Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: dcb79341b1ed8b7ed8bc761a3ccb0c4a23bd126e
https://github.com/tribe29/checkmk/commit/dcb79341b1ed8b7ed8bc761a3ccb0c4a2…
Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com>
Date: 2022-12-14 (Wed, 14 Dec 2022)
Changed paths:
M cmk/base/packaging.py
M cmk/utils/diagnostics.py
M cmk/utils/packaging/__init__.py
M tests/unit/cmk/base/test_diagnostics.py
M tests/unit/cmk/utils/packaging/test_packaging.py
Log Message:
-----------
extensively use package id
Change-Id: Ic56c9d35ec4a396b492f2f5fd326ed51d74dee9a
Commit: fc561aeeeb67dc02528569b43bff0439fe895dd1
https://github.com/tribe29/checkmk/commit/fc561aeeeb67dc02528569b43bff0439f…
Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com>
Date: 2022-12-14 (Wed, 14 Dec 2022)
Changed paths:
M cmk/utils/packaging/__init__.py
Log Message:
-----------
add get_package_path to PackageStore
Change-Id: I80410098bcf3ddc0a58d90f3f186acae0c62f25d
Commit: f375f5f3d719f5fb42ee33342a02266e6b6fe7ba
https://github.com/tribe29/checkmk/commit/f375f5f3d719f5fb42ee33342a02266e6…
Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com>
Date: 2022-12-14 (Wed, 14 Dec 2022)
Changed paths:
M cmk/base/packaging.py
M cmk/utils/diagnostics.py
M cmk/utils/packaging/__init__.py
M tests/unit/cmk/utils/packaging/test_packaging.py
Log Message:
-----------
remove one indirection
Change-Id: Iabf3222c8091b1aaead16a344c250aeea3b68fc6
Commit: 9dc416ab6c8696546942d9472c1dc252bf59259d
https://github.com/tribe29/checkmk/commit/9dc416ab6c8696546942d9472c1dc252b…
Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com>
Date: 2022-12-14 (Wed, 14 Dec 2022)
Changed paths:
M cmk/base/packaging.py
M cmk/utils/diagnostics.py
M cmk/utils/packaging/__init__.py
A cmk/utils/packaging/_manifest.py
R cmk/utils/packaging/_package.py
M tests/unit/cmk/base/test_diagnostics.py
M tests/unit/cmk/utils/packaging/test_packaging.py
Log Message:
-----------
Rename PackageInfo -> Manifest
This is the word that the rest of the world uses.
Change-Id: I6113e919a437fc1a271342eceb38836ece7112e7
Compare: https://github.com/tribe29/checkmk/compare/4895495736d9...9dc416ab6c86
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 4895495736d9da1a7e22b9e9d7aa3291c7e3eef6
https://github.com/tribe29/checkmk/commit/4895495736d9da1a7e22b9e9d7aa3291c…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-12-14 (Wed, 14 Dec 2022)
Changed paths:
A .werks/14924
M cmk/gui/visuals.py
Log Message:
-----------
14924 SEC Fix CSRF in add-visual endpoint
Previously to this Werk an attacker could utilize a cross site request forgery vulnerability in Checkmk to add elements to visuals (e.g. dashboards, reports, etc.).
<b>Mitigations:</b>
If you are unable to update in a timely manner you could remove the permission <tt>Customize dashboards and use them</tt> and <tt>Customize reports and use them</tt> from the used roles. So the users and admins cannot edit dashboards and reports anymore.
Adding a <tt>Custom url</tt> with a malicious URL is blocked by the Content-Security-Policy.
All versions of Checkmk including (1.6) are subject to this vulnerability.
This vulnerability was found through a self commissioned Penetration test.
We have rated the issue with a CVSS Score of 4.6 (Medium) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L</tt> A CVE has been requested.
CMK-11705
Change-Id: If71e0347339eb5bcb590b749476aab7939e0710e
Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: 6f14b34db40105e76752c8583c1128dc9d213d94
https://github.com/tribe29/checkmk/commit/6f14b34db40105e76752c8583c1128dc9…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-12-14 (Wed, 14 Dec 2022)
Changed paths:
A .werks/14924
M cmk/gui/visuals.py
Log Message:
-----------
14924 SEC Fix CSRF in add-visual endpoint
Previously to this Werk an attacker could utilize a cross site request forgery vulnerability in Checkmk to add elements to visuals (e.g. dashboards, reports, etc.).
<b>Mitigations:</b>
If you are unable to update in a timely manner you could remove the permission <tt>Customize dashboards and use them</tt> and <tt>Customize reports and use them</tt> from the used roles. So the users and admins cannot edit dashboards and reports anymore.
Adding a <tt>Custom url</tt> with a malicious URL is blocked by the Content-Security-Policy.
All versions of Checkmk including (1.6) are subject to this vulnerability.
This vulnerability was found through a self commissioned Penetration test.
We have rated the issue with a CVSS Score of 4.6 (Medium) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L</tt> A CVE has been requested.
CMK-11705
Change-Id: If71e0347339eb5bcb590b749476aab7939e0710e
Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: d2b1a66866b6d320fdae51a0609425ba609530e7
https://github.com/tribe29/checkmk/commit/d2b1a66866b6d320fdae51a0609425ba6…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-12-14 (Wed, 14 Dec 2022)
Changed paths:
A .werks/14924
M cmk/gui/visuals.py
Log Message:
-----------
14924 SEC Fix CSRF in add-visual endpoint
Previously to this Werk an attacker could utilize a cross site request forgery vulnerability in Checkmk to add elements to visuals (e.g. dashboards, reports, etc.).
<b>Mitigations:</b>
If you are unable to update in a timely manner you could remove the permission <tt>Customize dashboards and use them</tt> and <tt>Customize reports and use them</tt> from the used roles. So the users and admins cannot edit dashboards and reports anymore.
Adding a <tt>Custom url</tt> with a malicious URL is blocked by the Content-Security-Policy.
All versions of Checkmk including (1.6) are subject to this vulnerability.
This vulnerability was found through a self commissioned Penetration test.
We have rated the issue with a CVSS Score of 4.6 (Medium) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L</tt> A CVE has been requested.
CMK-11705
Change-Id: If71e0347339eb5bcb590b749476aab7939e0710e
Commit: 94944aa916fb91bb8045673ec815b34d41bb6cd1
https://github.com/tribe29/checkmk/commit/94944aa916fb91bb8045673ec815b34d4…
Author: Checkmk release system <feedback(a)checkmk.com>
Date: 2022-12-14 (Wed, 14 Dec 2022)
Changed paths:
M agents/check_mk_agent.aix
M agents/check_mk_agent.freebsd
M agents/check_mk_agent.hpux
M agents/check_mk_agent.linux
M agents/check_mk_agent.macosx
M agents/check_mk_agent.netbsd
M agents/check_mk_agent.openbsd
M agents/check_mk_agent.openvms
M agents/check_mk_agent.openwrt
M agents/check_mk_agent.solaris
M agents/cmk-agent-ctl/src/constants.rs
M agents/plugins/apache_status.py
M agents/plugins/asmcmd.sh
M agents/plugins/db2_mem
M agents/plugins/dnsclient
M agents/plugins/hpux_lunstats
M agents/plugins/hpux_statgrab
M agents/plugins/ibm_mq
M agents/plugins/isc_dhcpd.py
M agents/plugins/jar_signature
M agents/plugins/kaspersky_av
M agents/plugins/lnx_container_host_if.linux
M agents/plugins/lnx_quota
M agents/plugins/lvm
M agents/plugins/mailman_lists
M agents/plugins/mk_apt
M agents/plugins/mk_ceph
M agents/plugins/mk_cups_queues
M agents/plugins/mk_db2.aix
M agents/plugins/mk_db2.linux
M agents/plugins/mk_docker.py
M agents/plugins/mk_errpt.aix
M agents/plugins/mk_filehandler
M agents/plugins/mk_filestats.py
M agents/plugins/mk_haproxy.freebsd
M agents/plugins/mk_informix
M agents/plugins/mk_inotify.py
M agents/plugins/mk_inventory.aix
M agents/plugins/mk_inventory.linux
M agents/plugins/mk_inventory.solaris
M agents/plugins/mk_iptables
M agents/plugins/mk_jolokia.py
M agents/plugins/mk_logins
M agents/plugins/mk_logwatch.py
M agents/plugins/mk_mongodb.py
M agents/plugins/mk_mysql
M agents/plugins/mk_nfsiostat
M agents/plugins/mk_omreport
M agents/plugins/mk_oracle
M agents/plugins/mk_oracle_crs
M agents/plugins/mk_postgres.py
M agents/plugins/mk_redis
M agents/plugins/mk_sap.aix
M agents/plugins/mk_sap.py
M agents/plugins/mk_sap_hana
M agents/plugins/mk_saprouter
M agents/plugins/mk_scaleio
M agents/plugins/mk_site_object_counts
M agents/plugins/mk_sshd_config
M agents/plugins/mk_suseconnect
M agents/plugins/mk_tinkerforge.py
M agents/plugins/mk_tsm
M agents/plugins/mk_zypper
M agents/plugins/mtr.py
M agents/plugins/netstat.aix
M agents/plugins/netstat.linux
M agents/plugins/netstat.solaris
M agents/plugins/nfsexports
M agents/plugins/nfsexports.solaris
M agents/plugins/nginx_status.py
M agents/plugins/plesk_backups.py
M agents/plugins/plesk_domains.py
M agents/plugins/runas
M agents/plugins/smart
M agents/plugins/symantec_av
M agents/plugins/unitrends_backup
M agents/plugins/unitrends_replication.py
M agents/plugins/vxvm
M agents/plugins/websphere_mq
M agents/plugins/zorp
M agents/windows/plugins/ad_replication.bat
M agents/windows/plugins/arcserve_backup.ps1
M agents/windows/plugins/citrix_farm.ps1
M agents/windows/plugins/citrix_licenses.vbs
M agents/windows/plugins/citrix_xenapp.ps1
M agents/windows/plugins/hyperv_vms.ps1
M agents/windows/plugins/hyperv_vms_guestinfos.ps1
M agents/windows/plugins/iis_app_pool_state.ps1
M agents/windows/plugins/kaspersky_av_client.vbs
M agents/windows/plugins/mcafee_av_client.bat
M agents/windows/plugins/megaraid.bat
M agents/windows/plugins/mk_dhcp_enabled.bat
M agents/windows/plugins/mk_inventory.vbs
M agents/windows/plugins/mk_msoffice.ps1
M agents/windows/plugins/mk_mysql.vbs
M agents/windows/plugins/mk_oracle.ps1
M agents/windows/plugins/msexch_dag.ps1
M agents/windows/plugins/msexch_database.ps1
M agents/windows/plugins/mssql.vbs
M agents/windows/plugins/netstat_an.bat
M agents/windows/plugins/rds_licenses.vbs
M agents/windows/plugins/rstcli.bat
M agents/windows/plugins/sansymphony.ps1
M agents/windows/plugins/storcli.bat
M agents/windows/plugins/tsm_checks.bat
M agents/windows/plugins/veeam_backup_status.ps1
M agents/windows/plugins/win_dhcp_pools.bat
M agents/windows/plugins/win_dmidecode.bat
M agents/windows/plugins/win_license.bat
M agents/windows/plugins/win_printers.ps1
M agents/windows/plugins/windows_broadcom_bonding.bat
M agents/windows/plugins/windows_if.ps1
M agents/windows/plugins/windows_intel_bonding.bat
M agents/windows/plugins/windows_multipath.vbs
M agents/windows/plugins/windows_os_bonding.ps1
M agents/windows/plugins/windows_tasks.ps1
M agents/windows/plugins/windows_updates.vbs
M agents/windows/plugins/wmic_if.bat
M agents/wnx/src/common/wnx_version.h
M bin/livedump
M bin/mkbackup
M bin/mkbench
M cmk/utils/version.py
M configure.ac
M defines.make
M docker/Dockerfile
Log Message:
-----------
Set version to 2.1.0p19
Compare: https://github.com/tribe29/checkmk/compare/176d2e22f9cd...94944aa916fb
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: e32f4fe5a2034f41e5fb976e1e6b5e9ff5f02b1a
https://github.com/tribe29/checkmk/commit/e32f4fe5a2034f41e5fb976e1e6b5e9ff…
Author: Mathias Laurin <mathias.laurin(a)tribe29.com>
Date: 2022-12-14 (Wed, 14 Dec 2022)
Changed paths:
M cmk/base/config.py
M cmk/base/core_config.py
M cmk/base/dump_host.py
M cmk/base/plugins/agent_based/checkmk_agent.py
M cmk/base/sources.py
M tests/unit/cmk/base/test_config.py
M tests/unit/cmk/snmplib/test_snmplib_snmp_table.py
Log Message:
-----------
Move more simple attrs from HostConfig to ConfigCache
CMK-11862
Change-Id: Id945f6c2277c5d886c278c5c3eabb9099ab6d15c
Commit: 48b3281b7a4d4c4ac554404f5123a3fd3adaacac
https://github.com/tribe29/checkmk/commit/48b3281b7a4d4c4ac554404f5123a3fd3…
Author: Mathias Laurin <mathias.laurin(a)tribe29.com>
Date: 2022-12-14 (Wed, 14 Dec 2022)
Changed paths:
M cmk/base/config.py
M cmk/base/dump_host.py
Log Message:
-----------
Move agent_description "config" to dump_host
These are ad-hoc strings and have a single caller -> move to caller.
CMK-11862
Change-Id: I0e19a567e548313d92f326e1f8693fdd1d4d767f
Commit: a5c3937b6b9d82c4e0a6b2ff3807e81379b634d1
https://github.com/tribe29/checkmk/commit/a5c3937b6b9d82c4e0a6b2ff3807e8137…
Author: Mathias Laurin <mathias.laurin(a)tribe29.com>
Date: 2022-12-14 (Wed, 14 Dec 2022)
Changed paths:
M cmk/base/automations/check_mk.py
M cmk/base/check_api.py
M cmk/base/config.py
M cmk/base/core_config.py
M cmk/base/dump_host.py
M cmk/base/export.py
M cmk/base/modes/__init__.py
M cmk/base/modes/check_mk.py
M cmk/base/sources.py
M tests/unit/cmk/base/test_config.py
Log Message:
-----------
Move tags & labels attrs to ConfigCache
CMK-11862
Change-Id: Ibcd55a47a027276b6ed359a36e848f3b9754bcf9
Commit: 5305922be424756f9757fee8ef9265967a9d42a2
https://github.com/tribe29/checkmk/commit/5305922be424756f9757fee8ef9265967…
Author: Mathias Laurin <mathias.laurin(a)tribe29.com>
Date: 2022-12-14 (Wed, 14 Dec 2022)
Changed paths:
M cmk/base/config.py
M cmk/base/core_nagios.py
M cmk/base/notify.py
M tests/unit/cmk/base/test_config.py
Log Message:
-----------
Move last two attrs from HostConfig
CMK-11862
Change-Id: If538589a3e4fbc0c01729f042623009bf771482e
Compare: https://github.com/tribe29/checkmk/compare/0e05e09eae67...5305922be424
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 0e05e09eae675fd38e2926a53bb959bb3cbb2720
https://github.com/tribe29/checkmk/commit/0e05e09eae675fd38e2926a53bb959bb3…
Author: Simon Jess <simon.jess(a)tribe29.com>
Date: 2022-12-14 (Wed, 14 Dec 2022)
Changed paths:
M cmk/utils/licensing/__init__.py
M tests/unit/cmk/utils/test_utils_licensing.py
Log Message:
-----------
licensing: Online verification: Use real data #1
Change-Id: I163b90d7abeeda76e54746be3f980f8b4d9fb601