Changelog - openITCOCKPIT - 5.5.2

Security

• Security: CVE-2026-24893 Authenticated Command Injection Leading to Remote Code Execution via Host Address Macro Expansion

Many thanks to @h00die-gr3y for responsibly disclosing these vulnerabilities to us.

Refactoring

• Remove it-novum from openITCOCKPIT Monitoring Agent

New Features

• add check_diskstats to openitcockpit-community-plugins package
• EventcorrelationModule: Summary event correlations widget

Improvements

• MapModule: Calculate default map height in map widget based on widget height

Bug fixes

• Hosts index: empty pdf and csv lists if regex filter is applied

Blog post: https://openitcockpit.io/blog/posts/2026/2026-04-14-openitcockpit-agent-3.6.0-and-5.5.2/

Changelog - openITCOCKPIT - 5.5.1

Bug fixes

• Config Refresh stuck at Execute post export tasks

Changelog - openITCOCKPIT - 5.5.0

Refactoring

• Refactoring hosts/services summary: buttons and cards colors - set opacity if value is 0 [Organizational charts + oitc-header-stats]
• ImportModule: Refactor status handling for boolean values from FlowChief system and processing of onUserSessionClosed events
• Rename Allgeier IT Services GmbH into AVENDIS GmbH see
• ServiceCapacityManagementModule - Resource groups: summary (replace sunburst chart with echarts)

New Features

• EventcorrelationModule: New scoring logic gate for event correlation
• Wizard: Kubernetes
• Wizard: Agentless Windows
• Dashboards: Filtering by priority in dashboard and State Type in Service Index
• Wizard: Checkpoint Firewall
• Wizard: Broadcom BES
• Wizard: Server Hardware Monitoring (Redfish)
• ImportModule: Add Prometheus Exporter to Event-Collectd
• Import Module: Add support for FlowChief message templates as filter
• Dashboard: New Widget for delayed passive hosts and services
• PrometheusModule: Add option to configure Prometheus Port

Improvements

• Eventcorrelation Module: Include correlation details in host status and host notifications
• Wizard: PaloAlto new Mode Connections per Second
• Wizard: Cisco Network added mode uptime with additional reboot reason
• Wizard: Quoting of variables
• MapModule: Change Map Height to the size of the screen
• EventcorrelationModule: Add hint for "Consider State Type" Option in View and highlight unsaved Changes

Bug fixes

• Numeric command arguments are not stored
• Wrong Validation error for security configuration in Agent Wizard
• MapModule: Mapgenerator host groups cannot be deleted
• Export user permissions as XLSX: Empty container list if only root container exists
• Dashboard: Service status list (extended) widget - wrong logic for older than ...
• Duplicate Delete Elements on refresh in host browser
• Software inventory: Duplicate entries of hosts in Patchstatus for non root users
• Issue with saved service bookmark filters after update to 5.4.0
• PrometheusModule: Popover Graph does not show unit
• Naemon Core: Update Naemon Core to version 1.5.1 to resolve a memory corruption error that will lead to a crash Naemon

Blog post: https://openitcockpit.io/blog/posts/2026/2026-03-23-openitcockpit-5.5.0/

Changelog - openITCOCKPIT - 5.4.0

Security

• Security: CVE-2026-24891 Unsafe PHP Deserialization in Gearman Worker Allows Conditional Object Injection
• Security: CVE-2026-24892 Unsafe Deserialization in openITCOCKPIT Changelog Handling

Many thanks to @h00die-gr3y for responsibly disclosing these vulnerabilities to us.

New Features

• Software inventory and patch management
• Add Prometheus to openITCOCKPIT Community Edition
• Time periods: Exclude time period in time period configuration
• DistributeModule: Show system information about each Satellite
• Wizard: Apache Status & Tomcat
• Wizard: Aruba Network
• Wizard: Citrix Netscaler
• Wizard: Fortigate Firewall
• Wizard: Fujitsu Eternus Tape Library
• Wizard: Gude Sensoren
• Wizard: NetApp
• Wizard: Nextcloud
• Wizard: NGINX Status
• Wizard: Palo Alto Firewall
• Export user permissions as XLSX (Microsoft Excel)
• SLA Module - SLAs Total Overview Widget
• ServiceCapacityManagementModule - Resource group: add department
• Statuspage: Split Additional information into two columns
• ImportModule: Multiply Icinga check_interval by two as freshness value
• Add sorting in host groups extended view and service groups extended view

Improvements

• PrometheusModule: Upgrade Prometheus to version 3
• Wizard: Accordions Design
• Teams Incoming Webhook is end of life at March 31st
• Ability to Filter by HostGroup in Hosts and Services
• Refactoring hosts/services summary: buttons and cards colors - set opacity if value is 0

Bug fixes

• MapModule: Mapgenerator has wrong spaces between items
• Status older than in Dashboard widgets not working
• Creating A Calendar automatically adds Holidays
• Status page group widget: Forbidden message for assigned widgets after changes to the update interval
• IsarFlowModule: Error in ImportInterfacesFromExternalSystemCommand
• Slow Wizard Scans break the Front-End
• Only last filter applies to logentry filter
• ImportModule: Name of imported host groups is not updated
• ImportModule: Freshness Check Interval of external services will not be updated
• DistributeModule: Satellites add or edit - show server timezone and current server time
• DesignModule: Text color of maps is also used in status toast
• Create Downtimes result in HTTP error
• Dashboards: Wrong behavior on reload for widgets with oitc-interval-picker

Blog post: https://openitcockpit.io/blog/posts/2026/2026-02-20-openitcockpit-5.4.0/

Changelog - openITCOCKPIT - 5.3.1

Bug fixes

• ImportModule: PHP Deprecated message on Import
• ImportModule: Orphaned services in imported_services table