Page 1 of 1
Nagios XI and Apache 2.2 EOL
Posted: Fri Oct 27, 2017 8:05 am
by perric
Hi all,
With the EOL of Apache's 2.2 branch, our vulnerability scanner (Qualys) is rating Nagios XI as a major risk.
Last I read Apache 2.4+ isn't yet supported. Is there any plans to change this? For those running an existing virtual appliance, will an upgrade path be specified?
Thanks
Re: Nagios XI and Apache 2.2 EOL
Posted: Fri Oct 27, 2017 8:59 am
by mcapra
Just my 2 cents; With the market penetration Red Hat has these days, it's worth every security team reviewing and understanding Red Hat's policy on backporting security fixes:
https://access.redhat.com/security/updates/backporting
I'll let a tech chime in on Apache version policy.
Re: Nagios XI and Apache 2.2 EOL
Posted: Fri Oct 27, 2017 11:08 am
by dwhitfield
We support whatever version is in the CentOS/RHEL repos. Currently, Apache 2.4.6 is in the CentOS 7 repos.
Code: Select all
[root@centos7x64 archives]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Oct 19 2017 20:39:16
Re: Nagios XI and Apache 2.2 EOL
Posted: Tue Oct 31, 2017 8:26 am
by perric
Thanks. Is there any support provided to upgrade the virtual appliance to Apache 2.4?
Re: Nagios XI and Apache 2.2 EOL
Posted: Tue Oct 31, 2017 2:22 pm
by dwhitfield
At this time, there are no plans to change our OVA, as Red Hat backports security fixes until November ***2020***. We do support XI on CentOS and RHEL 7. Once you have CentOS or RHEL 7 installed, we will be happy to help you migrate your data. That said, major migration issues are handled in this document:
https://assets.nagios.com/downloads/nag ... ios-XI.pdf