Skip to content

zabbix: Update to 7.0.21 (lts) #28086

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
danielfdickinson wants to merge 2 commits into
base: master
Choose a base branch
from
Open

zabbix: Update to 7.0.21 (lts) #28086

danielfdickinson wants to merge 2 commits into from

Conversation

@danielfdickinson
Copy link
Contributor

@danielfdickinson danielfdickinson commented Dec 15, 2025
edited
Loading

📦 Package Details

Maintainer: @danielfdickinson

Description:

Updates Zabbix to 7.0.21-r1 (latest 7.0 LTS version)

Security fixes compared to 7.0.12 (most are frontend only):

🧪 Run Testing Details

  • OpenWrt Version: SNAPSHOT (r32307-24b8db118b)
  • OpenWrt Target/Subtarget: bcm27xx/bcm2712
  • OpenWrt Device: raspberrypi,5-model-b
  • Board Profile: rpi-5

Upgraded a 7.0.12-r2 zabbix-server and zabbix-server-frontend (with zabbix-agentd) to this release (7.0.21-r1). Verified operation.

Did note that for the frontend, clearing browser cache, cookies and other site data for the zabbix frontend server was necessary.

✅ Formalities

  • I have reviewed the CONTRIBUTING.md file for detailed contributing guidelines.

If your PR contains a patch:

  • It can be applied using git am
  • It has been refreshed to avoid offsets, fuzzes, etc., using 
    make package/<your-package>/refresh V=s
  • It is structured in a way that it is potentially upstreamable

@danielfdickinson danielfdickinson force-pushed the pr-update-zabbix-7-0-lts-latest-21 branch 4 times, most recently from 61e7b5d to 4903cf4 Compare December 17, 2025 12:04
@danielfdickinson danielfdickinson mentioned this pull request Dec 17, 2025
Draft
3 tasks
@danielfdickinson danielfdickinson marked this pull request as draft December 17, 2025 22:53
@danielfdickinson danielfdickinson force-pushed the pr-update-zabbix-7-0-lts-latest-21 branch 2 times, most recently from 186a03b to d19fcf3 Compare December 17, 2025 23:18
@danielfdickinson
zabbix: update to 7.0.21 (lts)
4ea1135 
Updates Zabbix to 7.0.21-r1 (latest 7.0 LTS version)

Note that for the frontend, clearing browser cache, cookies and other
site data for the zabbix frontend server may be necessary.

Security fixes compared to 7.0.12 (most are frontend only):

* CVE-2025-27238: API hostprototype.get lists data to users with
  insufficient authorization https://support.zabbix.com/browse/ZBX-26988
* CVE-2025-27236: User information disclosure via api_jsonrpc.php on
  method user.get with param search:
  https://support.zabbix.com/browse/ZBX-27060
* CVE-2025-27231: LDAP 'Bind password' field value can be leaked by a
  Zabbix Super Admin: https://support.zabbix.com/browse/ZBX-27062
* CVE-2025-49641: Insufficient permission check for the
  problem.view.refresh action:
  https://support.zabbix.com/browse/ZBX-27063
* CVE-2025-49643: Frontend DoS vulnerability due to asymmetric
  resource consumption: https://support.zabbix.com/browse/ZBX-27284

Signed-off-by: Daniel F. Dickinson <[email protected]>
@danielfdickinson
zabbix: transfer maintenance to myself
2ef8d3f 
With previous maintainer's blessing:
openwrt#28041 (comment)

Signed-off-by: Daniel F. Dickinson <[email protected]>
@danielfdickinson danielfdickinson force-pushed the pr-update-zabbix-7-0-lts-latest-21 branch from d19fcf3 to 2ef8d3f Compare December 17, 2025 23:54
@danielfdickinson danielfdickinson marked this pull request as ready for review December 17, 2025 23:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@danielfdickinson @GeorgeSapkin