git.openwrt.org Git - feed/packages.git/commit

author	Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
	Mon, 15 Dec 2025 07:49:33 +0000 (02:49 -0500)
committer	Hannu Nyman <hannu.nyman@iki.fi>
	Sat, 20 Dec 2025 10:19:45 +0000 (11:19 +0100)
commit	0488c96b08a9f96b4a9de613db9ad08e2082a3ab
tree	c5d3d447a91eaa6b49791f65581eae937186ae23	tree \| snapshot
parent	7bdb59c917f8da529fbedc3485a9a57be5262a5a	commit \| diff

zabbix: update to 7.0.21 (lts)

Updates Zabbix to 7.0.21-r1 (latest 7.0 LTS version)

Note that for the frontend, clearing browser cache, cookies and other
site data for the zabbix frontend server may be necessary.

Security fixes compared to 7.0.12 (most are frontend only):

* CVE-2025-27238: API hostprototype.get lists data to users with
  insufficient authorization https://support.zabbix.com/browse/ZBX-26988
* CVE-2025-27236: User information disclosure via api_jsonrpc.php on
  method user.get with param search:
  https://support.zabbix.com/browse/ZBX-27060
* CVE-2025-27231: LDAP 'Bind password' field value can be leaked by a
  Zabbix Super Admin: https://support.zabbix.com/browse/ZBX-27062
* CVE-2025-49641: Insufficient permission check for the
  problem.view.refresh action:
  https://support.zabbix.com/browse/ZBX-27063
* CVE-2025-49643: Frontend DoS vulnerability due to asymmetric
  resource consumption: https://support.zabbix.com/browse/ZBX-27284

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>

admin/zabbix/Makefile		diff \| blob \| history
admin/zabbix/patches/010-change-agentd-config.patch		diff \| blob \| history