Changelog

Release 29.0.6

Release 29.0.6 contains a number of bug fixes, including security fixes related to Grafana PDF reports and Protobuf, as well as a few enhancements.

Thanks to Sahil Tikoo from Etisalat for reporting the Grafana endpoint issue.

A note about security issues: we have traditionally created CVEs in a pretty ad-hoc manner. We are in the process of formalizing how we’ll be doing so going into the future.

The codename for Horizon 29.0.6 is Dodo.

Bug

  • config-tester doesn’t find malformed resourceTypes (Issue NMS-13723)

  • Event configuration UI fails to persist logmsg dest changes (Issue NMS-13729)

  • Outdated javascript library (Issue NMS-13848)

  • fix-karaf-setup.sh should honor RUNAS (Issue NMS-13881)

  • Remote RMI is broken in 29.0.x (Issue NMS-13887)

  • org.opennms.core.commands never got added to Karaf build (Issue NMS-13910)

  • grafana endpoint can be used to port-scan internal resources (Issue NMS-13917)

  • Minion fails to marshall requisition with JAXB error: Class [org.opennms.netmgt.model.PrimaryTypeAdapter] not found (Issue NMS-13927)

  • Kafka Minions with JMS disabled log errors loading JMS bundles (Issue NMS-13929)

  • "full" report type in Support → System Report inserts "%n%n" between entries instead of newlines (Issue NMS-13948)

  • Unsynchronized access to service factories in TelemetryServiceRegistryImpl (Issue NMS-13961)

Enhancement

  • Split SNMP Property Extenders into multiple pages (Issue NMS-13760)

  • Upgrade protobuf-java version (Issue NMS-13889)

  • Agg Flow via Nephron showing gaps/drops since upgrading to 29.0.4 (Issue NMS-13926)

Release 29.0.5

Release 29.0.5 contains a number of bug and security fixes, as well as a few enhancements.

It include an update to the latest Log4j2 release. It is not believed that we are vulnerable to the Log4j issues fixed in these newer releases, but are updating anyway just to be sure.

The codename for Horizon 29.0.5 is Kingfisher.

Bug
  • TimescaleDB extension can’t added to existing opennms DB. (Issue NMS-13441)

  • Enlinkd API response extremely slow for some nodes (Issue NMS-13507)

  • Customer is not able to view Topology (Issue NMS-13851)

  • Javascript security updates (December, 2021) (Issue NMS-13857)

  • Very large node caches can cause telemetry adapters to fail on Sentinel (Issue NMS-13859)

  • Permission check in ./install -dis flags unwriteable files in the .git directory - redux (Issue NMS-13860)

  • CVE-2021-45105: Update to Log4j 2.17.0 (Issue NMS-13868)

  • upgrade to log4j2 2.17.1 and pax-logging 1.11.13/2.0.14 (Issue NMS-13878)

Enhancement
  • Consolidate all IPC features into one / need conf.d changes (Issue NMS-13610)

  • Add metrics about twin communication (Issue NMS-13649)

  • Extend SnmpMetadataProvisioningAdapter configuration to support exact OID matches (Issue NMS-13842)

  • Support an endpoint that allows to access parts of resources (Issue NMS-13863)

  • Minion Kafka docs missing reference to custom.system.properties (Issue NMS-13885)

Release 29.0.4

Release 29.0.4 is a re-release of 29.0.3 with additional fixes relating to Log4j2 vulnerabilities.

The codename for Horizon 29.0.4 is The Bird.

Bug

  • CVE-2021-45046: incomplete Log4j2 vulnerability mitigation (Issue NMS-13858)

Release 29.0.3

Release 29.0.3 is an out-of-band release with a fix for the Log4j2 security issue, plus an enhancement to support exclude-url in discovery’s configuration.

The codename for Horizon 29.0.3 is Penguin.

Bug

  • Log4j2 0-day: CVE-2021-44228 (Issue NMS-13850)

Enhancement

  • Update VMWare import documentation regarding multiple parameters (Issue NMS-9889)

  • Add "exclude-url" to Discoverd’s configuration (Issue NMS-13718)

Release 29.0.2

Release 29.0.2 contains a fix for a Jetty CVE, plus a number of bug fixes and small enhancements, including changes to user auth, Twin API, VMware, and running as non-root.

The codename for Horizon 29.0.2 is Satanic Nightjar.

Bug

  • Update labelling in Configure Discover screen (Issue NMS-12992)

  • Link to release notes in web Help / About needs updating (Issue NMS-13579)

  • Twin logs doesn’t appear in ipc.log (Issue NMS-13731)

  • Authorization changes not taking immediate effect (Issue NMS-13761)

  • VMware sessions not correctly closed in all cases (Issue NMS-13774)

  • Permission check in ./install -dis flags unwriteable files in the .git directory (Issue NMS-13778)

  • Uncatched exception when importing a VMware virtual machine without an IP interface (Issue NMS-13781)

  • opennms-webapp-hawtio %post chown errors (Issue NMS-13788)

  • 29.0.1 minion should be RUNAS=minion (Issue NMS-13789)

  • Missing RRD package definition in BMP persisting adapter (Issue NMS-13812)

  • CVE-2021-28164: access to WEB-INF (Issue NMS-13832)

Enhancement

  • Dynamic Configuration of Trap Listener (Issue NMS-13564)

  • Tracing support for twin communication (Issue NMS-13650)

  • Document how to install from source (Issue NMS-13685)

  • Improve Related Events box in Alarm detail page (Issue NMS-13749)

  • Optionally include a table of event parameters on the event detail page (Issue NMS-13765)

  • Remove link to wiki from the landing page (Issue NMS-13779)

  • Add support for VMware 7.0.3 performance data collection (Issue NMS-13780)

Release 29.0.1

Release 29.0.1 is a quick release outside of the normal schedule to address some bugs found in 29.0.0 mostly related to running as non-root, and Minion communication.

The codename for Horizon 29.0.1 is Emu.

Bug

  • Kafka topics should start with OpenNMS Instance ID for Twin (Issue NMS-13733)

  • opennms.spec file tries to find out if gid 1000 is used but doesn’t actually check hat (Issue NMS-13734)

  • Events from Hardware Inventory Provisioning Adapter and SNMP Metadata Provisioning Adapter cannot be distinguished (Issue NMS-13735)

  • Upgrade to 29: fix-permissions script fails changing ownership (Issue NMS-13736)

  • Minion user not authorized to read from topic OpenNMS.Twin.Sink (Issue NMS-13742)

  • opennms-plugin-provisioning-wsman-asset missing on Debian (Issue NMS-13747)

  • Upgrade to 29: "$RUNAS is not set" (Issue NMS-13748)

  • SNMP Metadata XSD does not allow multiple <config> elements (Issue NMS-13752)

Enhancement

  • Support multiple auth params for same SNMPV3 username (Issue NMS-13490)

  • Add retry for RPC calls (Issue NMS-13652)

  • Migrate Discovery settings from wiki into docs (Issue NMS-13730)

Release 29.0.0

Release 29.0.0 is the first in the Horizon 29 series, introducing running as non-root by default, optimizations to Minion communication, time-series improvements, support for Cortex for storing flow data, and more.

The codename for Horizon 29.0.0 is Turkey.

Bug

  • Add Validation for Metadata in Thresholds (Issue NMS-12689)

  • Prometheus collector won’t process untyped metrics (Issue NMS-12717)

  • Confd doesn’t replace telemetryd config in etc (Issue NMS-13265)

  • The node and interface counters of the Evaluation Layer are incorrect (Issue NMS-13283)

  • EvaluationMetrics.log is contaminated with non-related metrics. (Issue NMS-13284)

  • Meta-Data cannot be deleted using UI (Issue NMS-13314)

  • Maven: external HTTP insecure URLs are blocked (Issue NMS-13323)

  • Installation with non-root user failes on CentOS 8 (Issue NMS-13415)

  • Starting opennms with systemd as non-root fails with access denied for pid (Issue NMS-13417)

  • Fresh install requires to run fix-permissions script for iplike.so (Issue NMS-13418)

  • Docker not able to access etc overlay as non-root (Issue NMS-13436)

  • The Info ReST endpoint is not showing the services status (Issue NMS-13437)

  • Fix ipInterface PrimaryType Hibernate mapping (Issue NMS-13469)

  • Relaunch of bin/opennms script as opennms user fails due to missing arguments (Issue NMS-13470)

  • Reflected XSS in webapp notice wizard (Issue NMS-13496)

  • IFTTT integration not working anymore (Issue NMS-13501)

  • Minion stops processing flows with "Invalid packet: null" until restart (Issue NMS-13539)

  • Components that use JavaMail unable to use TLS 1.2+ (Issue NMS-13636)

  • Hardware information not displayed for some devices (SnmpMetadataProvisioningAdapter) (Issue NMS-13648)

  • Lock contention when processing large volume of REST API requests (Issue NMS-13655)

  • Clean unused data in srv001.txt and srv002.txt (Issue NMS-13657)

  • Nodes with complex hardware configuration are not correctly rendered (Issue NMS-13660)

  • automation cleanUpRpStatusChanges that references removed action with same name remains in default vacuumd-configuration.xml configuration (Issue NMS-13661)

  • ALEC in distributed mode doesn’t start on Sentinel (Issue NMS-13664)

  • property name importer.adapter.dns.reverse.level is incorrect in commented out example (Issue NMS-13670)

  • Fix JtiTelemetryIT smoke test (Issue NMS-13687)

  • START_TIMEOUT ignored when run from systemd (Issue NMS-13702)

  • macOS Monterey: older OpenNMS branches do not start anymore (Issue NMS-13703)

  • related events box in alarm detail shows all events when alarm has no node / interface / service / ifindex (Issue NMS-13705)

  • SNMP Metadata Provisioning Adapter: wrong line in debian/rules (Issue NMS-13717)

  • invalid permissions in /var/opennms on fresh install (Issue NMS-13725)

  • JMS Twin doesn’t work with minion user (Issue NMS-13726)

  • Remove reference to DHCP plugin from docs (Issue NMS-13727)

  • GeoIP Provisioning Adapter: SubnetUtils does not support IPv6 (Issue NMS-13728)

Enhancement

  • Change the webUI so it runs as a non-root user easily and reliably (Issue NMS-1231)

  • Create opennms user on install (Issue NMS-11970)

  • syslogd as non-root user (Issue NMS-11982)

  • opennms.service in non-root environment (Issue NMS-12005)

  • opennms init script "runas" setting (Issue NMS-12007)

  • TrapD won’t run as non-root user (Issue NMS-12026)

  • non-root user:group file permissions (Issue NMS-12034)

  • Documentation for reloadable daemons (Issue NMS-12611)

  • Incorporate node related information to events and alarms topic in opennms-kafka-producer feature (Issue NMS-12778)

  • Update Provisioning chapter (Issue NMS-12810)

  • Create docs about Newts confd parameters (Issue NMS-13005)

  • Allow OpenNMS Core service to run as non-root (Issue NMS-13016)

  • Improve usability and self-contained features of the Kafka Producer payload for metrics (Issue NMS-13191)

  • Upgrade Kafka components to 2.8.0 (Issue NMS-13264)

  • Monitor localhost in a fresh install (Issue NMS-13313)

  • Location dropdown on Add Node does not sort/filter (Issue NMS-13316)

  • Persist monitor status in RRD (Issue NMS-13324)

  • TSS 2.0: Improved Tag handling (Issue NMS-13356)

  • Provide ability to store aggregated flow data from Nephron in Cortex (Issue NMS-13372)

  • Investigate the Conversations related performance with Cortex & large amount of data (Issue NMS-13375)

  • Nephron: Get rid of convo_key and grouped_by_key (Issue NMS-13377)

  • Define Minion/OpenNMS Object replication Interfaces (Issue NMS-13401)

  • Integrate Object replication with Trapd (for SNMPV3 Users) (Issue NMS-13402)

  • Limit CollectionSet size in Kafka Producer to less than 1MB. (Issue NMS-13407)

  • Remove remote repository dependencies during Minion OCI build (Issue NMS-13432)

  • Implement gRPC broker for Object replication (Twin) (Issue NMS-13460)

  • Implement ActiveMQ broker for Object replication ( Twin) (Issue NMS-13461)

  • Implement In-memory broker for Object replication ( Twin) (Issue NMS-13462)

  • Implement Kafka broker for Object replication ( Twin) (Issue NMS-13463)

  • Changes to review bulk indexing with raw flow data (Issue NMS-13478)

  • Grpc IPC and Twin should be able to run from the same port (Issue NMS-13487)

  • Add Karaf Command to add query and publish Twin Objects (Issue NMS-13488)

  • delete the opennms-tools directory (Issue NMS-13563)

  • Upgrade Karaf to v4.3.2 (Issue NMS-13565)

  • Support partial updates to Twin API (Issue NMS-13576)

  • Optimize ip address handling in flow classification engine (Issue NMS-13577)

  • optimize repeated reloads of the flow classification engine (Issue NMS-13580)

  • The implementation of HealthCheck.performAsyncHealthCheck is not async (Issue NMS-13590)

  • Add 'tag' argument to health-check command (Issue NMS-13592)

  • Provide basic implementation for patch support for Twin (Issue NMS-13594)

  • Show Link State when viewing links on the Enlinkd topology maps (Issue NMS-13619)

  • Topologies menu (Issue NMS-13622)

  • Documentation for the new feature persisting flows in Cortex (Issue NMS-13635)

  • Discover LLDP topology on devices running MikroTik RouterOS (Issue NMS-13637)

  • Drop SQS support (Issue NMS-13640)

  • Remove Rest Client / OpenNMS Rest Health Checks on Minion (Issue NMS-13641)

  • Update docs with Twin implementation (Issue NMS-13642)

  • Check doc source for wiki links (Issue NMS-13688)

  • Create Release Notes for Horizon 29 (Issue NMS-13700)

  • Add Twin feature/strategy to conf.d/smoke test (Issue NMS-13701)

  • GeoIP Provisioning Adapter (Issue NMS-13704)

  • Allow PostgreSQL 14 (Issue NMS-13714)

  • Add hint for time sync on OpenNMS components (Issue NMS-13724)