu stops refreshing when there is text in the search field +* Bug 11145: Pagination compontents should not float around +* Bug 11171: Icinga Web 2 tries to load an ifont which results in 404 +* Bug 11245: icingacli monitoring list --problems throws an exception +* Bug 11264: Cannot execute queries while other unbuffered queries are active +* Bug 11277: external auth with PHP internal webserver still buggy +* Bug 11279: Restrict access to Applicationlog +* Bug 11299: Icon images no longer prepend img/icons +* Bug 11391: External auth reads REMOTE_USER from process environment instead of request +* Bug 11414: Doc module does not render images with relative path +* Bug 11465: Stylesheet remains unchanged when module CSS/LESS files have been changed +* Bug 11489: lib/LDAP: ordering does explicitly set fields +* Bug 11490: lib/LDAP: LdapUtils::explodeDN replace deprecated use of eval in preg_replace +* Bug 11516: Accessibility: Focus in Tactical Overview barely visible +* Bug 11558: Missing ) in the documentation +* Bug 11568: Docs: Global permissions table is broken + +### What's New in Version 2.2.0 + +#### Features + +* Feature 8487: Number headings in the documentation module +* Feature 8963: Feature commands in the multi select views +* Feature 10654: Render links in acknowledgements, comments and downtimes +* Feature 11062: Allow style classes in plugin output +* Feature 11238: Puppet/Vagrant: Install mod_ssl and forward port 443 + +#### Bugfixes + +* Bug 7350: Tabs are missing if JS is disabled +* Bug 9800: Debian packaging: Ship translation module w/ the icingaweb2 package and install its config.ini +* Bug 10173: Failed commands give no useful error any more +* Bug 10251: Icinga Web 2 fails to run with PHP7 +* Bug 10277: Special characters are incorrectly escaped for tooltips in the service grid +* Bug 10289: Doc module: Headers are cut off when clicking on TOC links +* Bug 10309: Move auth backend configuration to app config +* Bug 10310: Monitoring details: information/action ordering +* Bug 10362: Debian packaging: Separate package for CLI missing +* Bug 10366: Text plugin output treated as HTML in too many occasions +* Bug 10369: Accessibility: Focus not visible and lost after refresh +* Bug 10397: Users with no permissions can check multiple services +* Bug 10442: Edit user control should be more prominent +* Bug 10469: "Remove Acknowledgement" text missing in multi-select views +* Bug 10506: HTTP basic auth request is sent when using Kerberos authentication with Apache2 and mod_php +* Bug 10625: Return local date and time when lost connection to the web server +* Bug 10640: Respect protected_variables in nested custom variables too +* Bug 10778: Filters in the host group and service group overview not applied to state links +* Bug 10786: Whitespace characters are ignored in the plugin output in list views +* Bug 10805: Setup Wizard: Obsolete PHP sockets requirement +* Bug 10856: Benchmark is not rendered on many pages +* Bug 10871: Get rid of padding in controls +* Bug 10878: Dashboards different depending on username casing +* Bug 10881: Move iframe from modules to framework +* Bug 10917: Event grid tiles: The filter column "from" is not allowed here +* Bug 10918: Error on logout when using external authentication +* Bug 10921: icingacli monitoring list --format=csv throws error +* Bug 11000: Change license header to only reflect a file's year of creation/initial commit +* Bug 11008: Wobbling spinners +* Bug 11021: Global default theme is not applied while not authenticated +* Bug 11032: Fix icon_image size and provide a CSS class for theming +* Bug 11039: Misleading tooltip in Tactical Overview +* Bug 11051: Preferences and navigation items stored in INI files rely on case sensitive usernames +* Bug 11073: Active row is flickering on refresh +* Bug 11091: Custom navigation items: URL is not escaped/encoded +* Bug 11100: Comments are always persistent +* Bug 11114: Validate that a proper root DN is set for LDAP resources +* Bug 11117: Vendor: Update dompdf to version 0.6.2 +* Bug 11119: icingacli shows ugly exception when unable to access the config directory +* Bug 11120: icingacli: command and action shortcuts have been broken +* Bug 11126: Invalid cookie value in cookie icingaweb2-tzo +* Bug 11142: LDAP User Groups backend group_filter +* Bug 11143: Layout: Tabs should be left-aligned +* Bug 11151: Having basic authentication on the webserver but not in Icinga Web 2 causes Web 2 to require basic auth +* Bug 11168: Debian packaging: Don't patch HTMLPurifier loading and install HTMLPurifier*.php files from the library/vendor root +* Bug 11187: Session cookie: Path too broad and unset secure flag on HTTPS +* Bug 11197: Menu items without url should ignore the target configuration +* Bug 11260: Scheduling downtimes through the API not working + +### What's New in Version 2.1.1 + +#### Features + +* Feature 10488: Use _ENV variables with built-in PHP webserver +* Feature 10705: Theming +* Feature 10898: Winter theme + +#### Bugfixes + +* Bug 9685: Deprecate Module::registerHook() in favor of Hook::provideHook() +* Bug 9957: Sort hosts and services by last state change +* Bug 10123: CSS loading may fail w/ mkdir(): File exists in FileCache.php +* Bug 10126: setup config directory --config should use mkdir -p instead of mkdir() +* Bug 10166: library/vendor/HTMLPurifier tree is incorrectly unpacked +* Bug 10170: Link to service downtimes from multiple selected services includes host downtimes aswell +* Bug 10338: Debian: Failed to open stream HTMLPurifier/HTMLPurifier.php +* Bug 10603: Line breaks are not respected in acknowledgements, comments and downtimes +* Bug 10658: SUSE packages have the wrong dependencies +* Bug 10659: LDAP group members are shown with their DN and membership registration does not work +* Bug 10670: State not highlighted in plugin output +* Bug 10671: Auto-focus the username field on the login page +* Bug 10683: lib/CLI command web serve: rename variable basedir to something meaningful +* Bug 10702: Host- and Service-Actions configured in Web 2 do not resolve any macros +* Bug 10749: XHR application-state requests pollute the URL if not authenticated +* Bug 10771: Login shows "Anmelden........" upon login with the german locale +* Bug 10781: LoggingConfigForm.php complains about whitespace but checks with /^[^\W]+$/ +* Bug 10790: "Problems - Service Grid" does not work with host names that contain only digits +* Bug 10884: Tabs MUST throw an exception when activating an inexistant tab +* Bug 10886: "impacted" container is no longer fading out +* Bug 10892: Wrong mask for FileCache's temp directory + +### What's New in Version 2.1.0 + +#### Features + +* Feature 10613: Extend and simplify Hook api + +#### Bugfixes + +* Bug 8713: Invalid filter "host_name=*(test)*", unexpected ) at pos 17 +* Bug 8999: Navigation and search bar is not available using a small width +* Bug 10229: Dashboard requests do not refresh the session +* Bug 10268: Unhandled services in the hosts overview list don't stand out +* Bug 10287: Redirect after login no longer working +* Bug 10288: The order for the limit links is incorrect +* Bug 10292: Hovered links in hover menu are unreadable +* Bug 10293: Hover menu is missing it's arrow for menu entries providing badges +* Bug 10295: Reset static line-height on body +* Bug 10296: Scrolling to the bottom of the page does not load more events +* Bug 10299: Badges are overridden by menu text +* Bug 10301: Format helpers like timeSince are polluted with text-small +* Bug 10303: Zooming in, or having another layout destroys the hover menu +* Bug 10304: Cannot access a host's customvars for service actions +* Bug 10305: Hover menu arrow color no longer fits background color +* Bug 10316: Not all Servicegroups / Hostgroups are shown +* Bug 10317: Event history style broken +* Bug 10319: Recursive sharing navigation items doesn't work. +* Bug 10321: Module iframe doesn't show website with parameters as a single column +* Bug 10328: ZendFramework packages missing for SLES12 +* Bug 10359: Charset option not passed thru PDO adapter +* Bug 10364: PostgreSQL queries apply LOWER() on selected columns +* Bug 10367: Broken user- and group-management +* Bug 10389: Host overview: vsprintf(): Too few arguments +* Bug 10402: LdapUserGroupBackend: user_base_dn not used from UserBackend +* Bug 10419: Swapped icon image order in service header +* Bug 10490: Unhandled service counter in the hosts overview shows incorrect values +* Bug 10533: Form notifications of type information are green +* Bug 10567: Member user name used for basedn when querying usergroup members +* Bug 10597: Empty PDO charset option is invalid +* Bug 10614: Class loader: hardcode module and Zend prefixes +* Bug 10623: Acknowledging multiple selected objects erroneous + +### What's New in Version 2.0.0 + +#### Changes + + +Upgrading to Icinga Web 2 2.0.0 + +Icinga Web 2 installations from package on RHEL/CentOS 7 now depend on php-ZendFramework which is available through the EPEL repository. Before, Zend was installed as Icinga Web 2 vendor library through the package icingaweb2-vendor-zend. After upgrading, please make sure to remove the package icingaweb2-vendor-zend. + +Icinga Web 2 version 2.0.0 requires permissions for accessing modules. Those permissions are automatically generated for each installed module in the format module/. Administrators have to grant the module permissions to users and/or user groups in the roles configuration for permitting access to specific modules. In addition, restrictions provided by modules are now configurable for each installed module too. Before, a module had to be enabled before having the possibility to configure restrictions. + +The instances.ini configuration file provided by the monitoring module has been renamed to commandtransports.ini. The content and location of the file remains unchanged. + +The location of a user's preferences has been changed from config-dir/preferences/username.ini to config-dir/preferences/username/config.ini. The content of the file remains unchanged. + +#### Features + +* Feature 5600: User specific menu entries +* Feature 5647: GUI for permission and restriction assignment +* Feature 5786: Namespace all web controllers +* Feature 6144: Provide additional dashboard panes per default +* Feature 6677: Allow to extend the content of a dashlet on the right +* Feature 7180: Show active cluster hostname in the monitoring health view +* Feature 7367: GUI for adding action and notes URLs +* Feature 7570: Document installation +* Feature 7773: Interpret links in custom variables +* Feature 8336: IDO: Double check that we always add the is_active = 1 condition in our queries +* Feature 8369: Show an indicator when automatic form submission is ongoing +* Feature 8378: Indicate when check results are being late +* Feature 8407: Document example commands for installing from source +* Feature 8642: Show acknowledgement expire time (if any) in the host and service detail view +* Feature 8645: Generic iFrame module +* Feature 8758: Add support for file uploads +* Feature 8848: Show activity indicator for dashlets +* Feature 8884: Move the menu entry for notifications beneath history +* Feature 8981: Combo backend for command transports (fallback mechanism) +* Feature 8985: Visually separate enabled and disabled modules in the modules view +* Feature 9029: Provide a complete list of available filter columns plus custom variables (where appropriate) in the filter editor +* Feature 9030: Service grid: Add limit control +* Feature 9247: Show Icinga Web 2's version in the frontend +* Feature 9364: Apply sort rules for ldap queries on the server's side +* Feature 9381: List installed modules, versions and state in the about page +* Feature 9453: Vagrant: Upgrade to CentOS 7 +* Feature 9460: IDO resource configuration: Ensure that the user is running PostgreSQL 9.1+ +* Feature 9524: Improve setup wizard +* Feature 9525: Configuration enhancements +* Feature 9591: IP Address Search +* Feature 9604: Add Inspection API for Connections +* Feature 9605: LDAP Connection add Test Function +* Feature 9630: Inspectable: Add inspectable API to LDAP connections +* Feature 9641: Add Inspection API for DB Connections +* Feature 9644: Permit access to modules +* Feature 9645: Support for address6 +* Feature 9651: Automatically use the correct instance configuration based on a host's or service's instance +* Feature 9660: Basic access authentication +* Feature 9661: Query for limit+1 for "Show more results" candidates +* Feature 9683: Allow to create MSSQL and Oracle DB resources +* Feature 9702: Allow module developers to define additional static files +* Feature 9761: Store active menu item as HTML5 history state information +* Feature 9772: Allow to list groups from a LDAP backend +* Feature 9826: Allow to select text in the host and service detail area header via double click +* Feature 9830: Monitoring: Support the wildcard restriction for "administrative" roles +* Feature 9888: Display a host's and service's check timeperiod as well as notification timeperiod in the detail view +* Feature 9908: Use better icons for resources, backends and module state +* Feature 9942: Add a warning to the navigition if the last IDO update is older than 5 minutes +* Feature 9943: Offer instance_name as query column +* Feature 9945: Show instance_name in a host's and service's detail view +* Feature 10033: Provide "Counter"-View + +#### Bugfixes + +* Bug 6644: Default sort order is not applied +* Bug 7383: This webpage has a redirect loop without cookies +* Bug 7486: Instance Configuration: Instance must NOT be a GET parameter when creating an instance +* Bug 7488: Instance Configuration: Instance parameter must be mandatory for updating and removing instances +* Bug 7489: Instance Configuration: Custom validation errors must be shown in the form not as notification +* Bug 7490: Instance Configuration: HTTP response code flaws +* Bug 7818: Incorrect language & timezone detection w/ Safari +* Bug 7930: Hide external commands which are not supported by Icinga 2 +* Bug 8312: Don't show last and next check information and schedule check controls for passive only checks +* Bug 8620: Searching in the downtimes list view throws an exception +* Bug 8623: Selected row lost after auto-refresh in every overview except for hosts and services +* Bug 8703: Do not show computer accounts for Active Directory +* Bug 8768: Range multiselection not working in IE11 +* Bug 8845: Missing downtime end information in host and service detail views +* Bug 8954: Document and rename Ldap\Connection to Ldap\LdapConnection +* Bug 8955: Document and rename Ldap\Query to Ldap\LdapQuery +* Bug 8969: Tooltips hidden after auto refresh +* Bug 8975: Error messages disappear after auto refresh #2 +* Bug 8983: Remove yellow boxes from forms and wherever else used +* Bug 9024: Form autosubmits cause autorefreshs to not run anymore +* Bug 9036: Plugin output HTML tags are always escaped +* Bug 9042: Browser address bar gets not updated when closing the detail area while a request for the url that has just been closed is pending +* Bug 9054: Multiselection not visible until a subsequent auto-refresh has been completed +* Bug 9168: Can't use Icinga Web 2 w/ IDO version 1.7 +* Bug 9179: LDAP discovery relies on anonymous access and does not respect encryption +* Bug 9266: Downtimes show "Starts in" for objects with non-problem state +* Bug 9306: Installation Wizard complains about "required and must not be empty"-fields when the user changes the database type first +* Bug 9314: RPM packages do not require Zend PDO packages which results in missing 'php-pdo' exception +* Bug 9330: Uncaught TypeError: Cannot read property 'id' of undefined when deleting comments or downtimes via their respective overview +* Bug 9333: Sorting the service grid by service description fails w/ PostgreSQL +* Bug 9346: Potential active rows not deselected when navigating by browser history +* Bug 9347: Service names with round bracket fail w/ innvalid filter exception when selecting multiple services +* Bug 9348: LDAP filter input errors w/ "The filter must not be wrapped in parantheses" +* Bug 9349: Duplicate headers from Controller::postDispatch() +* Bug 9360: service matrix does not show all intersections +* Bug 9374: Non-existent modules can be disabled +* Bug 9375: Fatal error in icingacli (icingacli-2.0.0-3.beta3.el7.centos.noarch) +* Bug 9376: INI writer must not persist section keys with a null value +* Bug 9398: Rename menu "authentication" to "security" +* Bug 9402: A command form's view script cannot be found if benchmark is enabled +* Bug 9418: DB resources: Do not allow to configure table prefixes +* Bug 9421: Sort controls misbehavior +* Bug 9449: The use statement with non-compound name ... has no effect w/ PHP 5.6.9+ +* Bug 9454: Ghost host- and servicegroups +* Bug 9472: Fetch object statistics only if they're actually displayed +* Bug 9473: Inconsistent counters for service problems +* Bug 9477: Command forms have no tabs +* Bug 9483: Icinga\Web\Widget\Paginator should not require a full query interface +* Bug 9484: Document that the web server has to be restarted after adding the web server user to the icingaweb2 system group +* Bug 9494: Refresh button loads invalid links for views with complex filters +* Bug 9497: Eventhistory: Quick search not working +* Bug 9498: Service overview: Cannot quick search for hosts +* Bug 9499: Hostgroup overview: Cannot quick search for hosts +* Bug 9500: Servicegroup overview: Cannot quick search for services +* Bug 9502: Comment overview: Cannot quick search +* Bug 9503: Comment overview shows duplicate entries when filtering for services +* Bug 9504: Contactgroup overview: Cannot quick search +* Bug 9505: Contact overview: Cannot quick search +* Bug 9506: Notification overview: Cannot quick search +* Bug 9509: Setup: Authentication backend validation broken +* Bug 9511: Setup: Cannot select an existing user as admin account when I've configured an authentication backend of type msldap +* Bug 9516: Improve request processing for all monitoring config forms +* Bug 9517: Behave nicely in case no monitoring instance resources are configured +* Bug 9519: Monitoring backend configuration does not validate IDO resources +* Bug 9529: RPM: Apache config ist not defined as configuration file +* Bug 9530: Creating a dashlet with "()" in dashboard title affects all dashboards +* Bug 9538: Use display_name for host and service names in the service grid +* Bug 9553: User- and Group-Management broken on PHP > 5.3 +* Bug 9572: Cannot remove a user group from a MariaDB backend +* Bug 9573: Selecting multiple services not working while being restricted +* Bug 9574: Multiviews do not only display the chosen objects but everything, if a restriction is active +* Bug 9582: icon_image does not allow to use an icon from our ifont +* Bug 9597: Clicking on the row of a service notification will show the host +* Bug 9607: Ignoring LDAP connection certificate errors does not have any effect +* Bug 9608: LDAP connection must fail when the configured encryption is not possible +* Bug 9611: generictts integration fails if regular expression is empty +* Bug 9615: Hardcoded PHP and gettext tools path +* Bug 9616: Security config form shows no tabs +* Bug 9626: Tactical overview does not auto-refresh +* Bug 9633: Icinga\Cli\Command is unable to detect exact action names +* Bug 9646: If a CLI command fails, crucial exception information missing w/o --trace +* Bug 9668: Browser history issues +* Bug 9672: Invalid host passive check result state: unreachable +* Bug 9674: Don't show comment(s) of acknowledgement(s) in the comment list of a host or service but next to whether the host or service problem is acknowledged +* Bug 9687: @import rules not working in a module's module.less +* Bug 9688: Icinga Web 2 ignores Cache-Control:no-cache +* Bug 9692: Can't filter for custom variables +* Bug 9694: Lib: Weird interface for creating problem menu entries +* Bug 9695: IDO: Empty programstatus table not indicated as problem in the menu +* Bug 9696: Logged exceptions for custom menu item renderers are missing crucial exception information +* Bug 9719: Monitoring backend validation cannot be skipped +* Bug 9739: DbUserBackend inspection unsuccessful for backends with just a single user +* Bug 9751: Bad performance for quick searches +* Bug 9765: instances.ini: transport is undocumented +* Bug 9787: It's not possible to use Unix socket to connect to PostgreSQL +* Bug 9790: Do not suggest to enable modules if it's not possible +* Bug 9815: Multiview detail: controls have wrong link target +* Bug 9817: Documentation: Required parameter 'chapter' missing +* Bug 9819: JS Behaviors: Selection not updated when using multi detail controls +* Bug 9828: Wrong count for queries having a group by clause +* Bug 9837: Documentation: Don't suggest to install icingacli on Debian +* Bug 9844: url anchors not working if a column hash (#!) is also part of the url +* Bug 9869: A module's rendered event is not called upon initialization +* Bug 9892: Module styles not visible for anonymous users +* Bug 9901: Use the DN to fetch group memberships from LDAP +* Bug 9932: Url to extend the timeline is pushed to history +* Bug 9954: PostgreSQL queries use LOWER(...) for non-collated columns which have a collated counterpart +* Bug 9955: PostgreSQL queries ordered by collated columns don't use LOWER +* Bug 9956: Unnecessary GROUP BY clauses +* Bug 9959: Authentication documentation suggests outdated backend identifier "ad" +* Bug 9963: Service history is disordered and shows service and host history +* Bug 9965: format=json does not respect the filter objects +* Bug 9971: Seleting multiple objects at once doesn't work anymore +* Bug 9995: "Show More" links broken in the Alert Summary +* Bug 9998: Can't use custom variables as restriction filter +* Bug 10009: Prettify page layout when accessing a non-existent route while not being authenticated +* Bug 10016: config/* does not permit access to the application and authentication configuration +* Bug 10025: Filter, submitting form via keyboard doesn't work on chrome +* Bug 10031: Navigation by history is broken +* Bug 10046: Menu is somehow confusing top/sub-level entries +* Bug 10082: Adding an entry to a menu section influences it's position +* Bug 10150: IniParser should unescape escaped sections automatically +* Bug 10151: Do not validate section names in forms +* Bug 10155: Multiselection disapperears when issuing commands +* Bug 10160: Notifications/Alert Summary: Grouping errors w/ PostgreSQL +* Bug 10163: Search for hostname does not work in snapshot release +* Bug 10169: Multiselect URLs broken where base url != /icingaweb2 +* Bug 10172: Customvar filters are mostly broken, completely for Icinga 1.x +* Bug 10218: Notes URL isn't showing properly +* Bug 10236: notes_url and action_url target is always icinga.domain.de +* Bug 10246: Use a separate configuration file for each type of navigation item +* Bug 10263: Forms with target=_next remain unusable after first submission + +### What's New in Version 2.0.0-rc1 + +#### Changes + +* Improve layout and look and feel in many ways +* Apply host, service and custom variable restrictions to all monitoring objects +* Add fullscreen mode (?showFullscreen) +* User and group management +* Comment and Downtime Detail View +* Show icon_image in host/service views +* Show Icinga program version in monitoring health + +#### Features + +* Feature 4139: Notify monitoring backend availability problems +* Feature 4498: Allow to add columns to monitoring views via URL +* Feature 6392: Resolve Icinga 2 runtime macros in action and notes URLs +* Feature 6729: Fullscreen mode +* Feature 7343: Fetch user groups from LDAP +* Feature 7595: Remote connection resource configuration +* Feature 7614: Right-align icons +* Feature 7651: Add module information (module.info) to all core modules +* Feature 8054: Host Groups should list number of hosts (as well as services) +* Feature 8235: Show host and service notes in the host and service detail view +* Feature 8247: Move notifications to the bottom of the page +* Feature 8281: Improve layout of comments and downtimes in the host and service detail views +* Feature 8310: Improve layout of performance data and check statistics in the host and service detail views +* Feature 8565: Improve look and feel of the monitoring multi-select views +* Feature 8613: IDO queries related to concrete objects should not depend on collations +* Feature 8665: Show icon_image in the host and service detail views +* Feature 8781: Automatically deselect rows when closing the detail area +* Feature 8826: User and group management +* Feature 8849: Show only three (or four) significant digits (e.g. in check execution time) +* Feature 8877: Allow module developers to implement new/custom authentication methods +* Feature 8886: Require mandatory parameters in controller actions and CLI commands +* Feature 8902: Downtime detail view +* Feature 8903: Comment detail view +* Feature 9009: Apply host and service restrictions to related views as well +* Feature 9203: Wizard: Validate that a resource is actually an IDO instance +* Feature 9207: Show icinga program version in Monitoring Health +* Feature 9223: Show the active ido endpoint in the monitoring health view +* Feature 9284: Create a ServiceActionsHook +* Feature 9300: Support icon_image_alt +* Feature 9361: Refine UI for RC1 +* Feature 9377: Permission and restriction documentation +* Feature 9379: Provide an about.md + +#### Bugfixes + +* Bug 6281: ShowController's hostAction() and serviceAction() do not respond with 400 for invalid/missing parameters and with 404 if the host or service wasn't found +* Bug 6778: Duration and history time formatting isn't correct +* Bug 6952: Unauthenticated users are provided helpful error messages +* Bug 7151: Play nice with form-button-double-clickers +* Bug 7165: Invalid host address leads to exception w/ PostgreSQL +* Bug 7447: Commands sent over SSH are missing the -i option when using a ssh user aside from the webserver's user +* Bug 7491: Switching from MySQL to PostgreSQL and vice versa doesn't change the port in the resource configuration +* Bug 7642: Monitoring menu renderers should be moved to the monitoring module +* Bug 7658: MenuItemRenderer is not so easy to extend +* Bug 7876: Not all views can be added to the dashboard w/o breaking the layout +* Bug 7931: Can't acknowledge multiple selected services which are in downtime +* Bug 7997: Service-Detail-View tabs are changing their context when clicking the Host-Tab +* Bug 7998: Navigating to the Services-Tab in the Service-Detail-View displays only the selected service +* Bug 8006: Beautify command transport error exceptions +* Bug 8205: List views should not show more than the five worst pies +* Bug 8241: Take display_name into account when searching for host and service names +* Bug 8334: Perfdata details partially hidden depending on the resolution +* Bug 8339: Lib: SimpleQuery::paginate() must not fetch page and limit from request but use them from parameters +* Bug 8343: Status summary does not respect restrictions +* Bug 8363: Updating dashlets corrupts their URLs +* Bug 8453: The filter column "_dev" is not allowed here +* Bug 8472: Missing support for command line arguments in the format --arg= +* Bug 8474: Improve layout of dictionaries in the host and service detail views +* Bug 8624: Delete multiple downtimes and comments at once +* Bug 8696: Can't search for Icinga 2 custom variables +* Bug 8705: Show all shell commands required to get ready in the setup wizard +* Bug 8706: INI files should end with a newline character and should not contain superfluous newlines +* Bug 8707: Wizard: setup seems to fail with just one DB user +* Bug 8711: JS is logging "ugly" side exceptions +* Bug 8731: Apply host restrictions to service views +* Bug 8744: Performance data metrics with value 0 are not displayed +* Bug 8747: Icinga 2 boolean variables not shown in the host and service detail views +* Bug 8777: Server error: Service not found exception when service name begins or ends with whitespaces +* Bug 8815: Only the first external command is sent over SSH when submitting commands for multiple selected hosts or services +* Bug 8847: Missing indication that nothing was found in the docs when searching +* Bug 8860: Host group view calculates states from service states; but states should be calculated from host states instead +* Bug 8927: Tactical overview does not respect restrictions +* Bug 8928: Host and service groups views do not respect restrictions +* Bug 8929: Setup wizard does not validate whether the PostgreSQL user for creating the database owns the CREATE ROLE system privilege +* Bug 8930: Error message about refused connection to the PostgreSQL database server displayed twice in the setup wizard +* Bug 8934: Status text for ok/up becomes white when hovered +* Bug 8941: Long plugin output makes the whole container horizontally scrollable instead of just the row containing the long plugin output +* Bug 8950: Improve English for "The last one occured %s ago" +* Bug 8953: LDAP encryption settings have no effect +* Bug 8956: Can't login when creating the database connection for the preferences store fails +* Bug 8957: Fall back on syslog if the logger's type directive is misconfigured +* Bug 8958: Switching LDAP encryption to LDAPS doesn't change the port in the resource configuration +* Bug 8960: Remove exclamation mark from the notification "Authentication order updated!" +* Bug 8966: Show custom variables visually separated in the host and service detail views +* Bug 8967: Remove right petrol border from plugin output in the host and service detail views +* Bug 8972: Can't view Icinga Web 2's log file +* Bug 8994: Uncaught exception on empty session.save_path() +* Bug 9000: Only the first line of a stack trace is shown in the applications log view +* Bug 9007: Misspelled host and service names in commands are not accepted by icinga +* Bug 9008: Notification overview does not respect restrictions +* Bug 9022: Browser title does not change in case of an error +* Bug 9023: Toggling feature... +* Bug 9025: A tooltip of the service grid's x-axe makes it difficult to click the title of the currently hovered column +* Bug 9026: Add To Dashboard ... on the dashboard +* Bug 9046: Detail View: Downtimes description misses space between duration and comment text +* Bug 9056: Filter for host/servicegroup search doesn't work anymore +* Bug 9057: contact_notify_host_timeperiod +* Bug 9059: Can't initiate an ascending sort by host or service severity +* Bug 9198: monitoring/command/feature/object does not grant the correct permissions +* Bug 9202: The config\* permission does not permit to navigate to the configuration +* Bug 9211: Empty filters are being rendered to SQL which leads to syntax errors +* Bug 9214: Detect multitple icinga_instances entries and warn the user +* Bug 9220: Centralize submission and apply handling of sort rules +* Bug 9224: Allow anonymous LDAP binding +* Bug 9281: Problem with Icingaweb 2 after PHP Upgrade 5.6.8 -> 5.6.9 +* Bug 9317: Web 2's ListController inherits from the monitoring module's base controller +* Bug 9319: Downtimes overview does not respect restrictions +* Bug 9350: Menu disappears in user group management view +* Bug 9351: Timeline links are broken +* Bug 9352: User list should be sorted +* Bug 9353: Searching for users fails, at least with LDAP backend +* Bug 9355: msldap seems not to be a first-class citizen +* Bug 9378: Rpm calls usermod w/ invalid option on openSUSE +* Bug 9384: Timeline+Role problem +* Bug 9392: Command links seem to be broken -- cgit v1.2.3