OpenNMS

In the last week we worked on Newts, Kafka queues, transitioning from OpenBMP, a configuration API, documentation, event definitions, Nephron benchmarking, UI/UX cleanups, ReST improvements, and user validation. Github Project Updates Internals ... [More] , APIs, and Documentation Dustin fixed an issue with TTL handling in Newts. Dustin's fix for cache priming in Newts was backported to some [...] [Less]

In the last week we disclosed a JEXL vulnerability, did more bug fixing, updated Nephron and flow handling, worked on a new configuration API, did more JDK 11 updates, more documentation fixups, CDP/LLDP searching, QoS/ToS improvements, OpenBMP migration, and more.

OpenNMS Security Issue Requires Immediate Upgrade The OpenNMS Group recently learned about and fixed a security vulnerability that allowed local and remote code execution as an authenticated user via a custom, targeted JEXL expression. Thank you to ... [More] Artem Smotrakov for notifying us of this issue. CVE-2021-3396 applies to the following: Meridian-2016.1.0 - Meridian-2016.1.24 Meridian-2017.1.0 - [...] [Less]

Due to the recent supply-chain attack on Solarwinds products, I wanted to put down a few thoughts on the role of open source software and security. It is kind of a rambling post and I’ll probably lose all three of my readers by the end, but I found it interesting to think about how we […]

In the last week we did more bugfixing, continued to work on JDK11-based builds, a new config API, in-core BMP support, build infrastructure updates, UI/UX cleanups, and tons of documentation tweaks.

A couple of weeks ago I had the pleasure to chat with Viktor Madarasz on “The Server Room Show” podcast. Viktor is an IT professional with a strong interest in open source, and we had a fun and meandering conversation covering a number of topics. As usual, I talked to much so he ended up […]

I noticed a recent uptick in activity on Twitter about open source Contributor License Agreements (CLAs), mostly negative. The above comment is from a friend of mine who has been involved in open source longer than I have, and whose opinions I respect. On this issue, however, I have to disagree. This is definitely not […]

Getting started with OpenNMS can be a little daunting, so I thought I’d group together some of the best places to start. When OpenNMS began 20+ years ago, the main communication channel was a group of mailing lists. For real time interaction we added an “#opennms” IRC channel on Freenode as well. As new technology […]

We recently learned about a security issue with OpenNMS. Please refer to CVE-2021-3396 for more information. To protect everyone using OpenNMS from an exploitation of this vulnerability, the CVE will not provide full details of the vulnerability ... [More] until Tuesday, February 16, 2021. This should provide time to upgrade your system before full public disclosure. This [...] [Less]

In the last week we worked on flow improvements including QoS/ToS aggregation, the JMX monitor, Telemetryd and Vacuumd bugs, Minion confd, OpenBMP, JMX Prometheus publishing, JEXL, config managment, node metadata import, and UI fixes.