Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: a83fa6ef0cfa3e85e2eed21de9b0c33178b7eb3a
https://github.com/tribe29/checkmk/commit/a83fa6ef0cfa3e85e2eed21de9b0c3317…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-06-01 (Wed, 01 Jun 2022)
Changed paths:
A .werks/13903
M cmk/gui/htmllib/__init__.py
M cmk/gui/node_visualization.py
M cmk/gui/pages.py
M cmk/gui/sidebar/__init__.py
M cmk/gui/type_defs.py
A cmk/gui/utils/csrf_token.py
M cmk/gui/valuespec.py
M cmk/gui/views/__init__.py
M cmk/gui/wato/pages/activate_changes.py
M cmk/gui/wato/pages/folders.py
M cmk/gui/wato/pages/host_diagnose.py
M cmk/gui/wato/pages/services.py
M cmk/gui/wato/pages/user_profile/async_replication.py
M cmk/gui/wato/pages/user_profile/mega_menu.py
M tests/unit/cmk/gui/test_userdb.py
M web/htdocs/js/modules/ajax.js
M web/htdocs/js/modules/dashboard.js
M web/htdocs/js/modules/host_diagnose.js
M web/htdocs/js/modules/service_discovery.js
M web/htdocs/js/modules/sidebar.js
Log Message:
-----------
13903 SEC Introduce additional CSRF checks
This is the pick of two changes:
- I5539eb30520efa10f77c17c64a29c67bf1af39f3
- Ic709514c4e0f00c1aeeeede8aaf4c388007fcd7a
Previously the mitigation for CSRF were the transaction ids. Since they
are not used everywhere and not usable everywhere a new mitigation is
implemented.
The CSRF token is bound on the server side to the session and is a UUID.
It is written to every page as a JavaScript variable and included in all
forms as a hidden field.
The Page class now has a method to validate the existence and
correctness of this CSRF token and will raise an error if no token or an
invalid one is provided.
If no session context is present, no token is written and none is
checked!
Change-Id: Ic709514c4e0f00c1aeeeede8aaf4c388007fcd7a
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: e5121b7e798a5add6536e44678c828098f36e467
https://github.com/tribe29/checkmk/commit/e5121b7e798a5add6536e44678c828098…
Author: Gav <gavin.mcguigan(a)tribe29.com>
Date: 2022-06-01 (Wed, 01 Jun 2022)
Changed paths:
A .werks/14257
M cmk/gui/fields/definitions.py
M cmk/gui/plugins/openapi/endpoints/host.py
M cmk/gui/plugins/openapi/endpoints/service.py
M cmk/gui/plugins/openapi/restful_objects/code_examples.py
Log Message:
-----------
14257 FIX REST API documentation not showing examples for host columns or service columns.
Change-Id: I243104a8981c6d814892ec13470dcdd32ce8c5ff
Branch: refs/heads/2.1.0
Home: https://github.com/tribe29/checkmk
Commit: 5c92f34c09db05e4c85ab673f9e26d08c78b5d61
https://github.com/tribe29/checkmk/commit/5c92f34c09db05e4c85ab673f9e26d08c…
Author: Gav <gavin.mcguigan(a)tribe29.com>
Date: 2022-06-01 (Wed, 01 Jun 2022)
Changed paths:
A .werks/14255
M cmk/gui/plugins/openapi/endpoints/host_config.py
M cmk/gui/watolib/hosts_and_folders.py
M tests/unit/cmk/gui/plugins/openapi/test_openapi_host_config.py
Log Message:
-----------
14255 FIX host_config: created_at timestamp is no longer updated with the update host endpoint
Previously, on updating the config host endpoint, the meta_data, created_at
timestamp was being changed along side the updated_at timestamp. This werk
fixes this issue by leaving the created_at unaffected.
Change-Id: Ia7963c2c6371201e6c254383bb6f7bfefbc89780
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 9387c49a5174da774e6e1a5ef8c9c6f33a4543b2
https://github.com/tribe29/checkmk/commit/9387c49a5174da774e6e1a5ef8c9c6f33…
Author: Philipp Siegmantel <philipp.siegmantel(a)tribe29.com>
Date: 2022-06-01 (Wed, 01 Jun 2022)
Changed paths:
M Makefile
Log Message:
-----------
use `npm ci` instead of `npm install` in Makefile
`npm install` resolves and install dependencies and generates
a new `package-lock.json` file. This is inappropriate for a CI
environment, because specific resolutions might differ locally and
and on the CI machine. Therefore, we should use `npm ci`, as it skips
the resolving part and only installs dependencies based on the
lock file.
Change-Id: Idd7f812a811fbd92e93979b34f61552770a1e19d