Changelog - openITCOCKPIT - 5.5.2

Security

• Security: CVE-2026-24893 Authenticated Command Injection Leading to Remote Code Execution via Host Address Macro Expansion

Many thanks to @h00die-gr3y for responsibly disclosing these vulnerabilities to us.

Refactoring

• Remove it-novum from openITCOCKPIT Monitoring Agent

New Features

• add check_diskstats to openitcockpit-community-plugins package
• EventcorrelationModule: Summary event correlations widget

Improvements

• MapModule: Calculate default map height in map widget based on widget height

Bug fixes

• Hosts index: empty pdf and csv lists if regex filter is applied

Blog post: https://openitcockpit.io/blog/posts/2026/2026-04-14-openitcockpit-agent-3.6.0-and-5.5.2/

Changelog - openITCOCKPIT - 5.5.1

Bug fixes

• Config Refresh stuck at Execute post export tasks

Changelog - openITCOCKPIT - 5.5.0

Refactoring

• Refactoring hosts/services summary: buttons and cards colors - set opacity if value is 0 [Organizational charts + oitc-header-stats]
• ImportModule: Refactor status handling for boolean values from FlowChief system and processing of onUserSessionClosed events
• Rename Allgeier IT Services GmbH into AVENDIS GmbH see
• ServiceCapacityManagementModule - Resource groups: summary (replace sunburst chart with echarts)

New Features

• EventcorrelationModule: New scoring logic gate for event correlation
• Wizard: Kubernetes
• Wizard: Agentless Windows
• Dashboards: Filtering by priority in dashboard and State Type in Service Index
• Wizard: Checkpoint Firewall
• Wizard: Broadcom BES
• Wizard: Server Hardware Monitoring (Redfish)
• ImportModule: Add Prometheus Exporter to Event-Collectd
• Import Module: Add support for FlowChief message templates as filter
• Dashboard: New Widget for delayed passive hosts and services
• PrometheusModule: Add option to configure Prometheus Port

Improvements

• Eventcorrelation Module: Include correlation details in host status and host notifications
• Wizard: PaloAlto new Mode Connections per Second
• Wizard: Cisco Network added mode uptime with additional reboot reason
• Wizard: Quoting of variables
• MapModule: Change Map Height to the size of the screen
• EventcorrelationModule: Add hint for "Consider State Type" Option in View and highlight unsaved Changes

Bug fixes

• Numeric command arguments are not stored
• Wrong Validation error for security configuration in Agent Wizard
• MapModule: Mapgenerator host groups cannot be deleted
• Export user permissions as XLSX: Empty container list if only root container exists
• Dashboard: Service status list (extended) widget - wrong logic for older than ...
• Duplicate Delete Elements on refresh in host browser
• Software inventory: Duplicate entries of hosts in Patchstatus for non root users
• Issue with saved service bookmark filters after update to 5.4.0
• PrometheusModule: Popover Graph does not show unit
• Naemon Core: Update Naemon Core to version 1.5.1 to resolve a memory corruption error that will lead to a crash Naemon

Blog post: https://openitcockpit.io/blog/posts/2026/2026-03-23-openitcockpit-5.5.0/

Changelog - openITCOCKPIT - 5.4.0

Security

• Security: CVE-2026-24891 Unsafe PHP Deserialization in Gearman Worker Allows Conditional Object Injection
• Security: CVE-2026-24892 Unsafe Deserialization in openITCOCKPIT Changelog Handling

Many thanks to @h00die-gr3y for responsibly disclosing these vulnerabilities to us.

New Features

• Software inventory and patch management
• Add Prometheus to openITCOCKPIT Community Edition
• Time periods: Exclude time period in time period configuration
• DistributeModule: Show system information about each Satellite
• Wizard: Apache Status & Tomcat
• Wizard: Aruba Network
• Wizard: Citrix Netscaler
• Wizard: Fortigate Firewall
• Wizard: Fujitsu Eternus Tape Library
• Wizard: Gude Sensoren
• Wizard: NetApp
• Wizard: Nextcloud
• Wizard: NGINX Status
• Wizard: Palo Alto Firewall
• Export user permissions as XLSX (Microsoft Excel)
• SLA Module - SLAs Total Overview Widget
• ServiceCapacityManagementModule - Resource group: add department
• Statuspage: Split Additional information into two columns
• ImportModule: Multiply Icinga check_interval by two as freshness value
• Add sorting in host groups extended view and service groups extended view

Improvements

• PrometheusModule: Upgrade Prometheus to version 3
• Wizard: Accordions Design
• Teams Incoming Webhook is end of life at March 31st
• Ability to Filter by HostGroup in Hosts and Services
• Refactoring hosts/services summary: buttons and cards colors - set opacity if value is 0

Bug fixes

• MapModule: Mapgenerator has wrong spaces between items
• Status older than in Dashboard widgets not working
• Creating A Calendar automatically adds Holidays
• Status page group widget: Forbidden message for assigned widgets after changes to the update interval
• IsarFlowModule: Error in ImportInterfacesFromExternalSystemCommand
• Slow Wizard Scans break the Front-End
• Only last filter applies to logentry filter
• ImportModule: Name of imported host groups is not updated
• ImportModule: Freshness Check Interval of external services will not be updated
• DistributeModule: Satellites add or edit - show server timezone and current server time
• DesignModule: Text color of maps is also used in status toast
• Create Downtimes result in HTTP error
• Dashboards: Wrong behavior on reload for widgets with oitc-interval-picker

Blog post: https://openitcockpit.io/blog/posts/2026/2026-02-20-openitcockpit-5.4.0/

Changelog - openITCOCKPIT - 5.3.1

Bug fixes

• ImportModule: PHP Deprecated message on Import
• ImportModule: Orphaned services in imported_services table

Changelog - openITCOCKPIT - 5.3.0

Refactoring

• oAuth2: Login screen does not show if no oAuth user can be found
• Changelogs: Log template changes for host and service configuration

New Features

• Wizard: Proxmox VE
• Wizard: Nutanix
• Wizard: Network Interfaces
• MapModule: Automatic Map Generator
• ImportModule: Add Support for LibreNMS

Improvements

• Show indicator if recurring downtimes are including host and services
• Dashboard Allocation Modal: Does not reset when closed and re-opened
• Eventcorrelation Module: Notifications - add more information about failed services into the subject

Bug fixes

• Autoreport Module: Failure statistic gap shows the wrong variable
• Performance Data: Wrong min and max values for percentages
• Map Module: Item stays in DB after deleting corresponding Map Object
• Validation Errors are not visible in System Failures Page
• Map Module: Satellite Interface - When stacking maps, the status will not be displayed in the top maps
• Time periods: Update for time ranges is not working as expected
• Query::orderBy(): Argument #2 ($overwrite) must be of type bool, string given
• JiraModule: Proxy settings are ignored
• LDAP groups were not displayed correctly in user roles after updating user role
• Browser: The container tree in browser ignores tenants of User Container Roles
• Maps in fullscreen mode result in a 404 error
• MapModule: Index list shows "Delete" even if not allowed.
• Dashboard: Tacho-Widget has no link to underlying service
• Eventcorrelation Module: Undefined array key "" in EvcPluginCommand.php

Blog post: https://openitcockpit.io/blog/posts/2025/2025-12-02-openitcockpit-5.3.0/

Changelog - openITCOCKPIT - 5.2.0

Refactoring

• Database: Synchronize timezone settings from PHP with MySQL connection

New Features

• FlowChief status bridge
• Import Module: Add support for FlowChief
• Wizard: Cisco Network & WLC
• Wizard: Hyper-V
• Wizard: Broadcom Proxy
• ServiceCapacityManagementModule - Consider working hours (add time period)
• Show upcoming maintenance periods in host and service overview

Improvements

• Enable Kiosk Mode through query parameter on all pages
• Agent: Add TLS security options to Agent Configuration
• Agent: Add option to verify expiry date of Auto-TLS certificates in the Config Editor
• Add used 3rd party licenses while building packages
• Apexcharts: Replace with Apache eCharts

Bug fixes

• Autoreport Module: Division by zero in SLA Chart
• Security: Wrong permission check for creation of new Tenants
• Satellite interface: Use User timezone instead of server timezone
• Wrong Container-Ids for filtering: loadHostgroupsByContainerId and loadServicegroupsByContainerId
• Host - edit_details bug when shared
• Microsoft365 Module: Can't be installed on RHEL
• Append to hostgroup/servicegroup search won't load new elements and missing validation in service template groups assignments
• Improve warning for same service name on host
• 404 Error on empty Organizational Charts
• Adding Tacho Widget to Dashboard causes error
• Download of Module files forbidden
• AutoreportCalculateAvailability - DivisionByZero Error

Blog post: https://openitcockpit.io/blog/posts/2025/2025-11-04-openitcockpit-5.2.0/

Changelog - openITCOCKPIT - 5.1.2

New Features

• Wizard: Microsoft 365 Service Status
• Wizard: Microsoft 365 Mailbox
• Wizard: Microsoft 365 OneDrive
• Wizard: Microsoft 365 SharePoint

Bug fixes

• VMware Module: Missing use for DatastoreScan in Gearman Worker

Blog post: https://openitcockpit.io/blog/posts/2025/2025-09-30-openitcockpit-5.1.2/

Changelog - openITCOCKPIT - 5.1.1

New Features

• Emergency Management Dashboard
• Wizard: Proxmox
• Add Search field into Wizards
• New Dashboard Widget: Organizational charts
• SLA Module - Manage mapping rules: add filter by host/service groups

Improvements

• Satellite interface: Link after Login always redirects to default dashboard
• Import Module: OpManager API Result is missing required fields

Bug fixes

• Dashboard: Tachometer Widget does not support Prometheus Metrics
• Satellite interface: Filter: Use User timezone instead of server timezone
• Satellite interface: Login Screen does not show holiday
• Notification Templates raising warnings
• openITCOCKPIT does not display possible update in Package Manager web interfacec
• VMware Wizard: Quotes and JSON processing
• DistributedMonitoring: openITCOCKPIT Agent port can't be changed on satellite in Pull Mode

Blog post: https://openitcockpit.io/blog/posts/2025/2025-09-29-openitcockpit-5.1.1/

Changelog - openITCOCKPIT - 5.1.0

New Features

• Add tags to host/service groups - Extend data import and dashboards - Tactical Overview (with [host/service groups tags] filter)
• Organizational chart - Alternative tree view [Browser]
• ServiceCapacityManagementModule - Send Status Email to Mailing List
• Extend DesignModule
• Wizard: VMware ESX Host
• Wizard: VMware Datastores
• Wizard: VMware Snapshots
• Wizard: Dell iDrac
• Statuspage: Add option to define public URL
• Add Support for Debian 13 Trixie
• Docker: Add option to customize TLS certificates used by Nginx in Docker setups

Refactoring

• Remove Acknowledgement via e-mail
• Migrate backend to CakePHP 5
• Update to Angular 20
• Update SASS to use @use and remove all @import rules
• Refactor definition of Constants
• Deprecated: openITCOCKPIT will no longer update the Docker-Mirror for Ubuntu and Debian
• Remove AngularJS
• Local copy of CSS for PDF generation
• As of 4.5.0, using newQuery() is deprecated. Instead, use insertQuery(), deleteQuery(), selectQuery() or updateQuery()

Improvements

• PrimeNG: Replace custom multiselect component
• Show reason type of Host and Service Notifications
• Show execution time of checks in check history
• MapModule: Uplaod of Map Background does not save the user_id
• Dashboard: Show percentages as chart in Tactical Overview
• Link after Login always redirects to default dashboard
• Allow letters, characters and digits in zip code

Bug fixes

• php 8.3 compatability
• Filter: User User timezone instead of server timezone
• NWC Wizard: SNMP Error Discovery not possible
• Users: Export as CSV ignores user groups
• ImportModule: Import from CMDB + External Monitoring does not work
• Checkmk Module: Orphaned Checkmk checks after deleting the service template
• SCM-module - Resource: setStatus (wrong permission check for multi select checkbox)
• Design Module: Few permissions lead to 403 after login
• SLA Module: Filter disabled hosts in viewDetail view
• CmdCommand: utf8_encode() is deprecated
• Service Browser: Adds metrics to the select box on reload
• Login Screen does not show holiday
• MapModule: undefined error in satellite
• Using Filter adding Container Roles to User deletes assignment
• Charts: Wrong representation of Counter values
• AutoreportModule: Creating a new Autoreport does not work

Blog post: https://openitcockpit.io/blog/posts/2025/2025-09-08-openitcockpit-5.1.0/

Changelog - openITCOCKPIT - 5.0.2

New Features

• User Configuration - Add field department
• Users/edit: Add [Enable login through oAuth2] option to users edit view

Refactoring

• Import Module: Reduce amount of API calls to ManageEngine OpManager

Improvements

• Public Statuspages: Customize Header-Logo, Header-title and Page-Background

Bug fixes

• ImportModule: External monitoring preview not compatible with Regex and limit for OpManager, Icinga and PRTG
• Hosts/Services in Downtime in Maps does not changes Icon
• Permissions for actions in hosts-browser, services-browser incomplete
• Hosts-Browser: Service-List shows host's last state change
• Last state change from service shows information from host
• Better Workflow of OpenStreetMap alerts in case of missing config
• Dashboard: Changecalendar on Dashboards errors 403
• Browser: PDF and CSV export exports all hosts and ignores the currently selected container
• Tactical overview for Service showing wrong number of unknowns
• Users: Export user list as CSV returns HTML
• Config File Editor: No valid JSON if php.ini is not found
• ImportModule: Imported hosts page slow if CMDB is offline
• ImportModule: Hostnames in OpManager are not unique
• Import Module: Clean up for imported services table

Blog post: https://openitcockpit.io/blog/posts/2025/2025-07-16-openitcockpit-5.0.2/

Changelog - openITCOCKPIT - 5.0.1

Improvements

• Export timestamp to .csv files in readable format
• Slow browser performance on Debugging Page

Bug fixes

• Deprecated: Passing null to parameter #1 ($datetime) of type string is deprecated