Download Latest Version
Icinga 2 v2.15.0 source code.tar.gz (9.4 MB)
Get an email when there's a new version of Icinga 2
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| Icinga 2 v2.12.12 source code.tar.gz | 2025-05-22 | 7.6 MB | |
| Icinga 2 v2.12.12 source code.zip | 2025-05-22 | 8.1 MB | |
| README.md | 2025-05-22 | 1.1 kB | |
| Totals: 3 Items | 15.6 MB | 0 | |
This security release fixes a critical issue in the certificate renewal logic in Icinga 2, which might incorrectly renew an invalid certificate. However, only nodes with access to the Icinga CA private key running with OpenSSL older than version 1.1.0 (released in 2016) are vulnerable. So this typically affects Icinga 2 masters running on operating systems like RHEL 7 and Amazon Linux 2.
For details, please check the release announcement and the GitHub security advisory
- CVE-2025-48057: Prevent invalid certificates from being renewed with OpenSSL older than v1.1.0.
- Fix use-after-free in VerifyCertificate(): Additionally, a use-after-free was found in the same function which is fixed as well, but in case it is triggered, typically only a wrong error code may be shown in a log message.
- Windows: Update OpenSSL shipped on Windows to v3.0.16. [#10455]
- Windows: Fix unknown ctest(1)
--log_levelargument. [#10453] - Don't require to build .msi as admin. [#10454]