Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: d25a5c4c5316e34efd5ec942c69edb8fe872f4d8
https://github.com/tribe29/checkmk/commit/d25a5c4c5316e34efd5ec942c69edb8fe…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-12-15 (Thu, 15 Dec 2022)
Changed paths:
R cmk/gui/dashboard/dashlet/dashlets/builtin.py
R cmk/gui/dashboard/dashlet/dashlets/custom_url.py
R cmk/gui/dashboard/dashlet/dashlets/failed_notifications.py
R cmk/gui/dashboard/dashlet/dashlets/graph.py
R cmk/gui/dashboard/dashlet/dashlets/logo.py
R cmk/gui/dashboard/dashlet/dashlets/overview.py
R cmk/gui/dashboard/dashlet/dashlets/snapin.py
R cmk/gui/dashboard/dashlet/dashlets/stats.py
R cmk/gui/dashboard/dashlet/dashlets/user_messages.py
M cmk/gui/dashboard/dashlet/dashlets/view.py
A cmk/gui/plugins/dashboard/builtin.py
A cmk/gui/plugins/dashboard/custom_url.py
A cmk/gui/plugins/dashboard/failed_notifications.py
A cmk/gui/plugins/dashboard/graph.py
A cmk/gui/plugins/dashboard/logo.py
A cmk/gui/plugins/dashboard/overview.py
A cmk/gui/plugins/dashboard/snapin.py
A cmk/gui/plugins/dashboard/stats.py
A cmk/gui/plugins/dashboard/user_messages.py
A cmk/gui/plugins/dashboard/view.py
Log Message:
-----------
Revert "Move builtin dashlets from plugins"
This reverts commit 11b074b1655641c06b7e93d0a09a8f7d25ab1d5b.
Registrations need to be reworked to make this work.
Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: 73598381eda104ddbf81e013a16d750292b9f555
https://github.com/tribe29/checkmk/commit/73598381eda104ddbf81e013a16d75029…
Author: Kenneth Okoh <kenneth.okoh(a)tribe29.com>
Date: 2022-12-15 (Thu, 15 Dec 2022)
Changed paths:
A .werks/15072
M cmk/gui/plugins/views/inventory.py
Log Message:
-----------
15072 FIX Inventory history crash upon sorting
The view "Inventory history of host" could result in a crash due to the comparison of differently typed values.
This is now fixed and the inventory history is rendered as expected.
CMK-11749
Change-Id: I7a5cddea734e96b9e535b00bfd9dbecebd53b014
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 5e4666e02f898aebcb358728dca57a0361e8793b
https://github.com/tribe29/checkmk/commit/5e4666e02f898aebcb358728dca57a036…
Author: Konstantin Baikov <konstantin.baikov(a)tribe29.com>
Date: 2022-12-15 (Thu, 15 Dec 2022)
Changed paths:
M cmk/ec/main.py
M cmk/ec/query.py
M cmk/ec/settings.py
Log Message:
-----------
Chain exceptions with explicit cause and context
Change-Id: I42c2e11ba4b95b2cb80728cb413762d0ccdd797d
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 9920008627aa5591e8b676453ae1948083c542da
https://github.com/tribe29/checkmk/commit/9920008627aa5591e8b676453ae194808…
Author: Max Linke <max.linke(a)tribe29.com>
Date: 2022-12-15 (Thu, 15 Dec 2022)
Changed paths:
M cmk/base/plugins/agent_based/gcp_health.py
M cmk/gui/plugins/wato/special_agents/gcp.py
M tests/unit/cmk/base/plugins/agent_based/test_gcp_health.py
Log Message:
-----------
Update GCP health service
- fix naming in agent rule
- add Result when we apply filter to health check
Change-Id: I3a780656144f956e60e42bbf2404f437d0279068
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 98eb90c02501064d422ddea61fea0d0c49c87cbc
https://github.com/tribe29/checkmk/commit/98eb90c02501064d422ddea61fea0d0c4…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-12-15 (Thu, 15 Dec 2022)
Changed paths:
M tests/unit/cmk/gui/userdb/saml2/test_interface.py
Log Message:
-----------
SAML interface unit tests: resolve timestamp related flakiness
The pysaml2 client queries the current timestamp, leading to a sporadic
offset of a second when checking the validity window of the responses.
Change-Id: I1d87004d59eac13ecfab989b4cc6022c0a75d336
Commit: 9dd51567309a39f3653198f875e4eababa6f7893
https://github.com/tribe29/checkmk/commit/9dd51567309a39f3653198f875e4eabab…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-12-15 (Thu, 15 Dec 2022)
Changed paths:
M tests/unit/cmk/gui/userdb/saml2/test_interface.py
Log Message:
-----------
SAML interface: additional test case for validity window
Change-Id: I339b87d1d2b92b1c36e4323640a4c52fb7b037bf
Compare: https://github.com/tribe29/checkmk/compare/11b074b16556...9dd51567309a
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 744687fa7091666991a886a136364c3d78e059ce
https://github.com/tribe29/checkmk/commit/744687fa7091666991a886a136364c3d7…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-12-15 (Thu, 15 Dec 2022)
Changed paths:
M cmk/gui/dashboard/__init__.py
A cmk/gui/dashboard/breadcrumb.py
A cmk/gui/dashboard/builtin_dashboards.py
M cmk/gui/dashboard/dashlet/__init__.py
A cmk/gui/dashboard/dashlet/base.py
M cmk/gui/dashboard/dashlet/dashlets/__init__.py
A cmk/gui/dashboard/dashlet/dashlets/state_formatter.py
M cmk/gui/dashboard/dashlet/dashlets/static_text.py
A cmk/gui/dashboard/dashlet/dashlets/status_helpers.py
A cmk/gui/dashboard/dashlet/dashlets/view.py
A cmk/gui/dashboard/dashlet/figure_dashlet.py
A cmk/gui/dashboard/dashlet/registry.py
M cmk/gui/dashboard/page_create_view_dashlet.py
M cmk/gui/dashboard/page_edit_dashboard.py
M cmk/gui/dashboard/page_edit_dashboard_actions.py
M cmk/gui/dashboard/page_edit_dashboards.py
M cmk/gui/dashboard/page_edit_dashlet.py
M cmk/gui/dashboard/page_show_dashboard.py
M cmk/gui/dashboard/store.py
A cmk/gui/dashboard/title_macros.py
A cmk/gui/dashboard/type_defs.py
M cmk/gui/dashboard/visual_type.py
M cmk/gui/mkeventd/views.py
M cmk/gui/plugins/dashboard/builtin.py
M cmk/gui/plugins/dashboard/custom_url.py
M cmk/gui/plugins/dashboard/failed_notifications.py
M cmk/gui/plugins/dashboard/graph.py
M cmk/gui/plugins/dashboard/logo.py
M cmk/gui/plugins/dashboard/overview.py
M cmk/gui/plugins/dashboard/snapin.py
M cmk/gui/plugins/dashboard/stats.py
M cmk/gui/plugins/dashboard/user_messages.py
M cmk/gui/plugins/dashboard/utils.py
M cmk/gui/plugins/dashboard/view.py
M cmk/gui/plugins/main_modules/registration.py
M cmk/gui/plugins/sidebar/dashboards.py
M cmk/gui/plugins/sidebar/views.py
M cmk/gui/plugins/sidebar/wato.py
M cmk/gui/views/__init__.py
M cmk/gui/views/page_edit_view.py
A cmk/gui/views/view_choices.py
M cmk/gui/watolib/groups.py
M cmk/update_config/plugins/actions/cre_visuals.py
M tests/unit/cmk/gui/conftest.py
A tests/unit/cmk/gui/dashboard/dashlet/test_figure_dashlet.py
A tests/unit/cmk/gui/dashboard/test_title_macros.py
R tests/unit/cmk/gui/plugins/dashboard/test_dashboard_utils.py
M tests/unit/cmk/gui/test_dashboard.py
Log Message:
-----------
Resolve cmk.gui.plugins.dashboard.utils
Move the common code from utils to the cmk.gui.dashboard package.
Update all dashlets with temporary imports. After moving the dashlets to
their new location (cmk.gui.dashboard.dashlet.dashlets), we can then
simplify the imports a bit more.
Change-Id: I9e96d0cbe655e72cefea30a92b7e8331ad3c1b59
Commit: 12acca98449967a87377ecd69fce262f7d102537
https://github.com/tribe29/checkmk/commit/12acca98449967a87377ecd69fce262f7…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-12-15 (Thu, 15 Dec 2022)
Changed paths:
M cmk/gui/plugins/dashboard/view.py
M cmk/gui/views/page_edit_view.py
Log Message:
-----------
Remove dependency on view dashlet from generic view editing logic
Change-Id: Idb9eadcf81e04c0e7aa2f19be74a6129aca6d742
Commit: 11b074b1655641c06b7e93d0a09a8f7d25ab1d5b
https://github.com/tribe29/checkmk/commit/11b074b1655641c06b7e93d0a09a8f7d2…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-12-15 (Thu, 15 Dec 2022)
Changed paths:
A cmk/gui/dashboard/dashlet/dashlets/builtin.py
A cmk/gui/dashboard/dashlet/dashlets/custom_url.py
A cmk/gui/dashboard/dashlet/dashlets/failed_notifications.py
A cmk/gui/dashboard/dashlet/dashlets/graph.py
A cmk/gui/dashboard/dashlet/dashlets/logo.py
A cmk/gui/dashboard/dashlet/dashlets/overview.py
A cmk/gui/dashboard/dashlet/dashlets/snapin.py
A cmk/gui/dashboard/dashlet/dashlets/stats.py
A cmk/gui/dashboard/dashlet/dashlets/user_messages.py
M cmk/gui/dashboard/dashlet/dashlets/view.py
R cmk/gui/plugins/dashboard/builtin.py
R cmk/gui/plugins/dashboard/custom_url.py
R cmk/gui/plugins/dashboard/failed_notifications.py
R cmk/gui/plugins/dashboard/graph.py
R cmk/gui/plugins/dashboard/logo.py
R cmk/gui/plugins/dashboard/overview.py
R cmk/gui/plugins/dashboard/snapin.py
R cmk/gui/plugins/dashboard/stats.py
R cmk/gui/plugins/dashboard/user_messages.py
R cmk/gui/plugins/dashboard/view.py
Log Message:
-----------
Move builtin dashlets from plugins
Move the "plugins" to their new location.
Change-Id: Iab79062cfe53462dbf93d9b5d1b72c3f6c6a8113
Compare: https://github.com/tribe29/checkmk/compare/ac2ba9970eca...11b074b16556
Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: c61e1b4ff76ebf6ed8ade3ae12e5a233e9746eee
https://github.com/tribe29/checkmk/commit/c61e1b4ff76ebf6ed8ade3ae12e5a233e…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-12-15 (Thu, 15 Dec 2022)
Changed paths:
A .werks/15061
M cmk/gui/plugins/config/base.py
M cmk/gui/plugins/wato/check_mk_configuration.py
M cmk/gui/watolib/utils.py
M tests/unit/cmk/gui/watolib/test_watolib.py
Log Message:
-----------
15061 SEC Remove global rule wato_legacy_eval
With Werk #984 the serialization protocol in the communication of WATO (central to remote site) was changed from <tt>pickle</tt> to <tt>ast</tt>.
For legacy reasons a global config option was created to keep the unsafe pickle protocol.
These reasons resulted from Checkmk relying on system python versions, which was changed with Werk #7590, since then Checkmk brings its own Python.
If an administrator sets this rule <i>Use unsafe legacy encoding for distributed WATO</i> the data coming from other monitoring sites are deserialized with pickle.
So the wato automation user or a compromised site could send malicious data which leads to code execution.
Since Checkmk comes with Python versions which support the <tt>ast</tt> protocol the rule is now ignored and no pickle serialization takes place in this communication.
In Checkmk 2.1 this was removed with Werk #12284, unfortunately it was not backported to 2.0. This is now done.
To check if this setting was enabled in the past, you can check the <i>Audit log</i> for <tt>Changed global configuration variable wato_legacy_eval to on.</tt>.
We do not consider this a vulnerability, since the option works as intended. The risk is described in the Werk (#984) also the title of the setting contains "unsafe".
Therefore we assigned the following CVSS score to this: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N 0.0 (None).
This CVSS score is mostly meant for automatic scrapers.
CMK-11811
Change-Id: I7e0c4e51832af5916d2a636945e28aa70ef047b2