Icinga Web 2 v2.3.4, v2.2.2 and v2.1.4 Releases

We’re happy to announce the releases of the Icinga Web 2 versions 2.3.4, 2.2.2 and 2.1.4.

Besides some minor bug fixes, Icinga Web 2 version 2.3.4 tackles problems with external links and HTML in plugin output. Those were no longer rendered correctly in the previous version. You’ll find all issues for version 2.3.4 over here.

All released versions fix the possibility of remote code execution via the remote command transport. Thanks to you guys for reporting this issue. If you’re using the remote command transport, make sure to upgrade as soon as possible.

As usual you can get the packages here or check out our releases from Github.

If you’re wondering what happened with version 2.3.3, we had some packaging problems which forced us to increase the version number.

Icinga 2 v2.4.9 bugfix release

We’ve just released another minor version which fixes a few more bugs:

What’s New in Version 2.4.9


  • Bug 11801 (Perfdata): Error: Function call ‘rename’ for file ‘/var/spool/icinga2/tmp/service-perfdata’ failed with error code 2, ‘No such file or directory’
  • Bug 11804 (Configuration): Segfault when trying to start 2.4.8
  • Bug 11807 (Compat): Command Pipe thread 100% CPU Usage

Icinga 2 v2.4.8 bugfix release

We’ve just released another new minor version for Icinga 2. Some of the highlights for this version include the ability to limit the maximum number of concurrent checks that are run by Icinga. There are also a rather large number of bugfixes.

Packages for 2.4.8 should be available shortly. Here’s the list of all changes for this version:

What’s New in Version 2.4.8


* Bugfixes
* Support for limiting the maximum number of concurrent checks (new configuration option)
* HA-aware features now wait for connected cluster nodes in the same zone (e.g. DB IDO)
* The ‘icinga’ check now alerts on failed reloads


  • Feature 8137 (Checker): Maximum concurrent service checks
  • Feature 9236 (Perfdata): PerfdataWriter: Better failure handling for file renames across file systems
  • Feature 9997 (libmethods): “icinga” check should have state WARNING when the last reload failed
  • Feature 10581 (ITL): Provide icingacli in the ITL
  • Feature 11556 (libbase): Add support for subjectAltName in SSL certificates
  • Feature 11651 (CLI): Implement SNI support for the CLI commands
  • Feature 11720 (ITL): ‘disk’ CheckCommand: Exclude ‘cgroup’ and ‘tracefs’ by default
  • Feature 11748 (Cluster): Remove unused cluster commands
  • Feature 11765 (Cluster): Only activate HARunOnce objects once there’s a cluster connection
  • Feature 11768 (Documentation): Add the category to the generated changelog


  • Bug 9989 (Configuration): Service apply without name possible
  • Bug 10426 (libicinga): Icinga crashes with a segfault on receiving a lot of check results for nonexisting hosts/services
  • Bug 10717 (Configuration): Comments and downtimes of deleted checkable objects are not deleted
  • Bug 11046 (Cluster): Icinga2 agent gets stuck after disconnect and won’t relay messages
  • Bug 11112 (Compat): Empty author/text attribute for comment/downtimes external commands causing crash
  • Bug 11147 (libicinga): “day -X” time specifications are parsed incorrectly
  • Bug 11158 (libicinga): Crash with empty ScheduledDowntime ‘ranges’ attribute
  • Bug 11374 (API): Icinga2 API: deleting service with cascade=1 does not delete dependant notification
  • Bug 11390 (Compat): Command pipe overloaded: Can’t send external Icinga command to the local command file
  • Bug 11396 (API): inconsistent API /v1/objects/* response for PUT requests
  • Bug 11589 (libicinga): notification sent out during flexible downtime
  • Bug 11645 (Documentation): Incorrect chapter headings for Object#to_string and Object#type
  • Bug 11646 (Configuration): Wrong log severity causes segfault
  • Bug 11686 (API): Icinga Crash with the workflow Create_Host-> Downtime for the Host -> Delete Downtime -> Remove Host
  • Bug 11711 (libicinga): Expired downtimes are not removed
  • Bug 11714 (libbase): Crash in UnameHelper
  • Bug 11742 (Documentation): Missing documentation for event commands w/ execution bridge
  • Bug 11757 (API): API: Missing error handling for invalid JSON request body
  • Bug 11767 (DB IDO): Ensure that program status updates are immediately updated in DB IDO
  • Bug 11779 (API): Incorrect variable names for joined fields in filters

Icinga Web 2 v2.3.2, v2.2.0 and v2.1.3 hotfix releases

These ones are security-releases fixing a privilege escalation issue in the monitoring module for authenticated users. (thanks to Michael Günther from Recurity Labs for discovering this issue and to gbretsch for reporting it)
New packages for them are in progress.

What’s New in Version 2.1.3


  • Fix a privilege escalation issue in the monitoring module for authenticated users

What’s New in Version 2.2.1


  • Fix a privilege escalation issue in the monitoring module for authenticated users

What’s New in Version 2.3.2


  • Feature 11629: Simplified event-history date and time representation


  • Fix a privilege escalation issue in the monitoring module for authenticated users
  • Bug 10486: Menu rendering fails when no monitoring backend was configured
  • Bug 10847: Warn about illogical dates
  • Bug 10848: Can’t change items per page if filter is in modify state
  • Bug 11392: Can’t configure monitoring backend via the web interface when no monitoring backend was configured

Icinga 2 v2.4.7 bugfix release

The fix for “notification was not sent out to any contact” introduced a new bug. When a notification is triggered but all users won’t be notified (e.g. with state = [ OK ] as filter for a problem notification) this caused the DB IDO layer to crash. The release v2.4.7 fixes that issue. Package updates are available soon-ish as always.


What’s New in Version 2.4.7


  • Bug 11639: Crash in IdoMysqlConnection::ExecuteMultipleQueries

Icinga 2 v2.4.5 bugfix release


This bugfix release v2.4.5 fixes an issue with downtimes not being expired/activated on restart. It also fixes a problem with expired but not active downtimes. Downtimes and comments added on the master are now again synced to child zones in a cluster (broken with 2.4.0).

We’ve also re-evaluated and properly tested a patch fixing the retry interval issue after the first soft state change. The IDO related fixes target the faulty “notification was not sent out to any contact” problem inside Icinga Web 2.

We’ve also got reports on large scale installations having problems with specific Ubuntu kernels using ‘epoll’ as socket event engine. We’ve therefore added the possibility to set the EventEngine to ‘poll’ which allows users a safe fallback. We’ll investigate further on this possible kernel bug.

For more details please read the Changelog.

Windows Packages

The Windows setup wizard has been overhauled in order to fix some well known bugs. The way the installer works has been changed from NSIS (.exe) to MSI packages. This further allows us to build x86 and x64 packages. The upcoming Windows Server 2016 release will add a new installation option called “nano server” which excludes the x86 (WOW64) support.

Please note an important change with the configuration and state data: Previous installations kept that underneath “C:\Program Files (x86)\ICINGA2”. The new location is the (hidden) directory “C:\ProgramData\icinga2”.

The installer will copy all files on upgrade to the new location. Once you start the Icinga 2 Wizard and it detects a running service, you’ll find a new button called “Examine Config” which opens the directory in your Windows explorer.

The chocolatey builds have been updated as well. The documentation for the Windows installation now also provides screenshots for all important steps to take.

Check Command Timeout

Currently you cannot override the timeout attribute for CheckCommand objects provided by the ITL. We’ve come up with a solution to that – you can now specify the check_timeout attribute for host and service objects. It will override the existing timeout value. That way your VMware, Windows update, etc. checks will work again smoothly without having to modify/copy the ITL CheckCommand objects.


Packages for your favourite distribution should be available soon. Meanwhile check the Changelog.


What’s New in Version 2.4.5


  • Windows Installer changed from NSIS to MSI
  • New configuration attribute for hosts and services: check_timeout (overrides the CheckCommand’s timeout when set)
  • ITL updates
  • Lots of bugfixes


  • Feature 9283: Implement support for overriding check command timeout
  • Feature 9618: Add Windows setup wizard screenshots
  • Feature 11098: Add –method parameter for check_{oracle,mysql,mssql}_health CheckCommands
  • Feature 11194: Add –units, –rate and –rate-multiplier support for the snmpv3 check command
  • Feature 11399: Update .mailmap for Markus Frosch
  • Feature 11437: Add silent install / reference to NSClient++ to documentation
  • Feature 11449: Build 64-bit packages for Windows
  • Feature 11473: Update NSClient++ to version
  • Feature 11474: Install 64-bit version of NSClient++ on 64-bit versions of Windows
  • Feature 11585: Make sure to update the agent wizard banner
  • Feature 11587: Update chocolatey uninstall script for the MSI package


  • Bug 9249: logrotate fails since the “su” directive was removed
  • Bug 10624: Add application manifest for the Windows agent wizard
  • Bug 10843: DB IDO: downtime is not in effect after restart
  • Bug 11106: Too many assign where filters cause stack overflow
  • Bug 11224: Socket Exceptions (Operation not permitted) while reading from API
  • Bug 11227: Downtimes and Comments are not synced to child zones
  • Bug 11258: Incorrect base URL in the icinga-rpm-release packages for Fedora
  • Bug 11336: Use retry_interval instead of check_interval for first OK -> NOT-OK state change
  • Bug 11347: Symlink subfolders not followed/considered for config files
  • Bug 11382: Downtimes are not always activated/expired on restart
  • Bug 11384: Remove dependency for .NET 3.5 from the chocolatey package
  • Bug 11387: IDO: historical contact notifications table column notification_id is off-by-one
  • Bug 11402: Explain how to use functions for wildcard matches for arrays and/or dictionaries in assign where expressions
  • Bug 11407: Docs: Remove the migration script chapter
  • Bug 11434: Config validation for Notification objects should check whether the state filters are valid
  • Bug 11435: Icinga 2 Windows Agent does not honor install path during upgrade
  • Bug 11438: Remove semi-colons in the auto-generated configs
  • Bug 11439: Update the CentOS installation documentation
  • Bug 11440: Docs: Cluster manual SSL generation formatting is broken
  • Bug 11455: ConfigSync broken from 2.4.3. to 2.4.4 under Windows
  • Bug 11462: Error compiling icinga2 targeted for x64 on Windows
  • Bug 11475: FatalError() returns when called before Application.Run
  • Bug 11482: API User gets wrongly authenticated (client_cn and no password)
  • Bug 11484: Overwriting global type variables causes crash in ConfigItem::Commit()
  • Bug 11494: Update documentation URL for Icinga Web 2
  • Bug 11522: Make the socket event engine configurable
  • Bug 11534: DowntimesExpireTimerHandler crashes Icinga2 with
  • Bug 11542: make install overwrites configuration files
  • Bug 11559: Segfault during config validation if host exists, service does not exist any longer and downtime expires
  • Bug 11564: Incorrect link in the documentation
  • Bug 11567: Navigation attributes are missing in /v1/objects/
  • Bug 11574: Package fails to build on *NIX
  • Bug 11577: Compiler warning in NotifyActive
  • Bug 11582: icinga2 crashes when a command_endpoint is set, but the api feature is not active
  • Bug 11586: icinga2-installer.exe doesn’t wait until NSIS uninstall.exe exits
  • Bug 11592: Remove instance_name from Ido*Connection example
  • Bug 11610: Windows installer does not copy “features-enabled” on upgrade
  • Bug 11617: Vim Syntax Highlighting does not work with assign where