CVE – The OpenNMS Group, Inc.

April 2021 Releases – Horizon 27.1.1, Meridians 2018.1.27, 2019.1.18, and 2020.1.7

In April, we released updates to all OpenNMS versions under active support.

By RangerRick|2021-04-07T18:27:43+00:00April 7th, 2021|Categories: News|Tags: CVE, Horizon, jetty, kafka, Meridian, minion, Release|0 Comments

OpenNMS On the Horizon – CVE-2021-3396 JEXL Vulnerability, Nephron, Flows, Config API, JDK11, Docs, CDP/LLDP Search, QoS/ToS in Helm, BMP

In the last week we disclosed a JEXL vulnerability, did more bug fixing, updated Nephron and flow handling, worked on a new configuration API, did more JDK 11 updates, more documentation fixups, CDP/LLDP searching, QoS/ToS improvements, OpenBMP migration, and more.

By RangerRick|2021-02-16T21:17:44+00:00February 16th, 2021|Categories: OOH|Tags: antora, bmp, cdp, CVE, helm, jdk11, jexl, lldp, mina, nephron, netty, openbmp, qos, reporting, rest, security, snmpv3, tos, vacuumd|0 Comments

November 2020 Releases: Horizon 27.0.2, Meridians 2018.1.24, 2019.1.14, and 2020.1.3

In November we released updates to all supported Meridians as well as Horizon 27.

By RangerRick|2020-12-04T20:09:08+00:00December 4th, 2020|Categories: News|Tags: CVE, Horizon, jetty, Meridian, Release|0 Comments

Recent Security Fix and Our Security Process

No one wants to have a security vulnerability, particularly with network management software, where the consequences could be serious. Find out how OpenNMS deals with reported security issues when they arise.

By Bonnie|2020-05-12T19:10:15+00:00May 12th, 2020|Categories: Blog|Tags: CVE, security|0 Comments

OpenNMS Horizon 24.1.0 Released

Release 24.1.0 is the latest stable release of OpenNMS. It contains a bunch of bug fixes and a few enhancements, including support for OpenTracing in the sink API and a rework of geocoding services. The codename for 24.1.0 is J.A.R.V.I.S.

By RangerRick|2019-05-23T23:22:56+00:00May 23rd, 2019|Categories: News|Tags: alarmd, CVE, drools, geocoder, Horizon, jetty, jmx, minion, openjdk, opentracing, Release, thresholding, ubuntu, vaadin, ws-man, xss, XXE|1 Comment

OpenNMS Meridian 2018.1.8 Released

Release 2018.1.8 is an update to Meridian 2018.1.7. It contains a few UI fixes and security updates, as well as a fix for memory leaks in Drools config reloading, WS-Man monitoring, and the JMX collector. The codename for 2018.1.8 is Gale. Bug Memory Leak on Drools while reloading config (Issue NMS-10678) Node detail page renders with [...]

By RangerRick|2019-05-23T20:11:07+00:00May 23rd, 2019|Categories: News|Tags: CVE, drools, jetty, jmx, Meridian, Release, ws-man, xss|0 Comments

OpenNMS Meridian 2017.1.17 Released

Release 2017.1.17 is a small update to 2017.1.16 that has a few UI fixes and security updates, as well as a fix for memory leaks in WS-Man monitoring and the JMX collector. The codename for 2017.1.17 is Old Naval Observatory meridian. Bug Node detail page renders with no content when invalid node ID specified (Issue NMS-10679) [...]

By RangerRick|2019-05-23T20:12:37+00:00May 23rd, 2019|Categories: News|Tags: CVE, jmx, Meridian, Release, ws-man, xss, XXE|0 Comments

OpenNMS Meridian 2016.1.21 Released

Release 2016.1.21 is a small update to 2016.1.20 that has a few UI fixes and security updates, as well as a fix for a memory leak in WS-Man monitoring. The codename for 2016.1.21 is North Pole Gnomonic. Bug Node detail page renders with no content when invalid node ID specified (Issue NMS-10679) CVE-2018-20433: XXE Vulnerability in [...]

By RangerRick|2019-05-23T20:12:21+00:00May 23rd, 2019|Categories: News|Tags: CVE, Meridian, Release, ws-man, xss, XXE|0 Comments