Security update for icingaweb2

9377 Security update for icingaweb2 moderate openSUSE Leap 15.0 Update ports This update for icingaweb2 to version 2.6.2 fixes the following issues: Security vulnerabilities fixed: - CVE-2018-18246: Fixed a Cross-Site request forgery (CSRF), which could be used to enable or disable modules (boo#1119784) - CVE-2018-18247: Fixed a Cross-Site scripting (XSS) vulnerability via the /icingaweb2/navigation/add icon parameter (boo#1119785) - CVE-2018-18248: Fixed a Cross-Site scripting (XSS) vulnerability via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string (boo#1119801) - CVE-2018-18249: Fixed injection of PHP ini-file directives via vectors involving environment variables (boo#1119799) - CVE-2018-18250: Fixed allowance of parameters that break navigation dashlets (boo#1119800) Other bugs fixed: - Database connections to MySQL 8 no longer fail - LDAP connections now have a timeout configuration which defaults to 5 seconds - User groups are now correctly loaded for externally authenticated users - Filters are respected for all links in the host and service group overviews - Fixed permission problems where host and service actions provided by modules were missing - Fixed an SQL error in the contact list view when filtering for host groups - Fixed time zone (DST) detection - Fixed the contact details view if restrictions are active - Add README.SUSE. - The command audit now logs a command's payload as JSON - Support for PHP 7.2 added - Support for SQLite resources added - Removed support for PHP < 5.6 - Removed support for persistent database connections - Login and Command (monitoring) auditing added with the help of a dedicated module - Pluginoutput rendering is now hookable by modules which allows to render custom icons, emojis and .. cute kitties :octocat: - Refined user interface - More powerful REST API For a full list of changes, please refer to: https://github.com/Icinga/icingaweb2/releases icingacli-2.6.2-lp150.4.3.3.noarch.rpm icingaweb2-2.6.2-lp150.4.3.3.noarch.rpm icingaweb2-2.6.2-lp150.4.3.3.src.rpm icingaweb2-common-2.6.2-lp150.4.3.3.noarch.rpm icingaweb2-vendor-HTMLPurifier-2.6.2-lp150.4.3.3.noarch.rpm icingaweb2-vendor-JShrink-2.6.2-lp150.4.3.3.noarch.rpm icingaweb2-vendor-Parsedown-2.6.2-lp150.4.3.3.noarch.rpm icingaweb2-vendor-dompdf-2.6.2-lp150.4.3.3.noarch.rpm icingaweb2-vendor-lessphp-2.6.2-lp150.4.3.3.noarch.rpm icingaweb2-vendor-zf1-2.6.2-lp150.4.3.3.noarch.rpm php-Icinga-2.6.2-lp150.4.3.3.noarch.rpm icingacli-2.6.2-lp150.4.3.2.noarch.rpm icingaweb2-2.6.2-lp150.4.3.2.noarch.rpm icingaweb2-2.6.2-lp150.4.3.2.src.rpm icingaweb2-common-2.6.2-lp150.4.3.2.noarch.rpm icingaweb2-vendor-HTMLPurifier-2.6.2-lp150.4.3.2.noarch.rpm icingaweb2-vendor-JShrink-2.6.2-lp150.4.3.2.noarch.rpm icingaweb2-vendor-Parsedown-2.6.2-lp150.4.3.2.noarch.rpm icingaweb2-vendor-dompdf-2.6.2-lp150.4.3.2.noarch.rpm icingaweb2-vendor-lessphp-2.6.2-lp150.4.3.2.noarch.rpm icingaweb2-vendor-zf1-2.6.2-lp150.4.3.2.noarch.rpm php-Icinga-2.6.2-lp150.4.3.2.noarch.rpm