[collectd] Version 5.6.3 available.
Florian Forster
octo at collectd.org
Fri Oct 6 09:29:16 CEST 2017
Hello everybody,
version 5.6.3 of collectd is available. This is going to be the last release of
the 5.6 line since we're getting ready to release 5.8 soon.
This release fixes a DoS vulnerability in the Network plugin that can be
triggered remotely (CVE-2017-7401). We strongly recommand to upgrade to this
release (unless you're running 5.7).
Download
--------
The new version is available in source-code form from collectd's
download page. The direct download links are:
* http://collectd.org/files/collectd-5.6.3.tar.bz2
SHA-256: 8a97161b354456ed91ec02dd5f47658197f7e18388f3af9d636aae506f795304
Thanks
------
Thanks to everybody who contributed to this version. In particular, this
release includes code contributions by:
* Denys Fedoryshchenko
* Ed Ravin
* Florian Forster
* Iain Buclaw
* Krzysztof Matczak
* Marc Fournier
* Neil Wilson
* Pavel Rochnyack
* Ruben Kerkhof
* Sebastian Harl
ChangeLog
---------
2017-10-06, Version 5.6.3
* collectd: support for boolean string config values has been
reintroduced. Thanks to Sebastian Harl. #2083, #2098
* collectd: The capability checking has been changed to use
"cap_get_proc()". Thanks to Marc Fournier. #2151
* Documentation: A section documenting ignore lists has been added to
collectd.conf(5). Thanks to Florian Forster.
* AMQP plugin: The "ExchangeType" option is now also valid for
publishers. Thanks to Florian Forster. #2286
* Apache, Ascent, BIND, cURL, cURL-JSON, cURL-XML, nginx, Write HTTP
plugins: Handling of URLs that redirect elsewhere has been fixed.
Thanks to Pavel Rochnyack. #2328
* BIND plugin: Fix parsing of the sample time provided by BIND.
Previously, the time was assumed to be in the local time zone when in
fact it was in UTC. Thanks to Ed Ravin. #1268
* BIND plugin: Memory leaks have been fixed. Thanks to Ruben Kerkhof.
#2303
* Chrony plugin: Build flags have been fixed. Thanks to Thomas Jost and
Marc Fournier. #2133
* cURL-JSON plugin: The timeout value has been changed to default to the
collection interval. This fixes a regression. Thanks to Marc Fournier.
* cURL-JSON plugin: Handling of arrays has been fixed. Thanks to Florian
Forster. #2266
* DBI plugin: Memory leaks at shutdown have been fixes. Thanks to Pavel
Rochnyack and Florian Forster.
* E-Mail, Exec, UnixSock plugins: Group ID lookup on systems with many
groups has been fixed. Thanks to Ruben Kerkhof and Florian Forster.
#2208
* IPC plugin: A compilation error on AIX has been fixed. Thanks to Pavel
Rochnyack. #2305
* LogFile plugin: If writing to the file fails, print log messages on
"STDERR" instead. Thanks to Marc Fournier.
* Log Logstash plugin: If writing the log entry fails, print it to
"STDERR" instead. Thanks to Marc Fournier.
* memcachec, Tail plugins: A resource leak in the matching
infrastructure has been fixed. Thanks to Krzysztof Matczak. #2192
* MQTT plugin: Invalid symbols in topic names are now replaced and a
resource leak has been fixed. Thanks to Denys Fedoryshchenko. #2123
* Network plugin: A potential endless-loop has been fixed. This can be
triggered remotely by sending a signed network packet to a server
which is not set up to check signatures. Thanks to Marcin Kozlowski
and Pavel Rochnyack. #2174, #2233, CVE-2017-7401
* Network plugin: A use-after-free has been fixed. Thanks to Pavel
Rochnyack. #2375
* Notify Email plugin: The plugin is no longer explicitly linked against
libssl and libcrypto, relies on libesmtp being linked correctly.
Thanks to Marc Fournier. Debian#852924
* NTPd plugin: Calculation of loop offset and error has been fixed.
Thanks to Neil Wilson. #2188
* OpenLDAP plugin: An incorrect use of the ldap library, leading to a
crash, has been fixed. Thanks to Marc Fournier. #2331
* Perl plugin: A potential double-free has been fixed. Thanks to Florian
Forster. #2278
* Perl plugin: Print an error when an incorrect configuration is
encountered. Thanks to Pavel Rochnyack. #927
* RRDtool plugin: Incorrect handling of the flushes timeout option has
been fixed. Handling of the "RandomTimeout" has been fixed. Thanks to
Pavel Rochnyack. #2363
* SMART plugin: Some warning messages have been removed and the code has
been cleaned up. Thanks to Florian Forster. #2062
* SMART plugin: A check for the "CAP_SYS_RAWIO" capability has been
added. Thanks to Marc Fournier.
* SNMP plugin: A double free has been fixed. Thanks to Pavel Rochnyack.
#2291
* Write Graphite plugin: Error handling in the case that calculating a
metric's rate fails has been improved. Previously, the raw counter
values were sent to Graphite. Thanks to Iain Buclaw. #2209
* Write Kafka plugin: A 32 bit random number is now used when formatting
a random key. Thanks to Florian Forster. #2074
Best regards,
—octo
--
collectd – The system statistics collection daemon
Website: http://collectd.org
Google+: http://collectd.org/+
GitHub: https://github.com/collectd
Twitter: http://twitter.com/collectd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://mailman.verplant.org/pipermail/collectd/attachments/20171006/3b522031/attachment.sig>
More information about the collectd
mailing list