Aller au contenu principal
Version: ⭐ 25.10

Centreon Open Source

Introduction

Vous trouverez dans ce chapitre tout ce qui concerne Centreon Open Source.

Il est important de mettre à jour en utilisant la documentation adéquate de mise à jour et de lire attentivement les notes de mise à jour afin d'être au courant des changements qui pourraient impacter votre usage ou votre plateforme ou des développements spécifiques que vous auriez fait.

Pour faire des demandes d'évolutions ou signaler des bugs sur les extensions commerciales, vous pouvez vous rendre sur notre Github.

Retrouvez plus de détails sur la version 25.10 dans notre post de blog.

Centreon Web

25.10.3

Release date: December 23, 2025

Enhancements
  • [Install] The is_encryption_ready column now has the correct data type to support poller encryption.

25.10.2

Release date: December 17, 2025

Enhancements
  • [Authentication] When a user is authenticated using an IdP, the password fields no longer appear when editing a contact.
  • [Dashboards] Status Grid widget: added a new filter for the state of resources (unhandled, acknowledged, in downtime, flapping).
  • [Packaging] Increased the php memory limit in the centreon php configuration.
  • [Resource Status] For performance and readability reasons, graphs containing more than 20 metrics are no longer displayed.
Bug fixes
  • [ACL] Fixed an issue for users cumulating multiple ACLs that caused the ACL with the highest ID to override other ones.
  • [API] Fixed an issue where using Rest APIv1 would change the token expiration date.
  • [API] Fixed an issue that caused commands to return an SQL error when requesting services in real time using MySQL 8.
  • [API] Fixed an issue with filtering on realtime service categories listing API endpoint.
  • [APIv2] Fixed a 500 error when expiration_date = NULL in security_token.
  • [Anomaly Detection] Fixed an issue on broker configuration generation with proxy parameters.
  • [Authentication] Allowed to access Centreon UI through a reverse proxy/load balancer.
  • [Configuration] Fixed an issue where host names could be saved with special characters but would then cause "export configuration" to fail.
  • [Authentication] Fixed an issue where users could lose their DN during an LDAP connection.
  • [Authentication] Fixed an issue with LDAP authentication crashing right after a success message.
  • [Authentication tokens] Fixed an issue when clicking "cancel" in the change confirmation modal that caused the token's status to be displayed as changed.
  • [BA monitoring page] Fixed an issue that caused certain areas of the page to remain in light mode while dark mode was selected.
  • [CEIP] Added data-testid on enable button for both direction.
  • [CLAPI] Fixed an issue where the APPLYTPL command would take a long time to take effect.
  • [Core] Fixed an issue with API routes.
  • [Configuration] Fixed an error when changing the host template order in the host configuration form.
  • [Configuration] Fixed an issue in Agent configuration where engine was not listening if "No TLS" was activated (poller-initiated).
  • [Configuration] Fixed an issue in Agent configuration (Poller-initiated connection) that prevented users from searching for the host.
  • [Configuration] Fixed an issue where host categories were not displayed in the listing when not linked to Host.
  • [Configuration] Fixed an issue with page contents getting mixed-up when navigating between Host Groups and Additional configuration pages.
  • [Configuration] Fixed an issue with special characters not displaying properly in the escalation configuration screen
  • [Configuration] Fixed an issue on remote servers, where max auto_increment was reached after many exports causing imports to fail.
  • [Configuration] Fixed an issue that allowed users to save changes when switching CMA agent modes without filling all required fields.
  • [Configuration] Fixed an issue where Host templates cannot be used in Host categories by non-admininistrators.
  • [Configuration] Fixed an issue where Host severities were no longer written in resources table.
  • [Configuration] Fixed an issue where inherited macros could not be overrided on Host/Host template.
  • [Configuration] Fixed an undefined array key from acl users which were spamming php log.
  • [Custom Views - Host-Monitoring] Fixed an issue where only the current page was exported instead of all data
  • [Dashboards] Fixed an issue preventing dashboards to be filtered.
  • [Dashboards] Fixed an issue where host status icons were displayed incorrectly in the group monitoring widget.
  • [Dashboards] Resource Table widget - Fixed an issue with the host name positioning.
  • [Dashboards] Single Metric widget - Fixed an issue with the real-time retrieval of metric values.
  • [Gorgone] Clarified Apache logs when gorgone connection failed in discovery.
  • [Hosts] Fixed an error where the ACL Resource Groups field would lose its value and display a number instead of a string when a form error occurs.
  • [Licenses] Fixed an error message concerning the creation of a dynamic property in a class when downloading licences.
  • [Log] Fixed an issue where "Error impCompanyPortal" would appear on /var/log/centreon/centreon-web.log.
  • [Medias] Fixed an issue preventing pagination from being displayed properly.
  • [Monitoring] Fixed an issue on Host Group Summary redirecting users to Resource Status.
  • [Open Tickets] Forced BBDO 3.0.1 instead of 3.1 on pollers to prevent a blocking issue.
  • [Performance Graphs] Fixed an issue when exporting data in CSV that resulted in an empty file.
  • [Resource Status] Prevent services related to a deleted host to appear in menu filter.
  • [Translation] Added missing French translations.
Security fixes
  • [Authentication] Password change attempts (both successful and unsuccessful) are now logged in a dedicated log file.
  • [Security] Enhanced security on password DOM storage in login page.
  • [Vulnerability] Fixed an issue on Broken Access Control in Administration Parameters Endpoint.
  • [Vulnerability] Fixed an IDOR vulnerability on Custom Views.
  • [Vulnerability] Fixed XSS vulnerability in the ACL Menus Access page.
  • [Vulnerability] Fixed XSS vulnerability in the Hosts Configuration page.
  • [Vulnerability] Fixed XSS vulnerability in the Recurrent Downtimes page.
  • [Vulnerability] Fixed XSS vulnerability on export configuration page.

25.10.1

Release date: November 10, 2025

Security fixes
  • [Vulnerability] Securized backup script to prevent command injections.
  • [Vulnerability] Fixed IDOR on Custom Views.

25.10.0

Release date: November 4, 2025

Enhancements

Administration & Access Control

  • [ACL] Added Image Folders in ACL groups to allow access control to images in MAP.
  • [Administration] Added INFO logs on API and CMA Tokens Add/Delete/Activate/Revoke and API Tokens usage.

Agent Configuration & Security

  • [Agent configuration] It is now possible to configure both connection direction in the same configuration. The user interface has been improved according to this.
  • [Configuration] Added Insecure TLS connection mode to Agent configuration.
  • [Configuration] Agent configuration - All certificate fields are now optional, to handle public certificate use case.
  • [Configuration] Cleaned up labels in Agent configuration screens.
  • [Configuration] Insecure TLS is now available as encryption mode in Agent configuration.
  • [Credentials encryption] Configuration generation is now able to handle encrypted credentials.
  • Vault paths are now exported in plain-text to pollers.

API & REST Services

  • [API] Added a new endpoint to bulk Duplicate Host Groups.
  • [API] Added bulk enable/disable endpoint for hostgroups.
  • [API] Added an endpoint to bulk Delete Host groups.
  • [API] Added a new endpoint to bulk Delete services.
  • [API] Added missing configuration change logs for service template configuration.
  • [Configuration] Hostgroup form is now using REST API for update.
  • [Configuration] Host form is now using REST API.
  • [Configuration] Hostgroup form is now using REST API for deletion.
  • [Configuration] Host form is now using REST API for deletion.
  • [Configuration] Service form is now using REST API for deletion.
  • [Configuration] Service Template form is now using REST API.

Configuration Management

  • [Configuration] Default 24/7 notification time period is now defined on base pack Host templates.
  • [Configuration] Host_down_disable_service_checks and flapping are now enabled by default on pollers.
  • [Configuration] Improved Hostgroup Add/Edit.
  • [Configuration] Improved Hostgroup listing (columns, filtering, sorting).
  • [Configuration] Improved the tooltip for Broker's Unified SQL output.
  • [Configuration] Replication enabled option has been removed from the Broker output form.

Core Framework & Dependencies

  • [Core] Migrated to PNPM 10 and upgraded dependencies (React 19 and Cypress 14).
  • [Core] Updated PHP dependencies to 8.2 version.
  • [Core] Rectangular logos are now correctly displayed on the login page.
  • [CSS] The Tailwind framework is now used, optimizing the loading of CSS elements.
  • [Packaging] Increased php memory limit in centreon php configuration.

Dashboards & Widgets

  • [Dashboards] Added default sizes for widgets, and optimized their default positioning on the grid of the dashboard.
  • [Dashboards] Custom views menu is now hidden on new installation or if no custom views are present.
  • [Dashboards] Improved Status Grid widget responsiveness in condensed mode.
  • [Dashboards] It is now possible to use regex (regular expressions) to filter certain resource types in specific widgets.
  • [Dashboards] It is now possible to expand an individual widget.
  • [Dashboards] Reduced spacing between items of the Dashboard page. It is now possible to resize the widgets horizontally or diagonally, either on the left or the right side.
  • [Dashboards] When creating a new widget, the list of existing types of widgets is now categorized and ordered alphabetically.
  • [Dashboards][Metrics Graph] Added new time periods: 14 days and 2 months.

Resource Status & Monitoring

  • [Resource Status] Improved copy of executed command.
  • [Resource Status] Improved the label of the "Sticky" option in the acknowledgement window.

User Experience & Interface

  • [Authentication Tokens] Added a welcome page when no token exists in the Authentication tokens page.
  • [Configuration] Harmonized the interface for Additional Configurations with other screens.
  • [UX] Added a button to copy the breadcrumbs on ReactJS pages.
  • [UX/UI] Updated forms and pop-ups to improve readability and added a new tab navigation system for quick access to collapsible sub-menus.
Bug fixes
  • Fixed missing French translations.
  • A default token has been generated and applied to existing agent configuration.
  • [ACL] Fixed issue when cumulating ACLs for a same user.
  • [Configuration] Fixed an issue where export wasn't taking in account macros inherited from indirect template parents.
  • [Configuration] Fixed issue preventing user from disabling a meta-service.
  • [Dashboards] Fixed contact search when sharing a dashboard or a playlist.
  • Fixed an issue where exported tokens was ignored by Engine.
  • Fixed an issue where notes weren't displayed correctly in Administration > Logs.
  • Fixed an issue where service deploy endpoint was adding the command line to the service.
  • Forced BBDO 3.0.1 instead of 3.1 on pollers, to prevent a blocking issue.
  • [LDAP] Fixed an issue on Users & Groups filters validation.
  • [Metrics Graph Widget] Fixed an issue where an unexpected application error was occurring when selecting a custom time period.
  • [Packaging] Updated permissions of token purge log file.
  • [Resource Status] Fixed an issue that prevented the details panel from displaying correctly for a service that is part of a service group.
  • [Translations] Fixed issue preventing translations from being displayed.
  • [Unattended] On versions that use MySQL 8.0, the default authentication plugin is now mysql_native_password.
Security fixes
  • [Administration] Fixed XSS in Administration > ACL > Action Access.
  • [Configuration] Fixed XSS in Configuration > SNMP Traps form
  • [Vulnerability] Fixed XSS vulnerability on Hosts templates.
  • [Vulnerability] Fixed XSS vulnerability on Recurrent downtimes.
  • [Vulnerability] Fixed XSS vulnerability on Resources Access parameters.
  • [Vulnerability] Fixed XSS vulnerability on SNMP traps.
  • [Vulnerability] Fixed XSS vulnerability on Connectors.
  • [Vulnerability] [security] Fixed an RCE on poller reload page.

Centreon Collect

25.10.1

Release date: December 17, 2025

Enhancements
  • [CMA] CMA will now take into account retry_interval and max_attempts.
  • [CMA] Freshness check are now taken into account.
Bug fixes
  • [Broker] Fixed an issue with RRD error messages being incorrectly added to the logfile.
  • [Engine] Fixed an issue where parameters are not correctly inherited from templates.

25.10.0

Release date: November 4, 2025

Enhancements

Broker & Engine Communication

  • [BBDO2 sunset] Added BBDO 3.1 in Broker configuration dropdown.
  • [Broker] Broker can now read and cache Engine configurations, eliminating redundant configuration transfers. When Engine starts, it checks if Broker already has the current configuration during negotiation. If the configuration is already known, Engine skips the transfer, significantly improving the negotiation process between Engine and Broker.
  • Cbmod is no longer needed in the Engine configuration as it is automatically loaded when Engine starts.

Configuration & Security

  • [Configuration] a dedicated whitelist block is now available for Centreon Monitoring Agent.
  • [Credentials encryption] Broker is now able to handle encrypted credentials.
  • [Credentials encryption] Engine is now able to check its encryption readiness.
  • Enhanced configuration generation to handle Insecure TLS.
  • Insecure TLS is now available as encryption mode in CMA.

gRPC API Enhancements

  • [gRPC API] GetHostgroups function return information about hostgroups.
  • [gRPC API] GetTag function return information about Tag.
  • [gRPC API] GetService function have been improved to return more information.

Cache & Performance

  • Added a new function in the lua cache to access hostgroups alias.
Bug fixes
  • AES 256 encryption keys are now automatically resized (zero-padded if too short, truncated if too long) instead of throwing an error when not exactly 32 bytes.
  • cbmod is no longer needed in the Engine configuration as it is automatically loaded when Engine starts.
  • [Collect] Fixed a regression where an engine command could not launch several checks at the same time.
  • [Core] Fixed compatibility of Engine with older versions of Linux kernel.
  • [Engine] Fixed an issue where parameters are not correctly inherited from templates.
  • [Packaging] Fixed package dependency issue with centreon-broker-caching-sha2-password that could block a broker update.
  • Fixed a segmentation fault in Engine that could occur if checks were still running when a shutdown was requested.
  • Fixed Engine crash when deleting a host during downtime notification.
  • "name" attribute is now managed in CMA Tokens.

Centreon Monitoring Agent

25.10.1

Release date: December 17, 2025

Bug fixes
  • CMA is now taking account retry_interval and max_attempts.

25.10.0

Release date: November 4, 2025

Enhancements

Security & Encryption

  • [Credentials encryption] CMA is now able to retrieve encryption key & handle encrypted credentials.
  • Enhanced configuration generation to handle Insecure TLS.
  • Insecure TLS is now available as encryption mode in CMA.

Other

  • [CMA] Improved error handling for syntax checks.

Centreon Gorgone

25.10.2

Release date: December 17, 2025

Bug fixes
  • [Gorgone] Fixed Gorgone whitelist to allow NRPE service discovery.
  • [Packaging] Fixed an issue that cause an upgrade failure due to centreon-perl-libs being split into centreon-perl-libs and centreon-perl-libs-common.

25.10.1

Release date: November 17, 2025

Bug fixes
  • [Packaging] Upgrade no longer fails because of centreon-perl-libs being split into centreon-perl-libs and centreon-perl-libs-common.

25.10.0

Release date: November 4, 2025

Enhancements
  • [Gorgone] Added the ability to fetch configuration credentials from a vault.

Centreon AWIE

25.10.1

Release date: December 17, 2025

Bug fixes
  • [Extensions] Fixed an issue on documentation links for extensions which dont use versioning.

25.10.0

Release date: November 4, 2025

Enhancements
  • [Core] Updated PHP dependencies to 8.2 version.

Centreon DSM

25.10.1

Release date: December 17, 2025

Bug fixes
  • [DSM] Fixed an issue with dsmd daemon being stuck on start.
  • [Translation] Added missing French translations.

25.10.0

Security fixes
  • [Vulnerability] Fixed an XSS vulnerability in the Extensions Dynamic Services Configure page.

25.10.0

Release date: November 4, 2025

Enhancements
  • [Core] Updated PHP dependencies to 8.2 version.
Bug fixes
  • [Packaging] SQL files are now correctly packaged on centreon-dsm.

Centreon Open Tickets

25.10.1

Release date: December 17, 2025

Enhancements
  • [GLPI] Fixed group retrieval when using versions 9.5 and above.
Bug fixes
  • [Open Tickets] Fixed an issue that exposed passwords when using EasyVista.
  • [Open Tickets] Fixed an issue preventing tickets from being closed when the corresponding resource had its status changed since the opening of the ticket.
  • [Translation] Added missing French translations.

25.10.0

Release date: November 4, 2025

Enhancements
  • [Core] Updated PHP dependencies to 8.2 version.
Security fixes
  • [Vulnerability] Fixed SQL injection in the Notification > Rules page.
  • [Vulnerability] Fixed XSS vulnerability in the Configuration > Notification > Rules page.

Centreon High Availability

25.10.1

Release date: December 17, 2025

  • No changes for this module in this version.