Changelog
Release Meridian-2024.1.6
Release 2024.1.6 contains a couple of security updates, bug fixes and enhancements.
Bug
-
Grafana reports endpoint failure (Issue NMS-16367)
-
Version in about page points to invalid release notes (Issue NMS-16482)
-
Installation instructions are broken and show an unresolved variable (Issue NMS-16490)
-
Search does not return any results for Asset Search string Meridian 2024.1.3 (Issue NMS-16510)
-
Test case failures
org.opennms.features.newts.converter.
numeric value is NaN (Issue NMS-16936) -
Test case failures: The markup in the document preceding the root element must be well-formed (Issue NMS-16949)
-
Logging in TcpListener in Eventd is done with a foreign class (Issue NMS-16951)
Task
-
Replace babel/polyfill with core-js 3 (foundation-2021 branch) (Issue NMS-16477)
-
Update dnsjava to version 3.6.0 if applicable (Issue NMS-16506)
-
Update proton-j to 0.34 or latest for OSGI (Issue NMS-16549)
-
Resolve jsoup version discrepancy seen in the dependency graph (Issue NMS-16552)
-
Update Snakeyaml for indirect dependencies (Issue NMS-16570)
-
Update linux UBI version to address security vulnerabilities (Issue NMS-16587)
-
Update product name version properties on meridian (Issue NMS-16947)
Release Meridian-2024.1.5
Release Meridian-2024.1.4
Release 2024.1.4 contains a bunch of bug fixes and an enhancement.
Bug
-
Meridian 2024 passwordGate page shows up incorrectly (Issue NMS-16484)
Task
-
Alarm Resync (Issue NMS-16489)
-
Update to Netty 4 (Issue NMS-16496)
-
Update pgjdbc to version 42.5.5 (Postgres sql JDBC driver) (Issue NMS-16503)
-
Update forked version of nekohtml parser to `>= 1.9.22.noko2`version of Nokogiri if applicable (Issue NMS-16504)
-
Update Apache CXF to 4.0.4, 3.6.3 or 3.5.8 to fix CVE-2024-28752 (Issue NMS-16505)
Release Meridian-2024.1.2
Release 2024.1.2 contains an enhancement and a couple of bug fixes.
Task
-
Stalled threads in telemetryd parser (Issue NMS-16243)
Bug
-
Cross-Frame Scripting-CWE ID : 1021 Web scan vulnerability (Issue NMS-16369)
-
Address CVE-2020-15522 (Issue NMS-16384)
-
Querying Alarms by alarmId leads to a page that loses context on refresh (Issue NMS-16417)
-
Stored XSS on "MIB Compiler" (Issue NMS-16444)
-
Stored XSS on "Scheduled Outages" (Issue NMS-16445)
-
Missing Access Control on "Grafana Endpoints" (Issue NMS-16446)
-
Missing Access Control on "Geocoder Configuration" (Issue NMS-16447)
-
Stored XSS on "Node Label" (Issue NMS-16448)
-
Detailed server configuration in the error (Issue NMS-16449)
Release Meridian-2024.1.1
Release 2024.1.1 contains an enhancement to clean up the dependencies in Sentinel.
Enhancement
-
Audit multi-version dependencies in Karaf (Sentinel Proof-of-Concept) (Issue NMS-16294)
Release Meridian-2024.1.0
Release 2024.1.0 is the first of the Meridian 2024 series, based on Horizon 33 and incorporating work done in that series and in Horizon 32.
Enhancement
-
Remove image-related defaults from Docker container makefile (Issue NMS-13583)
-
Add documentation for SELinux as a requirement to run OpenNMS (Issue NMS-14210)
-
Include Minion version on "Manage Minions" page (Issue NMS-14493)
-
Dependabot: leaflet from 1.7.1 to 1.8.0 (Issue NMS-14584)
-
Error compiling Cisco MIB (Issue NMS-14640)
-
Make the cloud connect plugin available in container images (Issue NMS-15012)
-
Data collection and graph definitions for provisiond performance (Issue NMS-15018)
-
Update docs to include RHEL 9 install instructions (Issue NMS-15147)
-
Test and Document Support for PostgreSQL 15 (Issue NMS-15151)
-
Make the ALEC plugin available in container images (Issue NMS-15349)
-
Make the Cortex TSS plugin available in container images (Issue NMS-15350)
-
Smoke test improvements and small tweaks to help developers (Issue NMS-15387)
-
Document the asynchronous datacollection engine (Issue NMS-15737)
-
Update install script to clear Karaf cache (Issue NMS-16226)
-
Add option to import-requisition command to block until import is done (Issue NMS-16343)
-
Rename User Data Collection feature to Product Update Enrollment (Issue NMS-16353)
-
Configurable option for Kafka Producer CollectionSet buffer size (Issue NMS-16366)
-
Docs page for Info REST service (Issue NMS-16351)
-
Add var-bind section into notification docs (Issue NMS-13273)
-
Provisiond threads description discrepancies (Issue NMS-14766)
-
Metadata DSL: Add metadata interpolation capability onto more threshold fields (Issue NMS-15667)
-
Switch our Docker base to UBI (Issue NMS-15788)
-
Docs: Add install note on DNS resolution (Issue NMS-15792)
-
Extend PageSequenceMonitor to allow basic auth credentials (Issue NMS-15802)
-
Expand BlueCat DNS Data Collection (Issue NMS-15865)
-
Add confd support to Sentinel container (Issue NMS-16149)
-
Docs: Remove deprecated resourcecli section (Issue NMS-16216)
-
Upgrade to latest Karaf 4.3 (Issue NMS-16249)
-
Deprecate VMware 3-5 collection/graphs (Issue NMS-16266)
-
Fix formatting in snmp-graph.properties.d files (Issue NMS-16269)
-
Docs: Update install docs for monitoring database connection (Issue NMS-16286)
-
Update container confd to default Postgres SSL to prefer (Issue NMS-16287)
-
Allow fix-permissions and update-package-permissions scripts to set ownership for customized users (Issue NMS-16406)
Task
-
Geo Map: Add content to the map marker pop up (Issue NMS-13698)
-
Uncontrolled Resource Consumption in Jackson-databind (Issue NMS-15030)
-
CVE in Jolokia 1.3.3 dependency (Issue NMS-15068)
-
CVE-2021-37714 for jsoup (multiple versions) (Issue NMS-15069)
-
Vulnerable JUnit dependency (Issue NMS-15074)
-
RHEL9 installation documentation tab (Issue NMS-15079)
-
Document deviceconfig tftp maximumReceiveSize (Issue NMS-15121)
-
Add flow version table to Flow Introduction (Issue NMS-15158)
-
JAVA_KEYALIAS Variable needs to be updated (Issue NMS-15239)
-
JAVA_KEYSTORE Variable needs to be updated (Issue NMS-15240)
-
JAVA_STOREPASS Variable needs to be updated (Issue NMS-15241)
-
Document the breaking changes done as part of Limit script file locations for GpDetector and ScriptPolicy (Issue NMS-15288)
-
Release notes / wart: ALEC not installable on M2023.1.0 / H31.0.4 Sentinel (Issue NMS-15403)
-
Release notes / wart: dual-write TS delay on startup (Issue NMS-15404)
-
Release notes / wart: Geo map alarms and ROLE_REST (thank Ricardo Monteiro for the report) (Issue NMS-15406)
-
Metadata DSL: Elasticsearch Integration (Issue NMS-15752)
-
Update UI for Admin password change prompt (Issue NMS-15780)
-
Create Initial Node Structure Page (Issue NMS-16037)
-
Update UI dependencies to latest Vue3, feather, etc. (Issue NMS-16045)
-
Node structure page: Union/Intersection category filter switch (Issue NMS-16058)
-
Node structure: add unit tests (Issue NMS-16060)
-
Structured Node List: Add smoke test (Issue NMS-16061)
-
Structured node list: Export CSV/XLS (Issue NMS-16064)
-
Unzip command is missing from UBI images (Issue NMS-16087)
-
Convert Menu store to pinia (Issue NMS-16092)
-
Structured node list: UX Updates (Issue NMS-16103)
-
Structured node list: handle legacy query strings (Issue NMS-16116)
-
Structured node list: UX updates Part 2 (Issue NMS-16123)
-
Structured node list: Merge feature branch to develop (Issue NMS-16124)
-
Convert NodeStructure store to pinia (Issue NMS-16125)
-
Node structure: Add management IP address (Issue NMS-16126)
-
Node structure: Make preferences persistent (Issue NMS-16130)
-
Convert Node store to pinia (Issue NMS-16136)
-
Update Vue UI README with dev workflow instructions (Issue NMS-16142)
-
Convert more stores to pinia (Issue NMS-16144)
-
Convert auth, usageStats and other stores to pinia (Issue NMS-16154)
-
Convert deviceStore etc to pinia, remove vuex from project (Issue NMS-16156)
-
DOCS: Document structured node list (Issue NMS-16210)
-
Docs: Remove reference to 'opennms-cloud-plugin' plugin (Issue NMS-16231)
Bug
-
Missing /run/opennms on Ubuntu (Issue NMS-14650)
-
RRD persistence with default configs in our Horizon OCI points to wrong libjrrd2.so (Issue NMS-14778)
-
Chrome/Edge Web Browser : Geographical Map Node Counters are wrong (Issue NMS-14792)
-
OpenNMS opennms start fails on Ubuntu (Issue NMS-14838)
-
Multiple stored and reflected XSS in webapp (Issue NMS-14854)
-
horizon.oci contains more than one container image (Issue NMS-14896)
-
Regression: install script fails if an OpenNMS directory contains root-owned lost+found directory (Issue NMS-14919)
-
Form Resubmission From Cache (Issue NMS-14933)
-
XML Entity Expansion Injection in geolocation API (Issue NMS-14988)
-
Remove reference to remote pollers (Issue NMS-15017)
-
RHEL9/CentOS9/Rocky 9 need chkconfig package to enable service properly (Issue NMS-15093)
-
Default limit of 10 is not working for event queries (Issue NMS-15123)
-
Flows adapters don’t start on Sentinel running as a container. (Issue NMS-15161)
-
Jetty context startup failures are not clearly communicated to the user (Issue NMS-15179)
-
CVE-2017-7504 for javassist 3.18.2-ga and 3.19.0-ga (Issue NMS-15191)
-
CVE-2017-7504 for jboss-logging 3.1.0.cr2 (Issue NMS-15192)
-
CVE-2014-2228 for org.restlet 1.1.10 (Issue NMS-15193)
-
CVE-2019-13990 for quartz 2.2.3 (Issue NMS-15194)
-
CVE-2022-45047 for sshd-sftp 2.5.1 (Issue NMS-15195)
-
CVE-2021-21342 and 7 others for xstream 1.4.11.1 (Issue NMS-15196)
-
CVE-2014-9970 for jasypt 1.9.0 (Issue NMS-15197)
-
CVE-2021-33813 for jdom2 2.0.6 (Issue NMS-15198)
-
CVE-2022-40149 and CVE-2022-40150 for jettison 1.3.8 (Issue NMS-15199)
-
CVE-2016-5725 for jsch 0.1.51 (Issue NMS-15200)
-
CVE-2022-3171 for protobuf-java 3.16.1 (Issue NMS-15201)
-
CVE-2018-17187 for proton-j 0.14.0 (Issue NMS-15202)
-
CVE-2017-15288 and CVE-2020-7907 for scala-library 2.11.0 and 2.12.12 (Issue NMS-15203)
-
CVE-2020-13936 for velocity 1.7 (Issue NMS-15204)
-
CVE-2020-11988 for xmlgraphics-commons 1.4 (Issue NMS-15205)
-
Update docs TOC to include missing notification commands file (Issue NMS-15266)
-
Meridian 2023 old UI pages have Horizon Logo (Issue NMS-15281)
-
NPE in karaf.log when parallel TSDB writes enabled (Issue NMS-15282)
-
Poor contrast in navigation menu of OG UI (Issue NMS-15283)
-
Styling of Feather / Vue UI in Meridian does not match OG UI (Issue NMS-15284)
-
Stealing Cookies using Reflected XSS via graph results (Issue NMS-15292)
-
Sanitize request parameters in outage/list.htm (Issue NMS-15294)
-
Plaintext Password Present in the Web logs (Issue NMS-15305)
-
Upgrade Apache Kafka Dependency Beyond 3.2.0 (Issue NMS-15317)
-
RingBufferTimeseriesWriter.destroy can take a long time or hang due to BlockingServiceLookup.lookup in WorkProcessors (Issue NMS-15324)
-
Dead transaction in flow thresholding on sentinel (Issue NMS-15340)
-
Regular requisition editor empty state incorrectly names external requisitions (Issue NMS-15347)
-
When we fail to start up, we don’t exit with a non-zero exit code so failures cannot be properly reflected in containers (Issue NMS-15386)
-
ALEC plugin dependency update (Issue NMS-15391)
-
DroolsAlarmContext error - alarm facts out of sync (Issue NMS-16208)
-
Running the config-tester -a throws an IllegalStateException for ActiveMQ context (Issue NMS-16355)
-
CVE-2024-3094 investigation (Issue NMS-16396)
-
Container image build fails with a wrong reference to deploy-base:ubi9-3.3.0.b265-jre-17 (Issue NMS-16399)
-
Hikari CP leaking threads (Issue NMS-16345)
-
LdapMonitor does not work when a Minion is the poller (Issue NMS-16349)
-
The script showing the Karaf process status in our container image requires "ps" (Issue NMS-16356)
-
VMware credentials exposed in provisiond log file (Issue NMS-16357)
-
Collectd can’t persist time series data and throwing a NPE with "java.util.List.size()" because "rraList" is null (Issue NMS-16358)
-
Issue installing on Debian 11 Reported by Customer (Issue NMS-16309)
-
Missing information in downtime model docs (Issue NMS-10133)
-
R-Core fails to install following the Horizon 30 Install Docs (Issue NMS-14777)
-
Surveillance Dashboard shows acknowledged Alarms (Issue NMS-15448)
-
Access Denied when deleting a node with admin user (Issue NMS-15746)
-
Typo in Configuring Minion via confd README (Issue NMS-15901)
-
"Dismiss" in Usage Statistics Sharing Notice is misleading (Issue NMS-16027)
-
Links in node table open both in current tab and in a new tab (Issue NMS-16047)
-
Fix Geographical Map after vue-leaflet upgrade (Issue NMS-16065)
-
Top of page search displays 'Show nodes with severity' multiple times (Issue NMS-16067)
-
Device config upload failed with org.apache.sshd.common.SshException: EdDSA provider not supported (Issue NMS-16131)
-
Data choices plugin throws a NPE when user clicks on show collected data. (Issue NMS-16151)
-
Event parameters with
<>
not rendering in event/alarm views (Issue NMS-16157) -
Users with ROLE_READONLY can add, modify, and delete alarm memos (Issue NMS-16162)
-
Docs: Meridian plugins reference wrong package names (Issue NMS-16164)
-
Fix resource types for default Postgres collection (Issue NMS-16165)
-
Service detail page displays wrong collectd package (Issue NMS-16167)
-
enlinkd logging hibernate errors (lack of unique index) (Issue NMS-16199)
-
Zookeeper 3.4.6 version mismatch in Meridian 2021 (Issue NMS-16209)
-
upgrade ActiveMQ to latest 5.15.x (Issue NMS-16218)
-
Documentation build failing: cannot find antora/xref-validator (Issue NMS-16227)
-
Node structure: fix sorting (Issue NMS-16246)
-
OpenConfig Connector parameter frequency in incorrect unit (Issue NMS-16253)
-
Container flag
-t
does not pass correct arguments (Issue NMS-16265) -
Cortex plugin does not start automatically (Issue NMS-16272)
-
PostgreSQL monitor url parameter metadata PostgreSQL monitor url parameter metadata cannot be resolved properly and collection fails consequently (Issue NMS-16374)
-
Unable to display varbind’s form feed characters and other control characters in events (Issue NMS-16395)
Story
-
Revive PoweredBy section in new docs (Issue NMS-14703)
-
Modify foreign source in HeartbeatConsumer to ignore docker interfaces and detect SNMP agent (Issue NMS-14855)
-
SNMP Community retrieval through SCV on Minion (Issue NMS-15008)
-
Add JSON support (in additional to GBP) to the Kafka producer for flows (Issue NMS-15027)
-
Backport deploy-base update from develop to release-31.x (upgrades JRE minor version, adds vim-tiny, less) (Issue NMS-15046)
-
Add KPI for Appliance count by model (Issue NMS-15051)
-
Velocloud plugin 1.0 is compatible with Meridian 2023 (Issue NMS-15138)
-
ALEC 3.0 is compatible with Meridian 2023 (Issue NMS-15139)
-
Cortex TSS plugin 2.0.1 is compatible with Meridian 2023 (Issue NMS-15140)
-
Cloud services connector plugin is compatible with Meridian 2023 (Issue NMS-15141)
-
Geo Map node groups should split into individual markers (Issue NMS-15150)
-
Distributed IPC mechanisms all work in Meridian 2023 (Issue NMS-15223)
-
Accessibility testing for rebranded Meridian 2023 UI (Issue NMS-15224)
-
Penetration testing for Meridian 2023 (Issue NMS-15225)
-
Meridian container images are signed (Issue NMS-15341)
-
Metadata DSL: Documentation for Metadata DSL updates (Issue NMS-15774)
-
Document change in login password behaviour (Issue NMS-15775)
-
Smoke test for Admin password change (Issue NMS-15866)
-
Admin Password Change: UX Review and Updates (Issue NMS-15867)
-
Admin Password Change: Merge to develop (Issue NMS-15868)
-
User is redirected to landing page after password change is done (Issue NMS-16036)
-
Use pinia instead of vuex in Vue UI (Issue NMS-16043)
-
Add pinia stores to UI but do not yet activate them (Issue NMS-16068)
-
Metadata DSL: Persist poller parameters as meta data (Issue NMS-16146)
-
Node structure: more query params (fs:fid, snmp, sys) (Issue NMS-16197)
-
Remove plugin 'opennms-cloud-plugin' from installation (Issue NMS-16219)
-
Geo Map: enable user-defined map to be the default one (Issue NMS-16229)
-
DOCS: Document Geographical Map user-defined map (Issue NMS-16230)
-
Add node-gyp to fix CircleCI build-ui errors (Issue NMS-16242)
-
News Feed: UI Panel and REST Service (Issue NMS-16282)
-
Web UI for User Data Collection (Issue NMS-16283)
-
User Data Collection: Database / Rest / CM work (Issue NMS-16284)
New Feature
-
Metadata DSL: VMware Integration (Issue NMS-15753)
-
Metadata DSL: WSMAN Integration (Issue NMS-15754)
-
Metadata DSL: TL1D Integration (Issue NMS-15755)
-
Metadata DSL: JMX Data-collection (Issue NMS-15756)
-
Metadata DSL: XML Data-collection (Issue NMS-15757)
-
Metadata DSL: HTTP/HTTPS Data-collection (Issue NMS-15758)
-
Metadata DSL: Notification Credentials (Issue NMS-15759)
-
Metadata DSL: Ticketer Plugins (Issue NMS-15760)
-
Metadata DSL: Trapd Configuration (Issue NMS-15761)
-
Metadata DSL: JCIFS Monitor (Issue NMS-15762)
-
Metadata DSL: IFTTT Configuration (Issue NMS-15763)
-
Metadata DSL: Repository Configuration (Issue NMS-15764)
-
Metadata DSL: [OPTIONAL] Consistent *-config.xml Configurations (Issue NMS-15765)
-
Metadata DSL: Evaluate feasability to support metadata in Drools rules (Issue NMS-15766)
-
Metadata DSL: Change default poller and collectd configuration files to reflect ability to use metadata (Issue NMS-16016)
-
Metadata DSL: snmp-config.xml & SNMP Profiles (Issue NMS-16028)
-
Metadata DSL: change default opennms-datasources.xml to reflect the possibility of using metadata (Issue NMS-16029)
-
OpenShift: Document the impact of disabling allowPrivilegeEscalation (Issue NMS-16239)
-
Update wording to Product Update Sign Up (Issue NMS-16352)