mirror of
https://github.com/Icinga/icinga2.git
synced 2026-07-15 11:51:07 -04:00
Merge branch 'release-v2.16.2' into 'support/2.16'
Release v2.16.2 See merge request packages/security/icinga2!27
This commit is contained in:
commit
cfdf63b633
2 changed files with 20 additions and 1 deletions
19
CHANGELOG.md
19
CHANGELOG.md
|
|
@ -7,6 +7,25 @@ documentation before upgrading to a new release.
|
|||
|
||||
Released closed milestones can be found on [GitHub](https://github.com/Icinga/icinga2/milestones?state=closed).
|
||||
|
||||
## 2.16.2 (2026-06-29)
|
||||
|
||||
This release fixes some critical security vulnerabilities in Icinga 2. Users are advised to upgrade immediately, as two
|
||||
of them allow an unauthenticated attacker to take over or crash the Icinga 2 process over the network. The other
|
||||
security fixes only affect authenticated API users.
|
||||
|
||||
In addition, a new permission named `filter-expression` is introduced, which allows specifying if individual API users
|
||||
are allowed to use DSL filter expressions in API queries. This allows further restricting some API users that don't need
|
||||
this capability, for example, those only submitting individual check results. Due to the incompatibility of this change,
|
||||
enforcement of this permission is opt-in until v2.17; see the
|
||||
[upgrading docs](https://icinga.com/docs/icinga-2/latest/doc/16-upgrading-icinga-2/#upgrading-to-2-16-2) for details.
|
||||
|
||||
* Verify that certificate update requests come from an authorized endpoint ([GHSA-vj39-ww8j-vvx5](https://github.com/Icinga/icinga2/security/advisories/GHSA-vj39-ww8j-vvx5))
|
||||
* Fix stack overflow due to deeply nested data structures ([GHSA-wh38-wg57-5w7g](https://github.com/Icinga/icinga2/security/advisories/GHSA-wh38-wg57-5w7g))
|
||||
* Prevent arbitrary config injection on object creation via the API ([GHSA-jgqj-x5j9-vgcm](https://github.com/Icinga/icinga2/security/advisories/GHSA-jgqj-x5j9-vgcm))
|
||||
* Fix that `/v1/config/files` could send uninitialized memory in case of file I/O errors (#10871)
|
||||
* Add `filter-expression` permission to make it possible to prevent API users from using DSL filter expressions
|
||||
* Windows: Update bundled OpenSSL to v3.5.7 (#10893)
|
||||
|
||||
## 2.16.1 (2026-05-21)
|
||||
|
||||
This is a small release mostly to fix the issues some users were encountering in connection with perfdata writers,
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
Version: 2.16.1
|
||||
Version: 2.16.2
|
||||
Revision: 1
|
||||
|
|
|
|||
Loading…
Reference in a new issue