From bc7b8cba45ab6329531940b7a372822ce0ea16ad Mon Sep 17 00:00:00 2001 From: Johannes Meyer Date: Fri, 4 Mar 2022 16:45:03 +0100 Subject: [PATCH 1/2] Update CHANGELOG --- CHANGELOG.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 816fe60cf3..2f57f375f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,20 @@ Please make sure to always read our [Upgrading](doc/80-Upgrading.md) documentati ## What's New +### What's New in Version 2.9.6 + +**Notice**: This is a security release. It is recommended to upgrade immediately. + +#### Security Fixes + +This release includes three security related fixes. The first is a path traversal issue that affects installations +of v2.9.0 and above. Another one allows admins to run arbitrary PHP code just by accessing the UI. The last one may +disclose unwanted details to restricted users. Please check the advisories on GitHub for more details. + +* Path traversal in static library file requests for unauthenticated users [GHSA-5p3f-rh28-8frw](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw) +* SSH resources allow arbitrary code execution for authenticated users [GHSA-v9mv-h52f-7g63](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63) +* Unwanted disclosure of hosts and related data, linked to decommissioned services [GHSA-qcmg-vr56-x9wf](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf) + ### What's New in Version 2.9.5 This is a hotfix release which fixes the following issues: From 7e2d57a97010cab00f250f5be1961016d9910486 Mon Sep 17 00:00:00 2001 From: Johannes Meyer Date: Fri, 4 Mar 2022 16:45:36 +0100 Subject: [PATCH 2/2] Release version 2.9.6 --- VERSION | 2 +- library/Icinga/Application/Version.php | 2 +- modules/doc/module.info | 2 +- modules/migrate/module.info | 2 +- modules/monitoring/module.info | 2 +- modules/setup/module.info | 2 +- modules/test/module.info | 2 +- modules/translation/module.info | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/VERSION b/VERSION index a4d862ddba..1fa6ccd53d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v2.9.5 +v2.9.6 diff --git a/library/Icinga/Application/Version.php b/library/Icinga/Application/Version.php index 0044cd7d74..d9315c3823 100644 --- a/library/Icinga/Application/Version.php +++ b/library/Icinga/Application/Version.php @@ -8,7 +8,7 @@ */ class Version { - const VERSION = '2.9.5'; + const VERSION = '2.9.6'; /** * Get the version of this instance of Icinga Web 2 diff --git a/modules/doc/module.info b/modules/doc/module.info index c1bc6ff3ce..ca2002317f 100644 --- a/modules/doc/module.info +++ b/modules/doc/module.info @@ -1,4 +1,4 @@ Module: doc -Version: 2.9.5 +Version: 2.9.6 Description: Documentation module Extracts, shows and exports documentation for Icinga Web 2 and its modules. diff --git a/modules/migrate/module.info b/modules/migrate/module.info index b31614f4e3..3541a2d2fa 100644 --- a/modules/migrate/module.info +++ b/modules/migrate/module.info @@ -1,5 +1,5 @@ Module: migrate -Version: 2.9.5 +Version: 2.9.6 Description: Migrate module This module was introduced with the domain-aware authentication feature in version 2.5.0. It helps you migrating users and user configurations according to a given domain. diff --git a/modules/monitoring/module.info b/modules/monitoring/module.info index fb2d713657..611db44bcf 100644 --- a/modules/monitoring/module.info +++ b/modules/monitoring/module.info @@ -1,5 +1,5 @@ Module: monitoring -Version: 2.9.5 +Version: 2.9.6 Description: Icinga monitoring module IDO accessor and UI for your monitoring. This is the initial instalment for a graphical presentation of Icinga environments. The predecessor of Icinga DB. diff --git a/modules/setup/module.info b/modules/setup/module.info index 80822ddc0e..0cecb895d7 100644 --- a/modules/setup/module.info +++ b/modules/setup/module.info @@ -1,5 +1,5 @@ Module: setup -Version: 2.9.5 +Version: 2.9.6 Description: Setup module Web based wizard for setting up Icinga Web 2 and its modules. This includes the data backends (e.g. relational database, LDAP), diff --git a/modules/test/module.info b/modules/test/module.info index 2ee0639dd2..8bbe57b379 100644 --- a/modules/test/module.info +++ b/modules/test/module.info @@ -1,5 +1,5 @@ Module: test -Version: 2.9.5 +Version: 2.9.6 Description: Translation module This module allows developers to run (unit) tests against Icinga Web 2 and any of its modules. Usually you do not need to enable this. diff --git a/modules/translation/module.info b/modules/translation/module.info index 9fbfbcc39a..77518a4e4e 100644 --- a/modules/translation/module.info +++ b/modules/translation/module.info @@ -1,5 +1,5 @@ Module: translation -Version: 2.9.5 +Version: 2.9.6 Description: Translation module This module allows developers and translators to translate modules for multiple languages. You do not need this module to run an internationalized web frontend.