Reminder: Nagios XI 5.4.0 Release is a must-upgrade

Reminder: Nagios XI 5.4.0 Release is a must-upgrade

 Nagios XI 5.4.0 Release, released in January 2017 addresses security and vulnerabilities. For those of you using Nagios, it is strongly recommended that you check that this release has been installed, and if not you install it now.

According to Nagios web site, this release of Nagios XI includes the latest versions of Nagios Core and ndo2db and it fixes three root privilege escalation vulnerabilities. If not upgraded these vulnerabilities could leave the Nagios XI server vulnerable to attack.

Additionally, several cross-site scripting vulnerabilities were fixed along with about a dozen non-security related bug fixes.

Finally, enhancements were made in the included version of Nagios Core and ndo2db that significantly improve memory utilization along with increasing performance, specifically on installations monitoring a large number of hosts and services.

 


Below is the full change list:
5.4.0
==================
– Upgraded Nagios Core to version 4.2.4
– Upgraded NDOUtils to version 2.1.2
– Upgraded NRDP to version 1.4.0
– Added combined CSV export option for availability report
– Added support for offloaded databases in the repair_databases.sh script
– Fixed email not being updated for XI Contact when XI User is updated
– Fixed security type not being respected properly by LDAP/AD Integration component
– Fixed issue where system status popup would show white text for non-admins who can view it
– Fixed issue with French translations in LDAP/AD import/manage servers pages
– Fixed various XSS vulnerabilities (BPI url, Scheduled Backups url)
– Fixed issue spaces in mibs cause snmptt to fail (manage mibs page now replaces spaces with _ on upload)
– Fixed text on views popups to not have unprocessed html output in them Core Config Manager (CCM) – 2.6.4 ———————————
– Fixed issue with ID and page number not being an int – Fixed various XSS vulnerabilities (search bar and others)
– Fixed issue with returnUrl set to non-CCM url – Fixed issue with importing contacts/contact groups not importing all contact options – Fixed exclamation points being unable to be used in command arguments in CCM

2017-02-12T11:45:11+00:00 Feb 14th, 2017|Categories: Breaking News|Tags: |Comments Off on Reminder: Nagios XI 5.4.0 Release is a must-upgrade

About the Author:

Christos Rizos is a Network, Systems and Applications Management expert with 20+ years experience in the technology domain, providing consulting services to Vendors and Operators around the world.