OpenNMS On the Horizon – Newts, Kafka, BMP, Configuration, Docs, Events, Nephron, UI/UX, ReST, User Validation

In the last week we worked on Newts, Kafka queues, transitioning from OpenBMP, a configuration API, documentation, event definitions, Nephron benchmarking, UI/UX cleanups, ReST improvements, and user validation. Github Project Updates Internals, APIs, and Documentation Dustin fixed an issue with TTL handling in Newts. Dustin's fix for cache priming in Newts was backported to some of [...]

By |2021-03-01T19:43:36+00:00March 1st, 2021|Categories: OOH|Tags: , , , , , , , , , |0 Comments

OpenNMS On the Horizon – JDK11, Configuration, BMP, UI/UX, Documentation

In the last week we did more bugfixing, continued to work on JDK11-based builds, a new config API, in-core BMP support, build infrastructure updates, UI/UX cleanups, and tons of documentation tweaks.

CVE-2021-3396: Full Security Disclosure

OpenNMS Security Issue Requires Immediate Upgrade The OpenNMS Group recently learned about and fixed a security vulnerability that allowed local and remote code execution as an authenticated user via a custom, targeted JEXL expression. Thank you to Artem Smotrakov for notifying us of this issue. CVE-2021-3396 applies to the following: Meridian-2016.1.0 - Meridian-2016.1.24 Meridian-2017.1.0 - Meridian-2017.1.26 [...]

By |2021-02-16T21:06:27+00:00February 16th, 2021|Categories: Uncategorized|1 Comment

OpenNMS On the Horizon – CVE-2021-3396 JEXL Vulnerability, Nephron, Flows, Config API, JDK11, Docs, CDP/LLDP Search, QoS/ToS in Helm, BMP

In the last week we disclosed a JEXL vulnerability, did more bug fixing, updated Nephron and flow handling, worked on a new configuration API, did more JDK 11 updates, more documentation fixups, CDP/LLDP searching, QoS/ToS improvements, OpenBMP migration, and more.

By |2021-02-16T21:17:44+00:00February 16th, 2021|Categories: OOH|Tags: , , , , , , , , , , , , , , , , , , |0 Comments

CVE-2021-3396: OpenNMS Security Vulnerability (Please Update)

We recently learned about a security issue with OpenNMS. Please refer to CVE-2021-3396 for more information. To protect everyone using OpenNMS from an exploitation of this vulnerability, the CVE will not provide full details of the vulnerability until Tuesday, February 16, 2021. This should provide time to upgrade your system before full public disclosure. This issue [...]

By |2021-02-10T16:25:35+00:00February 10th, 2021|Categories: Uncategorized|0 Comments
Go to Top