summaryrefslogtreecommitdiffstats
path: root/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS109
1 files changed, 109 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index fd43fd3a..4f9a4943 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,114 @@
1This file documents the major additions and syntax changes between releases. 1This file documents the major additions and syntax changes between releases.
2 2
33.0.1 1st July 2026
4 Codename: Mileva Marić
5
6 This release fixes a potential local privilege escalation vulnerability
7 in 'check_icmp' which was introduced in 3.0.0.
8
9 FIXES
10 * check_icmp
11 * Reject more than 65535 target hosts to prevent a buffer overflow
12 before privilege drop
13 * Fix privileged out-of-bounds access when a single-character
14 threshold is given
15 * Reject negative ICMP data length (-b) to prevent a buffer overflow
16 when building the ICMP packet
17 * check_curl
18 * Populate the DNS cache when resolving locally instead of remotely
19 * other smaller improvements
20 * check_mysql_query
21 * Add option '--queryname' to replace the actual query in output
22 * check_mysql:
23 * Fix casing of the MariaDB string
24
25 * General
26 * if the net-snmp library is not available at compile time 'check_snmp' will not be build
27 but the build itself will not fail.
28 This reproduces the behaviour before 3.0.0, where the lack of 'snmpget' caused
29 'check_snmp' to be removed from build targets
30
313.0.0 16th Jun 2026
32 Codename: Johann Georg Elser
33
34 This release contains a lot of changes (at least at the C side of things),
35 both regarding the code, but also regarding the development itself.
36 There are some breaking changes included, including the deprecation or removal of Plugins.
37
38 Removals
39 * check_nt
40 * check_ntp
41 * check_nwstat
42 * check_overcr
43
44 Deprecations
45 Deprecated plugins are marked as dead but still there since they are
46 in common usage. They will not be developed any further, but patches may get
47 accepted if there is not much effort and a low risk of breaking something.
48 It is recommended to stop using them and they will be removed in a future release
49 * check_http, the replacement is check_curl
50
51 General changes
52 * check_curl is no longer experimental and can be considered stable
53 * check_snmp links directly against net-snmp instead of executing `snmpget` (or `snmpgetnext`)
54 * the vendored version of Gnulib was updated
55 * IPv6 is no longer optional
56 * All of the C plugins were heavily refactored to homongenize the code
57 * Far less global variables to reduce complexity and side effects
58 * A more or less common structure to reduce the mental overhead
59 * All of the C code is now formatted with clang-format
60
61 Fixes
62 * multiple plugins
63 * improved error message for missing certificate
64 * fixes for compiler warnings
65 * Compilation on OpenBSD was fixed
66 * added CHECK_EOF to work around warnings about EOF and -1 being the same
67 * lots of Typos
68 * check_curl
69 * fix relative redirects on non-standard port
70 * raise SSL issue when --continue-after-certificate is used
71 * Documentation for --certificate, --cookie-jar
72 * fix help for regex state
73 * fix OpenSSL SSL_read: error: ... unexpected eof while reading
74 * update TLS notification notes
75 * enable internal cookie handling
76 * Fix sticky redir
77 * try to be more helpful in check_curls help
78 * abort redir if location is not found
79 * old style follow on redirect did miss some parts
80 * check_fping
81 * Improve handling of IPv4/IPv6 options
82 * check_ssh
83 * Fix a buffer overflow situation
84 * check_by_ssh
85 * Ignore output on stderr by default
86 * check_snmp
87 * Put all privproto/authproto options into help
88 * check_mysql
89 * Fix replica check on newer versions of MySQL
90
91 Enhancements
92 * multiple plugins
93 * A new output infrastructure for the C part of the project
94 * Removes some text formatting complexity from individual plugins
95 * Multi line output is the new default and should make the output better readable
96 * Centralised formatting allows for extenting the output format
97 * Most of the C plugins were migrated to the new system
98 * On OpenBSD some plugins restrict themselves to reduce security risks
99 * check_dig: add -E/--require-flags and -X/--forbid-flags
100 * check_ifstatus: Add -d switch
101 * check_fping
102 * Add dontfrag / random flags
103 * Add fwmark option
104 * Add icmp-timestamp option
105 * Add check-source option
106 * check_curl
107 * Add proxy option (similar to `curl`)
108 * Add selectable timeout return state
109 * check_http
110 * Add selectable timeout return state
111
32.4.0 25th Jul 2024 1122.4.0 25th Jul 2024
4 FIXES 113 FIXES
5 * check_dbi: Compiler warning for uninitialized variable 114 * check_dbi: Compiler warning for uninitialized variable