Branch: refs/heads/2.1.0
Home: https://github.com/Checkmk/checkmk
Commit: dd0cbb37405fd003ed2219033d60246c6b71f8c4
https://github.com/Checkmk/checkmk/commit/dd0cbb37405fd003ed2219033d60246c6…
Author: Andreas Umbreit <andreas.umbreit(a)checkmk.com>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
A .werks/15705
Log Message:
-----------
15705 FIX Warning about agent updater rule on CME remote site update
When updating a remote site in a distributed site setup using the
Checkmk Managed Services Edition, the update process may issue a
warning like this:
C+:
-| WARNING: Invalid rule configuration detected (Ruleset: agent_config:cmk_update_agent, Title: Agent updater (Linux, Windows, Solaris), Folder: ,
-| Rule nr: 1, Exception: -----BEGIN CERTIFICATE-----
-| MII...
-| ...HqQ==
-| -----END CERTIFICATE-----
-| is not an allowed value)
-| Detected 1 issue(s) in configured rules.
-| To correct these issues, we recommend to open the affected rules in the GUI.
-| Upon attempting to save them, any problematic fields will be highlighted.
C-:
The root cause for this warning is that on the CME remote site, the underlying
agent signing certificates are not available, so the ruleset referring to them
can't be verified.
As a workaround you can safely ignore this warning, since the <i>cmk_update_agent</i>
rule is never used on a remote site.
However, from now on the warning won't be displayed any longer.
Change-Id: Iecd2c270a4e77f21d4b942e6a659ce5ad4a9f4f8
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: df842b30a377bfac98bb8332b5b1c47345530bc9
https://github.com/Checkmk/checkmk/commit/df842b30a377bfac98bb8332b5b1c4734…
Author: Andreas Umbreit <andreas.umbreit(a)checkmk.com>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
A .werks/15705
Log Message:
-----------
15705 FIX Warning about agent updater rule on CME remote site update
When updating a remote site in a distributed site setup using the
Checkmk Managed Services Edition, the update process may issue a
warning like this:
C+:
-| WARNING: Invalid rule configuration detected (Ruleset: agent_config:cmk_update_agent, Title: Agent updater (Linux, Windows, Solaris), Folder: ,
-| Rule nr: 1, Exception: -----BEGIN CERTIFICATE-----
-| MII...
-| ...HqQ==
-| -----END CERTIFICATE-----
-| is not an allowed value)
-| Detected 1 issue(s) in configured rules.
-| To correct these issues, we recommend to open the affected rules in the GUI.
-| Upon attempting to save them, any problematic fields will be highlighted.
C-:
The root cause for this warning is that on the CME remote site, the underlying
agent signing certificates are not available, so the ruleset referring to them
can't be verified.
As a workaround you can safely ignore this warning, since the <i>cmk_update_agent</i>
rule is never used on a remote site.
However, from now on the warning won't be displayed any longer.
Change-Id: Iecd2c270a4e77f21d4b942e6a659ce5ad4a9f4f8
Branch: refs/heads/2.2.0
Home: https://github.com/Checkmk/checkmk
Commit: c4fbae8686d17797ad4128307c593f4d65a44944
https://github.com/Checkmk/checkmk/commit/c4fbae8686d17797ad4128307c593f4d6…
Author: Lukas Lengler <lukas.lengler(a)checkmk.com>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
A .werks/16031
Log Message:
-----------
16031 FIX ntop: interface and vlan dropdown
When selecting a new interface or vlan id via the dropdown
the data was not automatically updated and the page had to
be refreshed manually.
Now the data is updated after selecting the interface or vlan.
CMK-8154
Change-Id: I48c28e6c979773149d2d1fd2c77961287eed3e83
Commit: f80b66732b3d1e00483cd062f0cb5b0351d0b2ec
https://github.com/Checkmk/checkmk/commit/f80b66732b3d1e00483cd062f0cb5b035…
Author: Gav <gavin.mcguigan(a)checkmk.com>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
A .werks/15892
M cmk/gui/page_menu_utils.py
Log Message:
-----------
15892 FIX ntop_alerts: rename alert tabs in ntop alerts dashboard
Previously, the alert tabs were named Engaged, Host, Flow. This didn't
align correctly with ntopng's own dashboard. They have now been renamed
to Engaged Host, Past Host and Past Flow.
Change-Id: I6cddd8d33f84ec06589478214e3e1531d54a11f2
Commit: b11304763a9df6f24802b3a481ce3ba67dc191af
https://github.com/Checkmk/checkmk/commit/b11304763a9df6f24802b3a481ce3ba67…
Author: Gav <gavin.mcguigan(a)checkmk.com>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
A .werks/15893
Log Message:
-----------
15893 FIX ntop_alerts: introduce pagination to ntop alerts dashboard
Previously the alerts dashboard would fetch 5 hours of alert data
by default or the time range selected by the user via the time series
graphs. This caused performance issues since the number of alerts
could vary greatly, often resulting in timeouts. This werk addresses
this problem by introducing pagination on the backend. We now only
fetch 20 alerts in any given api call. The user can then request
more using the next button.
Change-Id: I47c6bb1fd4bff1b1276f67541ab5d75326602a91
Commit: 63745c5e605d18546c30edb0044df6126875dd10
https://github.com/Checkmk/checkmk/commit/63745c5e605d18546c30edb0044df6126…
Author: Gav <gavin.mcguigan(a)checkmk.com>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
A .werks/15959
Log Message:
-----------
15959 FIX ntop_alerts: populate alert type dropdown list in alerts dashboards
This werk fixes an issue with the alert type dropdown menu in the alerts
dashboards. Previously, it was only populated with All, meaning you
couldn't filter the alerts on alert type. Now the dropdown is populated
with all possible alert type values.
Change-Id: I64a59af935ea665565abfad78f732fbabd63f4fb
Compare: https://github.com/Checkmk/checkmk/compare/a347f8468616...63745c5e605d
Branch: refs/heads/2.1.0
Home: https://github.com/Checkmk/checkmk
Commit: 355ee9eb6c1cbb2aa86db5f6f11a72ec71a3b77a
https://github.com/Checkmk/checkmk/commit/355ee9eb6c1cbb2aa86db5f6f11a72ec7…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
A .werks/15691
M cmk/gui/plugins/wato/bi_config.py
Log Message:
-----------
15691 SEC Fix XSS in business intelligence
Prior to this Werk it was possible to inject HTML or Javascript (Reflected XSS).
A legitimate user tricked to click on a prepared link would then run arbitrary Javascript code in a valid session.
This vulnerability is only triggerable if another <i>Business Intelligence</i> <i>BI pack</i> (next to the default) was created.
We found this vulnerability internally.
<b>Affected Versions</b>:
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0
LI: 1.6.0 (probably older versions as well)
<b>Indicators of Compromise</b>:
To check for exploitation one can check the site apache access log <tt>var/log/apache/access_log</tt> for entries like <tt>/$SITENAME/check_mk/wato.py?mode=bi_aggregations&bulk_moveto=</tt>.
The order of the URL paramters can be changed by an attacker.
Potential injected code would be in the parameter <tt>bulk_moveto</tt>.
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 5.4 (Medium) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N</tt>.
We assigned CVE-2023-23548 to this vulnerability.
<b>Changes</b>:
This Werk introduces escaping for the vulnerable parameter.
CMK-14034
Change-Id: Ic48e5580a612bc34af8dcf31acacb2fbc1ee742c
Branch: refs/heads/2.0.0
Home: https://github.com/Checkmk/checkmk
Commit: 2cb6285b371b82d20210a733103a1ab1d72d612b
https://github.com/Checkmk/checkmk/commit/2cb6285b371b82d20210a733103a1ab1d…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2023-07-25 (Tue, 25 Jul 2023)
Changed paths:
A .werks/15691
M cmk/gui/plugins/wato/bi_config.py
Log Message:
-----------
15691 SEC Fix XSS in business intelligence
Prior to this Werk it was possible to inject HTML or Javascript (Reflected XSS).
A legitimate user tricked to click on a prepared link would then run arbitrary Javascript code in a valid session.
This vulnerability is only triggerable if another <i>Business Intelligence</i> <i>BI pack</i> (next to the default) was created.
We found this vulnerability internally.
<b>Affected Versions</b>:
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0
LI: 1.6.0 (probably older versions as well)
<b>Indicators of Compromise</b>:
To check for exploitation one can check the site apache access log <tt>var/log/apache/access_log</tt> for entries like <tt>/$SITENAME/check_mk/wato.py?mode=bi_aggregations&bulk_moveto=</tt>.
The order of the URL paramters can be changed by an attacker.
Potential injected code would be in the parameter <tt>bulk_moveto</tt>.
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 5.4 (Medium) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N</tt>.
We assigned CVE-2023-23548 to this vulnerability.
<b>Changes</b>:
This Werk introduces escaping for the vulnerable parameter.
CMK-14034
Change-Id: Ic48e5580a612bc34af8dcf31acacb2fbc1ee742c
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 73a9380677d83feecff34d1d0528c04aa8860efa
https://github.com/Checkmk/checkmk/commit/73a9380677d83feecff34d1d0528c04aa…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
A .werks/15691
M cmk/gui/plugins/wato/bi_config.py
Log Message:
-----------
15691 SEC Fix XSS in business intelligence
Prior to this Werk it was possible to inject HTML or Javascript (Reflected XSS).
A legitimate user tricked to click on a prepared link would then run arbitrary Javascript code in a valid session.
This vulnerability is only triggerable if another <i>Business Intelligence</i> <i>BI pack</i> (next to the default) was created.
We found this vulnerability internally.
<b>Affected Versions</b>:
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0
LI: 1.6.0 (probably older versions as well)
<b>Indicators of Compromise</b>:
To check for exploitation one can check the site apache access log <tt>var/log/apache/access_log</tt> for entries like <tt>/$SITENAME/check_mk/wato.py?mode=bi_aggregations&bulk_moveto=</tt>.
The order of the URL paramters can be changed by an attacker.
Potential injected code would be in the parameter <tt>bulk_moveto</tt>.
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 5.4 (Medium) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N</tt>.
We assigned CVE-2023-23548 to this vulnerability.
<b>Changes</b>:
This Werk introduces escaping for the vulnerable parameter.
CMK-14034
Change-Id: Ic48e5580a612bc34af8dcf31acacb2fbc1ee742c
Branch: refs/heads/2.2.0
Home: https://github.com/Checkmk/checkmk
Commit: a347f8468616180a492ccd93f126fa948834e59a
https://github.com/Checkmk/checkmk/commit/a347f8468616180a492ccd93f126fa948…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
A .werks/15691
M cmk/gui/plugins/wato/bi_config.py
Log Message:
-----------
15691 SEC Fix XSS in business intelligence
Prior to this Werk it was possible to inject HTML or Javascript (Reflected XSS).
A legitimate user tricked to click on a prepared link would then run arbitrary Javascript code in a valid session.
This vulnerability is only triggerable if another <i>Business Intelligence</i> <i>BI pack</i> (next to the default) was created.
We found this vulnerability internally.
<b>Affected Versions</b>:
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0
LI: 1.6.0 (probably older versions as well)
<b>Indicators of Compromise</b>:
To check for exploitation one can check the site apache access log <tt>var/log/apache/access_log</tt> for entries like <tt>/$SITENAME/check_mk/wato.py?mode=bi_aggregations&bulk_moveto=</tt>.
The order of the URL paramters can be changed by an attacker.
Potential injected code would be in the parameter <tt>bulk_moveto</tt>.
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 5.4 (Medium) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N</tt>.
We assigned CVE-2023-23548 to this vulnerability.
<b>Changes</b>:
This Werk introduces escaping for the vulnerable parameter.
CMK-14034
Change-Id: Ic48e5580a612bc34af8dcf31acacb2fbc1ee742c
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: a7ec12bdc58648cfeb8bc412728b6c8ad407af98
https://github.com/Checkmk/checkmk/commit/a7ec12bdc58648cfeb8bc412728b6c8ad…
Author: Kenneth Okoh <kenneth.okoh(a)checkmk.com>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
A cmk/gui/mkeventd/_sidebar_snapin.py
M cmk/gui/mkeventd/registration.py
M cmk/gui/mkeventd/wato.py
M cmk/gui/pagetypes.py
M cmk/gui/plugins/config/base.py
M cmk/gui/plugins/main_modules/registration.py
R cmk/gui/plugins/sidebar/mkeventd.py
M cmk/gui/plugins/wato/active_checks/mailbox.py
M cmk/gui/plugins/wato/check_parameters/logwatch_ec.py
M cmk/gui/plugins/wato/globals_notification.py
M cmk/gui/plugins/wato/notifications.py
M cmk/gui/plugins/wato/omd_configuration.py
M cmk/gui/plugins/wato/special_agents/datadog.py
M cmk/gui/plugins/wato/utils/__init__.py
M cmk/gui/wato/pages/notifications.py
M cmk/gui/wato/pages/users.py
M omd/packages/check_mk/MKEVENTD
M omd/packages/omd/omdlib/config_hooks.py
Log Message:
-----------
SaaS: Deactivate the Event Console for the CSE
CMK-13868
Change-Id: Id520f09feb66ce8b1109949c6f46d8cc76a0984b
Commit: 690129f856b29858adeed8fc5e196fcc1c1e03cc
https://github.com/Checkmk/checkmk/commit/690129f856b29858adeed8fc5e196fcc1…
Author: Mazen Alkatlabee <mazen.alkatlabee(a)checkmk.com>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
M tsconfig.strict.json
M web/htdocs/js/modules/figures/cmk_figures.ts
M web/htdocs/js/modules/figures/figure_types.ts
M web/htdocs/js/modules/graphs.ts
Log Message:
-----------
add types to cmk_timeseries.ts
Change-Id: I0ef59adf343cdf53ad054db39fd9f9f17e0d14eb
Commit: 430c157ced6109b6ae46b59b609227babb5aa3f3
https://github.com/Checkmk/checkmk/commit/430c157ced6109b6ae46b59b609227bab…
Author: Mazen Alkatlabee <mazen.alkatlabee(a)checkmk.com>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
M tsconfig.strict.json
Log Message:
-----------
add types to graphs_cee.ts
Change-Id: Ic2f184824782e7fab07d1b7098ef9e72ffdae40d
Compare: https://github.com/Checkmk/checkmk/compare/2b1abafe1290...430c157ced61