Hi community! First of all I apologize if you are not talking about this
Icinga version anymore, I know is kinda old.
What’s the reason for not upgrading?
Is that the only software you’re running, on whatever this is installed
on, which is out of date/support?
Now, our infosec team discovered a vulnerability (CVE-2020-11579) that is
affecting our old environments. Our Icinga version is 1.13.3 and is the
only app using PHP on our server (PHP version 5.6.30).
I’m slightly bothered (from a security / support / maintenance perspective)
that the word “environments” is plural.
On the other hand, is your ancient Icinga1 setup exposed in any way to the
Internet, and if not, how significant are your infosec team’s findings?
A vulnerability is only a risk if someone has access to it.
My question is, will this version of Icinga support PHP if we upgrade it to
I cannot speak for the developers, however I doubt that they have looked at
any such combination, so the only suggestion I have is to try out this upgrade
in your testing environment and see whether it causes any problems, and of
not, roll it out to production.
If you do not have a testing environment, then set up a VM somewhere, copy
your current Icinga1 setup there, check that it works as expected, upgrade
PHP, and compare.
If anyone else here can comment more specifically on your situation:
congratulations, I'm surprised and in some ways impressed.