Hi all,
With the EOL of Apache's 2.2 branch, our vulnerability scanner (Qualys) is rating Nagios XI as a major risk.
Last I read Apache 2.4+ isn't yet supported. Is there any plans to change this? For those running an existing virtual appliance, will an upgrade path be specified?
Thanks
Nagios XI and Apache 2.2 EOL
Re: Nagios XI and Apache 2.2 EOL
Just my 2 cents; With the market penetration Red Hat has these days, it's worth every security team reviewing and understanding Red Hat's policy on backporting security fixes:
https://access.redhat.com/security/updates/backporting
I'll let a tech chime in on Apache version policy.
https://access.redhat.com/security/updates/backporting
I'll let a tech chime in on Apache version policy.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
-
dwhitfield
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: Nagios XI and Apache 2.2 EOL
We support whatever version is in the CentOS/RHEL repos. Currently, Apache 2.4.6 is in the CentOS 7 repos.
Code: Select all
[root@centos7x64 archives]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Oct 19 2017 20:39:16
Re: Nagios XI and Apache 2.2 EOL
Thanks. Is there any support provided to upgrade the virtual appliance to Apache 2.4?
-
dwhitfield
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: Nagios XI and Apache 2.2 EOL
At this time, there are no plans to change our OVA, as Red Hat backports security fixes until November ***2020***. We do support XI on CentOS and RHEL 7. Once you have CentOS or RHEL 7 installed, we will be happy to help you migrate your data. That said, major migration issues are handled in this document: https://assets.nagios.com/downloads/nag ... ios-XI.pdf