Branch: refs/heads/2.2.0
Home:
https://github.com/Checkmk/checkmk
Commit: 9ba37b2f6f721b1d06e4a85e6e4c41e797a59cd5
https://github.com/Checkmk/checkmk/commit/9ba37b2f6f721b1d06e4a85e6e4c41e79…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
A .werks/15189
M cmk/base/diagnostics.py
Log Message:
-----------
15189 SEC Don't log automation user credentials when generating performance graph
diagnostics
Prior to this Werk, creating a Support Diagnostic report including the
option "Performance Graphs of Checkmk Server" caused the automation
secret of the user "automation" to be logged to the site Apache access
log file (var/log/apache/access_log). This affected both creating the
diagnostic report via the GUI (Setup > Maintenance > Support diagnostics)
and via the command line
(cmk --create-diagnostics-dump --performance-graphs).
With this Werk the credentials are no longer written to the log file.
Note that no automatic sanitization of the log file is attempted by
applying this patch.
This issue was discovered during internal review.
Affected Versions:
- 2.2.0 (beta)
- 2.1.0
- 2.0.0
Mitigations:
Users are advised to change the secret of the user "automation" via the
User Management UI.
If this is not an option for you, delete or manually sanitize the Apache
access log file and any backup of the file. Remove any line that
contains a POST to
<your site URL>/report.py?_username=automation&_secret=<...>.
Refrain from using the affected functionality before applying this patch
or manually sanitize the file afterwards.
Vulnerability Management:
We have rated the issue with a CVSS Score of 4.4 (Medium) with the
following CVSS vector:
<tt>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N</tt>.
We have assigned CVE-2023-31207.
Change-Id: I5b903fb3c1d186219f7718acf3d6efa498e9f5cf
Commit: 76a99c7da37a1f9ddd4e992c4704a50b35513849
https://github.com/Checkmk/checkmk/commit/76a99c7da37a1f9ddd4e992c4704a50b3…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/agent_kube.py
M cmk/special_agents/utils_kubernetes/query.py
M tests/unit/checks/test_agent_kube.py
Log Message:
-----------
kube: make_api_client moved to query.py
CMK-12359
Change-Id: I19f283be6b89f7b91426121cb7cc6a3bdf0b5695
Commit: 763ca1be9d885b2c31bf3271854224608a4d25aa
https://github.com/Checkmk/checkmk/commit/763ca1be9d885b2c31bf3271854224608…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/agent_kube.py
M cmk/special_agents/utils_kubernetes/query.py
M tests/unit/checks/test_agent_kube.py
Log Message:
-----------
kube: type ApiClient arguments
CMK-12359
Change-Id: I352746f5b5fdae1447b488f4dede0065afdd2273
Commit: fcbe7f6721e24ca1cb9b974dddf5aac8a89627fc
https://github.com/Checkmk/checkmk/commit/fcbe7f6721e24ca1cb9b974dddf5aac8a…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/utils_kubernetes/api_server.py
Log Message:
-----------
kube: centralize kubelet calls
CMK-12359
Change-Id: Ieadc7ac66bcd3a457d4d32eed93865b473a148bb
Commit: 5e64ccd08e07c3fabb75097e6b4a256242402429
https://github.com/Checkmk/checkmk/commit/5e64ccd08e07c3fabb75097e6b4a25624…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/agent_kube.py
M cmk/special_agents/utils_kubernetes/api_server.py
Log Message:
-----------
kube: allow handling pool of ApiClient with contextmanager
CMK-12359
Change-Id: I8b166a5589b89e171fbca47dc9b5055eba829f0e
Commit: 232eb57290d7f3b115ecd79a75fefe057d8e7cd4
https://github.com/Checkmk/checkmk/commit/232eb57290d7f3b115ecd79a75fefe057…
Author: Ronny Bruska <ronny.bruska(a)checkmk.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
A .werks/15484
M cmk/gui/autocompleters.py
Log Message:
-----------
15484 FIX Fix encoding of special characters in "Move to other folder"
FEED-7865
Change-Id: Icb603beb2bb4bcc18fd6cb1b3343af88f3a1b937
Compare:
https://github.com/Checkmk/checkmk/compare/4ee9847e6df1...232eb57290d7