Changelog

Release 29.0.10

Release 29.0.10 contains a number of security dependency updates, plus a bunch of other bug fixes and documentation improvements.

While the dependency changes should not affect how the OpenNMS runtime works, this release contains a larger than usual number of changes to "plumbing" to facilitate these dependency updates. We strongly recommend that you do more than the usual amount of testing before deploying this update to a production environment.

The codename for Horizon 29.0.10 is Duck.

Bug

  • install script fails if an OpenNMS directory contains root-owned lost+found directory (Issue NMS-14032)

  • Provisiond Fails to Start when wrong data is successfully POSTed via REST to hardwareInventory endpoint (Issue NMS-14085)

  • Grafana box renders raw JS when Grafana behind reverse proxy with SSO (Issue NMS-14109)

  • CVE-2022-22965: Spring RCE in Data Bindings (Issue NMS-14134)

  • Minions Trapd Listener Fails to Bind to udp/162 when broker is down (Issue NMS-14148)

  • Fix formatting in alarmd documentation (Issue NMS-14182)

  • Dependabot: update Vaadin to the latest 8.x (Issue NMS-14192)

  • Upgrade groovy-all dependency (Issue NMS-14208)

  • make sure license-maven-plugin is re-enabled in foundation and release branches (Issue NMS-14217)

  • Upgrade jackson-mapper-asl dependency (Issue NMS-14252)

Enhancement

  • Basic upgrade procedure (Issue NMS-13971)

  • Document housekeeping tasks before upgrade (Issue NMS-13972)

  • IPFIX: Also support ingressPhysicalInterface and egressPhysicalInterface for input and output ifIndex (Issue NMS-14169)

  • Cleanup Ticketer docs formatting (Issue NMS-14172)

  • Expand XmlCollector documented parameters (Issue NMS-14256)

  • Restructure Collector docs file path (Issue NMS-14258)

Release 29.0.9

Release 29.0.9 contains a bunch of bug fixes and enhancements, including improvements for running in containers, code cleanups, and improved documentation.

The codename for Horizon 29.0.9 is Kiwi.

Bug

  • Documentation for all pollers misses RRD config parameter (Issue NMS-11747)

  • Resolve SonarCloud High priority Security Hotspots (Issue NMS-14002)

  • Can’t set capabilities in Minion systemd unit (Issue NMS-14016)

  • Scriptd helpers ignore community setting (Issue NMS-14045)

  • Wrong wiki URL in debian installer (Issue NMS-14053)

  • Build from source documentation needs a minor correction (Issue NMS-14088)

  • Hostname command is missing when running in a container (Issue NMS-14100)

  • Fix for NMS-13887 did not make it to Core (Issue NMS-14117)

  • Update docs for binding ports <1024 (Issue NMS-14162)

Enhancement

  • Switch to using a java e-mail library instead of system mail (Issue NMS-14015)

  • Misspelling in SystemExecuteMonitor error text (Issue NMS-14091)

  • relicense rancid-api to LGPL, change dependency to match (Issue NMS-14093)

  • clean up JAXB dependencies (Issue NMS-14105)

Release 29.0.8

Release 29.0.8 contains a few small bug fixes mostly relating to upgrades, as well as a bug in graphing, and an improvement to support pre-auth HTTP headers.

The codename for Horizon 29.0.8 is Chickadee.

Bug

  • Upgrading opennms ignores RUNAS when setting ownership on logs directory (Issue NMS-14000)

  • Minion installation from Debian packages failed with missing dir /var/lib/minion/data/tmp (Issue NMS-14019)

  • OpenNMS points to the wrong URL when trying to generate graphs (Issue NMS-14057)

Enhancement

  • Add support for pre-authorization via HTTP header (to be used with pre-authentication) (Issue NMS-14059)

Release 29.0.7

Release 29.0.7 contains a bunch of bug and security fixes, plus a few small enhancements and documentation improvements.

The codename for Horizon 29.0.7 is Pileated Woodpecker.

Bug

  • opennms user credentials wrongly exposed (Issue NMS-12146)

  • show-event-config displays unexpected content after adding new event definitions (Issue NMS-12863)

  • Install script fails when using Azure PostgreSQL Services (Issue NMS-13715)

  • In default installation the ActiveMQ Total Enqueued Messages throw divde error exceptions (Issue NMS-13737)

  • Remove requirements/logic from Dockerfile/Entrypoint/Confd about the OpenNMS HTTP URL from the Minion and Sentinel due to Twin API (Issue NMS-13768)

  • Systemd startup uses legacy SysV init script (Issue NMS-13783)

  • Telemetryd error occurring when testing with hsflowd (Issue NMS-13795)

  • OpenNMS Availability 'Chart' Shouldn’t Include Time Before Connected (Issue NMS-13822)

  • Support → System Report exposes credentials in plain text (Issue NMS-13831)

  • Cross site scripting - Reflected (Issue NMS-13835)

  • TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability (Issue NMS-13845)

  • Password field with autocomplete enabled (Issue NMS-13847)

  • Remote RMI is broken in 29.0.x (Issue NMS-13887)

  • Unable to modify node/interface/service metadata through requisition after initial synchronization (Issue NMS-13890)

  • When examining the service status of the opennms -v, the service is stopped. (Issue NMS-13900)

  • Web UI redirects to http even with base-url set to https (Issue NMS-13901)

  • Prevent REST API from allowing multiple primary SNMP interfaces on a single node (Issue NMS-13939)

  • Instrument Provisiond Thread Pools (Issue NMS-13969)

  • SNMP Detector configuration page excludes useSnmpProfiles and ttl options (Issue NMS-13997)

  • install script fails if an OpenNMS directory contains root-owned lost+found directory (Issue NMS-14032)

  • Web UI copyright year needs updating (Issue NMS-14037)

Enhancement

  • Releases should document third party libraries and their licenses (Issue NMS-14004)

  • Delete BSM window should name the BSM (Issue NMS-14026)

  • Expand newts converter documentation (Issue NMS-14073)

  • Add TcpDetector documentation (Issue NMS-14074)

Release 29.0.6

Release 29.0.6 contains a number of bug fixes, including security fixes related to Grafana PDF reports and Protobuf, as well as a few enhancements.

Thanks to Sahil Tikoo from Etisalat for reporting the Grafana endpoint issue.

A note about security issues: we have traditionally created CVEs in a pretty ad-hoc manner. We are in the process of formalizing how we’ll be doing so going into the future.

The codename for Horizon 29.0.6 is Dodo.

Bug

  • config-tester doesn’t find malformed resourceTypes (Issue NMS-13723)

  • Event configuration UI fails to persist logmsg dest changes (Issue NMS-13729)

  • Outdated javascript library (Issue NMS-13848)

  • fix-karaf-setup.sh should honor RUNAS (Issue NMS-13881)

  • Remote RMI is broken in 29.0.x (Issue NMS-13887)

  • org.opennms.core.commands never got added to Karaf build (Issue NMS-13910)

  • grafana endpoint can be used to port-scan internal resources (Issue NMS-13917)

  • Minion fails to marshall requisition with JAXB error: Class [org.opennms.netmgt.model.PrimaryTypeAdapter] not found (Issue NMS-13927)

  • Kafka Minions with JMS disabled log errors loading JMS bundles (Issue NMS-13929)

  • "full" report type in Support → System Report inserts "%n%n" between entries instead of newlines (Issue NMS-13948)

  • Unsynchronized access to service factories in TelemetryServiceRegistryImpl (Issue NMS-13961)

Enhancement

  • Split SNMP Property Extenders into multiple pages (Issue NMS-13760)

  • Upgrade protobuf-java version (Issue NMS-13889)

  • Agg Flow via Nephron showing gaps/drops since upgrading to 29.0.4 (Issue NMS-13926)

Release 29.0.5

Release 29.0.5 contains a number of bug and security fixes, as well as a few enhancements.

It include an update to the latest Log4j2 release. It is not believed that we are vulnerable to the Log4j issues fixed in these newer releases, but are updating anyway just to be sure.

The codename for Horizon 29.0.5 is Kingfisher.

Bug

  • TimescaleDB extension can’t added to existing opennms DB. (Issue NMS-13441)

  • Enlinkd API response extremely slow for some nodes (Issue NMS-13507)

  • Customer is not able to view Topology (Issue NMS-13851)

  • Javascript security updates (December, 2021) (Issue NMS-13857)

  • Very large node caches can cause telemetry adapters to fail on Sentinel (Issue NMS-13859)

  • Permission check in ./install -dis flags unwriteable files in the .git directory - redux (Issue NMS-13860)

  • CVE-2021-45105: Update to Log4j 2.17.0 (Issue NMS-13868)

  • upgrade to log4j2 2.17.1 and pax-logging 1.11.13/2.0.14 (Issue NMS-13878)

Enhancement

  • Consolidate all IPC features into one / need conf.d changes (Issue NMS-13610)

  • Add metrics about twin communication (Issue NMS-13649)

  • Extend SnmpMetadataProvisioningAdapter configuration to support exact OID matches (Issue NMS-13842)

  • Support an endpoint that allows to access parts of resources (Issue NMS-13863)

  • Minion Kafka docs missing reference to custom.system.properties (Issue NMS-13885)

Release 29.0.4

Release 29.0.4 is a re-release of 29.0.3 with additional fixes relating to Log4j2 vulnerabilities.

The codename for Horizon 29.0.4 is The Bird.

Bug

  • CVE-2021-45046: incomplete Log4j2 vulnerability mitigation (Issue NMS-13858)

Release 29.0.3

Release 29.0.3 is an out-of-band release with a fix for the Log4j2 security issue, plus an enhancement to support exclude-url in discovery’s configuration.

The codename for Horizon 29.0.3 is Penguin.

Bug

  • Log4j2 0-day: CVE-2021-44228 (Issue NMS-13850)

Enhancement

  • Update VMWare import documentation regarding multiple parameters (Issue NMS-9889)

  • Add "exclude-url" to Discoverd’s configuration (Issue NMS-13718)

Release 29.0.2

Release 29.0.2 contains a fix for a Jetty CVE, plus a number of bug fixes and small enhancements, including changes to user auth, Twin API, VMware, and running as non-root.

The codename for Horizon 29.0.2 is Satanic Nightjar.

Bug

  • Update labelling in Configure Discover screen (Issue NMS-12992)

  • Link to release notes in web Help / About needs updating (Issue NMS-13579)

  • Twin logs doesn’t appear in ipc.log (Issue NMS-13731)

  • Authorization changes not taking immediate effect (Issue NMS-13761)

  • VMware sessions not correctly closed in all cases (Issue NMS-13774)

  • Permission check in ./install -dis flags unwriteable files in the .git directory (Issue NMS-13778)

  • Uncatched exception when importing a VMware virtual machine without an IP interface (Issue NMS-13781)

  • opennms-webapp-hawtio %post chown errors (Issue NMS-13788)

  • 29.0.1 minion should be RUNAS=minion (Issue NMS-13789)

  • Missing RRD package definition in BMP persisting adapter (Issue NMS-13812)

  • CVE-2021-28164: access to WEB-INF (Issue NMS-13832)

Enhancement

  • Dynamic Configuration of Trap Listener (Issue NMS-13564)

  • Tracing support for twin communication (Issue NMS-13650)

  • Document how to install from source (Issue NMS-13685)

  • Improve Related Events box in Alarm detail page (Issue NMS-13749)

  • Optionally include a table of event parameters on the event detail page (Issue NMS-13765)

  • Remove link to wiki from the landing page (Issue NMS-13779)

  • Add support for VMware 7.0.3 performance data collection (Issue NMS-13780)

Release 29.0.1

Release 29.0.1 is a quick release outside of the normal schedule to address some bugs found in 29.0.0 mostly related to running as non-root, and Minion communication.

The codename for Horizon 29.0.1 is Emu.

Bug

  • Kafka topics should start with OpenNMS Instance ID for Twin (Issue NMS-13733)

  • opennms.spec file tries to find out if gid 1000 is used but doesn’t actually check hat (Issue NMS-13734)

  • Events from Hardware Inventory Provisioning Adapter and SNMP Metadata Provisioning Adapter cannot be distinguished (Issue NMS-13735)

  • Upgrade to 29: fix-permissions script fails changing ownership (Issue NMS-13736)

  • Minion user not authorized to read from topic OpenNMS.Twin.Sink (Issue NMS-13742)

  • opennms-plugin-provisioning-wsman-asset missing on Debian (Issue NMS-13747)

  • Upgrade to 29: "$RUNAS is not set" (Issue NMS-13748)

  • SNMP Metadata XSD does not allow multiple <config> elements (Issue NMS-13752)

Enhancement

  • Support multiple auth params for same SNMPV3 username (Issue NMS-13490)

  • Add retry for RPC calls (Issue NMS-13652)

  • Migrate Discovery settings from wiki into docs (Issue NMS-13730)

Release 29.0.0

Release 29.0.0 is the first in the Horizon 29 series, introducing running as non-root by default, optimizations to Minion communication, time-series improvements, support for Cortex for storing flow data, and more.

The codename for Horizon 29.0.0 is Turkey.

Bug

  • Add Validation for Metadata in Thresholds (Issue NMS-12689)

  • Prometheus collector won’t process untyped metrics (Issue NMS-12717)

  • Confd doesn’t replace telemetryd config in etc (Issue NMS-13265)

  • The node and interface counters of the Evaluation Layer are incorrect (Issue NMS-13283)

  • EvaluationMetrics.log is contaminated with non-related metrics. (Issue NMS-13284)

  • Meta-Data cannot be deleted using UI (Issue NMS-13314)

  • Maven: external HTTP insecure URLs are blocked (Issue NMS-13323)

  • Installation with non-root user failes on CentOS 8 (Issue NMS-13415)

  • Starting opennms with systemd as non-root fails with access denied for pid (Issue NMS-13417)

  • Fresh install requires to run fix-permissions script for iplike.so (Issue NMS-13418)

  • Docker not able to access etc overlay as non-root (Issue NMS-13436)

  • The Info ReST endpoint is not showing the services status (Issue NMS-13437)

  • Fix ipInterface PrimaryType Hibernate mapping (Issue NMS-13469)

  • Relaunch of bin/opennms script as opennms user fails due to missing arguments (Issue NMS-13470)

  • Reflected XSS in webapp notice wizard (Issue NMS-13496)

  • IFTTT integration not working anymore (Issue NMS-13501)

  • Minion stops processing flows with "Invalid packet: null" until restart (Issue NMS-13539)

  • Components that use JavaMail unable to use TLS 1.2+ (Issue NMS-13636)

  • Hardware information not displayed for some devices (SnmpMetadataProvisioningAdapter) (Issue NMS-13648)

  • Lock contention when processing large volume of REST API requests (Issue NMS-13655)

  • Clean unused data in srv001.txt and srv002.txt (Issue NMS-13657)

  • Nodes with complex hardware configuration are not correctly rendered (Issue NMS-13660)

  • automation cleanUpRpStatusChanges that references removed action with same name remains in default vacuumd-configuration.xml configuration (Issue NMS-13661)

  • ALEC in distributed mode doesn’t start on Sentinel (Issue NMS-13664)

  • property name importer.adapter.dns.reverse.level is incorrect in commented out example (Issue NMS-13670)

  • Fix JtiTelemetryIT smoke test (Issue NMS-13687)

  • START_TIMEOUT ignored when run from systemd (Issue NMS-13702)

  • macOS Monterey: older OpenNMS branches do not start anymore (Issue NMS-13703)

  • related events box in alarm detail shows all events when alarm has no node / interface / service / ifindex (Issue NMS-13705)

  • SNMP Metadata Provisioning Adapter: wrong line in debian/rules (Issue NMS-13717)

  • invalid permissions in /var/opennms on fresh install (Issue NMS-13725)

  • JMS Twin doesn’t work with minion user (Issue NMS-13726)

  • Remove reference to DHCP plugin from docs (Issue NMS-13727)

  • GeoIP Provisioning Adapter: SubnetUtils does not support IPv6 (Issue NMS-13728)

Enhancement

  • Change the webUI so it runs as a non-root user easily and reliably (Issue NMS-1231)

  • Create opennms user on install (Issue NMS-11970)

  • syslogd as non-root user (Issue NMS-11982)

  • opennms.service in non-root environment (Issue NMS-12005)

  • opennms init script "runas" setting (Issue NMS-12007)

  • TrapD won’t run as non-root user (Issue NMS-12026)

  • non-root user:group file permissions (Issue NMS-12034)

  • Documentation for reloadable daemons (Issue NMS-12611)

  • Incorporate node related information to events and alarms topic in opennms-kafka-producer feature (Issue NMS-12778)

  • Update Provisioning chapter (Issue NMS-12810)

  • Create docs about Newts confd parameters (Issue NMS-13005)

  • Allow OpenNMS Core service to run as non-root (Issue NMS-13016)

  • Improve usability and self-contained features of the Kafka Producer payload for metrics (Issue NMS-13191)

  • Upgrade Kafka components to 2.8.0 (Issue NMS-13264)

  • Monitor localhost in a fresh install (Issue NMS-13313)

  • Location dropdown on Add Node does not sort/filter (Issue NMS-13316)

  • Persist monitor status in RRD (Issue NMS-13324)

  • TSS 2.0: Improved Tag handling (Issue NMS-13356)

  • Provide ability to store aggregated flow data from Nephron in Cortex (Issue NMS-13372)

  • Investigate the Conversations related performance with Cortex & large amount of data (Issue NMS-13375)

  • Nephron: Get rid of convo_key and grouped_by_key (Issue NMS-13377)

  • Define Minion/OpenNMS Object replication Interfaces (Issue NMS-13401)

  • Integrate Object replication with Trapd (for SNMPV3 Users) (Issue NMS-13402)

  • Limit CollectionSet size in Kafka Producer to less than 1MB. (Issue NMS-13407)

  • Remove remote repository dependencies during Minion OCI build (Issue NMS-13432)

  • Implement gRPC broker for Object replication (Twin) (Issue NMS-13460)

  • Implement ActiveMQ broker for Object replication ( Twin) (Issue NMS-13461)

  • Implement In-memory broker for Object replication ( Twin) (Issue NMS-13462)

  • Implement Kafka broker for Object replication ( Twin) (Issue NMS-13463)

  • Changes to review bulk indexing with raw flow data (Issue NMS-13478)

  • Grpc IPC and Twin should be able to run from the same port (Issue NMS-13487)

  • Add Karaf Command to add query and publish Twin Objects (Issue NMS-13488)

  • delete the opennms-tools directory (Issue NMS-13563)

  • Upgrade Karaf to v4.3.2 (Issue NMS-13565)

  • Support partial updates to Twin API (Issue NMS-13576)

  • Optimize ip address handling in flow classification engine (Issue NMS-13577)

  • optimize repeated reloads of the flow classification engine (Issue NMS-13580)

  • The implementation of HealthCheck.performAsyncHealthCheck is not async (Issue NMS-13590)

  • Add 'tag' argument to health-check command (Issue NMS-13592)

  • Provide basic implementation for patch support for Twin (Issue NMS-13594)

  • Show Link State when viewing links on the Enlinkd topology maps (Issue NMS-13619)

  • Topologies menu (Issue NMS-13622)

  • Documentation for the new feature persisting flows in Cortex (Issue NMS-13635)

  • Discover LLDP topology on devices running MikroTik RouterOS (Issue NMS-13637)

  • Drop SQS support (Issue NMS-13640)

  • Remove Rest Client / OpenNMS Rest Health Checks on Minion (Issue NMS-13641)

  • Update docs with Twin implementation (Issue NMS-13642)

  • Check doc source for wiki links (Issue NMS-13688)

  • Create Release Notes for Horizon 29 (Issue NMS-13700)

  • Add Twin feature/strategy to conf.d/smoke test (Issue NMS-13701)

  • GeoIP Provisioning Adapter (Issue NMS-13704)

  • Allow PostgreSQL 14 (Issue NMS-13714)

  • Add hint for time sync on OpenNMS components (Issue NMS-13724)