github OpenNMS/opennms opennms-32.0.2-1
OpenNMS Horizon 32.0.2 (Anime Lo-fi)

latest releases: opennms-32.0.3-1, meridian-foundation-2023.1.7-1, meridian-foundation-2022.1.20-1...
one month ago

Release 32.0.2

Release 32.0.2 contains several important security fixes, one fix for a potential DOS vulnerability, and a handful of general bugfixes and enhancements.

Thanks to the following researchers for responsibly disclosing security issues in this release:

  • Moshe Appelbaum reported issue NMS-15699.
  • Jordi Morales reported issues NMS-15703, NMS-15782, and NMS-15783.
  • OSS Fuzz reported issue NMS-15877.

The codename for Horizon 32.0.2 is Anime Lo-fi.

Breaking changes

  • This release removes the "3d" variation from the JFreeChart integration, because that style has been removed upstream.


  • Document the function hiding Meta-Data values with keynames containing "password" or "secret" (Issue NMS-12808)
  • Prevent Angular evaluation of strings enclosed by two curly braces in non-Angular form-fields and output (Issue NMS-15504)
  • backport fixes from Spring Security 5.x to custom Spring Security 4.2.20.RELEASE (Issue NMS-15663)
  • XXE injection via  /rtc/post using the default rtc credentials (Issue NMS-15699)
  • ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users (Issue NMS-15703)
  • Stored XSS in multiple JSP files in opennms/opennms (Issue NMS-15782)
  • Reflected XSS in multiple JSP files in opennms/opennms (Issue NMS-15783)
  • POSTINSTALL scriptlet may fail if data/tmp/ is present but empty (Issue NMS-15809)
  • PostgreSQL shows too many clients error with a minimal setup (Issue NMS-15852)
  • java.lang.ArrayIndexOutOfBoundsException: Index 0 out of bounds for length 0 at org.opennms.netmgt.timeseries.samplewrite.MetaTagDataLoader.getNodeCriteriaFromResource( (Issue NMS-15854)
  • Kafka Producer incapable of using SSL (Issue NMS-15859)
  • Fix incorrect resource types for F5 datacollection (Issue NMS-15862)
  • Build fails due to binary file filtered resource copy (Issue NMS-15869)
  • Corrected Keystore setup instructions for minion on docker (Issue NMS-16017)
  • OpenNMS Search Bar does not retrieve nodes without foreignsource and foreignid (Issue NMS-16030)
  • Error on startup with Invalid CEN header exception (Issue NMS-16034)


  • Provide option to disable Kafka Offset Provider (Issue NMS-15336)
  • Document additional details for BMP integration (Issue NMS-15853)


  • Improve Kafka section of message broker docs in the deployment section (Issue NMS-15632)
  • Disable BeanShell interpreter remote server mode (Issue NMS-15793)
  • Include Node metadata in Measurement API query responses even if no resource data exists (Issue NMS-15839)
  • Extend filter syntax to include isSnmpPrimary (Issue NMS-15842)
  • Add docs to describe the default RRD storage retention (Issue NMS-16033)


  • Document the note to increase the maximum connection when pool size is increased (Issue NMS-16050)

Don't miss a new opennms release

NewReleases is sending notifications on new releases.