LTS Patches

We only release patches for Long Time Support (LTS) versions, except for some particular cases where we do so for Regular Rolling Release (RRR) versions. Security patches are developed as soon as possible after the vulnerability is detected.

Patches for LTS versions usually include critical-bug troubleshooting and solutions to security problems.

Bug fixes

Case# GitLab# Description

17097

12909

Fixed monitoring policy creation with pluginserver modules, so that all specified fields are saved in the database.

16084

12401

Fixed failures with negative values in SNMP queries.

Fixed vulnerabilities

Case# GitLab# Description

CVE-2023-41793 Thanks to Aleksey Solovev.

12751

Fixed and prevented the the possibility of hosting files outside the dedicated directory in resource upload for plugins for this purpose. As a result arbitrary code execution on the server is prevented.

CVE-2023-44091 Thanks to Aleksey Solovev.

12752

  • Related: 10902 and 12750

Fixed and avoided the possibility of a timed time attack by SQL injection in PFMS API 1.0.

CVE-2023-44090 Thanks to Aleksey Solovev.

12798

Fixed the possibility of code injection in the corresponding SQL in the extension to connect to Grafana.