ID: 12547
Title: Fix possible XSS on audit log page
Component: Setup
Level: 1
Class: Security fix
Version: 2.1.0i1
Displaying the detail text of changes could trigger execution of arbitrary
javascript code that was previously stored by a modification made to the
configuration. This issue may affect users of the setup of previous 2.0.0
versions.
ID: 12280
Title: Fix XSS on host / folder properties page
Component: Setup
Level: 1
Class: Security fix
Version: 2.1.0i1
A user with permissions to edit tag groups could trigger a stored XSS issue on
the host and folder properties pages. This may lead to javascript code being
executed in the browser of another user which is able to access the host and
folder properties pages.
ID: 12277
Title: Docker container: Update base image to Debian buster
Component: Core & setup
Level: 2
Class: Security fix
Version: 2.1.0i1
The Checkmk docker container image was previously based on the
debian:stretch-slim image. The base image has now been updated to
debian:buster-slim.
If you build the container images on your own, based on the Dockerfile from our
git, you will now have to use the Checkmk packages for Debian buster instead of
the stretch packages.