:: New Features and Improvements [ZBXNEXT-1421] added service sorting by name if multiple services has same 'sortorder' value [ZBXNEXT-3493] added Windows service configuration check to determine if service can be trigger started [ZBXNEXT-4019] implemented default widget refresh interval [ZBXNEXT-4081] improved error message for case when none of supported database modules exists :: Bug Fixes [DEV-593] fixed multiple security issues [ZBX-12874] fixed target list to be meaningless if custom set of commands is executed on zabbix server [ZBX-12936] fixed update proxy lastaccess value when receiving data [ZBX-12854] fixed crash of VMware collector with DebugLevel=4 [ZBX-12903] added floating value range validation for metrics calculated by server [ZBX-12904] added validation for groupid and hostid parameters in dashboard view [ZBX-12837] fixed error in action update when changing media type [ZBX-11902] fixed CPU count for LPAR partitions in IBM AIX [ZBX-12778] fixed problem.get and event.get API methods when "selectTags" option contains extended output [ZBX-12260] fixed windows agent to support UTF-16LE, UCS-2, UCS-2LE encodings [ZBX-12853] fixed last access not being updated for passive proxies after getting historical data [ZBX-6669] fixed use of current host as filter when selecting items for graph forms and trigger forms [ZBX-12722] fixed scrollbar causing a JS error in "500 latest values" page due to unnecessarily initialization [ZBX-12860] fixed problem counting in host groups in navigation tree widget [ZBX-12710] fixed OS type detection logic [ZBX-12543] fixed problems with session management [ZBX-12670] fixed {HOST.*} macro support in map trigger elements [ZBX-12784] fixed advanced label support in map editing mode [ZBX-12666] fixed ETag comparison check in jsLoader for web server with enabled compression [ZBX-12775] fixed undefined index error in dashboard problems widget [ZBX-12857] improved pre-processing manager performance when processing large number of values [ZBX-12259] added an informative warning about lack of data for macros used in LLD rule filter https://www.zabbix.com/rn3.4.4
Bumped. [DEV-593] fixed multiple security issues this might require stabling new versions, CCing security@
thank you!
Vulnerability Details : CVE-2017-2824 An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability. Publish Date : 2017-05-24 Last Update Date : 2017-11-05 Vulnerability Details : CVE-2016-10134 SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. Publish Date : 2017-02-16 Last Update Date : 2017-11-03 @Maintainers I'm adding two CVEs to the list, but those are not affecting Gentoo, if you find any that affects a current stable version please let us know. Thank you