Branch: refs/heads/2.0.0
Home:
https://github.com/tribe29/checkmk
Commit: 25d62664d0e4ed48a8cae7f95a584d222647a564
https://github.com/tribe29/checkmk/commit/25d62664d0e4ed48a8cae7f95a584d222…
Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com>
Date: 2020-12-03 (Thu, 03 Dec 2020)
Changed paths:
A .werks/11349
M cmk/gui/config.py
M cmk/gui/dashboard.py
M cmk/gui/pagetypes.py
M cmk/gui/wato/pages/users.py
Log Message:
-----------
11349 FIX Do not access ntop from CRE
Editing a user in the raw edition resulted in a crash as the ntop integration is not
available there.
Change-Id: I3511bc135122a38e1a4dc51e8de92a893adaad69
Commit: fb7454f8700c42e09cb4d316b04732a7f9261bd3
https://github.com/tribe29/checkmk/commit/fb7454f8700c42e09cb4d316b04732a7f…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2020-12-03 (Thu, 03 Dec 2020)
Changed paths:
A .werks/11747
M cmk/gui/plugins/views/mkeventd.py
Log Message:
-----------
11747 SEC Fix stored XSS triggered by received syslog messages
You are only affected by this issue in case you use the Event Console.
An attacker could send messages to the Event Console, e.g. via syslog,
containing arbitrary HTML code. This was executed in the browser context of any
user viewing the event in the Checkmk user interface.
The information is now properly escaped in a generic way to prevent these
issues.
Change-Id: I5d4f3594e69de7980aa474b8e3b9aa94d7342bb2
Compare:
https://github.com/tribe29/checkmk/compare/a1d0e1b5d69b...fb7454f8700c