Home /  MMonit /  Release 3-7-4

Released on September 06, 2020

Changes | Patch | New installation | Upgrading

Changes

  • New: The admin/hosts page has two new functions; Delete arbitrary hosts and delete inactive hosts.
  • New: Secure network communication (https) now use TLS protocol version 1.2 or later by default.
  • New: Override the TLS version for M/Monit in conf/server.xml using the tls attribute of the Host element. Example:
        <Host name="localhost" appBase="." tls="1.3">
  • New: The M/Monit license can be defined in a separate file by using the new file attribute:
        <License file="path" />
  • Fix: UI improvements
  • Fix: XMLParser, unescape escaped entities in attributes.
  • Fix: Support for monitoring hosts with more then 2TB of system memory or swap when M/Monit uses MySQL or PostgreSQL.
  • Fix possible crash on M/Monit stop.
  • Fix: The analytics page displayed a wrong timestamp in some charts if the "last seconds" range was selected and only one host displayed.
  • Fixed vulnerabilities reported by Loginsoft.
    • Time of check, Time of use: Fixed, if a user is removed, his associated login session is also invalidated.
    • Path/Directory Traversal via file upload: Fixed
    • Upload of File with Dangerous Types: Fixed
  • Upgrade jquery to 3.5.1, fixes following vulnerabilities:
    • CVE-2020-11023
    • CVE-2020-11022
    • CVE-2019-11358
    • CVE-2019-5428
    • CVE-2017-16012
    • CVE-2015-9251
  • Upgrade OpenSSL from 1.0.2r to 1.1.1g, fixes following vulnerabilities:
    • CVE-2019-1563
    • CVE-2019-1552
    • CVE-2019-1547

Patch

2020-09-08 21:45:00 Distribution patched with an updated web.xml configuration file to prevent unwanted HTTP API access for users not in the admin role. Thanks to Dolev Farhi

New installation

  • Download the release for your OS.
  • Unpack the tar.gz file in a directory, any directory will do, but unpacking in /opt or /usr/local are good choices.
  • Go to the unpacked mmonit-3.7.4_1 directory
  • Run M/Monit using: ./bin/mmonit
  • Point your Browser to the host where mmonit is installed (or "localhost" if running on the same machine), for example: http://localhost:8080/ and login as user admin with password swordfish
  • If you want to set up M/Monit to use MySQL or PostgreSQL instead of the default SQLite database, follow these instructions in the wiki.
  • More documentation can be found inline in the application and in the manual (PDF).

Upgrading from previous M/Monit releases (2.3 or later)

The upgrade program can be used to automatically copy database and configuration files from the previous installation and update the database schema.

The whole upgrade process should take less than a minute and you do not have to stop or change Monit on other machines during this process. Monit will simply pick up and start reporting to the new M/Monit 3.7.4_1 version.

  • Download the new 3.7.4_1 release for your OS.
  • Install M/Monit 3.7.4_1 in the same directory as previous release. For example:
 /usr/local/mmonit-3.7.3
 /usr/local/mmonit-3.7.4_1
  • Stop the previous M/Monit release:
 /usr/local/mmonit-3.7.3/bin/mmonit stop
  • Run the upgrade program and specify the path to the previous M/Monit release:
 /usr/local/mmonit-3.7.4_1/upgrade/upgrade -p /usr/local/mmonit-3.7.3
  • Start M/Monit 3.7.4_1:
 /usr/local/mmonit-3.7.4_1/bin/mmonit
  • Finally, please clear your browser cache before accessing M/Monit 3.7.4_1