Hi all, 

Below is a summary of the divergence between "main" (4.3.30) and "4.x-master"(4.4 dev).
Repo: github.com/xymon-monitoring/xymon

INTRODUCTION

Goal: identify what exists in "main" and is missing in "4.x-master".
Focus on bug fixes and security.

MISSING COMMITS (GIT commands)
Functional commits present only in main (excluding releases): 28

Scope of unmatched commits:
- 6,489 insertions
- 4,333 deletions
- Net +2,156 LOC (Line of Code)
(See Git commands below.)

MISSING COMMITS without semantic equivalent  (AI powered analysis)
Security / CVE
- 484edeb2 – CVE-2019-* buffer overflow / XSS
- 6dbcd04e – CVE-2016-2056 / 2058 command + JS injection
- 1a4511a7 – CVE-2016-2057 IPC permissions
- df404398 – CVE-2016-2055 config file exposure

Crash / memory safety
- ba47d2f9 – xymongen availability segfault
- 81656c6a – crash on missing allevents
- c3a8a2c9 – RPC buffer size miscalculation
- 4f444be0 – netapp RRD memory leak
- bee6eee8 – double-free in xymond
- 1ab01960 – NULL checks to prevent segfault

Correctness / parsing
- 8ab6c328 – RRD DS comma parsing
- eda84777 – SNMPv3 config parsing
- a123a029 – do_temperature parentheses parsing
- 3f266c08 – do_temperature parsing fixes
- 3227f657 – logfetch off-by-one with triggers
- 95092119 – history logs with dash/underscore names
- 9f62e942 – NONETPAGE parsing tightening

Build / portability
- 4e846f16 – GCC diagnostics guards
- b1414cd8 – stdint.h include tightening
- 3eed090e – Fedora/GCC compile fixes
- 0a546cc1 – avoid unnecessary mod_authz_groupfile loading

Total: 21 commits

GIT COMMANDS USED 
- Identify unmatched commits:
git log --oneline --cherry-pick --left-right main...4.x-master | grep '^<'
- Per-commit size:
git show --shortstat
- LOC aggregation:
git log --cherry-pick --left-right --numstat main...4.x-master
- Rewrite-aware comparison:
git range-diff --stat 4.3.22-root..main 4.3.22-root..4.x-master
- Security commit isolation:
git log 4.3.22-root..main --oneline | grep -Ei 'CVE|security|XSS|overflow'

I can make mistakes.

Bruno