Skip to content

Comments

zabbix: Update to 7.0.21 (lts)#28086

Merged
hnyman merged 2 commits intoopenwrt:masterfrom
danielfdickinson:pr-update-zabbix-7-0-lts-latest-21
Dec 20, 2025
Merged

zabbix: Update to 7.0.21 (lts)#28086
hnyman merged 2 commits intoopenwrt:masterfrom
danielfdickinson:pr-update-zabbix-7-0-lts-latest-21

Conversation

@danielfdickinson
Copy link
Contributor

@danielfdickinson danielfdickinson commented Dec 15, 2025
edited
Loading

📦 Package Details

Maintainer: @danielfdickinson

Description:

Updates Zabbix to 7.0.21-r1 (latest 7.0 LTS version)

Security fixes compared to 7.0.12 (most are frontend only):

🧪 Run Testing Details

  • OpenWrt Version: SNAPSHOT (r32307-24b8db118b)
  • OpenWrt Target/Subtarget: bcm27xx/bcm2712
  • OpenWrt Device: raspberrypi,5-model-b
  • Board Profile: rpi-5

Upgraded a 7.0.12-r2 zabbix-server and zabbix-server-frontend (with zabbix-agentd) to this release (7.0.21-r1). Verified operation.

Did note that for the frontend, clearing browser cache, cookies and other site data for the zabbix frontend server was necessary.

✅ Formalities

  • I have reviewed the CONTRIBUTING.md file for detailed contributing guidelines.

If your PR contains a patch:

  • It can be applied using git am
  • It has been refreshed to avoid offsets, fuzzes, etc., using 
    make package/<your-package>/refresh V=s
  • N/A It is structured in a way that it is potentially upstreamable

@danielfdickinson danielfdickinson force-pushed the pr-update-zabbix-7-0-lts-latest-21 branch 4 times, most recently from 61e7b5d to 4903cf4 Compare December 17, 2025 12:04
@danielfdickinson danielfdickinson mentioned this pull request Dec 17, 2025
Merged
3 tasks
@danielfdickinson danielfdickinson marked this pull request as draft December 17, 2025 22:53
@danielfdickinson danielfdickinson force-pushed the pr-update-zabbix-7-0-lts-latest-21 branch 3 times, most recently from d19fcf3 to 2ef8d3f Compare December 17, 2025 23:54
@danielfdickinson danielfdickinson marked this pull request as ready for review December 17, 2025 23:57
@danielfdickinson danielfdickinson force-pushed the pr-update-zabbix-7-0-lts-latest-21 branch 2 times, most recently from 3f48e34 to f259aa4 Compare December 20, 2025 05:05
@danielfdickinson
Copy link
Contributor Author

danielfdickinson commented Dec 20, 2025

Removed accidental changes to zabbix_agentd.conf patch.

@hnyman
Copy link
Contributor

hnyman commented Dec 20, 2025

Your explanations do not match actual patch content...

Added message into patch header:
6. Include configurations under /etc/zabbix_agentd.d/

Actual content:
Include=/etc/zabbix_agentd.conf.d/

@danielfdickinson
zabbix: update to 7.0.21 (lts)
9aa4c53 
Updates Zabbix to 7.0.21-r1 (latest 7.0 LTS version)

Note that for the frontend, clearing browser cache, cookies and other
site data for the zabbix frontend server may be necessary.

Security fixes compared to 7.0.12 (most are frontend only):

* CVE-2025-27238: API hostprototype.get lists data to users with
  insufficient authorization https://support.zabbix.com/browse/ZBX-26988
* CVE-2025-27236: User information disclosure via api_jsonrpc.php on
  method user.get with param search:
  https://support.zabbix.com/browse/ZBX-27060
* CVE-2025-27231: LDAP 'Bind password' field value can be leaked by a
  Zabbix Super Admin: https://support.zabbix.com/browse/ZBX-27062
* CVE-2025-49641: Insufficient permission check for the
  problem.view.refresh action:
  https://support.zabbix.com/browse/ZBX-27063
* CVE-2025-49643: Frontend DoS vulnerability due to asymmetric
  resource consumption: https://support.zabbix.com/browse/ZBX-27284

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
@danielfdickinson
zabbix: transfer maintenance to myself
eb643b5 
With previous maintainer's blessing:
openwrt#28041 (comment)

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
@danielfdickinson danielfdickinson force-pushed the pr-update-zabbix-7-0-lts-latest-21 branch from f259aa4 to eb643b5 Compare December 20, 2025 09:12
@danielfdickinson
Copy link
Contributor Author

danielfdickinson commented Dec 20, 2025

Your explanations do not match actual patch content...

Fixed. Thank you for the catch @hnyman

@danielfdickinson
Copy link
Contributor Author

danielfdickinson commented Dec 20, 2025
edited
Loading

I noticed that 7.0.22 was released Dec 17, 2025. Since it doesn't resolve any new security vulnerabilities, and once this PR is in master I would like to cherry-pick into 25.12, I would like to do the update to 7.0.22 in master only, in another PR.

Does this make sense to you @hnyman @GeorgeSapkin ?

@hnyman hnyman merged commit b961c4e into openwrt:master Dec 20, 2025
11 of 12 checks passed
@hnyman
Copy link
Contributor

hnyman commented Dec 20, 2025

Sounds ok to be.
This is now merged.

@danielfdickinson danielfdickinson mentioned this pull request Dec 20, 2025
Merged
3 tasks
@danielfdickinson
Copy link
Contributor Author

danielfdickinson commented Dec 20, 2025

@hnyman @GeorgeSapkin Do you think that a backport to 24.10 makes sense as well, because there are security fixes, even if not severe?

@hnyman
Copy link
Contributor

hnyman commented Dec 20, 2025

Sure, if you can first test it there by yourself.

@danielfdickinson danielfdickinson deleted the pr-update-zabbix-7-0-lts-latest-21 branch December 21, 2025 22:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@danielfdickinson @hnyman @GeorgeSapkin