OpenNMS

In January, we released updates to all OpenNMS Meridian versions under active support, as well as Horizon 29.

Since last time, we worked on the config manager, Log4j, TimescaleDB, the Twin API, Karaf updates, router config handling, CI improvements, flow/Minion/Sentinel doc improvements, interface and node caching, Helm, Sentinel health-check, resource graphs in the featherds UI, and jQuery.

Since last time, we did more work on config manager migrations, OIA, asynchronous detectors, log4j2, TFTP, Nephron docs, events, caching, resource ReST API, OpenAPI, the Vue UI, Helm tests, and the geomap.

Serious remote code execution (RCE) and denial of service (DOS) vulnerabilities in Apache Log4j could affect customers running some OpenNMS products. These vulnerabilities could allow an attacker to shut down or compromise your system by causing ... [More] OpenNMS to log specially crafted messages into system log files for malicious purposes. Apache Log4j could interpret one of [...] [Less]

Since last time, we released Horizon and Meridian 73 times, and worked on Prometheus collections, Grafana package signatures, Enlinkd performance, IPC config, reports, docs for daemons, VMware, flows, and topology, config API support, running as ... [More] non-root, Sentinel, Maven, Minion, flow thresholding, discovery config, OIA, TimescaleDB, Log4j2, Karaf, the Twin API, provisioning, the vue geomap, the new UI, and Helm. [Less]

Serious remote code execution (RCE) and denial of service (DOS) vulnerabilities in Apache Log4j could affect customers running some OpenNMS products. These vulnerabilities could allow an attacker to shut down or compromise your system by causing ... [More] OpenNMS to log specially crafted messages into system log files for malicious purposes. Apache Log4j could interpret one of [...] [Less]

(deep breath) Today we released off-cycle updates to all OpenNMS Meridian versions under active support, as well as Horizon 29, to address additional Log4j2 "Log4Shell" vulnerabilities.