Release version 2.9.6

Icinga · Mar 8, 2022 · e702d93 · e702d93
2 parents 6e989d0 + 7e2d57a
commit e702d93
Show file tree

Hide file tree

Showing 9 changed files with 22 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,20 @@ Please make sure to always read our [Upgrading](doc/80-Upgrading.md) documentati
 
 ## What's New
 
+### What's New in Version 2.9.6
+
+**Notice**: This is a security release. It is recommended to upgrade immediately.
+
+#### Security Fixes
+
+This release includes three security related fixes. The first is a path traversal issue that affects installations
+of v2.9.0 and above. Another one allows admins to run arbitrary PHP code just by accessing the UI. The last one may
+disclose unwanted details to restricted users. Please check the advisories on GitHub for more details.
+
+* Path traversal in static library file requests for unauthenticated users [GHSA-5p3f-rh28-8frw](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw)
+* SSH resources allow arbitrary code execution for authenticated users [GHSA-v9mv-h52f-7g63](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63)
+* Unwanted disclosure of hosts and related data, linked to decommissioned services [GHSA-qcmg-vr56-x9wf](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf)
+
 ### What's New in Version 2.9.5
 
 This is a hotfix release which fixes the following issues:

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-v2.9.5
+v2.9.6
diff --git a/library/Icinga/Application/Version.php b/library/Icinga/Application/Version.php
@@ -8,7 +8,7 @@
  */
 class Version
 {
-    const VERSION = '2.9.5';
+    const VERSION = '2.9.6';
 
     /**
      * Get the version of this instance of Icinga Web 2

diff --git a/modules/doc/module.info b/modules/doc/module.info
@@ -1,4 +1,4 @@
 Module: doc
-Version: 2.9.5
+Version: 2.9.6
 Description: Documentation module
  Extracts, shows and exports documentation for Icinga Web 2 and its modules.
diff --git a/modules/migrate/module.info b/modules/migrate/module.info
@@ -1,5 +1,5 @@
 Module: migrate
-Version: 2.9.5
+Version: 2.9.6
 Description: Migrate module
  This module was introduced with the domain-aware authentication feature in version 2.5.0.
  It helps you migrating users and user configurations according to a given domain.
diff --git a/modules/monitoring/module.info b/modules/monitoring/module.info
@@ -1,5 +1,5 @@
 Module: monitoring
-Version: 2.9.5
+Version: 2.9.6
 Description: Icinga monitoring module
  IDO accessor and UI for your monitoring. This is the initial instalment for a
  graphical presentation of Icinga environments. The predecessor of Icinga DB.
diff --git a/modules/setup/module.info b/modules/setup/module.info
@@ -1,5 +1,5 @@
 Module: setup
-Version: 2.9.5
+Version: 2.9.6
 Description: Setup module
  Web based wizard for setting up Icinga Web 2 and its modules.
  This includes the data backends (e.g. relational database, LDAP),

diff --git a/modules/test/module.info b/modules/test/module.info
@@ -1,5 +1,5 @@
 Module: test
-Version: 2.9.5
+Version: 2.9.6
 Description: Translation module
  This module allows developers to run (unit) tests against Icinga Web 2 and
  any of its modules. Usually you do not need to enable this.
diff --git a/modules/translation/module.info b/modules/translation/module.info
@@ -1,5 +1,5 @@
 Module: translation
-Version: 2.9.5
+Version: 2.9.6
 Description: Translation module
  This module allows developers and translators to translate modules for multiple
  languages. You do not need this module to run an internationalized web frontend.