Checkmk git commits September 2018

checkmk-commits@lists.checkmk.com

12 participants
371 discussions

Addition to #4682: Prevent use of given command in wato_ajax_diag_host.py

by Lars Michelsen

Module: check_mk Branch: master Commit: e5d3f7ead2918668a8dd75cc99223ee861f3c6a0 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e5d3f7ead29186… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Sep 17 11:26:19 2018 +0200 Addition to #4682: Prevent use of given command in wato_ajax_diag_host.py Change-Id: I5a7e51999c12d69b2a13271ddc5757e7dd5c35a8 --- cmk/gui/wato/__init__.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cmk/gui/wato/__init__.py b/cmk/gui/wato/__init__.py index 4413e06..97a05ad 100644 --- a/cmk/gui/wato/__init__.py +++ b/cmk/gui/wato/__init__.py @@ -3186,9 +3186,12 @@ class ModeAjaxDiagHost(WatoWebApiMode): 'snmp_timeout', 'snmp_retries', 'tcp_connect_timeout', - 'datasource_program' ]): + ]): args[idx] = request.get(what, "") + if config.user.may('wato.add_or_modify_executables'): + args[6] = request.get("datasource_program", "") + if request.get("snmpv3_use"): snmpv3_use = { "0": "noAuthNoPriv", "1": "authNoPriv",

6 years

6621 SEC Add permission to prevent users from editing " Deploy custom files with agent" rule set

by Lars Michelsen

Module: check_mk Branch: master Commit: 258a71a2d23440bb65ba6d8352d97dbacce55433 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=258a71a2d23440… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Sep 17 20:14:59 2018 +0200 6621 SEC Add permission to prevent users from editing "Deploy custom files with agent" rule set Using the rule set "Deploy custom files with agent" it is possible to select custom files to be distributed with the agents built using the Agent Bakery. As this is rule set may add custom executable code to the agents it makes sense to be able to control the permission for this more explicitly. If you want to make sure that administrative users can not add those custom files to the agents, you can now use the rule set "Configure custom agent file deployments" to revoke this permission. Change-Id: Iaf9c5d8b763d1f6d24decf8dceed5282dbf85e71 --- .werks/6621 | 17 +++++++++++++++++ cmk/gui/plugins/wato/utils/__init__.py | 2 ++ 2 files changed, 19 insertions(+) diff --git a/.werks/6621 b/.werks/6621 new file mode 100644 index 0000000..d2fa9d1 --- /dev/null +++ b/.werks/6621 @@ -0,0 +1,17 @@ +Title: Add permission to prevent users from editing "Deploy custom files with agent" rule set +Level: 1 +Component: agents +Compatible: compat +Edition: cee +Version: 1.6.0i1 +Date: 1537207681 +Class: security + +Using the rule set "Deploy custom files with agent" it is possible to select custom files +to be distributed with the agents built using the Agent Bakery. As this is rule set may +add custom executable code to the agents it makes sense to be able to control the permission +for this more explicitly. + +If you want to make sure that administrative users can not add those custom files to the +agents, you can now use the rule set "Configure custom agent file deployments" to revoke +this permission. diff --git a/cmk/gui/plugins/wato/utils/__init__.py b/cmk/gui/plugins/wato/utils/__init__.py index fdab5c4..c5fbb79 100644 --- a/cmk/gui/plugins/wato/utils/__init__.py +++ b/cmk/gui/plugins/wato/utils/__init__.py @@ -987,6 +987,8 @@ def may_edit_ruleset(varname): return config.user.may("wato.services") or config.user.may("wato.rulesets") elif varname in [ "custom_checks", "datasource_programs" ]: return config.user.may("wato.rulesets") and config.user.may("wato.add_or_modify_executables") + elif varname == "agent_config:custom_files": + return config.user.may("wato.rulesets") and config.user.may("wato.agent_deploy_custom_files") else: return config.user.may("wato.rulesets")

6 years

6565 SEC Fixed possible XSS issues in Bookmarks snapin

by Lars Michelsen

Module: check_mk Branch: master Commit: 851a9ef962ee30605030fae820bd82941946e138 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=851a9ef962ee30… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Sep 13 18:19:42 2018 +0200 6565 SEC Fixed possible XSS issues in Bookmarks snapin We've discovered and fixed several possible XSS issues affecting the Bookmarks snapin. These could be used to execute arbitrary javascript code in the context of an authenticated user. Change-Id: I00bcaf7fb226ecbc2da68c4e5d851fc6787c9967 --- .werks/6565 | 12 ++++++++++++ cmk/gui/htmllib.py | 4 ++-- cmk/gui/plugins/sidebar/utils.py | 2 +- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/.werks/6565 b/.werks/6565 new file mode 100644 index 0000000..b238de7 --- /dev/null +++ b/.werks/6565 @@ -0,0 +1,12 @@ +Title: Fixed possible XSS issues in Bookmarks snapin +Level: 1 +Component: multisite +Compatible: compat +Edition: cre +Version: 1.6.0i1 +Date: 1536855459 +Class: security + +We've discovered and fixed several possible XSS issues affecting +the Bookmarks snapin. These could be used to execute arbitrary +javascript code in the context of an authenticated user. diff --git a/cmk/gui/htmllib.py b/cmk/gui/htmllib.py index 92fe1e6..303fa8f 100644 --- a/cmk/gui/htmllib.py +++ b/cmk/gui/htmllib.py @@ -2593,8 +2593,8 @@ class html(HTMLGenerator): if self._user_id: isopen = self.foldable_container_is_open(treename, id, isopen) - onclick = "toggle_foldable_container(\'%s\', \'%s\', \'%s\')"\ - % (treename, id, fetch_url if fetch_url else '') + onclick = "toggle_foldable_container(%s, %s, %s)"\ + % (json.dumps(treename), json.dumps(id), json.dumps(fetch_url if fetch_url else '')) img_id = "treeimg.%s.%s" % (treename, id) diff --git a/cmk/gui/plugins/sidebar/utils.py b/cmk/gui/plugins/sidebar/utils.py index 54d1b07..aed44c0 100644 --- a/cmk/gui/plugins/sidebar/utils.py +++ b/cmk/gui/plugins/sidebar/utils.py @@ -259,7 +259,7 @@ def bulletlink(text, url, target="main", onclick = None): def iconlink(text, url, icon): html.open_a(class_=["iconlink", "link"], target="main", href=url) html.icon(icon=icon, help=None, cssclass="inline") - html.write(text) + html.write_text(text) html.close_a() html.br()

6 years

6566 SEC Fixed possible XSS on agent update status views

by Lars Michelsen

Module: check_mk Branch: master Commit: 9d7c66700a846f5c83af9c0562558db91aea5af9 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=9d7c66700a846f… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Sep 13 19:53:40 2018 +0200 6566 SEC Fixed possible XSS on agent update status views Parts of the agent deployment status could be used to trigger XSS injections. Change-Id: I470506da8e73d093c3d556f84c214f9debe14649 --- .werks/6566 | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.werks/6566 b/.werks/6566 new file mode 100644 index 0000000..404477d --- /dev/null +++ b/.werks/6566 @@ -0,0 +1,10 @@ +Title: Fixed possible XSS on agent update status views +Level: 1 +Component: agents +Compatible: compat +Edition: cee +Version: 1.6.0i1 +Date: 1536861157 +Class: security + +Parts of the agent deployment status could be used to trigger XSS injections.

6 years

6610 SEC Fixed possible XSS using the dokuwiki snapin

by Lars Michelsen

Module: check_mk Branch: master Commit: ae7bfc05258302905f95bc553f595fb10bd7fd4a URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=ae7bfc05258302… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Sep 13 20:32:35 2018 +0200 6610 SEC Fixed possible XSS using the dokuwiki snapin The content of the DokuWiki page named "sidebar" was inserted into the DokuWiki view of Check_MK, but was is not correctly sanitized. This can only be done by an administrator of the page, but every user who can access the DokuWiki view was affected by the vulnerability. Change-Id: I6c36e9d0459465257f840a2b6220f775c9d23541 --- .werks/6610 | 13 +++++++++++++ cmk/gui/plugins/sidebar/shipped.py | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/.werks/6610 b/.werks/6610 new file mode 100644 index 0000000..32804e9 --- /dev/null +++ b/.werks/6610 @@ -0,0 +1,13 @@ +Title: Fixed possible XSS using the dokuwiki snapin +Level: 1 +Component: multisite +Compatible: compat +Edition: cre +Version: 1.6.0i1 +Date: 1536863484 +Class: security + +The content of the DokuWiki page named "sidebar" was inserted into the DokuWiki +view of Check_MK, but was is not correctly sanitized. This can only be done by +an administrator of the page, but every user who can access the DokuWiki view +was affected by the vulnerability. diff --git a/cmk/gui/plugins/sidebar/shipped.py b/cmk/gui/plugins/sidebar/shipped.py index 58c2e85..cc30456 100644 --- a/cmk/gui/plugins/sidebar/shipped.py +++ b/cmk/gui/plugins/sidebar/shipped.py @@ -675,7 +675,7 @@ def render_wiki(): bulletlink(name, "/%s/wiki/doku.php?id=%s" % (config.omd_site(), link)) else: - html.write(line) + html.write_text(line) if ul_started == True: html.close_ul()

6 years

6611 SEC Fixed multiple reflected XSS attacks using AJAX calls

by Lars Michelsen

Module: check_mk Branch: master Commit: bd963e56dc0e63694a33db5ef93e92a6cf2a72d3 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=bd963e56dc0e63… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Sep 13 20:36:35 2018 +0200 6611 SEC Fixed multiple reflected XSS attacks using AJAX calls Several AJAX calls with invalid content type setting could be used to trigger XSS attacks. Change-Id: Ibef23df27282cf5e72bd0d6d3da3d1a8b713ba67 --- .werks/6611 | 11 +++++++++++ cmk/gui/plugins/wato/utils/base_modes.py | 1 + 2 files changed, 12 insertions(+) diff --git a/.werks/6611 b/.werks/6611 new file mode 100644 index 0000000..8fc405a --- /dev/null +++ b/.werks/6611 @@ -0,0 +1,11 @@ +Title: Fixed multiple reflected XSS attacks using AJAX calls +Level: 1 +Component: wato +Compatible: compat +Edition: cre +Version: 1.6.0i1 +Date: 1536863730 +Class: security + +Several AJAX calls with invalid content type setting could be used +to trigger XSS attacks. diff --git a/cmk/gui/plugins/wato/utils/base_modes.py b/cmk/gui/plugins/wato/utils/base_modes.py index 15ac7ca..5ba031c 100644 --- a/cmk/gui/plugins/wato/utils/base_modes.py +++ b/cmk/gui/plugins/wato/utils/base_modes.py @@ -109,6 +109,7 @@ class WatoWebApiMode(object): def handle_page(self): + html.set_output_format("json") try: action_response = self.page() response = { "result_code": 0, "result": action_response }

6 years

6568 SEC Fixed possible XSS on custom icon management page

by Lars Michelsen

Module: check_mk Branch: master Commit: 1c45c95ec37eb2d84ddd55eae6785eb0c16ca229 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=1c45c95ec37eb2… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Sep 13 20:21:50 2018 +0200 6568 SEC Fixed possible XSS on custom icon management page Using icons with specific names it was possible to trigger an XSS on the icon administration page which only affected admin users. Change-Id: I43884cb20481316a6a1babbaac75f84ec34e133c --- .werks/6568 | 11 +++++++++++ cmk/gui/wato/__init__.py | 4 ++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.werks/6568 b/.werks/6568 new file mode 100644 index 0000000..c0866d4 --- /dev/null +++ b/.werks/6568 @@ -0,0 +1,11 @@ +Title: Fixed possible XSS on custom icon management page +Level: 1 +Component: wato +Compatible: compat +Edition: cre +Version: 1.6.0i1 +Date: 1536862847 +Class: security + +Using icons with specific names it was possible to trigger an XSS +on the icon administration page which only affected admin users. diff --git a/cmk/gui/wato/__init__.py b/cmk/gui/wato/__init__.py index 5608a27..86b72d0 100644 --- a/cmk/gui/wato/__init__.py +++ b/cmk/gui/wato/__init__.py @@ -14128,8 +14128,8 @@ class ModeIcons(WatoMode): html.icon_button(delete_url, _("Delete this Icon"), "delete") table.cell(_("Icon"), html.render_icon(icon_name), css="buttons") - table.cell(_("Name"), icon_name) - table.cell(_("Category"), IconSelector.category_alias(category_name)) + table.text_cell(_("Name"), icon_name) + table.text_cell(_("Category"), IconSelector.category_alias(category_name)) table.end()

6 years

6609 SEC Fixed possible XSS on SNMP MIB upload page

by Lars Michelsen

Module: check_mk Branch: master Commit: 5d1f0af0d26a40eb4243caaa390e11b6475590c8 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5d1f0af0d26a40… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Sep 13 20:25:12 2018 +0200 6609 SEC Fixed possible XSS on SNMP MIB upload page Using MIB files with specific names it was possible to trigger an XSS on the MIB file administration page which only affected admin users. Change-Id: I04b606cdb25eeeda17afe13ca3c05a354570435c --- .werks/6609 | 11 +++++++++++ cmk/gui/wato/mkeventd.py | 8 ++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/.werks/6609 b/.werks/6609 new file mode 100644 index 0000000..f507293 --- /dev/null +++ b/.werks/6609 @@ -0,0 +1,11 @@ +Title: Fixed possible XSS on SNMP MIB upload page +Level: 1 +Component: wato +Compatible: compat +Edition: cre +Version: 1.6.0i1 +Date: 1536863066 +Class: security + +Using MIB files with specific names it was possible to trigger an XSS +on the MIB file administration page which only affected admin users. diff --git a/cmk/gui/wato/mkeventd.py b/cmk/gui/wato/mkeventd.py index 84ff85d..c53de79 100644 --- a/cmk/gui/wato/mkeventd.py +++ b/cmk/gui/wato/mkeventd.py @@ -2543,10 +2543,10 @@ class ModeEventConsoleMIBs(EventConsoleMode): delete_url = make_action_link([("mode", "mkeventd_mibs"), ("_delete", filename)]) html.icon_button(delete_url, _("Delete this MIB"), "delete") - table.cell(_("Filename"), filename) - table.cell(_("MIB"), mib.get("name", "")) - table.cell(_("Organization"), mib.get("organization", "")) - table.cell(_("Size"), cmk.render.bytes(mib.get("size", 0)), css="number") + table.text_cell(_("Filename"), filename) + table.text_cell(_("MIB"), mib.get("name", "")) + table.text_cell(_("Organization"), mib.get("organization", "")) + table.text_cell(_("Size"), cmk.render.bytes(mib.get("size", 0)), css="number") table.end()

6 years

6567 SEC Fixed possible XSS on activate changes page

by Lars Michelsen

Module: check_mk Branch: master Commit: cbaf3a1aa7ed272351f3c608ac79dedf20fbea6e URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=cbaf3a1aa7ed27… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Sep 13 20:08:41 2018 +0200 6567 SEC Fixed possible XSS on activate changes page It was possible to trigger an XSS issue using the change messages in some situations. Change-Id: Iea724f0c3164c5685eb0564fc6d2143094507e43 --- .werks/6567 | 11 +++++++++++ cmk/gui/watolib.py | 6 ++++++ 2 files changed, 17 insertions(+) diff --git a/.werks/6567 b/.werks/6567 new file mode 100644 index 0000000..d89e952 --- /dev/null +++ b/.werks/6567 @@ -0,0 +1,11 @@ +Title: Fixed possible XSS on activate changes page +Level: 1 +Component: wato +Compatible: compat +Edition: cre +Version: 1.6.0i1 +Date: 1536862088 +Class: security + +It was possible to trigger an XSS issue using the change messages +in some situations. diff --git a/cmk/gui/watolib.py b/cmk/gui/watolib.py index 9022916..b91d36d 100644 --- a/cmk/gui/watolib.py +++ b/cmk/gui/watolib.py @@ -5152,6 +5152,12 @@ class ActivateChangesWriter(ActivateChanges): else: return obj.__class__.__name__, obj.ident() + # Using attrencode here is against our regular rule to do the escaping + # at the last possible time: When rendering. But this here is the last + # place where we can distinguish between HTML() encapsulated (already) + # escaped / allowed HTML and strings to be escaped. + text = html.attrencode(text) + self._save_change(site_id, { "id" : change_id, "action_name" : action_name,

6 years

6612 SEC Fixed possible reflected XSS using back URLs in view editor

by Lars Michelsen

Module: check_mk Branch: master Commit: 5fe3b85224edaf8e1fbe80081976ff3125335aaf URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5fe3b85224edaf… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri Sep 14 08:32:08 2018 +0200 6612 SEC Fixed possible reflected XSS using back URLs in view editor The parameter back of the following requests is vulnerable to reflected XSS. This vulnerability affects the create/modify view page and requires at least guest privileges. The victim has to click on the back button to trigger the injected code. Change-Id: I56d31e7e884cab576096496ab3676361e653d10d --- .werks/6612 | 13 +++++++++++++ cmk/gui/main.py | 36 ++++++++++++------------------------ cmk/gui/utils.py | 21 +++++++++++++++++++++ cmk/gui/views.py | 2 ++ cmk/gui/visuals.py | 6 ++++++ 5 files changed, 54 insertions(+), 24 deletions(-) diff --git a/.werks/6612 b/.werks/6612 new file mode 100644 index 0000000..2d536b2 --- /dev/null +++ b/.werks/6612 @@ -0,0 +1,13 @@ +Title: Fixed possible reflected XSS using back URLs in view editor +Level: 1 +Component: multisite +Compatible: compat +Edition: cre +Version: 1.6.0i1 +Date: 1536906650 +Class: security + +The parameter back of the following requests is vulnerable to reflected XSS. +This vulnerability affects the create/modify view page and requires at least +guest privileges. The victim has to click on the back button to trigger the +injected code. diff --git a/cmk/gui/main.py b/cmk/gui/main.py index 08a3b3d..341c5db 100644 --- a/cmk/gui/main.py +++ b/cmk/gui/main.py @@ -24,36 +24,14 @@ # to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, # Boston, MA 02110-1301 USA. -import urlparse -import re - import cmk.gui.pages import cmk.gui.config as config +import cmk.gui.utils as utils from cmk.gui.i18n import _ from cmk.gui.globals import html @cmk.gui.pages.register("index") def page_index(): - default_start_url = config.user.get_attribute("start_url") or config.start_url - start_url = html.var_utf8("start_url", default_start_url).strip() - - # Prevent redirecting to absolute URL which could be used to redirect - # users to compromised pages. - # Also prevent using of "javascript:" URLs which could used to inject code - parsed = urlparse.urlparse(start_url) - - # Don't allow the user to set a URL scheme - if parsed.scheme != "": - start_url = default_start_url - - # Don't allow the user to set a network location - if parsed.netloc != "": - start_url = default_start_url - - # Don't allow bad characters in path - if not re.match(r"[/a-z0-9_\.-]*$", parsed.path): - start_url = default_start_url - html.write('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">\n' '<html><head>\n') html.default_html_headers() @@ -64,4 +42,14 @@ def page_index(): <frame src="%s" name="main" noresize> </frameset> </html> -""" % (html.attrencode(config.get_page_heading()), html.attrencode(start_url))) +""" % (html.attrencode(config.get_page_heading()), html.attrencode(_get_start_url()))) + + +def _get_start_url(): + start_url = html.var_utf8("start_url", config.user.get_attribute("start_url") or config.start_url).strip() + # Prevent redirecting to absolute URL which could be used to redirect + # users to compromised pages. + if utils.is_allowed_url(start_url): + return start_url + else: + return "dashboard.py" diff --git a/cmk/gui/utils.py b/cmk/gui/utils.py index c67c4a3..fc29cc3 100644 --- a/cmk/gui/utils.py +++ b/cmk/gui/utils.py @@ -33,6 +33,7 @@ import os import re import uuid import marshal +import urlparse import cmk.paths @@ -86,6 +87,26 @@ def cmp_version(a, b): return cmp(aa, bb) +def is_allowed_url(url): + """Checks whether or not the given URL is a URL it is allowed to redirect the user to""" + # Also prevent using of "javascript:" URLs which could used to inject code + parsed = urlparse.urlparse(url) + + # Don't allow the user to set a URL scheme + if parsed.scheme != "": + return False + + # Don't allow the user to set a network location + if parsed.netloc != "": + return False + + # Don't allow bad characters in path + if not re.match(r"[/a-z0-9_\.-]*$", parsed.path): + return False + + return True + + # TODO: Remove this helper function. Replace with explicit checks and covnersion # in using code. def savefloat(f): diff --git a/cmk/gui/views.py b/cmk/gui/views.py index 28a8b45..535115a 100644 --- a/cmk/gui/views.py +++ b/cmk/gui/views.py @@ -310,6 +310,8 @@ def page_create_view(next_url = None): html.header(_('Create View'), stylesheets=["pages"]) html.begin_context_buttons() back_url = html.var("back", "") + if not utils.is_allowed_url(back_url): + back_url = "edit_views.py" html.context_button(_("Back"), back_url or "edit_views.py", "back") html.end_context_buttons() diff --git a/cmk/gui/visuals.py b/cmk/gui/visuals.py index ce1688a..d19a6d2 100644 --- a/cmk/gui/visuals.py +++ b/cmk/gui/visuals.py @@ -540,6 +540,8 @@ def page_create_visual(what, info_keys, next_url = None): html.header(_('Create %s') % title, stylesheets=["pages"]) html.begin_context_buttons() back_url = html.var("back", "") + if not utils.is_allowed_url(back_url): + back_url = "edit_%s.py" % what html.context_button(_("Back"), back_url or "edit_%s.py" % what, "back") html.end_context_buttons() @@ -735,6 +737,8 @@ def page_edit_visual(what, all_visuals, custom_field_handler = None, html.header(title, stylesheets=["pages", "views", "status", "bi"]) html.begin_context_buttons() back_url = html.var("back", "") + if not utils.is_allowed_url(back_url): + back_url = "edit_%s.py" % what html.context_button(_("Back"), back_url or "edit_%s.py" % what, "back") # Extra buttons to sub modules. These are used for things to edit about @@ -856,6 +860,8 @@ def page_edit_visual(what, all_visuals, custom_field_handler = None, back = html.var('back') if not back: back = 'edit_%s.py' % what + if not utils.is_allowed_url(back): + back = 'edit_%s.py' % what if html.check_transaction(): all_visuals[(owner_user_id, visual["name"])] = visual

6 years

← Newer
1
...
16
17
18
19
20
21
22
...
38
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits September 2018