Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 73e9c588127523ebd615c2d43d111cf76859b42f
https://github.com/Checkmk/checkmk/commit/73e9c588127523ebd615c2d43d111cf76…
Author: Lars Michelsen <lm(a)checkmk.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
A omd/packages/jaeger/skel/etc/rc.d/08-jaeger
R omd/packages/jaeger/skel/etc/rc.d/60-jaeger
Log Message:
-----------
Change order of jaeger start script
Recently the liveproxyd stop procedure did not work correctly because
opentelemetry was blocking the correct shutdown of the process.
This change starts jaeger earlier and stops it later so that all other
services which may depend on jaeger can rely on it being available.
This should not be necessary, but is currently needed because of
shutdown and timeout related bugs in the opentelemetry exporter
implementation (see also CMK-18177).
Change-Id: Id6d990b931a7ebb9c5ec38e9dd17cfb2c324f2a2
Commit: edac22231ef07e80fe9b77cb79e887c01ae82488
https://github.com/Checkmk/checkmk/commit/edac22231ef07e80fe9b77cb79e887c01…
Author: René Slowenski <rene.slowenski(a)checkmk.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
M tests/testlib/utils.py
Log Message:
-----------
testlib.utils: Rename LOGGER>logger
Change-Id: I8e556f6d36e04a5827b7bfc16619ba74fe5a2417
Compare: https://github.com/Checkmk/checkmk/compare/5cb925c6608d...edac22231ef0
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 5cb925c6608d680d44ef0ad670580f1eba44dce6
https://github.com/Checkmk/checkmk/commit/5cb925c6608d680d44ef0ad670580f1eb…
Author: Timotheus Bachinger <timotheus.bachinger(a)checkmk.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
M omd/packages/python3-modules/build-python3-modules.bzl
Log Message:
-----------
Use CPPFLAGS over CFLAGS
CPPFLAGS is honored by C *and* CPP
This hopefully avoids compiling / linking grpcio under Centos-8 to an old openssl version...
Change-Id: I874fa9959ee9577e807a5dac67fe5d8873e6436e
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: fd7ecf09ffd8541e75202bdcbc7cfbcc94c9975b
https://github.com/Checkmk/checkmk/commit/fd7ecf09ffd8541e75202bdcbc7cfbcc9…
Author: Hojjat Afsharan <hojjat.afsharan(a)checkmk.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
M cmk/gui/form_specs/vue/shared_type_defs.py
M cmk/gui/form_specs/vue/visitors/string.py
M packages/cmk-frontend-vue/src/form/components/forms/FormString.vue
M packages/cmk-frontend-vue/src/form/components/vue_formspec_components.ts
M packages/cmk-shared-typing/source/vue_formspec/components.json
Log Message:
-----------
Vue: Add field field_size to FormString
Change-Id: I978361ee5ae76a48b4414fc5e8a6704272478a2d
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: f129d14c745596e5bf975edc4ff6778196c54596
https://github.com/Checkmk/checkmk/commit/f129d14c745596e5bf975edc4ff677819…
Author: Max Linke <max.linke(a)checkmk.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
M cmk/gui/openapi/restful_objects/type_defs.py
M scripts/create_test_idp_cse.sh
Log Message:
-----------
Add internal onboarding endpoint
For the CSE we use a separate onboarding guide. The guide is loaded per
checkmk instance and shown on the first login. Here we want to allow us
to load the secret for an automation user.
The exact user has to be configured. This will be done during setup of
the site in the saas platform. We are creating a user with minimal
permissions. Here for testing we use the automation user.
Change-Id: I7095a73229b76c2d800a5bc58a8b9f09cf90a54f
JIRA-Ref: SAASDEV-2253
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 9fa035ed8582091470907bb08fef5437591b1826
https://github.com/Checkmk/checkmk/commit/9fa035ed8582091470907bb08fef54375…
Author: Mehrdad Shahidi <mohammadmehrdad.shahidi(a)checkmk.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
A .werks/17026.md
Log Message:
-----------
17026 SEC Fix XSS in view page with SLA column
Prior to this werk, the SLA (Service Level Agreement) titles were being rendered as HTML in the view page without proper escaping, leading to a potential XSS vulnerability.
**Affected Versions**:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
**Indicators of Compromise**:
Cloning the view page of untrusted users who have injected HTML into the SLA titles.
**Vulnerability Management**:
We have rated the issue with a CVSS score of 4.8 (medium) with the following CVSS vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N`, and assigned `CVE-2024-38859`.
Change-Id: If1a560f4e6bbf5f52d9363a636e316653e134a58
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: 8ca7898d84451646596b6c9c6da80f019c5554d0
https://github.com/Checkmk/checkmk/commit/8ca7898d84451646596b6c9c6da80f019…
Author: Mehrdad Shahidi <mohammadmehrdad.shahidi(a)checkmk.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
A .werks/17026.md
Log Message:
-----------
17026 SEC Fix XSS in view page with SLA column
Prior to this werk, the SLA (Service Level Agreement) titles were being rendered as HTML in the view page without proper escaping, leading to a potential XSS vulnerability.
**Affected Versions**:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
**Indicators of Compromise**:
Cloning the view page of untrusted users who have injected HTML into the SLA titles.
**Vulnerability Management**:
We have rated the issue with a CVSS score of 4.8 (medium) with the following CVSS vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N`, and assigned `CVE-2024-38859`.
Change-Id: If1a560f4e6bbf5f52d9363a636e316653e134a58
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.1.0
Home: https://github.com/Checkmk/checkmk
Commit: 1d8ba09e0b00c5d9d31e25bba48269ab281047ec
https://github.com/Checkmk/checkmk/commit/1d8ba09e0b00c5d9d31e25bba48269ab2…
Author: Mehrdad Shahidi <mohammadmehrdad.shahidi(a)checkmk.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
A .werks/17026
Log Message:
-----------
17026 SEC Fix XSS in view page with SLA column
Prior to this werk, the SLA (Service Level Agreement) titles were being rendered as HTML in the view page without proper escaping, leading to a potential XSS vulnerability.
**Affected Versions**:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
**Indicators of Compromise**:
Cloning the view page of untrusted users who have injected HTML into the SLA titles.
**Vulnerability Management**:
We have rated the issue with a CVSS score of 4.8 (medium) with the following CVSS vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N`, and assigned `CVE-2024-38859`.
Change-Id: If1a560f4e6bbf5f52d9363a636e316653e134a58
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications