[checkmk-commits] [tribe29/checkmk] 25d626: 11349 FIX Do not access ntop from CRE

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: 25d62664d0e4ed48a8cae7f95a584d222647a564 https://github.com/tribe29/checkmk/commit/25d62664d0e4ed48a8cae7f95a584d222… Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com> Date: 2020-12-03 (Thu, 03 Dec 2020) Changed paths: A .werks/11349 M cmk/gui/config.py M cmk/gui/dashboard.py M cmk/gui/pagetypes.py M cmk/gui/wato/pages/users.py Log Message: ----------- 11349 FIX Do not access ntop from CRE Editing a user in the raw edition resulted in a crash as the ntop integration is not available there. Change-Id: I3511bc135122a38e1a4dc51e8de92a893adaad69 Commit: fb7454f8700c42e09cb4d316b04732a7f9261bd3 https://github.com/tribe29/checkmk/commit/fb7454f8700c42e09cb4d316b04732a7f… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2020-12-03 (Thu, 03 Dec 2020) Changed paths: A .werks/11747 M cmk/gui/plugins/views/mkeventd.py Log Message: ----------- 11747 SEC Fix stored XSS triggered by received syslog messages You are only affected by this issue in case you use the Event Console. An attacker could send messages to the Event Console, e.g. via syslog, containing arbitrary HTML code. This was executed in the browser context of any user viewing the event in the Checkmk user interface. The information is now properly escaped in a generic way to prevent these issues. Change-Id: I5d4f3594e69de7980aa474b8e3b9aa94d7342bb2 Compare: https://github.com/tribe29/checkmk/compare/a1d0e1b5d69b...fb7454f8700c