11 What's new in Zabbix 5.0.6

Disabled autocomplete attribute for sensitive fields

To avoid potential exposure of data, the autocomplete attribute is now turned off for many fields containing sensitive information, such as a user's password for logging into Zabbix, pre-shared keys (PSK), usernames and passwords used for data collection by various items and hosts, SNMPv3 authentication and privacy passphrases, passwords for media types; SSL key password and HTTP proxy fields used in web scenarios and HTTP items; usernames, passwords and key passphrases in remote commands. This setting shall prevent most browsers from using autocompletion in the affected fields.

Systemd discovery based on unit state

Zabbix agent 2 item systemd.unit.discovery now also returns the current enablement status of unit files under the {#UNIT.UNITFILESTATE} low-level discovery macro. As a use case example, these data may be used in the discovery rule filter to filter out all disabled systemd units and discover only enabled ones.

iTop webhook integration

A new integration is available allowing to use the webhook media type for pushing Zabbix notifications to iTop.

New templates

The following templates are now available for out-of-the-box monitoring:

Apache projects
Morningstar
  • Morningstar ProStar MPPT SNMP - monitoring of Prostar MPPT solar charge controller via SNMP;
  • Morningstar ProStar PWM SNMP - monitoring of ProStar pulse width modulation (PWM) solar charge controller via SNMP;
  • Morningstar SunSaver MPPT SNMP - monitoring of SunSaver MPPT solar charge controller via SNMP;
  • Morningstar SureSine SNMP - monitoring of SureSine pure sine wave inverter via SNMP;
  • Morningstar TriStar MPPT 600V SNMP - monitoring of TriStar MPPT 600V solar charge controller via SNMP;
  • Morningstar TriStar MPPT SNMP - monitoring of TriStar MPPT solar charge controller via SNMP;
  • Morningstar TriStar PWM SNMP - monitoring of TriStar PWM solar charge controller via SNMP.

These templates are specifically designed for monitoring Morningstar devices; a step-by-step User guide to setting up Zabbix monitoring of the Morningstar products is also available.

You can get new templates:

  • In ConfigurationTemplates in new installations;
  • If you are upgrading from previous versions, you can download new templates from Zabbix Git repository or find them in the templates directory of the downloaded latest Zabbix version. Then, while in ConfigurationTemplates you can import them manually into Zabbix.

Protection against user enumeration attacks

To make sure an attacker may not guess valid user names because temporary account blocking after consecutive failed login attempts is only applied to existing user names, the account blocking is now also enforced if non-existing user names are used.

To further obscure the possibility of such attacks, a unified generic message is now displayed for all problems related to incorrect login:

Incorrect user name or password or account is temporarily blocked.
Copy
✔ Copied
To toggle search highlight, press Ctrl+Alt+H
Have an improvement suggestion for this page? Select the text that could be improved and press Ctrl+Enter to send it to the editors.