Aller au contenu principal
Version: 20.10

Centreon Core

Introduction‚Äč

Vous trouverez dans ce chapitre tout ce qui concerne Centreon Core.

Il est important de mettre à jour en utilisant la documentation adéquate de mise à jour et de lire attentivement les notes de mise à jour afin d'être au courant des changements qui pourraient impacter votre usage ou votre plateforme ou des développements spécifiques que vous auriez fait.

Pour faire des demandes d'évolutions ou reporter des bugs sur les extensions commerciales, vous pouvez vous rendre sur notre Github.

Centreon Web‚Äč

20.10.18‚Äč

Release date: June 16, 2022

Bug fixes‚Äč

  • [Configuration] Fixed checkbox selection after enabling/disabling a contact via icons
  • [UX] Improved interface response time if CEIP is enabled but the browser does not have internet access

Security Fixes‚Äč

  • [Apache] Fixed cookies with missing or contradictory properties
  • [Apache] Improved Apache configuration to enable HSTS
  • [Core] Passwords are now obfuscated in the page's HTML source
  • [Security] Fixed SQLi in virtual metrics
  • [Security] Sanitized and bound "User" class queries

20.10.17‚Äč

Release date: April 15, 2022

Bug fixes‚Äč

  • [Core] Proxy settings were saved with empty parameters
  • [MBI] MBI graphs reports were not using graph templates
  • [Resources Status] Fixed monitoring command not displayed in Resources Status Details panel

20.10.16‚Äč

Release date: April 1, 2022

Enhancements‚Äč

  • [Authentication] Autologin Validation reinforcement
  • [UX] Add TheWatch URL to Centreon footer

Bug fixes‚Äč

  • [Authentication] Improve LDAP authentication and authorization
  • [Core] Fixed SQL request syntax error for cron with MySQL 8
  • [Install] Fixed SQL errors in upgrade process from Centreon version < 2.8.5
  • [Resources Status] Fixed the display of old downtimes in the Details tab

Security Fixes‚Äč

  • [Administration] SQL injection on Knowledge Base configuration form
  • [Administration] SQL injections on ACL group listing
  • [Administration] SQL injections on LDAP listing
  • [Configuration] Command path traversal resulting in RCE on command edition form
  • [Configuration] SQL injection on export configuration
  • [Configuration] SQL injections on SNMP traps edition form
  • [Configuration] SQL injection in Resources form
  • [Core] Disabling allow_url_fopen in PHP
  • [Core] RCE in legacy PHP's class autoload
  • [Dashboard] XSS in reporting dashboard
  • [Monitoring] SQL injection on performance curve edition form
  • [Resources Status] XSS reflected from plugin's metric output

20.10.15‚Äč

Release date: December 23, 2021

Bug fixes‚Äč

  • [API] Fixed the value of acknowledgement's stickiness set by the API. A value of 1 was set instead of 2. Based on PR #10028.
  • [Authentication] Fixed LDAP OU quote connection breaking
  • [CLAPI] Fixed an issue preventing ACLs from applying on services created with CLAPI
  • [Configuration] Fixed an issue that caused the Anomaly Detection services to lose their graphs when they were renamed
  • [Configuration] Fixed an issue that prevented users from removing the SNMP community (and other fields) from the host form
  • [Configuration] Fixed unwanted writes into unexisting file when exporting Traps config at the same time as a trap arrives. Based on PR #9973. Fixes issue #4236
  • [Install] Fixed installation with MySQL 5.7 on step 7 of installation wizard

20.10.14‚Äč

Release date: November 29, 2021

Bug fixes‚Äč

  • [Authentication] Fixed PHP error when debug is enabled with OIDC authentication
  • [CLAPI] Fixed LDAP configuration ID for export and import
  • [Configuration] Fixed Centreon Broker configuration that could be empty or deleted
  • [Core] Remove PHP warning in logs
  • [Resources Status] Fixed access to action URLs
  • [Resources Status] Fixed access to actions buttons
  • [UX] Non admin user do not have the same submenu subsections

20.10.13‚Äč

Release date: November 15, 2021

Enhancements‚Äč

  • [CEIP] Product Adoption component integration
  • [Core] Add Feature Flipping for Resources Status vs Legacy Pages
  • [Core] Compatibility PHP 7.4

Bug fixes‚Äč

  • [Authentication] Fixed user information retrieval method for OpenId
  • [CLAPI] Fixed recurrent downtimes exported with CLAPI that could not be imported with CLAPI
  • [Configuration] Avoid blocking configuration generation when users don't have notifications enabled
  • [Configuration] Fixed reset untouched values using massive changes on hosts
  • [Configuration] Fixed empty string parameter for LUA output in Broker configuration
  • [Custom Views] Fixed sharing of views with LDAP groups
  • [Discovery] Fixed an issue causing error messages when filling credentials in a Host Discovery job
  • [Downtime] Fixed display of planned downtimes when one downtime is started
  • [Downtime] Fixed the adding of a downtime on a resource from the French GUI
  • [Knowledge Base] Get correct link from template. Based on PR #10066
  • [UX] Fixed menus by no longer displaying orphaned items

Security fixes‚Äč

  • CSRF - delete any command
  • CSRF - delete any poller
  • CSRF - delete any host
  • CSRF - delete any SNMP trap
  • CSRF - delete any service
  • CSRF - delete any contactGroup
  • CSRF vulnerability allowing to delete any user
  • CSRF vulnerability allowing to delete many kinds of objects

20.10.12‚Äč

October 5, 2021

Security fixes‚Äč

  • Fixed session on account deletion

20.10.11‚Äč

14 septembre 2021

Correctifs‚Äč

  • [ACL] Fixed missing ACL actions on CLAPI import
  • [Configuration] Fixed ineffective massive change on 'Reach API configuration' option on remote server
  • [Downtimes] Prevent the user from creating downtimes with start date, end date and duration after 2037
  • [Platform Topology] Fixed an error that occurred when an FQDN was used as parent address

Correctifs de s√©curit√©‚Äč

  • [Install] Rights applied to "centreon.conf.php" and "conf.pm"
  • [OpenId] Secret tokens obfuscation
  • [Resource status] Fixed error based SQLi on resources GET's endpoint

20.10.10‚Äč

30 juillet 2021

Am√©liorations‚Äč

  • [Authentication] Improve centreonAuth.SSO.class for OpenId connection

Correctifs‚Äč

  • [Administration] LDAP search fails
  • [Configuration] Changing a Remote Server's IP address converts it into a simple Poller
  • [Configuration] Editing service template removes relations with servicegroups
  • [Configuration] Only first servicegroup linked to a service template is exported
  • [Core] Unserialize in CentreonUtils is blocked by QualityGate
  • [Core] Update copyright date
  • [Graph] Can't get a graph with autologin key
  • [LDAP] Fixed LDAP auto-sync is always skipped
  • [LDAP] LDAP's My account issue
  • [Platform Topology] CLAPI's add Instance doesn't add a poller into the platform_topology table
  • [Platform Topology] JSON Schema isn't validated in the POST endpoint
  • [Platform Topology] Removed unused variable in registerServerTopology.sh
  • [Resources Status] No route found for "GET /centreon/api/beta/monitoring/resources/undefineds/133"
  • [i18n] Fix typo in error message

20.10.9‚Äč

30 juin 2021

Correctifs‚Äč

  • [APIv2] Use poller's page ACL rights on Topology API endpoints
  • [Configuration] InfluxDB configuration columns are deleted in Broker form
  • [Downtime] Can not remove/delete periods when configuring recurrent downtime
  • [Platform Topology] Update Exception handling

Correctifs de s√©curit√©‚Äč

  • [Configuration] Input sent to unserialize() are not sanitized
  • [Configuration] SQL Injection on commands
  • [Configuration] SQL Injection on host dependency
  • [Configuration] SQL Injection on hostgroup dependency
  • [Configuration] SQL Injection on metaservice
  • [Configuration] SQL Injection on metaservice dependency
  • [Configuration] SQL Injection on service categories
  • [Configuration] SQL Injection on service dependency
  • [Configuration] SQL Injection on servicegroup
  • [Configuration] SQL Injection on servicegroup dependency
  • [Configuration] SQL Injection on timeperiod
  • [Configuration] XSS Stored on checks command
  • [Core] Manage security acknowledgement

20.10.8‚Äč

7 Juin 2021

Correctifs‚Äč

  • [APIv1] Cannot send external commands anymore
  • [APIv2] Can not authenticate using API when database name and database username are different from default
  • [APIv2] DELETE downtime on host not functionnal
  • [APIv2] Unable to use v2 api (internal server error)
  • [Administration] Broker statistics for pollers are not shown
  • [Anomaly] host_id is null is stream connector flow
  • [Configuration] Change default values for Centreon Engine
  • [Configuration] Unable to add a Poller with the Wizard
  • [Core] Avoid 404 redirection
  • [Install] Cannot update when you have no metaservices
  • [LDAP] Adding new user from LDAP results in Request Entity Too Large error
  • [Reporting] Dashboard can't display reporting for service (query too long)
  • [Resources Status] "Filter by Host" filter is not emptied between searches
  • [Resources Status] Action ACL not working
  • [Resources Status] Apply ACL in command line block
  • [Resources Status] Manage not filled curves

Correctifs de s√©curit√©‚Äč

  • [Administration] Import of JS in image files
  • [Administration] Insecure media file upload
  • [Administration] SQL Injection on ACL actions
  • [Administration] SQL Injection on ACL resources
  • [Administration] SQL Injection on reload ACL
  • [Configuration] SQL Injection on MediaWiki
  • [Configuration] SQL Injection on SNMP trap manufacturer
  • [Configuration] SQL Injection on poller form
  • [Configuration] Unserialize() are not sanitized in Centreon Broker wizard
  • [Configuration] Unserialize() are not sanitized in poller wizard
  • [Configuration] XSS reflected on Graph performance curves
  • [Configuration] XSS reflected on SNMP trap
  • [Configuration] XSS reflected on internal API broker configuration
  • [Graph] SQL Injection on Graph component templates
  • [Graph] SQL Injection on Graph generate image
  • [Install] Packaging, remove . gitignore files
  • [Reporting] SQL Injection on reporting export

Performance‚Äč

  • [ACL] ACL are computed every time for BV
  • [Generation] Bulk insert in index_data during config generation
  • [Purge] Purge of index_data is taking too long because of suboptimal SQL query

20.10.7‚Äč

7 mai 2021

Am√©liorations‚Äč

  • [Custom Views] Add regex filtering to widget compare field

Correctifs‚Äč

  • [Configuration] Can not delete Remote Server from UI
  • [Configuration] Central's Engine configuration is set to use aggressive host checking
  • [Configuration] Hosts/services templates become simple hosts/services
  • [Configuration] Unable to create Meta service with high amount of metrics
  • [Configuration] Wrong number of services/pages to display
  • [Graph] Graphics are not displayable in the interface
  • [Monitoring] Cancelled BA downtime from Downtime menu
  • [Monitoring] Export event logs with filter on output is broken
  • [Platform Topology] API: remote / poller to central with proxy
  • [Platform Topology] Remove all topology when Remote => Central Conversion
  • [Platform Topology] Script: Unable to register a remote on a Central
  • [Platform Topology] Unable to replace 127.0.0.1 by real IP in poller form when already saved in platform_topology
  • [Purge] Script can't drop several partitions
  • [Resources Status] Be able to sort by Parent name in listing
  • [Resources Status] Manage notes on resources for Notes URL
  • [Resources Status] Missing french translations
  • [Resources Status] Service link to multiple hosts or service by hostgroup won't be listed
  • [UI] Centreon blank page on all menu with firefox < 78

Correctifs de s√©curit√©‚Äč

  • [Administration] User can install or delete modules with no ACL rights
  • [Configuration] Cross-site Scripting (XSS) Stored/Persistent in Dependency/Notification form
  • [Configuration] SQL injection in user additional information
  • [Configuration] Stored XSS in host Alias for host form
  • [Core] Predictable anti-CSRF token
  • [Graph] SQL Injection on graph periods
  • [Graph] SQL Injection on graph split
  • [Lib] Update centreon vulnerable packages
  • [Resources Status / Service Details] Passwords are displayed in command line
  • [Resources Status / Service Details] Passwords field for EXTRAOPTIONS is not hidden in command line

Performance‚Äč

  • [Core] Replace "WITH RECURSIVE" MySQL calls with PHP-based recursion loops

20.10.6‚Äč

20 avril 2021

Correctifs‚Äč

  • [ACL] Use ACL Action to generate traps
  • [About] Update about page with current team
  • [Administration] Cannot list Pollers in Platform Status pages
  • [Configuration] Error while adding a Remote Server and attaching a poller to it via wizard
  • [Configuration] Poller attached to remote is not fully removed from database when deleted using the from
  • [Core/API/v1] Can't filter on criticality
  • [Core] Configuration output can lead to an empty broker configuration
  • [Core] Update centreon copyright dates
  • [Extensions Manager] No popup when removing extension
  • [Graph] Adapt graph scale for b/s unit
  • [Graphs] Colors of labels don't match colors of curves (old library)
  • [Install] During installation, web installer can not be executed fully
  • [Platform Topology] Distant Poller attached behind a Remote Server does not receive conf
  • [Platform Topology] Missing current node IP address in register script
  • [Platform Topology] Register script concatenates default values to values from the template
  • [Platform Topology] Script target address not parsed correctly.
  • [Platform Topology] Enhance register script displaying
  • [Reporting] Dashboard is slow to display with large service groups
  • [Resources Status] Bad urls for mediawiki
  • [Resources Status] Macros in "URL" and "Action URL"
  • [Resources Status] Missing french translations
  • [UX] Remove "deprecated" from menu for deprecated monitoring pages

Correctifs de s√©curit√©‚Äč

  • [Core] XSS in index.php and index
  • [Library] Update jQuery to version sup or equal 3.5.1

Performance‚Äč

  • [API/Topology] Refacto PlatformTopology 20.10

20.10.5‚Äč

1 avril 2021

Correctifs‚Äč

  • [Lib] Update moment-timezone to manage new timezones
  • [Resources Status] Error when getting the command line for Meta Service detail

Correctifs de s√©curit√©‚Äč

  • [APIv2] API realtime rights give API configuration rights

20.10.4‚Äč

25 février 2021

Am√©liorations‚Äč

  • [Configuration] Add the 'instance_heartbeat_interval' parameter in Engine configuration
  • [Configuration] Improve access to the list of pollers
  • [Core] Performance improvements for partitioning
  • [Core] Update PHP 7.3 compatibility
  • [Core] Use Gorgone to dispatch downtimes locally
  • [Status Details] Display of comments in the host details page
  • [Top counters] Displayed values for services don't consider host acknowledgements

Correctifs‚Äč

  • [CLAPI] No control on dependencies relations
  • [Configuration/] "Conf Changed" yes is green instead of red in pollers listing
  • [Configuration] Creation forms generate status code 400 errors
  • [Configuration] Non-admin users can't create host/service
  • [Resources Status] Display order of events in timeline
  • [Resources Status] Panel does not display radius
  • [Resources Status] Unexpected behavior when setting a DT with an empty comment field

Correctifs de s√©curit√©‚Äč

  • [Administration] Cross-site Scripting (XSS) Stored/Persistent in "ACL > Resources Access" - CVE-2020-22425
  • [Administration] XSS stored in the LDAP form
  • [Apache] Remove deprecated TLS ciphers
  • [Authentication] Session is active longer than expected
  • [Authentication] User enumeration in login page
  • [Configuration] Cross-site Scripting (XSS) Reflected in "Configuration > Hosts"
  • [Core] Vulnerable handlebars.js library
  • [Reporting] Cross-site Scripting (XSS) Reflected in "Dashboard > Hosts"

20.10.3‚Äč

8 février 2021

Am√©liorations‚Äč

  • [API] Add endpoint for Topology/enableRemote
  • [API] Add Delete method for Topology/enableRemote
  • [Core]Refactor the script to register new server in bash instead of PHP

Correctifs‚Äč

  • [Administration] ACL Menus Access - Lines alignment
  • [Administration] ACL Menus Access - Unable to select subgroup access options
  • [CLAPI] APPLYCFG on a Poller behind a Remote Server doesn't trigger sync task for the RS itself
  • [CLAPI] Cancel RTACKNOWLEDGEMENT doesn't work for services
  • [CLAPI] Create user with language
  • [CLAPI] Import fails on password type macros
  • [CLAPI] Show RTACKNOWLEDGEMENT for a service only shows first one to have been defined
  • [Update] Central IP is override by 127.0.0.1 in platform_topology table

Correctifs de s√©curit√©‚Äč

  • [ACL/Access Groups] Cross-site Scripting (XSS) Stored/Persistent for search
  • [ACL/Actions Access] Cross-site Scripting (XSS) Stored/Persistent for search
  • [ACL/Resources Access] Cross-site Scripting (XSS) Stored/Persistent for search
  • [API] Missing access control mechanism in rest API v1
  • [Configuration > Servicegroups] Leak of technical information
  • [Configuration/H/HTPL/S/STPL] Password in plain text
  • [Core] Centreon token is vulnerable against replay attack
  • [Core] Token usage is not mandatory
  • [Media] PHP warning about missing tmp dir used during media upload

20.10.2‚Äč

12 janvier 2021

Comportements connus :

  • Les liens "url notes" et "url actions" maintenant visibles dans la page "Resources Status" ne traduisent pas les macros, par exemple $HOSTNAME$.

Am√©liorations‚Äč

  • [API] Add normalizers for data found in concordanceArray
  • [API] Get topology of servers of a Centreon Platform
  • [Configuration] Add a special variable for trap OID
  • [Configuration] Add pool size parameter in configuration for Centreon Broker
  • [Resources Status] Add alias & fqdn in host detail panels
  • [Resources Status] Add URL link button from host and service extended information configuration

Correctifs‚Äč

  • [Authentication] New LDAP configurations are broken
  • [CLAPI] Export does not export default contactgroup linked to a LDAP configuration
  • [Configuration] PHP Warning while creating a Centreon Engine configuration
  • [Configuration] Unable to save log level in Centreon Engine form
  • [Knowledge Base] Access to mediawiki is very slow
  • [Resources Status] Display issue when resource has a configured icon
  • [Resources Status] Incorrect default downtime duration
  • [Resources Status] Useless impacted_resources_count property

Correctifs de s√©curit√©‚Äč

  • [Apache] Support for the HTTP TRACE
  • [Apache] Uncorrect HTTPS declaration of SSLCipherSuite in Centreon example file
  • [Authentication] Reach Centreon Front-end parameter ineffective
  • [Configuration] Cross-site Scripting (XSS) Stored/Persistent in Connectors & commands form
  • [Configuration] Cross-site Scripting (XSS) Stored/Persistent in Contact Groups form
  • [Configuration] XSS in updateContactParam.php & commonJS.php
  • [Media] Unrestricted file upload

20.10.1‚Äč

25 novembre 2020

Am√©liorations‚Äč

  • [API] Improve registration script
  • [Performance] Disable UI notification mechanism if not needed by user

Correctifs‚Äč

  • [API] Rework POST generated API request for PlatformTopology
  • [API] Service groups search not working
  • [Administration] "show deprecated pages" option does not work anymore
  • [Administration] 'options' table for centreon database is sometimes empty
  • [Configuration] Radio buttons for "InfluxDB - Storage - InfluxDB" output not working properly for Centreon Broker form
  • [Core] Perl lib db query bad looping parameters
  • [Core] Too much rows in extended_service_informations tables
  • [Event View] Cannot search with regex using "+" character
  • [Event logs] Inoperative filters when exporting
  • [Graphs] Performance graph legend does not update dynamically
  • [Reporting] Dashboard won't build when having service by hostgroup
  • [Resources Status] Cannot search multiple times in hostgroup filter
  • [Resources Status] Infinite scroll + refresh button duplicates events in timeline
  • [Resources Status] Services listing blinking in details panel
  • [Resources Status] Timeline tab content blinks while browsing resources

Correctifs de s√©curit√©‚Äč

  • [Apache] Lack of click diversion protection (Clickjacking)
  • [Core] Update moment.js library

20.10.0‚Äč

21 octobre 2020

Comportements connus:

  • Si un Central est configur√© pour communiquer avec un Remote Server √† l'aide de SSH , le rechargement de la configuration d√©clenchera l'erreur suivante dans le log de Gorgone:

    ERROR - [sshclient] Unsupported action 'ADDIMPORTTASKWITHPARENT'

    Cela est d√Ľ au fait que le processus d'exportation/importation de donn√©es entre ces deux serveurs n'appelle pas l'API du Remote Server (le flux HTTP n'est alors plus n√©cessaire).

    L'appel se fait maintenant via Gorgone, comme pour la copie des fichiers, et nécessite que la communication utilise ZMQ.

Am√©liorations‚Äč

  • [API] Possibility to Register servers (Remote Server, Poller, Centreon Map)
  • [Configuration/Wizard] Add possibility to select registered poller
  • [Authentication] Replace Keycloak to generic OAuth2 / OpenId Connect
  • [Event Logs] Display anomaly detection as regular service
  • [Monitoring/Resources Status] Add shortcuts for hosts and services details
  • [Monitoring/Resources Status] Add timeline for hosts and services details
  • [Monitoring/Resources Status] Be able to filter on status output
  • [Monitoring/Resources Status] Add possibility to save/manage filters
  • [Monitoring/Resources Status] Add possibility to submit result for resources
  • [Monitoring/Resources Status] Redirect all realtime links to Resources Status page
  • [Remote Server] Replace HTTP flow by gorgone between Central and Remote Servers

Centreon Engine‚Äč

20.10.7‚Äč

20 octobre 2021

Bug fixes‚Äč

  • Badly designed mutex could cause deadlocks in centreon-clib
  • [Anomaly_Detection] Units were not provided in the perfdata for lower_thresholds and upper_thresholds of Anomaly Detection services
  • Fixed an issue that could cause deadlocks in the logs production
  • Sending values of date_start, date_end and duration of downtimes higher than 2^31 (Tue Jan 19 04:14:08 CET 2038) could block broker's inserts into the database. They are now limited to 2037-12-31 23:59:59.
  • No recovery notification was sent if service went from CRITICAL to WARNING to OK state and user deactivated WARNING notification

From Community‚Äč

  • Notifications were sent for services of a soft down host despite "Soft Service Dependencies" option being set to "yes" (fixes issue #286)

20.10.6‚Äč

15 juillet 2021

Correctifs‚Äč

  • Les notifications de r√©cup√©ration ne sont pas envoy√©es si centengine a √©t√© interrompu durant l'incident
  • Centengine envoie les statuts de services en double lorsqu'un contr√īle imm√©diat est planifi√©
  • Probl√®mes de compilation sur Raspberry Pi

20.10.5‚Äč

4 juin 2021

Cette version nécessite Centreon Clib 20.10.2 ou supérieur. Cette version nécessite Centreon-Connector 20.10.1 ou supérieur.

Correctifs‚Äč

  • Engine consomme 100% de CPU quand check_period est none
  • Le build d'engine/broker a √©t√© migr√© de Bintray vers ConanCenter

20.10.4‚Äč

29 avril 2021

Correctifs‚Äč

  • √Čvitez d'envoyer des horodatages erratiques
  • La macro SERVICEGROUPNAME n'appara√ģt pas dans les notifications
  • Le champ "Hard State Duration" de l'h√īte affiche "N/A" lorsqu'il n'est pas associ√© √† des services
  • Limiter la date de d√©but, la date de fin et la dur√©e des temps d'arr√™t
  • Mauvais acc√®s √† la m√©moire sur les macros hostgroupname / servicegroupname

20.10.3‚Äč

28 avril 2021

Cette version nécessite Centreon Broker 20.10.4 ou supérieur.

Correctifs‚Äč

  • Les notifications de type recovery n'√©taient pas envoy√©es √† la sortie d'un arr√™t pr√©vu
  • Les notifications de type recovery n'√©taient pas envoy√©es √† l'entr√©e en p√©riode de notification
  • Les statuts d'h√ītes et de services √©taient transmis en double √† Broker
  • La macro $TIMET$ contenait l'heure format√©e au lieu d'un timestamp
  • Le flapping n'√©tait pas d√©tect√© correctement
  • La macro $SERVICENOTESURL$ √©tait encod√©e par Engine dans les notifications
  • La p√©riode de notification de l'utilisateur n'√©tait pas correctement appliqu√©e
  • Engine pouvait s'arr√™ter sans logger aucune erreur

20.10.2‚Äč

20 janvier 2021

Cette version nécessite Centreon Broker 20.10.3 ou supérieur.

Correctifs‚Äč

Notification macros

The macros in which notification information can be found have been fixed (ie $NOTIFICATION$, $HOSTNOTIFICATION$, $SERVICENOTIFICATION*$)

Am√©liorations‚Äč

Instance updates

There is a minimal delay specified in seconds between two instance updates. By default, its value is 30s. It can be set with the variable instance_heartbeat_interval in the centengine.cfg file.

20.10.1‚Äč

16 décembre 2020

Correctifs‚Äč

Stalking option

The stalking option works again, it has been fixed. Make sure you are not enabling volatile option at the same time to really get an output stalking.

Macros filters

Macros can be filtered. This was possible before and there was a regression breaking this functionality. So now, we can activate the macros filtering and then we can specify which macros to send to broker.

Notifications

Host/service status field 'Last Notification' was filled when state was HARD even if no notification is configured nor sent.

20.10.0‚Äč

21 octobre 2020

Comportements connus:

  • Si Engine sur un Poller ou un Remote Server n'est pas mis √† jour en 20.10, les fichiers de configuration copi√©s depuis un Central √† jour par Gorgone utilisant une communication ZMQ ne pourront pas √™tre lus par le processus Engine, avec l'erreur suivante dans les logs:

    Error: Parsing of global configuration failed: Can't open file '/etc/centreon-engine/centengine.cfg'

    Cela est d√Ľ √† des droits plus stricts sur ces fichiers.

    Comme toujours, nous recommandons fortement de mettre à jour tous les composants en adéquation avec la version du Central.

    Cependant, le temps de la mise à jour, il est possible d'ajouter manuellement l'utilisateur centreon-engine au groupe centreon-gorgone avec la commande suivante :

    usermod -a -G centreon-gorgone centreon-engine

Correctifs‚Äč

  • Contient tous les correctifs jusqu'√† la version 20.04.7

Centreon Broker‚Äč

20.10.12‚Äč

Release date: March 10, 2022

Bug fixes‚Äč

  • Refactored the BAM Business activities downtimes inheritance mechanism so that they are properly inherited and not duplicated anymore.

After having updated centreon-broker to this version, you may still have unwanted remaining downtimes on your Business Activities. It can happen if a downtime that was inherited from a KPI has been duplicated and if the original downtime ended before the bugfix was installed. In that case, you will have to apply the following procedure.

systemctl stop centengine
sed -i -zE 's/(servicecomment|servicedowntime) \{\nhost_name=_Module_BAM_1\n[^}]*\}\n//g' /var/log/centreon-engine/retention.dat
systemctl start centengine

All the downtimes applied on Business Activities have now been removed.

You must then restart the centengine service on all the other pollers to restore the legitimate inherited downtimes.

20.10.11‚Äč

Release date: January 20, 2022

Bug fixes‚Äč

  • Fixed a regression due to the central broker's cache generation optimization, which was too thorough and prevented BAM from computing KPIs based on boolean rules

20.10.10‚Äč

Release date: January 13, 2022

Bug fixes‚Äč

  • The central broker's cache generation loaded too much data and took too much time when BAM was activated
  • When a single metric is deleted, the corresponding RRD file is now removed
  • Fixed an issue causing BAM Business Activities (best status) to remain in an OK state when the OK KPIs were removed

20.10.9‚Äč

27 octobre 2021

Bug fixes‚Äč

  • Fixed a deadlock issue that blocked engine when all debug options were enabled

20.10.8‚Äč

20 octobre 2021

Improvements‚Äč

  • A TCP keepalive check has been added to the acceptor side of broker connections to avoid keeping dead connections

Bug fixes‚Äč

  • Fixed an issue that occasionally caused the LUA cache to disappear when reloading cbd
  • In case of retention on one side of a tcp connection, the connection could get interrupted because of an issue in the flush() function
  • Database connection error flag was not reset in conflict manager once an error occurred (even after successful connection) and could block the insertion into the database
  • The index_id column of table metrics was cast in int32 instead of int64
  • Resolved conflicts that could appear between hostgroups when connections_count > 1
  • Deleting graph from the WUI did not actually delete RRD files

20.10.7‚Äč

30 Ao√Ľt 2021

Correctifs‚Äč

  • Fixed a deadlock in broker with a reversed TCP output when cbd receives SIGTERM
  • Fixed "MySQL server has gone away" error causing failure in BAM events computation, and data loss in BAM availability statistics

20.10.6‚Äč

15 juillet 2021

Correctifs‚Äč

  • Un deadlock pouvait se produire lorsque broker √©tait arr√™t√© imm√©diatement apr√®s son d√©marrage
  • Un core dump pouvait appara√ģtre lorsque centengine √©tait stopp√©
  • Parfois centengine ne parvenait pas √† se reconnecter au broker central
  • Quand beaucoup de collecteurs essayent de se connecter au m√™me moment au broker central, il arrive que les derniers ne puissent pas se connecter
  • Les plages de temps n'√©taient pas pars√©es correctement lorsqu'elles se terminaient par \r ou \n
  • Probl√®mes de compilation sur Raspberry Pi
  • Les requ√™tes TLS n'√©taient pas correctement trait√©es par GNUTLS sur RedHat 8

Am√©liorations‚Äč

  • Les logs de debug BBDO serialized events sont d√©sormais des logs de niveau trace

20.10.5‚Äč

4 juin 2021

S√©curit√©‚Äč

  • Blocage des injections SQL depuis des custom variables
  • Suppression de SSL et de suites de chiffrement d√©pr√©ci√©es

Correctifs‚Äč

  • Le build d'engine/broker a √©t√© migr√© de Bintray vers ConanCenter
  • La compatibilit√© BBDO √©tait cass√©e suite √† la mise √† jour mineure 20.10.4, ce qui bloquait le rafraichissement des donn√©es de la supervision
  • Les metaservices utilis√©s comme KPI n'impactaient pas les activit√©s m√©tier (Centreon BAM)
  • L'impact CRITICAL √©tait appliqu√© plut√īt que l'impact UNKNOWN lorsqu'une BA √©tait utilis√©e comme KPI d'une autre BA (Centreon BAM)
  • Le red√©marrage de Broker √©tait ralenti par des requ√™tes sous-optimales relatives aux arr√™ts pr√©vus et aux commentaires
  • Limiter les valeurs des dates de d√©but, de fin et de dur√©e des arr√™ts pr√©vus pour qu'elles ne d√©passent pas la valeu r maximale permise en base de donn√©es

20.10.4‚Äč

28 avril 2021

Broker

  • Add TLS handshake in broker debug logs
  • Allow point as a valid character for ouput's name
  • Broker hangs when stopped alone (without watchdog)
  • Cast index_data.id to unsigned int 64
  • Connection interruption not detected by Central (one peer retention mode)
  • Harden SIGTERM handling when shutting down
  • Insert NULL instead of Nan or Inf for metrics data
  • Provide host_id and service_id in logs when metrics fail to be inserted in database
  • Rebuild of RRD not working
  • Study ARM compilation
  • TLS common name check impossible if it is too long

Engine

  • Engine stops working without error

Security

  • Strengthen TLS / SSL exchanges

20.10.3‚Äč

20 janvier 2020

Correctifs‚Äč

Conflict manager and comments

It is possible to lock the database during comments insertion. This new version fixes that.

BAM reporting dimensions computation

If there are retention files, dimensions computation could fail because of conflicts between new block computation and old ones (the ones in the retention). There was also an issue of concurrent access to tables during dimensions computation.

BAM availabilities rebuild

When availabilities are rebuilt, durations can be doubled. This new version fixes this issue.

Am√©liorations‚Äč

Logs

Logs are sent to the database in bulk as we already do for customvariables.

Lua

There is a new API available for the Lua connector. To use it, scripts must declare a global variable broker_api_version=2. From the user's point of view, Stream Connectors should work almost the same. In isolate cases, we could see scripts that do not work with this new API, then you can always work with Broker API version 1, by setting the variable to 1 or by removing this variable declaration in the script. Why should we use the v2 version? Because it is faster, really faster.

TCP connections

If the connection between two peers is flapping, it may be difficult for one to reconnect to the other and this could lead to many CLOSE_WAIT on the acceptor side. This new version fixes this issue.

20.10.2‚Äč

16 décembre 2020

Comportements connus:

  • Si le chiffrement TLS est configur√© pour utiliser une paire cl√©/certificat personnelle pour les entr√©es/sorties IPv4/6, les deux extr√©mit√©s doivent √™tre mises √† jour pour assurer la communication.

  • Si vous utilisez Centreon MAP avec un chiffrement TLS, assurez vous de mettre √† jour le serveur MAP √† la version >= 20.10.2.

Correctifs‚Äč

TLS

Credentials were not more loaded by the TLS connector anymore. This is fixed with this new version.

Custom variables

They were updated several times in the database. It is fixed now.

Build

GnuTLS requirement now matches compilation version.

BAM

Reporting events were not stored into database because of truncated Business Activities names causing duplicate entry errors.

20.10.1‚Äč

25 novembre 2020

Correctifs‚Äč

Build

Build on Centos8 fixed.

Retention files

The splitter class is now thread safe and does not need external locks anymore. It is also far less strict and allows some reading and some writing at the same time.

TCP

Writing on a tcp stream could slow down in case of many retention files. The issue was essentially in the flush internal function.

Am√©liorations‚Äč

TCP connections

TCP streams are really faster, especially when Broker has retention files and there are a lot of traffic.

SQL and storage streams

Those streams have several improvements:

  • Events exchanges are much faster, especially when Broker has retention files.
  • Several queries have been changed to insert data in bulk, it is the case for custom variables and metrics.
  • There are cases where those streams could crash that have been also fixed.

Statistics

The thread pool has now its own statistics. For now, we have two informations that are the number of threads it contains and its latency in milliseconds that is the duration we have to wait to see a task executed. We post a task to the thread pool at time T1, it is executed by the thread pool at time T2, the latency is T2 - T1.

Command line argument

It is now possible to set the cbd pool size directly on the command line with the ‚Äďpool_size X argument or -s X.

20.10.0‚Äč

21 octobre 2020

Comportements connus:

  • Si Broker sur un Poller ou un Remote Server n'est pas mis √† jour en 20.10 (ou utilisant une version ant√©rieur √† 20.04.9), la communication entre ces Pollers ou Remote Servers et un Central √† jour peut ne pas fonctionner.

    Comme toujours, nous recommandons fortement de mettre à jour tous les composants en adéquation avec la version du Central.

    Cependant, le temps de la mise à jour, la communication peut être maintenue en s'assurant que les configurations des Brokers respectent les conditions suivantes :

    • le chiffrement TLS et la compression sont param√©tr√©s √† Auto ou No sur l'entr√©e du Central,
    • le chiffrement TLS et la compression sont param√©tr√©s √† Auto ou No sur la sortie du Poller ou Remote Server.

    Si le mode de connexion inversé (one peer retention) est utilisé, la mise à jour de Broker est obligatoire.

Correctifs‚Äč

  • Contient tous les correctifs jusqu'√† la version 20.04.9

Centreon CLib‚Äč

20.10.5‚Äč

27 octobre 2021

Bug fixes‚Äč

  • Fixed a deadlock issue that blocked engine when all debug options were enabled

20.10.4‚Äč

20 octobre 2021

Bug fixes‚Äč

  • Fixed an issue in centreon-clib that caused deadlocks when a process was killed
  • Badly designed mutex could cause deadlocks in centreon-clib
  • Fixed an issue that could cause deadlocks in the logs production

20.10.3‚Äč

15 juillet 2021

Correctifs‚Äč

  • Libraries are loaded lazily now. This allows not having to check all link issues during loading.

20.10.2‚Äč

4 juin 2021

Am√©liorations‚Äč

  • Compilation in C++14 with conan-center: bintray has stopped. We had to switch to conan-center. And then our conan dependencies had to be upgraded and then we had to switch to C++14. So here is the corresponding compilation.

20.10.1‚Äč

28 avril 2021

Correctifs‚Äč

  • Start/Stop process_manager mechanism is rewritten and much simpler. The consequences are that there are less deadlocks in the processes management.
  • The simple cases that are addition, subtraction and some other cases, have had their computations simplified, that is to say less computations, so faster.

20.10.0‚Äč

October 21, 2020

Correctifs‚Äč

  • A possible deadlock was removed when a process is added and at the same time a process is removed because in timeout.

Centreon Connector Perl‚Äč

20.10.3‚Äč

20 octobre 2021

Bug fixes‚Äč

  • Badly designed mutex could cause deadlocks in centreon-clib
  • Fixed an issue that could cause deadlocks in the logs production

20.10.2‚Äč

15 juillet 2021

  • Provide compatibility with centreon-clib 20.10.3

20.10.1‚Äč

4 juin 2021

  • Le build d'engine/broker a √©t√© migr√© de Bintray vers ConanCenter.

20.10.0‚Äč

  • Compatibilit√© avec les autres composants 20.10.

Centreon Connector SSH‚Äč

20.10.3‚Äč

20 octobre 2021

Bug fixes‚Äč

  • Badly designed mutex could cause deadlocks in centreon-clib
  • Fixed an issue that could cause deadlocks in the logs production

20.10.2‚Äč

15 juillet 2021

  • Provide compatibility with centreon-clib 20.10.3

20.10.1‚Äč

4 juin 2021

  • Le build d'engine/broker a √©t√© migr√© de Bintray vers ConanCenter.

20.10.0‚Äč

  • Compatibilit√© avec les autres composants 20.10.

Centreon Gorgone‚Äč

20.10.7‚Äč

Release date: July 27, 2022

Bug fixes‚Äč

  • Fixed an issue that caused Service Discovery scans to fail because the wrong message was caught.
  • Fixed an issue that could make Gorgone crash in pull mode.
  • Fixed an issue that prevented Gorgone from handling advanced Service Discovery features correctly.
  • Fixed an issue in the module management that could cause crashes.

Enhancements‚Äč

  • Added an "audit" module to Gorgone to provide an overview of the system status, package versions, and some Centreon metrics.

20.10.6‚Äč

Release date: December 15, 2021

Bugfixes‚Äč

  • Make Gorgone‚Äôs private key readable by centreon-gorgone only
  • Fixed export of configuration files on a poller with Debian 11
  • Fixed error in log for autodiscovery module
  • Merge YAML libraries to use only one
  • Fixed uninitialized value using pull mode

20.10.5‚Äč

7 septembre 2021

Am√©liorations‚Äč

  • Add endpoint to ask gorgoned to resync pollers configuration
  • Add Centreon platform audit module
  • Allow to define the list of the commands that can be run through the Action module

Correctifs‚Äč

  • Fixed only returns no_log when asking associated logs of a token through API

20.10.4‚Äč

10 juin 2021

Correctifs‚Äč

  • [Anomaly] Le host ID √©tait null dans les filtres de d√©tection.

Am√©liorations‚Äč

  • Ajout d'une option de journalisation pour √©viter une taille trop grande de la base SQLite
  • Ajout de la d√©pendance pour perl-Libssh-Session-0.8

20.10.3‚Äč

4 mars 2021

Am√©liorations‚Äč

  • [core] Envoi par blocs des commandes externes √† Engine

20.10.2‚Äč

29 janvier 2021

Correctifs‚Äč

  • [zmqclient] Harden communication to avoid "Protocol not good" errors
  • [zmqclient] Increment ZMQ_LINGER period for some modules
  • [zmqclient] Lot of ESTABLISHED connections on server side when network is flapping
  • [sshclient] Command actions badly encoded lead to badly encoded messages in web UI (downtimes, acknowledgements)
  • [sshclient] Uncaught messages lead to problems with statistics collection and Autodiscovery module.

Am√©liorations‚Äč

  • [anomalydetection] Reduce time interval between prediction downloads

20.10.1‚Äč

17 décembre 2020

Correctifs‚Äč

  • [proxy] gorgone-proxy processes stucked when stopping gorgoned
  • [core] Rare case of database handler wrongly instantiated due to race condition issue
  • [core] Hardened management of message encoding/decoding
  • [autodiscovery] Handle Centreon API modules version endpoint empty response
  • [autodiscovery] Uncatched error when reaching Host Discovery global timeout
  • [autodiscovery] Discovered services state flapped between enabled and disabled
  • [autodiscovery] Service discovery email sending not working properly when having services with space in their name
  • [autodiscovery] Service discovery email sending not working with groups of contacts

Am√©liorations‚Äč

  • [proxy] Force TCP reconnection after 3 ping timeout
  • [zmqclient] ID is not necessary anymore in end targets configuration (ie Pollers)

20.10.0‚Äč

21 octobre 2020

Correctifs‚Äč

  • Contient tous les correctifs jusqu'√† la version 20.04.6

Am√©liorations‚Äč

  • [module] Add new core/pipeline module
  • [module] Add new centreon/judge module
  • [core] Add listener system
  • [autodiscovery] Refacto centreon/autodiscovery module to use listener system
  • [autodiscovery] Add service discovery in centreon/autodiscovery module