OpenNMS Horizon 32.0.0 (Cavernous Death Metal)

Release 32.0.0

Horizon 32 features a slew of bug fixes and a number of major improvements, most notably the introduction of JDK17 support, and a major uplift in the Newts backend.

The codename for Horizon 32.0.0 is Cavernous Death Metal.

Enhancement

• Add lldpRemLocalPortNum in LldpLink Table (Issue NMS-7775)
• dependabot: JasperReports from 6.3.0 to 6.20.0 (Issue NMS-14588)
• Enhanced Linkd supports Network-Routers Map (Issue NMS-14678)
• Destination Path Test Button (Issue NMS-14692)
• Node Properties REST endpoint doesn’t include asset location data (Issue NMS-14785)
• fix/re-merge additional changes to password validation (Issue NMS-14898)
• Provide a method to verify topology capability (Issue NMS-14909)
• Special-case CounterBasedGauge64 in MIB compiler (Issue NMS-15210)
• Remove contrib from OpenNMS (Issue NMS-15268)
• Upgrade Groovy to 3.x (Issue NMS-15315)
• Create an Apache mina-sshd based ssh client service poller. (Issue NMS-15431)
• Add a method for finding and clearing alarms by TTicketID to OPA’s AlarmDAO (Issue NMS-15439)
• Upgrade Spring Security (Issue NMS-15506)
• Doc: PersistRegexSelectorStrategy only works on string attributes (Issue NMS-15595)
• Enable AmbientCapabilities=CAP_NET_RAW CAP_NET_BIND_SERVICE in shipped opennms.service systemd file (Issue NMS-15596)
• Remove legacy lsb info from Minion initialization script (Issue NMS-15604)
• Asynchronous polling engine (Issue NMS-15623)
• Update documentation (or implementation) for newer Slack API (Issue NMS-15652)
• Make usage statistics sharing notice dialog non-modal (Issue NMS-15677)
• Docs: Add info about XSLT to XmlCollector (Issue NMS-15693)
• Doc: Update DNS provisioning import adapter docs (Issue NMS-15694)
• KSC report "details" should go directly to the related graph, rather than "all" (Issue NMS-15711)
• Add more collection for selfmonitor node out of box (Issue NMS-15742)

Task

• TrivialTimeMonitor & detector (Issue NMS-11063)
• Rework NMS0123EnIT test (Issue NMS-14743)
• Multiple CVEs for Axis 1.4 (Issue NMS-15061)
• Make test for Admin page footer Copyright year (Issue NMS-15220)
• Fix coverage test containers after we resolve NMS-15401 (Issue NMS-15444)
• Poll Status History: Enable Poll Status RRD for all services (Issue NMS-15641)
• Poll Status History: Change documentation to reflect the changes (Issue NMS-15642)
• Poll Status History: Add RRD graph definitions for all services in a default poller-configuration.xml (Issue NMS-15643)
• Document async polling settings (Issue NMS-15680)
• Update docs to capture additional details on BMP config (Issue NMS-15713)
• Tweak usage statistics sharing notice copy (Issue NMS-15740)
• Call out usage statistics consent changes in Horizon 32.0.0 release notes (Issue NMS-15796)

Bug

• Multiple OpenNMS feature stop working when the Events Forwarder cannot push content to Elasticsearch (Issue NMS-13019)
• rest api wrong LinkdTopologyProvider graphs (Issue NMS-14329)
• Inconsistent references to JMXCollect/Monitor for "password-clear"/"password_clear" (Issue NMS-14884)
• Docker images for Horizon 30.0.4 and later no longer have an editor or a modern pager (Issue NMS-14946)
• CVE-2014-2228 for org.restlet 1.1.10 (Issue NMS-15193)
• Page footer missing from Feather / Vue UIs (Issue NMS-15262)
• Dead transaction in flow thresholding on sentinel (Issue NMS-15340)
• Event Datetime element parsing changed between M2018 and M2021 (Issue NMS-15471)
• Backshift graph’s Data tab shows incorrect / phantom data when using STACK (Issue NMS-15495)
• Status Overview box calculation included the alarms and outages from nodes outside of the assigned categories (Issue NMS-15526)
• When upgrading Minion from an older version on RHEL based systems, the service file doesn’t point to the main installation, but rather to /etc/init.d/minion which doesn’t exist (Issue NMS-15600)
• When upgrading Sentinel from an older version, the service file doesn’t point to the main installation, but rather to /etc/init.d/sentinel which doesn’t exist (Issue NMS-15601)
• send-events-to-elasticsearch karaf command passes username/password in reverse (Issue NMS-15638)
• Doc: File name syslog-grok-patterns.txt is wrong (Issue NMS-15684)
• Stop packaging activemq-web-console.war (Issue NMS-15686)
• Database deadlock caused by JdbcFilterDao (Issue NMS-15696)
• Karaf SSH locks up if connections are terminated improperly (Issue NMS-15714)
• Vue menubar logo link should go to homeUrl (Issue NMS-15721)
• https redirection is partially broken (Issue NMS-15732)
• Startup taking > 10 minutes on fresh 32.0.0 builds (Issue NMS-15751)
• Docs need updating to include support for Kafka 3 (Issue NMS-15777)
• Add /usr/lib64/jvm to find-java.sh search paths (Issue NMS-15784)

Research

• Investigate using trivy to scan containers (Issue NMS-14781)

Story

• New REST endpoint provides textual description given a top-level usage statistics KPI key name (Issue NMS-15476)
• Data choices modal dialog removed from first admin user login (Issue NMS-15478)
• New usage statistics sharing notice dialog (Issue NMS-15479)
• Usage Statistics Sharing UI (Issue NMS-15481)
• Data Choices link removed in favor of Usage Statistics Sharing UI (Issue NMS-15482)
• Data Choices modal dialog removed entirely (Issue NMS-15483)
• Fresh installs assume usage statistics sharing consent (Issue NMS-15485)
• Usage statistics sharing UI includes control to revoke sharing consent (Issue NMS-15486)
• Docs explicitly state that statistics sharing consent is assumed and how to revoke it (Issue NMS-15490)
• Official documentation describes how to uninstall and block "datachoices" feature (Issue NMS-15491)
• Existing opted-out installs stay opted out of usage statistics sharing (Issue NMS-15492)
• Existing opted-out installs never show the Sharing Notice Dialog (Issue NMS-15493)
• Existing opted-out install Usage Statistics Sharing UI behaves like a revoked install (Issue NMS-15494)
• Upgrade to Newts 3.0.0 (Issue NMS-15514)
• Native support for Holt-Winters forecast (no dep on R) (Issue NMS-15622)
• Review and adjust default and example startup settings (Issue NMS-15635)

New Feature

• update opennms build and runtime to support JDK17 (Issue [NMS-15609]...

OpenNMS Horizon 31.0.9 (Ballokume)

Release 31.0.9

Release 31.0.9 contains one CVE-related security fix, a generous helping of other bug fixes, and a several small enhancements intended to improve supportability.

The codename for Horizon 31.0.9 is Ballokume.

Breaking changes

• This release has moved to a newer major version of Spring Security to address a number of CVEs, which necessitated changes to the $OPENNMS_HOME/jetty-webapps/opennms/WEB-INF/applicationContext-spring-security.xml file, so if you have modified this file in your installs, be sure to note your changes so you can re-apply them to the updated version.
• The script $OPENNMS_HOME/bin/install checked whether $myser equals $RUNAS before sourcing $OPENNMS_HOME/etc/opennms.conf, which caused startup to fail every time unless the script were run as root; if you have patched that file on your system, watch out for a .rpmsave or .dpkg-new file.

Enhancement

• Codify code copyright conventions and guidelines (Issue NMS-13908)
• Add diagnostic commands to Karaf shell for various internal schedulers (Issue NMS-14526)
• Node Properties REST endpoint doesn’t include asset location data (Issue NMS-14785)
• Add a method for finding and clearing alarms by TTicketID to OPA’s AlarmDAO (Issue NMS-15439)
• Upgrade Spring Security (Issue NMS-15506)
• Simplify the installation docs (Issue NMS-15518)
• Docs: Add info about XSLT to XmlCollector (Issue NMS-15693)
• Doc: Update DNS provisioning import adapter docs (Issue NMS-15694)

Task

• Remove unsupported configuration from documentation on Cortex Plugin (Issue NMS-14969)
• Multiple CVEs for Axis 1.4 (Issue NMS-15061)

Bug

• Fixing typo for event uei.opennms.org/internal/schedOutagesChanged (Issue NMS-15421)
• Sentinels need local copy of thresholding config. (Issue NMS-15422)
• Event Datetime element parsing changed between M2018 and M2021 (Issue NMS-15471)
• install script checks for equality of myuser and RUNAS before sourcing opennms.conf (Issue NMS-15610)
• timeout is using DEFAULT_TIMEOUT value instead of the value from properties file when no -t option is specified (Issue NMS-15664)
• Stop packaging activemq-web-console.war (Issue NMS-15686)
• Database deadlock caused by JdbcFilterDao (Issue NMS-15696)
• Karaf SSH locks up if connections are terminated improperly (Issue NMS-15714)

Story

• Need a way to get a heap dump in a Docker container — no jstack/jmap/jcmd (Issue NMS-15532)
• Docs section about startup configuration and opennms.conf (Issue NMS-15634)
• OpenAPI docs for Requisition REST service (Issue NMS-15639)

OpenNMS Horizon 31.0.8 (Spritzgebäck)

Release 31.0.8

Release 31.0.8 contains four security vulnerability fixes and a generous helping of other bug fixes. It also includes a few small enhancements to the startup scripts and other components.

The codename for Horizon 31.0.8 is Spritzgebäck.

Bug

• POW Arithmetic Operator Does not work with Backshift Graphing Engine (Issue NMS-14779)
• Cacheable HTTPS Responses - Cache Control Directive Missing or Misconfigured (Issue NMS-14936)
• REST API: Deleting nodes fails with "could not insert: [org.opennms.netmgt.model.OnmsAssetRecord]" error message (Issue NMS-15033)
• Plaintext Password Present in the Web logs (Issue NMS-15305)
• Stored XSS on Quick-Add Node (Issue NMS-15308)
• Geographical Map map search capability is not as described in the docs (Issue NMS-15426)
• Foundation-2020: Snmp4JValueFactory: getOctetString displayable should be true (Issue NMS-15599)
• Jetty CVE-2023-26048/CVE-2023-26049 (Issue NMS-15612)
• Update to latest groovy 2.x (Issue NMS-15633)
• $OPENNMS_HOME/etc/THIRD-PARTY.txt has gone missing with Horizon 31.0.6 and onwards (Issue NMS-15636)
• SNMPv3 support for AES256 appears broken (Issue NMS-15637)

New Feature

• Add a CLI mechanism to set the admin password (Issue NMS-15221)

Story

• Add KPI for boolean containerization status (Issue NMS-15368)
• Add REST endpoint exposing usage analytics KPIs (Issue NMS-15371)
• Usage statistics docs updated to include containerization status (Issue NMS-15627)

Enhancement

• Smoke test improvements and small tweaks to help developers (Issue NMS-15387)

Task

• DOC: Pull changes into foundation branch (Issue NMS-15658)

OpenNMS Horizon 31.0.7 (Snickerdoodle)

Release 31.0.7

Release 31.0.7 is an off-cadence release containing several small bug fixes. Most notably, it upgrades the OpenNMS Plugin API host to version 1.4.0, enabling OPA plugins targeting that version to load successfully.

The codename for Horizon 31.0.7 is Snickerdoodle.

Bug

• Adding new thresholds to an existing group often throws an IndexOutOfBoundsException (Issue NMS-15334)
• A small typo in plugin.sh prevents artifacts from GitHub to be included in containers (Issue NMS-15592)
• Syslog Northbounder maxMessageSize config option is not used (Issue NMS-15606)

Task

• Visualization of database-report templates in docs (Issue NMS-15423)
• Add Velocloud plugin in our core and minion containers (Issue NMS-15567)

Story

• Implement collector config extensions – NMS side (Issue NMS-15585)

OpenNMS Horizon 31.0.6 (Coyotas)

Release 31.0.6

Release 31.0.6 contains a bunch of bug fixes, along with fixes for several security vulnerabilities. It also upgrades the embedded Drools library from v7.x to v8.x, so be sure to test any custom rules that you depend on before moving to production.

The codename for Horizon 31.0.6 is Coyotas.

Bug

• DOC: Document Newts fetch step / heartbeat settings in opennms.properties (Issue NMS-10155)
• Document the function hiding Meta-Data values with keynames containing "password" or "secret" (Issue NMS-12808)
• Scriptd consumes CPU even when it does nothing (Issue NMS-13216)
• dependabot: upgrade Apache POI to at least 4.1.1 (CVE-2019-12415) (Issue NMS-14589)
• POW Arithmetic Operator Does not work with Backshift Graphing Engine (Issue NMS-14779)
• Form Can Be Manipulated with Cross-Site Request Forgery (CSRF) (Issue NMS-14865)
• Multiple CVEs for cxf 3.2.8 (Issue NMS-15065)
• The management of alarms (escalation, and acknowledge) on the new MAP UI does not work for user without ROLE_REST. (Issue NMS-15080)
• Concurrent requests to rrd summary endpoint fails (Issue NMS-15086)
• Statistics Reports → Export Excel fails with exception (Issue NMS-15148)
• No health check for the OpenNMS Core container (Issue NMS-15291)
• Inconsistent expectations on TimeseriesStorageManager.get() with null return values (Issue NMS-15323)
• Polling and metrics storage can hard fail if opennms-timeseries-api is reloaded (Issue NMS-15325)
• Destroying container for blueprint bundle org.opennms.features.org.opennms.features.timeseries leads to downstream problems (Issue NMS-15326)
• The various SNMP extenders to not work with ifIndex-indexed resources (Issue NMS-15342)
• SNMP Interfaces Endpoint returns multiple values [duplicates] when there are multiple "IP Interfaces" pointing to same SNMP-IfIndex "ipAdEntIfIndex". (Issue NMS-15352)
• Missing XML Validation in Apache Xerces2 (Issue NMS-15373)
• Adding or editing a schedule outage doesn’t reload the configuration for Threshd (Issue NMS-15420)
• M2022 Minions > 2022.1.8 Cannot use SCV credentials (Issue NMS-15450)
• Event Datetime element parsing changed between M2018 and M2021 (Issue NMS-15471)
• Minimum system requirements does not enumerate RHEL9 support (Issue NMS-15499)
• Cortex plugin has no LICENSE.md (Issue NMS-15521)
• upgrade Xalan to 2.7.3 (CVE-2022-34169) (Issue NMS-15578)

Enhancement

• Deploy Release Jars to Maven Central (Issue NMS-14727)
• DOC: Create documentation for vacuumd (Issue NMS-15440)
• Upgrade Drools to 8.34.0.Final (from 7.31.0.Final) (Issue NMS-15459)
• Update docs to include RHEL9 and Rocky/Alma compatability (Issue NMS-15500)
• re-enable license maven plugin as a separate job (Issue NMS-15572)

Task

• DOC: Update replacement tokens documentation (Issue NMS-15045)
• Vulnerable c3p0 0.9.1.1 packaged in Meridian 2021 (Issue NMS-15072)
• DOC: Restructure Alarm History documentation (Issue NMS-15287)

OpenNMS Horizon 31.0.5 (Macaron)

Release 31.0.5

Release 31.0.5 is a bugfix release that also incorporates several documentation improvements, upgrades a couple of library dependencies, improves how plugins are included in the container images, and adds one small enhancement to the web UI.

The codename for Horizon 31.0.5 is Macaron.

Story

• Upgrade ActiveMQ to 5.15 (Issue NMS-12089)
• Add documentation for using Scheduled Outages (Issue NMS-12621)

Enhancement

• Replace wiki links across all codebase (Issue NMS-13912)
• dependabot: mockito 3.4.6 to 4.6.1 (Issue NMS-14586)
• DOC: Timeseries Documentation (Issue NMS-14959)
• DOC: Configuration Manager API for External Requisitions is not documented (Issue NMS-15019)
• Update dual write docs to clarify configuration (Issue NMS-15425)
• Add collection package information to web UI (Issue NMS-15429)
• PersistRegexSelectorStrategy is not where the docs say it should be (Issue NMS-15461)

Bug

• Minion on Ubuntu fails to start (Issue NMS-15160)
• Upgrade HikariCP to 5.x (Issue NMS-15171)
• Docs: The "Housekeeping Tasks" page should not tell the user to always run fix-karaf-setup.sh on upgrade (Issue NMS-15296)
• Elevation on Feather nav bar header casts undesirable shadow (Issue NMS-15367)
• Docs: Update path reference for PostgreSQL config files (Issue NMS-15381)
• opennms-karaf-health is not last in featuresBoot — might miss status for a few features (Issue NMS-15407)
• Add Jdbc graph definitions for default collection set (Issue NMS-15419)
• Invalid syntax due to typo in provisiond snmp graph (Issue NMS-15434)

Task

• Number examples in service monitor chapters (Issue NMS-15215)
• Document the breaking changes done as part of Limit script file locations for GpDetector and ScriptPolicy (Issue NMS-15288)
• Move the logic for downloading plugins into the Dockerfile (Issue NMS-15401)

OpenNMS Horizon 31.0.4 (Otap)

Release 31.0.4

Release 31.0.4 introduces one breaking change (see below). It also brings a handful of containerization improvements, fixes several security vulnerabilities, upgrades many potentially vulnerable dependency libraries, fixes one bug in the BSM daemon, and fixes many non-security bugs.

Breaking changes

• The GpDetector and ScriptPolicy now require that their scripts be located beneath $OPENNMS_HOME and beneath $OPENNMS_HOME/etc/script-policies, respectively. If you are using either of these classes in your foreign-source definitions, please address this requirement before upgrading to this release.

Known issues

The following known issues impact Horizon 31.0.4; we expect all to be fixed in the next micro-version release:

• Regular users are unable to acknowledge or clear alarms from the geographical map’s integrated alarm browser. Until we identify a fix, it is possible to work around this problem by adding ROLE_REST to a user’s set of assigned roles. See NMS-15080 for details. Thanks to Ricardo Monteiro for bringing this problem to our attention.
• On systems where dual-write time series persisting is enabled, an intermittent startup problem may cause either a delay in data starting to be persisted, or a hard failure necessitating a restarting of the core. See NMS-15326 for details.
• The ALEC plugin currently cannot be successfully installed on a Sentinel node. At release time, it is unclear whether the problem lies in Sentinel or in ALEC. Some details are captured in NMS-15396.

Shout-outs and errata

• Thanks to researcher Baharuddin Zulkifli of NetbyteSEC for reporting several cross-site scripting vulnerabilities.
• Thanks to researcher Stefan Schiller of SonarSource for reporting a pair of authenticated command-injection vulnerabilities.
• Thanks to Ricardo Monteiro for bringing the geo-map alarms problem NMS-15080 to our attention.
• The release notes for 31.0.3 incorrectly stated that NMS-15124 was fixed in that release. In actual fact, the fix is in this release (31.0.4).

Story

• Add search term highlight functionality in documentation (Issue NMS-13540)
• Geo Map node groups should split into individual markers (Issue NMS-15150)
• Meridian container images are signed (Issue NMS-15341)

The codename for Horizon 31.0.4 is Otap.

Enhancement

• remove image related defaults from Docker container makefile (Issue NMS-13583)
• Add documentation for SELinux as a requirement to run OpenNMS (Issue NMS-14210)
• No way to know the alarm type (as type 1, 2 or 3) from web UI (Issue NMS-14578)
• Deploy Release Jars to Maven Central (Issue NMS-14727)
• Make the cloud connect plugin available in container images (Issue NMS-15012)
• Data collection and graph definitions for provisiond performance (Issue NMS-15018)
• DOC: Configuration Manager API for External Requisitions is not documented (Issue NMS-15019)
• Update docs with steps to activate Path Outage feature (Issue NMS-15218)
• Container: output some details when we copy files into the container in entrypoint.sh (Issue NMS-15226)
• Update VMware provisiond handler docs (Issue NMS-15270)
• Make the ALEC plugin available in container images (Issue NMS-15349)
• Make the Cortex TSS plugin available in container images (Issue NMS-15350)
• Smoke test improvements and small tweaks to help developers (Issue NMS-15387)

Bug

• Multiple stored and reflected XSS in webapp (Issue NMS-14854)
• Authenticated Command Injection in GpDetector and ScriptPolicy (Issue NMS-14878)
• Cacheable HTTPS Responses - Cache Control Directive Missing or Misconfigured (Issue NMS-14936)
• reloading BSM daemon causes the state of serviceProblem alarm to be reset (Issue NMS-15124)
• Notification number doesn’t show more than 2 digits (Issue NMS-15172)
• Jetty context startup failures are not clearly communicated to the user (Issue NMS-15179)
• CVE-2017-7504 for javassist 3.18.2-ga and 3.19.0-ga (Issue NMS-15191)
• CVE-2017-7504 for jboss-logging 3.1.0.cr2 (Issue NMS-15192)
• CVE-2014-2228 for org.restlet 1.1.10 (Issue NMS-15193)
• CVE-2019-13990 for quartz 2.2.3 (Issue NMS-15194)
• CVE-2022-45047 for sshd-sftp 2.5.1 (Issue NMS-15195)
• CVE-2021-21342 and 7 others for xstream 1.4.11.1 (Issue NMS-15196)
• CVE-2014-9970 for jasypt 1.9.0 (Issue NMS-15197)
• CVE-2021-33813 for jdom2 2.0.6 (Issue NMS-15198)
• CVE-2022-40149 and CVE-2022-40150 for jettison 1.3.8 (Issue NMS-15199)
• CVE-2016-5725 for jsch 0.1.51 (Issue NMS-15200)
• CVE-2022-3171 for protobuf-java 3.16.1 (Issue NMS-15201)
• CVE-2018-17187 for proton-j 0.14.0 (Issue NMS-15202)
• CVE-2017-15288 and CVE-2020-7907 for scala-library 2.11.0 and 2.12.12 (Issue NMS-15203)
• CVE-2020-13936 for velocity 1.7 (Issue NMS-15204)
• CVE-2020-11988 for xmlgraphics-commons 1.4 (Issue NMS-15205)
• rescanExisting does not trigger a nodeScan for newly added nodes when scan-interval is 0 in foreignSource definition (Issue NMS-15208)
• Update docs TOC to include missing notification commands file (Issue NMS-15266)
• CircleCI: integration-test job isn’t reporting test results (Issue NMS-15271)
• NPE in karaf.log when parallel TSDB writes enabled (Issue NMS-15282)
• Sanitize request parameters in outage/list.htm (Issue NMS-15294)
• Plaintext Password Present in the Web logs (Issue NMS-15305)
• Upgrade Apache Kafka Dependency Beyond 3.2.0 (Issue NMS-15317)
• RingBufferTimeseriesWriter.destroy can take a long time or hang due to BlockingServiceLookup.lookup in WorkProcessors (Issue NMS-15324)
• Dead transaction in flow thresholding on sentinel (Issue NMS-15340)
• Regular requisition editor empty state incorrectly names external requisitions (Issue NMS-15347)
• When we fail to startup, we don’t exit with a non-zero exit code so failures cannot be properly reflected in containers (Issue NMS-15386)
• ALEC plugin dependency update (Issue NMS-15391)

Task

• CVE in Jolokia 1.3.3 dependency (Issue NMS-15068)
• CVE-2021-37714 for jsoup (multiple versions) (Issue NMS-15069)
• vulnerable Junit dependency (Issue NMS-15074)
• RHEL9 installation documentation tab (Issue NMS-15079)
• Document deviceconfig tftp maximumReceiveSize (Issue NMS-15121)
• JAVA_KEYALIAS Variable needs to be updated (Issue NMS-15239)
• JAVA_KEYSTORE Variable needs to be updated (Issue NMS-15240)
• JAVA_STOREPASS Variable needs to be updated (Issue NMS-15241)
• Document the breaking changes done as part of Limit script file locations for GpDetector and ScriptPolicy (Issue NMS-15288)
• Release notes / wart: ALEC not installable on M2023.1.0 / H31.0.4 Sentinel (Issue NMS-15403)
• Releas...

OpenNMS Horizon 31.0.3 (Biscotti)

Release 31.0.3

Release 31.0.3 is a minor release which fixes a number of UI and backend bugs, brings one small UI enhancement, patches two potential security vulnerabilities, and formalizes support for RHEL 9 and PostgreSQL 15.

The codename for Horizon 31.0.3 is Biscotti.

Task

• Geo Map: Add content to the map marker pop up (Issue NMS-13698)
• Uncontrolled Resource Consumption in Jackson-databind (Issue NMS-15030)
• Add flow version table to Flow Introduction (Issue NMS-15158)
• Change OpenNMS Copyright from 2022 to 2023 (Issue NMS-15211)
• Change OpenNMS Copyright from 2022 to 2023 in the documentation footer (Issue NMS-15212)

Enhancement

• Include Minion version on "Manage Minions" page (Issue NMS-14493)
• Update docs to include RHEL 9 install instructions (Issue NMS-15147)
• Test and Document Support for PostgreSQL 15 (Issue NMS-15151)

Bug

• RRD persistence with default configs in our Horizon OCI points to wrong libjrrd2.so (Issue NMS-14778)
• Chrome/Edge Web Browser : Geographical Map Node Counters are wrong (Issue NMS-14792)
• Form Resubmission From Cache (Issue NMS-14933)
• Web UI menu item "Endpoints" not in best location (Issue NMS-15004)
• Incorrect labels on OpenNMS-JMX collection resource types (Issue NMS-15044)
• Snmp collect reversing to unticked after a few hours (Issue NMS-15117)
• Log Out does not work from new nav-bar menu (Issue NMS-15119)
• reloading BSM daemon causes the state of serviceProblem alarm to be reset (Issue NMS-15124)
• Vue Menubar items obscured by Geo Map (Issue NMS-15149)
• Flows adapters don’t start on Sentinel running as a container. (Issue NMS-15161)

Epic

• Formalize support for RHEL 9 and its derivatives (Issue NMS-14897)

Story

• Fix smoke test for new UI (Issue NMS-14910)
• Add JSON support (in additional to GBP) to the Kafka producer for flows (Issue NMS-15027)
• publish opennms-plugin-cloud 1.0.6 (Issue NMS-15142)

OpenNMS Horizon 31.0.2 (Stroopwafel)

Release 31.0.2

Release 31.0.2 is a minor release which fixes a great many bugs and security vulnerabilities, updates the versions of many library dependencies, and introduces some enhancements related to Minion Appliances. The official documentation has also received significant improvements.

The documentation for enabling JAAS encryption for Minion and Sentinel has changed. If you have enabled encryption previously and wish to enable stronger Jasypt-based encryption, you need to reset any existing user passwords.

The codename for Horizon 31.0.2 is Stroopwafel.

Bug

• Failures when jaeger tracing is enabled on Core server and Minion (Issue NMS-14550)
• Missing /run/opennms on Ubuntu (Issue NMS-14650)
• javadoc not being generated in H31 (Issue NMS-14750)
• OpenNMS opennms start fails on Ubuntu (Issue NMS-14838)
• Regression: install script fails if an OpenNMS directory contains root-owned lost+found directory (Issue NMS-14919)
• No /var/lib/opennms on 30.0.4 Docker image (Issue NMS-14976)
• XML Entity Expansion Injection in geolocation API (Issue NMS-14988)
• UI Preview: UI Plugins do not work if multiple are installed (Issue NMS-14996)
• OIA Pollers non-functional (Issue NMS-15001)
• Web UI menu item "Endpoints" not in best location (Issue NMS-15004)
• Icon for admin menu items missing from some items (Issue NMS-15005)
• Remove reference to remote pollers (Issue NMS-15017)
• Lock contention in SnmpPeerFactory (Issue NMS-15042)
• opennms rpm could get wrong jetty files (Issue NMS-15043)
• Horizon Karaf container not healthy after installing opennms-timeseries-api with opennms-plugins-cortex-tss (Issue NMS-15078)
• RHEL9/CentOS9/Rocky 9 need chkconfig package to enable service properly (Issue NMS-15093)
• Default limit of 10 is not working for event queries (Issue NMS-15123)

Enhancement

• Dependabot: leaflet from 1.7.1 to 1.8.0 (Issue NMS-14584)
• Error compiling Cisco MIB (Issue NMS-14640)
• Doc update: Enable salted hash passwords within Karaf for core/Minion/Sentinel (Issue NMS-14736)
• Add "admin" disambiguation to Glossary (Issue NMS-14914)
• simplify docker tags in H31+ (Issue NMS-14989)
• Update Debian/Ubuntu Upgrade Instructions (Issue NMS-15087)
• dependabot: Upgrade PostgreSQL dependency to 42.4.3 (or higher) (Issue NMS-15095)
• Update style elements in Quick Start guide (Issue NMS-15106)

Unexpected Behavior

• RPM packages fail to install when FIPS Enabled (Issue NMS-14628)

Story

• Upgrade AngularJS to latest 1.x (Issue NMS-14715)
• Apache Log4j 1.x Multiple Vulnerabilities (PB-2022, Sep 2022) (Issue NMS-14818)
• Modify foreign source in HeartbeatConsumer to ignore docker interfaces and detect SNMP agent (Issue NMS-14855)
• OpenShift test coverage (Issue NMS-14882)
• SNMP Community retrieval through SCV on Minion (Issue NMS-15008)
• Add JSON support (in additional to GBP) to the Kafka producer for flows (Issue NMS-15027)
• Backport deploy-base update from develop to release-31.x (upgrades JRE minor version, adds vim-tiny, less) (Issue NMS-15046)
• Add KPI for Appliance count by model (Issue NMS-15051)

Task

• Quick Start: "Beyond Quick Start" chapter (Issue NMS-14735)
• H31 Release testing (Issue NMS-14797)
• Review enlinkd documentation (Issue NMS-14850)
• Update Visualization topic in Quick Start guide (Issue NMS-15029)
• Fix Antora version differences (Issue NMS-15088)
• Update opennms-plugin-cloud to 1.0.4 (Issue NMS-15122)

OpenNMS Horizon 31.0.1 (Oreo)

Release 31.0.1

Release 31.0.1 is a small out-of-band release to address some issues found during 31.0.0 testing.

It contains a few small changes including a fix for unusually large docker images and some other small bug fixes, as well as some updates to the new Quick Start Guide and a fix to the installation instructions for the Cortex plugin.

Please note there is a known issue that only one plugin entry shows up in the navigation bar’s "Plugins" menu, even if multiple plugins are installed. Only ALEC users who install the cloud connector are impacted. ALEC users therefore should avoid the Cloud Services Connector plugin until a new release fixes the underlying bug.

The codename for Horizon 31.0.1 is Oreo.

Bug

• OpenAPI Validation Errors (Issue NMS-14408)
• Snmp Polling Status shows Polled even though it’s actually not (Issue NMS-14653)
• Duplicated message when alarm is not found (Issue NMS-14686)
• Errors while installing opennms-timeseries-api from karaf shell (Issue NMS-14874)
• When you delete/put memo or journal it always returns 204 even if alarm not exists (Issue NMS-14901)
• NoSuchElementException errors thrown by EnhancedLinkd (Issue NMS-14912)
• Docs for Cortex plugin are incorrect (Issue NMS-14945)
• Horizon/Sentinel docker image size ballooned (Issue NMS-15006)
• HZN 31: Ubuntu installation issues (Issue NMS-15007)

Story

• Quick Start: Review entire quick start section when complete. (Issue NMS-14721)
• New UI Preview: Ensure ALEC UI works (Issue NMS-14891)

Task

• Update Quick Start login chapter (Issue NMS-14984)
• Update notifications.adoc in Quick Start section (Issue NMS-14985)
• Update Quick Start notifications configuration chapter (Issue NMS-14999)