Unimus 2.1.4 & Unimus Core 2.1.4 release

Official news and announcements
Post Reply
User avatar
Tomas
Posts: 1206
Joined: Sat Jun 25, 2016 12:33 pm

Sat Dec 11, 2021 7:15 pm

Unimus 2.1.4 is being released today! This is a hotfix release for security issues caused by CVE-2021-44228. We strongly recommend all users update to this release ASAP, and check their infrastructure for any other software / hardware affected by this vulnerability.

Links at https://unimus.net/download have been updated with the newest version. Starting with the 2.1.0 release, all binary releases of Unimus and Unimus Core are code-signed!

The main focus of the team is now on development of v2.2 and its main feature, APIv3. Feel free to check the new API design here. If you would like to see our long term plans and development progress, you can also check our Roadmap.

Full Changelog:
= Version 2.1.4 =
Security fixes:
Fixed security issues caused by the CVE-2021-44228 vulnerability

= Version 2.1.3 =
Features:
Added option to disable full listing of failed devices in notifications (if disabled, will only show count)
Large improvements for loading speed of the "Mass Config Push" screen with large number of presets and results
Improvements to in-application notification popups (better formatting, consistency, etc.)
Improvements to formatting and consistency of external notifications (Slack, Email, etc.)
Improved built-in dynamic backup filters for IBM / Lenovo RackSwitch
The "Backup now" button is now disabled for Unmanaged devices on the "Backups" screen
Added support for MikroTik default configuration wizard (will accept defaults if asked to)
Added support for MikroTik "change your password" prompts added in latest RouterOS versions (will continue login without changing password)
Improved logging during discovery (will no longer log mode change failures during discovery, as these are expected)
Improved handling for UBNT airOS devices with specific firmware versions (due to airOS bug)
Added support for password input in Config Push when password is echoed back with asterisks

Added option of including list of filtered devices (for example Unmanaged) in job result notifications:
- will include full listing of filtered devices in all notifications if enabled
- new options in "Notifications > Advanced notification settings" control if full list is sent

Added support for:
- more variants and new models of Cisco SMB switches
- OpenWRT
- SAF Tehnika Lumina

Fixes:
Fixed PRTG importer not working in some cases
Fixed LibreNMS importer not working if group names contained spaces
Fixed API remove device endpoint not working
Fixed issues with migration from older v2 versions if LibreNMS importer was used
Fixed issues with migration from old v1 versions when migrating directly to v2.1
Fixed issue with Job Status column not properly updating when a manual backup was executed in specific cases
Fixed wrong credential type being displayed for "Username-only" credentials (display issue only)
Fixed wrong data in "Show usage" for "Credentials > CLI mode change passwords" when using binding
Fixed "Show usage" not being possible for credentials that were only used for binding (had no discovered devices)
Fixed comments for objects could not be loaded if more than 5 comments were present on an object
Fixed unable to close an open preset in Mass Config Push without first switching to it's tab
Fixed Config Push preset became unusable if Advanced Push Settings were deleted
Fixed buttons in "Credentials" screen staying enabled and referencing a deleted entity after deleting a credential
Fixed a missing newline in Slack notifications in discovery result notifications
Fixed various minor UI / UX issues and inconsistencies
Fixed $[no-wait] Config Push modifier could not work in specific cases
Fixed backup would fail on specific UBNT airOS versions due to an airOS bug
Fixed an issue where jobs could fail on heavily loaded devices or devices that took very long out send command output
Fixed Config Push could fail with wrong error in rare cases when connection to device failed

Security fixes:
Fixed the "/#!system" screen being partially available without authentication:
- this exposed some system details (such as schedules and runtime state) to unauthenticated users
- unauthenticated users could enable debug logging for runtime components
- this could NOT be used to gain access to any data inside your Unimus instance by unauthenticated users
- this could NOT be used to perform any attacks nor data exfiltration by unauthenticated users
In case you missed our 2.1 announcement, we have published a 2.1 Release Overview you can read on our blog, or you can watch the Release Overview video below:



Finally, there are a few low-impact known issues to be aware of:
Known issues:
ISSUE: "Re-discover affected devices when Ports or Connectors change" Advanced Settings option does not work
WORKAROUND: none
STATUS: issue scheduled for fix in next version

ISSUE: "Stop" in Config Push does not work
WORKAROUND: none
STATUS: issue scheduled for fix in next version

ISSUE: Some screens in Unimus show time in server's time zone, others in client's (browser's) time zone
WORKAROUND: none, issue only relevant if client has different time zone than server
STATUS: we are debating on how to fix this - will likely create a setting to select which TZ should be used
Post Reply