In the wake of the CircleCI breach, we have been reviewing policies and updating keys and tokens used in our automation for anything that could potentially be affected. While we have no evidence of any of specific credentials being leaked, we've needed to document procedures for rotating keys anyway, so now was the perfect time to [...]
October’s Cybersecurity Awareness Month seems like a great time to discuss the improvements we are making at The OpenNMS Group to improve our security practices. For almost 20 years, OpenNMS staff developers and the open source contributor community have partnered to create robust and secure network monitoring platforms available in community-driven (Horizon) and enterprise-ready (Meridian) distributions.. [...]
In May, we released updates to all OpenNMS Meridian versions under active support, as well as Horizon 29. NOTE: All releases this month received security updates that affect a number of core dependencies. While these dependency changes should not affect how the OpenNMS runtime works, these releases contain a larger than usual number of changes to [...]
(deep breath) Today we released off-cycle updates to all OpenNMS Meridian versions under active support, as well as Horizon 29, to address additional Log4j2 "Log4Shell" vulnerabilities.
In the last week we disclosed a JEXL vulnerability, did more bug fixing, updated Nephron and flow handling, worked on a new configuration API, did more JDK 11 updates, more documentation fixups, CDP/LLDP searching, QoS/ToS improvements, OpenBMP migration, and more.
No one wants to have a security vulnerability, particularly with network management software, where the consequences could be serious. Find out how OpenNMS deals with reported security issues when they arise.
Release 26.0.1 is an off-schedule release to fix a vulnerability in ActiveMQ and the Minion.
Release 2019.1.6 is an off-schedule release to fix a vulnerability in ActiveMQ and the Minion.
Release 2018.1.18 is an off-schedule release to fix a vulnerability in ActiveMQ and the Minion.
Release 2019.1.5 is the sixth release in the Meridian 2019 series. It fixes a few more security issues, as well as a number of other bugs and a couple of enhancements. Hat tip to Johannes Moritz for the security report. The codename for 2019.1.5 is Saturn. Bug SNMP Remove from definitions fails for definitions with profile [...]
