In the last week we continued to work on Nephron and flows, fixed some Kafka stream related bugs, fixed up some tests, worked on an Enlinkd ReST service, and did some other UI cleanups.
For March we released point updates to all OpenNMS versions under active support.
OpenNMS On the Horizon – Newts, Kafka, BMP, Configuration, Docs, Events, Nephron, UI/UX, ReST, User Validation
In the last week we worked on Newts, Kafka queues, transitioning from OpenBMP, a configuration API, documentation, event definitions, Nephron benchmarking, UI/UX cleanups, ReST improvements, and user validation. Github Project Updates Internals, APIs, and Documentation Dustin fixed an issue with TTL handling in Newts. Dustin's fix for cache priming in Newts was backported to some of [...]
In the last week we did more bugfixing, continued to work on JDK11-based builds, a new config API, in-core BMP support, build infrastructure updates, UI/UX cleanups, and tons of documentation tweaks.
OpenNMS Security Issue Requires Immediate Upgrade The OpenNMS Group recently learned about and fixed a security vulnerability that allowed local and remote code execution as an authenticated user via a custom, targeted JEXL expression. Thank you to Artem Smotrakov for notifying us of this issue. CVE-2021-3396 applies to the following: Meridian-2016.1.0 - Meridian-2016.1.24 Meridian-2017.1.0 - Meridian-2017.1.26 [...]
OpenNMS On the Horizon – CVE-2021-3396 JEXL Vulnerability, Nephron, Flows, Config API, JDK11, Docs, CDP/LLDP Search, QoS/ToS in Helm, BMP
In the last week we disclosed a JEXL vulnerability, did more bug fixing, updated Nephron and flow handling, worked on a new configuration API, did more JDK 11 updates, more documentation fixups, CDP/LLDP searching, QoS/ToS improvements, OpenBMP migration, and more.
We recently learned about a security issue with OpenNMS. Please refer to CVE-2021-3396 for more information. To protect everyone using OpenNMS from an exploitation of this vulnerability, the CVE will not provide full details of the vulnerability until Tuesday, February 16, 2021. This should provide time to upgrade your system before full public disclosure. This issue [...]
OpenNMS On the Horizon – Flows, QoS/ToS, JMX, Telemetryd, Vacuumd, Minion, Confd, OpenBMP, Prometheus, Metadata, UI
In the last week we worked on flow improvements including QoS/ToS aggregation, the JMX monitor, Telemetryd and Vacuumd bugs, Minion confd, OpenBMP, JMX Prometheus publishing, JEXL, config managment, node metadata import, and UI fixes.
For February we released point updates to all OpenNMS versions under active support.
In the last week we did more work on flow aggregation (including ToS and QoS), continued to work on the OpenBMP migration, JDK 11 builds, JEXL cleanups, time zone handling, Minion metrics in Prometheus, and more.