Control Center 1.10.2
This page describes the changes in Control Center since release 1.9.1.
Beginning with version 1.4.0, Docker images for Control Center are no longer available on Docker Hub. The images are included in self-installing archive files that are available for download from Zenoss. Likewise, the RPM packages that are required for installations and upgrades are no longer available from Zenoss repositories on the internet, and must be downloaded. However, the Docker images and RPM packages for previous releases are still available from Docker Hub and Zenoss repositories, respectively.
Beginning 1 December 2017, downloads for Zenoss Service Dynamics customers are available on delivery.zenoss.io.
For more information about Control Center operating environments, see Tested operating environments.
Update considerations
- Updates from 1.9.x to 1.10.2 have been tested. Updates from earlier releases have not been tested. Please update to 1.9.x before updating to 1.10.2.
- The Docker release is updated to 20.10.7 to address a resource
consumption vulnerability. In addition, the configuration of new
installs now uses a JSON file,
/etc/docker/daemon.json. Updates may continue to use/etc/sysconfig/docker. For more information, see Configuring Docker on a master host. - The ELK stack is updated to 7.16.1.
- ZooKeeper is updated to 3.8.0.
- The OpenTSDB database is updated to resolve a remote execution vulnerability. As a result, you must restrict access to OpenTSDB. For more information, see Setting the internal services OpenTSDB credentials.
- Control Center now only supports TLS 1.2 and two insecure ciphers were removed (TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA and TLS_RSA_WITH_3DES_EDE_CBC_SHA).
Fixed issues
| ID | Description |
|---|---|
| CC-4464 | Remote execution vulnerability CVE-2020-35476 in isvcs-opentsdb |
| CC-4466 | Uncontrolled resource consumption CVE-2021-21285 in Docker 19.03.12 |
| CC-4484 | TLS 1.0 and 1.1 are supported |
| CC-4491 | HTML clickjacking vulnerability |