Icingaweb2 security alerts version 2.12.3

moinsunsurx · April 17, 2025, 9:21am

Hello,
I received these security alerts for icingaweb2:
CVE-2025-27405 - Icinga Web 2 [image]XSS in embedded content

CVE-2025-27404 - Icinga Web 2 [image]DOM-based XSS

CVE-2025-30164 - Icinga Web 2 [image]Open redirect on login page

CVE-2025-27609 - Icinga Web 2 [image]Reflected XSS

But in the repo : Index of /centos/7Server/release/resigned-2024-10-31/noarch/icingaweb2 the versions stop at 2.12.1-1. Where can I find the 2.12.3 version?

Thank you

Give as much information as you can, e.g.

Icinga Web 2 version : 2.12.1
Web browser used
Icinga 2 version used : 2.14.3-1
PHP version used : 7
Server operating system and version : Linux Redhat 7.9

rivad · April 17, 2025, 9:37am

Isn’t 7 EOL? CentOS | endoflife.date

Maybe with a Icinga repo subscription you cold get updates as it looks like RHEL is still in “extended Life Cycle Support” until 30 Jun 2028 according to Red Hat Enterprise Linux | endoflife.date.

Ask Icinga » Contact Sales to be sure.

bberg · April 18, 2025, 11:13am

RHEL 7 is EOL is out of support. Thus Icinga doesnt support it anymore. You could upgrade to something newer like RHEL 8 oder RHEL 9 - but then you would need either a Subscription (Developer or regular), or need to build the packages by yourself. Of course you could also switch to a distro like Debian or Ubuntu and get the newer versions in the icinga stack free of charge.