Skip to content

Release 20250700#5659

Merged
pkippes merged 31 commits intomasterfrom
release-20250700
Jul 8, 2025
Merged

Release 20250700#5659
pkippes merged 31 commits intomasterfrom
release-20250700

Conversation

@pkippes
Copy link
Contributor

@pkippes pkippes commented Jul 7, 2025

Release 20250700

tuntoja and others added 29 commits June 12, 2025 14:00
@tuntoja
fix(ci): add missing entry for distrib noble in test-packages perl cp… (
e62c6e9 
#5621)
@bouda1
init(ci): introduction of a new workflow generic-plugins.yml to build…
1361690 
… some Rust code
@pkippes
Merge branch 'master' into sync-rel-20250600
bb56a8f
@bouda1
fix(ci): generic-plugins.yml should be good for the linter
856d844
@pkippes
Merge branch 'develop' into sync-rel-20250600
22edb5d
@tuntoja
fix extra blank line in generic plugins
76b2c6d
@pkippes
Sync release 20250600 (#5627)
43d6eb6
@lucie-tirand
fix(hardware::server::huawei::hmm::snmp): removed experimental keys o…
c5fed69 
…n scalar for components (#5635)

Co-authored-by: Lucie Dubrunfaut <ldubrunfaut@CNTR-PORT-A198.localdomain>
Refs: CTOR-1776
@tuntoja
chore(ci): update maven from 3.8.8 to 3.8.9 in packaging dockerfiles (#…
f83d5d7 
…5636)
@lucie-tirand
fix(storage::netapp::santricity::restapi): fixed hardware cmd compone…
e44f537 
…nt count (#5630)

Co-authored-by: Lucie Dubrunfaut <ldubrunfaut@CNTR-PORT-A198.localdomain>
Refs: CTOR-1771
@scresto31
MON-157861: Update unit-tests docker images (#5617)
f53e19c
@technique-ci @dependabot
chore(deps): absorb 2025-06 dependabot GitHub Actions updates (#5607)
6cbda8a 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@itoussies
Plugin(database::mysql::plugin) - Mode(dbi,mysqlcmd): Error when retr…
da00258 
…ieving the server version CTOR-1562 (#5610)
@itoussies
Plugin(cloud::google::gcp::management::stackdriver) - Mode(getmetrics…
4abce27 
…): allow compatibility with DISTRIBUTION type values CTOR-1643 (#5609)
@scresto31
fix(cloud::kubernetes::mode::listpods): fixed autodisco failure when …
f729a24 
…a pod IP is empty (#5643)

Refs: CTOR-1644
@lucie-tirand
fix(apps::podman::restapi): fixed api endpoint for container-usage (#…
1357f47 
…5646)

Co-authored-by: Lucie Dubrunfaut <ldubrunfaut@CNTR-PORT-A198.localdomain>
Refs: CTOR-1794
@itoussies @omercier
fix(cloud::aws::cloudwatch): fix zeroed option in getmetrics mode (#5619
d0d4f0c 
)

Co-authored-by: omercier <32134301+omercier@users.noreply.github.com>
Refs: CTOR-1706
@mushroomempires
feat(ci-nightly): add nightly to centreon-plugins (#5640)
a0339d8
@mushroomempires
fix(ci-nightly): trigger nightly builds on mondays instead of wednesd…
7ef086e 
…ays (#5649)
@scresto31
enh(cloud::azure::custom::api): Add option to choose cost-metric (#5648)
860959c 
Refs: CTOR-711
@lucie-tirand
fix(storage::emc::datadomain::snmp): fixed issue in cleaning mode whe…
e18c959 
…n default value for timezone is empty leading to unknown (#5631)

Refs: CTOR-1700

Co-authored-by: Lucie Dubrunfaut <ldubrunfaut@CNTR-PORT-A198.localdomain>
@scresto31
CTOR-1558: Enhance standby mode and extra parameters support (#5645)
ed7cbed
@sc979
ci(secu): force full scan on scheduled jobs and manage override (#5655)
1e61535
@Evan-Adam @kduret
CTOR-1656-move-centreon-plugins-sudoers-to-centreon-plugin-repository (
eec431c 
…#5598)

Co-authored-by: Kevin Duret <kduret@centreon.com>
@omercier @sdepassio
feat(apps::vmware::vsphere8::vcenter::plugin): new plugin (#5608)
226a574 
Co-authored-by: sdepassio <114986849+sdepassio@users.noreply.github.com>
Refs: CTOR-431
@scresto31 @Evan-Adam
CTOR-1248: Display full curl command in log (#5634)
74f6266 
Co-authored-by: Evan-Adam <152897682+Evan-Adam@users.noreply.github.com>
@scresto31
Plugin(apps::apache::serverstatus) - Modes (requests - slotstates) : …
e04e551 
…Add nlabel and force new perfdata (#5657)

Breaking change

Refs:CTOR-382
@scresto31 @rmorandell-pgum
CTOR-880: New Pack(storage::hp::alletra::restapi) (#5653)
4565304 
Co-authored-by: Roman Morandell <46994680+rmorandell-pgum@users.noreply.github.com>
@scresto31
CTOR-880: New Pack(storage::hp::alletra::restapi) (#5658)
6bbc7da
@pkippes pkippes added the do-not-spellcheck avoid running the spellchecks in github action label Jul 7, 2025
@pkippes pkippes requested review from a team as code owners July 7, 2025 13:34
@github-actions
Copy link

github-actions bot commented Jul 7, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details2bfdbeda-02cc-4a99-813a-048da5c042ce

New Issues (166)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
CRITICAL Second_Order_SQL_Injection /src/database/oracle/mode/tablespaceusage.pm: 557
detailsMethod at line 557 of /src/database/oracle/mode/tablespaceusage.pm gets database data from the query element. This element’s value then flows th...
ID: vFJMNsEHt054ihGmFzOtIpMztnw%3D
Attack Vector
CRITICAL Second_Order_SQL_Injection /src/apps/centreon/sql/mode/multiservices.pm: 445
detailsMethod at line 445 of /src/apps/centreon/sql/mode/multiservices.pm gets database data from the query element. This element’s value then flows th...
ID: 0cV2Quw0hUmDu8ka%2FwNv7sEokXY%3D
Attack Vector
CRITICAL Second_Order_SQL_Injection /src/apps/centreon/sql/mode/multiservices.pm: 380
detailsMethod at line 380 of /src/apps/centreon/sql/mode/multiservices.pm gets database data from the query element. This element’s value then flows th...
ID: 8Z6OAEyu2%2By7bp%2BbhDi0F%2Bgh4a4%3D
Attack Vector
CRITICAL Second_Order_SQL_Injection /src/database/oracle/mode/tablespaceusage.pm: 265
detailsMethod at line 265 of /src/database/oracle/mode/tablespaceusage.pm gets database data from the query element. This element’s value then flows th...
ID: QhaT8l0BVd3oVl0CqaE6R%2Bi9VoY%3D
Attack Vector
CRITICAL Second_Order_SQL_Injection /src/centreon/common/protocols/sql/mode/collection.pm: 219
detailsMethod at line 219 of /src/centreon/common/protocols/sql/mode/collection.pm gets database data from the query element. This element’s value then...
ID: 9MQk1%2BeRi3nX8gEPvG6gQQ8bJ48%3D
Attack Vector
CRITICAL Second_Order_SQL_Injection /src/apps/backup/arcserve/udp/mssql/mode/jobstatus.pm: 155
detailsMethod at line 155 of /src/apps/backup/arcserve/udp/mssql/mode/jobstatus.pm gets database data from the query element. This element’s value then...
ID: AnFpKKTlU2iBdTQEN6KwIK11ihs%3D
Attack Vector
HIGH Path_Traversal /.github/scripts/plugins-source.container.pl: 21
detailsMethod at line 21 of /.github/scripts/plugins-source.container.pl gets dynamic data from the @argv element. This element’s value then flows t...
ID: 48dzcBwz25tUEvFNl0uBfXkE9G8%3D
Attack Vector
HIGH Path_Traversal /.github/scripts/plugins-source.container.pl: 60
detailsMethod at line 60 of /.github/scripts/plugins-source.container.pl gets dynamic data from the $fh element. This element’s value then flows thr...
ID: gNgLbo1Rc1Wp1tPCLX4B%2B%2BgqyAY%3D
Attack Vector
MEDIUM Privacy_Violation /tests/cpan-libraries/json-path.pl: 13
detailsMethod at line 13 of /tests/cpan-libraries/json-path.pl sends user information outside the application. This may constitute a Privacy Violation.
ID: TlskuLoh7%2BEEklvY%2BQNyXvLPL7s%3D
Attack Vector
MEDIUM Privacy_Violation /connectors/vmware/src/centreon/script/centreon_vmware.pm: 270
detailsMethod at line 270 of /connectors/vmware/src/centreon/script/centreon_vmware.pm sends user information outside the application. This may consti...
ID: E2cM7vBDc8rtDe5BIPv41Pop%2BaI%3D
Attack Vector
MEDIUM Privacy_Violation /connectors/vmware/src/centreon/script/centreon_vmware.pm: 282
detailsMethod at line 282 of /connectors/vmware/src/centreon/script/centreon_vmware.pm sends user information outside the application. This may consti...
ID: 8TPFByfYSodLQfc9xC8W6B0ZcNE%3D
Attack Vector
MEDIUM Privacy_Violation /tests/cpan-libraries/json-path.pl: 12
detailsMethod at line 12 of /tests/cpan-libraries/json-path.pl sends user information outside the application. This may constitute a Privacy Violation.
ID: MH6Oehm0PUKoLYjUP0X%2Fn3AwSEI%3D
Attack Vector
MEDIUM Privacy_Violation /tests/cpan-libraries/json-path.pl: 11
detailsMethod at line 11 of /tests/cpan-libraries/json-path.pl sends user information outside the application. This may constitute a Privacy Violation.
ID: %2FzxRGKuvTL4r3V4NkYb87Jzp85w%3D
Attack Vector
MEDIUM Privacy_Violation /src/cloud/aws/custom/paws.pm: 107
detailsMethod at line 107 of /src/cloud/aws/custom/paws.pm sends user information outside the application. This may constitute a Privacy Violation.
ID: PojktvF%2BOw%2F7H6XfppPRQvZWbQU%3D
Attack Vector
MEDIUM Privacy_Violation /tests/cpan-libraries/json-path.pl: 10
detailsMethod at line 10 of /tests/cpan-libraries/json-path.pl sends user information outside the application. This may constitute a Privacy Violation.
ID: ST9ruLup6MNiPC6W%2BP80BwJ7YF0%3D
Attack Vector
MEDIUM Privacy_Violation /src/cloud/aws/custom/paws.pm: 110
detailsMethod at line 110 of /src/cloud/aws/custom/paws.pm sends user information outside the application. This may constitute a Privacy Violation.
ID: 9ct%2B2FSNYF%2BxZGo%2FoYGGz7yA0%2BY%3D
Attack Vector
MEDIUM Privacy_Violation /src/cloud/aws/custom/awscli.pm: 210
detailsMethod at line 210 of /src/cloud/aws/custom/awscli.pm sends user information outside the application. This may constitute a Privacy Violation.
ID: z%2BRNopWUKdVrsws4Xo91KNWG22g%3D
Attack Vector
MEDIUM Privacy_Violation /src/cloud/aws/custom/awscli.pm: 211
detailsMethod at line 211 of /src/cloud/aws/custom/awscli.pm sends user information outside the application. This may constitute a Privacy Violation.
ID: sq9jP8f%2FzmqQ2Ul9tDnVI2Vjz08%3D
Attack Vector
MEDIUM Privacy_Violation /src/cloud/aws/custom/awscli.pm: 212
detailsMethod at line 212 of /src/cloud/aws/custom/awscli.pm sends user information outside the application. This may constitute a Privacy Violation.
ID: BT02F05T%2BswcS6KSPYLVSJDsQ3U%3D
Attack Vector
MEDIUM Privacy_Violation /src/cloud/aws/custom/awscli.pm: 124
detailsMethod at line 124 of /src/cloud/aws/custom/awscli.pm sends user information outside the application. This may constitute a Privacy Violation.
ID: QgjWkVzwfuRzBDAq5Cy1YyKFyvk%3D
Attack Vector
MEDIUM Privacy_Violation /src/cloud/aws/custom/awscli.pm: 127
detailsMethod at line 127 of /src/cloud/aws/custom/awscli.pm sends user information outside the application. This may constitute a Privacy Violation.
ID: wUcbn7Q1ZUJd%2BEy3W%2FnuEu3pkYU%3D
Attack Vector
MEDIUM Privacy_Violation /src/cloud/aws/custom/awscli.pm: 127
detailsMethod at line 127 of /src/cloud/aws/custom/awscli.pm sends user information outside the application. This may constitute a Privacy Violation.
ID: bZb2kjlARFvuCZ%2Bgapbg%2Ffjc1Zc%3D
Attack Vector
MEDIUM Privacy_Violation /src/cloud/aws/custom/paws.pm: 110
detailsMethod at line 110 of /src/cloud/aws/custom/paws.pm sends user information outside the application. This may constitute a Privacy Violation.
ID: RZIcJb0K9hK7A8m4tZrPT4aNCdw%3D
Attack Vector
MEDIUM Privacy_Violation /src/cloud/aws/custom/awscli.pm: 124
detailsMethod at line 124 of /src/cloud/aws/custom/awscli.pm sends user information outside the application. This may constitute a Privacy Violation.
ID: VZnL4Wzc6n9FH3m8Atdqg8%2FjmVU%3D
Attack Vector
MEDIUM Privacy_Violation /src/cloud/aws/custom/awscli.pm: 124
detailsMethod at line 124 of /src/cloud/aws/custom/awscli.pm sends user information outside the application. This may constitute a Privacy Violation.
ID: VeN9DLk0VFm7svT%2B31WRvzDCK%2Fk%3D
Attack Vector
MEDIUM Privacy_Violation /src/cloud/aws/custom/paws.pm: 107
detailsMethod at line 107 of /src/cloud/aws/custom/paws.pm sends user information outside the application. This may constitute a Privacy Violation.
ID: i2ygI6PmxJBGIjjfGyWbGolIedM%3D
Attack Vector
MEDIUM Privacy_Violation /src/cloud/aws/custom/paws.pm: 107
detailsMethod at line 107 of /src/cloud/aws/custom/paws.pm sends user information outside the application. This may constitute a Privacy Violation.
ID: dCdE9AYCzcRydbADxFIv0Qnlt3E%3D
Attack Vector
MEDIUM Resource_Injection /connectors/vmware/src/centreon/script/centreon_vmware.pm: 669
detailsThe application's method, at line 669 of /connectors/vmware/src/centreon/script/centreon_vmware.pm, opens a resource using potentially tainted v...
ID: chH3WKuVfLVePFXTKMYH4mHcnbA%3D
Attack Vector
MEDIUM Use_Of_Hardcoded_Password /tests/cpan-libraries/libssh-session.pl: 83
detailsThe application uses the hard-coded password "testpassword" for authentication purposes, either using it to verify users' identities, or to access...
ID: mjRUMZYj7vtxogYyLcMXq4NZXAg%3D
Attack Vector
MEDIUM Use_Of_Hardcoded_Password /src/centreon/plugins/backend/ssh/libssh.pm: 88
detailsThe application uses the hard-coded password "SSH_AUTH_SUCCESS" for authentication purposes, either using it to verify users' identities, or to ...
ID: 8d3T%2Bhjc1KYSOSK5fKFatkoJ7UA%3D
Attack Vector
MEDIUM Use_Of_Hardcoded_Password /tests/cpan-libraries/crypt-argon2.pl: 8
detailsThe application uses the hard-coded password "my_secure_password" for authentication purposes, either using it to verify users' identities, or t...
ID: bdJ1F%2FaBwrWdbYRanXgHR8Rqf2k%3D
Attack Vector
MEDIUM Use_of_Broken_or_Risky_Cryptographic_Algorithm /src/storage/hp/alletra/restapi/custom/api.pm: 116
detailsIn , the application protects sensitive data using a cryptographic algorithm, md5_hex, that is considered weak or even trivially broken, in /src/s...
ID: P4QQVm6%2B%2F5FXx8GV0F4vl7A%2F7uo%3D
Attack Vector
MEDIUM Use_of_Broken_or_Risky_Cryptographic_Algorithm /tests/scripts/slim_walk.pl: 225
detailsIn , the application protects sensitive data using a cryptographic algorithm, md5, that is considered weak or even trivially broken, in /tests/scri...
ID: 2YtZ9SUn2TAuxEvMvG7Qiz2cDHE%3D
Attack Vector
MEDIUM Use_of_Broken_or_Risky_Cryptographic_Algorithm /src/storage/purestorage/flashblade/v2/restapi/custom/api.pm: 124
detailsIn , the application protects sensitive data using a cryptographic algorithm, md5_hex, that is considered weak or even trivially broken, in /src/s...
ID: q5EQQjEFVU%2F1lhEi9QZ7a%2F%2FPsBc%3D
Attack Vector
MEDIUM Use_of_Broken_or_Risky_Cryptographic_Algorithm /src/storage/purestorage/flasharray/v2/restapi/custom/api.pm: 127
detailsIn , the application protects sensitive data using a cryptographic algorithm, md5_hex, that is considered weak or even trivially broken, in /src/s...
ID: NgBO2Uhusgh%2BrtT3QFmPLRoemt8%3D
Attack Vector
MEDIUM Use_of_Broken_or_Risky_Cryptographic_Algorithm /src/storage/purestorage/flasharray/v2/restapi/custom/api.pm: 124
detailsIn , the application protects sensitive data using a cryptographic algorithm, md5_hex, that is considered weak or even trivially broken, in /src/s...
ID: b%2BinRoFaGA7qerilFg8R4P3B1nE%3D
Attack Vector

More results are available on the CxOne platform

Fixed Issues (24)
Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
MEDIUM Dangerous_Functions /dependencies/perl-filesys-smbclient/src/libauthSamba.c: 27
MEDIUM Dangerous_Functions /dependencies/perl-filesys-smbclient/src/libauthSamba.c: 21
MEDIUM Dangerous_Functions /dependencies/perl-filesys-smbclient/src/libauthSamba.c: 20
MEDIUM Dangerous_Functions /dependencies/perl-filesys-smbclient/src/libauthSamba.c: 52
MEDIUM Dangerous_Functions /dependencies/perl-filesys-smbclient/src/libauthSamba.c: 54
MEDIUM Dangerous_Functions /dependencies/perl-filesys-smbclient/src/libauthSamba.c: 49
MEDIUM Use_of_Broken_or_Risky_Cryptographic_Algorithm /as400/connector.as400/src/main/java/com/centreon/connector/as400/utils/BlowFishUtils.java: 66
MEDIUM Use_of_Broken_or_Risky_Cryptographic_Algorithm /as400/connector.as400/src/main/java/com/centreon/connector/as400/utils/BlowFishUtils.java: 74
MEDIUM Use_of_Hard_coded_Cryptographic_Key /as400/connector.as400/src/main/java/com/centreon/connector/as400/utils/BlowFishUtils.java: 35
MEDIUM Use_of_Hard_coded_Cryptographic_Key /as400/connector.as400/src/main/java/com/centreon/connector/as400/utils/BlowFishUtils.java: 35
LOW Heap_Inspection /as400/connector.as400/src/main/java/com/centreon/connector/as400/parser/OptionFactory.java: 55
LOW Heap_Inspection /as400/connector.as400/src/main/java/com/centreon/connector/as400/daemon/MapIdentityManager.java: 75
LOW Heap_Inspection /as400/connector.as400/src/main/java/com/centreon/connector/as400/daemon/MapIdentityManager.java: 76
LOW Heap_Inspection /dependencies/perl-filesys-smbclient/src/libauthSamba.c: 6
LOW Permissive_Regular_Expression /src/centreon/common/powershell/exchange/powershell.pm: 65
LOW Permissive_Regular_Expression /src/centreon/common/powershell/exchange/powershell.pm: 65
LOW Permissive_Regular_Expression /src/centreon/common/powershell/exchange/powershell.pm: 65
LOW Permissive_Regular_Expression /src/centreon/common/powershell/exchange/powershell.pm: 65
LOW Permissive_Regular_Expression /src/centreon/common/powershell/exchange/powershell.pm: 65
LOW Permissive_Regular_Expression /src/centreon/common/powershell/exchange/powershell.pm: 65
LOW Permissive_Regular_Expression /src/centreon/common/powershell/exchange/powershell.pm: 65
LOW Permissive_Regular_Expression /src/centreon/common/powershell/exchange/powershell.pm: 65
LOW Permissive_Regular_Expression /src/centreon/common/powershell/exchange/powershell.pm: 65
LOW Permissive_Regular_Expression /src/centreon/common/powershell/exchange/powershell.pm: 65

@pkippes pkippes merged commit ff0d3c0 into master Jul 8, 2025
71 of 72 checks passed
@pkippes pkippes deleted the release-20250700 branch September 17, 2025 07:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sdepassio sdepassio sdepassio approved these changes

@BaptisteCentreon BaptisteCentreon Awaiting requested review from BaptisteCentreon BaptisteCentreon was automatically assigned from centreon/owners-security

@scresto31 scresto31 Awaiting requested review from scresto31 scresto31 is a code owner automatically assigned from centreon/owners-perl

@kduret kduret Awaiting requested review from kduret kduret is a code owner automatically assigned from centreon/owners-pipelines

@mushroomempires mushroomempires Awaiting requested review from mushroomempires mushroomempires is a code owner automatically assigned from centreon/owners-pipelines

@jean-christophe81 jean-christophe81 Awaiting requested review from jean-christophe81 jean-christophe81 is a code owner automatically assigned from centreon/owners-robot-e2e

Assignees

No one assigned

Labels

do-not-spellcheck avoid running the spellchecks in github action skip-workflow-centreon-plugins-sudoers skip-workflow-docker-builder-packaging-plugins skip-workflow-docker-builder-testing-plugins skip-workflow-docker-builder-unit-tests skip-workflow-plugins skip-workflow-plugins-analysis upload-artifacts

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.