Xymon 4.3.1 released (security fixes)
Hi,
I have released Xymon version 4.3.1. It is available from Sourceforge at http://sourceforge.net/projects/xymon/ now.
The main reason for a release now following the 4.3.0 release just a month ago is to fix a security issue that was reported to me two days ago.
David Ferrest reported that the Xymon web interface was vulnerable to "cross-site scripting" attacks. After the initial report, I have gone through the web UI code and fixed several identical vulnerabilities leading to this release.
For those unfamiliar with cross-site scripting, here is the Wikipedia description:
"Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by the site's owner."
(From http://en.wikipedia.org/wiki/Cross-site_scripting )
Regards, Henrik
Hi,
yesterday I wrote:
I have released Xymon version 4.3.1. It is available from Sourceforge at http://sourceforge.net/projects/xymon/ now.
This has quickly been replaced by 4.3.2 since the fixes in 4.3.1 broke a number of tools, including the history log display. So please use 4.3.2 instead.
Sorry for the inconvenience.
Regards, Henrik
Thanks for the great work, Henrik =)
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Mon, Apr 4, 2011 at 1:56 AM, Henrik Størner <henrik at hswn.dk> wrote:
Hi,
yesterday I wrote:
I have released Xymon version 4.3.1. It is available from Sourceforge at
This has quickly been replaced by 4.3.2 since the fixes in 4.3.1 broke a number of tools, including the history log display. So please use 4.3.2 instead.
Sorry for the inconvenience.
Regards, Henrik
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
Sorry for the noobish question but we are currently running 4.3.0-beta2, what is the safest way to upgrade to 4.3.2.
If i can leave my exsisting instance alone and install a new version and point to prod through a sym link that would be the best.
is thier documention where do i start?
Thanks for your help.
Nick
Date: Mon, 4 Apr 2011 07:56:31 +0200 From: henrik at hswn.dk To: xymon at xymon.com; xymon-announce at lists.xymon.com Subject: [Xymon] Xymon 4.3.2 released
Hi,
yesterday I wrote:
I have released Xymon version 4.3.1. It is available from Sourceforge at http://sourceforge.net/projects/xymon/ now.
This has quickly been replaced by 4.3.2 since the fixes in 4.3.1 broke a number of tools, including the history log display. So please use 4.3.2 instead.
Sorry for the inconvenience.
Regards, Henrik
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
participants (3)
-
henrik@hswn.dk
-
josh@imaginenetworksllc.com
-
willowbrookmagic@hotmail.com