In May, we released updates to all OpenNMS Meridian versions under active support, as well as Horizon 29. NOTE: All releases this month received security updates that affect a number of core dependencies. While these dependency changes should not affect how the OpenNMS runtime works, these releases contain a larger than usual number of changes to [...]
In April, we released updates to all OpenNMS Meridian versions under active support, as well as Horizon 29.
OpenNMS and the Spring Core Remote Code Execution Vulnerability (SpringShell) CVE-2022-22965A serious remote code execution (RCE) vulnerability exists in some versions of the Spring Framework, which is used by OpenNMS Meridian and Horizon. OpenNMS Meridian and Horizon are not known to be vulnerable because the published exploit for this RCE requires: All Attributes Required for [...]
Today we released updates to all OpenNMS Meridian versions under active support, as well as Horizon 29.
In March, we released updates to all OpenNMS Meridian versions under active support, as well as Horizon 29.
In February, we released updates to all OpenNMS Meridian versions under active support, as well as Horizon 29.
In January, we released updates to all OpenNMS Meridian versions under active support, as well as Horizon 29.
(deep breath) Today we released off-cycle updates to all OpenNMS Meridian versions under active support, as well as Horizon 29, to address additional Log4j2 "Log4Shell" vulnerabilities.
Today we released updates to all OpenNMS Meridian versions under active support, as well as Horizon 29, to address the Log4j2 "Log4Shell" vulnerability.
Serious remote code execution (RCE) and denial of service (DOS) vulnerabilities in Apache Log4j could affect customers running some OpenNMS products. These vulnerabilities could allow an attacker to shut down or compromise your system by causing OpenNMS to log specially crafted messages into system log files for malicious purposes. Apache Log4j could interpret one of those [...]
