Hello,
Xymon 4.3.18 has been released to SourceForge (https://sourceforge.net/projects/xymon/) and should be populating on the mirrors shortly.
4.3.18 fixes a buffer overflow vulnerability in the acknowledge.cgi script (tracked as CVE-2015-1430). Thank you to Mark Felder and Martin Lenko for their assistance in this.
This release also modifies the CGI interface to remove any dependencies on a shell interpreter, as a protection against any future "Shellshock"-type bash vulnerabilities. (Only users running bash as their /bin/sh interpreter would have been affected.) As a result, the Apache configuration for the web interface and your cgioptions.cfg file may need to be adjusted, depending on your configuration.
Several other small bugs have also been addressed. For more details on those, see the Changes file in the distribution.
Regards,
-jc