summaryrefslogtreecommitdiffstats
path: root/CHANGELOG.md
blob: 1c1a267911f5127adfb1116d24b7fcce4633bc27 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
# Icinga Web 2 Changelog

Please make sure to always read our [Upgrading](doc/80-Upgrading.md) documentation before switching to a new version.

## What's New

### What's New in Version 2.11.4

You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/78?closed=1).

#### Notable Fixes

* Add/Edit dashlet not possible [#4970](https://github.com/Icinga/icingaweb2/issues/4970)
* Custom library path + custom library, without slash in its name, results in exception [#4971](https://github.com/Icinga/icingaweb2/issues/4971)
* Reflected XSS vulnerability in User Backends config page [#4979](https://github.com/Icinga/icingaweb2/issues/4979)

### What's New in Version 2.11.3

**Notice**: This is a security release. It is recommended to upgrade immediately.

You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/77?closed=1).

#### Minor to Medium Vulnerabilities

In late November we received multiple security vulnerability reports. They are listed below in order of severity
where you can also find further notes:

* Open Redirects for logged in users [#4945](https://github.com/Icinga/icingaweb2/issues/4945)
  This one is quite old, though got worse and easier to exploit since v2.9. It is for this reason that
  this fix has been backported all the way down to v2.9.8. It can be used to exploit incautious users,
  no matter their browser and its security settings. They need to click a specifically crafted link
  (in the easiest form) and log in to Icinga Web by filling in their access credentials. If they're
  already logged in, (due to an existing session or SSO) the browser prevents the exploit from happening.
  We encourage you to update to the latest release as soon as possible to mitigate any potential harm.

* SSH Resource Configuration form XSS Bug [#4947](https://github.com/Icinga/icingaweb2/issues/4947)
  Dashlets allow the user to run Javascript code [#4959](https://github.com/Icinga/icingaweb2/issues/4959)
  These two are very similar. Both revolve around Javascript getting injected by logged in users
  interacting with forms. The SSH resource configuration requires configuration access though and, since
  custom dashlets are only shown to the user who created them, the dashlet configuration cannot affect
  other users. Note that both interactions cannot be initiated externally by CSRF, the forms are protected
  against this. Because of this we assess the severity of these two very low.

* Role member suggestion endpoint is reachable for unauthorized users [#4961](https://github.com/Icinga/icingaweb2/issues/4961)
  This is more a case of missing authorization checks than a full fledged security flaw. But nevertheless,
  it allows any logged-in user, by use of a manually crafted request, to retrieve the names of all available
  users and usergroups.

#### The More Usual Dose of Fixes

* Browser print dialog result broken [#4957](https://github.com/Icinga/icingaweb2/issues/4957)
  If you tried to export a view using the browser's builtin print dialog, (e.g. Ctrl+P) you may have
  noticed a degradation of fanciness since the update to v2.10. This looks nicer than ever now.

* Shared navigation items are not accessible [#4953](https://github.com/Icinga/icingaweb2/issues/4953)
  Since v2.11.0 the shared navigation overview hasn't been accessible using the configuration menu.
  It is now accessible again.

* While using dropdown filter menu it gets closed automatically due to autorefresh [#4942](https://github.com/Icinga/icingaweb2/issues/4942)
  Are you annoyed by the filter editor repeatedly closing the column selection while you're looking for
  something? We have you covered with a fix for this and the column selection should stay open as long
  as you don't click anywhere else.

### What's New in Version 2.11.2

You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/76?closed=1).

It brings performance improvements and general fixes. Most notable of which are that having e.g. notifications
disabled globally is now visible in the menu again and that the event history is grouped by days again.

### What's New in Version 2.11.1

You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/75?closed=1).

This update's main focus is to solve the issue that all history views didn't work correctly or showed invalid
time and dates. ([#4853](https://github.com/Icinga/icingaweb2/issues/4853))

### What's New in Version 2.11.0

You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/70?closed=1).

#### Enhancements, Some

Many of you were waiting for it: PHP 8.1 Support. This means that Icinga Web should be available soon on e.g.
Ubuntu 22.04. You'll also notice that we changed the sidebar, as the user menu went to the very bottom of it.
With it moved the less frequently used menu entries (system and configuration) to a section that pops up by
hovering over the :gear: icon. We did that in order to prepare an area where we can add further functionality
in the future. Oh, and announcements are now visible in fullscreen mode. :upside_down_face:

* Support for PHP 8.1 [#4609](https://github.com/Icinga/icingaweb2/issues/4609)
* Redesign User Menu [#4651](https://github.com/Icinga/icingaweb2/issues/4651)
* &showFullscreen suppresses announcements [#4596](https://github.com/Icinga/icingaweb2/issues/4596)

#### Fixes, More

There are also bug fixes of course. The first mentioned here is one we fixed *accidentally*, as by adding support for
PHP 8.1 we avoided a common PHP quirk responsible for it. If you have a host or service with an asterisk in the name,
it will show up correctly in the detail view now. There was also a remaining issue with the theme mode selection in the
user preferences which is fixed now.

* Navigation item filter `*` not working [#4772](https://github.com/Icinga/icingaweb2/issues/4772)
* Objects with a `*` in the name are not found [#4682](https://github.com/Icinga/icingaweb2/issues/4682)
* Theme mode switch disabled on theme with mode support [#4744](https://github.com/Icinga/icingaweb2/issues/4744)

#### When developers become cleaning maniacs

Usually I write a short note at the start of release notes to make you read the upgrading documentation. This time
however, a more prominent hint is required. We've removed so much (legacy) stuff, anyone tasked with upgrading is
obliged to read [the upgrading documentation](https://icinga.com/docs/icinga-web-2/latest/doc/80-Upgrading/#upgrading-to-icinga-web-211x).
The changes mentioned below only provide a glimpse at it.

* User preferences in INI files not supported anymore [#4765](https://github.com/Icinga/icingaweb2/pull/4765)
* mysql: use of utf8 vs utfmb4 [#4680](https://github.com/Icinga/icingaweb2/issues/4680)
* Remove Vagrant file and its assets [#4762](https://github.com/Icinga/icingaweb2/pull/4762)

### What's New in Version 2.10.1

It's a rather small update this time without any critical bugs. :tada: So let's get straight to the fixes:

* Clicking anywhere on a list item in the dashboard now opens the primary link again, instead of nothing [#4710](https://github.com/Icinga/icingaweb2/issues/4710)
* The `Check Now` and `Remove Acknowledgement` quick actions in an object's detail header are now working again [#4711](https://github.com/Icinga/icingaweb2/issues/4711)
* Clicking on the big number in the tactical overview if there are `UNKNOWN` services, shows `UNKNOWN` services now [#4714](https://github.com/Icinga/icingaweb2/issues/4714)
* The contrast of text in the sidebar, while in light mode, has been increased [#4720](https://github.com/Icinga/icingaweb2/issues/4720)
* A theme without mode support, which is set globally, now also prevents users from configuring the mode [#4723](https://github.com/Icinga/icingaweb2/issues/4723)

### What's New in Version 2.10.0

You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/63?closed=1).

Please make sure to also check the respective [upgrading section](https://icinga.com/docs/icinga-web-2/latest/doc/80-Upgrading/#upgrading-to-icinga-web-2-210x)
in the documentation.

#### The Appearance of Dark and Light

We have already spoken a lot about the [theme mode support](https://icinga.com/blog/2021/06/16/introducing-dark-and-light-theme-modes/)
that we were working on [for some time](https://icinga.com/blog/2022/02/10/icinga-web-not-just-black-and-white/) now.
It was planned for v2.9.0, but in respect of many modules and themes out there we gave it the deserved attention.
Below is a glimpse of what this looks like.

[![Icinga Web 2 Theme Mode Preview](https://icinga.com/wp-content/uploads/2022/03/theme-mode-demo-small.jpg "Icinga Web 2 Theme Mode Preview")](https://icinga.com/wp-content/uploads/2022/03/theme-mode-demo.jpg)

#### Custom Variables Shown Unaltered – Or not

Icinga Web 2 had some bad habits when displaying custom variables in the UI. We've driven out the last one regarding
names now. Uppercase characters are now shown as such. What Icinga Web 2 stopped doing though, can now be accomplished
by modules. A new hook that enables modules to influence the rendering of custom variables has been introduced.

* CustomVarNames should not be converted to lowercase [#4639](https://github.com/Icinga/icingaweb2/issues/4639)
* Display the Director Caption of a Custom Variable [#3479](https://github.com/Icinga/icingaweb2/issues/3479)

#### Surprising Beauty in Exported Places

Anyone who already attempted to export a list of services to PDF has seen the degradation of details in recent years.
Be it images, icons, colors or the general layout. We simply reached a technical limit with the builtin PDF export.
That is why we made [Icinga PDF Export](https://github.com/Icinga/icingaweb2-module-pdfexport). Icinga Web 2 has now
a much enhanced compatibility with it. Exporting a list of services while Icinga PDF Export is set up, will now lead
to a much better looking result.

* Enhance PDF export [#4685](https://github.com/Icinga/icingaweb2/pull/4685)
* Image not found when creating PDF view of objects [#4674](https://github.com/Icinga/icingaweb2/issues/4674)

### What's New in Version 2.9.6

**Notice**: This is a security release. It is recommended to upgrade immediately.

#### Security Fixes

This release includes three security related fixes. The first is a path traversal issue that affects installations
of v2.9.0 and above. Another one allows admins to run arbitrary PHP code just by accessing the UI. The last one may
disclose unwanted details to restricted users. Please check the advisories on GitHub for more details.

* Path traversal in static library file requests for unauthenticated users [GHSA-5p3f-rh28-8frw](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw)
* SSH resources allow arbitrary code execution for authenticated users [GHSA-v9mv-h52f-7g63](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63)
* Unwanted disclosure of hosts and related data, linked to decommissioned services [GHSA-qcmg-vr56-x9wf](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf)

### What's New in Version 2.9.5

This is a hotfix release which fixes the following issues:

* Some detail views of Icinga Director and other modules are broken with Web 2.9.4 [#4598](https://github.com/Icinga/icingaweb2/issues/4598)
* Error on skipping LDAP Discovery [#4603](https://github.com/Icinga/icingaweb2/issues/4603)

### What's New in Version 2.9.4

You can also find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/68?closed=1).

#### Broken Preference Configuration

The preferences configuration broke with the release of v2.9 in some cases. Previously it was possible to access this
and the general configuration without any configuration at all on disk. This is now possible again. The preferences of
some users, which have a theme of a disabled module enabled, also showed an error. This doesn't happen anymore now.

* Config/Preferences not accessible without config.ini [#4504](https://github.com/Icinga/icingaweb2/issues/4504)
* "My Account" broken after Upgrade from 2.8.2 to 2.9.3 [#4512](https://github.com/Icinga/icingaweb2/issues/4512)

#### Notable Fixes in the UI

For a long time now, comments in lists had the bad habit to spread erratically if their content was large. They're
limited to two lines now in lists and are still shown in full glory in their respective detail area. While talking
of lines... Plugin output with subsequent empty lines erroneously showed only one of them. This is now fixed.

* Proposal for new Feature make comments collapsible [#4515](https://github.com/Icinga/icingaweb2/issues/4515)
* new line character is being removed in the plugin output [#4522](https://github.com/Icinga/icingaweb2/issues/4522)

#### Less Notable But No Less Important Fixes

We are actually very committed to provide a good experience for restricted users. So I'm happy to tell you that a nasty
bug is fixed that resulted in the focus being lost randomly. Third party integrations are also important to us, hence
I'm happy that this release fixes an issue where module specific JavaScript didn't load properly. Are you happy now?

* `announcements` request clears focus [#4543](https://github.com/Icinga/icingaweb2/issues/4543)
* js: Fix regression for loading dependent modules for sub-containers [#4533](https://github.com/Icinga/icingaweb2/issues/4533)

### What's New in Version 2.9.3

You can also find the issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/66?closed=1).

#### Staying remembered on RHEL/CentOS 7 now possible

RHEL/CentOS 7 still relies on OpenSSL v1.0.2 by default. A change in v2.9.1 resulted in an error in combination with
this when ticking `Stay Logged In` during authentication. Staying logged in now works fine also on this platform.

* Stay Logged In - Unknown cipher algorithm [#4493](https://github.com/Icinga/icingaweb2/issues/4493)

#### Missing icons with SLES/OpenSUSE 15

If you're running Icinga Web 2 Version 2.9.x on a SLES/OpenSUSE 15.x, you may have noticed some missing icons in the UI.
This is due to a missing PHP extension `fileinfo`. By upgrading to this release using packages, this dependency will now
be installed automatically.

* Missing fileinfo php extension on SLES/OpenSUSE 15+ [#4503](https://github.com/Icinga/icingaweb2/issues/4503)

#### Child downtimes for services are now removed automatically

With Icinga v2.13, Icinga Web 2 will now make sure that service downtimes that were created automatically are also
removed automatically. This will only work for downtimes you create with the `All Services` option after upgrading
to this release. It will not work for downtimes created with earlier versions of Icinga Web 2.

* If appropriate, set the API parameter all_services for schedule-downtime [#4501](https://github.com/Icinga/icingaweb2/pull/4501)

### What's New in Version 2.9.2

This is a hotfix release. v2.9.1 included a change that wasn't compatible with PostgreSQL again. This has been fixed
in this release. (#4490)

### What's New in Version 2.9.1

You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/64?closed=1).

Please make sure to also check the respective [upgrading section](https://icinga.com/docs/icinga-web-2/latest/doc/80-Upgrading/#upgrading-to-icinga-web-2-291)
in the documentation.

This release is accompanied by the minor releases v2.7.6 and v2.8.4 which include the fix for the flattened custom variables.

#### Pancakes everywhere

One of the security fixes included in v2.7.5, v2.8.3 and v2.9.0 went rampant and let you see similarities between custom
variables and pancakes. These are gone now. Also, the login allowed some users to bake pancakes on their CPUs. However,
we'd still recommend not to. What we do recommend, is to use graphical details to ease recognition. A pancake 🥞 in
performance data labels for example.

* Nested custom variables are flattened [#4439](https://github.com/Icinga/icingaweb2/issues/4439)
* Disable login orb animation and all orbs for themes [#4468](https://github.com/Icinga/icingaweb2/pull/4468)
* SVG chart library doesn't process input as UTF-8 [#4462](https://github.com/Icinga/icingaweb2/issues/4462)

#### Staying remembered too difficult

We all have sometimes difficulties remembering people we rarely meet. Especially obvious is this on those that slip
through because they don't do the same things we do. With v2.9.0 this has happened for PostgreSQL, PHP v5.6-v7.0 and
setup wizard users. Now they get their deserved attention, and Icinga Web 2 will remember them just like all others.

* RememberMe not working with only PostgreSQL [#4441](https://github.com/Icinga/icingaweb2/issues/4441)
* RememberMe compatibility with php version 5.6+ [#4472](https://github.com/Icinga/icingaweb2/pull/4472)
* RememberMe fails after running the wizard for grants [#4434](https://github.com/Icinga/icingaweb2/issues/4434)

#### Being picky pays off

A custom datetime picker was introduced with v2.9.0. It had it's issues, but we didn't anticipate that much headwind.
After careful reconsideration, we chose to only show the custom datetime picker for Firefox and IE users. Other browsers
have their own capable enough native implementation which, in Chrome's case, may even be superior. If it is now used,
it also closes automatically and doesn't swallow unrelated key presses.

* Datetimepicker not usable by keyboard [#4442](https://github.com/Icinga/icingaweb2/issues/4442)
* Close the datepicker automatically [#4461](https://github.com/Icinga/icingaweb2/issues/4461)
* Paragraphs in Acknowledge/Downtime not possible [#4443](https://github.com/Icinga/icingaweb2/issues/4443)

### What's New in Version 2.9.0

You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/59?closed=1).

Please make sure to also check the respective [upgrading section](https://icinga.com/docs/icinga-web-2/latest/doc/80-Upgrading/#upgrading-to-icinga-web-2-29x)
in the documentation.

This release is accompanied by the minor releases v2.7.5 and v2.8.3 which include the security fixes mentioned below.

#### Icinga DB

We continue our endeavour soon. Icinga Web 2 is still a crucial part of it and this update is again required
for Icinga DB. If you like to participate again, don't forget to update Icinga Web 2 as well.

#### Security Fixes

This release includes two security related fixes. Both were published as part of a security advisory on Github.
They allow the circumvention of custom variable protection rules and blacklists as well as a path traversal if
the `doc` module is enabled. Please check the respective advisory for details.

* Custom variable protection and blacklists can be circumvented [GHSA-2xv9-886q-p7xx](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx)
* Possible path traversal by use of the `doc` module [GHSA-cmgc-h4cx-3v43](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43)

#### RBAC, The Elephant In Icinga Web 2

Role Based Access Control, for the non-initiated. I'll make it short: Permission refusals, Role inheritance,
Privilege Audit. Icinga DB will also solve the long-standing issue [#2455](https://github.com/Icinga/icingaweb2/issues/2455)
and also allows [#3349](https://github.com/Icinga/icingaweb2/issues/3349) and [#3550](https://github.com/Icinga/icingaweb2/issues/3550).
I've also written a blog post about this very topic: https://icinga.com/blog/2021/04/07/web-access-control-redefined/

* Authorization enhancements [#4306](https://github.com/Icinga/icingaweb2/pull/4306)
* Audit View [#4336](https://github.com/Icinga/icingaweb2/pull/4336)
* Highlight modules with permissions set inside a role [#4241](https://github.com/Icinga/icingaweb2/issues/4241)

#### Support for PHP 8

PHP 8 is released and with Icinga Web 2.9 it will now (hopefully) work flawlessly. We also took the chance
to prepare to drop the support of some legacy PHP versions. We now require PHP 7.3 at a minimum and all
versions below that will not be supported anymore with the release of v2.11.

* Support PHP 8 [#4289](https://github.com/Icinga/icingaweb2/pull/4289)
* Raise minimum required PHP version to 7.3 [#4397](https://github.com/Icinga/icingaweb2/pull/4397)

#### Stay, Be Remembered

Have you ever been disappointed that Icinga Web 2 always forgets you after closing your browser? This is in
your hands now! Just tick the new checkbox on the login screen and Icinga Web 2 doesn't forget your presence
anymore. Unless of course the administrator or you on a different device clears your session.

* Implement a "remember me" feature [#2495](https://github.com/Icinga/icingaweb2/issues/2495)

#### It Does Matter, When

Browsers are bad when it's about date and time inputs. (I'm looking at you Mozilla!) Now we've given our hopes
up and use a specifically invented solution to show you a date and time picker throughout every browser. With
Icinga v2.13 onwards you will also be able to use this when defining an expiry date for comments! Though, you
might not necessarily use it that often once you've configured new custom defaults for downtime endings.

* Add datetime picker widget [#4354](https://github.com/Icinga/icingaweb2/pull/4354)
* Expire Option for Comments [#3447](https://github.com/Icinga/icingaweb2/issues/3447)
* Custom defaults for downtime end, comment and duration [#4364](https://github.com/Icinga/icingaweb2/issues/4364)

### What's New in Version 2.8.2

**Notice**: This is a security release. It is recommended to immediately upgrade to this release.

You can find all issues related to this release on the respective [milestone](https://github.com/Icinga/icingaweb2/milestone/62?closed=1).

#### Path Traversal Vulnerability

The vulnerability in question allows an attacker to access arbitrary files which are readable by the process running
Icinga Web 2. Technical details can be found at the corresponding [CVE-2020-24368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24368)
and in the issue below.

* Possible path traversal when serving static image files [#4226](https://github.com/Icinga/icingaweb2/issues/4226)

#### Broken Negated Filters with PostgreSQL

We've also included a small non-security related fix. Searching for e.g. `servicegroup!=support` leads to an error
instead of the desired result when using a PostgreSQL database.

* Single negated membership filter fails with PostgreSQL [#4196](https://github.com/Icinga/icingaweb2/issues/4196)

### What's New in Version 2.8.1

You can find all issues related to this release on the respective [milestone](https://github.com/Icinga/icingaweb2/milestone/61?closed=1).

#### Case Sensitivity Problems

A fix in v2.8.0 led to users being not able to login if they got their username's case wrong. A hostgroup name's case
has also been incorrectly taken into account despite using a `CI` labelled column in the servicegrid and other lists.

* Login usernames now case sensitive in 2.8 [#4184](https://github.com/Icinga/icingaweb2/issues/4184)
* Case insensitive hostgroup filter in service grid not working [#4178](https://github.com/Icinga/icingaweb2/issues/4178)

#### Issues With Numbers

An attempt to avoid misrepresenting environments in the tactical overview had an opposite effect by showing negative
numbers. Filtering for timestamps in the event history also showed no results because our filters couldn't cope with
plain numbers anymore.

* Tactical overview showing "-1 pending" hosts [#4174](https://github.com/Icinga/icingaweb2/issues/4174)
* Timestamp filters not working correctly in history views [#4182](https://github.com/Icinga/icingaweb2/issues/4182)

### What's New in Version 2.8.0

You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/60?closed=1).

#### Icinga DB

It's happening. Yes. Our latest achievement is now available for those who are willing to participate in this enormous
endeavour. Icinga Web 2 is also a crucial part of it and accompanies the first release of Icinga DB. If you like
to participate, don't forget to update Icinga Web 2 as well.

#### Support for PHP 7.4 and MySQL 8

We also made sure that you won't be disappointed by Icinga Web 2 if you're running PHP 7.4 or trying to access a MySQL
database with version 8+. These should pose no issues anymore now. But if you still somehow managed to get issues
please let us now and we'll fix it asap.

* Exceptions with MySQL 8 [#3740](https://github.com/Icinga/icingaweb2/issues/3740)
* Support for PHP 7.4 [#4009](https://github.com/Icinga/icingaweb2/issues/4009)

#### Find What You Search For

It's been previously not possible to properly filter for range values. This was especially true for custom variables
where, if you searched for e.g. `_host_interfaces>=20`, you wouldn't find the correct results. If you often copy some
values in our search fields you may also been a victim of extraneous spaces which are now automatically trimmed.

* Filter: more/less than doesn't seem to working [#3974](https://github.com/Icinga/icingaweb2/issues/3974)
* Search object followed by a space finds no results [#4002](https://github.com/Icinga/icingaweb2/issues/4002)

#### Don't Leave Your Little Sheep Unattended

It's time again to further restrict your users. It's now possible to completely block any access to contacts and
contactgroups for specific roles. These won't ever see again who's notified and who's not. Also, if you are using
single accounts for a group of people you can now disable password changes for those.

* Prohibit access to contacts and contactgroups [#3973](https://github.com/Icinga/icingaweb2/issues/3973)
* Allow to forbid password changes on specific user accounts [#3286](https://github.com/Icinga/icingaweb2/issues/3286)

#### In and Out, Access Control Done Right

While we have no burgers (but cookies!) you are nevertheless welcome to visit Icinga Web 2. And now you can also
successfully leave while being externally authenticated and unsuccessfully enter while being unable to not add
extraneous spaces to your username.

* External logout not working from the navigation dashboard [#3995](https://github.com/Icinga/icingaweb2/issues/3995)
* Username with extraneous spaces are not invalid [#4030](https://github.com/Icinga/icingaweb2/pull/4030)

### Changes in Packaging and Dependencies

Valid for distributions:

* RHEL / CentOS 7
  * Upgrade to PHP 7.3 via RedHat SCL
  * See [Upgrading to Icinga Web 2 2.8.x](doc/80-Upgrading.md#upgrading-to-icinga-web-2-28x)
    for manual steps that are required

#### Discontinued Package Updates

Icinga Web 2 v2.8+ is not supported on these platforms:

* RHEL / CentOS 6
* Debian 8 Jessie
* Ubuntu 16.04 LTS (Xenial Xerus)

Please consider an upgrade of your central Icinga system to a newer distribution release.

[icinga.com](https://icinga.com/subscription/support-details/) provides an overview about
currently supported distributions.

### What's New in Version 2.7.3

This is a hotfix release and fixes the following issue:

* Servicegroups for roles with filtered objects not available [#3983](https://github.com/Icinga/icingaweb2/issues/3983)

### What's New in Version 2.7.2

You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/57?closed=1).

#### Less Smoky Database Servers

The release of v2.7.1 introduced a change which revealed an inefficient part of our database queries. We made some
general optimizations on our queries and changed the way we utilize them in some views. The result are faster
response times by less work for the database server.

* Consuming more CPU resources since upgraded to 2.7.1 [#3928](https://github.com/Icinga/icingaweb2/issues/3928)

#### Anarchism Infested Dashboards

Recent history already showed signs of anarchism. (Pun intended) A similar mindset now infested default dashboards
which appeared in a different way than before v2.7.0. We taught their dashlets a lesson and order has been reestablished
as previously.

* Recently Recovered Services in dashboard "Current Incidents" seems out of order [#3931](https://github.com/Icinga/icingaweb2/issues/3931)

#### Solitary Downtimes

We improved the host and service distinction with v2.7.0. The downtimes list however got confused by this and didn't
knew anymore how to combine multiple downtimes. If you now instruct the list to select multiple downtimes this works
again as we removed the confusing parts.

* Selection of multiple downtimes fails [#3920](https://github.com/Icinga/icingaweb2/issues/3920)

### What's New in Version 2.7.1

You can find all issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/56?closed=1).

#### Sneaky Solution for Sneaky Links

Usually we try to include only bugs in minor-releases. Sorry, bug-fixes, of course. But thanks to
[@winem_](https://twitter.com/winem_/status/1156531270521896960) we have also a little enhancement this time:
Links in comments, notes, etc. are now [highlighted](https://github.com/Icinga/icingaweb2/pull/3893) as such.

* Highlight links in the notes of an object [#3888](https://github.com/Icinga/icingaweb2/issues/3888)

#### Nobody's Perfect, Not Even Developers

We knew it. We saw it coming. And forgot about it. Some views, especially histories, showed an anarchic behavior
since v2.7.0. The change responsible for this has been undone and history's order is reestablished now.

* Default sort rules no longer work in 2.7.0 [#3891](https://github.com/Icinga/icingaweb2/issues/3891)

#### Restrictions Gone ~~Wild~~ Cagey

A [fix](https://github.com/Icinga/icingaweb2/pull/3868) unfortunately caused restrictions using wildcards to show no
results anymore. This is now solved and such restrictions are as permissive as ever.

* Wildcard filters in chains broken [#3886](https://github.com/Icinga/icingaweb2/issues/3886)

### What's New in Version 2.7.0

You can find issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/52?closed=1).

#### Icinga's Amazingness Spreads Further

All the Japanese and Ukrainian monitoring enthusiasts can now appreciate our web-frontend in their native tongue. Being
so late to the party is also of their advantage, though. Because they can adjust their dashboard without worrying it gets
broke with the next update. (All other admins with non-english users, please have a look at our
[upgrading documentation](doc/80-Upgrading.md#upgrading-to-icinga-web-2-27x-))

* Add Japanese language support [#3776](https://github.com/Icinga/icingaweb2/pull/3776)
* Add Ukrainian language support [#3828](https://github.com/Icinga/icingaweb2/pull/3828)
* Don't translate pane and dashlet names in configs [#3837](https://github.com/Icinga/icingaweb2/pull/3837)

#### Modules - Bonus Functionality Unleashed

With this release module developers got additional ways to customize Icinga Web 2. Whether you ever wanted to hook into
a configuration form's handling, to perform your very own Ajax requests or enhance our multi-select views with fancy
graphs. All is possible now.

* Allow to hook into a configuration form's handling [#3862](https://github.com/Icinga/icingaweb2/pull/3862)
* Allow to fully customize click and submit handling [#3794](https://github.com/Icinga/icingaweb2/issues/3767)
* Integrate DetailviewExtension into multi-select views [#3304](https://github.com/Icinga/icingaweb2/pull/3304)

#### UI - Your Daily Routine and Incident Management, Enhanced

Users with color deficiencies now have a built-in theme to ease navigating within Icinga Web 2. Also, our forms got
a long overdue re-design and now look less boring. Though, the best of all features is that clicking while holding
the Ctrl-key now actually opens a new browser tab! Lost comments? No more. Defining an expiry date again? No more!

* Add colorblind theme [#3743](https://github.com/Icinga/icingaweb2/pull/3743)
* Improve the look of forms [#3416](https://github.com/Icinga/icingaweb2/issues/3416)
* Make ctrl-click open new tab [#3723](https://github.com/Icinga/icingaweb2/pull/3723)

#### Stay Focused - More Room for More Important Stuff

Some of you know that some checks tend to produce walls of text or measure (too) many interfaces. Now, plugin output
and performance data will collapse if they exceed a certain height. If necessary they can of course be expanded and
keep that way across browser restarts. The same is also true for the sidebar. (Though, this one stays *collapsed*)

* Persistent Collapsible Containers [#3638](https://github.com/Icinga/icingaweb2/pull/3638)
* Collapsible plugin output [#3870](https://github.com/Icinga/icingaweb2/pull/3870)
* Collapsed sidebar should stay collapsed [#3682](https://github.com/Icinga/icingaweb2/issues/3628)

#### Markdown - Tables, Lists and Emphasized Text The Easy Way

Since we now have the possibility to collapse large content dynamically, we allow you to add entire wiki pages to hosts
and services. Though, if you prefer to use a real wiki to maintain those (what we'd strongly suggest) it's now easier
than ever before to link to it. Copy url, paste url, submit comment, Done.

* Make notes, comments and announcements markdown aware [#3814](https://github.com/Icinga/icingaweb2/pull/3814)
* Transform any URL in a Comment to a clickable Link [#3441](https://github.com/Icinga/icingaweb2/issues/3441)
* Support relative links in plugin output [#2916](https://github.com/Icinga/icingaweb2/issues/2916)

#### Things You Have Missed Previously

The tactical overview, our fancy pie charts, is now the very first result when you search something in the sidebar.
If you'll see two entirely green circles there, relax. Also overdue or unreachable checks are now appropriately marked
in list views and the service grid now allows you to switch between everything or problems only.

* Add tactical overview to global search [#3845](https://github.com/Icinga/icingaweb2/pull/3845)
* Servicegrid: Add toggle to show problems only [#3871](https://github.com/Icinga/icingaweb2/pull/3871)
* Make overdue/unreachable checks better visible [#3860](https://github.com/Icinga/icingaweb2/pull/3860)

#### Authorization - Knowing and Controlling What's Going On

Roles can now be even more tailored to users since the introduction of a new placeholder. This placeholder allows to
use a user's name in restrictions. Things like `_service_responsible_person=$user:local_name$` are now possible. The
audit log now receives failed login-attempts, that's been made possible since hooks can now run for anonymous users.

* Allow roles to filter for the currently logged in user [#3493](https://github.com/Icinga/icingaweb2/issues/3493)
* Add possibility to disable permission checks for hooks [#3849](https://github.com/Icinga/icingaweb2/pull/3849)
* Send failed login-attempts to the audit log [#3856](https://github.com/Icinga/icingaweb2/pull/3856)

See also the [audit module](https://github.com/Icinga/icingaweb2-module-audit/releases) which got an update and is
required for [#3856](https://github.com/Icinga/icingaweb2/pull/3856) to work.

### What's New in Version 2.6.3

You can find issues related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/54?closed=1).

#### PHP 7.3

Now supported. :tada:

#### LDAP - Community contributions, that's the spirit

With the help of our users we've finally fixed the issue that defining multiple hostnames and enabling STARTTLS has
never properly worked. Also, they've identified that defining multiple hostnames caused a customized port not being
utilized and fixed it themselves.

There has also a rare case been fixed that caused no group members being found in case object classes had a different
casing than what we expected. (Good news for all the non-OpenLdap and non-MSActiveDirectory users) 

* LDAP connection fails with multiple servers using STARTTLS [#3639](https://github.com/Icinga/icingaweb2/issues/3639)
* LDAPS authentication ignores custom port setting [#3713](https://github.com/Icinga/icingaweb2/issues/3713)
* LDAP group members not found [#3650](https://github.com/Icinga/icingaweb2/issues/3650)

#### We take care about your data even better now

With this are newlines and HTML entities (such as ` `) in plugin output and custom variables meant.
Sorry if I've teased some data security folks now. :innocent:

* Newlines in plugin output disappear [#3662](https://github.com/Icinga/icingaweb2/issues/3662)
* Windows path separators are converted to newlines in custom variables [#3636](https://github.com/Icinga/icingaweb2/issues/3636)
* HTML entities in plugin output are not resolved if no other HTML is there [#3707](https://github.com/Icinga/icingaweb2/issues/3707)

#### You've wondered how you got into a famous blue police box?

Don't worry, not only you and the european union are sometimes unsure what's the correct time.

* Set client timezone on DB connection [#3525](https://github.com/Icinga/icingaweb2/issues/3525)
* Ensure a valid default timezone is set in any case [#3747](https://github.com/Icinga/icingaweb2/pull/3747)
* Fix that the event detail view is not showing times in correct timezone [#3660](https://github.com/Icinga/icingaweb2/pull/3660)

#### UI - The portal to your monitoring environment, improved

The collapsible sidebar introduced with v2.5 has been plagued by some issues since then. They're now fixed. Also,
the UI should now flicker less and properly preserve the scroll position when interacting with action links. (This
also allows the business process module to behave more stable when using drag and drop in large configurations.)

* Collapsible Sidebar Issues [#3187](https://github.com/Icinga/icingaweb2/issues/3187)
* Fix title when closing right column [#3654](https://github.com/Icinga/icingaweb2/issues/3654)
* Preserve scroll position upon form submits [#3661](https://github.com/Icinga/icingaweb2/pull/3661)

#### Corrected things we've broke recently

That's due to preemptive changes to protect you from bad individuals. Unfortunately this meant that some unforeseen
side-effects appeared after the release of v2.6.2. These are now fixed.

* Multiline values in ini files broken [#3705](https://github.com/Icinga/icingaweb2/issues/3705)
* PHP ini parser doesn't strip trailing whitespace [#3733](https://github.com/Icinga/icingaweb2/issues/3733)
* Escaped characters in INI values are not unescaped [#3648](https://github.com/Icinga/icingaweb2/issues/3648)

Though, if you've faced issue [#3705](https://github.com/Icinga/icingaweb2/issues/3705) you still need to take manual
action (if not already done) as the provided fix does only prevent further occurrences of the resulting error. The
required changes involve the transformation of all real newlines in Icinga Web 2's INI files to literal `\n` or `\r\n`
sequences. (Files likely having such are the `roles.ini` and `announcements.ini`)

### What's New in Version 2.6.2

You can find issues and features related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/53?closed=1).

This bugfix release addresses the following topics:

* Database connections to MySQL 8 no longer fail
* LDAP connections now have a timeout configuration which defaults to 5 seconds
* User groups are now correctly loaded for externally authenticated users
* Filters are respected for all links in the host and service group overviews
* Fixed permission problems where host and service actions provided by modules were missing
* Fixed an SQL error in the contact list view when filtering for host groups
* Fixed time zone (DST) detection
* Fixed the contact details view if restrictions are active
* Doc parser and documentation fixes

### What's New in Version 2.6.1

You can find issues and features related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/51?closed=1).

The command audit now logs a command's payload as JSON which fixes a
[bug](https://github.com/Icinga/icingaweb2/issues/3535) that has been introduced in version 2.6.0.

### What's New in Version 2.6.0

You can find issues and features related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/48?closed=1).

#### Enabling you to do stuff you couldn't before

* Support for PHP 7.2 added
* Support for SQLite resources added
* Login and Command (monitoring) auditing added with the help of a dedicated [module](https://github.com/Icinga/icingaweb2-module-audit)
* Pluginoutput rendering is now hookable by modules which allows to render custom icons, emojis and .. cute kitties :octocat:

#### Avoiding that you miss something

* It's now possible to toggle between list- and grid-mode for the host- and servicegroup overviews
* The servicegrid now supports to flip its axes which allows it to be put into a [landscape mode](https://github.com/Icinga/icingaweb2/pull/3449#issue-185415579)
* Contacts only associated with services are visible now when restricted based on host filters
* Negated and combined membership filters now work as expected ([#2934](https://github.com/Icinga/icingaweb2/issues/2934))
* A more prominent error message in case the monitoring backend goes down
* The filter editor doesn't get cleared anymore upon hitting Enter

#### Making your life a bit easier

* The tactical overview is now filterable and can be safely put into [the dashboard](https://github.com/Icinga/icingaweb2/pull/3446#issue-185379142)
* It is now possible to register new announcements over the [REST Api](https://github.com/Icinga/icingaweb2/issues/2749#issuecomment-279667189)
* Filtering for custom variables now works in UTF8 environments

#### Ensuring you understand everything

* The monitoring health is now beautiful to look at and properly behaves in [narrow environments](https://github.com/Icinga/icingaweb2/pull/3515#issue-200075373)
* Updated German localization
* Updated Italian localization

#### Freeing you from unrealiable things

* Removed support for PHP < 5.6
* Removed support for persistent database connections

### What's New in Version 2.5.3

You can find issues and features related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/50?closed=1).

#### Fixes

A fix for an issue introduced with v2.5.2 that prevented service-only contacts from appearing in the UI resulted in long
database response times and has been reverted.

### What's New in Version 2.5.2

You can find issues and features related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/49?closed=1).

#### UI Changes

The sidebar's search behaviour has been changed so that it does only react to user-input after the user stopped typing.
Also, the cursor does not jump to the end of form-inputs anymore in case of an auto-refresh. We've also fixed an issue
that caused [custom icons](https://github.com/Icinga/icingaweb2/issues/3181#issuecomment-378875462) to be inverted when
placed in the sidebar. Last but not least, the header now expands its width beyond the 3840px mark and single dashlets
do not show a horizontal scrollbar anymore.

#### PHP7 MSSQL Compatibility

Support for Microsoft's `sqlsrv` extension has been added. Also, it's now possible to setup MSSQL resources in the
front-end using the `dblib` extension.

#### Proper Error Responses

An issue introduced with v2.5.1 has been resolved where some errors (especially HTTP 404 Not Found) were masked
by another subsequent error.

#### Broken LDAP Group Memberships

An issue introduced with v2.5.1 has been resolved where users with a domain in their name were not associated with any
LDAP groups.

#### Monitoring Module

Issuing a check using the "Check Now" action now properly causes a check being made by Icinga 2 even if outside the
timeperiod. (Note: This issue was only present if using the Icinga 2 Api as command transport.)

#### Login/Logout Expandability

It's now possible for modules to provide hooks for the user authorization. This for example allows to transparently
authenticate users in third-party applications such as [Grafana](https://github.com/Icinga/icingaweb2/pull/3401#issue-178030542).

### What's New in Version 2.5.1

You can find issues and features related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/47?closed=1).

Besides many other bug fixes, Icinga Web 2 v2.5.1 fixes an issue where it was no longer possible to filter by host
custom variables in service related views. Also, this release introduces detail views for the event history and
improved upgrading docs. Furthermore, this version censors sensitive information (e.g. LDAP passwords) in exception
stack traces.

### What's New in Version 2.5.0

You can find issues and features related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/45?closed=1).

#### Raised PHP Version Dependency

Icinga Web 2 now requires at least PHP 5.6.

#### UI Changes

The style of the login screen and menu have been changed. Also, the menu of Icinga Web 2 is now collapsible.
Browser tabs will not auto-refresh if they are inactive. Users are now allowed to change the default pagination limit
via their preferences.

#### Domain-aware Authentication for Active Directory and LDAP Backends

If there are multiple AD/LDAP authentication backends with distinct domains, you are now able to make Icinga Web 2
aware of the domains. This can be done by configuring each AD/LDAP backend's domain. You can also use the GUI for this
purpose. Please read our [documentation](doc/05-Authentication.md#domain-aware-auth) for more information about this
feature.

#### Changes in Packaging and Dependencies

Valid for distributions:

* RHEL / CentOS 6 + 7
  * Upgrading to PHP 7.0 / 7.1 via RedHat SCL (new dependency)
  * See [Upgrading to FPM](doc/02-Installation.md#upgrading-to-fpm) for manual steps that are required
* SUSE SLE 12
  * Upgrading PHP to >= 5.6.0 via the alternative packages.
    You might have to confirm the replacement of PHP < 5.6 - but that should work with any other PHP app as well
  * Make sure to enable the new Apache module `a2enmod php7` and restart `apache2`

#### Discontinued Package Updates

For the following distributions Icinga Web 2 won't be updated past 2.4.x anymore:

* Debian 7 wheezy
* Ubuntu 14.04 LTS (trusty)
* SUSE SLE 11 (all service packs)

Please think about replacing your central Icinga system to a newer distribution release.

Also see [packages.icinga.com](https://packages.icinga.com) for the currently supported distributions.

### What's New in Version 2.4.2

#### Bugfixes

* Bug 2965: Transport config: Default port not changing upon auto-submit
* Bug 2926: Wrong order when sorting by host_severity
* Bug 2923: Number fields should be valid when empty
* Bug 2919: Fix cached loading of module config
* Bug 2911: Acknowledgements are not working without an expiry time
* Bug 2878: process-check-result Button is visible even when user isn't allowed to use it
* Bug 2850: Link to acknowledgements is wrong in the timeline
* Bug 2841: Wrong menu height when switching back from mobile layout
* Bug 2806: Wrong service state count in hostgroup overview
* Bug 2805: Response from the Icinga 2 API w/ an empty result set leads to exception
* Bug 2801: Wrong help text for the director in the icingacli
* Bug 2784: Module and gravatar images are not served with their proper MIME type
* Bug 2776: Defaults not respected when acknowledging problems
* Bug 2767: Monitoring module: Config field protected vars not updated after zeroing config.ini
* Bug 2728: Gracefully handle invalid Icinga 2 API response types
* Bug 2718: Hide check attempt for hard states in history views
* Bug 2716: Web 2 doesn't detect the browser time zone if the time zone offset is negative
* Bug 2714: icingacli module disable fails on consecutive calls
* Bug 2695: Macros cannot be used for a navigation item's url-port
* Bug 2684: [dev.icinga.com #14027] Translation module should not write absolute path to .po files
* Bug 2683: [dev.icinga.com #14025] Translation module should remove temp files
* Bug 2661: [dev.icinga.com #13651] Don't offer the Icinga 2 API as transport if PHP cURL is missing
* Bug 2660: [dev.icinga.com #13649] Make the Icinga 2 API the default command transport
* Bug 2656: [dev.icinga.com #13627] Wrong count of handled critical service in the hover text
* Bug 2645: [dev.icinga.com #13539] Improve error handling and validation of multiple LDAP URIs
* Bug 2598: [dev.icinga.com #12977] Adding an empty user backend fails
* Bug 2545: [dev.icinga.com #12640] MSSQL ressource not working
* Bug 2523: [dev.icinga.com #12410] Click on Host in Service Grid can cause "Invalid Filter" error
* Bug 2519: [dev.icinga.com #12330] Filter editor may show wrong values after searching
* Bug 2509: [dev.icinga.com #12295] group_name_attribute should be "sAMAccountName" by default

### What's New in Version 2.4.1

Our public repositories and issue tracker have been migrated to GitHub.

#### Bugfixes

* Bug 2651: [dev.icinga.com #13607] Displayed times messed up in Icinga Web 2.4.0 w/ PostgreSQL
* Bug 2654: [dev.icinga.com #13615] Setup wizard: Not possible to setup Icinga Web 2 with an external database
* Bug 2663: [dev.icinga.com #13691] Hook::all() is broken on CLI
* Bug 2669: [dev.icinga.com #13735] Setup wizard: Progress bar isn't shown correctly, if setup is at finish step
* Bug 2681: [dev.icinga.com #13957] Support failover API command transport configuration
* Bug 2686: Granular module permissions do not work for hooks
* Bug 2687: Update URLs to icinga.com, remove wiki & update to GitHub

### What's New in Version 2.4.0

#### Feature

* Feature 12598 (Authentication & Authorization): Support nested AD groups for Roles and not just login
* Feature 11809 (Authentication & Authorization): Test and document multiple LDAP-URIs separated by space in LDAP ressources
* Feature 10616 (Authentication & Authorization): Users w/o administrative permissions should be allowed to change their password
* Feature 13381 (CLI): Allow to configure the default listen address for the CLI command web serve
* Feature 11820 (Configuration): Check whether chosen locale is available
* Feature 11214 (Configuration): Logger: Allow to configure the Syslog Facility
* Feature 13117 (Framework): Add charset UTF-8 to default content type
* Feature 12634 (Framework): Possibitlity to fold and unfold filter by click
* Feature 11198 (Framework): Announce banner
* Feature 11115 (Framework): Add SSL support to MySQL database resources
* Feature 8270 (Installation): Add SELinux policy for Icinga Web 2
* Feature 13187 (Monitoring): Command toolbar in the host and service detail views
* Feature 12873 (Monitoring): Change default for sticky option of acknowledgements from true to false
* Feature 12820 (Monitoring): Export detail views to JSON
* Feature 12766 (Monitoring): Show flapping events in the host and service history views
* Feature 12764 (Monitoring): Display downtime end even if it hasn't been started yet
* Feature 12125 (Monitoring): Allow th in plugin output
* Feature 11952 (Monitoring): Allow changing default of 'sticky' in acknowledgement and other command options
* Feature 11398 (Monitoring): Send commands over Icinga 2's API
* Feature 11835 (UI): Add clear button to search field
* Feature 11792 (UI): Show hint if notifications are disabled globally
* Feature 11664 (UI): Show git HEAD for modules if available
* Feature 13461 (Vendor Libraries): Use Icinga's fork of Zend Framework 1 icingaweb2-vendor-zf1

#### Bugfixes

* Bug 12396 (Authentication & Authorization): Hooks don't respect module permissions
* Bug 12164 (Authentication & Authorization): REDIRECT_REMOTE_USER not evaluated during external auth
* Bug 12108 (Authentication & Authorization): assertPermission allows everything for unauthenticated requests
* Bug 13357 (Configuration): Persistent database resources cannot be made non-persistent
* Bug 12848 (Configuration): Empty "Protected Custom Variables" falls back to defaults
* Bug 12655 (Configuration): Permission application/log is not configurable
* Bug 12170 (Configuration): Adding a DB resource via webinterface requires one to enter a password
* Bug 10401 (Configuration): LdapUserGroupBackendForm: user_* settings not purged
* Bug 9804 (Configuration): Renaming the resource used for the config backend does not update the global configuration
* Bug 11920 (Dashboard): Add to dashboard: wrong url makes whole dashboard unusable
* Bug 13387 (Documentation): Can't display documentation of disabled modules
* Bug 12923 (Framework): Navigation Item name must be of type string or NavigationItem
* Bug 12852 (Framework): Hosts without any services are hidden from roles with monitoring/filter/objects set
* Bug 12760 (Framework): Do not log exceptions other than those resulting in a HTTP 500 status-code
* Bug 12583 (Framework): Unhandled exceptions while handling REST requests will silently drop the http response code
* Bug 12580 (Framework): REST requests cannot be anonymous
* Bug 12557 (Framework): Module description cannot be on a single line
* Bug 12299 (Framework): FilterExpression renders a&!b as a=1&b!=1
* Bug 12161 (Framework): Icinga Web 2 doesn't set Content-Type
* Bug 12065 (Framework): IniRepository: update/delete not possible with iterator
* Bug 11743 (Framework): INI writer must not persist section keys with a null value
* Bug 11185 (Framework): SummaryNavigationItemRenderer should show worst state
* Bug 10361 (Framework): Handle E_RECOVERABLE_ERROR
* Bug 13459 (Installation): Setup: Can't view monitoring config summary with Icinga 2 API as command transport
* Bug 13467 (JavaScript): renderLayout has  side-effects
* Bug 13115 (JavaScript): actiontable should not clear active row in case there is no newer one
* Bug 12541 (JavaScript): Menu not reloaded in case no search is available
* Bug 12328 (JavaScript): Separate vendor JavaScript libraries w/ semicolons and newlines on import
* Bug 10704 (JavaScript): JS: Always use the jQuery find method w/ node context when selecting elements
* Bug 10703 (JavaScript): JS: Don't use var self = this, but var _this = this
* Bug 11431 (Modules): Modules can't require permission on menu items
* Bug 10870 (Modules): Refuse erroneous module folder names when enabling the module
* Bug 13243 (Monitoring): Inconsistent host and service flags
* Bug 12889 (Monitoring): Timeline broken
* Bug 12810 (Monitoring): Scheduling a downtime for all services of a host does not work w/ the Icinga 2 API as command transport
* Bug 12313 (Monitoring): Multi-line strings within host.notes are being displayed as single line
* Bug 12223 (Monitoring): State not highlighted in plugin output if it contains HTML
* Bug 12019 (Monitoring): Contact view shows service filters with 'Downtime' even if not set
* Bug 11915 (Monitoring): Performance data: negative values not handled
* Bug 11859 (Monitoring): Can't separate between SOFT and HARD states in the history views
* Bug 11766 (Monitoring): Performance data: Fit label column to show as much text as possible
* Bug 11744 (Monitoring): Empty user groups are not displayed
* Bug 10774 (Monitoring): Scheduling downtimes for child hosts doesn't work w/ Icinga 2.x (waiting for Icinga 2)
* Bug 10537 (Monitoring): Filtering with not-equal on custom variable doesn't show hosts without this cv
* Bug 7755 (Monitoring): Remove autosubmit in eventgrid
* Bug 12133 (Navigation): Username and password not being passed in navigation item URLs
* Bug 12776 (Print & Export): dompdf fails when border-style is set to auto
* Bug 12723 (Print & Export): Allowed memory size exhausted when exporting the history view to CSV
* Bug 12660 (QA): Choosing the Icinga theme floods the log with error messages
* Bug 12774 (UI): Lot's of <span style="visibility:hidden; display:none;"></span> in Output
* Bug 12134 (UI): Copy and paste: Plugin output contains unicode zero-width space characters
* Bug 10691 (UI): Closing the detail area does not update the rows selected counter
* Bug 13095 (Vagrant VM): TicketSalt constant missing
* Bug 12717 (Vagrant VM): PluginContribDir constant removed during vagrant provisioning

### What's New in Version 2.3.4/2.3.3

#### Bugfixes

* Bug 11267: Links in plugin output don't behave as expected
* Bug 11348: Host aliases are not shown in detail area
* Bug 11728: First non whitespace character after comma stripped from plugin output
* Bug 11729: Sort by severity depends on state type
* Bug 11737: Zero width space characters destroy state highlighting in plugin output
* Bug 11796: Zero width space characters may destroy links in plugin output
* Bug 11831: module.info parsing fails in case it contains newlines that are not part of the module's description
* Bug 11850: "Add to menu" tab unnecessarily appears in command forms
* Bug 11871: Colors used in the timeline are not accessible
* Bug 11883: Delete action on comments and downtimes in list views not accessible because they lack context
* Bug 11885: Database: Asterisk filters ignored when combined w/ other filters
* Bug 11910: Web 2 lacks mobile meta tags
* Fix remote code execution via remote command transport

### What's New in Version 2.3.2

#### Feature

* Feature 11629: Simplified event-history date and time representation

#### Bugfixes

* Fix a privilege escalation issue in the monitoring module for authenticated users
* Bug 10486: Menu rendering fails when no monitoring backend was configured
* Bug 10847: Warn about illogical dates
* Bug 10848: Can't change items per page if filter is in modify state
* Bug 11392: Can't configure monitoring backend via the web interface when no monitoring backend was configured

### What's New in Version 2.3.1

#### Bugfixes

* Bug 11598: Invalid SQL queries for PostgreSQL

### What's New in Version 2.3.0

#### Features

* Feature 10887: lib: Provide User::getRoles()
* Feature 10965: Roles: Restrict visibility of custom variables
* Feature 11404: Add is_reachable filter column to host and service data views
* Feature 11485: lib/LDAP: Support scopes base and one
* Feature 11495: Support data URIs in href
* Feature 11529: Don't offer command disable notifications /w expire time if backend is Icinga 2

#### Bugfixes

* Bug 9386: Improve order of documentation chapters
* Bug 10820: Style problems with long plugin output lines
* Bug 11078: Can't remove default dashboards
* Bug 11099: Mobile menu icon is mispositioned
* Bug 11128: Menu stops refreshing when there is text in the search field
* Bug 11145: Pagination compontents should not float around
* Bug 11171: Icinga Web 2 tries to load an ifont which results in 404
* Bug 11245: icingacli monitoring list --problems throws an exception
* Bug 11264: Cannot execute queries while other unbuffered queries are active
* Bug 11277: external auth with PHP internal webserver still buggy
* Bug 11279: Restrict access to Applicationlog
* Bug 11299: Icon images no longer prepend img/icons
* Bug 11391: External auth reads REMOTE_USER from process environment instead of request
* Bug 11414: Doc module does not render images with relative path
* Bug 11465: Stylesheet remains unchanged when module CSS/LESS files have been changed
* Bug 11489: lib/LDAP: ordering does explicitly set fields
* Bug 11490: lib/LDAP: LdapUtils::explodeDN replace deprecated use of eval in preg_replace
* Bug 11516: Accessibility: Focus in Tactical Overview barely visible
* Bug 11558: Missing ) in the documentation
* Bug 11568: Docs: Global permissions table is broken

### What's New in Version 2.2.0

#### Features

* Feature 8487: Number headings in the documentation module
* Feature 8963: Feature commands in the multi select views
* Feature 10654: Render links in acknowledgements, comments and downtimes
* Feature 11062: Allow style classes in plugin output
* Feature 11238: Puppet/Vagrant: Install mod_ssl and forward port 443

#### Bugfixes

* Bug 7350: Tabs are missing if JS is disabled
* Bug 9800: Debian packaging: Ship translation module w/ the icingaweb2 package and install its config.ini
* Bug 10173: Failed commands give no useful error any more
* Bug 10251: Icinga Web 2 fails to run with PHP7
* Bug 10277: Special characters are incorrectly escaped for tooltips in the service grid
* Bug 10289: Doc module: Headers are cut off when clicking on TOC links
* Bug 10309: Move auth backend configuration to app config
* Bug 10310: Monitoring details: information/action ordering
* Bug 10362: Debian packaging: Separate package for CLI missing
* Bug 10366: Text plugin output treated as HTML in too many occasions
* Bug 10369: Accessibility: Focus not visible and lost after refresh
* Bug 10397: Users with no permissions can check multiple services
* Bug 10442: Edit user control should be more prominent
* Bug 10469: "Remove Acknowledgement" text missing in multi-select views
* Bug 10506: HTTP basic auth request is sent when using Kerberos authentication with Apache2 and mod_php
* Bug 10625: Return local date and time when lost connection to the web server
* Bug 10640: Respect protected_variables in nested custom variables too
* Bug 10778: Filters in the host group and service group overview not applied to state links
* Bug 10786: Whitespace characters are ignored in the plugin output in list views
* Bug 10805: Setup Wizard: Obsolete PHP sockets requirement
* Bug 10856: Benchmark is not rendered on many pages
* Bug 10871: Get rid of padding in controls
* Bug 10878: Dashboards different depending on username casing
* Bug 10881: Move iframe from modules to framework
* Bug 10917: Event grid tiles: The filter column "from" is not allowed here
* Bug 10918: Error on logout when using external authentication
* Bug 10921: icingacli monitoring list --format=csv throws error
* Bug 11000: Change license header to only reflect a file's year of creation/initial commit
* Bug 11008: Wobbling spinners
* Bug 11021: Global default theme is not applied while not authenticated
* Bug 11032: Fix icon_image size and provide a CSS class for theming
* Bug 11039: Misleading tooltip in Tactical Overview
* Bug 11051: Preferences and navigation items stored in INI files rely on case sensitive usernames
* Bug 11073: Active row is flickering on refresh
* Bug 11091: Custom navigation items: URL is not escaped/encoded
* Bug 11100: Comments are always persistent
* Bug 11114: Validate that a proper root DN is set for LDAP resources
* Bug 11117: Vendor: Update dompdf to version 0.6.2
* Bug 11119: icingacli shows ugly exception when unable to access the config directory
* Bug 11120: icingacli: command and action shortcuts have been broken
* Bug 11126: Invalid cookie value in cookie icingaweb2-tzo
* Bug 11142: LDAP User Groups backend group_filter
* Bug 11143: Layout: Tabs should be left-aligned
* Bug 11151: Having basic authentication on the webserver but not in Icinga Web 2 causes Web 2 to require basic auth
* Bug 11168: Debian packaging: Don't patch HTMLPurifier loading and install HTMLPurifier*.php files from the library/vendor root
* Bug 11187: Session cookie: Path too broad and unset secure flag on HTTPS
* Bug 11197: Menu items without url should ignore the target configuration
* Bug 11260: Scheduling downtimes through the API not working

### What's New in Version 2.1.1

#### Features

* Feature 10488: Use _ENV variables with built-in PHP webserver
* Feature 10705: Theming
* Feature 10898: Winter theme

#### Bugfixes

* Bug 9685: Deprecate Module::registerHook() in favor of Hook::provideHook()
* Bug 9957: Sort hosts and services by last state change
* Bug 10123: CSS loading may fail w/ mkdir(): File exists in FileCache.php
* Bug 10126: setup config directory --config should use mkdir -p instead of mkdir()
* Bug 10166: library/vendor/HTMLPurifier tree is incorrectly unpacked
* Bug 10170: Link to service downtimes from multiple selected services includes host downtimes aswell
* Bug 10338: Debian: Failed to open stream HTMLPurifier/HTMLPurifier.php
* Bug 10603: Line breaks are not respected in acknowledgements, comments and downtimes
* Bug 10658: SUSE packages have the wrong dependencies
* Bug 10659: LDAP group members are shown with their DN and membership registration does not work
* Bug 10670: State not highlighted in plugin output
* Bug 10671: Auto-focus the username field on the login page
* Bug 10683: lib/CLI command web serve: rename variable basedir to something meaningful
* Bug 10702: Host- and Service-Actions configured in Web 2 do not resolve any macros
* Bug 10749: XHR application-state requests pollute the URL if not authenticated
* Bug 10771: Login shows "Anmelden........" upon login with the german locale
* Bug 10781: LoggingConfigForm.php complains about whitespace but checks with /^[^\W]+$/
* Bug 10790: "Problems - Service Grid" does not work with host names that contain only digits
* Bug 10884: Tabs MUST throw an exception when activating an inexistant tab
* Bug 10886: "impacted" container is no longer fading out
* Bug 10892: Wrong mask for FileCache's temp directory

### What's New in Version 2.1.0

#### Features

* Feature 10613: Extend and simplify Hook api

#### Bugfixes

* Bug 8713: Invalid filter "host_name=*(test)*", unexpected ) at pos 17
* Bug 8999: Navigation and search bar is not available using a small width
* Bug 10229: Dashboard requests do not refresh the session
* Bug 10268: Unhandled services in the hosts overview list don't stand out
* Bug 10287: Redirect after login no longer working
* Bug 10288: The order for the limit links is incorrect
* Bug 10292: Hovered links in hover menu are unreadable
* Bug 10293: Hover menu is missing it's arrow for menu entries providing badges
* Bug 10295: Reset static line-height on body
* Bug 10296: Scrolling to the bottom of the page does not load more events
* Bug 10299: Badges are overridden by menu text
* Bug 10301: Format helpers like timeSince are polluted with text-small
* Bug 10303: Zooming in, or having another layout destroys the hover menu
* Bug 10304: Cannot access a host's customvars for service actions
* Bug 10305: Hover menu arrow color no longer fits background color
* Bug 10316: Not all Servicegroups / Hostgroups are shown
* Bug 10317: Event history style broken
* Bug 10319: Recursive sharing navigation items doesn't work.
* Bug 10321: Module iframe doesn't show website with parameters as a single column
* Bug 10328: ZendFramework packages missing for SLES12
* Bug 10359: Charset option not passed thru PDO adapter
* Bug 10364: PostgreSQL queries apply LOWER() on selected columns
* Bug 10367: Broken user- and group-management
* Bug 10389: Host overview: vsprintf(): Too few arguments
* Bug 10402: LdapUserGroupBackend: user_base_dn not used from UserBackend
* Bug 10419: Swapped icon image order in service header
* Bug 10490: Unhandled service counter in the hosts overview shows incorrect values
* Bug 10533: Form notifications of type information are green
* Bug 10567: Member user name used for basedn when querying usergroup members
* Bug 10597: Empty PDO charset option is invalid
* Bug 10614: Class loader: hardcode module and Zend prefixes
* Bug 10623: Acknowledging multiple selected objects erroneous

### What's New in Version 2.0.0

#### Changes


Upgrading to Icinga Web 2 2.0.0

Icinga Web 2 installations from package on RHEL/CentOS 7 now depend on php-ZendFramework which is available through the EPEL repository. Before, Zend was installed as Icinga Web 2 vendor library through the package icingaweb2-vendor-zend. After upgrading, please make sure to remove the package icingaweb2-vendor-zend.

Icinga Web 2 version 2.0.0 requires permissions for accessing modules. Those permissions are automatically generated for each installed module in the format module/<moduleName>. Administrators have to grant the module permissions to users and/or user groups in the roles configuration for permitting access to specific modules. In addition, restrictions provided by modules are now configurable for each installed module too. Before, a module had to be enabled before having the possibility to configure restrictions.

The instances.ini configuration file provided by the monitoring module has been renamed to commandtransports.ini. The content and location of the file remains unchanged.

The location of a user's preferences has been changed from config-dir/preferences/username.ini to config-dir/preferences/username/config.ini. The content of the file remains unchanged.

#### Features

* Feature 5600: User specific menu entries
* Feature 5647: GUI for permission and restriction assignment
* Feature 5786: Namespace all web controllers
* Feature 6144: Provide additional dashboard panes per default
* Feature 6677: Allow to extend the content of a dashlet on the right
* Feature 7180: Show active cluster hostname in the monitoring health view
* Feature 7367: GUI for adding action and notes URLs
* Feature 7570: Document installation
* Feature 7773: Interpret links in custom variables
* Feature 8336: IDO: Double check that we always add the is_active = 1 condition in our queries
* Feature 8369: Show an indicator when automatic form submission is ongoing
* Feature 8378: Indicate when check results are being late
* Feature 8407: Document example commands for installing from source
* Feature 8642: Show acknowledgement expire time (if any) in the host and service detail view
* Feature 8645: Generic iFrame module
* Feature 8758: Add support for file uploads
* Feature 8848: Show activity indicator for dashlets
* Feature 8884: Move the menu entry for notifications beneath history
* Feature 8981: Combo backend for command transports (fallback mechanism)
* Feature 8985: Visually separate enabled and disabled modules in the modules view
* Feature 9029: Provide a complete list of available filter columns plus custom variables (where appropriate) in the filter editor
* Feature 9030: Service grid: Add limit control
* Feature 9247: Show Icinga Web 2's version in the frontend
* Feature 9364: Apply sort rules for ldap queries on the server's side
* Feature 9381: List installed modules, versions and state in the about page
* Feature 9453: Vagrant: Upgrade to CentOS 7
* Feature 9460: IDO resource configuration: Ensure that the user is running PostgreSQL 9.1+
* Feature 9524: Improve setup wizard
* Feature 9525: Configuration enhancements
* Feature 9591: IP Address Search
* Feature 9604: Add Inspection API for Connections
* Feature 9605: LDAP Connection add Test Function
* Feature 9630: Inspectable: Add inspectable API to LDAP connections
* Feature 9641: Add Inspection API for DB Connections
* Feature 9644: Permit access to modules
* Feature 9645: Support for address6
* Feature 9651: Automatically use the correct instance configuration based on a host's or service's instance
* Feature 9660: Basic access authentication
* Feature 9661: Query for limit+1 for "Show more results" candidates
* Feature 9683: Allow to create MSSQL and Oracle DB resources
* Feature 9702: Allow module developers to define additional static files
* Feature 9761: Store active menu item as HTML5 history state information
* Feature 9772: Allow to list groups from a LDAP backend
* Feature 9826: Allow to select text in the host and service detail area header via double click
* Feature 9830: Monitoring: Support the wildcard restriction for "administrative" roles
* Feature 9888: Display a host's and service's check timeperiod as well as notification timeperiod in the detail view
* Feature 9908: Use better icons for resources, backends and module state
* Feature 9942: Add a warning to the navigition if the last IDO update is older than 5 minutes
* Feature 9943: Offer instance_name as query column
* Feature 9945: Show instance_name in a host's and service's detail view
* Feature 10033: Provide "Counter"-View

#### Bugfixes

* Bug 6644: Default sort order is not applied
* Bug 7383: This webpage has a redirect loop without cookies
* Bug 7486: Instance Configuration: Instance must NOT be a GET parameter when creating an instance
* Bug 7488: Instance Configuration: Instance parameter must be mandatory for updating and removing instances
* Bug 7489: Instance Configuration: Custom validation errors must be shown in the form not as notification
* Bug 7490: Instance Configuration: HTTP response code flaws
* Bug 7818: Incorrect language & timezone detection w/ Safari
* Bug 7930: Hide external commands which are not supported by Icinga 2
* Bug 8312: Don't show last and next check information and schedule check controls for passive only checks
* Bug 8620: Searching in the downtimes list view throws an exception
* Bug 8623: Selected row lost after auto-refresh in every overview except for hosts and services
* Bug 8703: Do not show computer accounts for Active Directory
* Bug 8768: Range multiselection not working in IE11
* Bug 8845: Missing downtime end information in host and service detail views
* Bug 8954: Document and rename Ldap\Connection to Ldap\LdapConnection
* Bug 8955: Document and rename Ldap\Query to Ldap\LdapQuery
* Bug 8969: Tooltips hidden after auto refresh
* Bug 8975: Error messages disappear after auto refresh #2
* Bug 8983: Remove yellow boxes from forms and wherever else used
* Bug 9024: Form autosubmits cause autorefreshs to not run anymore
* Bug 9036: Plugin output HTML tags are always escaped
* Bug 9042: Browser address bar gets not updated when closing the detail area while a request for the url that has just been closed is pending
* Bug 9054: Multiselection not visible until a subsequent auto-refresh has been completed
* Bug 9168: Can't use Icinga Web 2 w/ IDO version 1.7
* Bug 9179: LDAP discovery relies on anonymous access and does not respect encryption
* Bug 9266: Downtimes show "Starts in" for objects with non-problem state
* Bug 9306: Installation Wizard complains about "required and must not be empty"-fields when the user changes the database type first
* Bug 9314: RPM packages do not require Zend PDO packages which results in missing 'php-pdo' exception
* Bug 9330: Uncaught TypeError: Cannot read property 'id' of undefined when deleting comments or downtimes via their respective overview
* Bug 9333: Sorting the service grid by service description fails w/ PostgreSQL
* Bug 9346: Potential active rows not deselected when navigating by browser history
* Bug 9347: Service names with round bracket fail w/ innvalid filter exception when selecting multiple services
* Bug 9348: LDAP filter input errors w/ "The filter must not be wrapped in parantheses"
* Bug 9349: Duplicate headers from Controller::postDispatch()
* Bug 9360: service matrix does not show all intersections
* Bug 9374: Non-existent modules can be disabled
* Bug 9375: Fatal error in icingacli (icingacli-2.0.0-3.beta3.el7.centos.noarch)
* Bug 9376: INI writer must not persist section keys with a null value
* Bug 9398: Rename menu "authentication" to "security"
* Bug 9402: A command form's view script cannot be found if benchmark is enabled
* Bug 9418: DB resources: Do not allow to configure table prefixes
* Bug 9421: Sort controls misbehavior
* Bug 9449: The use statement with non-compound name ... has no effect w/ PHP 5.6.9+
* Bug 9454: Ghost host- and servicegroups
* Bug 9472: Fetch object statistics only if they're actually displayed
* Bug 9473: Inconsistent counters for service problems
* Bug 9477: Command forms have no tabs
* Bug 9483: Icinga\Web\Widget\Paginator should not require a full query interface
* Bug 9484: Document that the web server has to be restarted after adding the web server user to the icingaweb2 system group
* Bug 9494: Refresh button loads invalid links for views with complex filters
* Bug 9497: Eventhistory: Quick search not working
* Bug 9498: Service overview: Cannot quick search for hosts
* Bug 9499: Hostgroup overview: Cannot quick search for hosts
* Bug 9500: Servicegroup overview: Cannot quick search for services
* Bug 9502: Comment overview: Cannot quick search
* Bug 9503: Comment overview shows duplicate entries when filtering for services
* Bug 9504: Contactgroup overview: Cannot quick search
* Bug 9505: Contact overview: Cannot quick search
* Bug 9506: Notification overview: Cannot quick search
* Bug 9509: Setup: Authentication backend validation broken
* Bug 9511: Setup: Cannot select an existing user as admin account when I've configured an authentication backend of type msldap
* Bug 9516: Improve request processing for all monitoring config forms
* Bug 9517: Behave nicely in case no monitoring instance resources are configured
* Bug 9519: Monitoring backend configuration does not validate IDO resources
* Bug 9529: RPM: Apache config ist not defined as configuration file
* Bug 9530: Creating a dashlet with "()" in dashboard title affects all dashboards
* Bug 9538: Use display_name for host and service names in the service grid
* Bug 9553: User- and Group-Management broken on PHP > 5.3
* Bug 9572: Cannot remove a user group from a MariaDB backend
* Bug 9573: Selecting multiple services not working while being restricted
* Bug 9574: Multiviews do not only display the chosen objects but everything, if a restriction is active
* Bug 9582: icon_image does not allow to use an icon from our ifont
* Bug 9597: Clicking on the row of a service notification will show the host
* Bug 9607: Ignoring LDAP connection certificate errors does not have any effect
* Bug 9608: LDAP connection must fail when the configured encryption is not possible
* Bug 9611: generictts integration fails if regular expression is empty
* Bug 9615: Hardcoded PHP and gettext tools path
* Bug 9616: Security config form shows no tabs
* Bug 9626: Tactical overview does not auto-refresh
* Bug 9633: Icinga\Cli\Command is unable to detect exact action names
* Bug 9646: If a CLI command fails, crucial exception information missing w/o --trace
* Bug 9668: Browser history issues
* Bug 9672: Invalid host passive check result state: unreachable
* Bug 9674: Don't show comment(s) of acknowledgement(s) in the comment list of a host or service but next to whether the host or service problem is acknowledged
* Bug 9687: @import rules not working in a module's module.less
* Bug 9688: Icinga Web 2 ignores Cache-Control:no-cache
* Bug 9692: Can't filter for custom variables
* Bug 9694: Lib: Weird interface for creating problem menu entries
* Bug 9695: IDO: Empty programstatus table not indicated as problem in the menu
* Bug 9696: Logged exceptions for custom menu item renderers are missing crucial exception information
* Bug 9719: Monitoring backend validation cannot be skipped
* Bug 9739: DbUserBackend inspection unsuccessful for backends with just a single user
* Bug 9751: Bad performance for quick searches
* Bug 9765: instances.ini: transport is undocumented
* Bug 9787: It's not possible to use Unix socket to connect to PostgreSQL
* Bug 9790: Do not suggest to enable modules if it's not possible
* Bug 9815: Multiview detail: controls have wrong link target
* Bug 9817: Documentation: Required parameter 'chapter' missing
* Bug 9819: JS Behaviors: Selection not updated when using multi detail controls
* Bug 9828: Wrong count for queries having a group by clause
* Bug 9837: Documentation: Don't suggest to install icingacli on Debian
* Bug 9844: url anchors not working if a column hash (#!) is also part of the url
* Bug 9869: A module's rendered event is not called upon initialization
* Bug 9892: Module styles not visible for anonymous users
* Bug 9901: Use the DN to fetch group memberships from LDAP
* Bug 9932: Url to extend the timeline is pushed to history
* Bug 9954: PostgreSQL queries use LOWER(...) for non-collated columns which have a collated counterpart
* Bug 9955: PostgreSQL queries ordered by collated columns don't use LOWER
* Bug 9956: Unnecessary GROUP BY clauses
* Bug 9959: Authentication documentation suggests outdated backend identifier "ad"
* Bug 9963: Service history is disordered and shows service and host history
* Bug 9965: format=json does not respect the filter objects
* Bug 9971: Seleting multiple objects at once doesn't work anymore
* Bug 9995: "Show More" links broken in the Alert Summary
* Bug 9998: Can't use custom variables as restriction filter
* Bug 10009: Prettify page layout when accessing a non-existent route while not being authenticated
* Bug 10016: config/* does not permit access to the application and authentication configuration
* Bug 10025: Filter, submitting form via keyboard doesn't work on chrome
* Bug 10031: Navigation by history is broken
* Bug 10046: Menu is somehow confusing top/sub-level entries
* Bug 10082: Adding an entry to a menu section influences it's position
* Bug 10150: IniParser should unescape escaped sections automatically
* Bug 10151: Do not validate section names in forms
* Bug 10155: Multiselection disapperears when issuing commands
* Bug 10160: Notifications/Alert Summary: Grouping errors w/ PostgreSQL
* Bug 10163: Search for hostname does not work in snapshot release
* Bug 10169: Multiselect URLs broken where base url != /icingaweb2
* Bug 10172: Customvar filters are mostly broken, completely for Icinga 1.x
* Bug 10218: Notes URL isn't showing properly
* Bug 10236: notes_url and action_url target is always icinga.domain.de
* Bug 10246: Use a separate configuration file for each type of navigation item
* Bug 10263: Forms with target=_next remain unusable after first submission

### What's New in Version 2.0.0-rc1

#### Changes

* Improve layout and look and feel in many ways
* Apply host, service and custom variable restrictions to all monitoring objects
* Add fullscreen mode (?showFullscreen)
* User and group management
* Comment and Downtime Detail View
* Show icon_image in host/service views
* Show Icinga program version in monitoring health

#### Features

* Feature 4139: Notify monitoring backend availability problems
* Feature 4498: Allow to add columns to monitoring views via URL
* Feature 6392: Resolve Icinga 2 runtime macros in action and notes URLs
* Feature 6729: Fullscreen mode
* Feature 7343: Fetch user groups from LDAP
* Feature 7595: Remote connection resource configuration
* Feature 7614: Right-align icons
* Feature 7651: Add module information (module.info) to all core modules
* Feature 8054: Host Groups should list number of hosts (as well as services)
* Feature 8235: Show host and service notes in the host and service detail view
* Feature 8247: Move notifications to the bottom of the page
* Feature 8281: Improve layout of comments and downtimes in the host and service detail views
* Feature 8310: Improve layout of performance data and check statistics in the host and service detail views
* Feature 8565: Improve look and feel of the monitoring multi-select views
* Feature 8613: IDO queries related to concrete objects should not depend on collations
* Feature 8665: Show icon_image in the host and service detail views
* Feature 8781: Automatically deselect rows when closing the detail area
* Feature 8826: User and group management
* Feature 8849: Show only three (or four) significant digits (e.g. in check execution time)
* Feature 8877: Allow module developers to implement new/custom authentication methods
* Feature 8886: Require mandatory parameters in controller actions and CLI commands
* Feature 8902: Downtime detail view
* Feature 8903: Comment detail view
* Feature 9009: Apply host and service restrictions to related views as well
* Feature 9203: Wizard: Validate that a resource is actually an IDO instance
* Feature 9207: Show icinga program version in Monitoring Health
* Feature 9223: Show the active ido endpoint in the monitoring health view
* Feature 9284: Create a ServiceActionsHook
* Feature 9300: Support icon_image_alt
* Feature 9361: Refine UI for RC1
* Feature 9377: Permission and restriction documentation
* Feature 9379: Provide an about.md

#### Bugfixes

* Bug 6281: ShowController's hostAction() and serviceAction() do not respond with 400 for invalid/missing parameters and with 404 if the host or service wasn't found
* Bug 6778: Duration and history time formatting isn't correct
* Bug 6952: Unauthenticated users are provided helpful error messages
* Bug 7151: Play nice with form-button-double-clickers
* Bug 7165: Invalid host address leads to exception w/ PostgreSQL
* Bug 7447: Commands sent over SSH are missing the -i option when using a ssh user aside from the webserver's user
* Bug 7491: Switching from MySQL to PostgreSQL and vice versa doesn't change the port in the resource configuration
* Bug 7642: Monitoring menu renderers should be moved to the monitoring module
* Bug 7658: MenuItemRenderer is not so easy to extend
* Bug 7876: Not all views can be added to the dashboard w/o breaking the layout
* Bug 7931: Can't acknowledge multiple selected services which are in downtime
* Bug 7997: Service-Detail-View tabs are changing their context when clicking the Host-Tab
* Bug 7998: Navigating to the Services-Tab in the Service-Detail-View displays only the selected service
* Bug 8006: Beautify command transport error exceptions
* Bug 8205: List views should not show more than the five worst pies
* Bug 8241: Take display_name into account when searching for host and service names
* Bug 8334: Perfdata details partially hidden depending on the resolution
* Bug 8339: Lib: SimpleQuery::paginate() must not fetch page and limit from request but use them from parameters
* Bug 8343: Status summary does not respect restrictions
* Bug 8363: Updating dashlets corrupts their URLs
* Bug 8453: The filter column "_dev" is not allowed here
* Bug 8472: Missing support for command line arguments in the format --arg=<value>
* Bug 8474: Improve layout of dictionaries in the host and service detail views
* Bug 8624: Delete multiple downtimes and comments at once
* Bug 8696: Can't search for Icinga 2 custom variables
* Bug 8705: Show all shell commands required to get ready in the setup wizard
* Bug 8706: INI files should end with a newline character and should not contain superfluous newlines
* Bug 8707: Wizard: setup seems to fail with just one DB user
* Bug 8711: JS is logging "ugly" side exceptions
* Bug 8731: Apply host restrictions to service views
* Bug 8744: Performance data metrics with value 0 are not displayed
* Bug 8747: Icinga 2 boolean variables not shown in the host and service detail views
* Bug 8777: Server error: Service not found exception when service name begins or ends with whitespaces
* Bug 8815: Only the first external command is sent over SSH when submitting commands for multiple selected hosts or services
* Bug 8847: Missing indication that nothing was found in the docs when searching
* Bug 8860: Host group view calculates states from service states; but states should be calculated from host states instead
* Bug 8927: Tactical overview does not respect restrictions
* Bug 8928: Host and service groups views do not respect restrictions
* Bug 8929: Setup wizard does not validate whether the PostgreSQL user for creating the database owns the CREATE ROLE system privilege
* Bug 8930: Error message about refused connection to the PostgreSQL database server displayed twice in the setup wizard
* Bug 8934: Status text for ok/up becomes white when hovered
* Bug 8941: Long plugin output makes the whole container horizontally scrollable instead of just the row containing the long plugin output
* Bug 8950: Improve English for "The last one occured %s ago"
* Bug 8953: LDAP encryption settings have no effect
* Bug 8956: Can't login when creating the database connection for the preferences store fails
* Bug 8957: Fall back on syslog if the logger's type directive is misconfigured
* Bug 8958: Switching LDAP encryption to LDAPS doesn't change the port in the resource configuration
* Bug 8960: Remove exclamation mark from the notification "Authentication order updated!"
* Bug 8966: Show custom variables visually separated in the host and service detail views
* Bug 8967: Remove right petrol border from plugin output in the host and service detail views
* Bug 8972: Can't view Icinga Web 2's log file
* Bug 8994: Uncaught exception on empty session.save_path()
* Bug 9000: Only the first line of a stack trace is shown in the applications log view
* Bug 9007: Misspelled host and service names in commands are not accepted by icinga
* Bug 9008: Notification overview does not respect restrictions
* Bug 9022: Browser title does not change in case of an error
* Bug 9023: Toggling feature...
* Bug 9025: A tooltip of the service grid's x-axe makes it difficult to click the title of the currently hovered column
* Bug 9026: Add To Dashboard ... on the dashboard
* Bug 9046: Detail View: Downtimes description misses space between duration and comment text
* Bug 9056: Filter for host/servicegroup search doesn't work anymore
* Bug 9057: contact_notify_host_timeperiod
* Bug 9059: Can't initiate an ascending sort by host or service severity
* Bug 9198: monitoring/command/feature/object does not grant the correct permissions
* Bug 9202: The config\* permission does not permit to navigate to the configuration
* Bug 9211: Empty filters are being rendered to SQL which leads to syntax errors
* Bug 9214: Detect multitple icinga_instances entries and warn the user
* Bug 9220: Centralize submission and apply handling of sort rules
* Bug 9224: Allow anonymous LDAP binding
* Bug 9281: Problem with Icingaweb 2 after PHP Upgrade 5.6.8 -> 5.6.9
* Bug 9317: Web 2's ListController inherits from the monitoring module's base controller
* Bug 9319: Downtimes overview does not respect restrictions
* Bug 9350: Menu disappears in user group management view
* Bug 9351: Timeline links are broken
* Bug 9352: User list should be sorted
* Bug 9353: Searching for users fails, at least with LDAP backend
* Bug 9355: msldap seems not to be a first-class citizen
* Bug 9378: Rpm calls usermod w/ invalid option on openSUSE
* Bug 9384: Timeline+Role problem
* Bug 9392: Command links seem to be broken