Sidebar

manual:installation:upgrade_notes_2221

29 Upgrade notes for 2.2.21

More secure Zabbix setup

Several features have been implemented as part of an effort to “harden” the Zabbix web interface:

  • Same origin policy for IFrames. Zabbix now cannot be placed in frames on a different domain. Still, pages placed into a Zabbix frame will have access to Zabbix frontend (through JavaScript) if the page that is placed in the frame and Zabbix frontend are on the same domain. A page like http://secure-zabbix.com/cms/page.html, if placed into screens on http://secure-zabbix.com/zabbix/, will have full JS access to Zabbix.
  • Technical errors (PHP/SQL) are now hidden by default from non-Zabbix Super admin users and from users that are not part of user groups with debug mode enabled. This is configurable via the new ZBX_SHOW_TECHNICAL_ERRORS constant, set to 'false' by default.
  • From now on HttpOnly flag is set for all session cookies.