21.10.10
Release date: September 20, 2022
Bug fixes
- [Administration] Fixed selection of options in second select box in ACL Group configuration page
- [Configuration] Fixed an error in the Configuration > Services > Templates menu causing HTML code to be displayed
- [Configuration] Fixed error that occurred when duplicating a Remote Server
- [Core] Cleaned code in forMyAccount
- [Core] Corrected escapeSecure usage
- [Widgets] Restored possibility to not select a poller in preferences
Security fixes
- [Administration] Sanitized and bound Centreon ACL class queries
- [CLAPI] Added a check to verify that the user has the admin role
- [CLAPI] Sanitized and bound CLAPI poller configuration queries
- [Configuration] Fixed SQLi in poller's resource creation
- [Configuration] Sanitized and bound Meta Service configuration queries
- [Configuration] Sanitized and bound command configuration queries
- [Configuration] Sanitized and bound graph configuration queries
- [Configuration] Sanitized and bound queries in centreonConnector file
- [Configuration] Sanitized and bound queries in contactgroup file
- [Configuration] Sanitized and bound queries in listServiceCategories file
- [Configuration] Sanitized and bound queries in listVirtualMetrics file
- [Configuration] Sanitized and bound queries in service argumentsXml file
- [Configuration] Sanitized and bound queries in service host categories file
- [Configuration] Sanitized and bound queries in servicegroup_dependency file
- [Configuration] Sanitized and bound templates of service listing queries
- [Monitoring] Fixed XSS vulnerability in deprecated services status details page