Skip to main content

NAV

The first feature release of the 5.18 series of NAV is now out!

The source code is available for download at GitHub.

New packages for Debian 12 (Bookworm), 11 (Bullseye) and 13 (Trixie) are available in our APT repository.

Please be sure to check the release notes before upgrading, as there may be recommended changes to your config files.

Security

  • The CSRF cookie is now marked as secure when needs_tls is enabled in webfront.conf, matching the existing behavior of the session cookie. (#3829)
  • Passwords are no longer leaked in cleartext in Django error emails when LDAP authentication crashes. (#3870)

Removed (developer-centric)

  • Removed obsolete Docker-based test environment. Replaced by test suite changes that can run in ‘normal’ development environments. (#3849)

Added

  • Rooms and locations can now have multiple names (aliases). Aliases are searchable throughout NAV – in the navbar, global search, device history, maintenance, netmap, network explorer, status widgets, and the REST API. Aliases can be managed in SeedDB and via bulk import/export. They are displayed on room/location detail pages, in search results, and in SeedDB list views. (#3314, #3315, #3815, #3818, #3819, #3820, #3821, #3822, #3823, #3836, #3840, #3841, #3844, #3851, #3852, #3868, #3880, #3895)
  • Added support for two-factor authentication (TOTP), OAuth2, OIDC, and SAML login via django-allauth. Authentication can be configured through the new TOML config file webfront/authentication.toml. (#3622, #3676, #3834, #3862, #3873, #3889, #3934, #3936)
  • Added a report of devices without a known uplink in the topology.
  • Debug log runtimes of individual NAVbar search providers.

Changed

  • Auditlog entries can now be sorted by individual columns. Hyperlinks to more details are now provided for actors, objects and targets that still exist in the NAV database. (#3776)
  • Updated markdown dependency to 3.8.1. (#3812)
  • Downgraded spammy WARNING log about alerts referencing deleted objects to DEBUG level. (#3927)

Changed (developer-centric)

  • Standardize vendored JavaScript library management.

    Vendored JS files now follow a consistent <name>-<version>.min.js naming convention and are tracked as npm dependencies for easier version management. A vendor.py tool is included to automate installing and copying vendored files. (#2470)

  • Tox environments and GitHub workflows switched over to uv for dependency management. (#3859)

Fixed

  • Fix network explorer search not working after the first search per page load. (#3853)
  • Fixed l2trace crash when tracing through a netbox with no associated prefix. (#3866)
  • LDAP login no longer crashes with a 500 error when a user cannot be found during group membership verification. (#3871)
  • Fix report column tooltips ($explain_) not showing when the column also has a $name_ override. (#3876)
  • Fixed a crash in SeedDB bulk import when IP addresses contain trailing whitespace. (#3884)

Release notes

We always advise you to have a look at NAV’s accompanying release notes before upgrading.

Happy NAVing everyone!