Branch: refs/heads/2.0.0
Home:
https://github.com/tribe29/checkmk
Commit: 8889464bfa910f4f53404d5ad39f54d2e98c2e6b
https://github.com/tribe29/checkmk/commit/8889464bfa910f4f53404d5ad39f54d2e…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-02-11 (Fri, 11 Feb 2022)
Changed paths:
A .werks/13719
M scripts/run-doctests
Log Message:
-----------
13719 SEC Remove report element "Paragraph of text fetched via HTTP(s)"
In previous versions one could add text from foreign websites into reports.
<i>Paragraph of text fetched via HTTP(s)</i> The functionality was very
limited since no parsing was done. This functionality broke with version
2.0.0.
Additionally this could enable a malicious actor to retrieve sensitive
information from systems accessible to the Checkmk server (SSRF). Therefore the
functionality is removed.
Existing report elements of type <i>Paragraph of text fetched via HTTP(s)</i>
will be converted to <i>Paragraph of text</i> elements with text refering to
the URL. Unfortunately no macros will be resolved.
Change-Id: I7906c160123d4f234737f3ea5e7be45fd37418bd