In the last week we did more bugfixing, continued to work on JDK11-based builds, a new config API, in-core BMP support, build infrastructure updates, UI/UX cleanups, and tons of documentation tweaks.
OpenNMS Security Issue Requires Immediate Upgrade The OpenNMS Group recently learned about and fixed a security vulnerability that allowed local and remote code execution as an authenticated user via a custom, targeted JEXL expression. Thank you to Artem Smotrakov for notifying us of this issue. CVE-2021-3396 applies to the following: Meridian-2016.1.0 - Meridian-2016.1.24 Meridian-2017.1.0 - Meridian-2017.1.26 [...]
OpenNMS On the Horizon – CVE-2021-3396 JEXL Vulnerability, Nephron, Flows, Config API, JDK11, Docs, CDP/LLDP Search, QoS/ToS in Helm, BMP
In the last week we disclosed a JEXL vulnerability, did more bug fixing, updated Nephron and flow handling, worked on a new configuration API, did more JDK 11 updates, more documentation fixups, CDP/LLDP searching, QoS/ToS improvements, OpenBMP migration, and more.
We recently learned about a security issue with OpenNMS. Please refer to CVE-2021-3396 for more information. To protect everyone using OpenNMS from an exploitation of this vulnerability, the CVE will not provide full details of the vulnerability until Tuesday, February 16, 2021. This should provide time to upgrade your system before full public disclosure. This issue [...]
OpenNMS On the Horizon – Flows, QoS/ToS, JMX, Telemetryd, Vacuumd, Minion, Confd, OpenBMP, Prometheus, Metadata, UI
In the last week we worked on flow improvements including QoS/ToS aggregation, the JMX monitor, Telemetryd and Vacuumd bugs, Minion confd, OpenBMP, JMX Prometheus publishing, JEXL, config managment, node metadata import, and UI fixes.
For February we released point updates to all OpenNMS versions under active support.
In the last week we did more work on flow aggregation (including ToS and QoS), continued to work on the OpenBMP migration, JDK 11 builds, JEXL cleanups, time zone handling, Minion metrics in Prometheus, and more.
In the last week we continued our work on JDK11 migration, moving OpenBMP functionality into OpenNMS, ToS/QoS flow aggregation, Antora documentation, a new configuration API/implementation, and plenty of bug fixes.
OpenNMS On the Horizon – Flows, JDK 11, Kafka, Antora, VMware, OpenBMP, Vacuumd, JICMP/JRRD, WMI, Minion, Topology
In the last week we did more work on JDK 11 transition, QoS/ToS flow aggregation, Antora documentation, configuration APIs, OpenBMP, and more.
In the last week we worked on the OpenBMP migration, documentation, builds, ToS aggregate flow support, moving to JDK 11, and more.