LTS Patches
We only release patches for Long Time Support (LTS) versions, except for some particular cases where we do so for Regular Rolling Release (RRR) versions. Security patches are developed as soon as possible after the vulnerability is detected.
Patches for LTS versions usually include critical-bug troubleshooting and solutions to security problems.
Bug fixes
Case# | GitLab# | Description |
---|---|---|
17097 |
12909 |
Fixed monitoring policy creation with pluginserver modules, so that all specified fields are saved in the database. |
16084 |
12401 |
Fixed failures with negative values in SNMP queries. |
Fixed vulnerabilities
Case# | GitLab# | Description |
---|---|---|
CVE-2023-41793 Thanks to Aleksey Solovev. |
12751 |
Fixed and prevented the the possibility of hosting files outside the dedicated directory in resource upload for plugins for this purpose. As a result arbitrary code execution on the server is prevented. |
CVE-2023-44091 Thanks to Aleksey Solovev. |
12752
|
Fixed and avoided the possibility of a timed time attack by SQL injection in PFMS API 1.0. |
CVE-2023-44090 Thanks to Aleksey Solovev. |
12798 |
Fixed the possibility of code injection in the corresponding SQL in the extension to connect to Grafana. |