[collectd] Version 5.5.2 available.

Florian Forster octo at collectd.org
Tue Jul 26 08:43:19 CEST 2016 

Hello everybody,

we're proud to announce the availability of collectd 5.5.2. As a bugfix
release, this new version only closes existing problems and does not
introduce new features.

This release fixes an issue in the Network plugin that can be triggered
remotely and is potentially exploitable (CVE-2016-6254). We urge all
users of the Network plugin to upgrade ASAP. An update to the 5.4 branch
is coming up.


Download
--------

The new version is available in source-code form from collectd's
download page. The direct download links are:

  * http://collectd.org/files/collectd-5.5.2.tar.bz2
    SHA-256: 017f3a4062187e594d8ab6af685655fb82a8a942dc574668e68242bdb8ba820f
  * http://collectd.org/files/collectd-5.5.2.tar.gz
    SHA-256: 8013ae74df2b90ec8a8e7ac5da7638e165199021eca5f423ff8ee19feac649ba


Thanks
------

Thanks to everybody who contributed to this version. In particular:

  * Andrés J. Díaz
  * Brandon Arp
  * @ciomaire
  * Corey Kosak
  * Emilien Gaspar
  * Eric Sandeen
  * Jim Quinn
  * Marc Falzon
  * Pavel Rochnyack
  * Thomas Guthmann
  * Tolga Ceylan
  * @yujokang

Special thanks to Ruben Kerkhof and Marc Fournier who did most of the
work for this release!


ChangeLog
---------

2016-07-25, Version 5.5.2
  * collectd: A division by zero has been fixed in the
    "plugin_dispatch_multivalue()" function. Thanks to Corey Kosak.
  * collectd: The address of the Free Software Foundation has been fixed
    in GPL license headers. Thanks to Ruben Kerkhof.
  * Build system: Detection and handling of librrd 1.6 and later has been
    fixed. Thanks to Ruben Kerkhof.
  * Apache plugin: A warning about a possible misconfiguration has been
    added. Thanks to Marc Fournier.
  * cURL, cURL-JSON and cURL-XML plugins: A memory leak when allocating
    more memory fails has been fixed. Thanks to Brandon Arp.
  * DF plugin: A build issue on DragonFlyBSD has been fixed. Thanks to
    Ruben Kerkhof. #1575
  * Ethstat plugin: Code to strip leading whitespace from device names.
    This works around an issue in the VMXNet3 driver. Thanks to Thomas
    Guthmann. #1059
  * Exec plugin: A problem in the error handling of an fdopen() failure
    has been fixed. Thanks to @ciomaire.
  * Modbus plugin: The debug output has been disabled by default. It is
    now only enabled when building with "--enable-debug". Thanks to Eric
    Sandeen and Marc Fournier.
  * Network plugin: A check for the initialization of secure memory has
    been added. Previously, failure to initialize this memory was
    ignored. Thanks to @yujokang. #1665
  * Network plugin: A heap overflow has been fixed in the server code.
    This issue can be triggered remotely and is potentially exploitable.
    Thanks to Emilien Gaspar. CVE-2016-6254
  * Perl plugin: Init callbacks have been changed to run essentially
    single-threaded to avoid race conditions by init functions which
    create additional threads. Thanks to Pavel Rochnyack. #1706
  * Processes plugin: A compilation error on systems without "regex.h" has
    been fixed. Thanks to Corey Kosak.
  * Processes plugin: A memory leak on Solaris has been fixed. Thanks to
    Jim Quinn.
  * Processes plugin: A warning about too long process names has been
    added. Thanks to Marc Fournier. #1284
  * Redis plugin: A memory leak in an error handling code path has been
    fixed. Thanks to Andrés J. Díaz.
  * Redis plugin: The data source type of the expired_keys metric has been
    corrected to "DERIVE". Thanks to Marc Falzon and Marc Fournier. #1483.
  * SMART plugin: A build dependency on libudev has been added. Thanks to
    Pavel Rochnyack. #1724
  * StatsD plugin: A deadlock on plugin shutdown has been fixed. Thanks to
    Pavel Rochnyack #1703
  * Write HTTP plugin: Freeing of memory holding HTTP headers during
    shutdown has been fixed. Thanks to Tolga Ceylan.
  * Write Sensu plugin: A segfault when the Tag was unset has been fixed.
    Thanks to Marc Fournier.
  * ZFS ARC plugin: The cache_operation-stolen metric has been removed for
    FreeBSD 10.2 and later. Thanks to Ruben Kerkhof. #1580


Best regards,
—octo
-- 
collectd – The system statistics collection daemon
Website: http://collectd.org
Google+: http://collectd.org/+
GitHub:  https://github.com/collectd
Twitter: http://twitter.com/collectd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://mailman.verplant.org/pipermail/collectd/attachments/20160726/a3b22ecf/attachment.sig>

More information about the collectd mailing list