We got noticed from one of mailing list readers about a security issue. This article explains this issue in all details.
The research shows that it is possible to execute code on the OpenNMS server remotely due to a bug in the Apache commons library, which OpenNMS uses. There are two types of issues, one is remotely exploitable code and the other is local privilege escalation. Firewalling TCP port 1099 changes the attack vector into a local privilege escalation. The issue with local privilege escalation has still to be investigated. Make sure you allow only IPv4 localhost and IPv6 ::1 to access TCP port 1099.
For security issues we have a contact address which you can find in the Contact Us section on http://www.opennms.org.
We have a new release of the OpenNMS Grafana Datasource which is now compatible with Grafana v2.5.0. There are also some improvements regarding layout. Most importantly we have a now the possibility to add filters which can be applied on the data, e.g. Trend- and Peak filter. It is also possible to use Grafana templates to get whole dashboards more dynamic.
Thank you very much to all attendees and people who organized the OpenNMS User Conference 2015. We had a great time and for the ones who couldn’t be in Germany. We’ve uploaded all videos to a OUCE 2015 Youtube playlist for the OpenNMS community.
Some speakers added their slides and are archived in our conference system.
Additionally I have to give a big thank you to the Bad Voltage guys, they did such a great job entertaining the crowd and I recommend highly getting a Podcast subscription.
You can find the recording of the Bad Voltage live show on the Bad Voltage website.
Just a few weeks left to the OpenNMS User Conference in Europe. You are still not sure to go? – Check out http://ouce.opennms.eu.
As you all know, we don’t spend a lot of time in marketing and I got a pro-tip to add hot chicks on the website. I don’t have any idea why but if it helps. JOIN OUCE 2015 NOW!
Keep your schedule up to date with Giggity Schedule Viewer and add OUCE 2015 with the following URL: http://ouce.opennms.eu/en/ouce2015/public/schedule.xml. You can also scan the QR code.
The basic idea is put a bunch of smart good looking people from the OpenNMS community in one room, take care about fun, food, sleep and see what happens. We had this year 27 people from the U.S. and Europe to spend one week in our adventure to Open Source. Special thanks to Mike Huot, his family and The OpenNMS group to make this event happen. We had also the first time two community members sponsored by the OpenNMS Foundation at the conference. This year was amazing and we had a small demo session on the last day. Here are the videos if you are interested and can wait until next years DEVJAM!!!
Code refactoring with Seth Leger
Unit Test improvements with DJ Gregor
Vagrant and Docker with Ronny Trommer
Performance data correlation with Jesse White
Script data collection with Dustin Frisch
Extending Fortinet data collection with Marcel Fuhrmann
Elasticsearch integration with Umberto Nicoletti
JMS Northbounder with David Schlenk
RRD Enhancements with Ron Roskens
OpenNMS Compass improvements with Benjamin Reed
Heatmap with Christian Pape
On 22nd June the 5th season of the year is going to start … OpenNMS DevJAM! We have one week with ~30 attendees from Europe and the United States at the University of Minnesota in Minneapolis to hack and learn with OpenNMS. The event is an unconference style and we gathered projects people want to investigate. We gathered the projects on the Wiki in DevJam 2015 page. If you are interested hit the opennms-devel list or go to real life IRC chat.
We have for the first time Umberto Nicoletti and Marcel Fuhrmann at the conference. Both are sponsored by the OpenNMS Foundation and the OpenNMS Group, the proposed projects around documentation and integration for ElasticSearch. For my point of view, I would like to make two workshops around our current documentation project and how we can improve the handling of configuration in OpenNMS.
I wish all a great time and happy DevJamming