Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: ff134637fe350dd7420ea934901bbb64d4d6f6f0
https://github.com/Checkmk/checkmk/commit/ff134637fe350dd7420ea934901bbb64d…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
A .werks/15673
M cmk/gui/wato/pages/pattern_editor.py
M cmk/gui/wato/pages/rulesets.py
M cmk/gui/watolib/rulesets.py
M tests/unit/cmk/gui/wato/pages/test_rulesets.py
M tests/unit/cmk/gui/watolib/test_gui_rulesets.py
Log Message:
-----------
15673 Logfile pattern analyzer: improve rule overview
CMK-6813
Change-Id: I866e7c3f5b21fec7db105a53a0e589e1f0104e70
Commit: ec1d9c76788efae17b1ed150121f9ce043a963c6
https://github.com/Checkmk/checkmk/commit/ec1d9c76788efae17b1ed150121f9ce04…
Author: Benedikt Seidl <benedikt.seidl(a)checkmk.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/gui/werks.py
Log Message:
-----------
Fix GUI Crawler
Somehow the GUI Crawler has inconstant state. But if the GUI Crawler can
have this state, users may also, so we fix this.
Change-Id: I4900e490f6ff2ded2cc9c130b8109d9ea4b6b480
Commit: 2328a66ac6d39e0fd786f5b97e486c07054eba79
https://github.com/Checkmk/checkmk/commit/2328a66ac6d39e0fd786f5b97e486c070…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/base/diagnostics.py
Log Message:
-----------
suppress bandit timeout warning
Change-Id: Ia7ae2d5cdbf58976caf3f08fecca98409c409f8c
Commit: 85955f8f2aec67c5ba39497b1728d4fd0229fa26
https://github.com/Checkmk/checkmk/commit/85955f8f2aec67c5ba39497b1728d4fd0…
Author: Joerg Herbel <joerg.herbel(a)checkmk.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M omd/packages/omd/skel.permissions
A omd/packages/omd/skel/etc/omd/site.conf
Log Message:
-----------
Fix permissions of etc/omd/
This should at least fix the integration tests. Not sure if this is
correct though.
Change-Id: Ia37bf9cecd965eeaa83f09134812f04223d3f85a
Compare: https://github.com/Checkmk/checkmk/compare/9dc01ec3e052...85955f8f2aec
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 89b83afc27e7d4c9811c481cc6fe5251f6bf44fa
https://github.com/Checkmk/checkmk/commit/89b83afc27e7d4c9811c481cc6fe5251f…
Author: Benedikt Seidl <benedikt.seidl(a)checkmk.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/utils/werks/werkv1.py
Log Message:
-----------
fix typo: Not all werks are NOT_COMPATIBLE
Change-Id: I71aee915ec0b54d6a020a9b8cec2db8f058be418
Commit: 0ffe9fd2831998be765a72275af46b0fb2408bea
https://github.com/Checkmk/checkmk/commit/0ffe9fd2831998be765a72275af46b0fb…
Author: Benedikt Seidl <benedikt.seidl(a)checkmk.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M CHANGES
Log Message:
-----------
Update CHANGES
Change-Id: If2166e33c12f3aff19dcf27d047ad4742a87c7a9
Commit: e458e6fddbf2cece6801dd94b7c814f01cf2be3e
https://github.com/Checkmk/checkmk/commit/e458e6fddbf2cece6801dd94b7c814f01…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
A .werks/15189
M cmk/base/diagnostics.py
Log Message:
-----------
15189 SEC Don't log automation user credentials when generating performance graph diagnostics
Prior to this Werk, creating a Support Diagnostic report including the
option "Performance Graphs of Checkmk Server" caused the automation
secret of the user "automation" to be logged to the site Apache access
log file (var/log/apache/access_log). This affected both creating the
diagnostic report via the GUI (Setup > Maintenance > Support diagnostics)
and via the command line
(cmk --create-diagnostics-dump --performance-graphs).
With this Werk the credentials are no longer written to the log file.
Note that no automatic sanitization of the log file is attempted by
applying this patch.
This issue was discovered during internal review.
Affected Versions:
- 2.2.0 (beta)
- 2.1.0
- 2.0.0
Mitigations:
Users are advised to change the secret of the user "automation" via the
User Management UI.
If this is not an option for you, delete or manually sanitize the Apache
access log file and any backup of the file. Remove any line that
contains a POST to
<your site URL>/report.py?_username=automation&_secret=<...>.
Refrain from using the affected functionality before applying this patch
or manually sanitize the file afterwards.
Vulnerability Management:
We have rated the issue with a CVSS Score of 4.4 (Medium) with the
following CVSS vector:
<tt>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N</tt>.
We have assigned CVE-2023-31207.
Change-Id: I5b903fb3c1d186219f7718acf3d6efa498e9f5cf
Commit: ad9de1d7ef2bb8f58bda1c1f001e59b0470bc2ca
https://github.com/Checkmk/checkmk/commit/ad9de1d7ef2bb8f58bda1c1f001e59b04…
Author: Joerg Herbel <joerg.herbel(a)checkmk.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/gui/watolib/activate_changes.py
M omd/packages/omd/skel.permissions
R omd/packages/omd/skel/etc/omd/allocated_ports
M tests/integration/omd/test_permissions.py
M tests/unit/cmk/gui/watolib/test_activate_changes.py
Log Message:
-----------
Purge remainders of allocated_ports
In 2.2, we have an update action to remove this file. Hence, when a user
will update to 2.3, this file will not be present, which means that we
can now completely purge the last remainders.
FEED-7861
Change-Id: I59bcec08a83103f77a541c74e8226d5901cc9987
Commit: 1dd13a068067a359a565cec1cd2f16aacfd21b52
https://github.com/Checkmk/checkmk/commit/1dd13a068067a359a565cec1cd2f16aac…
Author: Joerg Herbel <joerg.herbel(a)checkmk.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M omd/packages/apache-omd/APACHE_TCP_PORT
M omd/packages/check_mk/AGENT_RECEIVER_PORT
M omd/packages/mk-livestatus/LIVESTATUS_TCP_PORT
A omd/packages/omd/next_free_port
M omd/packages/omd/omd.make
R omd/packages/omd/port_is_used
Log Message:
-----------
Give better name to script which finds next free port
Change-Id: Iaf1f978ae5c8c13d395ede9e17d75d621644ec28
Commit: 7279e22687bb1c84133810c7c62f1211b9ce41c6
https://github.com/Checkmk/checkmk/commit/7279e22687bb1c84133810c7c62f1211b…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/agent_kube.py
M cmk/special_agents/utils_kubernetes/api_server.py
M cmk/special_agents/utils_kubernetes/query.py
Log Message:
-----------
kube: introduce requests session as api_client I
This commit prepares the making the calls to the Kubernetes API server
asynchronous. The Kubernetes Python client does offer an async option
itself. With this option, the HTTP requests not be executed in the main
thread. However, they will still be blocking each other.
Moreover, the client cannot be pickled, thus multiprocessing is also not
possible.
Therefore, we now move to a different option. This change modifies the
smallest of the API classes. More updates will follow.
CMK-12359
Change-Id: Ia111cb8d320257162823aed3604657d19b6da9c2
Commit: 8858a1c748d240e5448831d57a2b1d1c02ab39f4
https://github.com/Checkmk/checkmk/commit/8858a1c748d240e5448831d57a2b1d1c0…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/base/plugins/agent_based/kube_cluster_api_health.py
M cmk/base/plugins/agent_based/kube_node_kubelet.py
M cmk/base/plugins/agent_based/utils/kube.py
M cmk/special_agents/utils_kubernetes/api_server.py
M cmk/special_agents/utils_kubernetes/schemata/api.py
M tests/unit/cmk/base/plugins/agent_based/test_inventory_kube_node.py
M tests/unit/cmk/base/plugins/agent_based/test_kube_cluster_api_health.py
M tests/unit/cmk/base/plugins/agent_based/test_kube_node_kubelet.py
M tests/unit/cmk/special_agents/utils_kubernetes/test_api_server.py
Log Message:
-----------
kube: delete unnecessary secondary query
Based on the Kubernetes source
https://github.com/kubernetes/kubernetes/blob/release-1.22/staging/src/k8s.…
our logic duplicates what Kubernetes does internally anyway.
This was confirmed with two separate kinds of Kubelet errors.
CMK-12359
Change-Id: I6b83358db172d9ced596086097c2eac1b956858c
Commit: c7a8be4d9bb5f3b76537dc377e55ab0ea055b1dd
https://github.com/Checkmk/checkmk/commit/c7a8be4d9bb5f3b76537dc377e55ab0ea…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/utils_kubernetes/api_server.py
M tests/unit/cmk/special_agents/utils_kubernetes/test_api_server.py
Log Message:
-----------
kube: introduce requests session as api_client II
This commit prepares the making the calls to the Kubernetes API server
asynchronous. The Kubernetes Python client does offer an async option
itself. With this option, the HTTP requests not be executed in the main
thread. However, they will still be blocking each other.
Moreover, the client cannot be pickled, thus multiprocessing is also not
possible.
Therefore, we now move to a different option. This change modifies the
CoreAPI calls, which did not use the client for deserialization.
CMK-12359
Change-Id: Ieac2633aa7db94e53ab89d3cd16369409a732974
Commit: 3cbc44d54eb3456dea75a81fd8e67d3980a124da
https://github.com/Checkmk/checkmk/commit/3cbc44d54eb3456dea75a81fd8e67d398…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/agent_kube.py
M cmk/special_agents/utils_kubernetes/api_server.py
Log Message:
-----------
kube: introduce requests session as api_client III
This commit prepares the making the calls to the Kubernetes API server
asynchronous. The Kubernetes Python client does offer an async option
itself. With this option, the HTTP requests not be executed in the main
thread. However, they will still be blocking each other.
Moreover, the client cannot be pickled, thus multiprocessing is also not
possible.
Therefore, we now move to a different option. This change completes the
transition. It also introduces a new way of calling the Kubernetes
client to still perform the deserialization.
CMK-12359
Change-Id: I0cd8f14f4d6c79b6abb602533d57fb0ccd5445f7
Commit: 0eee86e9ca3f0e98ea0bab1d0618130239d6a8b2
https://github.com/Checkmk/checkmk/commit/0eee86e9ca3f0e98ea0bab1d061813023…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/utils_kubernetes/api_server.py
Log Message:
-----------
kube: centralize kubelet calls
CMK-12359
Change-Id: Ieadc7ac66bcd3a457d4d32eed93865b473a148bb
Compare: https://github.com/Checkmk/checkmk/compare/f67967b775fb...0eee86e9ca3f
Branch: refs/heads/2.2.0
Home: https://github.com/Checkmk/checkmk
Commit: 9ba37b2f6f721b1d06e4a85e6e4c41e797a59cd5
https://github.com/Checkmk/checkmk/commit/9ba37b2f6f721b1d06e4a85e6e4c41e79…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
A .werks/15189
M cmk/base/diagnostics.py
Log Message:
-----------
15189 SEC Don't log automation user credentials when generating performance graph diagnostics
Prior to this Werk, creating a Support Diagnostic report including the
option "Performance Graphs of Checkmk Server" caused the automation
secret of the user "automation" to be logged to the site Apache access
log file (var/log/apache/access_log). This affected both creating the
diagnostic report via the GUI (Setup > Maintenance > Support diagnostics)
and via the command line
(cmk --create-diagnostics-dump --performance-graphs).
With this Werk the credentials are no longer written to the log file.
Note that no automatic sanitization of the log file is attempted by
applying this patch.
This issue was discovered during internal review.
Affected Versions:
- 2.2.0 (beta)
- 2.1.0
- 2.0.0
Mitigations:
Users are advised to change the secret of the user "automation" via the
User Management UI.
If this is not an option for you, delete or manually sanitize the Apache
access log file and any backup of the file. Remove any line that
contains a POST to
<your site URL>/report.py?_username=automation&_secret=<...>.
Refrain from using the affected functionality before applying this patch
or manually sanitize the file afterwards.
Vulnerability Management:
We have rated the issue with a CVSS Score of 4.4 (Medium) with the
following CVSS vector:
<tt>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N</tt>.
We have assigned CVE-2023-31207.
Change-Id: I5b903fb3c1d186219f7718acf3d6efa498e9f5cf
Commit: 76a99c7da37a1f9ddd4e992c4704a50b35513849
https://github.com/Checkmk/checkmk/commit/76a99c7da37a1f9ddd4e992c4704a50b3…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/agent_kube.py
M cmk/special_agents/utils_kubernetes/query.py
M tests/unit/checks/test_agent_kube.py
Log Message:
-----------
kube: make_api_client moved to query.py
CMK-12359
Change-Id: I19f283be6b89f7b91426121cb7cc6a3bdf0b5695
Commit: 763ca1be9d885b2c31bf3271854224608a4d25aa
https://github.com/Checkmk/checkmk/commit/763ca1be9d885b2c31bf3271854224608…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/agent_kube.py
M cmk/special_agents/utils_kubernetes/query.py
M tests/unit/checks/test_agent_kube.py
Log Message:
-----------
kube: type ApiClient arguments
CMK-12359
Change-Id: I352746f5b5fdae1447b488f4dede0065afdd2273
Commit: fcbe7f6721e24ca1cb9b974dddf5aac8a89627fc
https://github.com/Checkmk/checkmk/commit/fcbe7f6721e24ca1cb9b974dddf5aac8a…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/utils_kubernetes/api_server.py
Log Message:
-----------
kube: centralize kubelet calls
CMK-12359
Change-Id: Ieadc7ac66bcd3a457d4d32eed93865b473a148bb
Commit: 5e64ccd08e07c3fabb75097e6b4a256242402429
https://github.com/Checkmk/checkmk/commit/5e64ccd08e07c3fabb75097e6b4a25624…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/agent_kube.py
M cmk/special_agents/utils_kubernetes/api_server.py
Log Message:
-----------
kube: allow handling pool of ApiClient with contextmanager
CMK-12359
Change-Id: I8b166a5589b89e171fbca47dc9b5055eba829f0e
Commit: 232eb57290d7f3b115ecd79a75fefe057d8e7cd4
https://github.com/Checkmk/checkmk/commit/232eb57290d7f3b115ecd79a75fefe057…
Author: Ronny Bruska <ronny.bruska(a)checkmk.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
A .werks/15484
M cmk/gui/autocompleters.py
Log Message:
-----------
15484 FIX Fix encoding of special characters in "Move to other folder"
FEED-7865
Change-Id: Icb603beb2bb4bcc18fd6cb1b3343af88f3a1b937
Compare: https://github.com/Checkmk/checkmk/compare/4ee9847e6df1...232eb57290d7
Branch: refs/heads/2.0.0
Home: https://github.com/Checkmk/checkmk
Commit: aa59306cd7e3eaae37d6a4367d5a44ecf5c18a05
https://github.com/Checkmk/checkmk/commit/aa59306cd7e3eaae37d6a4367d5a44ecf…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2023-05-03 (Wed, 03 May 2023)
Changed paths:
M tests/unit/test_permissions.py
Log Message:
-----------
Ignore agents/plugins/*.checksum during permission test
Change-Id: Iab09529d6cb43ec5df8015dbffb17bd2804120da
Commit: 89085cb8c47c65071a1af9858e5e9ef45ae93209
https://github.com/Checkmk/checkmk/commit/89085cb8c47c65071a1af9858e5e9ef45…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2023-05-03 (Wed, 03 May 2023)
Changed paths:
A .werks/15189
M cmk/base/diagnostics.py
Log Message:
-----------
15189 SEC Don't log automation user credentials when generating performance graph diagnostics
Prior to this Werk, creating a Support Diagnostic report including the
option "Performance Graphs of Checkmk Server" caused the automation
secret of the user "automation" to be logged to the site Apache access
log file (var/log/apache/access_log). This affected both creating the
diagnostic report via the GUI (Setup > Maintenance > Support diagnostics)
and via the command line
(cmk --create-diagnostics-dump --performance-graphs).
With this Werk the credentials are no longer written to the log file.
Note that no automatic sanitization of the log file is attempted by
applying this patch.
This issue was discovered during internal review.
Affected Versions:
- 2.2.0 (beta)
- 2.1.0
- 2.0.0
Mitigations:
Users are advised to change the secret of the user "automation" via the
User Management UI.
If this is not an option for you, delete or manually sanitize the Apache
access log file and any backup of the file. Remove any line that
contains a POST to
<your site URL>/report.py?_username=automation&_secret=<...>.
Refrain from using the affected functionality before applying this patch
or manually sanitize the file afterwards.
Vulnerability Management:
We have rated the issue with a CVSS Score of 4.4 (Medium) with the
following CVSS vector:
<tt>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N</tt>.
We have assigned CVE-2023-31207.
Change-Id: I5b903fb3c1d186219f7718acf3d6efa498e9f5cf
Compare: https://github.com/Checkmk/checkmk/compare/c3a85dba3f64...89085cb8c47c