{"update": {"autokarma": true, "autotime": true, "stable_karma": 1, "stable_days": 7, "unstable_karma": -1, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Security fix for [CVE-2021-3325].\n\nThis new version fixes a security bug introduced in the 3.13.0 version that lead the HTTP built-in server to bypass the Basic Authentication when the option hosts_deny is not defined, which is the default.\n\nBesides this fix, this version also updates the main configuration file to add the option hosts_deny = all by default inside the auth subsection, in an attempt to make the default behaviour more clear.\n\nAll users using the 3.13.0 version are advised and encouraged to upgrade to this new version, which resolves the security issue. \n\n----\n\nThis new version introduces three new modules: the long-awaited pgsql.pm capable of monitoring up to 9 databases of an unlimited number of PostgreSQL servers, the redis.pm and tinyproxy.pm which are both also capable of monitoring an unlimited number of Redis and Tinyproxy servers respectively.\n\nThis version also includes some interesting new features. The new CSS theming support will allow people to create their own color themes. The new support for the ss command in port.pm and nginx.pm modules. The ability to map the device names and also to include a title name in disk.pm module. The new stacked visualization of network stats available on a number of modules, and more.\n\nAlso with this new version, Monitorix is able to be executed as a regular user instead of root. This is of course subject to the capabilities of each module to get statistics without using the superuser.\n\nThe rest of new features, changes and bugs fixed are, as always, reflected in the Changes file.\n\n", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2021-01-27 16:40:45", "date_modified": "2021-01-28 07:24:03", "date_approved": null, "date_testing": "2021-01-28 04:13:09", "date_stable": "2021-02-05 01:31:59", "alias": "FEDORA-2021-fc24737ebc", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2021-02-05 01:31:59", "meets_testing_requirements": true, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2021-fc24737ebc", "title": "monitorix-3.13.1-1.fc32", "version_hash": "e3546102120313878dbab75e4b911ef3434567ee", "release": {"name": "F32", "long_name": "Fedora 32", "version": "32", "id_prefix": "FEDORA", "branch": "f32", "dist_tag": "f32", "stable_tag": "f32-updates", "testing_tag": "f32-updates-testing", "candidate_tag": "f32-updates-candidate", "pending_signing_tag": "f32-signing-pending", "pending_testing_tag": "f32-updates-testing-pending", "pending_stable_tag": "f32-updates-pending", "override_tag": "f32-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "mikaku", "email": "jordi@fibranet.cat", "id": 899, "avatar": "https://seccdn.libravatar.org/avatar/477cc102fb8def73150624b23394ff1e56f585fafa3abfdab8a5cbb66130d93d?s=24&d=retro", "openid": "mikaku.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by mikaku. ", "timestamp": "2021-01-27 16:40:45", "update_id": 275448, "user_id": 91, "id": 1839877, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2021-01-27 16:40:46", "update_id": 275448, "user_id": 91, "id": 1839878, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2021-01-27 16:40:46", "update_id": 275448, "user_id": 91, "id": 1839879, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has obsoleted [monitorix-3.13.0-2.fc32](https://bodhi.fedoraproject.org/updates/FEDORA-2021-f67ae09384), and has inherited its bugs and notes.", "timestamp": "2021-01-27 16:40:46", "update_id": 275448, "user_id": 91, "id": 1839881, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2021-01-27 17:02:12", "update_id": 275448, "user_id": 91, "id": 1839927, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2021-01-28 04:14:09", "update_id": 275448, "user_id": 91, "id": 1841432, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "mikaku edited this update.", "timestamp": "2021-01-28 07:19:08", "update_id": 275448, "user_id": 91, "id": 1841556, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "mikaku edited this update.", "timestamp": "2021-01-28 07:24:03", "update_id": 275448, "user_id": 91, "id": 1841566, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "LGTM", "timestamp": "2021-01-28 08:12:03", "update_id": 275448, "user_id": 899, "id": 1841601, "bug_feedback": [{"karma": 0, "comment_id": 1841601, "bug_id": 1919169, "bug": {"bug_id": 1919169, "title": "monitorix-3.13.0 is available", "security": false, "parent": false}}, {"karma": 0, "comment_id": 1841601, "bug_id": 1920998, "bug": {"bug_id": 1920998, "title": "monitorix-3.13.1 is available", "security": false, "parent": false}}, {"karma": 0, "comment_id": 1841601, "bug_id": 1921333, "bug": {"bug_id": 1921333, "title": "CVE-2021-3325 monitorix: Basic Authentication bypass in a default installatio [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "mikaku", "email": "jordi@fibranet.cat", "id": 899, "avatar": "https://seccdn.libravatar.org/avatar/477cc102fb8def73150624b23394ff1e56f585fafa3abfdab8a5cbb66130d93d?s=24&d=retro", "openid": "mikaku.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update can be pushed to stable now if the maintainer wishes", "timestamp": "2021-02-04 04:15:43", "update_id": 275448, "user_id": 91, "id": 1869339, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2021-02-04 04:15:44", "update_id": 275448, "user_id": 91, "id": 1869340, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2021-02-05 01:32:40", "update_id": 275448, "user_id": 91, "id": 1871796, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "monitorix-3.13.1-1.fc32", "signed": true, "release_id": 35, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1919169, "title": "monitorix-3.13.0 is available", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 1841600, "bug_id": 1919169, "comment": {"karma": 0, "karma_critpath": 0, "text": "LGTM", "timestamp": "2021-01-28 08:11:45", "update_id": 275445, "user_id": 899, "id": 1841600, "testcase_feedback": [], "user": {"name": "mikaku", "email": "jordi@fibranet.cat", "id": 899, "avatar": "https://seccdn.libravatar.org/avatar/477cc102fb8def73150624b23394ff1e56f585fafa3abfdab8a5cbb66130d93d?s=24&d=retro", "openid": "mikaku.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1841601, "bug_id": 1919169, "comment": {"karma": 0, "karma_critpath": 0, "text": "LGTM", "timestamp": "2021-01-28 08:12:03", "update_id": 275448, "user_id": 899, "id": 1841601, "testcase_feedback": [], "user": {"name": "mikaku", "email": "jordi@fibranet.cat", "id": 899, "avatar": "https://seccdn.libravatar.org/avatar/477cc102fb8def73150624b23394ff1e56f585fafa3abfdab8a5cbb66130d93d?s=24&d=retro", "openid": "mikaku.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1841597, "bug_id": 1919169, "comment": {"karma": 0, "karma_critpath": 0, "text": "LGTM", "timestamp": "2021-01-28 08:10:57", "update_id": 275441, "user_id": 899, "id": 1841597, "testcase_feedback": [], "user": {"name": "mikaku", "email": "jordi@fibranet.cat", "id": 899, "avatar": "https://seccdn.libravatar.org/avatar/477cc102fb8def73150624b23394ff1e56f585fafa3abfdab8a5cbb66130d93d?s=24&d=retro", "openid": "mikaku.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}]}, {"bug_id": 1920998, "title": "monitorix-3.13.1 is available", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 1841600, "bug_id": 1920998, "comment": {"karma": 0, "karma_critpath": 0, "text": "LGTM", "timestamp": "2021-01-28 08:11:45", "update_id": 275445, "user_id": 899, "id": 1841600, "testcase_feedback": [], "user": {"name": "mikaku", "email": "jordi@fibranet.cat", "id": 899, "avatar": "https://seccdn.libravatar.org/avatar/477cc102fb8def73150624b23394ff1e56f585fafa3abfdab8a5cbb66130d93d?s=24&d=retro", "openid": "mikaku.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1841601, "bug_id": 1920998, "comment": {"karma": 0, "karma_critpath": 0, "text": "LGTM", "timestamp": "2021-01-28 08:12:03", "update_id": 275448, "user_id": 899, "id": 1841601, "testcase_feedback": [], "user": {"name": "mikaku", "email": "jordi@fibranet.cat", "id": 899, "avatar": "https://seccdn.libravatar.org/avatar/477cc102fb8def73150624b23394ff1e56f585fafa3abfdab8a5cbb66130d93d?s=24&d=retro", "openid": "mikaku.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1841597, "bug_id": 1920998, "comment": {"karma": 0, "karma_critpath": 0, "text": "LGTM", "timestamp": "2021-01-28 08:10:57", "update_id": 275441, "user_id": 899, "id": 1841597, "testcase_feedback": [], "user": {"name": "mikaku", "email": "jordi@fibranet.cat", "id": 899, "avatar": "https://seccdn.libravatar.org/avatar/477cc102fb8def73150624b23394ff1e56f585fafa3abfdab8a5cbb66130d93d?s=24&d=retro", "openid": "mikaku.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}]}, {"bug_id": 1921333, "title": "CVE-2021-3325 monitorix: Basic Authentication bypass in a default installatio [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 1841601, "bug_id": 1921333, "comment": {"karma": 0, "karma_critpath": 0, "text": "LGTM", "timestamp": "2021-01-28 08:12:03", "update_id": 275448, "user_id": 899, "id": 1841601, "testcase_feedback": [], "user": {"name": "mikaku", "email": "jordi@fibranet.cat", "id": 899, "avatar": "https://seccdn.libravatar.org/avatar/477cc102fb8def73150624b23394ff1e56f585fafa3abfdab8a5cbb66130d93d?s=24&d=retro", "openid": "mikaku.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}]}], "updateid": "FEDORA-2021-fc24737ebc", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}