Release Meridian-2022.1.3

Release 2022.1.3 contains a number of security dependency updates, plus a bunch of other bug fixes and documentation improvements.

While the dependency changes should not affect how the OpenNMS runtime works, this release contains a larger than usual number of changes to "plumbing" to facilitate these dependency updates. We strongly recommend that you do more than the usual amount of testing before deploying this update to a production environment.

The codename for Meridian 2022.1.3 is Microscopium.


  • install script fails if an OpenNMS directory contains root-owned lost+found directory (Issue NMS-14032)

  • Provisiond Fails to Start when wrong data is successfully POSTed via REST to hardwareInventory endpoint (Issue NMS-14085)

  • Grafana box renders raw JS when Grafana behind reverse proxy with SSO (Issue NMS-14109)

  • CVE-2022-22965: Spring RCE in Data Bindings (Issue NMS-14134)

  • Minions Trapd Listener Fails to Bind to udp/162 when broker is down (Issue NMS-14148)

  • Fix formatting in alarmd documentation (Issue NMS-14182)

  • Dependabot: update Vaadin to the latest 8.x (Issue NMS-14192)

  • Upgrade groovy-all dependency (Issue NMS-14208)

  • make sure license-maven-plugin is re-enabled in foundation and release branches (Issue NMS-14217)

  • Upgrade jackson-mapper-asl dependency (Issue NMS-14252)


  • Basic upgrade procedure (Issue NMS-13971)

  • Document housekeeping tasks before upgrade (Issue NMS-13972)

  • Cleanup Ticketer docs formatting (Issue NMS-14172)

  • Expand XmlCollector documented parameters (Issue NMS-14256)

  • Restructure Collector docs file path (Issue NMS-14258)

Release Meridian-2022.1.2

Release 2022.1.2 contains bunch of bug fixes and enhancements.

The codename for Meridian 2022.1.2 is Piscis Austrinus.


  • Documentation for all pollers misses RRD config parameter (Issue NMS-11747)

  • Enlinkd API response extremely slow for some nodes (Issue NMS-13507)

  • Resolve SonarCloud High priority Security Hotspots (Issue NMS-14002)

  • Can’t set capabilities in Minion systemd unit (Issue NMS-14016)

  • Scriptd helpers ignore community setting (Issue NMS-14045)

  • Wrong wiki URL in debian installer (Issue NMS-14053)

  • Build from source documentation needs a minor correction (Issue NMS-14088)

  • Hostname command is missing when running in a container (Issue NMS-14100)

  • Fix for NMS-13887 did not make it to Core (Issue NMS-14117)

  • Update docs for binding ports <1024 (Issue NMS-14162)


  • Switch to using a java e-mail library instead of system mail (Issue NMS-14015)

  • Expand newts converter documentation (Issue NMS-14073)

  • Add TcpDetector documentation (Issue NMS-14074)

  • Misspelling in SystemExecuteMonitor error text (Issue NMS-14091)

  • relicense rancid-api to LGPL, change dependency to match (Issue NMS-14093)

  • clean up JAXB dependencies (Issue NMS-14105)

Release Meridian-2022.1.1

Release 2022.1.1 contains a fix for a regression in graph viewing, plus a fix for permissions on the $OPENNMS_HOME/logs directory.

The codename for Meridian 2022.1.1 is Puppis.


  • Upgrading opennms ignores RUNAS when setting ownership on logs directory (Issue NMS-14000)

  • OpenNMS points to the wrong URL when trying to generate graphs (Issue NMS-14057)

Release Meridian-2022.1.0

Release 2022.1.0 is the first of the Meridian 2022 series, based on Horizon 29.

The codename for Meridian 2022.1.0 is Monoceros.


  • opennms user credentials wrongly exposed (Issue NMS-12146)

  • Install script fails when using Azure PostgreSQL Services (Issue NMS-13715)

  • In default installation the ActiveMQ Total Enqueued Messages throw divde error exceptions (Issue NMS-13737)

  • Systemd startup uses legacy SysV init script (Issue NMS-13783)

  • Telemetryd error occurring when testing with hsflowd (Issue NMS-13795)

  • OpenNMS Availability 'Chart' Shouldn’t Include Time Before Connected (Issue NMS-13822)

  • Support → System Report exposes credentials in plain text (Issue NMS-13831)

  • Cross site scripting - Reflected (Issue NMS-13835)

  • TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability (Issue NMS-13845)

  • Password field with autocomplete enabled (Issue NMS-13847)

  • should honor RUNAS (Issue NMS-13881)

  • Remote RMI is broken in 29.0.x (Issue NMS-13887)

  • Unable to modify node/interface/service metadata through requisition after initial synchronization (Issue NMS-13890)

  • Web UI redirects to http even with base-url set to https (Issue NMS-13901)

  • Minion fails to marshall requisition with JAXB error: Class [org.opennms.netmgt.model.PrimaryTypeAdapter] not found (Issue NMS-13927)

  • Prevent REST API from allowing multiple primary SNMP interfaces on a single node (Issue NMS-13939)

  • Unsynchronized access to service factories in TelemetryServiceRegistryImpl (Issue NMS-13961)

  • Instrument Provisiond Thread Pools (Issue NMS-13969)

  • SNMP Detector configuration page excludes useSnmpProfiles and ttl options (Issue NMS-13997)

  • install script fails if an OpenNMS directory contains root-owned lost+found directory (Issue NMS-14032)


  • Upgrade protobuf-java version (Issue NMS-13889)

  • Releases should document third party libraries and their licenses (Issue NMS-14004)

  • Delete BSM window should name the BSM (Issue NMS-14026)