Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: c16fc5d467329db2d73aeb8d9eb11d36eeaa6fc7
https://github.com/tribe29/checkmk/commit/c16fc5d467329db2d73aeb8d9eb11d36e…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-11-10 (Wed, 10 Nov 2021)
Changed paths:
A .werks/13314
M cmk/gui/watolib/automations.py
M tests/unit/cmk/gui/watolib/test_config_sync.py
Log Message:
-----------
13314 SEC Distributed monitoring: Do not log site secret on remote site
This issue only affects you in case you are using a distributed monitoring setup
and only affects the remote sites of a distributed setup.
When the central site is communicating with a remote site, this access from the
central site to a remote system is authenticated used the so called site
secret. This secret is handed over to the remote site with each remote call and
validated.
Previous Checkmk versions were sending the site secret via GET parameters to
the remote site. Which made the secret visible in the access log of the remote
site apache (var/log/apache/access_log).
As these log files are normally only readable by the site user and the site
secret is also known by the site user, this alone is not a information
disclosure.
Of course it might happen that you forward a log, e.g. for error diagnosis,
then this issue might be a real problem.
Therefore, we recommend all users to update to the next version to eliminate
the problem for the future. Afterwards we recommend to check the log files
(var/log/apache/access_log and var/log/apache/access_log.*.gz) and to remove
problematic log entries. If your logs could be viewed by non Checkmk admins,
you should also change the site secret.
If you change the site secret of a remote site, you will have to navigate to
"Setup > Distributed monitoring", then "Logout" the remote site and "Login" the
site again to make the central site know the new site secret.
CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
(https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/…)
Change-Id: Ie4b0c7047b81ee3db35e10b44acf276a772896ae
Branch: refs/heads/1.6.0
Home: https://github.com/tribe29/checkmk
Commit: 78da4483a35abe12b50cf2de1d1e3075cfe2b9b1
https://github.com/tribe29/checkmk/commit/78da4483a35abe12b50cf2de1d1e3075c…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-11-10 (Wed, 10 Nov 2021)
Changed paths:
A .werks/13314
M cmk/gui/watolib/automations.py
Log Message:
-----------
13314 SEC Distributed monitoring: Do not log site secret on remote site
This issue only affects you in case you are using a distributed monitoring setup
and only affects the remote sites of a distributed setup.
When the central site is communicating with a remote site, this access from the
central site to a remote system is authenticated used the so called site
secret. This secret is handed over to the remote site with each remote call and
validated.
Previous Checkmk versions were sending the site secret via GET parameters to
the remote site. Which made the secret visible in the access log of the remote
site apache (var/log/apache/access_log).
As these log files are normally only readable by the site user and the site
secret is also known by the site user, this alone is not a information
disclosure.
Of course it might happen that you forward a log, e.g. for error diagnosis,
then this issue might be a real problem.
Therefore, we recommend all users to update to the next version to eliminate
the problem for the future. Afterwards we recommend to check the log files
(var/log/apache/access_log and var/log/apache/access_log.*.gz) and to remove
problematic log entries. If your logs could be viewed by non Checkmk admins,
you should also change the site secret.
If you change the site secret of a remote site, you will have to navigate to
"Setup > Distributed monitoring", then "Logout" the remote site and "Login" the
site again to make the central site know the new site secret.
CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
(https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/…)
Change-Id: Ie4b0c7047b81ee3db35e10b44acf276a772896ae
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 42756d8471e766ac87206a975b2dcf650668891a
https://github.com/tribe29/checkmk/commit/42756d8471e766ac87206a975b2dcf650…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-11-10 (Wed, 10 Nov 2021)
Changed paths:
A .werks/13314
M cmk/gui/watolib/automations.py
M tests/unit/cmk/gui/watolib/test_config_sync.py
Log Message:
-----------
13314 SEC Distributed monitoring: Do not log site secret on remote site
This issue only affects you in case you are using a distributed monitoring setup
and only affects the remote sites of a distributed setup.
When the central site is communicating with a remote site, this access from the
central site to a remote system is authenticated used the so called site
secret. This secret is handed over to the remote site with each remote call and
validated.
Previous Checkmk versions were sending the site secret via GET parameters to
the remote site. Which made the secret visible in the access log of the remote
site apache (var/log/apache/access_log).
As these log files are normally only readable by the site user and the site
secret is also known by the site user, this alone is not a information
disclosure.
Of course it might happen that you forward a log, e.g. for error diagnosis,
then this issue might be a real problem.
Therefore, we recommend all users to update to the next version to eliminate
the problem for the future. Afterwards we recommend to check the log files
(var/log/apache/access_log and var/log/apache/access_log.*.gz) and to remove
problematic log entries. If your logs could be viewed by non Checkmk admins,
you should also change the site secret.
If you change the site secret of a remote site, you will have to navigate to
"Setup > Distributed monitoring", then "Logout" the remote site and "Login" the
site again to make the central site know the new site secret.
CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
(https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/…)
Change-Id: Ie4b0c7047b81ee3db35e10b44acf276a772896ae
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 966f7005d578d0efe5a75ac51d685bbf4fc838e5
https://github.com/tribe29/checkmk/commit/966f7005d578d0efe5a75ac51d685bbf4…
Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com>
Date: 2021-11-09 (Tue, 09 Nov 2021)
Changed paths:
A .werks/13472
M cmk/gui/plugins/wato/check_parameters/raid_summary.py
Log Message:
-----------
13472 FIX fjdarye500_disks_summary: "Transform failed" during cmk-update-config
For services of the plugin <i>fjdarye500_disks_summary</i> the tool
<i>cmk-update-config</i> reported "Transform failed".
This is fixed now.
Change-Id: I06ed762c8d5148f461144a699a179d06d048fbd5
Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: 213589785eeecab24df7d00bc5ea7ef148e33398
https://github.com/tribe29/checkmk/commit/213589785eeecab24df7d00bc5ea7ef14…
Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com>
Date: 2021-11-09 (Tue, 09 Nov 2021)
Changed paths:
A .werks/13470
M cmk/base/plugins/agent_based/local.py
Log Message:
-----------
13470 FIX "Item not found" for cached local checks on clusters
Change-Id: I22cc5fa87bc410d075fa9c033b22660527aa0a9f
Commit: ec385b1b5260ab4a405510bf90d8a05074786bc2
https://github.com/tribe29/checkmk/commit/ec385b1b5260ab4a405510bf90d8a0507…
Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com>
Date: 2021-11-10 (Wed, 10 Nov 2021)
Changed paths:
A .werks/13472
M cmk/gui/plugins/wato/check_parameters/raid_summary.py
Log Message:
-----------
13472 FIX fjdarye500_disks_summary: "Transform failed" during cmk-update-config
For services of the plugin <i>fjdarye500_disks_summary</i> the tool
<i>cmk-update-config</i> reported "Transform failed".
This is fixed now.
Change-Id: I2c2b5e536726784edb6154efaa7c7355669d2c13
Compare: https://github.com/tribe29/checkmk/compare/0f6a8e3cea1c...ec385b1b5260
Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: 0f6a8e3cea1c0951debd297f01b3ecc777a4bef8
https://github.com/tribe29/checkmk/commit/0f6a8e3cea1c0951debd297f01b3ecc77…
Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com>
Date: 2021-11-09 (Tue, 09 Nov 2021)
Changed paths:
A .werks/13469
M checks/cisco_ucs_hdd
M cmk/base/check_legacy_includes/cisco_ucs.py
Log Message:
-----------
13469 FIX cisco_ucs_hdd: hot spares are OK to be inoperable
Change-Id: I575d06b65b7982a2559f08665d1142536ab649eb
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 88626e34648cb0c1e3e63767ba7aa6285fcbfbfe
https://github.com/tribe29/checkmk/commit/88626e34648cb0c1e3e63767ba7aa6285…
Author: Weblate Transfer job <weblate(a)checkmk.com>
Date: 2021-11-09 (Tue, 09 Nov 2021)
Changed paths:
M locale/de/LC_MESSAGES/multisite.po
M locale/es/LC_MESSAGES/multisite.po
M locale/fr/LC_MESSAGES/multisite.po
M locale/it/LC_MESSAGES/multisite.po
M locale/ja/LC_MESSAGES/multisite.po
M locale/nl/LC_MESSAGES/multisite.po
M locale/pt_PT/LC_MESSAGES/multisite.po
M locale/ro/LC_MESSAGES/multisite.po
Log Message:
-----------
[Weblate] Updated translation files
Translation: checkmk/software
Translate-URL: https://translate.checkmk.com/projects/checkmk/software/