Changelog

Release 32.0.6

Release 32.0.6 contains a bunch of changes including UI cleanups, a number of access/role fixes, and other bug fixes, plus a ton of documentation updates and a new feature to show news and tips from an RSS feed in the UI.

The codename for Horizon 32.0.6 is Breakcore.

Bug

  • Missing information in downtime model docs (Issue NMS-10133)

  • R-Core fails to install following the Horizon 30 Install Docs (Issue NMS-14777)

  • Surveillance Dashboard shows acknowledged Alarms (Issue NMS-15448)

  • Access Denied when deleting a node with admin user (Issue NMS-15746)

  • Event parameters with <> not rendering in event/alarm views (Issue NMS-16157)

  • Users with ROLE_READONLY can add, modify, and delete alarm memos (Issue NMS-16162)

  • Events: filter and advanced search / method GET is not supported (Issue NMS-16232)

  • VmwareCimMonitor/VmwareCimCollector not working anymore (Issue NMS-16236)

  • OpenConfig Connector parameter frequency in incorrect unit (Issue NMS-16253)

  • Container flag -t does not pass correct arguments (Issue NMS-16265)

  • OpenConfig server logs invalid sample interval unit ?s when frequency is set to 4 digits or higher (Issue NMS-16280)

  • LegacyDatetimeFormatterTest.testParse fails to parse date time when locale is set to en_CA-UTF-8 (Issue NMS-16288)

Enhancement

  • Add command to Karaf shell to manually trigger Metadata Adapter (Issue NMS-13922)

  • Karaf command to display event details (Issue NMS-15130)

  • Add debug logging to SNMP Property Extenders on match failure (Issue NMS-15743)

  • Remove plugin 'opennms-cloud-plugin' from installation (Issue NMS-16219)

  • Update install script to clear Karaf cache (Issue NMS-16226)

  • Docs: Remove reference to 'opennms-cloud-plugin' plugin (Issue NMS-16231)

  • OpenShift: Document the impact of disabling allowPrivilegeEscalation (Issue NMS-16239)

  • RSS Feeds Panel showing OpenNMS Blog content (Issue NMS-16250)

  • Document RSS feature (Issue NMS-16255)

  • Docs: Create documentation on how to create graph definitions (Issue NMS-16258)

  • News Feed: UI Panel and REST Service (Issue NMS-16282)

  • Docs: Update install docs for monitoring database connection (Issue NMS-16286)

  • Update container confd to default Postgres SSL to prefer (Issue NMS-16287)

Release 32.0.5

Release 32.0.5 contains a bunch of security updates to Drools, Hibernate, Jetty, and more, plus a number of other bug fixes and a slew of documentation updates.

The codename for Horizon 32.0.5 is Deep Swedish Rock.

Enhancement

  • BMP docs could use some TLC (Issue NMS-13891)

  • Provisiond threads description discrepancies (Issue NMS-14766)

  • OpenShift: Documentation (Issue NMS-16108)

  • Backport Drools 8.x to foundation 2023 to address a couple of CVEs (Issue NMS-16179)

  • Integrate hibernate-core related patch from Debian (Issue NMS-16181)

  • Version bump of json for CVE-2023-5072 (Issue NMS-16191)

  • Version bump of jetty to 9.4.53 version (Issue NMS-16192)

  • Bump to the latest netty 4 version (Issue NMS-16193)

  • Version bump of snappy java (Issue NMS-16194)

  • Docs: Remove deprecated resourcecli section (Issue NMS-16216)

  • Post install/upgrade instructions on how to join OpenNMS Community (Issue NMS-16213)

Bug

  • Local Geo Map (using gwt.openlayers.url) working in version 29.0.1 is not anymore in 31.0.3-1 (Issue NMS-15400)

  • Access Denied when deleting a node with admin user (Issue NMS-15746)

  • Map dashlet for Ops Boards references old map systems (Issue NMS-16044)

  • Reports → Chart page does not load graphs (Issue NMS-16085)

  • Event parameters with <> not rendering in event/alarm views (Issue NMS-16157)

  • Add Basic Auth to OpenConfig gNMI for Call Credentials (Issue NMS-16158)

Release 32.0.4

Release 32.0.4 contains documentation updates as well as a number of bug fixes and enhancements including Sentinel fixes, improvements to running in containers, metadata support improvements, and some other small changes.

The codename for Horizon 32.0.4 is Classic Eurovision.

Bug

  • login.jsp page is still visible/accessible after being authenticated by pre-authentication (Issue NMS-14078)

  • Fix Event documentation formatting (Issue NMS-15603)

  • Sentinel depends on unpackaged /opt/sentinel/etc/datacollection-config.xml (Issue NMS-15695)

  • Container ignores environment variable OPENNMS_DATABASE_CONNECTION_MINPOOL or confd opennms/database/connection/minpool configuration (Issue NMS-16141)

  • Postgres error when creating a database from source database template1 (Issue NMS-16143)

  • Container’s java binary is missing cap_net_raw capability (Issue NMS-16145)

  • SENTINEL_HOME points to wrong location in fix-permissions (Issue NMS-16159)

  • Update Core confd database with new schema (Issue NMS-16163)

Enhancement

  • Basic BMP Setup (Issue NMS-13893)

  • BMP set up with Minion (Issue NMS-13894)

  • BMP Setup with Sentinel (Issue NMS-13895)

  • Quick install script for first time evaluator and training (Issue NMS-14811)

  • Expand flow thresholding documentation (Issue NMS-15276)

  • Add link to configure SNMP Community strings from node admin page (Issue NMS-15772)

  • Make pool size configurable per data source. (Issue NMS-16051)

  • Monitored Service Rest API Updates for OPG (Issue NMS-16160)

  • opennms-js updates for Monitored Services for OPG (Issue NMS-16161)

  • Metadata DSL: Add effective values of service parameters in Karaf poll command (Issue NMS-16119)

  • Add language to docs for how to find schema to Kafka Producer (Issue NMS-16133)

  • Remove availability monitor content from documentation (Issue NMS-16135)

  • Migrate Tl1 docs from wiki (Issue NMS-16150)

Release 32.0.3

Release 32.0.3 contains a bunch of documentation updates, as well as a number of bug fixes and enhancements including improvements to the Karaf core startup, polling and node search fixes, IPv6 support in ILR, and a fix for loading the Cortex timeseries plugin.

The codename for Horizon 32.0.3 is Acid Techno.

Enhancement

  • documentation enhancement for discard-uei (Issue NMS-3552)

  • BMP Introduction (Issue NMS-13892)

  • newts set OPENNMS_CASSANDRA_DC using template (Issue NMS-16025)

  • Minion Container Documentation updates (Issue NMS-16088)

  • Update help text on import-requisition Karaf command (Issue NMS-16100)

  • Docs are missing a ValueMappingPropertyExtender example (Issue NMS-16106)

Bug

  • Intermittent error starting Telemetryd: No adapter found for class: org.opennms.netmgt.telemetry.protocols.netflow.adapter.netflow5.Netflow5Adapter (Issue NMS-15345)

  • Polling fails when rrd-status is set to true (Issue NMS-15806)

  • Provisioning policies do not apply (Issue NMS-16031)

  • Prevent Invalid Node Filter Search from revealing SQL query (Issue NMS-16057)

  • Unable to install alarm history feature on Kubernetes (Issue NMS-16070)

  • Minion and Sentinel just run with Java 1.8 - 11.x instead 11 to 17 (Issue NMS-16090)

  • Cortex-tss-plugin 2.0.1 does not work on v32 (Issue NMS-16104)

  • Update Instrumentation Log Reader to parse IPv6 addresses (Issue NMS-16114)

Release 32.0.2

Release 32.0.2 contains several important security fixes, one fix for a potential DOS vulnerability, and a handful of general bugfixes and enhancements.

Thanks to the following researchers for responsibly disclosing security issues in this release:

  • Moshe Appelbaum reported issue NMS-15699.

  • Jordi Morales reported issues NMS-15703, NMS-15782, and NMS-15783.

  • OSS Fuzz reported issue NMS-15877.

The codename for Horizon 32.0.2 is Anime Lo-fi.

Breaking changes

  • This release removes the "3d" variation from the JFreeChart integration, because that style has been removed upstream.

Bug

  • Document the function hiding Meta-Data values with keynames containing "password" or "secret" (Issue NMS-12808)

  • Prevent Angular evaluation of strings enclosed by two curly braces in non-Angular form-fields and output (Issue NMS-15504)

  • backport fixes from Spring Security 5.x to custom Spring Security 4.2.20.RELEASE (Issue NMS-15663)

  • XXE injection via  /rtc/post using the default rtc credentials (Issue NMS-15699)

  • ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users (Issue NMS-15703)

  • Stored XSS in multiple JSP files in opennms/opennms (Issue NMS-15782)

  • Reflected XSS in multiple JSP files in opennms/opennms (Issue NMS-15783)

  • POSTINSTALL scriptlet may fail if data/tmp/ is present but empty (Issue NMS-15809)

  • PostgreSQL shows too many clients error with a minimal setup (Issue NMS-15852)

  • java.lang.ArrayIndexOutOfBoundsException: Index 0 out of bounds for length 0 at org.opennms.netmgt.timeseries.samplewrite.MetaTagDataLoader.getNodeCriteriaFromResource(MetaTagDataLoader.java (Issue NMS-15854)

  • Kafka Producer incapable of using SSL (Issue NMS-15859)

  • Fix incorrect resource types for F5 datacollection (Issue NMS-15862)

  • Build fails due to binary file filtered resource copy (Issue NMS-15869)

  • Corrected Keystore setup instructions for minion on docker (Issue NMS-16017)

  • OpenNMS Search Bar does not retrieve nodes without foreignsource and foreignid (Issue NMS-16030)

  • Error on startup with Invalid CEN header exception (Issue NMS-16034)

Story

  • Provide option to disable Kafka Offset Provider (Issue NMS-15336)

  • Document additional details for BMP integration (Issue NMS-15853)

Enhancement

  • Improve Kafka section of message broker docs in the deployment section (Issue NMS-15632)

  • Disable BeanShell interpreter remote server mode (Issue NMS-15793)

  • Include Node metadata in Measurement API query responses even if no resource data exists (Issue NMS-15839)

  • Extend filter syntax to include isSnmpPrimary (Issue NMS-15842)

  • Add docs to describe the default RRD storage retention (Issue NMS-16033)

Task

  • Document the note to increase the maximum connection when pool size is increased (Issue NMS-16050)

Release 32.0.1

Horizon 32.0.1 includes several general bug fixes and documentation improvements.

The codename for Horizon 32.0.1 is A Cappella.

Bug

  • Database threads stuck idle_in_transaction (Issue NMS-15108)

  • Use UNKNOWN direction when not set in Netflow 9 or IPFIX template (Issue NMS-15134)

  • Minion connectivity config docs start the user in the wrong directory (Issue NMS-15618)

  • Docs need an update on what a Minion is able to do (Issue NMS-15620)

  • Various corrections/clarifications needed in Sentinel install/configure docs (Issue NMS-15708)

  • Memory leak when using Groovy scripts in provisiond ScriptPolicy (Issue NMS-15798)

  • Polling fails when rrd-status is set to true (Issue NMS-15806)

  • ALEC stopped working in 32.0.0 (Issue NMS-15808)

  • Database deadlock triggered by NodeRestService (Issue NMS-15816)

  • Some services do not persist the status (Issue NMS-15820)

Enhancement

  • Update to alarm docs (Issue NMS-15584)

  • Update Minion Docker install keystore instructions (Issue NMS-15803)

Release 32.0.0

Horizon 32 features a slew of bug fixes and a number of major improvements, most notably the introduction of JDK17 support, and a major uplift in the Newts backend.

The codename for Horizon 32.0.0 is Cavernous Death Metal.

Enhancement

  • Add lldpRemLocalPortNum in LldpLink Table (Issue NMS-7775)

  • dependabot: JasperReports from 6.3.0 to 6.20.0 (Issue NMS-14588)

  • Enhanced Linkd supports Network-Routers Map (Issue NMS-14678)

  • Destination Path Test Button (Issue NMS-14692)

  • Node Properties REST endpoint doesn’t include asset location data (Issue NMS-14785)

  • fix/re-merge additional changes to password validation (Issue NMS-14898)

  • Provide a method to verify topology capability (Issue NMS-14909)

  • Special-case CounterBasedGauge64 in MIB compiler (Issue NMS-15210)

  • Remove contrib from OpenNMS (Issue NMS-15268)

  • Upgrade Groovy to 3.x (Issue NMS-15315)

  • Create an Apache mina-sshd based ssh client service poller. (Issue NMS-15431)

  • Add a method for finding and clearing alarms by TTicketID to OPA’s AlarmDAO (Issue NMS-15439)

  • Upgrade Spring Security (Issue NMS-15506)

  • Doc: PersistRegexSelectorStrategy only works on string attributes (Issue NMS-15595)

  • Enable AmbientCapabilities=CAP_NET_RAW CAP_NET_BIND_SERVICE in shipped opennms.service systemd file (Issue NMS-15596)

  • Remove legacy lsb info from Minion initialization script (Issue NMS-15604)

  • Asynchronous polling engine (Issue NMS-15623)

  • Update documentation (or implementation) for newer Slack API (Issue NMS-15652)

  • Make usage statistics sharing notice dialog non-modal (Issue NMS-15677)

  • Docs: Add info about XSLT to XmlCollector (Issue NMS-15693)

  • Doc: Update DNS provisioning import adapter docs (Issue NMS-15694)

  • KSC report "details" should go directly to the related graph, rather than "all" (Issue NMS-15711)

  • Add more collection for selfmonitor node out of box (Issue NMS-15742)

Task

  • TrivialTimeMonitor & detector (Issue NMS-11063)

  • Rework NMS0123EnIT test (Issue NMS-14743)

  • Multiple CVEs for Axis 1.4 (Issue NMS-15061)

  • Make test for Admin page footer Copyright year (Issue NMS-15220)

  • Fix coverage test containers after we resolve NMS-15401 (Issue NMS-15444)

  • Poll Status History: Enable Poll Status RRD for all services (Issue NMS-15641)

  • Poll Status History: Change documentation to reflect the changes (Issue NMS-15642)

  • Poll Status History: Add RRD graph definitions for all services in a default poller-configuration.xml (Issue NMS-15643)

  • Document async polling settings (Issue NMS-15680)

  • Update docs to capture additional details on BMP config (Issue NMS-15713)

  • Tweak usage statistics sharing notice copy (Issue NMS-15740)

  • Call out usage statistics consent changes in Horizon 32.0.0 release notes (Issue NMS-15796)

Bug

  • Multiple OpenNMS feature stop working when the Events Forwarder cannot push content to Elasticsearch (Issue NMS-13019)

  • rest api wrong LinkdTopologyProvider graphs (Issue NMS-14329)

  • Inconsistent references to JMXCollect/Monitor for "password-clear"/"password_clear" (Issue NMS-14884)

  • Docker images for Horizon 30.0.4 and later no longer have an editor or a modern pager (Issue NMS-14946)

  • CVE-2014-2228 for org.restlet 1.1.10 (Issue NMS-15193)

  • Page footer missing from Feather / Vue UIs (Issue NMS-15262)

  • Dead transaction in flow thresholding on sentinel (Issue NMS-15340)

  • Event Datetime element parsing changed between M2018 and M2021 (Issue NMS-15471)

  • Backshift graph’s Data tab shows incorrect / phantom data when using STACK (Issue NMS-15495)

  • Status Overview box calculation included the alarms and outages from nodes outside of the assigned categories (Issue NMS-15526)

  • When upgrading Minion from an older version on RHEL based systems, the service file doesn’t point to the main installation, but rather to /etc/init.d/minion which doesn’t exist (Issue NMS-15600)

  • When upgrading Sentinel from an older version, the service file doesn’t point to the main installation, but rather to /etc/init.d/sentinel which doesn’t exist (Issue NMS-15601)

  • send-events-to-elasticsearch karaf command passes username/password in reverse (Issue NMS-15638)

  • Doc: File name syslog-grok-patterns.txt is wrong (Issue NMS-15684)

  • Stop packaging activemq-web-console.war (Issue NMS-15686)

  • Database deadlock caused by JdbcFilterDao (Issue NMS-15696)

  • Karaf SSH locks up if connections are terminated improperly (Issue NMS-15714)

  • Vue menubar logo link should go to 'homeUrl' (Issue NMS-15721)

  • https redirection is partially broken (Issue NMS-15732)

  • Startup taking > 10 minutes on fresh 32.0.0-SNAPSHOT builds (Issue NMS-15751)

  • Docs need updating to include support for Kafka 3 (Issue NMS-15777)

  • Add /usr/lib64/jvm to find-java.sh search paths (Issue NMS-15784)

Research

  • Investigate using trivy to scan containers (Issue NMS-14781)

Story

  • New REST endpoint provides textual description given a top-level usage statistics KPI key name (Issue NMS-15476)

  • Data choices modal dialog removed from first admin user login (Issue NMS-15478)

  • New usage statistics sharing notice dialog (Issue NMS-15479)

  • Usage Statistics Sharing UI (Issue NMS-15481)

  • Data Choices link removed in favor of Usage Statistics Sharing UI (Issue NMS-15482)

  • Data Choices modal dialog removed entirely (Issue NMS-15483)

  • Fresh installs assume usage statistics sharing consent (Issue NMS-15485)

  • Usage statistics sharing UI includes control to revoke sharing consent (Issue NMS-15486)

  • Docs explicitly state that statistics sharing consent is assumed and how to revoke it (Issue NMS-15490)

  • Official documentation describes how to uninstall and block "datachoices" feature (Issue NMS-15491)

  • Existing opted-out installs stay opted out of usage statistics sharing (Issue NMS-15492)

  • Existing opted-out installs never show the Sharing Notice Dialog (Issue NMS-15493)

  • Existing opted-out install Usage Statistics Sharing UI behaves like a revoked install (Issue NMS-15494)

  • Upgrade to Newts 3.0.0 (Issue NMS-15514)

  • Native support for Holt-Winters forecast (no dep on R) (Issue NMS-15622)

  • Review and adjust default and example startup settings (Issue NMS-15635)

New Feature

  • update opennms build and runtime to support JDK17 (Issue NMS-15609)