Release 29.0.10 contains a number of security dependency updates, plus a bunch of other bug fixes and documentation improvements.
While the dependency changes should not affect how the OpenNMS runtime works, this release contains a larger than usual number of changes to "plumbing" to facilitate these dependency updates. We strongly recommend that you do more than the usual amount of testing before deploying this update to a production environment.
For a high-level overview of what has changed in Horizon 29, see What’s New in OpenNMS Horizon 29.
The codename for Horizon 29.0.10 is Duck.
- install script fails if an OpenNMS directory contains root-owned lost+found directory (Issue NMS-14032)
- Provisiond Fails to Start when wrong data is successfully POSTed via REST to hardwareInventory endpoint (Issue NMS-14085)
- Grafana box renders raw JS when Grafana behind reverse proxy with SSO (Issue NMS-14109)
- CVE-2022-22965: Spring RCE in Data Bindings (Issue NMS-14134)
- Minions Trapd Listener Fails to Bind to udp/162 when broker is down (Issue NMS-14148)
- Fix formatting in alarmd documentation (Issue NMS-14182)
- Dependabot: update Vaadin to the latest 8.x (Issue NMS-14192)
- Upgrade groovy-all dependency (Issue NMS-14208)
- make sure license-maven-plugin is re-enabled in foundation and release branches (Issue NMS-14217)
- Upgrade jackson-mapper-asl dependency (Issue NMS-14252)
- Basic upgrade procedure (Issue NMS-13971)
- Document housekeeping tasks before upgrade (Issue NMS-13972)
- IPFIX: Also support ingressPhysicalInterface and egressPhysicalInterface for input and output ifIndex (Issue NMS-14169)
- Cleanup Ticketer docs formatting (Issue NMS-14172)
- Expand XmlCollector documented parameters (Issue NMS-14256)
- Restructure Collector docs file path (Issue NMS-14258)