Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication (if enabled) in a default installation (i.e., an installation without a
hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some existing installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.
More information on the vulnerability: CVE-2021-3325
This new version fixes such security bug introduced in the 3.13.0 and also updates the main configuration file to add the option
hosts_deny = all by default inside the
auth subsection, in an attempt to make the default behavior more clear.
All users using the 3.13.0 version are advised and encouraged to upgrade to this new version, which resolves the security issue.