Xymon Mailing List Archive search

Xymon 4.3.19 Released

list Galen Johnson
Tue, 31 Mar 2015 20:53:32 +0000
Message-Id: <user-a6609fc724c2@xymon.invalid>

Thanks, I'll likely just change the definition in the xymon.conf file to point to the actual physical location when I get a chance to circle back.  I'm just concerned about the security implications for allowing FollowSymLinks for my cgi areas.

=G=

From: J.C. Cleaver <user-87556346d4af@xymon.invalid>
Sent: Tuesday, March 31, 2015 4:51 PM
To: Galen Johnson
Cc: Xymon Mailinglist; Xymon Development
Subject: Re: [Xymon] Xymon 4.3.19 Released

This was a change in 4.3.18, with "cgiwrap" being a replacement for the
original shell script wrappers to mitigate the Shellshock vulnerability.

One option, if you didn't want to add FollowSymLinks would be to store
bin/cgiwrap directly in the cgi-bin,secure-bin directories under the
original wrapper names. To save space, they could be hardlinked to the
same binary on installation.

-jc


On Tue, March 31, 2015 1:25 pm, Galen Johnson wrote:
Have the contents of cgi-bin and cgi-secure-bin always been symlinks?  I
don't think so...which means I had to add "FollowSymLinks" to my apache
config file to allow it to work.  I would prefer not to have to set this
on my cgi folders.

=G=
From: Xymon <xymon-bounces at xymon.com> on behalf of J.C. Cleaver
<user-87556346d4af@xymon.invalid>
Sent: Tuesday, March 31, 2015 2:36 AM
To: Xymon Mailinglist
Cc: Xymon Development
Subject: [Xymon] Xymon 4.3.19 Released

Hello,

Xymon 4.3.19 has been released to SF and should be available on a mirror
near you! It can be downloaded from
https://sourceforge.net/projects/xymon/


4.3.19 contains a number of bug fixes and improvements, along with a
several new features.

- a report on all recent acknowledgements is now available
- a specific time range can now be excluded for analysis or alerting
purposes with the EXTIME= directive
- additional filters are available with the "xymondboard" command,
including searching the full body text of a status report
- the last position read in a log file is now indicated on the 'msgs'
status report
- a new 'deltacount' option for counting recent matching lines in a log
file
- improved Windows PowerShell client support

For a full list of changes, see the Changes file inside the tarball.


All users of 4.3.x or earlier versions of Xymon are encouraged to upgrade.


Regards,

-jc