We recently learned about a security issue with OpenNMS. Please refer to CVE-2021-3396 for more information.

To protect everyone using OpenNMS from an exploitation of this vulnerability, the CVE will not provide full details of the vulnerability until Tuesday, February 16, 2021. This should provide time to upgrade your system before full public disclosure.

This issue affects Horizon 16.0.0–Horizon 27.0.3 and all supported Meridian versions:

  • Meridian-2016.1.0–Meridian-2016.1.24
  • Meridian-2017.1.0–Meridian-2017.1.26
  • Meridian-2018.1.0–Meridian-2018.1.24
  • Meridian-2019.1.0–Meridian-2019.1.15
  • Meridian-2020.1.0–Meridian-2020.1.4

We recommend that you make the time to upgrade to the latest version of Horizon or Meridian as soon as possible. These versions fix the issue.

Anyone using Meridian 2018, 2019, or 2020 should upgrade to the latest point release. If you are using an earlier version, you should upgrade to 2018, 2019, or 2020.